Method for implementing encrypted client-server communication

US 10,511,439 B2
Filed: 12/16/2016
Issued: 12/17/2019
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method for implementing an encrypted client-server communication between a server and a transportation vehicle client, wherein the server comprises an entry point, a plurality of service systems disposed behind the server entry point, and a secure encryption key generation and management system, the method comprising:

incorporating common cryptographic material into the transportation vehicle client and into the secure encryption key generation and management system;

deriving key material from the common cryptographic material in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point;

deriving key material from the common cryptographic material in the secure encryption key generation and management system for an encrypted communication between the transportation vehicle client and the service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point; and

transferring the specific key material into the associated service system of the plurality of service systems disposed behind the server entry point or retaining the specific key material in the secure encryption key generation and management system, to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client,wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client,wherein control systems of the transportation vehicle client are provided behind the further entry point,wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system,wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, andwherein the further entry point is an online control unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for implementing an encrypted client-server communication, wherein the server includes an entry point, service systems behind the entry point, and a secure system. The method includes incorporating common cryptographic material into the client and into the secure system, deriving key material from the common cryptographic material in the client for an encrypted communication between the client and a service system, deriving key material from the common cryptographic material in the secure system for an encrypted communication between the client and a service system, and transferring the key material into the service system or retaining the key material in the secure system.

24 Citations

13 Claims

1. A method for implementing an encrypted client-server communication between a server and a transportation vehicle client, wherein the server comprises an entry point, a plurality of service systems disposed behind the server entry point, and a secure encryption key generation and management system, the method comprising:
- incorporating common cryptographic material into the transportation vehicle client and into the secure encryption key generation and management system;
  
  deriving key material from the common cryptographic material in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point;
  
  deriving key material from the common cryptographic material in the secure encryption key generation and management system for an encrypted communication between the transportation vehicle client and the service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point; and
  
  transferring the specific key material into the associated service system of the plurality of service systems disposed behind the server entry point or retaining the specific key material in the secure encryption key generation and management system, to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client,wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client,wherein control systems of the transportation vehicle client are provided behind the further entry point,wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system,wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, andwherein the further entry point is an online control unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the common cryptographic material is a symmetric key or an asymmetric key pair.
  - 3. The method of claim 1, transportation vehicle wherein the key material is applied in the transportation vehicle client and in the service system of the plurality of service systems disposed behind the server entry point or the secure encryption key generation and management system to data that are to be transmitted.
  - 4. The method of claim 1, wherein the transportation vehicle client and the server entry point reciprocally authenticate one another via asymmetric keys.
  - 5. The method of claim 1, wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client and the following operations are carried out for the control systems of the transportation vehicle client by the service systems provided behind the further entry point:
    - incorporating common cryptographic material into the control systems of the transportation vehicle client and into the secure encryption key generation and management system;
      
      deriving key material from the common cryptographic material in the control systems of the transportation vehicle client for an encrypted communication between one of the control systems of the transportation vehicle client and a corresponding service system of the plurality of service systems disposed behind the server entry point.
  - 6. The method of claim 1, wherein the specific key material is independent from the key material associated with the entry point to preserve integrity of the key material of the entry point.
  - 7. The method of claim 1, wherein the service includes one of a vehicle navigation service, a vehicle tracking service, a service to open a vehicle door, a service to start, a service to turn on or activate the vehicle, a service to open a household door, and a service to start a household device.

8. A client-server system comprising:
- a server that includes an entry point, a plurality of service systems disposed behind the entry point of the server, and a secure encryption key generation and management system; and
  
  a transportation vehicle client,wherein common cryptographic material is provided in the transportation vehicle client and in the secure encryption key generation and management system,wherein key material derived from the common cryptographic material is provided in the transportation vehicle client for an encrypted communication between the transportation vehicle client and a service system of the plurality of service systems disposed behind the server entry point, wherein the key material associated with the service system is specific to the service system and independent from key material associated with the entry point,wherein the specific key material derived from the common cryptographic material is transferred into the associated service systems of the plurality of service systems disposed behind the server entry point by an encrypted communication between the transportation vehicle client and the respective service system of the plurality of service systems disposed behind the server entry point to provide encrypted client-server communication between the associated service system of the plurality of service systems disposed behind the server entry point and control systems of the transportation vehicle client,wherein a further entry point for the transportation vehicle client is provided in the transportation vehicle client,wherein control systems of the transportation vehicle client are provided behind the further entry point,wherein common cryptographic material is provided in the control systems of the transportation vehicle client and in the secure encryption key generation and management system,wherein key material derived from the common cryptographic material is provided in the control systems of the transportation vehicle client for an encrypted communication between the respective control system and the corresponding service system of the plurality of service systems disposed behind the server entry point, andwherein the further entry point is an online control unit.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The client-server system of claim 8, wherein the common cryptographic material is a symmetric key or an asymmetric encryption.
  - 10. The client-server system of claim 8, wherein the server is a backend of a manufacturer of the transportation vehicle and/or of a service provider.
  - 11. The client-server system of claim 8, wherein the control systems of the transportation vehicle client are control units within the transportation vehicle.
  - 12. The client-server system of claim 8, wherein the specific key material is independent from the key material associated with the entry point to preserve integrity of the key material of the entry point.
  - 13. The client-server system of claim 8, wherein the service includes one of a vehicle navigation service, a vehicle tracking service, a to open a vehicle door, a service to start, a service to turn on or activate the vehicle, a service to open a household door, and a service to start a household device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Volkswagen AG
Original Assignee
Volkswagen AG
Inventors
Tschache, Alexander, Winkelvos, Timo
Primary Examiner(s)
Khan, Sher A

Application Number

US15/381,848
Publication Number

US 20170180126A1
Time in Patent Office

1,096 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 2209/84   Vehicles

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 9/006   involving public key infras...

H04L 9/0819   Key transport or distributi...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

Method for implementing encrypted client-server communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for implementing encrypted client-server communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links