System and method for encrypted group network communication with point-to-point privacy
First Claim
1. A computer-implemented method comprising:
- providing a secure gateway group including a plurality of members of the secure gateway group that share common security data;
generating, by use of a processor, a different private identity for each of the plurality of members of the secure gateway group, and sending the private identity for each of the plurality of members of the secure gateway group to the corresponding member;
obtaining a sender secure private identity corresponding to a source of network traffic;
obtaining a receiver secure public identity corresponding to a destination of the network traffic, the destination being a particular member of the secure gateway group;
using a processor to generate an encryption key using the sender secure private identity and the receiver secure public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve;
encrypting a data packet of the network traffic using the encryption key; and
sending the encrypted data packet to the destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Various embodiments of the disclosed subject matter provide methods and systems for improved efficiency and security in secure gateway-to-secure gateway network communication. Embodiments provide systems and methods for generating a sender secure gateway private identity, obtaining a receiver secure gateway public identity, generating an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity, encrypting a data packet using the encryption key, and sending the encrypted data packet to a receiver secure gateway. Embodiments also provide systems and methods for generating a receiver secure gateway private identity, obtaining a sender secure gateway public identity, generating a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity, receiving an encrypted data packet from a sender secure gateway, and decrypting the data packet using the decryption key.
-
Citations
25 Claims
-
1. A computer-implemented method comprising:
-
providing a secure gateway group including a plurality of members of the secure gateway group that share common security data; generating, by use of a processor, a different private identity for each of the plurality of members of the secure gateway group, and sending the private identity for each of the plurality of members of the secure gateway group to the corresponding member; obtaining a sender secure private identity corresponding to a source of network traffic; obtaining a receiver secure public identity corresponding to a destination of the network traffic, the destination being a particular member of the secure gateway group; using a processor to generate an encryption key using the sender secure private identity and the receiver secure public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve; encrypting a data packet of the network traffic using the encryption key; and sending the encrypted data packet to the destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet. - View Dependent Claims (2, 3)
-
-
4. A computer-implemented method comprising:
-
providing a secure gateway group including a plurality of members of the secure gateway group that share common security data; generating, by use of a processor, a different private identity for each of the plurality of members of the secure gateway group, and sending the private identity for each of the plurality of members of the secure gateway group to the corresponding member; obtaining a receiver secure private identity corresponding to a destination of network traffic, the destination being a particular member of the secure gateway group; obtaining a sender secure public identity corresponding to a source of the network traffic; using a processor to generate a decryption key using the receiver secure private identity and the sender secure public identity in a Tate pairing, wherein the decryption key being generated using the Tate pairing based on an elliptic curve; receiving an encrypted data packet of the network traffic at the destination within the secure gateway group in a secure point-to-point network communication from the source of the network traffic, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet; and decrypting the data packet at the destination within the secure gateway group using the decryption key. - View Dependent Claims (5, 6)
-
-
7. An apparatus comprising:
-
means for providing a secure gateway group including a plurality of members of the secure gateway group that share common security data; means for generating, by use of a processor, a different private identity for each of the plurality of members of the secure gateway group, and sending the private identity for each of the plurality of members of the secure gateway group to the corresponding member; means for obtaining a sender secure private identity corresponding to a source of network traffic; means for obtaining a receiver secure public identity corresponding to a destination of the network traffic, the destination being a particular member of the secure gateway group; means for using a processor to generate an encryption key using the sender secure private identity and the receiver secure public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve; means for encrypting a data packet of the network traffic using the encryption key; and means for sending the encrypted data packet to the destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet. - View Dependent Claims (8, 9)
-
-
10. An apparatus comprising:
-
means for providing a secure gateway group including a plurality of members of the secure gateway group that share common security data; means for generating, by use of a processor, a different private identity for each of the plurality of members of the secure gateway group, and sending the private identity for each of the plurality of members of the secure gateway group to the corresponding member; means for obtaining a receiver secure private identity corresponding to a destination of network traffic, the destination being a particular member of the secure gateway group; means for obtaining a sender secure public identity corresponding to a source of the network traffic; means for using a processor to generate a decryption key using the receiver secure private identity and the sender secure public identity in a Tate pairing, wherein the decryption key being generated using the Tate pairing based on an elliptic curve; means for receiving an encrypted data packet of the network traffic at the destination within the secure gateway group in a secure point-to-point network communication from the source of the network traffic, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet; and means for decrypting the data packet at the destination within the secure gateway group using the decryption key. - View Dependent Claims (11, 12)
