Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Trust Chain Recovery Method For Secured Connected Devices Solutions

IP.com Disclosure Number: IPCOM000250350D
Publication Date: 2017-Jul-05
Document File: 5 page(s) / 73K

Publishing Venue

The IP.com Prior Art Database

Related People

Olivier KREET: AUTHOR [+2]

Abstract

Computer networks are facing unprecedented security risks. Dramatically impacting threats are now targeting our critical infrastructures, such as : • massive denial of services in the Internet because of lacking security in the Internet of Things (IoT), • or, the recent ransomware campaign that spreads all over the world. The need of security mechanisms is now inevitable to maintain the system. This target can be performed thanks to a set of now mature security protocols, but it will only succeed if we achieve the required security management of the multiplying seamless endpoints that do not allow any human interaction. This solution addresses this requirement of trust management.

This text was extracted from a Microsoft Word document.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 27% of the total text.

Docket Number

FR82017003

Title

“Trust Chain Recovery Method For Secured Connected Devices Solutions”

Contributors

Olivier KREET, Georges NOGUEIRA

Company

ALE International

Description of the technical solution:

Computer networks are facing unprecedented security risks. Dramatically impacting threats are now targeting our critical infrastructures, such as :

  • massive denial of services in the Internet because of lacking security in the Internet of Things (IoT),
  • or, the recent ransomware campaign that spreads all over the world.

The need of security mechanisms is now inevitable to maintain the system. This target can be performed thanks to a set of now mature security protocols, but it will only succeed if we achieve the required security management of the multiplying seamless endpoints that do not allow any human interaction.

The following solution addresses this requirement of trust management.

Secured communications of IP based protocols are usually performed with the help of TLS transport layer protocol. TLS requires the use of digital certificates to enable (at least) the server authentication from connecting clients, which in turn must have a trust store containing the corresponding server public certificate prior to the client-server connection.

While this became the standard architecture, we will illustrate the solution in the field of IP Telephony which is a core business market for some companies. In VoIP technology, TLS based application protocols are used to secure the signaling link, while media link is usually secured thanks to SRTP protocol. TLS protocol requires the use of digital certificates as developed in the following.

In this description, we will use the following definitions:

Ø  Client is a device connecting to a server with a TLS based protocol; clients must have trust stores containing public certificates thus enabling TLS connection to succeed after a server certificate verification.

Ø  Server is a device that receives connection requests from clients; server must have a digital server certificate for enabling the TLS connection and proving its identity thanks to TLS authentication mechanisms.

Ø  CTL, Certificate Trust List, is a content of public certificates to be imported in clients trust store and that is used by clients to perform servers authentication.

Ø  Secure installation denotes a network of connecting clients and a server that rely on the use of any kind of TLS based protocols where the server is authenticated by clients.

Ø  On the contrary, an unsecure installation denotes a network where no security protocol –TLS– is enabled.

Ø  A locked-in secure installation, is a secure installation where clients have trust store configured to contain a given server public certificate, and by extension will not trust any other unknown server certificate, nor accept trust store modification as explained here below.

In a locked-in secure installation, clients are not supposed to accept any modification of their tru...