Method and system for securing communication

US 8,539,241 B2
Filed: 03/25/2010
Issued: 09/17/2013
Est. Priority Date: 03/25/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing communication between a plurality of members, comprising:

sending, by a first member, a first input to a second member, wherein the first member is a server, the second member is a client, and the first input comprises a server challenge;

receiving, by the first member, a second input from the second member, wherein the second input comprises a password, and wherein the password is provided to the server by the client when creating an account prior to the sending the first input; and

generating, by an n-bit generator, an initial message digest using the first input and the second input,wherein communications between the first member and the second member are encrypted using the initial message digest, wherein encrypting the communications between the first member and the second member using the initial message digest comprises;

extracting a first secret from at least the initial message digest,generating, by the n-bit generator, a second message digest using the first secret,extracting an encryption key and algorithm selector bits from the second message digest,identifying an encryption algorithm specified by the algorithm selector bits, andencrypting at least one communication using the identified encryption algorithm and the encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communication between a plurality of members. The method includes a first member sending a first input to a second member, receiving a second input from the second member, and generating, by an n-bit generator, an initial message digest using the first input and the second input. Communications between the first member and the second member are encrypted using the initial message digest.

59 Citations

View as Search Results

24 Claims

1. A method for securing communication between a plurality of members, comprising:
- sending, by a first member, a first input to a second member, wherein the first member is a server, the second member is a client, and the first input comprises a server challenge;
  
  receiving, by the first member, a second input from the second member, wherein the second input comprises a password, and wherein the password is provided to the server by the client when creating an account prior to the sending the first input; and
  
  generating, by an n-bit generator, an initial message digest using the first input and the second input,wherein communications between the first member and the second member are encrypted using the initial message digest, wherein encrypting the communications between the first member and the second member using the initial message digest comprises;
  
  extracting a first secret from at least the initial message digest,generating, by the n-bit generator, a second message digest using the first secret,extracting an encryption key and algorithm selector bits from the second message digest,identifying an encryption algorithm specified by the algorithm selector bits, andencrypting at least one communication using the identified encryption algorithm and the encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving, by the server, a client identifier from the client; and
      
      determining whether the client is authorized based on the client identifier,wherein sending the server challenge is performed in response to determining that the client is authorized.
  - 3. The method of claim 2, further comprising:
    - verifying the password based on the client identifier,wherein generating the initial message digest is performed in response to determining that the password is valid.
  - 4. The method of claim 1, further comprising:
    - receiving, by the server, a client challenge;
      
      extracting a secret from the initial message digest;
      
      generating, by the n-bit generator, a second message digest using the secret and the client challenge;
      
      extracting a server generated administrative command authentication secret (ACAS) from the second message digest;
      
      generating, by the n-bit generator, a first command authentication message digest (CAMD) using a first encrypted communication and the server generated ACAS; and
      
      sending, by the server, the CAMD and the first encrypted communication to the client,wherein the client;
      
      generates, by the n-bit generator, a second command authentication message digest (CAMD) using the first encrypted communication and a client generated ACAS,decrypts the first encrypted communication when the first CAMD is identical to the second CAMD.
  - 5. The method of claim 1, further comprising:
    - identifying, by the first member, a public key of the second member;
      
      encrypting the server challenge with the public key of the second member to create a first encrypted challenge, wherein sending the first input comprises sending the first encrypted challenge; and
      
      decrypting, by the first member, an encrypted second challenge using a private key of the first member to create a decrypted second challenge, wherein the decrypted second challenge comprises the second input.
  - 6. The method of claim 1, wherein encrypting the communications between the first member and the second member using the initial message digest comprises:
    - extracting a shared secret and a dynamic secret from the initial message digest; and
      
      generating, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extracting, from the second message digest, a first encryption key and first algorithm selector bits;
      
      identifying a first encryption algorithm specified by the first algorithm selector bits; and
      
      encrypting a first communication using the first encryption algorithm and the first encryption key.
  - 7. The method of claim 1, wherein encrypting the communications between the first member and the second member using the initial message digest further comprises:
    - extracting a change value from the second message digest;
      
      generating, by the n-bit generator, a third message digest using the change value and the dynamic secret;
      
      extracting, from the third message digest, a second encryption key and second algorithm selector bits;
      
      identifying a second encryption algorithm specified by the second algorithm selector bits; and
      
      encrypting a second communication using the second encryption algorithm and the second encryption key.
  - 8. The method of claim 1, further comprising:
    - extracting a shared secret and a dynamic secret from the initial message digest; and
      
      generating, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extracting a change value from the second message digest;
      
      combining the change value and the dynamic secret to create an interim dynamic secret; and
      
      generating, by the n-bit generator, a third message digest using the interim dynamic secret;
      
      extracting a first portion of the encryption key from the second message digest and a second portion of the encryption key from the third message digest to obtain an extracted encryption key; and
      
      encrypting the communication using the extracted encryption key.

