Method and apparatus for establishing a secure connection over a one-way data path
DC CAFCFirst Claim
1. A method for securely transmitting data between a client and a server over a narrowband channel, where the client and server are connectable by not only the narrowband channel but also by a wideband channel, said method comprising the acts of:
- connecting the client and server over the wideband channel;
exchanging security information between the client and server over the wideband channel;
encrypting data to be transmitted from the server to the client using the security information at the server; and
transmitting the encrypted data from the server to the client over the narrowband channel.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Improved techniques for facilitating secure data transfer over one-way data channels or narrowband channels are disclosed. Often, these channels are wireless channels provided by wireless data networks. The techniques enable cryptographic handshake operations for a one-way data channel to be performed over a companion two-way data channel so that the one-way data channel is able to effectively satisfy security protocols that require two-way communications for the cryptographic handshake operations. Once the cryptographic handshake operations are complete, data can be transmitted over the one-way data channel in a secure manner. Additionally, the techniques also enable the cryptographic handshake operations to be performed more rapidly because the two-way channel is typically a wideband channel. In which case, the use of a wideband channel instead of a narrowband channel for the cryptographic handshake operations results in latency reductions, regardless of whether the narrowband channel is a one-way channel or a two-way channel.
-
Citations
32 Claims
-
1. A method for securely transmitting data between a client and a server over a narrowband channel, where the client and server are connectable by not only the narrowband channel but also by a wideband channel, said method comprising the acts of:
-
connecting the client and server over the wideband channel;
exchanging security information between the client and server over the wideband channel;
encrypting data to be transmitted from the server to the client using the security information at the server; and
transmitting the encrypted data from the server to the client over the narrowband channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
forming a server-side narrowband channel key block based at least in part on the security information at the server; and
encrypting the data to be transmitted from the server to the client using the server-side narrowband channel key block.
-
-
3. A method as recited in claim 2, wherein said method further comprises:
-
forming a client-side narrowband channel key block based at least in part on the security information at the client;
receiving the encrypted data that has been transmitted from the server to the client over the narrowband channel; and
decrypting the encrypted data that has been received from the server over the narrowband channel.
-
-
4. A method as recited in claim 1, wherein said method further comprises:
transmitting different portions of the encrypted data from the server to the client over the narrowband channel and the wideband channel.
-
5. A method as recited in claim 4, wherein said encrypting comprises:
-
forming a server-side narrowband channel key block based at least in part on the security information at the server;
forming a server-side wideband channel key block based at least in part on the security information at the server;
encrypting the portion of the data to be transmitted from the server to the client over the narrowband channel using the server-side narrowband channel key block; and
encrypting the portion of the data to be transmitted from the server to the client over the wideband channel using the server-side wideband channel key block.
-
-
6. A method as recited in claim 5, wherein said method further comprises:
-
forming a client-side narrowband channel key block based at least in part on the security information at the client;
forming a client-side wideband channel key block based at least in part on the security information at the client;
receiving the encrypted data that has been transmitted from the server to the client over the narrowband channel;
decrypting the encrypted data that has been received from the server over the narrowband channel using the client-side narrowband channel key block;
receiving the encrypted data that has been transmitted from the server to the client over the wideband channel; and
decrypting the encrypted data that has been received from the server over the wideband channel using the client-side wideband channel key block.
-
-
7. A method as recited in claim 1, wherein said method further comprises:
-
encrypting data to be transmitted from the client to the server using the security information at the client; and
transmitting the encrypted data from the client to the server over the narrowband channel.
-
-
8. A method as recited in claim 7, wherein said encrypting of the data to be transmitted from the client to the server comprises:
-
forming a client-side narrowband channel key block based at least in part on the security information at the client that was received over the wideband channel; and
encrypting the data to be transmitted from the client to the server using the client-side narrowband channel key block.
-
-
9. A method as recited in claim 1, wherein at least a portion of the narrowband channel and the wideband channel are wireless.
-
10. A method as recited in claim 1, wherein the narrowband channel has a bandwidth less than one-half of the wideband channel.
