US20030033375A1 - Method for identifying internet users - Google Patents

Method for identifying internet users Download PDF

Info

Publication number
US20030033375A1
US20030033375A1 US10/221,570 US22157002A US2003033375A1 US 20030033375 A1 US20030033375 A1 US 20030033375A1 US 22157002 A US22157002 A US 22157002A US 2003033375 A1 US2003033375 A1 US 2003033375A1
Authority
US
United States
Prior art keywords
internet
fact
internet user
message
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/221,570
Inventor
Ulrich Mitreuter
Stefan Unger
Renate Zygan-Maus
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Assigned to SIEMENS AKTIENGESELLSCHAFT reassignment SIEMENS AKTIENGESELLSCHAFT ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MITREUTER, ULRICH, UNGER, STEFAN, ZYGAN-MAUS, RENATE DR.
Publication of US20030033375A1 publication Critical patent/US20030033375A1/en
Priority to US11/516,619 priority Critical patent/US8621033B2/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Definitions

  • Internet Service Providers nowadays offer Internet access to the mass market without the service feature “net-wide identification of the Internet user”.
  • new Internet-based services require the identification of the Internet user to the service provider. This identification should also protect against manipulation and misuse by another Internet user.
  • Internet phone services and Internet telephone net convergence services require the user of these services (i.e. the sender of the IP packets containing the service signal data) to be identified.
  • the provider of such new Internet services is not necessarily identical with the Internet user's ISP (Internet Service Provider).
  • a net-wide introduction of the Internet user identification service according to the invention would significantly enhance trust in IP messages, and it would greatly facilitate the spread of commercial applications with their potentially higher security requirements, as well as help reduce Internet misuse.
  • IPSEC Identification and authentication through the IP hosts used by the communication partners: IPSEC. This method requires both communication partners to use static IP addresses, and it requires these IP addresses to be unequivocally assigned to both communication partners. IPSEC is not suitable for the technical problem to be solved, since
  • a mutual secret such as a password which is only known to the user and his communication partner, is relayed in the application protocol or in the application reference data.
  • This method can only be used in combination with a transfer which has been secured against “intercepting” (such as a coded transfer).
  • a mutual secret is being used to encode part of the message. If the recipient can decode the message, the sender is authenticated as possessing the code key.
  • a mutual secret is used to generate a digital fingerprint of the message, which is attached to the message. If the recipient can reproduce this fingerprint, the sender is authenticated as possessing the mutual secret.
  • the sender With the help of his “private key” of an asymmetrical authentication procedure, the sender generates a digital fingerprint of the message to be sent, which then is attached to the message, and he also attaches his electronic certificate to the message.
  • This certificate contains the “public key” and the name of the user. The recipient can verify the digital fingerprint with the help of this public key. The recipient now also needs to verify the certificate. This is done according to standard procedure for certificates. For this purpose, the certificate contains a digital fingerprint of the certificate data, generated with the private key of a certification entity. If the recipient possesses the public key of the certification entity, he can verify the integrity of the user's certificate. Possession of the private key, which has been used for the generation of the digital fingerprint of the message, authenticates the user.
  • the Internet Service Provider Upon request, the Internet Service Provider supplies IP messages of clients with data which makes it possible to identify the Internet user's IP packets.
  • the Internet Service Provider guarantees the integrity of this data with cryptographic means.
  • a business relation between the Internet Service Provider and the Internet user is a prerequisite for the identification and authentication method according to the invention.
  • the Internet Service Provider possesses data which can be used to identify the Internet user. If the Internet user utilizes the access service of the Internet Service Provider (such as when establishing an Internet connection via the telephone line), he initially has to identify himself to the Internet Service Provider (typically with an account name and a password, which the Internet Service Provider has saved). After the authentication, the Internet Service Provider thus securely knows the identity of the Internet user. He can now add information identifying the Internet user to all IP packets of the Internet user.
  • the Internet user's IP packets can be identified by other Internet Service Providers, without the Internet user having to provide his identification data; namely either according to principle a), i.e. the Service Provider has to save and administer the data specific to the Internet user, or according to principle b), i.e. with the help of a centralized certification entity.
