EP1082837A2 - Verfahren zur sicheren mobilen telefonie in einem datenkommunikationssystem mit einem ip-netzwerk - Google Patents
Verfahren zur sicheren mobilen telefonie in einem datenkommunikationssystem mit einem ip-netzwerkInfo
- Publication number
- EP1082837A2 EP1082837A2 EP99929982A EP99929982A EP1082837A2 EP 1082837 A2 EP1082837 A2 EP 1082837A2 EP 99929982 A EP99929982 A EP 99929982A EP 99929982 A EP99929982 A EP 99929982A EP 1082837 A2 EP1082837 A2 EP 1082837A2
- Authority
- EP
- European Patent Office
- Prior art keywords
- network
- identity code
- unit
- mobility manager
- initiating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Definitions
- the present invention relates to a method for safe telephony with mobility in a tele and data communications system which includes an IP-network.
- Kerberos ⁇ A known solution of the managing of keys is called Kerberos ⁇ .
- This known solution provides a central distribution of keys and is intended for users of services in networks. Kerberos ® attends to that the user can confirm his/her identity to a given service without risk that anybody is tapping the transmission in order to in a later stage unduly borrow the user's identity.
- an authentication is performed in two steps. In the first step one issues an authentication service (AS) , a so called TGS-ticket in exchange for a person proving that he/she is the person he/she gives himself/herself out to be.
- AS authentication service
- the user identification is made by the user initially once and for all registers himself/herself manually and receives a password from Kerberos ® .
- the password is stored centrally.
- the TGS-ticket includes i.a. a TGS-session key, the name of the service (i.e. TGS), a time stamp and period of validity.
- TGS-session key the name of the service (i.e. TGS)
- TGS-session key the name of the service
- TGS-session key the name of the service
- period of validity i.e.
- the user receives the TGS-ticket encrypted by TGS password and a copy of the TGS-session key encrypted by the user's password.
- the TGS-ticket is valid as access to a ticket issuing service (TGS) .
- TGS ticket issuing service
- the user for that reason turns to TGS to get service tickets to other services.
- the user transmits the TGS-ticket encrypted by TGS password and the name of the service which is asked for to TGS.
- TGS returns a ticket to the service encrypted by the password of the service and a copy of a service session key encrypted by the TGS-session key.
- For each new service the user wants to utilise he/she in the same way turns to said TGS and encloses his/her TGS-ticket in the transmission .
- This known method has several advantages. The user need only give his/her password once per working period.
- Kerberos ® is not directly applicable on IP-telephony with mobility, such as a system with DECT-telephones which have access to an IP- network. For that reason there exists a need for a security solution for such telephony.
- the aim of the present invention consequently is to create a security solution for IP-telephony with mobility.
- Figure 1 diagrammatically shows a tele and data communications system in which an embodiment of the method is implemented
- Figure 2 diagrammatically shows a part of the system in Figure 1 in detail .
- each DECT-telephone 3 an identity code (ID-code) is stored which is created in such a way that it is unique, preferably globally unique.
- ID-code is transmitted to the base station 5 of the domain. From there the ID-code is forwarded to a mobility manager, here a so called proxy manager 9, see Figure 2, which is arranged in an IP-managing unit (IMU) 7.
- the proxy manager 9 starts for each DECT-telephone 3 a proxy 11, i.e. en proxy which represents the DECT-telephone 3 towards the Internet, or any other IP-network.
- the information is collected from a specific initiating database 13, which here is called telephone directory.
- the telephone directory is reached via the IP-network 15.
- Kerberos ® is utilised, and which i.a. is implemented on a server 17, which handles the central distribution of keys.
- the information includes IP-address, the subscriber's user name, and a key for mobile IP.
- the proxy manager 9 is user and the telephone directory 13 the service which shall be used.
- the proxy manager 9 For the proxy manager 9 to receive the information, it consequently must authenticate itself to the AS-part of the server 17 to get a TGS-ticket, and then utilises the identity code as user identity, and then by transmitting the TGS-ticket to the TGS-part of the server 17 receive a service ticket to the telephone directory.
- the information is transmitted well encrypted from the telephone directory 13 to the proxy manager 9, as has been described above.
- the proxy manager 9 then starts a proxy 11 with the information as input data.
- the proxy 11 now has the function of a mobile node. If it should be in a foreign network it will make use of a mobile IP to attend to that traffic which is intended for it is routed to right address.
- This authentication is made by means of an encryption algorithm and a secret key which is shared by the mobile node, i.e. the proxy 11, and the mobility manager in its home network.
- the secret key is the above mentioned key for mobile IP which the proxy manager 9 receivers from the database 13.
- the proxy 11 is preferably compatible with the ITU- standard H.323, which can be utilised according to the following.
- the receiver collects a session key from Kerberos ® and establishes a safe and authenticated channel. After that H.323 follows on.
- the speech is accordingly transmitted encrypted in order that it shall not be possible to tap.
- participants, which are not authorised subscribers in the system are prevented, by the authentication, from making free calls.
