Method for implementing encrypted client-server communication
First Claim
1. A method for implementing an encrypted client-server communication between a server and a transportation vehicle client, wherein the server comprises an entry point, a plurality of service systems disposed behind the server entry point, and a secure encryption key generation and management system, the method comprising:
- incorporating common cryptographic material into the transportation vehicle client and into the secure encryption key generation and management system;
deriving key material from the common cryptographic material in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point;
deriving key material from the common cryptographic material in the secure encryption key generation and management system for an encrypted communication between the transportation vehicle client and the service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point; and
transferring the specific key material into the associated service system of the plurality of service systems disposed behind the server entry point or retaining the specific key material in the secure encryption key generation and management system, to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client,wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client,wherein control systems of the transportation vehicle client are provided behind the further entry point,wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system,wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, andwherein the further entry point is an online control unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for implementing an encrypted client-server communication, wherein the server includes an entry point, service systems behind the entry point, and a secure system. The method includes incorporating common cryptographic material into the client and into the secure system, deriving key material from the common cryptographic material in the client for an encrypted communication between the client and a service system, deriving key material from the common cryptographic material in the secure system for an encrypted communication between the client and a service system, and transferring the key material into the service system or retaining the key material in the secure system.
24 Citations
13 Claims
-
1. A method for implementing an encrypted client-server communication between a server and a transportation vehicle client, wherein the server comprises an entry point, a plurality of service systems disposed behind the server entry point, and a secure encryption key generation and management system, the method comprising:
-
incorporating common cryptographic material into the transportation vehicle client and into the secure encryption key generation and management system; deriving key material from the common cryptographic material in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point; deriving key material from the common cryptographic material in the secure encryption key generation and management system for an encrypted communication between the transportation vehicle client and the service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point; and transferring the specific key material into the associated service system of the plurality of service systems disposed behind the server entry point or retaining the specific key material in the secure encryption key generation and management system, to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client, wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client, wherein control systems of the transportation vehicle client are provided behind the further entry point, wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system, wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, and wherein the further entry point is an online control unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A client-server system comprising:
-
a server that includes an entry point, a plurality of service systems disposed behind the entry point of the server, and a secure encryption key generation and management system; and a transportation vehicle client, wherein common cryptographic material is provided in the transportation vehicle client and in the secure encryption key generation and management system, wherein key material derived from the common cryptographic material is provided in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point, wherein the specific key material derived from the common cryptographic material is transferred into the associated service systems of the plurality of service systems disposed behind the server entry point by an encrypted communication between the transportation vehicle client and the respective service system of the plurality of service systems disposed behind the server entry point to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client, wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client, wherein control systems of the transportation vehicle client are provided behind the further entry point, wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system, wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, and wherein the further entry point is an online control unit. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification