System and Method of Lawful Access to Secure Communications
First Claim
Patent Images
1. A method for secure communication, the method comprising:
- storing in a header of a packet one or more values used in generation of an encryption key used to encrypt the packet; and
transmitting the packet with the encrypted data portion in a communication.
12 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates to systems and methods for secure communications. In some aspects, one or more values used to generate an encryption key used to encrypt a packet are stored in a header of the packet. The packet is transmitted with the encrypted data portion in a communication. In some aspects, one or more values used to generate an encryption key are received. The encryption key is regenerated using the one or more values.
-
Citations
25 Claims
-
1. A method for secure communication, the method comprising:
-
storing in a header of a packet one or more values used in generation of an encryption key used to encrypt the packet; and transmitting the packet with the encrypted data portion in a communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for secure communication, the method comprising:
-
storing a nonce value, a crypto session identity (CS ID), and a traffic encryption key generation key (TGK) in a master key identifier (MKI) field of a header of a secure realtime transport protocol (SRTP) packet used in a communication following the generation of a traffic encryption key (TEK), the nonce value associated with a MIKEY-TICKET protocol key exchange initiator, the CS ID associated with the communication, the TGK generated by a key management system (KMS), the TEK associated with the MIKEY-TICKET protocol; encrypting at least a data portion of the SRTP packet using the TEK; and transmitting the SRTP packet with the encrypted data portion in the communication.
-
-
13. A communication device comprising a processor and a memory including stored instructions for secure communication, the communication device configured to:
-
store a nonce value, a crypto session identity (CS ID), and a traffic encryption key generation key (TGK) master key identifier (MKI) field of a packet header of a secure real-time transport protocol (SRTP) packet used in a communication following the generation of a traffic encryption key (TEK), the nonce value associated with a MIKEY-TICKET protocol key exchange initiator, the CS ID associated with the communication, the SRTP TGK generated by a key management system (KMS), the TEK associated with the MIKEY-TICKET protocol; encrypt at least a data portion of the SRTP packet using the TEK; and transmit the SRTP packet with the encrypted data portion in the communication.
-
-
14. A method for regenerating an encryption key, the method comprising:
-
receiving one or more values used in generation of an encryption key; regenerating the encryption key using the one or more values. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for regenerating a traffic encryption key (TEK) used for secure communication, the method comprising:
-
receiving a nonce value associated with a MIKEY-TICKET protocol key exchange initiator, a crypto session identity (CS ID) associated with a secure communication, and a traffic encryption key generation key (TGK), the TGK generated by a key management system (KMS), the TEK associated with a MIKEY-TICKET protocol; regenerating the TEK using nonce value, CS ID and the TGK.
-
-
24. A key management service (KMS) equipment comprising a processor and a memory including stored instructions for secure communication, the KMS equipment configured to:
-
receive a nonce value associated with a MIKEY-TICKET protocol key exchange initiator, a crypto session identity (CS ID) associated with a secure communication, and a traffic encryption key generation key (TGK), the TGK generated by a key management system (KMS), the TEK associated with a MIKEY-TICKET protocol; regenerate the TEK using nonce value, CS ID and the TGK.
-
-
25. A first user equipment comprising a processor and a memory including stored instructions for secure communication with a second user equipment, the first user equipment configured to:
-
generate at least a first value used in generation of an encryption key; transmit the first value to a key management service (KMS) equipment; receive from the KMS equipment at least a second value used in the generation of said encryption key; store in the header of a packet at least the first value and the second value which are used in the generation of the encryption key; encrypt a data portion of the packet using the encryption key; and transmit the packet with the encrypted data portion in a communication to the second user equipment.
-
Specification