  • the Internet Service Provider as a trustworthy entity can supply the IP message with network-provided Internet user identification information in a manner that protects against falsification.
  • the invention takes advantage of the point-to-point Internet user identification, which is common between the Internet user and his Internet Service Provider for obtaining Internet access, in order to provide a net-wide secure identification of an Internet user through a trustworthy Internet Service Provider (equipped with a public certificate).
  • IP packets are screened for a certain (still to be determined) flag, a so-called authentication request flag, by which means the Internet user might be asked to provide identification data per IP packet, and/or
  • a database (with an analogue function such as the Security Policy Database in IPSEC) is checked for whether the service “provide IP packets with identification data” is requested for the Internet user. Thereby, the destination IP address, the transport protocol or the TCP/UDP ports can serve as selectors.
  • an analogue function such as the Security Policy Database in IPSEC
  • the Internet Service Provider adds data identifying the Internet User to the IP packet header. This could for example be a telephone number of the Internet User, or his user name for the Internet access subscription, which is known to his Internet Service Provider.
  • the Internet Service Provider subsequently derives a digital signature from the modified IP packets including the reference data sent by the user, in order to secure the identification data and the reference data sent by the user from falsification (data integrity).
  • the modified IP packet is used to calculate a checksum, which is coded with the secret key of the Internet Service Provider (Integrity Check Value).
  • the Internet Service Provider adds to the IP packet header his electronic certificate (ISP X.509 Certificate), which contains the ISP's public key for decoding the checksum.
  • ISP X.509 Certificate which contains the ISP's public key for decoding the checksum.
  • each recipient of the IP message can verify the correctness of the digital signature by decoding the checksum and comparing it to the checksum the recipient has calculated.
  • the recipient has the option to obtain further data on the Internet user (name, address) from the certificate holder (the Internet Service Provider) named in the certificate. (This could be used for Malicious Caller Identification.)
  • the total-length field as well as the header checksum in the IP header need to be recalculated.
  • the digital signature of the Internet Service Provider is valid as long as the data in the IP payload doesn't change.
  • IP payload It is possible for data in the IP payload to be modified on the way of the IP message to the actual communication partner; this could happen through authorized proxies (such as the VIA field in SIP, IP addresses in NAT).
  • the proxy then also recalculates the total-length field as well as the header checksum in the IP header.
  • the proxy can already be the end host of the secured transfer according to the invention. This is the case for example, when the proxy executes the authentication of the Internet user in order to check whether the latter already is a client of the message recipient.
  • the proxy checks the AOD and sends the IP message on without the AOD. Or the proxy adjusts the AOD information and signs these changes by means of a digital signature. For this, the proxy calculates the Integrity Check Value and replaces the prior one with it. In addition, he replaces the ISP certificate with his certificate and adds ISP identification information to the origin identification data.
  • the realization on the IP level has the advantage that the Internet Service Provider can quickly see in the POP, whether identification data needs to be added or not, since to this end, it is simply necessary to analyze the IP header or to check the policy data base (performance advantage).
  • the data on higher protocol levels, which is exchanged on an end-to-end basis, is not changed.
  • the applications on Internet hosts which use this new IP option require an expanded IP network interface (IP socket interface) in order to place an authentication flag for an outgoing IP packet when necessary, or to transfer sender identification data to the IP network interface and to read incoming received sender identification data.
  • IP socket interface IP socket interface
  • the ISP who offers the new Internet access feature “identification of Internet users” needs a policy database, which requires administration.
  • the ISP needs a certificate from a public certification entity, which also requires administration and maintenance (update of certificate revocation lists, etc.).

Abstract

New Internet-based services require the Internet user to be identified to a service provider. According to the invention, this requirement is met by the Internet access provider providing the IP-messages of the client, if desired, with data identifying the IP-packets of the Internet user. The Internet access provider guarantees the integrity of this data with cryptographic means.

