FR2962283A1 - Method for controlling multimedia communication between e.g. secured and non-secured communication terminals in e.g. Internet, involves transmitting message to secured communication terminal, where message contains security parameter - Google Patents

Abstract

The method involves transmitting a message i.e. session description protocol message, from a non-secured communication terminal (TCns) to a secured communication terminal (TCs), where the message contains information indicating that a communication between the non-secured communication terminal and a communication server (SC) is not secured. The message is transmitted to the secured communication terminal, where the message contains a security parameter indicating that the communication between the secured and non-secured communication terminals is not secured. Independent claims are also included for the following: (1) a server for controlling communication between a secured communication terminal and a non-secured communication terminal in a telecommunication network (2) a computer program implemented in a server for controlling communication between a secured communication terminal and a non-secured communication terminal in a telecommunication network.

Description

SECURE COMMUNICATION CONTROL

The present invention relates to a control of a communication between at least two terminals in a telecommunications network to check whether the communication is secure with respect to each of the terminals.

Currently, a Session Initiation Protocol (SIP) type terminal can determine whether a current multimedia communication established with another entity directly linked to the terminal is secure between the terminal and the other entity, and can inform terminal user for example by means of a light signal. The multimedia communication may consist of an exchange of data such as video, audio or instant message streams whose establishment is carried out via the SIP protocol. The media stream received by the terminal may result from one or more media streams of which at least one is not secure. For example, the media stream received by the terminal results from a server's conversion of another unsecured media stream, or the addition of at least one other unsecured media stream to a conference managed by a waiter. In this case, although the media stream received by the terminal is secure between the terminal and a server that is directly linked to the terminal and from which the media stream originates, the terminal may indicate to the user a secure state of the device. communication that is wrong since the whole communication is not secure. Thus, the user will mistakenly believe that the current communication is secure while at least part of the communication is not secure, which makes the whole communication insecure.

An object of the invention is to overcome the above disadvantages by verifying whether a communication established between at least two terminals via at least one server in a telecommunications network is secured end-to-end. To achieve this objective, a method according to the invention for controlling a communication between at least one secure terminal and a non-secure terminal via at least one server through a telecommunications network, the secure terminal being able to transmit and receive encrypted media streams and the unsecured terminal not being able to transmit and receive encrypted media streams, including in the server: following receipt of a message transmitted from the unsecured terminal, the message containing information indicating that the communication between the unsecured terminal and the server is not secure, a transmission of a message to the secure terminal, the message containing a security parameter indicating that the communication between the secure terminal and the terminal unsecured is not secure. Advantageously, the user of the secure terminal is informed of the secure or non-secure state of the entire communication in which he participates, and not only of a part of the communication corresponding to exchanges between the secure terminal and the server. Thus, when an unsecured terminal joins a communication in which a secure terminal participates, the user of the secure terminal is informed that the communication is no longer secure, ie at least one Media stream received by the server from an unsecure terminal is not encrypted. According to other features of the invention, the encryption parameter contained in the message transmitted to the secure terminal can be associated with a media type, indicating that the media stream corresponding to the media type is not encrypted, can be further associated with an encryption type that defines characteristics of an encryption algorithm to be used for encrypting and decrypting a media stream, and may further be associated with an indication on the unsecured terminal for which communication with the server is not secure.

According to other features of the invention, the media streams exchanged during the communication may be in accordance with the SIP protocol, and the message transmitted to the secure terminal may be one of the "INVITE", "REINVITE" type messages. , "200 OK", and "UPDATE" conform to the SIP protocol. According to another characteristic of the invention, the encryption parameter contained in the message transmitted to the secure terminal can be included in a header in said message. According to another characteristic of the invention, the encryption parameter contained in the message transmitted to the secure terminal may be included in a sub-message which is encapsulated in said message and which includes data usable by the transport layer.

The invention also relates to a server for controlling communication between at least one secure terminal and a non-secure terminal via at least one server via a telecommunications network, the secure terminal being able to transmit and receive media streams. encrypted and the unsecured terminal not being able to transmit and receive encrypted media streams, comprising: means for transmitting a message to the secure terminal, the message containing a security parameter indicating that the communication between the secure terminal and the unsecured terminal is not secure, following receipt of a message transmitted from the unsecured terminal, the message containing information indicating that the communication between the unsecure terminal and the server is not secure. According to other features of the invention, the server may host a multimedia conference between at least the secure terminal, the unsecured terminal and another terminal, or the server may be a media server converting the media stream format exchanged between the secure terminal and the unsecured terminal.

