Systems and methods for secure communications using organically derived synchronized encryption processes
First Claim
1. A method for secure communication, the method comprising:
- generating, at a first node, a parameter data set containing a plurality of values;
selecting, using a first seed value stored at the first node, one or more of the plurality of values in the parameter data set to form a first parameter subset;
generating, at the first node, using the first parameter subset, a first cipher key;
encrypting, at the first node, user data using a first ciphersuite and the first cipher key resulting in encrypted user data;
generating a first signature based at least on the parameter data set;
transmitting, from the first node to a second node, a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame;
receiving, at the second node, the start frame;
selecting, using a second seed value stored at the second node, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset;
generating, using the second parameter subset, a second cipher key;
decrypting the encrypted user data using a second ciphersuite and the second cipher key; and
verifying the first signature at a first signature location in the start frame;
encrypting, at the first node, further user data using the first ciphersuite and the first cipher key as encrypted further user data;
generating a second signature based at least on the further user data;
transmitting, from the first node to the second node, a data frame including the encrypted further user data and the second signature at a second signature location in the data frame;
receiving, at the second node, the data frame;
decrypting the encrypted further user data using the second ciphersuite and the second cipher key; and
verifying the second signature at the second signature location in the data frame.
3 Assignments
0 Petitions
Accused Products
Abstract
Organically Derived Synchronized Processes provide encryption parameter management in a certificate-less system. A first node generates a parameter data set containing multiple values; uses a seed value stored at the first node to select values from a random parameter data set to form a parameter subset; generates encryption parameters using the subset; encrypts user data using the encryption parameters; generates a signature based at least on the parameter data set; and transmits a start frame including the parameter data set, the encrypted user data, and the signature. A second node receives the start frame; uses a seed value stored at the second node to select values from the received parameter data set to form a parameter subset; generates decryption parameters using the subset; decrypts the user data using the decryption parameters; and verifies the received signature. The encryption and decryption parameters are then applied to further payload data.
16 Citations
18 Claims
-
1. A method for secure communication, the method comprising:
-
generating, at a first node, a parameter data set containing a plurality of values; selecting, using a first seed value stored at the first node, one or more of the plurality of values in the parameter data set to form a first parameter subset; generating, at the first node, using the first parameter subset, a first cipher key; encrypting, at the first node, user data using a first ciphersuite and the first cipher key resulting in encrypted user data; generating a first signature based at least on the parameter data set; transmitting, from the first node to a second node, a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame; receiving, at the second node, the start frame; selecting, using a second seed value stored at the second node, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset; generating, using the second parameter subset, a second cipher key; decrypting the encrypted user data using a second ciphersuite and the second cipher key; and verifying the first signature at a first signature location in the start frame; encrypting, at the first node, further user data using the first ciphersuite and the first cipher key as encrypted further user data; generating a second signature based at least on the further user data; transmitting, from the first node to the second node, a data frame including the encrypted further user data and the second signature at a second signature location in the data frame; receiving, at the second node, the data frame; decrypting the encrypted further user data using the second ciphersuite and the second cipher key; and verifying the second signature at the second signature location in the data frame. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system with secure communication, the system comprising:
-
a first node storing first seed value and configured to generate a parameter data set containing a plurality of values; select, using the first seed value, one or more of the plurality of values in the parameter data set to form a first parameter subset; generate, using the first parameter subset, a first cipher key; encrypt user data using a first ciphersuite and the first cipher key; generate a first signature based at least on the parameter data set; transmit a start frame including the parameter data set, the encrypted user data, and the first signature at a first signature location in the start frame; and a second node storing second seed value and configured to receive the start frame; select, using the second seed value, one or more of the plurality of values in the parameter data set in the received start frame to form a second parameter subset; generate, using the second parameter subset, a second cipher key; decrypt the user data using a second ciphersuite and the second cipher key; and verify the first signature at the first signature location in the received start frame, wherein the first node is further configured to encrypt further user data using the first ciphersuite and the first cipher key, generate a second signature based at least on the further user data, and transmit a data frame including the encrypted further user data and the second signature at a second signature location in the data frame, and wherein the second node is further configured to receive the data frame, decrypt the further user data using the second ciphersuite and the second cipher key, and verify the second signature at the second signature location in the received data frame. - View Dependent Claims (16, 17, 18)
-
Specification