System and method for implementing an enhanced transport layer security protocol

US 20030159029A1
Filed: 02/19/2003
Published: 08/21/2003
Est. Priority Date: 08/25/2000
Status: Active Grant

First Claim

Patent Images

1. A method for securely communicating with a server operating on a computer network, comprising the steps of:

providing a servlet that securely communicates with the server;

providing a connection log maintained by the servlet that stores one or more transmissions received by the servlet;

sending an encrypted transmission to the servlet over the computer network;

receiving the encrypted transmission at the servlet;

decrypting the encrypted transmission with the servlet to generate a decrypted transmission;

comparing the decrypted transmission with the one or more transmissions stored in the connection log to determine if the decrypted transmission is original; and

if the decrypted transmission is original, then transferring the decrypted transmission from the servlet to the server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for implementing an enhanced transport layer security (ETLS) protocol is provided. The system includes a primary server, an ETLS servlet and an ETLS software module. The primary server operates on a computer network and is configured to communicate over the computer network using a non-proprietary security protocol. The ETLS servlet also operates on the computer network and is securely coupled to the primary server. The ETLS servlet is configured to communicate over the computer network using an ETLS security protocol. The ETLS software module operates on a mobile device, and is configured to communicate over the computer network using either the non-proprietary security protocol or the ETLS security protocol Operationally, the ETLS software module initially contacts the server over the computer network using the non-proprietary security protocol, and subsequently contacts the server through the ETLS servlet using the ETLS security protocol.

82 Citations

View as Search Results

71 Claims

1. A method for securely communicating with a server operating on a computer network, comprising the steps of:
- providing a servlet that securely communicates with the server;
  
  providing a connection log maintained by the servlet that stores one or more transmissions received by the servlet;
  
  sending an encrypted transmission to the servlet over the computer network;
  
  receiving the encrypted transmission at the servlet;
  
  decrypting the encrypted transmission with the servlet to generate a decrypted transmission;
  
  comparing the decrypted transmission with the one or more transmissions stored in the connection log to determine if the decrypted transmission is original; and
  
  if the decrypted transmission is original, then transferring the decrypted transmission from the servlet to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, wherein the encrypted transmission is sent to the servlet from a mobile device through a wireless gateway coupled to the computer network.
  - 3. The method of claim 1, wherein the servlet is installed on the server.
  - 4. The method of claim 1, wherein the computer network is an Internet.
  - 5. The method of claim 1, wherein the server and servlet are protected within the computer network by a firewall.
  - 6. The method of claim 1, wherein the servlet is a JAVA servlet.
  - 7. The method of claim 1, wherein the servlet is a CGI script.
  - 8. The method of claim 1, wherein the server is an HTTP server.
  - 9. The method of claim 1, comprising the additional step of:
    - storing the decrypted transmission in the connection log.
  - 10. The method of claim 1, wherein:
    - the one or more transmissions stored in the connection log each comprise a stored time-stamp;
      
      the decrypted transmission comprises a current time-stamp; and
      
      the current time-stamp is compared with each of the stored time-stamps to determine if the decrypted transmission is original.
  - 11. The method of claim 1, wherein:
    - the one or more transmissions stored in the connection log each comprise a stored time-stamp and a stored service request;
      
      the decrypted transmission comprises a current time-stamp and a current service request; and
      
      the current time-stamp and the current service request are compared with each stored time-stamp and stored service request to determine if the decrypted transmission is original.
  - 12. The method of claim 1, wherein the servlet has a unique location on the computer network, and comprising the additional step of:
    - receiving the unique location of the servlet from the server;
      
      wherein the unique location of the servlet is used to send the encrypted transmission to the servlet over the computer network.
  - 13. The method of claim 12, wherein the unique location is a uniform resource locator (URL).
  - 14. The method of claim 12, wherein the unique location is received from the server in the form of a custom HTTP response header.
  - 15. The method of claim 1, wherein the servlet maintains a private key, and comprising the additional steps of:
    - receiving a public key; and
      
      using the public key to encrypt the encrypted transmission;
      
      wherein the servlet uses the private key to decrypt the encrypted transmission.
  - 16. The method of claim 15, wherein the public key is received from the server in the form of a custom HTTP response header.
  - 17. The method of claim 1, wherein the servlet maintains a private key, and comprising the additional steps of:
    - receiving a public key;
      
      generating a session key;
      
      using the session key to encrypt a service request;
      
      using the public key to encrypt the session key; and
      
      encapsulating the encrypted session key and the encrypted service request in the encrypted transmission;
      
      wherein the servlet uses the private key to decrypt the session key and uses the decrypted session key to decrypt the service request.
  - 18. The method of claim 17, wherein the one or more transmissions stored in the connection log each comprise a stored time-stamp, and comprising the additional steps of:
    - generating a current time-stamp; and
      
      using the session key to encrypt the current time-stamp;
      
