Systems and methods for secure communications using organically derived synchronized encryption processes

US 10,263,777 B2
Filed: 09/16/2016
Issued: 04/16/2019
Est. Priority Date: 09/18/2015
Status: Expired due to Fees

First Claim

Patent Images

1. A method for secure communication, the method comprising:

generating, at a first node, a parameter data set containing a plurality of values;

selecting, using a first seed value stored at the first node, one or more of the plurality of values in the parameter data set to form a first parameter subset;

generating, at the first node, using the first parameter subset, a first cipher key;

encrypting, at the first node, user data using a first ciphersuite and the first cipher key resulting in encrypted user data;

generating a first signature based at least on the parameter data set;

transmitting, from the first node to a second node, a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame;

receiving, at the second node, the start frame;

selecting, using a second seed value stored at the second node, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset;

generating, using the second parameter subset, a second cipher key;

decrypting the encrypted user data using a second ciphersuite and the second cipher key; and

verifying the first signature at a first signature location in the start frame;

encrypting, at the first node, further user data using the first ciphersuite and the first cipher key as encrypted further user data;

generating a second signature based at least on the further user data;

transmitting, from the first node to the second node, a data frame including the encrypted further user data and the second signature at a second signature location in the data frame;

receiving, at the second node, the data frame;

decrypting the encrypted further user data using the second ciphersuite and the second cipher key; and

verifying the second signature at the second signature location in the data frame.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Organically Derived Synchronized Processes provide encryption parameter management in a certificate-less system. A first node generates a parameter data set containing multiple values; uses a seed value stored at the first node to select values from a random parameter data set to form a parameter subset; generates encryption parameters using the subset; encrypts user data using the encryption parameters; generates a signature based at least on the parameter data set; and transmits a start frame including the parameter data set, the encrypted user data, and the signature. A second node receives the start frame; uses a seed value stored at the second node to select values from the received parameter data set to form a parameter subset; generates decryption parameters using the subset; decrypts the user data using the decryption parameters; and verifies the received signature. The encryption and decryption parameters are then applied to further payload data.

16 Citations

View as Search Results

18 Claims

1. A method for secure communication, the method comprising:
- generating, at a first node, a parameter data set containing a plurality of values;
  
  selecting, using a first seed value stored at the first node, one or more of the plurality of values in the parameter data set to form a first parameter subset;
  
  generating, at the first node, using the first parameter subset, a first cipher key;
  
  encrypting, at the first node, user data using a first ciphersuite and the first cipher key resulting in encrypted user data;
  
  generating a first signature based at least on the parameter data set;
  
  transmitting, from the first node to a second node, a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame;
  
  receiving, at the second node, the start frame;
  
  selecting, using a second seed value stored at the second node, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset;
  
  generating, using the second parameter subset, a second cipher key;
  
  decrypting the encrypted user data using a second ciphersuite and the second cipher key; and
  
  verifying the first signature at a first signature location in the start frame;
  
  encrypting, at the first node, further user data using the first ciphersuite and the first cipher key as encrypted further user data;
  
  generating a second signature based at least on the further user data;
  
  transmitting, from the first node to the second node, a data frame including the encrypted further user data and the second signature at a second signature location in the data frame;
  
  receiving, at the second node, the data frame;
  
  decrypting the encrypted further user data using the second ciphersuite and the second cipher key; and
  
  verifying the second signature at the second signature location in the data frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the parameter data set includes random values.
  - 3. The method of claim 1, wherein the first seed value equals the second seed value.
  - 4. The method of claim 3, whereinthe first parameter subset equals the second parameter subset;
    - the first ciphersuite equals the second ciphersuite; and
      
      the first cipher key equals the second cipher key.
  - 5. The method of claim 1, further comprising:
    - detecting a failure to verify the signature at the second signature location in the received data frame; and
      
      resynchronizing, in response to detecting the failure, the first seed value at the first node and the second seed value at the second node.
  - 6. The method of claim 1, further comprising:
    - detecting a failure to verify the signature at the first signature location in the received start frame; and
      
      resynchronizing, in response to detecting the failure, the first seed value at the first node and the second seed value at the second node.
  - 7. The method of claim 1, wherein selecting the first parameter subset includes:
    - determining a number of parameters in the first parameter subset; and
      
      selecting the number of parameters from the parameter data set to form the parameter subset.
  - 8. The method of claim 1, wherein generating the first cipher key includes:
    - selecting a cipher key generation function from a cipher key generation function library; and
      
      generating the first cipher key using the selected cipher key generation function.
  - 9. The method of claim 1, further comprising:
    - selecting, at the first node, using the first parameter subset, the first ciphersuite from a first ciphersuite library; and
      
      selecting, at the second node, using the second parameter subset, the second ciphersuite from a second ciphersuite library.
  - 10. The method of claim 9, wherein the first ciphersuite library equals second ciphersuite library.
  - 11. The method of claim 1, further comprising:
    - generating, using the first parameter subset, the first signature location.
  - 12. The method of claim 1, further comprising:
    - generating, at the first node, a next first seed value; and
      
      generating, at the second node, a next second seed value.
  - 13. The method of claim 12, wherein transmission and receipt of the start frame begin a secure communication session, and the method further comprises:
    - terminating the secure communication session;
      
      using the next first seed value as the first seed value at the first node for a next secure communication session; and
      
      using the next second seed value as the second seed value at the second node for the next secure communication session.
  - 14. The method of claim 1, further comprising:
    - initializing, using a server, the first seed value at the first node; and
      
      initializing, using a server, the second seed value at the second node.

15. A system with secure communication, the system comprising:
- a first node storing first seed value and configured togenerate a parameter data set containing a plurality of values;
  
  select, using the first seed value, one or more of the plurality of values in the parameter data set to form a first parameter subset;
  
  generate, using the first parameter subset, a first cipher key;
  
  encrypt user data using a first ciphersuite and the first cipher key;
  
  generate a first signature based at least on the parameter data set;
  
  transmit a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame; and
  
  a second node storing second seed value and configured toreceive the start frame;
  
  select, using the second seed value, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset;
  
  generate, using the second parameter subset, a second cipher key;
  
  decrypt the user data using a second ciphersuite and the second cipher key; and
  
  verify the first signature at the first signature location in the received start frame,wherein the first node is further configured toencrypt further user data using the first ciphersuite and the first cipher key,generate a second signature based at least on the further user data, andtransmit a data frame including the encrypted further user data and the second signature at a second signature location in the data frame, andwherein the second node is further configured toreceive the data frame,decrypt the further user data using the second ciphersuite and the second cipher key, andverify the second signature at the second signature location in the received data frame.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, wherein the parameter data set includes random values.
  - 17. The system of claim 15, wherein the second node is further configured to:
    - detect a failure to verify the signature at the second signature location in the received data frame; and
      
      initiate resynchronizing, in response to detecting the failure, the first seed value and the second seed value.
  - 18. The system of claim 15, further comprising a server configured to:
    - initialize the first seed value at the first node; and
      
      initialize the second seed value at the second node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Autonomous Cyber Systems Incorporated
Original Assignee
Olympus Sky Technologies, S.A.
Inventors
Shields, Jon Barton, Gell, David
Primary Examiner(s)
Zhao, Don G

Application Number

US15/268,362
Publication Number

US 20170085378A1
Time in Patent Office

942 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/123   received data contents, e.g...

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

H04L 9/3247   involving digital signatures

Systems and methods for secure communications using organically derived synchronized encryption processes

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for secure communications using organically derived synchronized encryption processes

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links