| 摘要 |
A highly scalable key management architecture for secure client-server syste ms used in IP telephony network, wherein cryptographic state needs to be saved only by the clients. This architecture takes advantage of existing key management protocols, Kerberos with the PKINIT (public key) extension, to provide an IP telephony system having a high degree of scalability. In the case of lost security associations, the architecture provides for lightweigh t rekeying operations that allow clients to quickly re-establish the lost association or switch to a different server. The key management architecture includes a method for establishing a secure channel between an IP telephony endpoint and Server in an IP telephony network. The endpoint is coupled to a user and the Server is coupled to the IP telephony network. The method comprises steps of transmitting from the endpoint to a key distribution cent er a request for a security ticket, receiving the security ticket from the key distribution center, transmitting from the endpoint to the Server a request for a sub-key, receiving the sub-key from the Server, and establishing a secure channel between the endpoint and the Server using the sub-key.</SDOAB >
|