Description

  • 1. Which technical problem is to be solved by your invention?[0001]
  • 2. How has this problem been solved until now?[0002]
  • 3. How does your invention solve the named technical problem (state advantages)?[0003]
  • 4. Embodiment[s] of the invention. [0004]
  • Regarding Item 1: Which technical problem is to be solved by your invention?[0005]
  • Internet Service Providers nowadays offer Internet access to the mass market without the service feature “net-wide identification of the Internet user”. However, new Internet-based services require the identification of the Internet user to the service provider. This identification should also protect against manipulation and misuse by another Internet user. For example Internet phone services and Internet telephone net convergence services require the user of these services (i.e. the sender of the IP packets containing the service signal data) to be identified. The provider of such new Internet services is not necessarily identical with the Internet user's ISP (Internet Service Provider). [0006]
  • A net-wide introduction of the Internet user identification service according to the invention would significantly enhance trust in IP messages, and it would greatly facilitate the spread of commercial applications with their potentially higher security requirements, as well as help reduce Internet misuse. [0007]
  • Regarding Item 2: How has this problem been solved until now?[0008]
  • The currently known methods for the secured identification (authentication) of an Internet user all use the principle of end-to-end authentication, i.e., the communication partners authenticate themselves on a basis of identification and authentication data, which is assigned to each communication partner individually, and is made known to the other communication partner. This data can either [0009]
  • a) be known to the other communication partner prior to the beginning of the communication (sufficient identification and authentication data has been saved by the communication partner) or [0010]
  • b) be relayed to the other communication partner at the beginning of the communication by means of a trustworthy third party (identification and authentication data has been saved by a central, public certification entity). [0011]
  • Currently known methods for the secure identification of Internet users are: [0012]
  • I. Identification and authentication through the IP hosts used by the communication partners: IPSEC. This method requires both communication partners to use static IP addresses, and it requires these IP addresses to be unequivocally assigned to both communication partners. IPSEC is not suitable for the technical problem to be solved, since [0013]
  • 1. the majority of Internet users uses dial-up access, and is assigned only a temporary IP address by their Internet service providers; 2. IPSEC as point-to-point method of type a) requires the identification and authentication data of all potential communication partners to be saved, and therefore is not suitable for the mass market of new Internet services. [0014]
  • II. Identification and authentication by means of TCP functions (TLS, Transport Layer Security). This method can principally be used by all application programs which use TCP/IP. It requires adjustments in the application programs as well as the provision of end-to-end identification and authentication data according to either principle a) or principle b). [0015]
  • III. Identification and authentication through the application programs in use. [0016]
  • The data for the identification of the user, such as his “name”, is rendered into clear text in the application protocol (such as HTTP, FTP, Telnet, SIP). As proof that the sender is actually the name bearer, i.e. as authentication of the name, there are several possibilities, such as: [0017]
  • 1. A mutual secret, such as a password which is only known to the user and his communication partner, is relayed in the application protocol or in the application reference data. This method can only be used in combination with a transfer which has been secured against “intercepting” (such as a coded transfer). [0018]
  • 2. A mutual secret is being used to encode part of the message. If the recipient can decode the message, the sender is authenticated as possessing the code key. [0019]
  • 3. By means of a challenge-response procedure in the application protocol, it is proven that the user is in possession of a mutual secret. [0020]
  • 4. A mutual secret is used to generate a digital fingerprint of the message, which is attached to the message. If the recipient can reproduce this fingerprint, the sender is authenticated as possessing the mutual secret. [0021]
  • 5. With the help of his “private key” of an asymmetrical authentication procedure, the sender generates a digital fingerprint of the message to be sent, which then is attached to the message, and he also attaches his electronic certificate to the message. This certificate contains the “public key” and the name of the user. The recipient can verify the digital fingerprint with the help of this public key. The recipient now also needs to verify the certificate. This is done according to standard procedure for certificates. For this purpose, the certificate contains a digital fingerprint of the certificate data, generated with the private key of a certification entity. If the recipient possesses the public key of the certification entity, he can verify the integrity of the user's certificate. Possession of the private key, which has been used for the generation of the digital fingerprint of the message, authenticates the user. [0022]
  • The disadvantage of all known methods is the large effort necessary for installation, administration and maintenance of various data bases containing the identification and authentication data of Internet users (either centralized, expensive certificate depositories, or many decentralized subscriber data bases at various service providers), as well as for managing the infrastructure, intended to secure the integrity of identification data (such as certificate revocation lists, security policy database). This effort is made necessary by the fact that each Internet user carries out the identification and authentication procedures for himself (principle of end-to-end authentication). [0023]
  • Regarding Item 3: How does your invention solve the named technical problem (state advantages)?[0024]
  • Upon request, the Internet Service Provider supplies IP messages of clients with data which makes it possible to identify the Internet user's IP packets. The Internet Service Provider guarantees the integrity of this data with cryptographic means. [0025]
  • The difference to the above-mentioned methods therefore lies in the fact that the Internet user does no longer himself initiate his identification, but instead the Internet Service Provider takes over this task. With the help of the invention, the effort in identifying IP packets of Internet users is reduced. [0026]
  • A business relation between the Internet Service Provider and the Internet user is a prerequisite for the identification and authentication method according to the invention. Thereby, the Internet Service Provider possesses data which can be used to identify the Internet user. If the Internet user utilizes the access service of the Internet Service Provider (such as when establishing an Internet connection via the telephone line), he initially has to identify himself to the Internet Service Provider (typically with an account name and a password, which the Internet Service Provider has saved). After the authentication, the Internet Service Provider thus securely knows the identity of the Internet user. He can now add information identifying the Internet user to all IP packets of the Internet user. With this information, the Internet user's IP packets can be identified by other Internet Service Providers, without the Internet user having to provide his identification data; namely either according to principle a), i.e. the Service Provider has to save and administer the data specific to the Internet user, or according to principle b), i.e. with the help of a centralized certification entity. [0027]
