View All Documents & Correspondence
Method And System For Secure Conference Over An Ims Network
Abstract: A method and system to perform a secure conference over an IMS network is disclosed. The method and system include sending request by at least one user to access to an application server. The user is validated using a validation coupon provided by the user equipments followed by identifying and allowing the user equipments to download a valid CMCC. The method and system further comprises user-sending request via an IMS network to download a conference data to the application server. The conference data is encrypted by a water marker module and is downloaded into the user equipments. Further, the conference data is decrypted with the valid CMCC downloaded in the user equipment and later it is transferred to an user interface to present the conference data for viewing. The method also includes validating the conference data before downloading into the user equipments.
Notices, Deadlines & Correspondence
Patent Information
Applicants
INFOSYS TECHNOLOGIES LIMITED
Inventors
1. SATHYAN, JITHESH
2. SATHYAN, HARISH
3. UNNI, NAVEEN KRISHNAN
Specification
TECHNICAL FIELD
The present invention relates to a method for conferencing, and more particularly, to a method for secure video conferencing over an Internet Protocol (IP) multimedia subsystem (IMS) network.
BACKGROUND
In a typical business scenario, work-a-day meetings are common between an employee and a client or between the employee and a management or etc. Generally, meetings are to extract information or exchange information among them. These meetings may be either in same geographical location or in different geographical location. Meeting in different geographical locations may involve an extensive traveling. However, extensive traveling for the work-a-day meetings has enormous problems like impact on a green environment policy, new travel restriction, productivity of the employee, etc. Few solutions to overcome above-mentioned problems may be through hosting a virtual meeting like for example a video conference or a live meeting or etc.
Currently, the rapid spread of Internet Protocol (IP) based access technologies as well as the move towards core network convergence with IMS network has lead to an explosion in multimedia content delivery across packet networks. Thus, this transition has lead to a much wider and richer service experience for the video conference or the live meeting or etc. However, the security vulnerabilities associated with the video conferencing may destabilize the system and allow an attacker to gain control over it. Thus, the video conferencing systems is transformed into a video surveillance unit, using a plurality of user equipments to snoop, record or publicly broadcast presumably private video conferences.
Few of the security attacks for the video conferencing are a denial of service (DOS) attacks, an abuse of service attacks, and, an interception and modification attacks. The present methods available to confront this situation are to either have a security gateway or add a security features on each of the component in IMS network. Having
the security features at each of the component in the IMS network is a large overhead and hence use of the security gateway as the only entry point to IMS network is the most common solution. In this case, the security gateway is a core component for secure video conferencing between the components in IMS network, an access networks and an internet.
However, the maj or issue with the aforementioned method of secure video conferencing is the use of the traditional less effective solution of adding a new hardware component in the form of the security gateway. A problem in the security gateway may disrupt the full communication. The security gateway itself would require considerable processing capabilities, as it becomes the central point for communication. In addition, a content provider of the video conference has to take up the additional cost and risk of the hardware component and assume that the security gateway is always well behaved.
Thus, there is a need for a method of addressing the security issues using a software approach, which is much effective in addressing the security issue associated with the video conferencing.
SUMMARY OF THE INVENTION
In one embodiment of the present technique, a method to perform a secure conference over a network is disclosed. The method includes validating a plurality of users through a filter using a validation coupon provided by a plurality of user equipments. The access to an application server is depended on successful validation of the plurality of user equipments. Further, the plurality of user equipments may download a valid custom media conference client (CMCC) from a CMCC download module of the application server. The method may further comprise sending a request to connect the plurality of the user equipments to a conference control module of the application server to download a conference data. The conference data is encrypted before downloading by a water marker module of the application server with the validation coupon. Further, the method comprises provisioning the CMCC to decrypt the downloaded conference data through a decryptor. The decryptor uses the validation
coupon provided by the plurality of user equipments to decrypt the conference data. Later, the conference data may be transferred to a user interface of the plurality of the user equipments.
In another embodiment of the present technique, a method to perform a secure conference over a network comprises intimating a plurality of users about the presence of a valid CMCC in the respective user equipments. The method also provisions the plurality of users to download the valid CMCC from the CMCC download module into the respective user equipments in absence of the valid CMCC. The method further comprises encrypting the request sent from the plurality of the user equipments to the application server through an encryptor, using the validation coupon provided by the plurality of user equipments. Further, the method comprises decrypting the request from the plurality of the user equipments in the application server through a decoder, using the validation coupon provided by the plurality of user equipments.
In yet another embodiment of the present technique, a system to perform a secure conference over a network is disclosed. The system comprises an application server configured for rolling a conference data. The application server further comprises a conference control module to manage the conference data, a CMCC download module to allow a plurality of users to download a CMCC, a water marker module to encrypt the conference data with the validation coupon. The system further comprises a plurality of user equipments configured to connect with the conference control module of the application server for downloading the conference data. The system also comprises a user interface to present the conference data to the plurality of users.
BRIEF DESCRIPTION OF THE DRAWINGS
The above mentioned features as well other features, aspects, and advantages of the present invention will become better understood when the following detailed description is read with reference to the accompanying drawings in which like characters represent like parts throughout the drawings, wherein:
FIG. 1 is a block diagram showing a number of devices configured for a secure conferencing over an IMS network, in one embodiment of the present technique;
FIG. 2 is a flow diagram illustrating a method for secure conferencing over the IMS network, in one embodiment of the present technique; and
FIG. 3 is a system illustrating a generalized computer network arrangement, in one embodiment of the present technique.
