Secure transport for mobile communication network
First Claim
Patent Images
1. A method for encrypting channels of data in a transaction comprising:
- encryption of a first data channel in the transaction using a first security association known by a network intermediary device;
encryption of a second data channel in the transaction using a second securityassociation known by a network endpoint device but unknown to the network intermediary device,wherein the first data channel consists of control data and the second data channel consists of payload data.
2 Assignments
0 Petitions
Accused Products
Abstract
A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.
250 Citations
19 Claims
-
1. A method for encrypting channels of data in a transaction comprising:
-
encryption of a first data channel in the transaction using a first security association known by a network intermediary device; encryption of a second data channel in the transaction using a second security association known by a network endpoint device but unknown to the network intermediary device, wherein the first data channel consists of control data and the second data channel consists of payload data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A network processing device, comprising:
-
one or more processors configured to; receive a transaction from a first network device containing a first portion of data encrypted using a first known encryption key and a second portion of data encrypted using a second unknown encryption key; decrypt the first portion of data using the first encryption key while the second portion of data remains encrypted; using the decrypted first portion of data to authenticate the transaction; and forwarding at least a portion of the transaction to a second network device when the transaction is authenticated. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method for encrypting information, comprising:
-
negotiating a first encryption key with a first endpoint; receiving a transaction from the first endpoint containing control data encrypted using the first encryption key and payload data encrypted using a second unknown encryption key; and decrypting the control data to determine how to process and relay the transaction over a network to a second endpoint while the payload data remains encrypted. - View Dependent Claims (14, 15)
-
-
16. An apparatus comprising a non-transitory computer-readable medium having instructions, when executed by a processor or multiple communicating processors, perform a method comprising:
-
negotiating a first encryption key with a first endpoint; negotiating a second encryption key with a second endpoint; receiving a transaction from the first endpoint directed to the second endpoint, the transaction including a first portion of data encrypted using the first encryption key and including a second portion of data encrypted using an unknown encryption key; decrypting the first portion of data using the first encryption key; re-encrypting at least some of the first portion of decrypted data using the second encryption key; and
forwarding the re-encrypted data and the encrypted second portion of data to the second endpoint. - View Dependent Claims (17, 18, 19)
-
Specification