9. A computer device comprising:
- a processor;
  
  a memory; and
  
  software instructions stored in memory for causing the computer device to;
  
  send a first input to a second member of a plurality of members, wherein the computing device is a first member of the plurality of members, wherein the first member is a server, the second member is a client, and the first input comprises a server challenge;
  
  receiving a second input from the second member, wherein the second input comprises a password, and wherein the password is provided to the server by the client when creating an account prior to the sending the first input; and
  
  generate, by an n-bit generator, an initial message digest using the first input and the second input,wherein communications between the first member and the second member are encrypted using the initial message digest, wherein encrypting the communications between the first member and the second member using the initial message digest comprises;
  
  extracting a first secret from at least the initial message digest,generating, by the n-bit generator, a second message digest using the first secret,extracting an encryption key and algorithm selector bits from the second message digest,identifying an encryption algorithm specified by the algorithm selector bits, andencrypting at least one communication using the identified encryption algorithm and the encryption key.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computing device of claim 9, wherein the software instructions further cause the computing device to:
    - receive a client identifier from the client; and
      
      determine whether the client is authorized based on the client identifier,wherein sending the server challenge is performed in response to determining that the client is authorized.
  - 11. The computing device of claim 10, wherein the software instructions further cause the computing device to:
    - verify the password based on the client identifier,wherein generating the initial message digest is performed in response to determining that the password is valid.
  - 12. The computing device of claim 9, wherein the software instructions further cause the computing device to:
    - receive a client challenge;
      
      extract a secret from the initial message digest;
      
      generate, by the n-bit generator, a second message digest using the secret and the client challenge;
      
      extract a server generated administrative command authentication secret (ACAS) from the second message digest;
      
      generate, by the n-bit generator, a first command authentication message digest (CAMD) using a first encrypted communication and the server generated ACAS; and
      
      send the CAMD and the first encrypted communication to the client,wherein the client;
      
      generates, by the n-bit generator, a second command authentication message digest (CAMD) using the first encrypted communication and a client generated ACAS,decrypts the first encrypted communication when the first CAMD is identical to the second CAMD.
  - 13. The computing device of claim 9, wherein the software instructions further cause the computing device to:
    - identify a public key of the second member;
      
      encrypt the server challenge with the public key of the second member to create a first encrypted challenge, wherein sending the first input comprises sending the first encrypted challenge; and
      
      decrypt an encrypted second challenge using a private key of the first member to create a decrypted second challenge, wherein the decrypted second challenge comprises the second input.
  - 14. The computing device of claim 9, wherein encrypting the communications between the first member and the second member using the initial message digest comprises:
    - extracting a shared secret and a dynamic secret from the initial message digest; and
      
      generating, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extracting, from the second message digest, a first encryption key and first algorithm selector bits;
      
      identifying a first encryption algorithm specified by the first algorithm selector bits; and
      
      encrypting a first communication using the first encryption algorithm and the first encryption key.
  - 15. The computing device of claim 14, wherein encrypting the communications between the first member and the second member using the initial message digest further comprises:
    - extracting a change value from the second message digest;
      
      generating, by the n-bit generator, a third message digest using the change value and the dynamic secret;
      
      extracting, from the third message digest, a second encryption key and second algorithm selector bits;
      
      identifying a second encryption algorithm specified by the second algorithm selector bits; and
      
      encrypting a second communication using the second encryption algorithm and the second encryption key.
  - 16. The computing device of claim 9, wherein the software instructions further cause the computing device to:
    - extract a shared secret and a dynamic secret from the initial message digest; and
      
      generate, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extract a change value from the second message digest;
      
      combine the change value and the dynamic secret to create an interim dynamic secret; and
      
      generate, by the n-bit generator, a third message digest using the interim dynamic secret;
      
      extract a first portion of the encryption key from the second message digest and the a second portion of the encryption key from the third message digest to obtain an extracted encryption key; and
      
      encrypt the communication using the extracted encryption key.