-
11. A method as recited in claim 1, wherein the narrowband channel is a one-way channel, and the wideband channel is a two-way channel.
-
12. A method as recited in claim 1, wherein said method further comprises:
-
signing data to be transmitted from the server to the client based on the security information, and wherein said transmitting operates to transmits the encrypted data and the signed data from the server to the client over the narrowband channel.
-
-
13. A method as recited in claim 12, wherein the narrowband channel is a one-way channel, and the wideband channel is a two-way channel.
-
14. A method for transmitting data in a secure manner from a server to a client, said method comprising the acts of:
-
exchanging security information between the client and the server over a two-way channel between the client and the server;
encrypting data to be transmitted from the server to the client based on the security information; and
transmitting the encrypted data from the server to the client over a one-way channel between the client and the server that carries data from the server to the client, wherein the two-way channel is a wideband channel, and the one-way channel is a narrowband channel. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method for securely transmitting data between a client and a server over a narrowband channel, where the client and server are connectable by not only the narrowband channel but also by a wideband channel, said method comprising the acts of:
-
connecting the client and server over the wideband channel;
exchanging security information between the client and server over the wideband channel;
signing data to be transmitted from the server to the client based on the security information, and transmitting the signed data from the server to the client over the narrowband channel. - View Dependent Claims (20, 21)
-
-
22. A wireless communication system, comprising:
-
a wired network having a plurality of server computers;
a wireless carrier network operatively connected to said wired network, said wireless carrier network supporting a narrowband channel and a wideband channel;
a network gateway coupled between said wired network and said wireless carrier network, said network gateway includes a secure connection processor that establishes a secure connection over the narrowband channel by exchanging security information over the wideband channel; and
a plurality of wireless mobile devices that can exchange data with the server computers on said wired network via said wireless carrier network and said network gateway, wherein messages are supplied from said network gateway to said wireless mobile devices over the secure connection established over the narrowband channel.
-
-
23. A mobile device capable of connecting to a network of computers through a wireless link, said mobile device comprising:
-
a display screen that displays graphics and text;
a message buffer that temporarily stores a message from a computer on the network of computers, the message having a service identity associated therewith;
an application that utilizes the message received from the computer on the network of computers; and
a cryptographic controller that controls encryption or signature of outgoing messages and controls the decryption or authentication of incoming messages, said cryptographic controller operates to establish a secure connection over which it receives the incoming messages by using a narrowband channel, wherein a companion wideband channel is used to exchange security information needed to establish the secure connection over the narrowband channel. - View Dependent Claims (24)
-
-
25. A computer readable medium including computer program code for securely transmitting data between a client and a server over a narrowband channel, where the client and server are connectable by not only the narrowband channel but also by a wideband channel, said computer readable medium comprises:
-
computer program code for connecting the client and server over the wideband channel;
computer program code for exchanging security information between the client and server over the wideband channel;
computer program code for cryptographically processing data to be transmitted using the security information; and
computer program code for transmitting the cryptographically processed data from the server to the client over the narrowband channel. - View Dependent Claims (26, 27, 28)
computer program code for forming a narrowband channel key block based at least in part on the security information; and
computer program code for encrypting the data to be transmitted using the narrowband channel key block.
-
-
27. A computer readable medium as recited in claim 26, wherein said computer program code for cryptographically processing further comprises:
computer program code for signing data to be transmitted from the server to the client based on the security information.
-
28. A computer readable medium as recited in claim 26, wherein at least a portion of the narrowband channel and the wideband channel are wireless, and wherein the narrowband channel is a one-way channel, and the wideband channel is a two-way channel.
-
29. A computer readable medium including computer program code for transmitting data in a secure manner from a server to a client, said computer readable medium comprising:
-
computer program code for exchanging security information between the client and the server over a wireless, wideband channel between the client and the server;
computer program code for cryptographically processing data to be transmitted from the server to the client based on the security information; and
computer program code for transmitting the cryptographically processed data from the server to the client over a wireless, narrowband channel between the client and the server that carries data from the server to the client. - View Dependent Claims (30, 31, 32)
-
Specification