Method and apparatus for fast secure session establishment on half-duplex point-to-point voice cellular network channels

US 20060269065A1
Filed: 05/18/2005
Published: 11/30/2006
Est. Priority Date: 05/18/2005
Status: Active Grant

First Claim

Patent Images

1. A secure device, comprising:

a vocoder configured to generate voice packets from a voice signal;

a memory configured to store a previously established security association from a first session between the secure device and another secure device, wherein the stored security association comprises an encryption key and a first state vector, wherein the stored security association is adapted to be used during a second session between the secure device and the other secure device;

a vector generator configured to generate an updated state vector; and

an encryption engine configured to use the cached security association and the updated state vector to encrypt the voice packets.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus (213) and corresponding methods (FIG. 7) to facilitate maintaining crypto synchronization while processing communication signals in a communication unit includes a vocoder (215) configured to convert input audio band signals to vocoder output frames; a crypto processor (217) configured to encrypt the vocoder output frames to provide encrypted output frames; and a synchronizer (219) configured to substitute in a predetermined manner synchronization information corresponding to an encryption state of the crypto processor for a portion of the encrypted data in a portion of the encrypted output frames to provide resultant output synchronization frames suitable for synchronizing a decryption process at a target communication unit.

32 Citations

View as Search Results

19 Claims

1. A secure device, comprising:
- a vocoder configured to generate voice packets from a voice signal;
  
  a memory configured to store a previously established security association from a first session between the secure device and another secure device, wherein the stored security association comprises an encryption key and a first state vector, wherein the stored security association is adapted to be used during a second session between the secure device and the other secure device;
  
  a vector generator configured to generate an updated state vector; and
  
  an encryption engine configured to use the cached security association and the updated state vector to encrypt the voice packets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device of claim 1, further comprising:
    - a modem configured to format the encrypted voice packets to fit within a half-duplex PTT voice channel; and
      
      a first transceiver configured to transmit the formatted voice packets.
  - 3. The device of claim 2, wherein the updated state vector comprises a synchronization message, and wherein the vector generator, comprises:
    - a synchronization message generator configured to generate the synchronization message for maintaining secure call synchronization, and wherein the modem further comprises;
      
      a synchronization message insertion unit configured to replace at least part of at least one of the encrypted voice packets of an encrypted voice frame being sent from the encryption engine with the synchronization message.
  - 4. The device of claim 2, wherein the encrypted voice packets being replaced by the synchronization message comprise encrypted voice packets that include the least significant bits of the encrypted voice frame, and wherein the encrypted voice packets and synchronization messages are formatted to fit within the half-duplex PTT voice channel.
  - 5. The device of claim 1, wherein the encryption engine, comprises:
    - an encryption engine configured to use the encryption key and the updated state vector to encrypt the voice packets.
  - 6. The device of claim 2, wherein the first transceiver is configured to transmit the formatted and encrypted voice packets and the synchronization message to the second transceiver over the half-duplex PTT voice channel.
  - 7. The device of claim 1, wherein the secure device further comprises:
    - a secure PTT call phone book directory, wherein an asymmetric key exchange is initiated in advance of a secure PTT call when a client number/identifier of the other secure device is entered in the secure PTT call phone book directory.
  - 8. The device of claim 1, wherein the secure device further comprises:
    - an address book, wherein an asymmetric key exchange is initiated in advance of a second secure PTT call when the secure device selects the other secure device listed in the address book and designates the other secure device as being authorized for secure PTT calls, and wherein the secure device is adapted to call the other secure device while the secure device is idle to establish the security association via the asymmetric key exchange before initiating the second secure PTT call.

