APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA UTILIZING ENCRYPTION KEY MANAGEMENT

US 20150319151A1
Filed: 05/01/2014
Published: 11/05/2015
Est. Priority Date: 05/01/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

obtaining, by a remote management server, a master key;

obtaining, by the remote management server, derivation data associated with an end user device;

applying, by the remote management server, a one-way function to the master key and the derivation data to generate a derived encryption key; and

providing, by the remote management server over a network, the derived encryption key to a universal integrated circuit card of the end user device to enable the universal integrated circuit card to generate a temporary encryption key for encrypting data,wherein the master key is not provided by the remote management server to the end user device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed.

Citations

20 Claims

1. A method comprising:
- obtaining, by a remote management server, a master key;
  
  obtaining, by the remote management server, derivation data associated with an end user device;
  
  applying, by the remote management server, a one-way function to the master key and the derivation data to generate a derived encryption key; and
  
  providing, by the remote management server over a network, the derived encryption key to a universal integrated circuit card of the end user device to enable the universal integrated circuit card to generate a temporary encryption key for encrypting data,wherein the master key is not provided by the remote management server to the end user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 comprising:
    - providing, by the remote management server over the network, a public nonce key to the universal integrated circuit card to enable the universal integrated circuit card to encrypt a nonce to generate an encrypted nonce; and
      
      providing, by the remote management server over the network, a private nonce key to an application server to enable the application server to decrypt the encrypted nonce that is received by the application server from the end user device.
  - 3. The method of claim 2 comprising:
    - providing, by the remote management server over the network, the derived encryption key to the application server to enable the application server to decrypt encrypted data using the derived encryption key and the nonce, wherein the encrypted data is received by the application server from the end user device.
  - 4. The method of claim 2, wherein the one-way function comprises a hash function, and wherein the nonce comprises a non-repeating data set that includes a time stamp.
  - 5. The method of claim 2, wherein the one-way function comprises a hash function or an elliptic curve, and wherein a size of nonces generated by the universal integrated circuit card varies over time.
  - 6. The method of claim 2, wherein the one-way function comprises a fractal function, and wherein the master key is not provided by the remote management server to the application server.
  - 7. The method of claim 1, wherein the obtaining of the master key includes accessing the master key stored in a memory of the remote management server, and further comprising:
    - providing, by the remote management server over the network, a public temporary encryption key to the universal integrated circuit card of the end user device to enable the universal integrated circuit card to encrypt a temporary encryption key to generate an encrypted temporary encryption key; and
      
      providing, by the remote management server over the network, a private temporary encryption key to an application server to enable the application server to decrypt the encrypted temporary encryption key that is received by the application server from the end user device.

8. A communication device comprising:
- a secure element having a secure element memory that stores first executable instructions that, when executed by the secure element, facilitate performance of first operations, comprising;
  
  receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated; and
  
  applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key;
  
  a secure device processor having a secure device processor memory that stores second executable instructions that, when executed by the secure device processor, facilitate performance of second operations, comprising;
  
  receiving the temporary encryption key from the secure element without receiving the derived encryption key;
  
  obtaining data for transmission to a recipient device;
  
  encrypting the data using the temporary encryption key to generate encrypted data; and
  
  providing the encrypted data over a network to the recipient device,wherein the secure device processor is separate from the secure element and in communication with the secure element.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The communication device of claim 8, wherein the first operations further comprise:
    - generating a number; and
      
      generating the nonce from the number, wherein the nonce comprises a non-repeating data set that includes a time stamp.
  - 10. The communication device of claim 8, wherein the first operations further comprise:
    - receiving a public nonce key from the remote management server;
      
      encrypting the nonce using the public nonce key to generate an encrypted nonce; and
      
      wherein the second operations further comprise;
      
      receiving the encrypted nonce from the secure element;
      
      providing the encrypted nonce over the network to the recipient device to enable the recipient device to decrypt the encrypted nonce using a private nonce key received by the recipient device from the remote management server.
  - 11. The communication device of claim 8, wherein the first operations further comprise:
    - receiving a public temporary encryption key from the remote management server;
      
      encrypting the temporary encryption key using the public temporary encryption key to generate an encrypted temporary encryption key; and
      
      wherein the second operations further comprise;
      
      receiving the encrypted temporary encryption key from the secure element;
      
      providing the encrypted temporary encryption key over the network to the recipient device to enable the recipient device to decrypt the encrypted temporary encryption key using a private temporary encryption key received by the recipient device from the remote management server.
  - 12. The communication device of claim 8, wherein the second operations further comprise:
    - monitoring for a key rotation event;
      
      providing a key rotation request to the secure element responsive to detecting the key rotation event; and
      
      wherein the first operations further comprise generating a second temporary encryption key responsive to the request for the key rotation.
  - 13. The communication device of claim 12, wherein the temporary encryption key and the second temporary encryption key are generated by the secure element during a single communication session, and wherein the second temporary encryption key is generated by applying the one-way function to the derived encryption key and a second nonce.
  - 14. The communication device of claim 8, wherein the second operations further comprise:
    - generating a number;
      
      generating a time stamp;
      
      providing the number and the time stamp to the secure element; and
      
      wherein the first operations further comprise;
      
      generating the nonce from the number and the time stamp.
  - 15. The communication device of claim 8, wherein the derived encryption key received from the remote management server is a fixed length static key
  - 16. The communication device of claim 8, wherein the first operations further comprise:
    - receiving a private nonce key from the remote management server;
      
      receiving an encrypted second nonce from the recipient device;
      
      decrypting the nonce using the private nonce key to generate a second nonce;
      
      applying the one-way function to the derived encryption key and the second nonce to generate a second temporary encryption key; and
      
      wherein the second operations further comprise;
      
      receiving encrypted second data from the recipient device;
      
      receiving the second temporary encryption key from the secure element;
      
      decrypting the encrypted second data using the second temporary encryption key.

17. A method comprising:
- receiving, by a communication device comprising a processor, a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated;
  
  applying, by the communication device, a one-way function to the derived encryption key and a nonce to generate a temporary encryption key;
  
  obtaining, by the communication device, data for transmission to a recipient device;
  
  encrypting, by the communication device, the data using the temporary encryption key to generate encrypted data; and
  
  providing, by the communication device, the encrypted data over a network to the recipient device.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, comprising:
    - receiving, by the communication device, a public nonce key from the remote management server;
      
      encrypting, by the communication device, the nonce using the public nonce key to generate an encrypted nonce; and
      
      providing, by the communication device, the encrypted nonce over the network to the recipient device to enable the recipient device to decrypt the encrypted nonce using a private nonce key received by the recipient device from the remote management server.
  - 19. The method of claim 17, comprising:
    - receiving, by the communication device, a public temporary encryption key from the remote management server;
      
      encrypting, by the communication device, the temporary encryption key using the public temporary encryption key to generate an encrypted temporary encryption key; and
      
      providing, by the communication device, the encrypted temporary encryption key over the network to the recipient device to enable the recipient device to decrypt the encrypted temporary encryption key using a private temporary encryption key received by the recipient device from the remote management server.
  - 20. The method of claim 17, comprising:
    - detecting a key rotation event; and
      
      generating a second temporary encryption key responsive to the detecting of the key rotation event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chastain, Walter Cooper, Chin, Stephen Emill

Granted Patent

US 9,819,485 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

H04L 2463/061   applying further key deriva...

H04L 63/045   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04W 12/04   Key management, e.g. using ...

H04W 12/35   Protecting application or s...

APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA UTILIZING ENCRYPTION KEY MANAGEMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA UTILIZING ENCRYPTION KEY MANAGEMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links