The invention also relates to a computer program adapted to be implemented in a server, said program comprising instructions which, when the program is executed in said server, perform the steps according to the method of the invention.

The present invention and the advantages it affords will be better understood in view of the following description given with reference to the appended figures, in which: FIG. 1 is a schematic block diagram of a communication system for checking whether a communication established between at least two terminals in a telecommunications network is secured according to an embodiment of the invention, - Figure 2 is an algorithm of a method for checking whether a communication established between at least two terminals in a telecommunications network is secured according to an embodiment of the invention.

With reference to FIG. 1, a communication system according to the invention comprises a telecommunications network RT, at least two communication terminals TC able to communicate with each other via at least one communication server SC. The telecommunications network RT may be a wired or wireless network, or a combination of wired and wireless networks. In one example, the telecommunications network RT is a network of high-speed packets of the IP ("Internet Protocol") type, such as the Internet or an intranet. Generally speaking, "communication" is understood to mean a bipartite communication, that is to say a dialogue between two communication terminals, or a conference in which at least three communication terminals participate, a communication terminal that can join a communication terminal. already existing communication between n participating communication terminals with n 2. The communication is established between at least two terminals via at least one communication server SC. Communication is a multimedia communication in which data such as video, audio or instant message streams are exchanged using the SIP protocol. Communication between a terminal and a server may be bidirectional or unidirectional, for example when the terminal user is only listening. The term "secure communication" is also understood to mean a communication that is encrypted end-to-end. For example, during a communication between a terminal and a server, the terminal is able to encrypt multimedia streams to be transmitted to the server that is able to decrypt the multimedia streams received, and vice versa. Furthermore, only a part of the multimedia streams can be encrypted, such as the video stream, and another part of the multimedia streams may not be encrypted, such as the audio stream, in which case the communication is not considered secure. .

As examples, a communication terminal TC is a fixed or mobile telephone, an electronic device or object of telecommunications which is personal to the user and which can be a personal digital assistant PDA ("Personal Digital Assistant" in English). ), or a smart phone (SmartPhone), which can be connected to a base station of a WLAN type wireless local area network (in English) or complies with one of the standards 802.1x, or medium range according to the WIMAX protocol ("World Wide Interoperability Microwave Access"). The communication server SC delivers multimedia streams to at least one terminal and / or receives multimedia streams from at least one terminal. As examples, a communication server can serve as a bridge for a multimedia conference between several terminals, or can serve as a media server converting the format of multimedia streams exchanged between at least two terminals.

Moreover, several communication servers SC can be involved in a communication between several terminals. In one example, two communication servers can communicate with each other and each serve as a bridge for a multimedia conference between several terminals. In another example, a communication server can serve as a bridge for a multimedia conference between several terminals, and another communication server acting as an intermediary between the conference bridge and one of the terminals can convert an audio stream into a stream. text to the terminal, or change a compression ratio of the audio stream to the terminal. For the sake of clarity, FIG. 1 shows a so-called "secure" TCs communication terminal, a "nonsecure" TCns communication terminal, and a communication terminal TC indifferently designating a secure terminal TCs or an insecure terminal TCns, capable of being in communication via an SC communication server. The secure communication terminal TCs implements a function for encrypting multimedia streams to be transmitted and for decrypting multimedia streams received and is therefore able to transmit and receive secure multimedia streams, whereas the unsecured communication terminal TCns does not implement encryption function of multimedia streams and is not able to transmit and receive secure multimedia streams.

In a variant, it is considered that an unsecured communication terminal TCns can be likened to a server that does not implement the invention. In one example, the unsecured communication terminal TCns is considered to be an insecure server among several communication servers communicating with each other and each serving as a bridge for a multimedia conference between several terminals. In another example, the unsecured communication terminal TCns is considered to be an insecure server serving as an intermediary between a multimedia conference bridge between several terminals and one of the terminals participating in the conference, for example to convert multimedia streams. Thus, it is considered that an unsecured communication terminal TCns, here assimilated to an insecure server, can implement a multimedia stream encryption function and be able to transmit and receive secure multimedia streams, but can not guarantee that all communications with the terminal are secure. In other words, the unsecured communication terminal TCns can encrypt a media stream but can not guarantee that other received streams used to produce the media stream are secure.