DETAILED DESCRIPTION
The following description is full and informative description of the best method and system presently contemplated for carrying out the present invention, which is known to the inventors at the time of filing the patent application. Of course, many modifications and adaptations will be apparent to those skilled in the relevant arts in view of the following description in view of the accompanying drawings and the appended claims. While the system and method described herein are provided with a certain degree of specificity, the present technique may be implemented with either greater or lesser specificity, depending on the needs of the user. Further, some of the features of the present technique may be used to advantage without the corresponding use of other features described in the following paragraphs. As such, the present description should be considered as merely illustrative of the principles of the present technique and not in limitation thereof, since the present technique is defined solely by the claims.
The present invention relates to provide a secure environment for conferencing over a network in particular for a secure video conferencing over an IMS network.
The following description is presented to enable a person of ordinary skill in the art to make and use the invention and is provided in the context of the requirement for obtaining a patent. The present description is the best presently contemplated method for carrying out the present invention. Various modifications to the preferred embodiment will be readily apparent to those skilled in the art and the generic principles of the present invention may be applied to other embodiments, and some
features of the present invention may be used without the corresponding use of other features. Accordingly, the present invention is not intended to be limited to the embodiment shown but is to be accorded the widest cope consistent with the principles and features described herein.
Referring to the figures, Fig 1 is a block diagram depicting a system 100 to perform a secure conference over a network 105. The system 100 comprises an application server 110, a plurality of user equipments 115 (herein referred as "user equipments") and a plurality of users 120 (herein referred as "users"). The users 120 interaction with the application server 110 using the user equipments 120 are detailed largely in the subsequent sections to follow.
In one embodiment of the present technique, the network 105 to perform the secure conference may be an internet protocol (IP) based network, which includes at least one of an IP multimedia subsystem network (herein referred as "IMS network"), or a packet based network (herein referred as "packet network"). However, it will be apparent to one skilled in the art that the network 105 employed for the secure conference may be any suitable one without deviating from the scope of the present technique.
The IMS network mentioned in the present technique is a standardized next generation networking architecture. The IMS network uses an open standard IP protocols as defined by an Internet Engineering Task Force (herein referred as "IETF"). The IP protocols defined by the IETF provisions a multimedia session or content exchange (for example the secure conference) between the two users 120 on IMS network or between the user 120 on the IMS network and an internet or between the two users 120 on the internet using the same protocol.
The IMS network may comprise three layers: a service layer (not shown for clarity), an access layer 122 (also know as "transport layer") and an IMS layer 124 (also know as "control layer"). The service layer of the IMS network comprises multiple numbers of the application server 110 enabling a service provider (also know as "content provider", not shown for clarity) to roll a new service or a content (for example
rolling a conference data for the secure conference) in the respective application server 115. This feature provisions each of the users 120 to connect the application server 115 for accessing the content or the service using their respective user equipments 115.
The access layer 122 or the transport layer is responsible for initiating and terminating session initiation protocol (herein referred as "SIP"), and it provides the multimedia contents either in a digital format or in an analog format or an IP packet format to the users 120. The access layer 122 allows the communication between the components of the IMS network 105 and the user equipments 115 through a real time protocol (herein referred as "RTP") and stream control using a real time streaming protocol (herein referred as "RTSP"). In one embodiment of the present technique, a request from the user equipment may be encrypted in an encryptor 144 of the user equipments 115 and then send to access layer 122 as represented by reference numeral 121 (The details of the encryptor 144 will be explained in the subsequent sections to follow). However, it will be apparent to one skilled in the art that the present technique may be practiced without the specific details. In other instances, different well-known features are omitted or simplified in order to avoid obscuring of the illustrative embodiments.
The IMS layer 124 or the control layer comprises a call session control function (herein referred as "CSCF", not shown for clarity) and a home subscriber server (herein referred as "HSS", not shown for clarity). The CSCF referees to a SIP servers and it handles the SIP registration of the application server and process the SIP messaging of the appropriate application server 110 in the service layer. The HSS database stores a unique service profile for each of the users 120. The service profile may include the users 120 IP address, a telephone records, a friend lists, a voice mail greetings etc. In one embodiment of the present technique, the request sent to the IMS layer 124 from the user equipments 115 through the access layer 122 is processed in the HSS database as represented by reference numeral 123 to provide a unified benefit to the users 120. The unified benefit includes creating a personal directories and a centralized user data administration across all services provided by the IMS network. However, it will be apparent to one skilled in the art that the IMS layer 122 may
comprise other components, which are omitted or simplified in order to avoid obscuring of the illustrative embodiments.
The packet network mentioned in the present technique may be the network 105, where transfer of a data or a voice or a media or combinations thereof is performed using IP packets. However, it will be apparent to one skilled in the art that the present technique may be practiced without the specific details on the packet networks. The scope of the present technique should not be limited in light of the disclosed packet network.
In one embodiment of the present technique, the application server 110 comprises a filter 126, a conference control module 128, a decoder 130, a custom media conference client (herein referred as "CMCC") download module 132, and a water maker module 134. However, it will be apparent to one skilled in the art that the application server 110 employed for the secure conference may comprise other components, which are omitted or simplified in order to avoid obscuring of the illustrative embodiments. The scope of the application server 110 should not be limited in light of the present technique.
The service provider or content provider rolls the service or the content in the specific application server 115. The service provider and the content provider may be either different or the same. If the cbntent provider is different, at times, the content provider may seek access of the service provider to roll their content or data in conference control module 128 of the application server 110.
