Communication System and Method
First Claim
1. A method of transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the method comprising:
- at the user terminal;
receiving data from a user at the user terminal;
if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key;
generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and
at the network component identified in the address;
receiving the packet at a first port;
identifying that the packet is in accordance with tunneling protocol;
reading the command;
forwarding the packet via a second port to the decryption component for decryption; and
forwarding a response packet including a response and the command identifier to the user terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
Data can be transmitted from a user terminal to a decryption component over a network in a limited connectivity environment At the user terminal, the data can be received from a user. If it is determined that the data is sensitive data, the data is encrypted using a secure encryption key. A packet is generated based on a tunneling protocol. The packet includes command data and encrypted sensitive data. The command data includes an address of a network component, command and command identifier. The command identifies that the secure encryption key has been used to encrypt the sensitive data. At the network component identified in the address, the packet is received at a first port; the command is read; the packet is forwarded via a second port to the decryption component for decryption; and a response packet is forwarded, including a response and the command identifier, to the user terminal.
17 Citations
20 Claims
-
1. A method of transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the method comprising:
-
at the user terminal; receiving data from a user at the user terminal; if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key; generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and at the network component identified in the address; receiving the packet at a first port; identifying that the packet is in accordance with tunneling protocol; reading the command; forwarding the packet via a second port to the decryption component for decryption; and forwarding a response packet including a response and the command identifier to the user terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A communication system comprising:
-
a decryption component, the decryption component comprising; an input for receiving packets with command data and encrypted sensitive data; a memory holding a secure key; and a processor configured to execute a computer program which; uses the secure key to decrypt received packets containing encrypted sensitive data, validate said sensitive data and generate a validation response, and a network component connected to the decryption component and having a memory holding a session key, different from the secure key, and including a processor configured to read command data in each received packet;
identify an encryption key from the command data;
decrypt packets where the encryption key is the session key and forward to the decryption component packets where the encryption key is the secure key.
-
-
12. A user terminal having a user interface configured to prompt a user to enter at least secure data or session data;
-
a processor configured to execute a computer program which; receives said data; determines if it is secure data or session data; encrypts secure data with a secure encryption key or session data with a session key; generates a packet comprising command data in plain text and said encrypted data, the command data comprising a command and a command identifier wherein the command identifies whether the secure key or the session key has been used. - View Dependent Claims (13)
-
-
14. A network component for use in a communication network comprising:
-
a first port for exchanging packets with the communication network; a second port for exchanging packets with a decryption component in a secure environment, a processor configured to execute a computer program which; receives a packet from the first port, the packet containing encrypted data and command data including a command and a command identifier; reads the command and determining whether a secure key or a session key has been used to encrypt the data; where a session key has been used, decrypting the data and acting on it; and where a secure key has been used, forwards the packet to the second port, and transmits a response packet including a response and the command identifier via the first port. - View Dependent Claims (15, 16, 17)
-
-
18. A method of operating a network component in a communication network, the method comprising:
-
receiving a packet from a first port of the network component with the communication network, the packet containing encrypted data and command data including a command and a command identifier; reading the command and determining whether a secure key or a session key has been used to encrypt the data; where a session key has been used, decrypting the data and acting on it; and where a secure key has been used, forwarding the packet to a second port for exchanging packets with a decryption component and transmitting a response packet including a response and the command identifier via the first port.
-
-
19. A computer program product for transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the computer program product being embodied on a non-transient computer-readable medium and configured so as when executed on one or more processors performs the steps of:
-
at the user terminal; receiving data from a user at the user terminal; if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key; generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and at the network component identified in the address; receiving the packet at a first port; identifying that the packet is in accordance with tunneling protocol; reading the command; forwarding the packet via a second port to the decryption component for decryption; and forwarding a response packet including a response and the command identifier to the user terminal.
-
-
20. A computer program product for operating a network component in a communication network, the computer program product being embodied on a non-transient computer-readable medium and configured so as when executed on one or more processors performs the steps of:
-
receiving a packet from a first port of the network component with the communication network, the packet containing encrypted data and command data including a command and a command identifier; reading the command and determining whether a secure key or a session key has been used to encrypt the data; where a session key has been used, decrypting the data and acting on it; and where a secure key has been used, forwarding the packet to a second port for exchanging packets with a decryption component and transmitting a response packet including a response and the command identifier via the first port.
-
Specification