  • An analogy from the Public Switching Telephone Network PSTN may clarify this idea. When establishing a connection in the telephone net, the phone number of the calling party comes up. The operator of the telephone net guarantees that this number actually identifies the line of the calling number; the phone number of the calling party is “network provided” or “user-provided, verified and passed”. The calling party is not able to change the number, since it is assigned by the network and not by the user. At the same time, other participants in the telephone net cannot change this number. Therefore it is always possible to identify the parties participating in a telephone conversation with certainty. [0028]
  • This is not possible in the IP net, because first of all, the IP sender addresses in IP messages can be falsified, and second of all, the IP addresses are provided to the Internet user only on a temporary basis. According to the invention however, in an IP net, the Internet Service Provider as a trustworthy entity can supply the IP message with network-provided Internet user identification information in a manner that protects against falsification. [0029]
  • The invention takes advantage of the point-to-point Internet user identification, which is common between the Internet user and his Internet Service Provider for obtaining Internet access, in order to provide a net-wide secure identification of an Internet user through a trustworthy Internet Service Provider (equipped with a public certificate). [0030]
  • Regarding Item 4: Embodiment[s] of the invention [0031]
  • For a generic solution (a solution which is independent of the transport- or application-protocol used) with the best possible performance, a realization on the IP level is suggested (see FIGS. 1 and 2). [0032]
  • At the POP (point of presence, access point) of the Internet Service Provider [0033]
  • IP packets are screened for a certain (still to be determined) flag, a so-called authentication request flag, by which means the Internet user might be asked to provide identification data per IP packet, and/or [0034]
  • a database (with an analogue function such as the Security Policy Database in IPSEC) is checked for whether the service “provide IP packets with identification data” is requested for the Internet user. Thereby, the destination IP address, the transport protocol or the TCP/UDP ports can serve as selectors. [0035]
  • If so, the Internet Service Provider adds data identifying the Internet User to the IP packet header. This could for example be a telephone number of the Internet User, or his user name for the Internet access subscription, which is known to his Internet Service Provider. [0036]
  • The Internet Service Provider subsequently derives a digital signature from the modified IP packets including the reference data sent by the user, in order to secure the identification data and the reference data sent by the user from falsification (data integrity). The modified IP packet is used to calculate a checksum, which is coded with the secret key of the Internet Service Provider (Integrity Check Value). Finally, the Internet Service Provider adds to the IP packet header his electronic certificate (ISP X.509 Certificate), which contains the ISP's public key for decoding the checksum. Thereby, each recipient of the IP message can verify the correctness of the digital signature by decoding the checksum and comparing it to the checksum the recipient has calculated. In addition to that, the recipient has the option to obtain further data on the Internet user (name, address) from the certificate holder (the Internet Service Provider) named in the certificate. (This could be used for Malicious Caller Identification.) [0037]
  • The proposed realization shows similarities with IPSEC. The main difference, however, is that as opposed to IPSEC, no point-to-point authentication, but rather a point-to-multipoint authentication can be realized, since all data relevant for the authentication (the “name” of the Internet user, the name of the Internet Service Provider (ISP) and his certificate) is contained in the IP packet. In addition to that, there is neither an end-to-end, nor a host-to-host authentication, but rather an ISP-to-host authentication. [0038]
  • The realization of Internet user identification on the IP level requires a new, optional function of the IP stack. If this function is not available in a recipient host, the entire new AOD information (see FIG. 2) of an IP message is to be ignored. Standard IP stacks nowadays already support this function for unknown IP options. [0039]
  • Since the length of an IP message changes with the addition of AOD information, the total-length field as well as the header checksum in the IP header need to be recalculated. The digital signature of the Internet Service Provider is valid as long as the data in the IP payload doesn't change. [0040]
  • It is possible for data in the IP payload to be modified on the way of the IP message to the actual communication partner; this could happen through authorized proxies (such as the VIA field in SIP, IP addresses in NAT). The proxy then also recalculates the total-length field as well as the header checksum in the IP header. [0041]
  • In such a case, the proxy can already be the end host of the secured transfer according to the invention. This is the case for example, when the proxy executes the authentication of the Internet user in order to check whether the latter already is a client of the message recipient. The proxy checks the AOD and sends the IP message on without the AOD. Or the proxy adjusts the AOD information and signs these changes by means of a digital signature. For this, the proxy calculates the Integrity Check Value and replaces the prior one with it. In addition, he replaces the ISP certificate with his certificate and adds ISP identification information to the origin identification data. [0042]
  • As opposed to a realization on the transport- or application level, the realization on the IP level has the advantage that the Internet Service Provider can quickly see in the POP, whether identification data needs to be added or not, since to this end, it is simply necessary to analyze the IP header or to check the policy data base (performance advantage). The data on higher protocol levels, which is exchanged on an end-to-end basis, is not changed. The applications on Internet hosts which use this new IP option, require an expanded IP network interface (IP socket interface) in order to place an authentication flag for an outgoing IP packet when necessary, or to transfer sender identification data to the IP network interface and to read incoming received sender identification data. The ISP who offers the new Internet access feature “identification of Internet users” needs a policy database, which requires administration. In addition to this, the ISP needs a certificate from a public certification entity, which also requires administration and maintenance (update of certificate revocation lists, etc.). [0043]

