Method and apparatus for synchronizing an adaptable security level in an electronic communication

US 8,640,253 B2
Filed: 07/18/2012
Issued: 01/28/2014
Est. Priority Date: 08/19/2003
Status: Active Grant

First Claim

Patent Images

1. A method for communicating, comprising:

generating a plurality of frames for communication destined to a recipient, each of the plurality of frames includes a header identifying a security level applied to associated data; and

dynamically updating security levels associated with the plurality of frames based on acknowledgement messages from the recipient indicating expected security levels,wherein the plurality of frames includes a first frame and a second frame, and dynamically updating security levels comprises;

transmitting, to the recipient, the first frame including a first header and first data, the first header identifying a first security level applied to the first data;

receiving, from the recipient, an acknowledgement message identifying an expected security level;

determining a second security level different from the first security level based on the received expected security level; and

transmitting, to the recipient, a second frame including a second header and second data, the second header identifying the second security level applied to the second data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

60 Citations

43 Claims

1. A method for communicating, comprising:
- generating a plurality of frames for communication destined to a recipient, each of the plurality of frames includes a header identifying a security level applied to associated data; and
  
  dynamically updating security levels associated with the plurality of frames based on acknowledgement messages from the recipient indicating expected security levels,wherein the plurality of frames includes a first frame and a second frame, and dynamically updating security levels comprises;
  
  transmitting, to the recipient, the first frame including a first header and first data, the first header identifying a first security level applied to the first data;
  
  receiving, from the recipient, an acknowledgement message identifying an expected security level;
  
  determining a second security level different from the first security level based on the received expected security level; and
  
  transmitting, to the recipient, a second frame including a second header and second data, the second header identifying the second security level applied to the second data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the second security level is a security level higher or lower than the first security level.
  - 3. The method of claim 1, further comprising encrypting the first data in accordance with the first security level.
  - 4. The method of claim 1, further comprising signing the first frame in accordance with the first security level.
  - 5. The method of claim 1, further comprising:
    - transmitting the plurality of frames to a plurality of recipients including the recipient; and
      
      dynamically updating security levels associated with the plurality of frames based on acknowledgement messages from the plurality of recipients indicating expected security levels.
  - 6. The method of claim 5, where each security level is selected to satisfy the received expected security levels.
  - 7. The method of claim 1, each of the expected security levels include a minimum security level of an associated recipient.
  - 8. The method of claim 1, where each of the security levels is different.

9. A computer program product encoded on a tangible, non-transitory storage medium, the product comprising computer readable instructions for causing one or more processors to perform operations comprising:
- generating a plurality of frames for communication destined to a recipient, each of the plurality of frames includes a header identifying a security level applied to associated data; and
  
  dynamically updating security levels associated with the plurality of frames based on acknowledgement messages from the recipient indicating expected security levels,wherein the plurality of frames includes a first frame and a second frame, and dynamically updating security levels includes;
  
  transmitting, to the recipient, the first frame including a first header and first data, the first header identifying a first security level applied to the first data;
  
  receiving, from the recipient, an acknowledgement message identifying an expected security level;
  
  determining a second security level different from the first security level based on the received expected security level; and
  
  transmitting, to the recipient, a second frame including a second header and second data, the second header identifying the second security level applied to the second data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, wherein the second security level is a security level higher or lower than the first security level.
  - 11. The computer program product of claim 9, the operations further comprising encrypting the first data in accordance with the first security level.
  - 12. The computer program product of claim 9, the operations further comprising signing the first frame in accordance with the first security level.
  - 13. The computer program product of claim 9, the operations comprising:
    - transmitting the plurality of frames to a plurality of recipients including the recipient; and
      
      dynamically modifying security levels associated with the plurality of frames based on acknowledgement messages from the plurality of recipients indicating expected security levels.
  - 14. The computer program product of claim 13, each of the expected security levels include minimum security levels of an associated recipient.
  - 15. The computer program product of claim 13, each security level is selected to satisfy the received expected security levels.
  - 16. The computer program product of claim 9, each of the security levels is different.

17. A computing device, comprising:
- one or more physical processors configured to;
  
  generate a plurality of frames for communication destined to a recipient, each of the plurality of frames includes a header identifying a security level applied to associated data; and
  
  dynamically update security levels associated with the plurality of frames based on acknowledgement messages from the recipient indicating expected security levels,wherein the plurality of frames includes a first frame and a second frame, and dynamically updating security levels includes;
  
  transmitting, to the recipient, the first frame including a first header and first data, the first header identifying a first security level applied to the first data;
  
  receiving, from the recipient, an acknowledgement message including information identifying an expected security level;
  
  determining a second security level different from the first security level based on the received expected security level; and
  
  transmitting, to the recipient, a second frame including a second header and second data, the second header identifying the second security level applied to the second data.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computing device of claim 17, wherein the second security level is a security level higher or lower than the first security level.
  - 19. The computing device of claim 17, the one or more processors configured to encrypt the first data in accordance with the first security level.
  - 20. The computing device of claim 17, the one or more processors configured to sign the first frame in accordance with the first security level.
  - 21. The computing device of claim 17, the one or more processors configured to:
    - transmit the plurality of frames to a plurality of recipients including the recipient; and
      
      dynamically modify security levels associated with the plurality of frames based on acknowledgement messages from the plurality of recipients indicating expected security levels.
  - 22. The computing device of claim 21, each of the expected security levels include a minimum security level of an associated recipient.
  - 23. The computing device of claim 21, each security level is selected to satisfy the received expected security levels.
  - 24. The computing device of claim 17, each of the security levels is different.