The communication server SC comprises a communication module COM and a management module GES.

In the remainder of the description, the term module may denote a device, a software or a combination of computer hardware and software, configured to perform at least one particular task. The communication module COM has the function of establishing a communication with entities of the telecommunication network, for example with another server or a terminal and of transmitting messages to these entities. The function of the GES management module is to determine the encrypted state of the multimedia streams relating to each of the communications established with terminals or servers.

As indicated above, in a non-limiting embodiment, the communication is a multimedia communication established by means of the SIP (session establishment protocol) communication protocol which is used at the session layer for the establishment of the multimedia communications. while the communication protocol RTP ("Real-time Transport Protocol" in English) and RTCP ("Real-time Transport Control Protocol" in English) is used at the level of the transport layer for the transport of the multimedia streams themselves. It should be noted that the SIP protocol is intended for non-limiting applications such as voice over IP, video telephony (VoIP over IP video), or instant messaging ("chat" in English). The SIP protocol is defined by the Internet Engineering Task Force (IETF) standardization group, in particular in the documents RFC3261 and RFC3265. It should be noted that besides the establishment of multimedia calls, the SIP protocol is responsible for the authentication and location of client agents and is based on an exchange of requests (also called messages). The SIP protocol does not carry data exchanged during the session such as voice or video. Since it is independent of data transmission, any type of protocol can be used for this exchange, such as the RTP / RTCP protocol. However, the SIP protocol encapsulates in its own requests SDP ("Session Description Protocol") messages containing data usable by the transport layer.

With reference to FIG. 2, a communication control method according to one embodiment of the invention comprises steps E1 and E2 executed automatically in the communication system. The method is hereinafter described in accordance with the SIP protocol as an example. It is considered that an unsecured communication terminal TCns joins a call being established or already established, in which at least one other secure communication terminal TCs participates via at least one communication server. SC communication. According to one example, the communication is a conference which is hosted by a communication server SC and in which at least two secure communication terminals TCs already participate. According to another example, the communication is being established between the unsecured terminal and a secure terminal via an SC communication server, the communication being able to be initiated by the unsecured terminal or the secure terminal. .

In step E1, the unsecured communication terminal TCns transmits a message MesT to the communication server SC to establish a communication with the secure communication terminal TCs.

The message MesT contains information indicating that the communication between the unsecured terminal TCns and the SC server is not secure. According to one embodiment, the message MesT comprises a field filled with an encryption parameter Pc which is in a state "0" if the terminal transmitting the message implements a function of encryption of multimedia streams, and which is in a state "1" if the terminal transmitting the message does not implement a multimedia stream encryption function. As a variant, the message MesT comprises a field filled with an encryption parameter Pc which has a particular value, such as "false" if the terminal transmitting the message implements a multimedia stream encryption function, and "true" if the transmitting terminal the message does not implement a multimedia stream encryption function. The field is, for example, a field "a" of the following form, when the terminal transmitting the message is an unsecured terminal TCns: a = secured-communication: false In this case, the message MesT contains an encryption parameter Pc which is information indicating that the communication between the unsecured terminal TCns and the SC server is not secure. In another embodiment, the MesT message does not include a field filled with an encryption parameter Pc or any parameter indicating that the unsecured terminal implements a multimedia stream encryption function. In this case, the message MesT implicitly contains information indicating that the communication between the unsecured terminal TCns and the SC server is not secure, this information being deduced from the absence of indication on the implementation of a function. encryption of multimedia streams by the unsecured terminal. According to yet another embodiment, the unsecured communication terminal TCns is treated as an insecure server, which does not implement the invention. The unsecured communication terminal TCns can implement a multimedia stream encryption function, being able to transmit and receive secure multimedia streams, but can not guarantee that all communications with the unsecured terminal TCns are secure. In this case, the MesT message may contain a field indicating that the communication between the unsecured terminal TCns and the SC server is encrypted, for example by means of an encryption parameter Pc, but does not contain a parameter, such as the security parameter Ps defined below in step E2, ensuring that the communication between the unsecure terminal TCns and the SC server is secure. Thus, the MesT message implicitly contains information indicating that the communication between the unsecured terminal TCns and the SC server is not secure, this information being deduced from the absence of the security parameter Ps.