Claims (11)

1. Method for identifying Internet users according to which an Internet user is identified or authenticated at the Internet access point in the course of an access check when using the Internet access service of an Internet Service Provider with whom the Internet user maintains a business relation. This method is characterized by the fact that Internet user identification information is added to an Internet user's IP message after it successfully passed the access check of the Internet access point, and prior to it being sent on, whereby the integrity of this information is guaranteed with cryptographic means.
2. Method according to claim 1, characterized by the fact that Internet user identification information is added only when a certain requirement is met.
3. Method according to claim 2, characterized by the fact that the Internet user provides the stated requirement.
4. Method according to claim 1 or 2, characterized by the fact that the requirement in question is checked at the access point, where to this end, information is taken from the IP message and/or a database.
5. Method according to one of the claims 1 through 4, characterized by the fact that the method is realized on the Internet protocol level.
6. Method according to one of the claims 1 through 4, characterized by the fact that the method is realized on the transport protocol level.
7. Method according to one of the claims 1 through 4, characterized by the fact that the method is realized on the user protocol level.
8. Method according to one of the claims 1 through 7, characterized by the fact that the integrity of the Internet user identification information is guaranteed with a digital signature.
9. Internet access point which
identifies or authenticates an Internet user in the course of the Internet access service,
adds Internet user identification information to an Internet user's IP message after the Internet access service has successfully been accomplished and prior to the IP message being sent on, whereby the integrity of this information is guaranteed with cryptographic means.
10. Internet access point according to claim 9, characterized by the fact that it adds the Internet user identification information to the IP message only if a certain requirement is met.
11. Internet access point according to claim 10, characterized by the fact that it checks the stated requirement with the help of information obtained from either the IP message and/or a database.
US10/221,570 2000-09-05 2001-08-28 Method for identifying internet users Abandoned US20030033375A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/516,619 US8621033B2 (en) 2000-09-05 2006-09-07 Method for identifying internet users