The filter 126 in the application server 110 is configured to validate the users 120 using a validation coupon provided by the user equipments 115 during accessing the application server 110. The validation coupon may comprise an equipment identity (herein referred as "device id") or a person identity (herein referred as "public id") or combination of both. The user equipments 115 upon successful registration of a SIM card in the user equipment 115 may provide the device id and the content provider may provide the public id for each of the application server 110 resided in the service layer of the IMS network. In one embodiment of the present technique, the request
sent from the user equipments 115 through the access layer 122 and IMS layer 124 is processed in the filter 126 to validate the users 120 as represented by reference numeral 125. The filter 126 further comprises denying the user equipments 115 to access the application server 110 if the validation coupon provided by the user equipments 115 is invalid, as referred by reference numeral 127A. The filter 126 may sent a message to the user equipments 115 stating the reason for denying the access to the application server 110 and may even provide the users 120 the requisite guidelines to access the application server 110. Upon, successful validation of the users 120, the filter may sent the request to the CMCC download module 132 to identify the availability of a valid CMCC 136 (The valid CMCC 136 is detailed in the subsequent section to follow) in the user equipments 115 as referred by reference numeral 127B. Based on the reply for the request from the CMCC download module 132, later the filter 126 may sent the control to the conference control module 128 as represented by reference numeral 127C.
The conference control module 128 of the application server 110 is configured to manage the conference data. Typically, the service provider or the content provider rolls the conference data in the conference control module 128. The conference data rolled on the conference control module 128 of the application server 110 may be an audio conferencing, or a video conferencing or a data conferencing or combination thereof. In one embodiment of the present technique, the request sent from the filter 126 to the conference control module as represented by reference numeral 127C may be decrypted and sent back to the conference control module, through a decoder 130 as represented by a numeral 129A. Later, the conference control module 128 sent the request to the water marker module 134, for encryption of the conference data as represented by reference numeral 129B.
The decoder 130 of the application server 110 is configured to decrypt the request received from the conference control module 128 as represented by reference numeral 129A. The decoder 130 may be embedded to the conference control module 128. The decoder 130 is used to decrypt the request received by the user equipments 115, while accessing the content or service rolled in the conference control module 128.
In one embodiment of the present technique, the CMCC download module 132 of the application server 110 provisions the user equipments 115 to download the valid CMCC 136 into the user equipments 115 as represented by reference numeral 133. The CMCC download module initially identifies the availability of the valid CMCC 136 in the user equipments 115 through a CMCC key provided by the content provider or service provider. The CMCC key may be a unique key comprising a numeral or alphabet or special character or combination thereof. The unique key are specific to the content provider or the service provider and the unique key is know only to the valid CMCC 136 downloaded from the appropriate application server 110 rolling the secure conference. The CMCC downloaded module 132 may further comprises intimating users 120 about the presence of a valid CMCC 136 in the respective user equipments 115 and further comprises intimating users 120 to download the valid CMCC 136 from the CMCC download module 132 into the respective user equipments 115 in absence of the valid CMCC 136. The CMCC download module 132 may intimate the users 120 by sending a message to the respective user equipments 115 stating the reason.
The water marker module 134 of the application server 110 is configured to encrypt the conference data attained through the conference control module 128 after the users 120 successful validation in the filter 126, using the validation coupon provided by the user equipments 115. The encrypting functionality of the water marker module 134 works like marking the conference data with the service provider or the content provider sole proprietorship, so that only the users 120 authenticated to access the conference data through the respective user equipments 115 may allowed to use it. In one embodiment of the present technique, once the encryption of the conference data is accomplished in the water marker module 134, the encrypted conference data is sent to a validator 138 present in the valid CMCC 136 of the user equipments 115 through the access layer 122 for downloading, as represented by reference numeral 135. The details of the validator 138 will be explained in the following sections to follow.
In one embodiment of the present technique, the user equipments 115 comprises a digital rights management (herein referred as a "DRM") agent 140, the valid CMCC
136, and a user interface 142. The valid CMCC 136 further comprises the validator 138, a decryptor 142, and the encryptor 144. However, it will be apparent to one skilled in the art that the user equipments 115 used to perform the secure conference may comprise other components, which are omitted or simplified in order to avoid obscuring of the illustrative embodiments. The scope of the user equipments 115 should not be limited in light of the present technique.
The validator 138 of the valid CMCC 136 validates the conference data before downloading into the user equipments 115 as represented by reference numeral 135. This validation is to ensure that the conference data is for the intended user. The validation is performed with the validation coupon provided by the user equipments 115 after querying with the valid CMCC 136 downloaded into the user equipments 115 against a response parameters provided in a download message from application server. The download message is a connection message or response message provided by the application server 110 to the request sent by the users 120 to download the conference data through the user equipments 115. The response message from the application server 110 may contain the validation coupon, which the user equipment 115 has provided when issuing the download request to the application server 115. Upon successful validation, the conference data is forwarded to the DRM agent 140 of the user equipments 115, as represented by reference numeral 139.