-
-
13. An apparatus comprising:
a sender secure gateway being one of a plurality of members of a secure gateway group that share common security data, the sender secure gateway being a source of network traffic, the sender secure gateway being operable to obtain a sender secure gateway private identity from a key server, the key server having generated a different private identity for each of the plurality of members of the secure gateway group and having sent the private identity for each of the plurality of members of the secure gateway group to the corresponding member, the sender secure gateway being configured to obtain a receiver secure gateway public identity corresponding to a destination of the network traffic, the destination being a particular member of the secure gateway group, the sender secure gateway being configured to generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve, the sender secure gateway being configured to encrypt a data packet of the network traffic using the encryption key; and
the sender secure gateway being configured to send the encrypted data packet to the destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet.- View Dependent Claims (14, 15)
-
16. An apparatus comprising:
a receiver secure gateway being one of a plurality of members of a secure gateway group that share common security data, the receiver secure gateway being a destination of network traffic, the receiver secure gateway being operable to obtain a receiver secure gateway private identity from a key server, the key server having generated a different private identity for each of the plurality of members of the secure gateway group and having sent the private identity for each of the plurality of members of the secure gateway group to the corresponding member, the receiver secure gateway being configured to obtain a sender secure gateway public identity corresponding to a source of the network traffic, the source being a particular member of the secure gateway group, the receiver secure gateway being configured to generate a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity in a Tate pairing, wherein the decryption key being generated using the Tate pairing based on an elliptic curve, the receiver secure gateway being configured to receive an encrypted data packet from the source of the network traffic in a secure point-to-point network communication; and
the receiver secure gateway being configured to decrypt the data packet using the decryption key, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet.- View Dependent Claims (17, 18)
-
19. An article of manufacture comprising at least one non-transitory machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- generate a different private identity for each of a plurality of members of a secure gateway group and to send the private identity for each of the plurality of members of the secure gateway group to the corresponding member;
obtain a sender secure gateway private identity corresponding to a source of network traffic;
obtain a receiver secure gateway public identity corresponding to a destination of the network traffic, the destination being a particular member of a secure gateway group that includes a plurality of members that share common security data;
generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve;
encrypt a data packet of the network traffic using the encryption key; and
send the encrypted data packet to the-destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet. - View Dependent Claims (20)
- generate a different private identity for each of a plurality of members of a secure gateway group and to send the private identity for each of the plurality of members of the secure gateway group to the corresponding member;
-
21. An article of manufacture comprising at least one non-transitory machine readable storage medium having one or more computer programs stored thereon and operable on one or more computing systems to:
- generate a different private identity for each of a plurality of members of a secure gateway group and to send the private identity for each of the plurality of members of the secure gateway group to the corresponding member;
obtain a receiver secure gateway private identity corresponding to a destination of network traffic, the destination being a particular member of a secure gateway group including a plurality of members that share common security data;
obtain a sender secure gateway public identity corresponding to a source of the network traffic;
generate a decryption key using the receiver secure gateway private identity and the sender secure gateway public identity in a Tate pairing, wherein the decryption key being generated using the Tate pairing based on an elliptic curve;
receive an encrypted data packet of the network traffic at the destination within the secure gateway group in a secure point-to-point network communication from the source of the network traffic, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet; and
decrypt the data packet at the destination within the secure gateway group using the decryption key. - View Dependent Claims (22)
- generate a different private identity for each of a plurality of members of a secure gateway group and to send the private identity for each of the plurality of members of the secure gateway group to the corresponding member;
-
23. A system comprising:
-
a key server to generate a different private identity for each of a plurality of members of a secure gateway group that shares common security data, the key server to send the private identity for each of the plurality of members of the secure gateway group to the corresponding member; and a plurality of members of the secure gateway group that shares common security data, the plurality of members being in data communication with the key server via a network, the plurality of members of the secure gateway group being operable to;
obtain a sender secure gateway private identity corresponding to a source of network traffic;
obtain a receiver secure gateway public identity corresponding to a destination of the network traffic, the destination being a particular member of the secure gateway group;
generate an encryption key using the sender secure gateway private identity and the receiver secure gateway public identity in a Tate pairing, wherein the encryption key being generated using the Tate pairing based on an elliptic curve;
encrypt a data packet of the network traffic using the encryption key; and
send the encrypted data packet to the destination of the network traffic within the secure gateway group in a secure point-to-point network communication, members of the secure gateway group other than the destination of the network traffic being unable to decrypt the encrypted data packet. - View Dependent Claims (24, 25)
-
Specification