| Sonstiges: |
- Nachgewiesen in: USPTO Patent Grants
- Sprachen: English
- Patent Number: 10595,203
- Publication Date: March 17, 2020
- Appl. No: 15/535791
- Application Filed: January 21, 2015
- Assignees: Telefonaktiebolaget LM Ericsson (publ) (Stockholm, SE)
- Claim: 1. A method of establishing a communication session between a User Equipment (UE) and another party by way of a Media Gateway (MGw) controlled by a Control Server, the communication session comprising a secure connection between the UE and the MGw, wherein the setup of the secure connection comprises a security handshake procedure, the method comprising: prior to receiving a communication session setup request at the Control server: determining, by the Control Server, that the MGw supports a procedure for early commencement of the security handshake; providing, by the UE and to the Control Server, an indication that the UE supports the procedure for early commencement of the security handshake procedure and connection parameters for use in the security handshake; and storing the indication and the connection parameters at the Control Server; in response to the Control Server receiving a communication session setup request from the another party, when the UE has provided the indication that the UE supports the procedure and connection parameters, and the Control Server has determined that the MGw supports the procedure: sending an instruction, from the Control Server to the MGw, to commence the security handshake procedure, the instruction comprising the connection parameters for the UE; commencing the handshake procedure to setup a secure communication session; and completing the establishing of the communication session.
- Claim: 2. The method of claim 1 , wherein the security handshake comprises an exchange of authentication certificates between the UE and the MGw; wherein the method further comprises: tentative acceptance of the authentication certificates during the handshake procedure; and after the commencement of the security handshake procedure: exchanging, between the UE and the MGw, respective fingerprints derived from the respective authentication certificates; and validating the respective authentication certificates, by the UE and the MGw, using the respective fingerprints.
- Claim: 3. The method of claim 2 , wherein the setup of the communication session is terminated when the validating the respective authentication certificates by the UE or the MGw using the respective fingerprints fails.
- Claim: 4. A User Equipment (UE) in a communications network having a Control Server, the UE comprising: processing circuitry; memory containing instructions executable by the processing circuitry whereby the UE is operative to: prior to receiving a communication session setup request, provide, to the Control Server, an indication that the UE supports a procedure for early commencement of a security handshake and connection parameters for use in the security handshake; and in response to receiving, from a Media Gateway (MGw), an initialization of the security handshake: commence the security handshake; and establish a secure communication session.
- Claim: 5. The UE of claim 4 , wherein the instructions are such that the UE is configured to: tentatively accept a security certificate from the MGw during the handshake; and then perform a validation to confirm the certificate upon receipt of a fingerprint derived from the certificate.
- Claim: 6. The UE of claim 5 , wherein the instructions are such that the UE is configured to terminate the setup of the communication session when the validation is unsuccessful.
- Claim: 7. The UE of claim 4 , wherein the instructions are such that the UE is configured to provide the indication and the connection parameters in a registration procedure.
- Claim: 8. A Control Server for a Media Gateway (MGw) in a communications network, the Control Server comprising: processing circuitry; memory containing instructions executable by the processing circuitry whereby the Control Server is operative to: prior to receiving a communication session setup request: determine and record that an MGw supports a procedure for early commencement of a security handshake; receive, from a User Equipment (UE), an indication that the UE supports the procedure for early commencement of the security handshake and connection parameters for use in the security handshake; and store the indication and the connection parameters; in response to receiving the communication session setup request from another party, when the UE has provided the indication that the UE supports the procedure and the connection parameters, and the Control Server has determined that the MGw supports the procedure: send, to the MGw, the connection parameters of the UE and an instruction to commence the handshake procedure.
- Claim: 9. The Control Server of claim 8 , wherein the instructions are such that the Control Server is configured to: receive the indication from the UE and the connection parameters at a registration of the UE, and provide an acknowledgement to the UE.
- Claim: 10. A Media Gateway (MGw) in a communications network, the MGw comprising: processing circuitry; memory containing instructions executable by the processing circuitry whereby the MGw is operative to: prior to an initialization of a communication session, provide an indication to a Control Server that the MGw supports a procedure for early commencement of a security handshake; and in response to receiving an instruction from the Control Server and connection parameters for a User Equipment (UE), commence the early handshake procedure with the UE using the provided connection parameters.
- Claim: 11. The MGw of claim 10 , wherein the instructions are such that the MGw is configured to: tentatively accept an authentication certificate of the UE during the handshake procedure; and perform a validation of the certificate upon receipt, from the Control Server, of a fingerprint derived from the certificate.