The DRM agent 140 of the user equipments 115 enforces a plurality of rights on the conference data downloaded into the plurality of user equipments 115. The rights may be enforcing number of a parameters set by the service provider or the content provider in the user equipments 115 or enforcing number of a mandatory parameters set in an open mobile alliance (herein referred as "OMA") DRM or combination thereof. The parameters set by the service provider or the content provider may be a number of hours, days, or months the conference data is valid for use by the users 120 or number of times the conference data may be accessed by the users 120 or whether the conference data is a demo version or a full version etc. The mandatory parameters set by the OMA DRM may be restriction imposed to forward the conference data downloaded into the plurality of user equipments 115 to any another user equipments 115. Further, the mandatory parameters may be restriction imposed on a combined
download of the conference data into multiple user equipments 115 or enquiring whether a reconnection is essential from the user equipments 115 to the application server 110 to download the conference data or etc. The DRM agent 140 may be build-in the user equipments 115. In one embodiment of the present technique, DRM agent 140 is launched on the user equipments 115, when the conference data is received. The conference data may be unpackaged by the DRM agent 140, and is stored in the encrypted format in the user equipments 115. In addition, the conference data is sent to the decryptor 142 of the valid CMCC 136, as represented by reference numeral 141. However, it will be apparent to one skilled in the art that the DRM agent 140 in the user equipments 115 may perform other necessary functionality as compiled in the 3 rd Generation Partnership Project 3 GPP, which are omitted or simplified in order to avoid obscuring of the illustrative embodiments. The functionality of DRM Agent 140 illustrated should not be restrictive without deviating from the scope of the present technique.
The valid CMCC 136 downloaded into the user equipments 115 provisions the users 120 to decrypt the conference data downloaded into the user equipments 115. In addition, the valid CMCC encrypts the request sent from the user equipments 115 to the applications server 110. The encryption of the request and decryption of the conference data downloaded into the user equipments 115 is performed after querying with the valid CMCC 136 downloaded into the user equipments 115, and hence there is no need for network 105 connection with the application server 110. In one embodiment of the present technique, the decryptor 142 of the valid CMCC 136 decrypts the conference data downloaded into the user equipments 115 using the validation coupon provided by the user equipments 115 and transfer the conference data to the user interface 142 as represented by reference numeral 143. The encryptor 144 of the valid CMCC 136 encrypts the request sent from the user equipments 115, using the validation coupon provided by the user equipments 115 as represented by reference numeral 121. The encryptor may receive the request from the users 120 as represented by reference numeral 145, which is sent to the access layer 122 of the network 105 for further processing.
The user interface 142 of the user equipments 115 presents the conference data to the users 120 after been decrypted and transferred from the decryptor 142 of the valid CMCC 136. The user interfaces 142 forms a,part of the user equipments 115, however, it may even be separated out from the user equipments 115. The user interface 142 may be a third party interface or an interface provided by the conference control module 128. The third party user interface 142 may be a real player or a media player etc. However, it will be apparent to one skilled in the art that the user interface 142 employed to present the conference data may be any suitable one without deviating from the scope of the present technique. The scope of the present technique should not be limited in light of the user interface 142.
The user equipments 115 used in the secure conference may be a mobile device, a personal digital assistant (PDA) device, a laptop, a fixed device, or combinations thereof. However, it will be apparent to one skilled in the art that the user equipments 115 employed for secure conference may be any suitable one without deviating from the scope of the present technique.
Fig 2 represents a flow diagram illustrating a method for secure conferencing over the IMS network, in one embodiment of the present technique. The method comprising: 1) making a request by at least one user to access an application server (block 201) 2) validating a user trying to access the application server with a user equipment (block 202), 3) denying the user to access the application server (block 203), 4) identifying the availability of a valid CMCC (block 204), 5) enabling the user equipment to download the valid CMCC (block 205), 6) requesting connectivity between the user equipment and the application server to download a conference data (block 206), 7) encrypting the conference data on the application server with a validation coupon (block 207), 8) validate the conference data on the user equipment (block 208), 9) denying to download the conference data (block 209), 10) provisioning the CMCC to decrypt the conference data (block 210), 11) transferring the conference data to a user interface in the user equipments (block 211). Each of the steps will be explained in greater extent in the subsequent sections as follows.
In step 201, an user makes a request to access an application server. Thereafter, the step of verification of the user with a validation coupon provided by an user equipment may occur as represented in step 202. The determination of valid information provided by the user may be performed in this step. For instance, if the user has provided a wrong validation coupon through the user equipment, the user may be denied to access the application server as represented in step 203. If such information provided from the user is valid, the request to access the application server is forwarded to next step to identify the availability of valid CMCC in the user equipment as represented in step 204.
In step 204, the availability of a valid CMCC in the user equipment may be performed through a CMCC download module. A CMCC key may be used to identify the valid CMCC in the user equipment. The CMCC key may be a unique key for each of a service provider or a content provider. If the user equipment done not comprises a valid CMCC, step 205 enables the user equipment to download the valid CMCC. If the user equipment already poses the valid CMCC, the request from the user may be processed and a connection may be established between the user equipment and the application server to download the conference data into the user equipment as represented in step 206.
In step 207, the conference data may be encrypted with the validation coupon provided by the user equipment during validation, through a water maker module. After encryption of the conference data, the validation of the conference data may be performed before downloading into the user equipment as represented in step 208. If the validation coupon provided by the user equipment after querying with the valid CMCC in the user equipment does not match with the validation coupon in the download message from application server, the validator denies the conference data to be downloaded into the user equipment as represented by step 209.
Upon successful validation of the conference data, it may be downloaded into the user equipment, where the conference data may be decrypted by the valid CMCC with the validation coupon provided by the user equipment as represented by step 210. In final step after decryption, the conference data may be transferred to an user interface to
present to the user as represented by step 211. The user may even send request to the application server using the user equipment, wherein the request from the user is encrypted with a validation coupon provided by the user equipment after querying with the valid CMCC.
