Method and system for secure packet communication

US 20070116285A1
Filed: 11/16/2006
Published: 05/24/2007
Est. Priority Date: 11/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method for processing a communication data item, said method comprising the steps of:

dividing the communication data item into a plurality of unencrypted packets, each of said unencrypted packets having a packet header and plaintext data, the packet header of each of said unencrypted packets comprising an identifier field that includes a packet identifier, the packet identifier being identical for all of said unencrypted packets; and

generating an encrypted packet from each of said unencrypted packets by;

determining a vector identifier from the identical packet identifier, said vector identifier having an association with the identical packet identifier;

ascertaining an initial vector from the vector identifier; and

forming an encrypted packet header, said forming the encrypted packet header comprising inserting the vector identifier into a first portion of the packet header and encrypting a second portion of the packet header through use of an encryption key, said first and second portions of the packet header being different portions of the packet header, said encrypting the second portion of the packet header being implemented through use of the initial vector.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for processing a communication data item. The communication data item is divided into at least two unencrypted packets to be encrypted. Each encrypted packet is generated from a corresponding unencrypted packet. Each unencrypted packet has a packet header and plaintext data. The packet header has an identifier field that includes a packet identifier. The packet identifier is identical for all unencrypted packets. Generating an encrypted packet for each unencrypted packet includes: determining a vector identifier from the identical packet identifier, wherein the vector identifier is associated with the identical packet identifier; ascertaining an initial vector from the vector identifier; and forming an encrypted packet header by inserting the vector identifier into a first portion of the packet header and encrypting a second portion of the packet header through use of the initial vector. The encrypted packets are subsequently decrypted and combined to reconstruct the communication data item.

Citations

20 Claims

1. A method for processing a communication data item, said method comprising the steps of:
- dividing the communication data item into a plurality of unencrypted packets, each of said unencrypted packets having a packet header and plaintext data, the packet header of each of said unencrypted packets comprising an identifier field that includes a packet identifier, the packet identifier being identical for all of said unencrypted packets; and
  
  generating an encrypted packet from each of said unencrypted packets by;
  
  determining a vector identifier from the identical packet identifier, said vector identifier having an association with the identical packet identifier;
  
  ascertaining an initial vector from the vector identifier; and
  
  forming an encrypted packet header, said forming the encrypted packet header comprising inserting the vector identifier into a first portion of the packet header and encrypting a second portion of the packet header through use of an encryption key, said first and second portions of the packet header being different portions of the packet header, said encrypting the second portion of the packet header being implemented through use of the initial vector.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the identifier field comprises the first portion of the packet header.
  - 3. The method of claim 2, wherein the identifier field consists of the first portion of the packet header.
  - 4. The method of claim 2, wherein the identifier field consists of the first portion of the packet header and the second portion of the packet header.
  - 5. The method of claim 2, wherein the second portion of the packet header has a first part that is in the identifier field and a second part that is outside of the identifier field.
  - 6. The method of claim 2, wherein the second portion of the packet header is entirely outside of the identifier field.
  - 7. The method of claim 1, wherein the first portion of the packet header is entirely outside of the identifier field.
  - 8. The method of claim 1, wherein the packet header consists of the first portion of the packet header and the second portion of the packet header.
  - 9. The method of claim 1, further comprising deleting the association between the initial vector and the identical packet identifier, in response to the encryption key being changed.
  - 10. The method of claim 1, wherein said generating further comprises for each unencrypted packet:
    - encrypting the plaintext data through use of the encrypted second portion of the packet header; and
      
      combining the encrypted packet header and the encrypted plaintext data to form a portion of the encrypted packet.
  - 11. The method of claim 10, wherein said dividing the communication data item and said generating an encrypted packet from each unencrypted packet are performed by a transmitting system, and wherein the method further comprises transmitting each generated encrypted packet from the transmitting system to a receiving system.
  - 12. The method of claim 1, wherein said encrypting the second portion of the packet header comprises performing an exclusive OR between the second portion of the packet header and the initial vector to generate an initial resulting data item D₀, followed by encrypting D₀to generate an initial encrypted data item E₀, said E₀being the encrypted second portion of the packet header.
  - 13. The method of claim 12, wherein the plaintext data comprises N plaintext-data items denoted as plaintext-data items T₁, T₂, . . . , T_Nsuch that N is at least 1, wherein said generating for each unencrypted packet further comprises:
    - in a sequential order of i=1, 2, . . . , N, performing an exclusive OR between T_iand E_i−
      
      1to generate a resulting data item D_i, followed by encrypting D_ito form an encrypted data item E_i; and
      
      combining E₀, E₁, E₂, . . . , and E_Nto form a portion of the encrypted packet.
  - 14. A computer program comprising computer readable program code, said program code being stored on a computer readable storage medium and adapted to be executed by a processor of a computer system to implement the method of claim 1.
  - 15. A computer system comprising a processor and a computer readable storage medium coupled to the processor, said storage medium containing computer readable program code that when executed by the processor implements the method of claim 1.

16. A method for processing a plurality of encrypted packets, said method comprising the steps of:
- generating a decrypted packet from each encrypted packet, each of said encrypted packets having an encrypted packet header and encrypted data items, the encrypted packet header of each of said encrypted packets comprising an encrypted portion (E₀) and an identifier field that includes a vector identifier, said vector identifier being identical for all of said encrypted packets, said encrypted packets having been previously derived from a communication data item that comprised unencrypted packets respectively corresponding to the encrypted packets, said generating comprising for each encrypted packet;
  
  obtaining the vector identifier from the identifier field;
  
  ascertaining an initial vector from the obtained vector identifier;
  
  decrypting E₀to form a decrypted data item D₀; and
  
  performing an exclusive OR between D₀and the initial vector to form a decrypted packet header of the decrypted packet.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein said generating is performed by a receiving system and further comprises for each encrypted packet:
    - decrypting the encrypted data items through use of E₀to form corresponding plaintext-data items and combining the decrypted packet header with the corresponding plaintext-data items to form a portion of the decrypted packet; and
      
      wherein the method further comprises;
      
      receiving the plurality of encrypted packets from a transmitting system and combining the decrypted packets to reconstruct the communication data item, said receiving and combining being performed by the receiving system.
  - 18. The method of claim 17, wherein the encrypted data items comprise N encrypted data items denoted as encrypted data items E₁, E₂, . . . , E_Nsuch that N is at least 1, and wherein said decrypting the encrypted data items comprises:
    - in a sequential order of i=1, 2, . . . , N, decrypting E_ito form a decrypted data item D_i, followed by performing an exclusive OR between D_iand E_i−
      
      1to generate the corresponding plaintext-data item T_i.
  - 19. A computer program comprising computer readable program code, said program code being stored on a computer readable storage medium and adapted to be executed by a processor of a computer system to implement the method of claim 16.
  - 20. A computer system comprising a processor and a computer readable storage medium coupled to the processor, said storage medium containing computer readable program code that when executed by the processor implements the method of claim 16.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hulu LLC (The Walt Disney Company)
Original Assignee
International Business Machines Corporation
Inventors
Suzuki, Kazunari, Satoh, Masakazu, Nakai, Shinji

Granted Patent

US 7,869,597 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/255
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/16   Implementing security featu...

H04L 9/0891   Revocation or update of sec...

Method and system for secure packet communication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure packet communication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links