Method and apparatus for providing secure streaming data transmission facilites using unreliable protocols
First Claim
1. A method of transmitting data securely over a computer network, comprising the steps of:
- (1) establishing a communication path between a first computer and a second computer;
(2) encrypting and transmitting data records between the first computer and the second computer using an unreliable communication protocol, wherein each data record is encrypted without reference to a previously transmitted data record; and
(3) in the second computer, receiving and decrypting the data records transmitted in step (2) without reference to a previously received data record.
18 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead.
-
Citations
22 Claims
-
1. A method of transmitting data securely over a computer network, comprising the steps of:
-
(1) establishing a communication path between a first computer and a second computer;
(2) encrypting and transmitting data records between the first computer and the second computer using an unreliable communication protocol, wherein each data record is encrypted without reference to a previously transmitted data record; and
(3) in the second computer, receiving and decrypting the data records transmitted in step (2) without reference to a previously received data record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of securely transmitting a plurality of data records between a client computer and a proxy server using an unreliable communication protocol, comprising the steps of:
-
(1) establishing a reliable connection between the client computer and the proxy server;
(2) exchanging encryption credentials between the client computer and the proxy server over the reliable connection;
(3) generating a nonce for each of a plurality of data records, wherein each nonce comprises an initialization vector necessary to decrypt a corresponding one of the plurality of data records;
(4) using the nonce to encrypt each of the plurality of data records and appending the nonce to each of the plurality of data records;
(5) transmitting the plurality of data records encrypted in step (4) from the client computer to the proxy server using an unreliable communication protocol; and
(6) in the proxy server, decrypting each of the plurality of encrypted data records using a corresponding nonce extracted from each data record and a previously shared encryption key. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for securely transmitting data using an unreliable protocol, comprising:
-
a first computer comprising a communication protocol client function operable in conjunction with an application program to transmit data records securely using an unreliable protocol; and
a second computer coupled to the first computer and comprising a communication protocol server function operable in conjunction with the communication protocol client function to receive data records securely using the unreliable communication protocol, wherein the communication protocol client function encrypts each data record using a nonce and an encryption key and appends the respective nonce to each of the encrypted data records; and
wherein the communication protocol server function decrypts each of the data records using the respectively appended nonce and the encryption key. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification