Wireless service points having unique identifiers for secure communication

US 7,522,731 B2
Filed: 04/28/2003
Issued: 04/21/2009
Est. Priority Date: 04/28/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method of communication via a secure wireless communication network, the method comprising:

joining a plurality of Service Points (SPs) to form a Service Point Network (SPN);

connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN;

associating a unique Service Port identifier with each Service Port of each SP and thereby with each UD;

preparing a communication selectively destined for one or more Destination UDs of the plurality of UDs, the communication originating from an Originator UD of the plurality of UDs, the SP corresponding to the Originator UD being an Entry SP of the communication, and the SPs corresponding to the Destination UDs being Terminal SPs of the communication; and

for each Destination UD, encrypting the communication in the Entry SP to facilitate decryption in the corresponding Terminal SP and in a manner based at least in part on the unique Service Port identifier associated with the Destination UD, the encrypting otherwise securing the communication from general access including securing against decryption by other than the SP corresponding to the Destination UD.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, apparatus, and methods are disclosed wherewith a group of independent wireless routing devices known as Service Points work cooperatively to form an ad hoc mesh communication network. The resulting Service Point Network is used to provide reliable address-directed communication services between devices attached by conventional means (wired or wireless) to respective Service Ports on any of the Service Points. Attached Utilizing Devices are not considered a part of the Service Point Network and need not contain any custom software or hardware related to the operations of the Service Point Network. To protect the security of network communications and the integrity of the network, the Service Points are assigned internal IP addresses and unique identifiers that need not be disclosed to the Utilizing Devices. The unique identifiers in turn are used to derive public and private encryption key pairs for each Service Point.

Citations

20 Claims

1. A method of communication via a secure wireless communication network, the method comprising:
- joining a plurality of Service Points (SPs) to form a Service Point Network (SPN);
  
  connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN;
  
  associating a unique Service Port identifier with each Service Port of each SP and thereby with each UD;
  
  preparing a communication selectively destined for one or more Destination UDs of the plurality of UDs, the communication originating from an Originator UD of the plurality of UDs, the SP corresponding to the Originator UD being an Entry SP of the communication, and the SPs corresponding to the Destination UDs being Terminal SPs of the communication; and
  
  for each Destination UD, encrypting the communication in the Entry SP to facilitate decryption in the corresponding Terminal SP and in a manner based at least in part on the unique Service Port identifier associated with the Destination UD, the encrypting otherwise securing the communication from general access including securing against decryption by other than the SP corresponding to the Destination UD.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the SPN is an ad hoc network.
  - 3. The method of claim 1, wherein the SPN is a mesh network.
  - 4. The method of claim 1, further including:
    - generating one or more associated encryption keys based on each Service Port identifier.
  - 5. The method of claim 4, further including:
    - as part of the key generating, creating a public key and a private key associated with each Service Port of each SP;
      
      in the Entry SP, using the public key of the Service Port corresponding to each Destination UD to carry out the encrypting; and
      
      in each Terminal SP, using the private key of the Service Port corresponding to each Destination UD to decrypt the encrypted communication.
  - 6. The method of claim 5, further including:
    - establishing at least one management key-pair associated with a recipient SP of the SPs, each management key-pair comprising a management private key and a corresponding management public key;
      
      using the management public key, encrypting one or more management directives sent to the recipient SP related to at least one of SPN formation and SP configuration, each of the management directives incorporating an embedded second key for purposes of authentication;
      
      decrypting each management directive using the management private key of the recipient SP;
      
      the recipient SP using the embedded second key to encrypt a reply to each management directive; and
      
      authenticating the recipient SP based on the encrypted reply to each management directive.
  - 7. The method of claim 6, wherein each management directives includes one or more of the following message types:
    - {hello, welcome, join, accept, leave, goodbye}.
  - 8. The method of claim 6, wherein the embedded second key is a nonce value.
  - 9. The method of claim 6, wherein the recipient SP has multiple management key-pairs corresponding to respective different classes of the management directives.
  - 10. The method of claim 1, further including:
    - as each of the SPs joins the SPN, dynamically assigning an SPN-unique SP-identifier to the SP; and
      
      routing the encrypted communication through the SPN to the Destination UDs in a manner based upon the SP-identifiers of the Terminal SPs and not revealed to the UDs.
  - 11. The method of claim 10, wherein each SP-identifier is an IP address for internal use within the SPN.

12. A method of communication via a secure wireless communication network, the method comprising:
- joining a plurality of Service Points (SPs) to form a Service Point Network (SPN);
  
  assigning an SPN-unique SP-identifier to each SP joined to the SPN;
  
  connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN; and
  
  in the SP corresponding to a first UD of the plurality of UDs, encrypting a communication originating from the first UD and destined for a second UD of the plurality of UDs, the encrypting being performed to facilitate decryption in the SP corresponding to the second UD and in a manner based at least in part on a unique Service Port identifier associated with the Service Port corresponding to the second UD, the encrypting otherwise securing the communication from general access including securing against decryption by other than the SP corresponding to the second UD.