      wherein the encrypted current time-stamp is encapsulated in the encrypted transmission along with the encrypted session key and the encrypted service request, and wherein the current time-stamp is decrypted by the servlet and compared with each stored time-stamp to determine if the decrypted transmission is original.
  - 19. The method of claim 17, wherein the session key is a random number.
  - 20. The method of claim 17, wherein the public key is received from the server in the form of a custom HTTP response header.
  - 21. The method of claim 17, wherein the encrypted transmission is sent to the servlet in the form of an HTTP POST request.
  - 22. The method of claim 1, comprising the additional steps of:
    - generating a response to the decrypted transmission at the server;
      
      transferring the response from the server to the servlet;
      
      encrypting the response with the servlet;
      
      receiving the encrypted response from the servlet over the computer network.
  - 23. The method of claim 1, comprising the additional step of:
    - retrieving a digital certificate from the server using a non-proprietary security protocol.
  - 24. The method of claim 23, wherein the non-proprietary security protocol is the transport layer security (TLS) protocol.
  - 25. The method of claim 1, wherein the secure communication is made between the server and a mobile device.

26. A method for securely communicating between a mobile device and a server operating on a computer network, comprising the steps of:
- providing a security servlet operating on the computer network, wherein the security servlet communicates with the server via a secure link, and is identified by a unique location on the computer network;
  
  establishing a wireless connection between the mobile device and the computer network;
  
  establishing a secure connection between the mobile device and the server using a non-proprietary security protocol;
  
  sending a first encrypted service request from the mobile device to the server via the non-proprietary security protocol;
  
  sending a first encrypted response from the server to the mobile device that includes the unique location of the security servlet on the computer network;
  
  sending a second encrypted service request from the mobile device to the security servlet using the unique location of the security servlet;
  
  decrypting the second encrypted service request with the security servlet to generate a decrypted service request;
  
  transferring the decrypted service request from the security servlet to the server.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 27. The method of claim 26, wherein the second encrypted service request is encrypted using a proprietary security protocol.
  - 28. The method of claim 26, comprising the additional step of:
    - storing the unique location of the security servlet in a memory location on the mobile device.
  - 29. The method of claim 26, comprising the additional step of:
    - receiving a digital certificate from the server using the non-proprietary security protocol.
  - 30. The method of claim 26, wherein the unique location of the security servlet on the computer network is a uniform resource locator (URL).
  - 31. The method of claim 26, wherein the non-proprietary security protocol is the transport layer security (TLS) protocol.
  - 32. The method of claim 26, wherein the non-proprietary security protocol is the SSL protocol.
  - 33. The method of claim 26, wherein the first encrypted response from the server includes a custom HTTP response header that identifies the unique location of the security servlet on the computer network.
  - 34. The method of claim 26, wherein the decrypted service request is transferred from the security servlet to the server using a hypertext transfer protocol (HTTP) connection.
  - 35. The method of claim 26, wherein a plurality of additional encrypted service requests are sent from the mobile device to the security servlet, decrypted by the security servlet and transferred to the server.
  - 36. The method of claim 26, comprising the additional step of:
    - verifying the originality of the second encrypted service request by comparing it with a connection log maintained by the security servlet.
  - 37. The method of claim 26, wherein an encrypted current time-stamp is sent from the mobile device to the security servlet along with the second encrypted service request, and comprising the additional step of:
    - verifying the originality of the second encrypted service request by decrypting the encrypted current time-stamp and comparing it with a connection log maintained by the security servlet.
  - 38. The method of claim 26, wherein the wireless connection between the mobile device and the computer network is made through a wireless network.
  - 39. The method of claim 26, wherein:
    - the first encrypted response from the server also includes a public key;
      
      the security servlet has a private key configured to decrypt data that has been encrypted using the public key; and
      
      the second encrypted service request is encrypted by the mobile device using the public key, and is decrypted by the security servlet using the private key.
  - 40. The method of claim 39, wherein the step of sending the second encrypted service request from the mobile device to the security servlet comprises the additional steps of:
    - generating a session key;
      
      encrypting a service request with the session key;
      
      encrypting the session key with the public key;
      
      encapsulating the encrypted service request and the encrypted session key according to a transfer mechanism to form the second encrypted service request; and
      
      transmitting the second encrypted service request from the mobile device to the security servlet;
      
      wherein the encrypted session key is decrypted by the security servlet using the private key and the encrypted service request is decrypted by the security servlet using the session key, and wherein the service request is transferred from the security servlet to the server.
  - 41. The method of claim 40, wherein a current time-stamp is also encrypted with the session key and encapsulated in the second encrypted service request, and wherein the current time-stamp is compared with a connection log by the security servlet to verify the originality of the second encrypted service request.
  - 42. The method of claim 40, wherein the second encrypted service request is sent to the security servlet in the form of an HTTP POST request.
  - 43. The method of claim 40, comprising the additional steps of:
    - generating a response to the service request at the server;
      
      transferring the response from the server to the servlet;
      
      encrypting the response using the session key;
      
      sending the encrypted response from the security servlet to the mobile device.

