METHODS FOR PROVIDING SECURITY OVER UNTRUSTED NETWORKS
0 Assignments
0 Petitions
Accused Products
Abstract
Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.
108 Citations
82 Claims
-
1-52. -52. (canceled)
-
53. A method of establishing security within an untrusted network, comprising:
-
providing a digital certificate associated with a first security apparatus associated with a first computerized host device; sending said digital certificate via a message to a second security apparatus associated with a second computerized host device; receiving at said first security apparatus and from said second security apparatus a cryptographic element which is encrypted, said cryptographic element having been generated by said second apparatus after receiving said digital certificate; and decrypting said encrypted cryptographic element to obtain access to said encrypted cryptographic element. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A method of establishing security within an untrusted network having first and second computerized host devices in communication therewith, the method comprising:
-
receiving at a first security apparatus associated with a first of said host devices a first message having a digital certificate associated with a second security apparatus of a second host device on said network; authenticating said second security apparatus using at least said digital certificate; generating an encryption key and an initialization vector at said first security apparatus; encrypting said generated encryption key; and transmitting said encrypted encryption key and said initialization vector to said second security apparatus via another message sent over said untrusted network. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77)
-
-
78. A method of establishing security within an untrusted network having first and second computerized host devices in communication therewith, the method comprising:
-
receiving at a first security apparatus associated with a first of said host devices a first message having a digital certificate associated with a second security apparatus of a second host device on said network, said digital certificate comprising a public encryption key; authenticating said second security apparatus using at least said digital certificate; providing an encryption key; encrypting said encryption key using at least a private key portion of a public-private key pair; and transmitting said encrypted encryption key from said first security apparatus to said second apparatus via a subsequent message sent over said untrusted network.
-
-
79. A method of establishing security within an untrusted network, comprising:
-
providing a digital certificate associated with a first security apparatus associated with a first computerized host device, said digital certificate further comprising a public encryption key; sending said digital certificate via a message to a second security apparatus associated with a second computerized host device; receiving at said first security apparatus and from said second security apparatus an encryption key which is itself encrypted, said encryption key being generated by said second apparatus in response to a request from said first apparatus and encrypted using at least said public encryption key; receiving at said first security apparatus an initialization vector; decrypting said key to obtain access thereto; and initializing a block cipher encryption algorithm adapted to run on said first computerized host device using at least said initialization vector.
-
-
80. A method of establishing security within an untrusted network having first and second computerized host devices in communication therewith, the method comprising:
-
receiving at a first security apparatus associated with a first of said host devices a first message having a digital certificate associated with a second security apparatus of a second host device on said network, said digital certificate comprising a public key portion of a public-private key pair associated with said second host device; authenticating said second security apparatus using at least said digital certificate; generating an encryption key and an initialization vector at said first security apparatus; encrypting said generated encryption key using at least said public key portion and a private key portion of said first security apparatus; and transmitting said encrypted encryption key and said initialization vector to said second security apparatus via a second message sent over said untrusted network. - View Dependent Claims (81, 82)
-
Specification