In the present case, the unsecured communication terminal TCns transmits a message MesT comprising an encryption parameter Pc, which is in a state "0" or which has a value "false", indicating that the communication between the non-communication terminal secure TCns and SC communication server is not secure, that is to say is not encrypted. Optionally, the parameter Pc is associated with a type of media, for example audio, video or text media, indicating which media stream is not secure. Optionally, the parameter Pc is associated with an encryption type that defines characteristics of an encryption algorithm to be used to encrypt and decrypt a media stream. By way of example, the parameter Pc, optionally the type of media and the type of encryption associated with the parameter Pc constitute a sub-message which is encapsulated in the message MesT, for example an SDP message encapsulated in the SIP message.

In step E2, the management module GES of the communication server SC 30 analyzes the message MesT received and in particular the encryption parameter Pc. The management module GES generates a message MesS comprising a field filled with a security parameter Ps which is in a state "0" if at least one terminal having transmitted the message MesT is an unsecured terminal TCns, and which is in a state "1" if all the terminals having transmitted a message MesT are secure terminals TCs. In general, the security parameter Ps contained in the message MesT intended to be transmitted to a communication terminal indicates that at least one communication between the communication server and another entity of the telecommunication network, such as another server. communication or an unsecured communication terminal, is not secured, that is to say is not encrypted or whose security is not guaranteed. The information indicating that the communication is not secure is thus relayed to all the entities participating in the communication. According to a first example, communication is being established between the unsecured terminal TCns and a secure terminal TCs via the communication server SC. The communication module COM of the server SC transmits the message MesS including the security parameter Ps to the secure terminal 15 TCs. If the communication is initiated by the unsecured terminal TCns, the MesS message is for example of the INVITE type with the parameter Ps constituting an SDP sub-message encapsulated in the INVITE message. If the communication is initiated by the secure terminal TCs, the message MesS is for example of type 200 0K with the parameter Ps constituting an SDP sub-message encapsulated in the message 200 0K. Initially, the messages transmitted from the secure terminal TCs to the server SC and from the server SC to the unsecured terminal TCns are of the INVITE type to require the establishment of the communication. According to a second example, the communication is a conference which is hosted by the communication server SC and in which two secure communication terminals TCs already participate. The communication server SC transmits the MesS message including the encryption parameter Ps to the two secure communication terminals TCs. The MesS message is, for example, of the RE-INVITE type with the parameter Ps constituting an SDP sub-message encapsulated in the RE-INVITE message, or the MesS message is for example of the UPDATE type with the parameter Ps constituting a header. the UPDATE message.

As indicated above, the parameter Ps may optionally also be associated with a type of media, for example audio, video or text media, indicating which media stream is not secure, and optionally associated with a type of encryption that defines features of an encryption algorithm to use to encrypt and decrypt a media stream. The field is for example a field "a" of the following form, when a media stream received by the communication server during a communication with an unsecure terminal comprises a secure audio stream and an unsecured video stream: a = secured-communication: audio = true; video = false Optionally, the parameter Ps is also associated with an indication on the unsecured terminal for which communication with the communication server is not secure. Thus, when three secure terminals are in conference via the communication server and a non-secure terminal joins the conference, the communication server indicates to secure terminals that the conference is no longer secure, including that the communication between the server and the terminal that joined the conference is not secure. In one embodiment, the field containing the parameter Ps in the message MesS is a generated field and added to the content of the message MesS. The parameter Ps can furthermore be deduced from the parameter Pc if the latter is present in the message MesT received by the communication server SC. As a variant, the message MesS already contains a field containing a parameter for indicating whether the communication is secure between the communication server SC and the secure communication terminal TCns for which the message MesS is intended. For example, during a conference between several secure terminals, messages transmitted by the communication server to each secure terminal contain a parameter indicating that the communication is secure between the communication server SC and the secure communication terminal, and when an unsecured terminal joins the conference, the communication server transmits to each secure terminal a message containing the parameter having a modified value and indicating that the conference is no longer secure.

Thus, the steps of the method have been described in a non-limiting embodiment using the SIP protocol, but of course, other protocols can be used such as in a non-limiting example the ISDN ISDN network protocol, (ISDN "Integrated Services Digital Network"). In this case, in a nonlimiting example, the INVITE message described above can be replaced by a SETUP message, the UPDATE message can be replaced by a FACILITY message, and the 200 0K message associated with an INVITE message can be replaced by a message. CONNECT.