44. A secure server, comprising:
- a primary server operating on a computer network;
  
  a security servlet operating on the computer network and securely coupled to the primary server and configured to decrypt an encrypted service request received from the computer network to generate a decrypted service request; and
  
  a connection log coupled to the security servlet that stores one or more previous service requests received by the security servlet;
  
  wherein the security servlet first verifies that the encrypted service request is original by comparing the decrypted service request with the one or more previous service requests stored in the connection log, and then transfers the decrypted service request to the primary server.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 45. The secure server of claim 44, wherein the security servlet is installed on the primary server.
  - 46. The secure server of claim 44, wherein the security servlet is configured to decrypt a first service request type that is encrypted using a proprietary security protocol and the primary server is configured to decrypt a second service request type that is encrypted using a non-proprietary security protocol.
  - 47. The secure server of claim 46, wherein the non-proprietary security protocol is the TLS protocol.
  - 48. The secure server of claim 46, wherein the security servlet maintains a public-private key pair specific to the proprietary security protocol and the primary server maintains a public-private key pair specific to the nonproprietary security protocol.
  - 49. The secure server of claim 44, wherein the computer network is an Internet.
  - 50. The secure server of claim 44, wherein the computer network is an Intranet.
  - 51. The secure server of claim 44, wherein the primary server and the security servlet are protected within the computer network by a firewall.
  - 52. The secure server of claim 51, wherein the security servlet is coupled to the primary server using an HTTP connection.
  - 53. The secure server of claim 44, wherein the security servlet is a JAVA servlet.
  - 54. The secure server of claim 44, wherein the primary server is an HTTP server.
  - 55. The secure server of claim 44, wherein:
    - the decrypted service request includes a current time-stamp;
      
      the one or more previous service requests each include a stored time-stamp; and
      
      the security servlet verifies that the encrypted service request is original by comparing the current time-stamp with each stored time-stamp.
  - 56. The secure server of claim 44, wherein:
    - the decrypted service request is assigned a current ordinal number;
      
      the one or more previous service requests each include a previous ordinal number; and
      
      the security servlet verifies that the encrypted service request is original by comparing the current ordinal number with each previous ordinal number.

57. An enhanced transport layer security (ETLS) system for a mobile device, comprising:
- a primary server operating on a computer network and configured to communicate over the computer network using a non-proprietary security protocol;
  
  an ETLS servlet operating on the computer network and securely coupled to the server, wherein the ETLS servlet is configured to communicate over the computer network using an ETLS security protocol;
  
  an ETLS software module operating on the mobile device that is configured to communicate over the computer network using either the nonproprietary security protocol or the ETLS security protocol;
  
  wherein the ETLS software module initially contacts the server over the computer network using the non-proprietary security protocol and subsequently contacts the server through the ETLS servlet using the ETLS security protocol.
- View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 58. The system of claim 57, wherein the ETLS software module communicates with the computer network through a wireless gateway.
  - 59. The system of claim 57, wherein the ETLS servlet is installed on the primary server.
  - 60. The system of claim 57, wherein the computer network is an Internet.
  - 61. The system of claim 57, wherein the computer network is an Intranet.
  - 62. The system of claim 57, wherein the primary server and the ETLS servlet are protected within the computer network by a firewall.
  - 63. The system of claim 57, wherein the ETLS servlet is a JAVA servlet.
  - 64. The system of claim 57, wherein the primary server is an HTTP server.
  - 65. The system of claim 57, wherein communications transmitted from the primary server include a header that indicates a unique resource locator (URL) for the ETLS servlet.
  - 66. The system of claim 57, wherein communications transmitted from the primary server include a digital certificate.
  - 67. The system of claim 57, wherein the ETLS software module detects whether the computer network includes the ETLS servlet.
  - 68. The system of claim 65, wherein the header is a custom HTTP response header.
  - 69. The system of claim 57, wherein the primary server maintains a public-private key pair specific to the non-proprietary security protocol, and the ETLS servlet maintains a public-private key pair specific to the ETLS security protocol.
  - 70. The system of claim 57, further comprising:
    - a connection log coupled to the ETLS server that stores one or more previous ETLS transmission received by the ETLS server, wherein the ETLS server uses the connection log to verify the originality of a current ETLS transmission.
  - 71. The system of claim 57, further comprising:
    - a connection log coupled to the ETLS server that stores one or more time-stamps associated with previous ETLS transmissions received by the ETLS server, wherein the ETLS server compares each stored time-stamp with a current time-stamp to verify the originality of a current ETLS transmission.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Little, Herbet A., Yach, David P., Brown, Michael S.

Granted Patent

US 7,631,180 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

G07B 17/00193   Constructional details of a...

G07B 2017/00491   Mail/envelope/insert handli...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0884   by delegation of authentica...

H04L 63/123   received data contents, e.g...

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/04   specially adapted for termi...

H04L 69/329   in the application layer [O...

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 12/61   Time-dependent

System and method for implementing an enhanced transport layer security protocol

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for implementing an enhanced transport layer security protocol

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links