Method and apparatus for providing an adaptable security level in an electronic communication

US 10,341,356 B2
Filed: 11/13/2017
Issued: 07/02/2019
Est. Priority Date: 07/07/2003
Status: Active Grant

First Claim

Patent Images

1. A method for providing security in an electronic communication system, comprising:

preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;

for each individual frame;

determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;

based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and

encrypting the data according to the security level for the frame; and

transmitting the plurality of frames to a recipient device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

109 Citations

18 Claims

1. A method for providing security in an electronic communication system, comprising:
- preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
  
  for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
  
  based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
  
  encrypting the data according to the security level for the frame; and
  
  transmitting the plurality of frames to a recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising receiving a frame, wherein the frame indicates a version of a key to be used in an encryption system.
  - 3. The method of claim 1, wherein the communication device provides the plurality of frames for transmission to a plurality of recipients, and determining the security level includes determining a minimum security level to satisfy the plurality of recipients, wherein the security control bits are based on the minimum security level.
  - 4. The method of claim 1, wherein the security level is determined based on predetermined minimum requirements.
  - 5. The method of claim 4, wherein the predetermined minimum requirements are determined among the communication device and at least one recipient device based on an agreed-upon rule.
  - 6. The method of claim 1, wherein the security level is determined based upon content of the individual frame.
  - 7. The method of claim 1, wherein the security control bits include an indication of a cryptographic algorithm parameter.
  - 8. The method of claim 1, further comprising:
    - signing the header and data for each individual frame according to the security level for the frame.
  - 9. The method of claim 1, wherein a number of integrity levels is four, and the four integrity levels correspond to key lengths of 0, 32, 64, and 128 bits.
  - 10. The method of claim 1, wherein one of the integrity levels uses a key length of 128 bits.
  - 11. The method of claim 1, wherein one of the integrity levels indicates no integrity security.

12. A communication device, comprising:
- at least one hardware processor; and
  
  a non-transitory computer-readable storage medium coupled to the at least one hardware processor and storing programming instructions for execution by the at least one hardware processor, wherein the programming instructions, when executed, cause the communication device to perform operations comprising;
  
  preparing, by the communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
  
  for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
  
  based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
  
  encrypting the data according to the security level for the frame; and
  
  transmitting the plurality of frames to a recipient device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The communication device of claim 12, the operations further comprising receiving a frame, wherein the frame indicates a version of a key to be used in an encryption system.
  - 14. The communication device of claim 12, wherein the communication device provides the plurality of frames for transmission to a plurality of recipients, and determining the security level includes determining a minimum security level to satisfy the plurality of recipients, wherein the security control bits are based on the minimum security level.
  - 15. The communication device of claim 12, wherein the security level is determined based on predetermined minimum requirements.
  - 16. The communication device of claim 15, wherein the predetermined minimum requirements are determined among the communication device and at least one recipient device based on an agreed-upon rule.
  - 17. The communication device of claim 12, wherein the security level is determined based upon content of the individual frame.

18. A non-transitory computer-readable medium storing instructions which, when executed, cause a communication device to perform operations comprising:
- preparing, by the communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
  
  for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
  
  based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
  
  encrypting the data according to the security level for the frame; and
  
  transmitting the plurality of frames to a recipient device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus
Primary Examiner(s)
Schmidt, Kari L

Application Number

US15/811,194
Publication Number

US 20180069870A1
Time in Patent Office

596 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/123   received data contents, e.g...

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04L 9/00   Cryptographic mechanisms or...

H04L 9/088   Usage controlling of secret...

H04W 12/02   Protecting privacy or anony...

H04W 12/67   Risk-dependent, e.g. select...

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

109 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others