Communication System and Method

US 20130159711A1
Filed: 01/31/2012
Published: 06/20/2013
Est. Priority Date: 12/15/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method of transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the method comprising:

at the user terminal;

receiving data from a user at the user terminal;

if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key;

generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and

at the network component identified in the address;

receiving the packet at a first port;

identifying that the packet is in accordance with tunneling protocol;

reading the command;

forwarding the packet via a second port to the decryption component for decryption; and

forwarding a response packet including a response and the command identifier to the user terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data can be transmitted from a user terminal to a decryption component over a network in a limited connectivity environment At the user terminal, the data can be received from a user. If it is determined that the data is sensitive data, the data is encrypted using a secure encryption key. A packet is generated based on a tunneling protocol. The packet includes command data and encrypted sensitive data. The command data includes an address of a network component, command and command identifier. The command identifies that the secure encryption key has been used to encrypt the sensitive data. At the network component identified in the address, the packet is received at a first port; the command is read; the packet is forwarded via a second port to the decryption component for decryption; and a response packet is forwarded, including a response and the command identifier, to the user terminal.

17 Citations

View as Search Results

20 Claims

1. A method of transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the method comprising:
- at the user terminal;
  
  receiving data from a user at the user terminal;
  
  if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key;
  
  generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and
  
  at the network component identified in the address;
  
  receiving the packet at a first port;
  
  identifying that the packet is in accordance with tunneling protocol;
  
  reading the command;
  
  forwarding the packet via a second port to the decryption component for decryption; and
  
  forwarding a response packet including a response and the command identifier to the user terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein if it is determined that the data is session data, the session data is encrypted using a session encryption key, and the command identifies that the session encryption key has been used to encrypt the session data.
  - 3. A method according to claim 1, wherein session data encrypted using the session encryption key is decrypted at the network component.
  - 4. A method according to claim 1, wherein the response which is included in the response packet is received from the decryption component by the network component.
  - 5. A method according to claim 1, wherein the response included in the response packet is generated by the network component.
  - 6. A method according to claim 5, wherein the response is generated by the network component when no response is generated by the decryption component.
  - 7. A method according to claim 1, wherein the secure encryption key is one of a key pair, of which the paired key is held at the decryption component and is not known to the network component.
  - 8. A method according to claim 2, wherein the session encryption key is one of a key pair of which the paired key is held at the network component.
  - 9. A method according to claim 1, wherein the command data is in plain text.
  - 10. A method according to claim 1, wherein the sensitive data comprises access data or payment data.

11. A communication system comprising:
- a decryption component, the decryption component comprising;
  
  an input for receiving packets with command data and encrypted sensitive data;
  
  a memory holding a secure key; and
  
  a processor configured to execute a computer program which;
  
  uses the secure key to decrypt received packets containing encrypted sensitive data, validate said sensitive data and generate a validation response, anda network component connected to the decryption component and having a memory holding a session key, different from the secure key, and including a processor configured to read command data in each received packet;
  
  identify an encryption key from the command data;
  
  decrypt packets where the encryption key is the session key and forward to the decryption component packets where the encryption key is the secure key.

12. A user terminal having a user interface configured to prompt a user to enter at least secure data or session data;
- a processor configured to execute a computer program which;
  
  receives said data;
  
  determines if it is secure data or session data;
  
  encrypts secure data with a secure encryption key or session data with a session key;
  
  generates a packet comprising command data in plain text and said encrypted data, the command data comprising a command and a command identifier wherein the command identifies whether the secure key or the session key has been used.
- View Dependent Claims (13)
- - 13. A user terminal according to claim 12 wherein the processor is configured to generate the packet in accordance with a tunneling protocol, the packet including an address identifying a network component.

14. A network component for use in a communication network comprising:
- a first port for exchanging packets with the communication network;
  
  a second port for exchanging packets with a decryption component in a secure environment,a processor configured to execute a computer program which;
  
  receives a packet from the first port, the packet containing encrypted data and command data including a command and a command identifier;
  
  reads the command and determining whether a secure key or a session key has been used to encrypt the data;
  
  where a session key has been used, decrypting the data and acting on it; and
  
  where a secure key has been used, forwards the packet to the second port, and transmits a response packet including a response and the command identifier via the first port.
- View Dependent Claims (15, 16, 17)
- - 15. A network component according to claim 14 wherein the processor is configured to receive a response from a decryption component and to include the received response in the response packet.
  - 16. A network component according to claim 14 wherein the processor is configured to generate a response packet including a response generated by the network component.
  - 17. A network component according to claim 16 wherein the processor is configured to generate the response at the network component when no response is received from a decryption component.

18. A method of operating a network component in a communication network, the method comprising:
- receiving a packet from a first port of the network component with the communication network, the packet containing encrypted data and command data including a command and a command identifier;
  
  reading the command and determining whether a secure key or a session key has been used to encrypt the data;
  
  where a session key has been used, decrypting the data and acting on it; and
  
  where a secure key has been used, forwarding the packet to a second port for exchanging packets with a decryption component and transmitting a response packet including a response and the command identifier via the first port.

19. A computer program product for transmitting data from a user terminal to a decryption component over a communication network in a limited connectivity environment, the computer program product being embodied on a non-transient computer-readable medium and configured so as when executed on one or more processors performs the steps of:
- at the user terminal;
  
  receiving data from a user at the user terminal;
  
  if it is determined that the data is sensitive data, encrypting the sensitive data using a secure encryption key;
  
  generating a packet in accordance with a tunneling protocol, the packet including an address of a network component, command data and the encrypted sensitive data, said command data including a command and a command identifier wherein the command identifies that the secure encryption key has been used to encrypt the sensitive data; and
  
  at the network component identified in the address;
  
  receiving the packet at a first port;
  
  identifying that the packet is in accordance with tunneling protocol;
  
  reading the command;
  
  forwarding the packet via a second port to the decryption component for decryption; and
  
  forwarding a response packet including a response and the command identifier to the user terminal.

20. A computer program product for operating a network component in a communication network, the computer program product being embodied on a non-transient computer-readable medium and configured so as when executed on one or more processors performs the steps of:
- receiving a packet from a first port of the network component with the communication network, the packet containing encrypted data and command data including a command and a command identifier;
  
  reading the command and determining whether a secure key or a session key has been used to encrypt the data;
  
  where a session key has been used, decrypting the data and acting on it; and
  
  where a secure key has been used, forwarding the packet to a second port for exchanging packets with a decryption component and transmitting a response packet including a response and the command identifier via the first port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Skype S.Ã R.L. (Microsoft Corporation)
Original Assignee
Skype S.Ã R.L. (Microsoft Corporation)
Inventors
Kaal, Madis

Application Number

US13/363,023
Publication Number

US 20130159711A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0442   wherein the sending and rec...

H04L 65/1069   Session establishment or de...

H04W 12/033   of the user plane, e.g. use...

H04W 12/73   Access point logical identity

H04W 76/12   Setup of transport tunnels

H04W 84/12   WLAN [Wireless Local Area N...

Communication System and Method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communication System and Method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links