With a fixed mobile convergence [FMC] in IMS network, a shared key may be introduced in future so that the particular users 120 may access the conference data on the multiple devices where the validation coupon may be the key shared across the devices in which conference application is accessed.
While the present invention has been related in terms of the foregoing embodiments, those skilled in the art will recognize that the invention is not limited to the embodiments depicted. The present invention may be practiced with modification and alteration within the spirit and scope of the appended claims. Thus, the description is to be regarded as illustrative instead of restrictive on the present invention.
In one of the exemplary embodiment, the present technique may be illustrated between two users (whom may be an "user 1" and an "user 2") connecting to the application server through the respective user equipments (which may be an "UE 1" and an "UE 2") over the IMS network.
The user 1 or the user 2 sends a request to access the application server. The users (user 1 and user 2) are validated before allowing then to access the application server. Validation of the users (user 1 and user 2) may be dependent on the validation coupon provided by their respective user equipments (UE 1 and UE 2). If the validation coupon is legitimate, the user 1 as well user 2 is allowed to access the application server. The users may further send a request to download the conference data rolled in the application server. Once such request is received by the application server, it validates whether the users have a privilege to access that particular conference data through a valid custom module conference control (CMCC) key provided by their respective user equipments in the request. The CMCC key is a unique key for each of a service provider or a content provider who has rolled the conference data in the application server. If the key is not valid, the users are requested to download the
valid CMCC, which have a proper CMCC key to access the conference data. If the user equipments have the valid CMCC, the application server allows the users to download the conference data. The conference data is encrypted in the application server before downloading into the user equipments. The encryption of the conference data is performed using the validation coupon provided by the user equipments. The UE 1 and UE 2 may validate the conference data before downloading, through the valid CMCC using the validation coupon. Further, the user 1 as well the user 2 may view the conference data through a user interface of there respective user equipments (UE 1 and UE 2). The conference data may be viewed only after decrypting the data by the valid CMCC downloaded in the respective user equipments (UE 1 and UE 2). The decryption of the conference data is performed by the valid CMCC using the validation coupon provided by the UE 1 and the UE 2.
In one embodiment of the present technique, the system 100 for secure conference over the IMS network is a secure video conference across the application server 110 and the plurality of user equipments 115. The secure conference with application server 110 does not mean access to all conference data or data's in the application server 110. The system for some conference may require registration and validations, which may be performed internally in the conference control module 128.
Few of the security attacks for the secure video conferencing are denial of service (DOS), an abuse of service attacks, and, an interception and modification attacks. The DOS security attack may be caused due to a session hijacking where a hacker may send the request to the application server 110 that he is one of the clients providing id of the existing users 120 arid asking a reset of user equipments 115 to which the conference data needs to be sent as the users 120 moved permanently. The system 100 takes care of this security issue as the hacker has to first download the valid CMCC 136 to connect to the application server 110. Any request received to the server 110 will be checked with validation coupon before accepting with the request itself issued from valid CMCC 136. Another type of DOS attack may involve a session tear down where the hacker sends the request to the user equipments 115 or to the application server 110 that the particular users 120 is leaving. With the present system 100 design, the direct request from the hacker to the valid CMCC client 136 will not work
and any request to server is entertained only from the valid CMSCC 136 with valid encryption. Handling the RTP/RTCP specific DOS attacks would involve the valid CMCC 136 to act as a local RTP server, breaking the link of direct interaction to the RTP/RTCP server which provides the video conferencing.
The abuse of service attacks may be an identity theft, a replay attack, a proxy impersonation, a bypassing refused consent, a false caller identity (ID), a false capability to fool billing, an improper access to services and a spam over Internet Telephony (SPIT). The identity theft does not occur in the present system 100 with the presence of the valid CMCC 136 which validates the users 120 based on validation coupon in the user equipment 115 rather than an external input from the hackers. This also takes care of the faller caller ID, the false capabilities to fool billing, the proxy impersonation, the bypassing refused consent and the improper access to services. The SPIT has been raised as a serious issue for the IMS network. Only the valid users 120 may cause SPIT on the system 100 involving the valid CMCC 136. In another embodiment of the present technique an additional filter capabilities on the valid CMCC 136 may restrict repetitive messages or limit the timing for sending messages. With a proper algorithms in valid CMCC 136 the SPIT may be fully be eliminated using this methodology.
The interception and modification attacks would involve a signal spying, a RTP play-out; a call content eavesdropping and a key manipulation. In the present technique, since the connection is entertained only with the valid CMCC 136 by the application server 110, modification of the conference data or the content that would impact availability, confidentiality and integrity does not happen.
Exemplary Computing Environment
One or more of the above-described techniques may be implemented in or involve one or more computer systems. Figure 3 illustrates a generalized example of a computing environment 300. The computing environment 300 is not intended to suggest any limitation as to scope of use or functionality of described embodiments.
With reference to Figure 3, the computing environment 300 includes at least one processing unit 310 and memory 320. In Figure 3, this most basic configuration 330 is included within a dashed line. The processing unit 310 executes computer-executable instructions and may be a real or a virtual processor. In a multi-processing system, multiple processing units execute computer-executable instructions to increase processing power. The memory 320 may be volatile memory (e.g., registers, cache, RAM), non-volatile memory (e.g., ROM, EEPROM, flash memory, etc.), or some combination of the two. In some embodiments, the memory 320 stores software 380 implementing described techniques.