17. A non-transitory computer readable medium comprising computer readable program code embodied therein for causing a computer system to perform a method for securing communication between a plurality of members, the method comprising:
- sending, by a first member, a first input to a second member, wherein the first member is a server, the second member is a client, and the first input comprises a server challenge;
  
  receiving, by the first member, a second input from the second member, wherein the second input comprises a password, and wherein the password is provided to the server by the client when creating an account prior to the sending the first input; and
  
  generating, by an n-bit generator, an initial message digest using the first input and the second input,wherein communications between the first member and the second member are encrypted using the initial message digest, wherein encrypting the communications between the first member and the second member using the initial message digest comprises;
  
  extracting a first secret from at least the initial message digest,generating, by the n-bit generator, a second message digest using the first secret,extracting an encryption key and algorithm selector bits from the second message digest,identifying an encryption algorithm specified by the algorithm selector bits, andencrypting at least one communication using the identified encryption algorithm and the encryption key.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory computer readable medium of claim 17, wherein the method further comprises:
    - receiving, by the server, a client identifier from the client; and
      
      determining whether the client is authorized based on the client identifier,wherein sending the server challenge is performed in response to determining that the client is authorized.
  - 19. The non-transitory computer readable medium of claim 18, wherein the method further comprises:
    - verifying the password based on the client identifier,wherein generating the initial message digest is performed in response to determining that the password is valid.
  - 20. The non-transitory computer readable medium of claim 17, wherein the method further comprises:
    - receiving, by the server, a client challenge;
      
      extracting a secret from the initial message digest;
      
      generating, by the n-bit generator, a second message digest using the secret and the client challenge;
      
      extracting a server generated administrative command authentication secret (ACAS) from the second message digest;
      
      generating, by the n-bit generator, a first command authentication message digest (CAMD) using a first encrypted communication and the server generated ACAS; and
      
      sending, by the server, the CAMD and the first encrypted communication to the client,wherein the client;
      
      generates, by the n-bit generator, a second command authentication message digest (CAMD) using the first encrypted communication and a client generated ACAS,decrypts the first encrypted communication when the first CAMD is identical to the second CAMD.
  - 21. The non-transitory computer readable medium of claim 17, further comprising:
    - identifying, by the first member, a public key of the second member;
      
      encrypting the server challenge with the public key of the second member to create a first encrypted challenge, wherein sending the first input comprises sending the first encrypted challenge; and
      
      decrypting, by the first member, an encrypted second challenge using a private key of the first member to create a decrypted second challenge, wherein the decrypted second challenge comprises the second input.
  - 22. The non-transitory computer readable medium of claim 17, wherein encrypting the communications between the first member and the second member using the initial message digest comprises:
    - extracting a shared secret and a dynamic secret from the initial message digest; and
      
      generating, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extracting, from the second message digest, a first encryption key and first algorithm selector bits;
      
      identifying a first encryption algorithm specified by the first algorithm selector bits; and
      
      encrypting a first communication using the first encryption algorithm and the first encryption key.
  - 23. The non-transitory computer readable medium of claim 22, wherein encrypting the communications between the first member and the second member using the initial message digest further comprises:
    - extracting a change value from the second message digest;
      
      generating, by the n-bit generator, a third message digest using the change value and the dynamic secret;
      
      extracting, from the third message digest, a second encryption key and a second algorithm selector bits;
      
      identifying a second encryption algorithm specified by the second algorithm selector bits; and
      
      encrypting a second communication using the second encryption algorithm and the second encryption key.
  - 24. The non-transitory computer readable medium of claim 17, wherein the method further comprises:
    - extracting a shared secret and a dynamic secret from the initial message digest; and
      
      generating, by the n-bit generator, a second message digest using the shared secret and the dynamic secret,extracting a change value from the second message digest;
      
      combining the change value and the dynamic secret to create an interim dynamic secret; and
      
      generating, by the n-bit generator, a third message digest using the interim dynamic secret;
      
      extracting a first portion of an encryption key from the second message digest and a second portion of the encryption key from the third message digest to obtain an extracted encryption key; and
      
      encrypting the communication using the extracted encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PACid Technologies, LLC
Original Assignee
PACid Technologies, LLC
Inventors
Fielder, Guy
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Debnath, Suman

Application Number

US13/203,344
Publication Number

US 20110307706A1
Time in Patent Office

1,272 Days
Field of Search

713168-181, 713/189, 713/156, 713/190, 726/26, 709/204, 370/260, 370/338
US Class Current

713/181
CPC Class Codes

G06F 21/6209   to a single file or object,...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

H04L 9/32   including means for verifyi...

H04L 9/3228   One-time or temporary data,...

Method and system for securing communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for securing communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links