The invention described herein relates to a method and a server for controlling secure communication between at least two terminals via a server. According to an implementation of the invention, the steps of the method of the invention are determined by the instructions of a computer program incorporated in a server, such as the communication server SC. The program includes program instructions, which when said program is loaded and executed in the device, perform the steps of the method of the invention. Accordingly, the invention also applies to a computer program, including a computer program on or in an information carrier, adapted to implement the invention. This program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code such as in a partially compiled form, or in any other desirable form to implement the method according to the invention.

Claims (5)

REVENDICATIONS1. Method for controlling communication between at least one secure terminal (TCs) and a non-secure terminal (TCns) via at least one server (SC) through a telecommunications network (RT), the secure terminal (TCs) ) being able to transmit and receive encrypted media streams and the unsecured terminal (TCs) not being able to transmit and receive encrypted media streams, comprising in the server (SC): following a reception (El) of a message (MesT) transmitted from the unsecured terminal (TCns), the message (MesT) containing information indicating that the communication between the unsecured terminal (TCns) and the server (SC) is not secure, a transmission (E2) of a message (MesS) to the secure terminal (TCs), the message (MesS) containing a security parameter (Ps) indicating that the communication between the secure terminal (TCs) and the unsecured terminal (TCns) is not secure. The method according to claim 1, wherein the security parameter (Ps) contained in the message (MesS) transmitted to the secure terminal (TCs) is associated with a media type, indicating that the media stream corresponding to the type of media is not encrypted. The method according to claim 1 or 2, wherein the security parameter (Ps) contained in the message (MesS) transmitted to the secure terminal (TCs) is associated with an encryption type which defines characteristics of a security algorithm. encryption to use to encrypt and decrypt a media stream. The method according to claim 1, wherein the security parameter (Ps) contained in the message (MesS) transmitted to the secure terminal (TCs) is associated with an indication on the unsecured terminal (TCns) for which the communication with the server (SC) is not secure. 5. Method according to one of claims 1 to 4, wherein the media streams exchanged during the communication are in accordance with the SIP protocol.A method according to one of claims 1 to 5, wherein the message (MesS) transmitted to the secure terminal (TCs) is one of the "INVITE", "RE-INVITE", "200 OK", and "UPDATE" messages conforming to the SIP protocol 7. The method according to claim 6, wherein the security parameter (Ps) contained in the message (MesS) transmitted to the secure terminal (TCs) is included in a header in said message (MesS) 0. The method according to claim 6, wherein the parameter of The security (Ps) contained in the message (MesS) transmitted to the secure terminal (TCs) is included in a sub-message which is encapsulated in said message (MesS) and which includes data usable by the transport layer. control a communication between at least one secure terminal (TCs) and an unsecured terminal (TCns) via at least the server (SC) through a telecommunications network (RT), the secure terminal (TCs) being able to transmit and receive encrypted media streams and the unsecured terminal (TCs) not being able to transmit and receive encrypted media streams, comprising: means (COM) for transmitting a message (MesS) to the secure terminal (Tes), the message (MesS) containing a security parameter (Ps) indicating that the communication between the secure terminal (TCs) and the unsecured terminal (TCns) is not secure, following a reception of a message (MesT) transmitted from the unsecured terminal (TCns), the message (MesT) containing information indicating that the communication between the unsecured terminal (TCns) and the server (SC) is not secure. 10. Computer program adapted to be implemented in a server (SC) 30 for controlling a communication between at least one secure terminal (TCs) and an unsecured terminal (TCns) via at least one server (SC) through a telecommunications network (RT), the secure terminal (TCs) being able to transmit and receive encrypted media streams and the unsecured terminal (TCs) not being able to transmit and receive data streams. encrypted media, saidprogram comprising instructions which, when the program is loaded and executed in said server, perform the following steps: following a reception (El) of a message (MesT) transmitted from the unsecured terminal (TCns), the message (MesT) containing information indicating that the communication between the unsecured terminal (TCns) and the server (SC) is not secure, a transmission (E2) of a message (MesS) to the secure terminal (TCs), the message (MesS) co having a security parameter (Ps) indicating that the communication between the secure terminal (TCs) and the unsecured terminal (TCns) is not secure.