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP00119184A EP1187415A1 (en) 2000-09-05 2000-09-05 Method for identifying Internet users
EP00119184.0 2000-09-05

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/516,619 Continuation US8621033B2 (en) 2000-09-05 2006-09-07 Method for identifying internet users

Publications (1)

Publication Number Publication Date
US20030033375A1 true US20030033375A1 (en) 2003-02-13

Family

ID=8169756

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/221,570 Abandoned US20030033375A1 (en) 2000-09-05 2001-08-28 Method for identifying internet users
US11/516,619 Expired - Fee Related US8621033B2 (en) 2000-09-05 2006-09-07 Method for identifying internet users

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/516,619 Expired - Fee Related US8621033B2 (en) 2000-09-05 2006-09-07 Method for identifying internet users

Country Status (8)

Country Link
US (2) US20030033375A1 (en)
EP (2) EP1187415A1 (en)
JP (1) JP4709470B2 (en)
CN (1) CN1197324C (en)
AT (1) ATE369685T1 (en)
DE (1) DE50112838D1 (en)
ES (1) ES2290167T3 (en)
WO (1) WO2002021796A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040234049A1 (en) * 2003-05-19 2004-11-25 John Melideo Telephone calling interface
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
US20050216769A1 (en) * 2004-03-26 2005-09-29 Fujitsu Limited Access source authentication method and system
WO2005094036A1 (en) * 2004-03-23 2005-10-06 Philips Intellectual Property & Standards Gmbh Anonymous integrity of transmitted data
US20060106711A1 (en) * 2004-11-17 2006-05-18 John Melideo Reverse billing in online search
US20060182250A1 (en) * 2003-05-19 2006-08-17 John Melideo Application Independent Call Initiation
US20120036357A1 (en) * 2003-11-14 2012-02-09 Marinus Struik Cryptographic method and apparatus
US11108774B2 (en) * 2018-05-14 2021-08-31 Capital One Services, Llc Method and system for verifying user identity
US11659394B1 (en) * 2017-05-24 2023-05-23 Jonathan Grier Agile node isolation using packet level non-repudiation for mobile networks

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272398B2 (en) * 2003-11-21 2007-09-18 Lucent Technologies Inc. Providing to sender of message an identifier of service provider associated with recipient of the message
CN1703004B (en) * 2005-02-28 2010-08-25 联想(北京)有限公司 Method for implementing network access authentication
WO2009086845A1 (en) 2008-01-07 2009-07-16 Siemens Enterprise Communications Gmbh & Co. Kg Method for authenticating key information between terminals of a communication link
US8516259B2 (en) * 2008-09-03 2013-08-20 Alcatel Lucent Verifying authenticity of voice mail participants in telephony networks
JP2010220071A (en) * 2009-03-18 2010-09-30 Nec Corp Information communication control apparatus, network interface apparatus, information communication control method, and information communication control program
WO2013142290A1 (en) * 2012-03-22 2013-09-26 Socialogue, Inc. Internet identity management
DE102016207546A1 (en) * 2016-05-02 2017-11-02 Siemens Aktiengesellschaft Method and integrity test system for feedback-free integrity monitoring