A computing environment may have additional features. For example, the computing environment 300 includes storage 340, one or more input devices 350, one or more output devices 360, and one or more communication connections 370. An interconnection mechanism (not shown) such as a bus, controller, or network interconnects the components of the computing environment 300. Typically, operating system software (not shown) provides an operating environment for other software executing in the computing environment 300, and coordinates activities of the components of the computing environment 300.
The storage 340 may be removable or non-removable, and includes magnetic disks, magnetic tapes or cassettes, CD-ROMs, CD-RWs, DVDs, or any other medium which may be used to store information and which may be accessed within the computing environment 300. In some embodiments, the storage 340 stores instructions for the software 380.
The input device(s) 350 may be a touch input device such as a keyboard, mouse, pen, trackball, touch screen, or game controller, a voice input device, a scanning device, a digital camera, or another device that provides input to the computing environment 300. The output device(s) 360 may be a display, printer, speaker, or another device that provides output from the computing environment 300.
The communication connection(s) 370 enable communication over a communication medium to another computing entity. The communication medium conveys
information such as computer-executable instructions, audio or video information, or other data in a modulated data signal. A modulated data signal is a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media include wired or wireless techniques implemented with an electrical, optical, RF, infrared, acoustic, or other carrier.
Implementations may be described in the general context of computer-readable media. Computer-readable media are any available media that may be accessed within a computing environment. By way of example, and not limitation, within the computing environment 300, computer-readable media include memory 320, storage 340, communication media, and combinations of any of the above.
Having described and illustrated the principles of our invention with reference to described embodiments, it will be recognized that the described embodiments may be modified in arrangement and detail without departing from such principles. It should be understood that the programs, processes, or methods described herein are not related or limited to any particular type of computing environment, unless indicated otherwise. Various types of general purpose or specialized computing environments may be used with or perform operations in accordance with the teachings described herein. Elements of the described embodiments shown in software may be implemented in hardware and vice versa.
In view of the many possible embodiments to which the principles of our invention may be applied, we claim as our invention all such embodiments as may come within the scope and spirit of the following claims and equivalents thereto.
We claim:
1. A method to perform a secure conference over a network, the method
comprising:
validating a plurality of users through a filter using a validation coupon provided by a pluarilty of user equipments to access an application server;
enabling the plurality of user equipments to download a valid custom media conference client (CMCC) from a CMCC download module of the application server after successful validation;
requesting a connectivity between the plurality of the user equipments and a conference control module of the the application server to download a conference data;
encrypting the conference data before downloading by a water marker module of the application server with the validation coupon provided by the plurality of user equipments;
provisioning the valid CMCC to decrypt the downloaded conference data using the validation coupon provided by the plurality of user equipments through a decyptor; and
transfering the conference data to an user interface of the plurality of the user equipments.
2. The method as recited in claim 1, wherein the network to perform the secure conference is an internet protocol (IP) based network.
3. The method of claim 2, wherein the IP based network includes at least one of an IP multimedia subsystem network (IMS network) or a packet based network.
4. The method as recited in claim 1, wherein the secure conference includes at least one of a video conferencing or an audio conferencing or data conferencing or combinations thereof.
5. The method as recited in claim 1, wherein the validation coupon includes at least one of an user identity (public id) or an equipment identity (device id) or a shared key for multiple devices or combinations thereof.
6. The method of claim 1, further comprising denying the plurality of users to access the application server, wherein access to the application server is dependent on the plurality of user equipments successful validation of the validation coupon.
7. The method of claim 1, further comprising identifying the availability of the valid CMCC in the plurality of user equipments through a CMCC key provided by a content provider.
8. The method of claim 1, further comprises intimating the plurality of users about the presence of a valid CMCC in the respective user equipments and downloading the valid CMCC from the CMCC download module into the respective user equipments in absence of the valid CMCC.
9. The method of claim 1, wherein the connectivity between the plurality of the user equipments and the application server includes at least one of a real time protocol or a real time streaming protocol or combinations thereof.
10. The method of claim 1, wherein the request sent from the plurality of the user equipments to the application server is encrypted using the validation coupon provided by the plurality of user equipments through a encryptor.
11. The method of claim 10, wherein processing of request sent from the plurality of the user equipments in the conference control module of the application server is performed after decrypting the request using the validation coupon provided by the plurality of user equipments through a decoder.
12. The method of claim 1, further comprises validating the encrypted
conference data before downloading into the plurality of user equipments through a
validator.
13. The method of claim 12, wherein the validation of the conference data is performed using the validation coupon, provided by the plurality of user equipments.
14. A system to perform a secure conference over a network, the system comprising:
an application server configured for rolling a conference data, wherein the application server comprising:
a conference control module to manage the conference data;
a CMCC download module to allow a plurality of user equipments to download a valid CMCC upon successful validation of a validation coupon;
a water marker module to encrypt the conference data using the validation coupon; and
the plurality of user equipments configured to connect with the conference control module of the application server for downloading the conference data after been encrypted by the water marker module and present the downloaded conference data to a plurality of users;
wherein the conference data is decrypted by the valid CMCC in the plurality of user equipments before presenting to the plurality of users.
15. A system of claim 14, wherein the application server further comprising a
filter to validate the plurality of users using a validation coupon provided by the
plurality of user equipments.
16. A system of claim 14, wherein the application server further comprising a decoder for decrypting request from the plurality of user equipments.
