Air-interface application layer security for wireless networks

US 8,447,968 B2
Filed: 10/28/2005
Issued: 05/21/2013
Est. Priority Date: 10/28/2005
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting data for transmission over a wireless link, comprising:

encrypting one or more blocks of data, at an air-interface application layer, using an encryption algorithm that receives a cryptosynch as input, wherein each block of data includes a plurality of bytes associated with a corresponding plurality of sequence numbers, wherein the value of the cryptosynch includes a variable component that is based on an order of the one or more blocks of data relative to other blocks of data and where the variable component comprises an incremented value that is derived at the air-interface application layer, and the variable component of the cryptosynch is recoverable by a receiver based on the ordering of the blocks of data and a value of one of the plurality of sequence numbers; and

transmitting the one or more encrypted blocks of data to a receiver that is operable to preserve the order of the one or more blocks of data relative to the other blocks of data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method for encrypting data for transmission over a wireless link. The method includes encrypting at least one block of data, at an air-interface application layer, using an encryption algorithm that receives a cryptosynch as input. The value of the cryptosynch is based on an order of the at least one block of data relative to other blocks of data. The value of the cryptosynch is recoverable by a receiver based on the ordering of the ordering of the blocks of data. The at least one encrypted block of data is transmitted to a receiver that is operable to preserve the order of the at least one block of data relative to the other blocks of data.

Citations

42 Claims

1. A method of encrypting data for transmission over a wireless link, comprising:
- encrypting one or more blocks of data, at an air-interface application layer, using an encryption algorithm that receives a cryptosynch as input, wherein each block of data includes a plurality of bytes associated with a corresponding plurality of sequence numbers, wherein the value of the cryptosynch includes a variable component that is based on an order of the one or more blocks of data relative to other blocks of data and where the variable component comprises an incremented value that is derived at the air-interface application layer, and the variable component of the cryptosynch is recoverable by a receiver based on the ordering of the blocks of data and a value of one of the plurality of sequence numbers; and
  
  transmitting the one or more encrypted blocks of data to a receiver that is operable to preserve the order of the one or more blocks of data relative to the other blocks of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the one or more blocks of data is comprised of a predetermined number of bits from a stream of data, and the method further comprises:
    - computing the cryptosynch for the one or more blocks of data, wherein the variable component is derived from a block number of a virtual counter.
  - 3. The method of claim 2, wherein the one or more blocks of data comprises a selectable bit length comprised of the predetermined number of bits.
  - 4. The method of claim 3, wherein the predetermined number of bits is 128 bits.
  - 5. The method of claim 2, wherein the virtual counter is configured to increment the block number, for each of the one or more blocks in the stream of data, after the predetermined number of bits have been received, and wherein the virtual counter is configured to be initialized based on the value of said one of the plurality of sequence numbers.
  - 6. The method of claim 2, further comprising:
    - resetting the virtual counter to a predetermined initial value for a communication session with the receiver.
  - 7. The method of claim 2, wherein the cryptosynch is comprised of a fixed component that is based on control information that accompanies the one more blocks of data.
  - 8. The method of claim 1, wherein encrypting the one or more blocks of data further comprises:
    - generating a pseudorandom stream from the encryption algorithm, wherein the pseudorandom stream is capable of being reproduced by the receiver using a corresponding encryption algorithm and the recovered value of the cryptosynch; and
      
      executing a logical XOR between corresponding bytes of the pseudorandom stream and the one or more blocks of data.
  - 9. The method of claim 1, wherein encrypting the one or more blocks of data further comprises:
    - generating a first pseudorandom stream from the encryption algorithm using a first value of the cryptosynch;
      
      generating a second pseudorandom stream from the encryption algorithm using a second value of the cryptosynch; and
      
      encrypting the one or more blocks of data by performing an operation Y=AX +B in a finite field, where A is the first pseudorandom stream, B is the second pseudorandom stream, X is the one or more blocks of data, and Y is an encrypted block of data produced from the operation.
  - 10. The method of claim 9, further comprising:
    - appending the one or more blocks of encrypted data with a start flag and an end flag, wherein the start and end flags are operable to signal to the receiver a beginning and an end of the one or more blocks of encrypted data.
  - 11. The method of claim 9, wherein the first pseudorandom stream and the second pseudorandom stream are capable of being reproduced by a receiver using a corresponding encryption algorithm and first and second recovered values of the cryptosynch, respectively, and using the reproduced first and second pseudorandom streams, the receiver is capable of decrypting the one or more blocks of data by performing an operation X=A⁻
    - 1(Y+B).
  - 12. The method of claim 1, wherein encrypting the one or more blocks of data comprises encrypting the one or more blocks of data using the Advanced Encryption Standard.
  - 13. The method of claim 1, further comprising:
    - appending the one or more blocks of encrypted data with a start flag and an end flag, wherein the start and end flags are operable to signal to the receiver a beginning and an end of the one or more blocks of encrypted data.
  - 14. The method of claim 13, wherein the receiver is operable to determine a bit length of the one or more blocks of encrypted data by counting the number of bits between the flags.
  - 15. The method of claim 14, wherein the start and end flags are comprised of a first bit sequence, the method further comprising:
    - determining if the one or more blocks of data includes a second bit sequence that matches the first bit sequence; and
      
      if a match is found, replacing the second bit sequence with a third bit sequence that is different from the first bit sequence.

16. A method of decrypting data received over a wireless link, comprising:
- receiving at least one packet used to transmit one or more encrypted blocks of data over the wireless link, wherein each block of data includes a plurality of bytes associated with a corresponding plurality of sequence numbers, wherein the one or more blocks of data has been encrypted using an encryption algorithm that receives a cryptosynch as input, and the value of the cryptosynch includes an air-interface application layer derived, incremented variable component that is based on an order of the at least one encrypted block of data relative to other blocks of data and a value of one of the plurality of sequence numbers; and
  
  at an air-interface application layer, recovering the variable component of the cryptosynch for the at least one encrypted block of data from the ordering of the one or more blocks of data relative to other blocks of data.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The method of claim 16, further comprising:
    - insuring that the ordering of the at least one encrypted block of data relative to the other blocks of data is synchronized with the order in which it was transmitted.
  - 18. The method of claim 16, wherein recovering the variable component of the cryptosynch further comprises:
    - recovering the variable component of the cryptosynch by determining a start value of the virtual counter, wherein the start value is based on the ordering of the at least one encrypted block of data relative to the other blocks of data and the value of said one of the plurality of sequence numbers.
  - 19. The method of claim 18, wherein the variable component of the cryptosynch is equal to the block count of the virtual counter.
  - 20. The method of claim 18, further comprising:
    - incrementing the start value for each successive block of the ordered at least one encrypted block of data.
  - 21. The method of claim 16, wherein the cryptosynch comprises a fixed component that is inferred from control information that accompanies the at least one packet.
  - 22. The method of claim 16, further comprising:
    - decrypting the at least one encrypted block of data using the recovered cryptosynch.
  - 23. The method of claim 22, wherein decrypting the one or more blocks of encrypted data further comprises:
    - generating a pseudo random stream from an encryption algorithm used to encrypt the one or more blocks of data, wherein the encryption algorithm uses the recovered cryptosynch as an input; and
      
      executing a logical XOR between corresponding bytes of the at least one encrypted block of data and the pseudo random stream.
  - 24. The method of claim 22, wherein decrypting the at least one encrypted block of data further comprises:
    - generating a first pseudorandom stream from the encryption algorithm, wherein the encryption algorithm uses a first recovered value of the cryptosynch;
      
      generating a second pseudorandom stream from the encryption algorithm, wherein the encryption algorithm uses a second recovered value of the cryptosynch; and
      
      decrypting the at least one encrypted block of data by performing an operation X=A^−
      
      1(Y+B) in a finite field, where A is the first pseudorandom stream, B is the second pseudorandom stream, Y is the at least one encrypted block of data, and X is an unencrypted block of data.
  - 25. The method of claim 24, wherein the at least one encrypted block of data includes a start flag and an end flag to signal the beginning and the end of the at least one encrypted block of data, the method further comprising:
    - determining a bit length of the one or more blocks of encrypted data by counting the number of bits between the flags.
  - 26. The method of claim 16, wherein the start and end flags are comprised of a first bit sequence, and prior to receiving the at least one packet, a second bit sequence matching the first bit sequence in the one or more blocks of data was replaced with a third bit sequence that is different from the first bit sequence, the method further comprising:
    - restoring the one more blocks of data by replacing the third bit sequence with the first bit sequence.
  - 27. The method of claim 25, wherein the start and end flags are comprised of a first bit sequence, and prior to receiving the at least one packet, a second bit sequence matching the first bit sequence in the at least one block of data was replaced with a third bit sequence that is different from the first bit sequence, the method further comprising:
    - restoring the one or more blocks of data by replacing the third bit sequence with the first bit sequence.