13. A method for providing access to resources via a secure wireless communication network, comprising:
- providing a Service Point Network (SPN) comprising a plurality of Service Points;
  
  connecting each of a plurality of Utilizing Devices to a corresponding one or more of the Service Points, the Utilizing Devices being distinct from the Service Points and not part of the SPN;
  
  providing first and second of the Utilizing Devices with access to each other conveyed via dedicated secure communication through the SPN between an Entry Service Point connected to the first Utilizing Device and a Terminal Service Point connected to the second Utilizing Device; and
  
  encrypting said secure communication at the Entry Service Point, in such a manner that the communication can only be decrypted by the Terminal Service Point.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein each of the Service Points has one or more associated Service Port identifiers, and said encryption is based at least partly on one of the Service Port identifiers of the Terminal Service Point.

15. A method of communication via a secure wireless communication network, the method comprising:
- joining a plurality of Service Points (SPs) to form a Service Point Network (SPN);
  
  connecting each of a plurality of Utilizing Devices (UDs) to a corresponding Service Port of one or more of the SPs, the UDs being distinct from the SPs and not part of the SPN;
  
  associating a unique Service Port identifier with each Service Port of each SP and thereby with each UD;
  
  preparing a communication selectively destined for one or more Destination UDs of the plurality of UDs, the communication originating from an Originator UD of the plurality of UDs, the SP corresponding to the Originator UD being an Entry SP of the communication, and the SPs corresponding to the Destination UDs being Terminal SPs of the communication;
  
  for each Destination UD, encrypting the communication in the Entry SP to facilitate decrypting the communication in the corresponding Terminal SP and in a manner based at least in part on the unique Service Port identifier associated with the Destination UD, the encrypting otherwise securing the communication from general access including securing against decrypting by other than the SP corresponding to the Destination UD;
  
  generating one or more associated encryption keys based on each Service Port identifier;
  
  as part of the key generating, creating a public key and a private key associated with each Service Port of each SP;
  
  in the Entry SP, using the public key of the Service Port corresponding to each Destination UD to carry out the encrypting; and
  
  in each Terminal SP, using the private key of the Service Port corresponding to each Destination UD to carry out the decrypting; and
  
  wherein the UDs are client devices that do not actively participate in the encrypting and the decrypting, the communication is one or more instances of client data communications, the encrypting and the decrypting are asymmetric, the client data communications are unrelated to and not used for key distribution related to the encrypting and the decrypting, and only the SPs corresponding to the Destination UDs are capable of performing the decrypting.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further including:
    - as each of the SPs joins the SPN, dynamically assigning an SPN-unique SP-identifier to the SP;
      
      routing the encrypted communication through the SPN to the Destination UDs in a manner based upon the SP-identifiers of the Terminal SPs and not revealed to the UDs; and
      
      wherein each SP-identifier is an IP address for internal use within the SPN.
  - 17. The method of claim 15, further including:
    - establishing at least one management key-pair associated with a recipient SP of the SPs, each management key-pair comprising a management private key and a corresponding management public key;
      
      using the management public key, encrypting one or more management directives sent to the recipient SP related to at least one of SPN formation and SP configuration, each of the management directives incorporating an embedded second key for purposes of authentication;
      
      decrypting each management directive using the management private key of the recipient SP;
      
      the recipient SP using the embedded second key to encrypt a reply to each management directive; and
      
      authenticating the recipient SP based on the encrypted reply to each management directive.
  - 18. The method of claim 17, wherein each management directive includes one or more of the following message types:
    - {hello, welcome, join, accept, leave, goodbye}.
  - 19. The method of claim 17, wherein the embedded second key is a nonce value.
  - 20. The method of claim 17, wherein the recipient SP has multiple management key-pairs corresponding to respective different classes of the management directives.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Agilent Technologies, Inc., FireTide Incorporated (UNICOM Global, Inc.)
Original Assignee
FireTide Incorporated (UNICOM Global, Inc.)
Inventors
Nassi, Isaac Robert, Cornejo, David Neil, Rosenthal, Lawrence Alan, Klemba, Keith Stuart
Primary Examiner(s)
Lipman; Jacob

Application Number

US10/426,162
Publication Number

US 20040228490A1
Time in Patent Office

2,185 Days
Field of Search

380/285, 713/163
US Class Current

380/285
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04W 52/46   in multi hop networks, e.g....

Wireless service points having unique identifiers for secure communication

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Wireless service points having unique identifiers for secure communication

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links