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5768391A (en) * 1995-12-22 1998-06-16 Mci Corporation System and method for ensuring user privacy in network communications
US6055236A (en) * 1998-03-05 2000-04-25 3Com Corporation Method and system for locating network services with distributed network address translation
US6067623A (en) * 1997-11-21 2000-05-23 International Business Machines Corp. System and method for secure web server gateway access using credential transform
US20020007411A1 (en) * 1998-08-10 2002-01-17 Shvat Shaked Automatic network user identification
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US6795917B1 (en) * 1997-12-31 2004-09-21 Ssh Communications Security Ltd Method for packet authentication in the presence of network address translations and protocol conversions
US6834341B1 (en) * 2000-02-22 2004-12-21 Microsoft Corporation Authentication methods and systems for accessing networks, authentication methods and systems for accessing the internet

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH05298174A (en) * 1992-04-21 1993-11-12 Toshiba Corp Remote file access system
WO1997015885A1 (en) * 1995-10-25 1997-05-01 Open Market, Inc. Managing transfers of information in a communications network
JPH10177552A (en) * 1996-12-17 1998-06-30 Fuji Xerox Co Ltd Authentication answer method and authentication answer device using the answer method
FI109254B (en) * 1998-04-29 2002-06-14 Ericsson Telefon Ab L M Method, system and device for verification
US6606663B1 (en) * 1998-09-29 2003-08-12 Openwave Systems Inc. Method and apparatus for caching credentials in proxy servers for wireless user agents
JP2000207362A (en) * 1999-01-19 2000-07-28 Toshiba Corp Network system and its user authenticating method
EP1292094A4 (en) * 2000-05-30 2004-09-08 Bandai Co Image delivering system and method therefor

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5768391A (en) * 1995-12-22 1998-06-16 Mci Corporation System and method for ensuring user privacy in network communications
US6067623A (en) * 1997-11-21 2000-05-23 International Business Machines Corp. System and method for secure web server gateway access using credential transform
US6795917B1 (en) * 1997-12-31 2004-09-21 Ssh Communications Security Ltd Method for packet authentication in the presence of network address translations and protocol conversions
US6055236A (en) * 1998-03-05 2000-04-25 3Com Corporation Method and system for locating network services with distributed network address translation
US20020007411A1 (en) * 1998-08-10 2002-01-17 Shvat Shaked Automatic network user identification
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US6834341B1 (en) * 2000-02-22 2004-12-21 Microsoft Corporation Authentication methods and systems for accessing networks, authentication methods and systems for accessing the internet

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100281398A1 (en) * 2003-05-19 2010-11-04 John Melideo Telephone Calling Interface
US7769145B2 (en) 2003-05-19 2010-08-03 Q Tech Systems, Inc. Telephone calling interface
US20040234049A1 (en) * 2003-05-19 2004-11-25 John Melideo Telephone calling interface
US20060182250A1 (en) * 2003-05-19 2006-08-17 John Melideo Application Independent Call Initiation
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
US9692591B2 (en) * 2003-11-14 2017-06-27 Certicom Corp. Cryptographic method and apparatus
US20160087789A1 (en) * 2003-11-14 2016-03-24 Certicom Corp. Cryptographic Method and Apparatus
US9043876B2 (en) * 2003-11-14 2015-05-26 Certicom Corp. Cryptographic method and apparatus
US20140282873A1 (en) * 2003-11-14 2014-09-18 Certicom Corp. Cryptographic Method and Apparatus
US20120036357A1 (en) * 2003-11-14 2012-02-09 Marinus Struik Cryptographic method and apparatus
US8707036B2 (en) * 2003-11-14 2014-04-22 Certicom Corp. Cryptographic method and apparatus
US20070192404A1 (en) * 2004-03-23 2007-08-16 Koninklijke Philips Electronic, N.V. Anonymous integrity of transmitted data
WO2005094036A1 (en) * 2004-03-23 2005-10-06 Philips Intellectual Property & Standards Gmbh Anonymous integrity of transmitted data
US20050216769A1 (en) * 2004-03-26 2005-09-29 Fujitsu Limited Access source authentication method and system
US20100191657A1 (en) * 2004-11-17 2010-07-29 John Melideo Reverse Billing in Online Search
US7702565B2 (en) 2004-11-17 2010-04-20 Q Tech Systems, Llc Reverse billing in online search
US20060106711A1 (en) * 2004-11-17 2006-05-18 John Melideo Reverse billing in online search
US8050973B2 (en) 2004-11-17 2011-11-01 Q Tech Systems, Llc Reverse billing in online search
US11706624B1 (en) * 2017-05-24 2023-07-18 Jonathan Grier Agile node isolation through using packet level non-repudiation for mobile networks
US11659394B1 (en) * 2017-05-24 2023-05-23 Jonathan Grier Agile node isolation using packet level non-repudiation for mobile networks
US11108774B2 (en) * 2018-05-14 2021-08-31 Capital One Services, Llc Method and system for verifying user identity
US20210392137A1 (en) * 2018-05-14 2021-12-16 Capital One Services, Llc Method and System for Verifying User Identity
US11601430B2 (en) * 2018-05-14 2023-03-07 Capital One Services, Llc Method and system for verifying user identity

