Method and system for providing strong security in insecure networks

US 20070028090A1
Filed: 01/19/2006
Published: 02/01/2007
Est. Priority Date: 07/27/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing strong security in an insecure network, comprising:

creating a payload associated with a data packet for transmission by a sending node;

determining whether the payload is associated with a unicast data packet;

if the payload is associated with the unicast data packet;

encrypting the payload using a private key associated with the sending node to obtain a unicast encrypted payload;

encrypting the unicast encrypted payload using a public key associated with a receiving node to obtain a double-encrypted payload; and

transmitting the data packet comprising the double-encrypted payload to the receiving node over the insecure network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing strong security in an insecure network, involving creating a payload associated with a data packet for transmission by a sending node, determining whether the payload is associated with a unicast data packet, if the payload is associated with the unicast data packet encrypting the payload using a private key associated with the sending node to obtain a unicast encrypted payload, encrypting the unicast encrypted payload using a public key associated with a receiving node to obtain a double-encrypted payload, and transmitting the data packet including the double-encrypted payload to the receiving node over the insecure network.

Citations

19 Claims

1. A method for providing strong security in an insecure network, comprising:
- creating a payload associated with a data packet for transmission by a sending node;
  
  determining whether the payload is associated with a unicast data packet;
  
  if the payload is associated with the unicast data packet;
  
  encrypting the payload using a private key associated with the sending node to obtain a unicast encrypted payload;
  
  encrypting the unicast encrypted payload using a public key associated with a receiving node to obtain a double-encrypted payload; and
  
  transmitting the data packet comprising the double-encrypted payload to the receiving node over the insecure network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - encapsulating the double-encrypted payload via a network protocol stack to obtain the data packet prior to transmitting the data packet.
  - 3. The method of claim 1, further comprising:
    - if the payload is not associated with the unicast data packet;
      
      encrypting the payload using a private key associated with the sending node to obtain a non-unicast encrypted payload;
      
      encapsulating the non-unicast encrypted payload via a network protocol stack to obtain the data packet; and
      
      transmitting the data packet comprising the non-unicast encrypted payload to the receiving node in the insecure network.
  - 4. The method of claim 1, wherein the double-encrypted payload is encrypted using at least one asymmetric cryptographic algorithm.
  - 5. The method of claim 1, wherein the payload is associated with one selected from the group consisting of a multicast data packet and a broadcast data packet, if the payload is not associated with the unicast packet.
  - 6. The method of claim 1, wherein the sending node comprises a database of public keys comprising the public key associated with the receiving node.
  - 7. The method of claim 1, further comprising:
    - adding a node to the insecure network, wherein adding the node comprises obtaining a public key associated with the node and sending the public key to a plurality of nodes in the insecure network.
  - 8. The method of claim 1, further comprising:
    - receiving the data packet comprising the double-encrypted payload by the receiving node in the insecure network;
      
      determining whether the data packet is a unicast data packet;
      
      if the data packet is the unicast data packet;
      
      decrypting a payload associated with the data packet using a private key associated with the receiving node to obtain an intermediate payload; and
      
      decrypting the intermediate payload using a public key associated with a sending node to obtain a decrypted payload.
  - 9. The method of claim 8, wherein the receiving node comprises a database of public keys comprising the public key associated with the sending node.
  - 10. The method of claim 8, wherein the payload is decrypted using at least one asymmetric cryptographic algorithm used to encrypt the payload.

11. An insecure network system, comprising:
- a sending node configured to double encrypt a payload associated with a data packet using a database of public keys operatively connected to the sending node and a private key of the sending node, if the data packet is a unicast data packet;
  
  a receiving node configured to decrypt the double encrypted payload using a database of public keys operatively connected to the receiving node; and
  
  the database of public keys operatively connected to the sending node comprising a public key of the receiving node; and
  
  the database of public keys operatively connected to the receiving node comprising a public key of the sending node.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11, wherein the payload is double encrypted using at least one asymmetric cryptographic algorithm.
  - 13. The system of claim 12, wherein double encrypting the payload comprises encrypting the payload using the private key of the sending node to obtain an encrypted payload, and encrypting the encrypted payload using the public key of the receiving node.
  - 14. The system of claim 11, wherein the payload is associated with one selected from the group consisting of a multicast data packet and a broadcast data packet, if the payload does not correspond to the unicast packet.
  - 15. The system of claim 11, wherein the sending node is further configured to transmit the double-encrypted payload to the receiving node.
  - 16. The system of claim 15, wherein the sending node is further configured to encapsulate the data packet comprising the double-encrypted payload using a network protocol stack prior to transmitting the double-encrypted payload to the receiving node.
  - 17. The system of claim 11, wherein the sending node is further configured to:
    - if the payload is not associated with the unicast data packet;
      
      encrypt the payload using the private key of the sending node to obtain a non-unicast encrypted payload;
      
      encapsulating the non-unicast encrypted payload via a network protocol stack to obtain the data packet; and
      
      transmit the data packet comprising the non-unicast encrypted payload to the receiving node in the insecure network.

18. A method for providing strong security in an insecure network, comprising:
- creating a payload associated with a data packet for transmission by a sending node;
  
  determining whether the payload is associated with a unicast data packet;
  
  if the payload is associated with the unicast data packet;
  
  encrypting the payload using a public key associated with a receiving node to obtain a unicast encrypted payload;
  
  encrypting the unicast encrypted payload using a private key associated with the sending node to obtain a double-encrypted payload; and
  
  transmitting the data packet comprising the double-encrypted payload to the receiving node over the insecure network.

19. A computer system for providing strong security in an insecure network, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system under control of the processor, to;
  
  creating a payload associated with a data packet for transmission by a sending node;
  
  determining whether the payload is associated with a unicast data packet;
  
  if the payload is associated with the unicast data packet;
  
  encrypting the payload using a private key associated with the sending node to obtain a unicast encrypted payload;
  
  encrypting the unicast encrypted payload using a public key associated with a receiving node to obtain a double-encrypted payload; and
  
  transmitting the data packet comprising the double-encrypted payload to the receiving node over the insecure network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun France S.A.
Inventors
Martikian, Pablo, Vazquez, Pedro, Lopez, Alejandro

Granted Patent

US 7,774,594 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0478   applying multiple layers of...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

Method and system for providing strong security in insecure networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing strong security in insecure networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links