17. A system of claim 14, wherein the valid CMCC downloaded into the plurality of user equipments further comprising:
a validator to validate the conference data before downloading into the plurality of user equipments;
an encryptor to encrypt a request sent from the plurality of user equipments to the application server; and
a decryptor to decrypt the conference data downloaded into the plurality of user equipments from the conference control module of the application server.
18. A system of claim 14, wherein the plurality of user equipments further comprising a digital rights media (DRM) agent to enforce the plurality of rights in the plurality of user equipments.
19. A system of claim 14, wherein the conference data downloaded into the plurality of user equipments are presented to the plurality of users through an user interface.
20. A system of claim 19, wherein the user interfaces includes at least one of a third part interface or an interface provided by the conference control module or combinations thereof.
21. The system of claim 14, wherein the plurality of user equipments includes at least one of a mobile device or a personal digital assistant (PDA) device or a laptop or a fixed device or combinations thereof.
22. The system of claim 14, wherein the connection between the plurality of user equipments and the application server is provided through an access layer and an IP multimedia subsystem (IMS) layer.
23. A computer program product comprising a computer usable medium having a
computer readable program code embodied therein for performing a secure
conference over a network, the method comprising:
program code adapted for validating a plurality of users through a filter using a validation coupon provided by a pluarilty of user equipments to access an application server;
program code adapted for enabling the plurality of user equipments to download a valid custom media conference client (CMCC) from a CMCC download module of the application server after successful validation;
program code adapted for requesting a connectivity between the plurality of the user equipments and a conference control module of the application server, to download a conference data;
program code adapted for encrypting the conference data before downloading by a water marker module of the application server using the validation coupon provided by the plurality of user equipments;
program code adapted for provisioning the valid CMCC to decrypt the downloaded conference data using the validation coupon provided by the plurality of user equipments through a decyptor; and
program code adapted for transfering the conference data to an user interface of the plurality of the user equipments.
24. The product of claim 23, further comprising program code adapted for denying the plurality of users to access the application server, wherein access to the application server is dependent on the plurality of user equipments successful validation of the validation coupon.
25. The product of claim 23, further comprising program code adapted for identifying the availability of the valid CMCC in the plurality of user equipments through a CMCC key provided by a content provider.
26. The product of claim 23, further comprising program code adapted for
encrypting request sent from the plurality of the user equipments to the application
server using the validation coupon provided by the plurality of user equipments
through a encryptor.
27. The product of claim 23, further comprising program code adapted for
decrypting request sent from the plurality of the user equipments in the conference
control module of the application server using the validation coupon provided by the
plurality of user equipments through a decoder.
28. The product of claim 23, further comprising program code adapted for
validation of the conference data before downloading into the plurality of user
equipments through a validator.
Documents
Orders
| Section | Controller | Decision Date |
|---|---|---|
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 835-CHE-2007 FORM-18 06-10-2009.pdf | 2009-10-06 |
| 1 | 835-CHE-2007-US(14)-ExtendedHearingNotice-(HearingDate-13-10-2020).pdf | 2021-10-03 |
| 2 | 835-CHE-20007-Abstract_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 2 | 835-CHE-2007 FORM-13 28-10-2009.pdf | 2009-10-28 |
| 3 | 835-CHE-20007-Claims_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 3 | 0835-che-2007-form 5.pdf | 2011-09-03 |
| 4 | 835-CHE-20007-Description_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 4 | 0835-che-2007-form 3.pdf | 2011-09-03 |
| 5 | 835-CHE-20007-Drawings_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 5 | 0835-che-2007-form 1.pdf | 2011-09-03 |
