SYSTEM AND METHOD FOR ENCRYPTED GROUP NETWORK COMMUNICATION WITH POINT-TO-POINT PRIVACY

US 20070248225A1
Filed: 04/24/2006
Published: 10/25/2007
Est. Priority Date: 04/24/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a sender secure gateway private identity;

obtaining a receiver secure gateway public identity;

generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity;

encrypting a data packet using the encryption key; and

sending the encrypted data packet to the receiver secure gateway.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in secure gateway-to-secure gateway network communication. Embodiments provide systems and methods for generating a sender secure gateway private identity, obtaining a receiver secure gateway public identity, generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity, encrypting a data packet using the encryption key, and sending the encrypted data packet to a receiver secure gateway. Embodiments also provide systems and methods for generating a receiver secure gateway private identity, obtaining a sender secure gateway public identity, generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity, receiving an encrypted data packet from a sender secure gateway, and decrypting the data packet using the decryption key.

56 Citations

View as Search Results

36 Claims

1. A method comprising:
- generating a sender secure gateway private identity;
  
  obtaining a receiver secure gateway public identity;
  
  generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity;
  
  encrypting a data packet using the encryption key; and
  
  sending the encrypted data packet to the receiver secure gateway.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1 including registering a sender secure gateway with a key server.
  - 3. The method as claimed in claim 1 wherein a key server maintains a security parameter for a secure gateway group.
  - 4. The method as claimed in claim 1 wherein a key server computes a private identity for each registered secure gateway.
  - 5. The method as claimed in claim 4 wherein the key server sends the private identity for each registered secure gateway to the corresponding secure gateway.
  - 6. The method as claimed in claim 1 wherein the encryption key is generated using a Tate pairing.

7. A method comprising:
- generating a receiver secure gateway private identity;
  
  obtaining a sender secure gateway public identity;
  
  generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity;
  
  receiving an encrypted data packet from a sender secure gateway; and
  
  decrypting the data packet using the decryption key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method as claimed in claim 7 including registering a receiver secure gateway with a key server.
  - 9. The method as claimed in claim 7 wherein a key server maintains a security parameter for a secure gateway group.
  - 10. The method as claimed in claim 7 wherein a key server computes a private identity for each registered secure gateway.
  - 11. The method as claimed in claim 10 wherein the key server sends the private identity for each registered secure gateway to the corresponding secure gateway.
  - 12. The method as claimed in claim 7 wherein the decryption key is generated using a Tate pairing.

13. An apparatus comprising:
- means for generating a sender secure gateway private identity;
  
  means for obtaining a receiver secure gateway public identity;
  
  means for generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity;
  
  means for encrypting a data packet using the encryption key; and
  
  means for sending the encrypted data packet to a receiver secure gateway.
- View Dependent Claims (14, 15)
- - 14. The apparatus as claimed in claim 13 including means for registering a sender secure gateway with a key server.
  - 15. The apparatus as claimed in claim 13 wherein a key server maintains a security parameter for a secure gateway group.

16. An apparatus comprising:
- means for generating a receiver secure gateway private identity;
  
  means for obtaining a sender secure gateway public identity;
  
  means for generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity;
  
  means for receiving an encrypted data packet from a sender secure gateway; and
  
  means for decrypting the data packet using the decryption key.
- View Dependent Claims (17, 18)
- - 17. The apparatus as claimed in claim 16 including means for registering a receiver secure gateway with a key server.
  - 18. The apparatus as claimed in claim 16 wherein a key server maintains a security parameter for a secure gateway group.

19. An apparatus comprising:
- a sender secure gateway operable to obtain a sender secure gateway private identity from a key server, obtain a receiver secure gateway public identity, generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity, encrypt a data packet using the encryption key; and
  
  send the encrypted data packet to a receiver secure gateway.
- View Dependent Claims (20, 21)
- - 20. The apparatus as claimed in claim 19 wherein the sender secure gateway is further operable to register with the key server.
  - 21. The apparatus as claimed in claim 19 wherein the key server is further operable to maintain a security parameter for a secure gateway group.

22. An apparatus comprising:
- a receiver secure gateway operable to obtain a receiver secure gateway private identity from a key server, obtain a sender secure gateway public identity, generate a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity, receive an encrypted data packet from a sender secure gateway; and
  
  decrypt the data packet using the decryption key.
- View Dependent Claims (23, 24)
- - 23. The apparatus as claimed in claim 22 wherein the receiver secure gateway is further operable to register with the key server.
  - 24. The apparatus as claimed in claim 22 wherein the key server is further operable to maintain a security parameter for a secure gateway group.

25. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- generate a sender secure gateway private identity;
  
  obtain a receiver secure gateway public identity;
  
  generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity;
  
  encrypt a data packet using the encryption key; and
  
  send the encrypted data packet to a receiver secure gateway.
- View Dependent Claims (26, 27, 28)
- - 26. An article of manufacture according to claim 25 further operable to register a sender secure gateway with a key server.
  - 27. An article of manufacture according to claim 25 wherein a key server is operable to generate a private identity for each registered secure gateway.
  - 28. The article of manufacture as claimed in claim 25 wherein the encryption key is generated using a Tate pairing.

29. An article of manufacture comprising at least one machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- generate a receiver secure gateway private identity;
  
  obtain a sender secure gateway public identity;
  
  generate a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity;
  
  receive an encrypted data packet from a sender secure gateway; and
  
  decrypt the data packet using the decryption key.
- View Dependent Claims (30, 31, 32)
- - 30. An article of manufacture according to claim 29 further operable to register a receiver secure gateway with a key server.
  - 31. An article of manufacture according to claim 29 wherein a key server is operable to generate a private identity for each registered secure gateway.
  - 32. An article of manufacture according to claim 29 wherein the decryption key is generated using a Tate pairing.

33. A system comprising:
- a key server to generate a private identity for each registered secure gateway; and
  
  one or more secure gateways in data communication with the key server via a network, the secure gateways being operable to;
  
  compute a sender secure gateway private identity;
  
  obtain a receiver secure gateway public identity;
  
  generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity;
  
  encrypt a data packet using the encryption key; and
  
  send the encrypted data packet to a receiver secure gateway.
- View Dependent Claims (34, 35, 36)
- - 34. The system according to claim 33 wherein each secure gateway is operable to register with the key server.
  - 35. The system according to claim 33 wherein the key server is operable to maintain a security parameter for a secure gateway group.
  - 36. The system as claimed in claim 33 wherein the encryption key is generated using a Tate pairing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Fluhrer, Scott

Granted Patent

US 8,160,255 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/065   for group communications cr...

H04L 9/0833   involving conference or gro...

SYSTEM AND METHOD FOR ENCRYPTED GROUP NETWORK COMMUNICATION WITH POINT-TO-POINT PRIVACY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

56 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR ENCRYPTED GROUP NETWORK COMMUNICATION WITH POINT-TO-POINT PRIVACY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links