28. A method of encrypting data in a wireless network comprising:
- generating a first pseudorandom stream from an encryption algorithm using a first value of a cryptosynch;
  
  generating a second pseudorandom stream from the encryption algorithm using a second value of the cryptosynch; and
  
  encrypting at least one block of data by performing an operation Y=AX+B in a finite field, where A is the first pseudorandom stream, B is the second pseudorandom stream, X is the at least one block of data, and Y is an encrypted block of data produced from the operation.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The method of claim 28, wherein the first and second values of the cryptosynch are based on an order of the at least one block of data relative to other blocks of data.
  - 30. The method of claim 28, wherein the at least one block of data is comprised of a predetermined number of bits from a stream of data, and the method further comprises:
    - computing the first and second values of the cryptosynch for the at least one block of data, wherein the first and second values of the cryptosynch are comprised of a variable component that is derived from a block number of a virtual counter.
  - 31. The method of claim 30, wherein the virtual counter is configured to increment the block number, for each of the at least one blocks in the stream of data, after the predetermined number of bits have been received.
  - 32. The method of claim 31, wherein the at least one block of data is comprised of 128 bits.
  - 33. The method of claim 30, wherein the first and second values of the cryptosynch are comprised of a modifier, and the first value of the cryptosynch is comprised of the variable component appended with a first value of the modifier, and the second value of the cryptosynch is comprised of the variable component appended with a second value of the modifier.
  - 34. The method of claim 30, wherein the first and second values of the cryptosynch are comprised of a fixed component.
  - 35. The method of claim 28, wherein the first pseudorandom stream and the second pseudorandom stream are capable of being reproduced by a receiver using a corresponding encryption algorithm and first and second recovered values of the cryptosynch, respectively, and using the reproduced first and second pseudorandom streams, the receiver is capable of decrypting the at least one block of data by performing an operation X=A⁻
    - 1(Y+B).
  - 36. The method of claim 28, wherein the encryption algorithm is the Advanced Encryption Standard.

37. A method of decrypting data in a wireless network comprising:
- receiving at least one block of encrypted data, wherein the at least one block has been encrypted by performing an operation Y=AX+B in a finite field, where A is a first pseudorandom stream, B is a second pseudorandom stream, X is at least one block of unencrypted data, and Y is the at least one block of encrypted data; and
  
  reproducing the first and second pseudorandom streams and decrypting, at an air-interface application layer, the at least one block of encrypted data by performing an operation X=A^−
  
  1(Y+B).
- View Dependent Claims (38, 39, 40, 41, 42)
- - 38. The method of claim 37, wherein the first and second pseudorandom streams are reproduced from an encryption algorithm using a cryptosynch, and the cryptosynch is comprised of a variable component that is based on an order of the at least one block of encrypted data relative to other blocks of encrypted data.
  - 39. The method of claim 38, wherein the variable component of the cryptosynch is derived from a block number of a virtual counter that is incremented after a predetermined number of bits have been received.
  - 40. The method of claim 38, wherein the first and second pseudorandom streams are reproduced from the encryption algorithm using first and second values of the cryptosynch, respectively, and the first value of the cryptosynch is comprised of the variable component appended with a first value of a modifier, and the second value of the cryptosynch is comprised of the variable component appended with a second value of the modifier.
  - 41. The method of claim 38, wherein the cryptosynch is comprised of a fixed component.
  - 42. The method of claim 37, wherein the encryption algorithm is the Advanced Encryption Standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Patel, Sarvar, Sundaram, Ganapathy, Rajkumar, Ajay
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
King, John B

Application Number

US11/261,399
Publication Number

US 20070101120A1
Time in Patent Office

2,762 Days
Field of Search

713/150, 713/151, 713/181, 380/28, 380/48, 380/247, 380/270
US Class Current

713/151
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 9/0662   with particular pseudorando...

H04L 9/12   Transmitting and receiving ...

H04W 12/033   of the user plane, e.g. use...

H04W 80/00   Wireless network protocols ...

Air-interface application layer security for wireless networks

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Air-interface application layer security for wireless networks

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links