Also Published As

Publication number Publication date
CN1422480A (en) 2003-06-04
WO2002021796A1 (en) 2002-03-14
EP1316188B1 (en) 2007-08-08
ES2290167T3 (en) 2008-02-16
US8621033B2 (en) 2013-12-31
ATE369685T1 (en) 2007-08-15
EP1187415A1 (en) 2002-03-13
CN1197324C (en) 2005-04-13
EP1316188A1 (en) 2003-06-04
JP2004514310A (en) 2004-05-13
US20070071001A1 (en) 2007-03-29
JP4709470B2 (en) 2011-06-22
DE50112838D1 (en) 2007-09-20

Similar Documents

Publication Publication Date Title
US8621033B2 (en) Method for identifying internet users
US6996716B1 (en) Dual-tier security architecture for inter-domain environments
FI117181B (en) A method and system for identifying a user's identity
US8515066B2 (en) Method, apparatus and program for establishing encrypted communication channel between apparatuses
US7177932B2 (en) Method, gateway and system for transmitting data between a device in a public network and a device in an internal network
US6792534B2 (en) End-to end protection of media stream encryption keys for voice-over-IP systems
CN100539577C (en) In communication network, utilize the QoS transmission information of having verified
AU2008203138A1 (en) Method and device for anonymous encrypted mobile data and speech communication
US20080137859A1 (en) Public key passing
US20070150726A1 (en) System and method for securely storing and accessing credentials and certificates for secure VoIP endpoints
US8085937B1 (en) System and method for securing calls between endpoints
US9485361B1 (en) Internet SIP registration/proxy service for audio conferencing
US20040133499A1 (en) Method for paying paid offers made on a network
JP2004343440A (en) Communication control method and system thereof
KR20070026285A (en) Electronic signature identification trnasfer method that uses cellular phone channel(sms) in p2p network
CN113114644B (en) SIP architecture-based multi-stage cross-domain symmetric key management system
Palmieri Improving authentication in voice over IP infrastructures
Schmidt et al. Proxy-based security for the session initiation protocol (SIP)
Sher et al. IMS—A Secure Architecture for All IP Networks
Falk et al. Secure Communication Using Electronic Identity Cards for Voice over IP Communication, Home Energy Management, and eMobility
Falk et al. Protecting Voice over IP Communication Using Electronic Identity Cards
Valsgård SIP based IP-telephony network security analysis
Çamtepe Kerberos based security system for session initiation protocol
Protocol draft-hallambaker-omnibroker-02
Hansen D3. 8: Study on protocols with respect to identity and

Legal Events

Date Code Title Description
AS Assignment

Owner name: SIEMENS AKTIENGESELLSCHAFT, GERMANY

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MITREUTER, ULRICH;UNGER, STEFAN;ZYGAN-MAUS, RENATE DR.;REEL/FRAME:013293/0606

Effective date: 20020910

STCB Information on status: application discontinuation

Free format text: EXPRESSLY ABANDONED -- DURING EXAMINATION