9. A secure device, comprising:
- a transceiver configured to receive a voice frame comprising encrypted/formatted voice packets and an updated state vector;
  
  a memory for storing a previously established security association from a first session between the secure device and another secure device, wherein the cached security association comprises the encryption key and the first state vector and wherein the stored security association can be used during a second session between the secure device and the other secure device; and
  
  a decryption engine configured to use the cached security association and the updated state vector to decrypt the encrypted voice packets received from the first transceiver.
- View Dependent Claims (10, 11)
- - 10. The device of claim 9, wherein the updated state vector comprises a synchronization message, wherein the decryption engine uses the synchronization message to initialize cryptographic synchronization at the start of the first secure voice frame to thereby compensate for any voice packets lost or gained during transmission.
  - 11. The device of claim 10, wherein the decryption engine is configured to use the encryption key and the synchronization message to decrypt the encrypted/formatted voice packets received by the transceiver.

12. A secure wireless Push-to-Talk (PTT) dispatch system, comprising:
- a first device, comprising;
  
  a first memory for storing a previously established security association from a first session between the first device and a second device, wherein the stored security association comprises an encryption key and a first state vector, wherein the stored security association is adapted for use during a second session between the first device and the second device;
  
  a vocoder configured to generate voice packets from a voice input signal;
  
  a vector generator configured to generate an updated state vector; and
  
  an encryption engine configured to use the cached security association and the updated state vector to encrypt the voice packets.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12, wherein the first device comprises:
    - a modem configured to format the encrypted voice packets to fit within half-duplex PTT voice channel; and
      
      a first transceiver configured to transmit the formatted voice packets.
  - 14. The system of claim 13, wherein the second device comprises:
    - a second transceiver configured to receive the formatted voice packets;
      
      a second memory configured to store the security association for use during a second session between the second device and the first device; and
      
      a decryption engine configured to use the cached security association to decrypt the formatted voice packets received from the first transceiver.
  - 15. The system of claim 13, wherein the updated state vector comprises a synchronization message, and wherein the vector generator, comprises:
    - a synchronization message generator configured to generate the synchronization message for maintaining secure call synchronization, and wherein the modem further comprises;
      
      a synchronization message insertion unit configured to replace at least part of at least one of the encrypted voice packets of an encrypted voice frame being sent from the encryption engine with the synchronization message.

16. A secure communication method for a communication system comprising a first device which communicates with a second device over a channel, comprising:
- establishing, responsive to a first secure call request from the first device, a security association during a first session between the devices via an asymmetric key exchange, wherein the security association comprises an encryption key and a first state vector;
  
  storing the security association in each of the devices for use during a second session between the devices to expedite security association establishment during call set-up of the second session;
  
  generating an updated state vector at the first device; and
  
  establishing, responsive to a second secure call request from the first device, a second session between the first device in the second device by using the encryption key from the first session and the updated state vector to establish the second session during call set-up of the second session.
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, storing the security association in each of the devices for use during a second session between the devices to expedite security association establishment during call set-up of the second session, comprises:
    - caching the encryption keys in each of the devices for use during a second session between the devices.
  - 18. The method of claim 16, further comprising:
    - using the security association to encrypt voice packets being sent from the first device to the second device.
  - 19. The method of claim 18, further comprising:
    - using the security association to decrypt voice packets received by the second device from the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.), General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Inventors
Rainbolt, Bradley J., Ray, Jerry D., Neubauer, William C. III, Lindteigen, Ty B., Klug, Keith M., Savage, Michael A., Villa, Fred R., Sutherland, Bryce, McKibben, Bernard R., Boillot, Marc A., McKay, Brent M., Kreitzer, Stuart S., Winterfield, Barbara S.

Granted Patent

US 7,747,021 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1101   Session protocols

H04L 65/4061   Push-to services, e.g. push...

H04M 2203/609   Secret communication

H04W 12/033   of the user plane, e.g. use...

H04W 12/04   Key management, e.g. using ...

H04W 8/22   Processing or transfer of t...

Method and apparatus for fast secure session establishment on half-duplex point-to-point voice cellular network channels

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for fast secure session establishment on half-duplex point-to-point voice cellular network channels

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links