- Kerberos ® can be exchanged for another equivalent method which implies equivalent good authentication and encryption.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| SE9801871 | 1998-05-27 | ||
| SE9801871A SE512440C2 (sv) | 1998-05-27 | 1998-05-27 | Metod för säker telefoni med mobilitet i ett tele- och datakommunikationssystem som innefattar ett IP-nät |
| PCT/SE1999/000814 WO1999062222A2 (en) | 1998-05-27 | 1999-05-12 | Method for safe telephony with mobility in a tele and data communications system which includes an ip-network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| EP1082837A2 true EP1082837A2 (de) | 2001-03-14 |
Family
ID=20411477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP99929982A Withdrawn EP1082837A2 (de) | 1998-05-27 | 1999-05-12 | Verfahren zur sicheren mobilen telefonie in einem datenkommunikationssystem mit einem ip-netzwerk |
Country Status (5)
| Country | Link |
|---|---|
| EP (1) | EP1082837A2 (de) |
| EE (1) | EE03893B1 (de) |
| NO (1) | NO20005868L (de) |
| SE (1) | SE512440C2 (de) |
| WO (1) | WO1999062222A2 (de) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2807597B1 (fr) * | 2000-04-11 | 2005-04-08 | Sagem | Procede de gestion de la mobilite de combines au sein d'un reseau de telecommunication sans fil |
| CN1322702C (zh) * | 2003-12-30 | 2007-06-20 | 华为技术有限公司 | 因特网协议语音接入设备的认证方法 |
| CN100349400C (zh) * | 2004-02-11 | 2007-11-14 | 任荣昌 | 一种基于ip网用户身份的多业务交换方法及系统 |
| HU226781B1 (en) | 2004-03-01 | 2009-10-28 | Miklos Jobbagy | Device set for secure direct information transmission over internet |
| US8365258B2 (en) | 2006-11-16 | 2013-01-29 | Phonefactor, Inc. | Multi factor authentication |
| US9762576B2 (en) | 2006-11-16 | 2017-09-12 | Phonefactor, Inc. | Enhanced multi factor authentication |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5535276A (en) * | 1994-11-09 | 1996-07-09 | Bell Atlantic Network Services, Inc. | Yaksha, an improved system and method for securing communications using split private key asymmetric cryptography |
| US5602918A (en) * | 1995-12-22 | 1997-02-11 | Virtual Open Network Environment Corp. | Application level security system and method |
| GB2317539B (en) * | 1996-09-18 | 2001-03-28 | Secure Computing Corp | Generalized security policy management system and method |
| US5684950A (en) * | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
-
1998
- 1998-05-27 SE SE9801871A patent/SE512440C2/sv not_active IP Right Cessation
-
1999
- 1999-05-12 EP EP99929982A patent/EP1082837A2/de not_active Withdrawn
- 1999-05-12 WO PCT/SE1999/000814 patent/WO1999062222A2/en not_active Ceased
- 1999-05-12 EE EEP200000701A patent/EE03893B1/xx not_active IP Right Cessation
-
2000
- 2000-11-21 NO NO20005868A patent/NO20005868L/no not_active Application Discontinuation
Non-Patent Citations (1)
| Title |
|---|
| See references of WO9962222A2 * |
Also Published As
| Publication number | Publication date |
|---|---|
| NO20005868D0 (no) | 2000-11-21 |
| SE512440C2 (sv) | 2000-03-20 |
| EE03893B1 (et) | 2002-10-15 |
| EE200000701A (et) | 2002-04-15 |
| WO1999062222A2 (en) | 1999-12-02 |
| WO1999062222A3 (en) | 2000-02-03 |
| NO20005868L (no) | 2001-01-25 |
| SE9801871L (sv) | 1999-11-28 |
| SE9801871D0 (sv) | 1998-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7882543B2 (en) | Systems and methods for added authentication in distributed network delivered half-duplex communications | |
| US6334056B1 (en) | Secure gateway processing for handheld device markup language (HDML) | |
| US7020778B1 (en) | Method for issuing an electronic identity | |
| CN1823519B (zh) | 对等电话系统及方法 | |
| US6145084A (en) | Adaptive communication system enabling dissimilar devices to exchange information over a network | |
| Hwang et al. | A self-encryption mechanism for authentication of roaming and teleconference services | |
| US7197297B2 (en) | Authentication method for enabling a user of a mobile station to access to private data or services | |
| US7340525B1 (en) | Method and apparatus for single sign-on in a wireless environment | |
| CN101483588B (zh) | 利用已验证的业务质量传输信息的关守和边缘设备 | |
| US7865173B2 (en) | Method and arrangement for authentication procedures in a communication network | |
| WO2001050682A1 (en) | Communication using virtual telephone numbers | |
| CN112565294A (zh) | 一种基于区块链电子签名的身份认证方法 | |
| EP1082837A2 (de) | Verfahren zur sicheren mobilen telefonie in einem datenkommunikationssystem mit einem ip-netzwerk | |
| MXPA01013117A (es) | Sistema y metodo para puesta en vigor de politica local para proveedores de servicio de internet. | |
| US20050190904A1 (en) | Method for performing network-based telephone user identification | |
| US6961851B2 (en) | Method and apparatus for providing communications security using a remote server | |
| US7139377B2 (en) | Method of providing services to remote private terminals and an associated device | |
| US11146536B2 (en) | Method and a system for managing user identities for use during communication between two web browsers | |
| KR100637996B1 (ko) | 다이얼 인증 제공 시스템 | |
| WO1999037055A1 (en) | System and method for providing secure remote access to a computer network | |
| US20040250067A1 (en) | Method and device for securing communications in a computer network | |
| KR20000054658A (ko) | 보안 단문 서비스 응용방법 | |
| JP3521837B2 (ja) | 位置情報サービスシステム及び方法及び位置情報サービスプログラムを格納した記憶媒体 | |
| HU226781B1 (en) | Device set for secure direct information transmission over internet | |
| JP2003229955A (ja) | 通話方法及び通話システム |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| 17P | Request for examination filed |
Effective date: 20001227 |
|
| AK | Designated contracting states |
Kind code of ref document: A2 Designated state(s): DE DK ES FI FR GB IT SE |
|
| AX | Request for extension of the european patent |
Free format text: LT PAYMENT 20001227;LV PAYMENT 20001227 |
|
| 17Q | First examination report despatched |
Effective date: 20070720 |
|
| RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: TELIASONERA AB |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
| 18D | Application deemed to be withdrawn |
Effective date: 20100202 |