| 6 | 835-CHE-2007-IntimationOfGrant28-10-2020.pdf | 2020-10-28 |
| 6 | 0835-che-2007-drawings.pdf | 2011-09-03 |
| 7 | 835-CHE-2007-PatentCertificate28-10-2020.pdf | 2020-10-28 |
| 7 | 0835-che-2007-description(complete).pdf | 2011-09-03 |
| 8 | 835-che-2007-Annexure [27-10-2020(online)].pdf | 2020-10-27 |
| 8 | 0835-che-2007-correspondnece-others.pdf | 2011-09-03 |
| 9 | 0835-che-2007-claims.pdf | 2011-09-03 |
| 9 | 835-che-2007-Proof of Right [27-10-2020(online)].pdf | 2020-10-27 |
| 10 | 0835-che-2007-abstract.pdf | 2011-09-03 |
| 10 | 835-che-2007-Written submissions and relevant documents [27-10-2020(online)].pdf | 2020-10-27 |
| 11 | 835-CHE-2007 AMENDED CLAIMS 27-05-2015.pdf | 2015-05-27 |
| 11 | 835-CHE-2007-FORM 13 [07-10-2020(online)].pdf | 2020-10-07 |
| 12 | 835-CHE-2007 OTHER PATENT DOCUMENT 27-05-2015.pdf | 2015-05-27 |
| 12 | 835-CHE-2007-FORM-26 [07-10-2020(online)].pdf | 2020-10-07 |
| 13 | 835-CHE-2007 FORM-3 27-05-2015.pdf | 2015-05-27 |
| 13 | 835-CHE-2007-PETITION UNDER RULE 137 [19-12-2019(online)].pdf | 2019-12-19 |
| 14 | 835-CHE-2007 EXAMINATION REPORT REPLY RECEIVED 27-05-2015.pdf | 2015-05-27 |
| 14 | 835-che-2007-Written submissions and relevant documents (MANDATORY) [19-12-2019(online)].pdf | 2019-12-19 |
| 15 | 835-CHE-2007 AMENDED PAGES OF SPECIFICATION 27-05-2015.pdf | 2015-05-27 |
| 15 | 835-CHE-2007-HearingNoticeLetter-(DateOfHearing-04-12-2019).pdf | 2019-11-11 |
| 16 | 835-CHE-2007 CORRESPONDENCE OTHERS 03-06-2015.pdf | 2015-06-03 |
| 16 | 835-CHE-2007-PETITION UNDER RULE 137 [27-09-2019(online)].pdf | 2019-09-27 |
| 17 | 835-CHE-2007-Correspondence to notify the Controller (Mandatory) [21-08-2019(online)].pdf | 2019-08-21 |
| 17 | 835-CHE-2007 FORM-13 03-06-2015.pdf | 2015-06-03 |
| 18 | 835-CHE-2007 FORM-1 03-06-2015.pdf | 2015-06-03 |
| 18 | 835-CHE-2007-HearingNoticeLetter19-08-2019.pdf | 2019-08-19 |
| 19 | 835-CHE-2007 AMENDED PAGES OF SPECIFICATION 03-06-2015.pdf | 2015-06-03 |
| 19 | 835-CHE-2007_EXAMREPORT.pdf | 2016-07-02 |
| 20 | 835-CHE-2007 AMENDED PAGES OF SPECIFICATION 03-06-2015.pdf | 2015-06-03 |
| 20 | 835-CHE-2007_EXAMREPORT.pdf | 2016-07-02 |
| 21 | 835-CHE-2007 FORM-1 03-06-2015.pdf | 2015-06-03 |
| 21 | 835-CHE-2007-HearingNoticeLetter19-08-2019.pdf | 2019-08-19 |
| 22 | 835-CHE-2007 FORM-13 03-06-2015.pdf | 2015-06-03 |
| 22 | 835-CHE-2007-Correspondence to notify the Controller (Mandatory) [21-08-2019(online)].pdf | 2019-08-21 |
| 23 | 835-CHE-2007 CORRESPONDENCE OTHERS 03-06-2015.pdf | 2015-06-03 |
| 23 | 835-CHE-2007-PETITION UNDER RULE 137 [27-09-2019(online)].pdf | 2019-09-27 |
| 24 | 835-CHE-2007-HearingNoticeLetter-(DateOfHearing-04-12-2019).pdf | 2019-11-11 |
| 24 | 835-CHE-2007 AMENDED PAGES OF SPECIFICATION 27-05-2015.pdf | 2015-05-27 |
| 25 | 835-CHE-2007 EXAMINATION REPORT REPLY RECEIVED 27-05-2015.pdf | 2015-05-27 |
| 25 | 835-che-2007-Written submissions and relevant documents (MANDATORY) [19-12-2019(online)].pdf | 2019-12-19 |
| 26 | 835-CHE-2007 FORM-3 27-05-2015.pdf | 2015-05-27 |
| 26 | 835-CHE-2007-PETITION UNDER RULE 137 [19-12-2019(online)].pdf | 2019-12-19 |
| 27 | 835-CHE-2007 OTHER PATENT DOCUMENT 27-05-2015.pdf | 2015-05-27 |
| 27 | 835-CHE-2007-FORM-26 [07-10-2020(online)].pdf | 2020-10-07 |
| 28 | 835-CHE-2007 AMENDED CLAIMS 27-05-2015.pdf | 2015-05-27 |
| 28 | 835-CHE-2007-FORM 13 [07-10-2020(online)].pdf | 2020-10-07 |
| 29 | 0835-che-2007-abstract.pdf | 2011-09-03 |
| 29 | 835-che-2007-Written submissions and relevant documents [27-10-2020(online)].pdf | 2020-10-27 |
| 30 | 0835-che-2007-claims.pdf | 2011-09-03 |
| 30 | 835-che-2007-Proof of Right [27-10-2020(online)].pdf | 2020-10-27 |
| 31 | 835-che-2007-Annexure [27-10-2020(online)].pdf | 2020-10-27 |
| 31 | 0835-che-2007-correspondnece-others.pdf | 2011-09-03 |
| 32 | 835-CHE-2007-PatentCertificate28-10-2020.pdf | 2020-10-28 |
| 32 | 0835-che-2007-description(complete).pdf | 2011-09-03 |
| 33 | 835-CHE-2007-IntimationOfGrant28-10-2020.pdf | 2020-10-28 |
| 33 | 0835-che-2007-drawings.pdf | 2011-09-03 |
| 34 | 835-CHE-20007-Drawings_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 34 | 0835-che-2007-form 1.pdf | 2011-09-03 |
| 35 | 835-CHE-20007-Description_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 35 | 0835-che-2007-form 3.pdf | 2011-09-03 |
| 36 | 835-CHE-20007-Claims_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 36 | 0835-che-2007-form 5.pdf | 2011-09-03 |
| 37 | 835-CHE-20007-Abstract_Granted 350264_28-10-2020.pdf | 2020-10-28 |
| 37 | 835-CHE-2007 FORM-13 28-10-2009.pdf | 2009-10-28 |
| 38 | 835-CHE-2007 FORM-18 06-10-2009.pdf | 2009-10-06 |
| 38 | 835-CHE-2007-US(14)-ExtendedHearingNotice-(HearingDate-13-10-2020).pdf | 2021-10-03 |