25. A security method for communicating in a communication network, the method comprising:
- obtaining expected security level data for a plurality of correspondents, wherein the expected security level data indicate that two or more of the plurality of correspondents have different expected security levels;
  
  determining, by operation of one or more processors, a group security level that is acceptable to all of the plurality of correspondents based on the expected security level data; and
  
  obtaining a frame for transmission to the plurality of correspondents, the frame includes data and a header indicating a security level for the frame, wherein the security level for the frame meets the group security level.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The method of claim 25, wherein the correspondents are intermediate nodes in the communication network, the intermediate nodes are configured to forward the frame to one or more recipients.
  - 27. The method of claim 25, wherein the correspondents are intended recipients of the frame.
  - 28. The method of claim 25, wherein the expected security level data includes a set of expected security levels, and the method comprises:
    - an intermediate node in the communication network performing an ordering of the set; and
      
      the intermediate node sending a result of the ordering to a sender of the frame.
  - 29. The method of claim 28, wherein the ordering is a Cartesian product of a natural ordering for encryption and a natural ordering for authentication.
  - 30. The method of claim 25, wherein the expected security level data includes a partial ordering of a set of expected security levels.
  - 31. The method of claim 25, wherein the security level for the frame is either higher than the group security level or equal to the group security level.

32. A computer program product encoded on a tangible, non-transitory storage medium, the product comprising computer readable instructions for causing one or more processors to perform operations comprising:
- obtaining expected security level data for a plurality of correspondents, wherein the expected security level data indicate that two or more of the plurality of correspondents have different expected security levels;
  
  determining, based on the expected security level data, a group security level that is acceptable to all of the plurality of correspondents; and
  
  obtaining a frame for transmission to the plurality of correspondents, the frame includes data and a header indicating a security level for the frame, wherein the security level for the frame meets the group security level.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The computer program product of claim 32, wherein the correspondents are intermediate nodes in a communication network, and the intermediate nodes are configured to forward the frame to a recipient.
  - 34. The computer program product of claim 32, wherein the correspondents are intended recipients of the frame.
  - 35. The computer program product of claim 32, wherein the expected security level data includes a set of expected security levels, and the operations include:
    - performing an ordering of the set at an intermediate node in a communication network; and
      
      sending a result of the ordering from the intermediate node to a sender of the frame.
  - 36. The computer program product of claim 35, wherein the ordering is a Cartesian product of a natural ordering for encryption and a natural ordering for authentication.
  - 37. The computer program product of claim 32, wherein the expected security level data includes a partial ordering of a set of expected security levels.

38. A computing device in a communication network, the computing device comprising:
- one or more physical processors processor configured to;
  
  obtain expected security level data for a plurality of correspondents, wherein the expected security level data indicate that two or more of the plurality of correspondents have different expected security levels;
  
  determine, based on the expected security level data, a group security level that is acceptable to all of the plurality of correspondents; and
  
  obtain a frame for transmission to the plurality of correspondents, the frame includes data and a header indicating a security level for the frame, wherein the security level for the frame meets the group security level.
- View Dependent Claims (39, 40, 41, 42, 43)
- - 39. The computing device of claim 38, wherein the computing device is a sender of the frame, and the correspondents are intermediate nodes in the communication network.
  - 40. The computing device of claim 38, wherein the computing device is an intermediate node in a communication network, the correspondents are intended recipients of the frame, and obtaining the frame includes receiving the frame from a sender of the frame.
  - 41. The computing device of claim 40, wherein the expected security level data includes a set of expected security levels, and the one or more processors are configured to:
    - perform an ordering of the set; and
      
      send a result of the ordering to the sender of the frame.
  - 42. The computing device of claim 41, wherein the ordering includes a Cartesian product of a natural ordering for encryption and a natural ordering for authentication.
  - 43. The computing device of claim 38, wherein the expected security level data includes a partial ordering of a set of expected security levels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus
Primary Examiner(s)
LOUIE, OSCAR A

Application Number

US13/551,869
Publication Number

US 20120284800A1
Time in Patent Office

559 Days
Field of Search

None
US Class Current

726/26
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/123   received data contents, e.g...

H04L 63/162   at the data link layer

Method and apparatus for synchronizing an adaptable security level in an electronic communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for synchronizing an adaptable security level in an electronic communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links