- Claim: 12. The MGw of claim 11 , wherein the instructions are such that the MGw is configured to terminate the set-up of the communication session when the validation fails.
- Claim: 13. A method of operating a User Equipment (UE), comprising: prior to receiving a communication session set-up request, provide, to a Control Server, an indication that the UE supports a procedure for early commencement of a security handshake and connection parameters for use in the security handshake; in response to receiving, from a Media Gateway (MGw), an initialization of a security handshake: commence the security handshake; and establish a secure communication session.
- Claim: 14. The method of claim 13 , further comprising: tentatively accepting a security certificate from an MGw during the handshake; and then performing a validation to confirm the certificate upon receipt of a fingerprint derived from the certificate.
- Claim: 15. The method of claim 14 , further comprising terminating the setup of the communication session if the validation is unsuccessful.
- Claim: 16. The method of claim 14 , wherein the indication and the connection parameters are provided in a registration procedure.
- Claim: 17. A method of operating a Media Gateway (MGw) in a communications network, the communications network comprising the MGw, a User Equipment (UE), and a Control Server, the method comprising: prior to an initialization of a communication session, providing an indication to the Control Server that the MGw supports a procedure for early commencement of a security handshake; and in response to receiving an instruction from the Control Server and connection parameters for a UE, commencing the early handshake procedure with the UE using the provided connection parameters.
- Claim: 18. The method of claim 17 , further comprising: tentatively accepting an authentication certificate of the UE during the handshake procedure; and performing a validation of the certificate upon receipt, from the Control Server, of a fingerprint derived from the certificate.
- Claim: 19. The method of claim 18 , further comprising terminating the setup of the communication session when the validation fails.
- Claim: 20. A method of operating a Control Server in a communications network, the communications network comprising a Media Gateway (MGw), a User Equipment (UE), and a Control Server, the method comprising the Control Server: prior to receiving a setup request to establish a communication session at the Control Server: determining that the MGw supports a procedure for early commencement of a security handshake; receiving, from the UE, an indication that the UE supports the procedure for early commencement of the security handshake procedure and connection parameters for use in the security handshake; and storing the indication and the connection parameters; in response to receiving a setup request to establish a communication session from another party and when both the UE and the MGw support the procedure for early commencement of the security handshake procedure, sending an instruction from the Control Server to the MGw to commence the security handshake procedure, the instruction comprising the connection parameters for the UE.
- Patent References Cited: 9143504 September 2015 Shi ; 2004/0008681 January 2004 Govindarajan et al. ; 2007/0189268 August 2007 Mitra et al. ; 2010/0049973 February 2010 Chen ; 2012/0198068 August 2012 Xie ; 2013/0120519 May 2013 Jin ; 2013/0254531 September 2013 Liang ; 2015/0101028 April 2015 Kruse ; 101001441 July 2007 ; 101370004 February 2009 ; 1924032 May 2008 ; 2016033764 March 2016
- Other References: C. Holmberg, et al., Connection Establishment for Media Anchoring (CEMA) for the Message Session Relay Protocol (MSRP), Internet Engineering Task Force (IETF), Standard, Internet Society (ISOC) 4, Rue Des Falaises Ch-1205 Geneva, Switzerland, Aug. 25, 2012, pp. 1-22, XP015086420. cited by applicant ; M. Westerlund, et al., Options for Securing RTP Sessions draft-ietf-avtcore-rtp-security-options-10, Network Working Group, Internet Draft, Informational, Internet Society (ISOC) 4, Rue Des Falaises Ch-1205 Geneva, Switzerland, Jan. 15, 2014, pp. 1-35, XP015098015. cited by applicant ; 3rd Generation Partnership Project, “Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS) media plane security (Release 11)”, 3GPP TR 33.828 V11.1.0, Sep. 2012, pp. 1-81. cited by applicant ; 3rd Generation Partnership Project, “Technical Specification Group Services and System Aspects; IP Multimedia Subsystem (IMS) media plane security (Release 12)”, 3GPP TS 33.328 V12.7.0, Jun. 2014, pp. 1-71. cited by applicant ; Fischl, J. et al., “Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)”, Internet Engineering Task Force (IETF), Request for Comments: 5763, Category: Standards Track, ISSN: 2070-1721, May 2010, pp. 1-38. cited by applicant ; Mcgrew, D. et al., “Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)”, Internet Engineering Task Force (IETF), Request for Comments: 5764, Category: Standards Track, ISSN: 2070-1721, May 2010, pp. 1-27. cited by applicant
- Assistant Examiner: Wade, Shaqueal D
- Primary Examiner: Naghdali, Khalil
- Attorney, Agent or Firm: Coats + Bennett, PLLC
|
