Secure dynamic link allocation system for mobile data communication

US 20020032853A1
Filed: 04/17/2001
Published: 03/14/2002
Est. Priority Date: 04/17/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method for layered secure communications involving at least one mobile unit, the mobile unit hosting at least one application program and the application program sending a message having associated with it a source application, a destination application and a message type, the method comprising the steps of:

establishing a base privilege control table comprising a series of entries, each entry in the table indicating a permitted class of messages corresponding to a predetermined combination of a selected sending application, a selected destination application and a selected message type;

providing a series of content labels;

associating each of the content labels to at least one entry in the privilege control table;

examining the message to determine the type of the message without reading the payload of the message;

determining whether the message is permitted or not by reference to the privilege control table; and

if the message is permitted by the privilege control table, adding the associated content label to the message and approving the message for transmission to the destination application.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are disclosed for layered, secure data communications with a mobile unit over a variety of different communication links, such as in-band signalling, SMS, CDPD etc. A privilege control table determines permitted classes of messages. Content labeling is used to further manage communications without reading the payload of the message. The invention adds additional layers of security by varying content labels based on secure session key exchange seeded algorithms. The system also includes isolating the application program by providing a protocol manager for exclusive receipt of a communication service request from the application program; the protocol manager implementing a plurality of different message protocols. Another aspect of the invention includes link choose logic for effecting loosely-coupled, network loop communications to enable broadband delivery to a mobile unit, and can include parallel transmission of segmented messages over plural communication links.

Citations

29 Claims

1. A method for layered secure communications involving at least one mobile unit, the mobile unit hosting at least one application program and the application program sending a message having associated with it a source application, a destination application and a message type, the method comprising the steps of:
- establishing a base privilege control table comprising a series of entries, each entry in the table indicating a permitted class of messages corresponding to a predetermined combination of a selected sending application, a selected destination application and a selected message type;
  
  providing a series of content labels;
  
  associating each of the content labels to at least one entry in the privilege control table;
  
  examining the message to determine the type of the message without reading the payload of the message;
  
  determining whether the message is permitted or not by reference to the privilege control table; and
  
  if the message is permitted by the privilege control table, adding the associated content label to the message and approving the message for transmission to the destination application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1 further comprising changing the association between the content labels and the entries of the privilege control table.
  - 3. A method according to claim 1 and further including:
    - isolating the application program by providing a protocol manager for exclusive receipt of a communication service request from the application program;
      
      the protocol manager implementing a plurality of different message protocols for establishing corresponding virtual socket connections with various application programs; and
      
      protocol labeling the message before transmission of the message, the protocol label including an indicator of a protocol type of the virtual socket connection over which the application sent the message, so as to facilitate establishing a corresponding virtual socket connection with the destination application.
  - 4. A method according to claim 3 and further including encrypting the protocol labeled message before transmission of the message.
  - 5. A method according to claim 4 wherein the destination application executes on a destination node and said encrypting step includes establishing a secure session with the destination node including exchanging encryption keys.
  - 6. A method according to claim 3 and further comprising the steps of:
    - providing a plurality of communication link controllers, each communication link controller coupled to a corresponding wireless transmitter;
      
      segmenting the message into a plurality of message segments; and
      
      assigning each of the message segments to a different selected one of the communication link controllers for transmission over the corresponding transmitter, thereby enhancing security of transmission of the message.
  - 7. A method according to claim 6 wherein said assigning step is based at least in part on a security level indicated by the sending application.
  - 8. A method according to claim 6 wherein said assigning step is based at least in part on a cost sensitivity indicated by the sending application.
  - 9. A method according to claim 6 wherein said assigning step is based at least in part on the type of the message.

10. A loosely-coupled, ad hoc network loop communications method for broadband delivery to a mobile unit comprising the steps of:
- providing a mobile unit with wireless communications capability;
  
  transmitting a first wireless message from the mobile unit to a base station via a first link, the first message including indicia requesting selected data for transfer to the mobile unit, and the first link having a predetermined data transfer rate;
  
  at the base station, receiving the first message, and forming a second message responsive to the first message, the second message including an identifier of the mobile unit;
  
  transmitting the second message from the base station to a selected information server over a second link, the second link having a data transfer rate greater than the first link;
  
  at the selected information server, receiving the second message and, responsive to the second message, initiating transmission of the selected data to the requesting mobile unit via a broadband wireless broadcast link having a data transfer rate greater than the second link; and
  
