Abstract: In one embodiment, an apparatus associated with securing a Resource Reservation Protocol (RSVP) with dynamic group keying is provided. The apparatus may include a group key logic that interacts with a dynamic group key management logic. The dynamic group key management logic provides a group key to members of a set of RSVP-capable devices. The apparatus also includes an RSVP authentication logic to determine whether a received RSVP message was provided by a member of the set of RSVP-capable devices. The determination is made using implicit authorization that depends on the group key and that does not depend on a challenge/response protocol. In one embodiment the apparatus is a router.

Abstract: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.

Abstract: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.