  In the mobile unit, receiving the selected information over a receive-only channel adapted to receive data from a broadband wireless broadcast, whereby the mobile unit receives the requested data at a higher transfer rate than the transfer rate of the first link on which the first message was sent requesting the selected data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. A method according to claim 10 wherein the first link comprises a wireless voice call, and the first message is sent by voice;
    - and wherein said receiving the first message at the base station includes forming digital data responsive to automated recognition of the voice message.
  - 12. A method according to claim 10 wherein the first link comprises a wireless voice call, and sending the first message comprises sending digital data within the voice channel during the voice call.
  - 13. A method according to claim 12 wherein said sending digital data within the voice channel comprises a blank and burst technique.
  - 14. A method according to claim 10 wherein the second link comprises a telephone land line.
  - 15. A method according to claim 10 wherein said initiating transmission of the selected data comprises forming a third message responsive to the second message and sending the third message to a satellite service provider SSP to initiate transmission of the selected data from a satellite-borne broadband transmitter to the requesting mobile unit without the use of any special wireless application protocol.
  - 16. A method according to claim 10 wherein the information server initiates a charge to a predetermined account associated with the requesting mobile unit to pay for delivery of the selected data.
  - 17. A method according to claim 10 wherein the information server further communicates with the requesting mobile unit to arrange payment for delivery of the selected data.
  - 18. A method according to claim 10 wherein said initiating transmission of the selected data comprises forming a third message responsive to the second message and sending the third message to a broadband macro cell service provider BMSP to initiate transmission of the selected data from at least one broadband macro cell transmitter to the requesting mobile unit.
  - 19. A method according to claim 10 wherein the base station transmits the second message to the information server via the Internet.

20. A loosely-coupled network loop communications method for broadband delivery to a mobile unit comprising the steps of:
- providing the mobile unit with wireless communications capability and GPS location capability;
  
  transmitting a first wireless message from the mobile unit to a base station via a first link, the first message including indicia requesting selected data for transfer to the mobile unit and further including indicia of a present location of the mobile unit, and the first link having a predetermined data transfer rate;
  
  at the base station, receiving the first message, and forming a second message responsive to the first message, the second message including an identifier of the mobile unit and indicia of the present location of the mobile unit;
  
  transmitting the second message from the base station to a selected information server over a second link, the second link having a data transfer rate greater than the first link; and
  
  at the selected information server, receiving the second message and, responsive to the second message, initiating transmission of the selected data from a selected transmission facility to the requesting mobile unit via a broadband wireless broadcast link having a data transfer rate greater than the first and second links, thereby forming an ad hoc, loosely coupled network loop comprising the mobile unit, the base unit, the information server and the broadband wireless transmission facility.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. A method according to claim 20 wherein said transmitting the second message from the base station to a selected information server includes selecting an information server based on the indicia of the present location of the mobile unit.
  - 22. A method according to claim 20 further comprising the steps of:
    - at the base station, determining a code for decoding the selected data to be transmitted to the requesting mobile unit via the broadband wireless broadcast link; and
      
      sending the said code via a message over the first link to the mobile unit.
  - 23. A method according to claim 22 further comprising the steps of:
    - at the mobile unit, receiving the requested data via the broadband wireless broadcast link by using the code received from the base station via the first link.
  - 24. A method according to claim 20 wherein the selected transmission facility includes at least one fixed location BMC transmitter.
  - 25. A method according to claim 20 wherein the selected transmission facility includes at least one satellite transmitter.
  - 26. A method according to claim 20 wherein the selected data requested by the mobile unit comprises video data.
  - 27. A method according to claim 20 and further comprising:
    - forming a completion message in the mobile unit responsive to successful receipt of the requested data;
      
      transmitting the completion message via the first link to the base station;
      
      and then, in the base station, transmitting a corresponding completion message to the selected information server, thereby completing the requested transaction via the network loop.
  - 28. A method according to claim 20 wherein the mobile unit is coupled to a motor vehicle and the selected data requested by the mobile unit comprises navigation data.
  - 29. A method according to claim 20 wherein the mobile unit is coupled to a motor vehicle and the selected data requested by the mobile unit comprises vehicle systems software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Karma Automotive LLC (Wanxiang Group Corporation)
Original Assignee
Karma Automotive LLC (Wanxiang Group Corporation)
Inventors
Lutter, R. Pierce, Olson, Tracey J., Benjamin, Mitch A., Preston, Dan A., Hinnant, Harris O.

Application Number

US09/837,563
Publication Number

US 20020032853A1
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/061   for key exchange, e.g. in p...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/18   using different networks or...

Secure dynamic link allocation system for mobile data communication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Secure dynamic link allocation system for mobile data communication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links