Method and system for secure communication

US 9,077,521 B2
Filed: 02/16/2011
Issued: 07/07/2015
Est. Priority Date: 02/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for secure communication, comprising:

generating, by a server, a first shared key, a first counter and a second counter;

transmitting, by the server, the first shared key, the first counter and the second counter to a computing device;

encrypting outgoing messages sent over a network to another computing device using the first shared key shared with said other computing device, and the first counter, said first shared key and said first counter being stored in storage of the computing device;

decrypting incoming messages received over said network from said other computing device using said first shared key and the second counter stored in said storage of said computing device;

generating a first hash-based message authentication code from said first shared key and a first value of said first counter;

generating a second hash-based message authentication code from said first shared key and a second value of said first counter; and

generating a first encryption key as a first function of said first hash-based message authentication code and said second hash-based message authentication code, wherein said first and said second counters are asynchronous, and wherein said encrypting comprises encrypting using said first encryption key.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for secure communication is provided. Outgoing messages to another computing device are encrypted using a first shared key shared with said other computing device, and a first counter, said first shared key and said first counter being stored in storage of a computing device. Incoming messages from said other computing device are decrypted using said first shared key and a second counter stored in said storage of said computing device.

Citations

22 Claims

1. A method for secure communication, comprising:
- generating, by a server, a first shared key, a first counter and a second counter;
  
  transmitting, by the server, the first shared key, the first counter and the second counter to a computing device;
  
  encrypting outgoing messages sent over a network to another computing device using the first shared key shared with said other computing device, and the first counter, said first shared key and said first counter being stored in storage of the computing device;
  
  decrypting incoming messages received over said network from said other computing device using said first shared key and the second counter stored in said storage of said computing device;
  
  generating a first hash-based message authentication code from said first shared key and a first value of said first counter;
  
  generating a second hash-based message authentication code from said first shared key and a second value of said first counter; and
  
  generating a first encryption key as a first function of said first hash-based message authentication code and said second hash-based message authentication code, wherein said first and said second counters are asynchronous, and wherein said encrypting comprises encrypting using said first encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - generating a first one-time password using a second shared key and said first counter.
  - 3. The method of claim 2, further comprising:
    - communicating said first one-time password to said other computing device to enable determination of the value of said first counter.
  - 4. The method of claim 1, wherein said first function includes at least a portion of a concatenation of said first and second hash-based message authentication codes.
  - 5. The method of claim 1, further comprising:
    - combining said first encryption key with an initialization vector for encrypting said message.
  - 6. The method of claim 5, wherein said encrypting comprises:
    - generating an initialization vector as a second function of at least one of said first and second hash-based message authentication codes; and
      
      encrypting said message using said first encryption key concatenated with said initialization vector.
  - 7. The method of claim 6, wherein said generating comprises setting said initialization vector as a portion of said second hash-based message authentication code.
  - 8. The method of claim 1, further comprising:
    - communicating an identifier for said first shared key and said first counter with an encrypted message.
  - 9. The method of claim 1, further comprising:
    - receiving a second one-time password from said other computing device; and
      
      synchronizing said second counter using said second one-time password.
  - 10. The method of claim 9, further comprising:
    - generating a third hash-based message authentication code from said first shared key and a first value of said second counter;
      
      generating a fourth hash-based message authentication code from said first shared key and a second value of said second counter; and
      
      generating a second encryption key as a first function of said third hash-based message authentication code and said fourth hash-based message authentication code,wherein said decrypting comprises decrypting using said second encryption key.

11. A system for secure communication, comprising:
- a server generating a first shared key, a first counter and a second counter, and transmitting the first shared key, the first counter and the second counter to a computing device;
  
  the computing device having a storage storing the first shared key, and the first counter and the second counter, and a processor executing an encryption module, said encryption module for encrypting outgoing messages sent over a network to another computing device using the first shared key and for decrypting incoming messages received over said network from said other computing device using said first shared key and said second counter, said other computing device also storing said first shared key and said first and second counters;
  
  wherein said first and said second counters are asynchronous,and wherein said encryption module generates a first hash-based message authentication code from said first shared key and a first value of said first counter, and a second hash-based message authentication code from said first shared key and a second value of said first counter, said encryption module generating a first encryption key as a first function of said first hash-based message authentication code and said second hash-based message authentication code, and encrypting one of said outgoing messages using said first encryption key, said encryption module causing said network interface to communicate said one encrypted outgoing message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein said encryption module generates a first one-time password using a second shared key and said first counter.
  - 13. The system of claim 12, wherein said computing device communicates said first one-time password to said other computing device to enable determination of the value of said first counter.
  - 14. The system of claim 11, wherein said first function includes at least a portion of a concatenation of said first and second hash-based message authentication codes.
  - 15. The system of claim 11, wherein said encryption module combines said first encryption key with an initialization vector for encrypting said one outgoing message.
  - 16. The system of claim 15, wherein said encryption module generates an initialization vector as a second function of at least one of said first and second hash-based message authentication codes, and encrypts said one outgoing message using said first encryption key concatenated with said initialization vector.
  - 17. The system of claim 16, wherein said encryption module sets said initialization vector as a portion of said second hash-based message authentication code.
  - 18. The system of claim 11, wherein said encryption module communicates an identifier for said shared key and said first counter with one encrypted outgoing message.
  - 19. The system of claim 11, wherein said encryption module synchronizes said second counter with said other computing device using a second one-time password received therefrom.
  - 20. The system of claim 19, wherein said encryption module generates a third hash-based message authentication code from said first shared key and a first value of said second counter, a fourth hash-based message authentication code from said first shared key and a second value of said second counter, and a second encryption key as a first function of said third hash-based message authentication code and said fourth hash-based message authentication code, wherein said encryption module decrypts one of said incoming messages using said second encryption key.

21. A method for secure communication, comprising:
- generating, by a server, a first shared key, a first counter and a second counter;
  
  transmitting, by the server, the first shared key, the first counter and the second counter to a computing device and to another computing device;
  
  encrypting outgoing messages sent over a network to said other computing device using the first shared key shared with said other computing device, and the first counter, said first shared key and said first counter being stored in storage of the computing device;
  
  decrypting incoming messages received over said network from said other computing device using said first shared key and the second counter stored in said storage of the computing device;
  
  receiving a second one-time password from said other computing device;
  
  synchronizing said second counter using said second one-time password;
  
  generating a third hash-based message authentication code from said first shared key and a first value of said second counter;
  
  generating a fourth hash-based message authentication code from said first shared key and a second value of said second counter;
  
  and generating a second encryption key as a first function of said third hash-based message authentication code and said fourth hash-based message authentication code, wherein said first and said second counters are asynchronous, and wherein said decrypting comprises decrypting using said second encryption key.

22. A system for secure communication, comprising:
- a server generating a first shared key, a first counter and a second counter, and transmitting the first shared key, the first counter and the second counter to a computing device;
  
  the computing device having a storage storing the first shared key, and the first counter and the second counter, and a processor executing an encryption module, said encryption module for encrypting outgoing messages sent over a network to another computing device using the first shared key and for decrypting incoming messages received over said network from said other computing device using said first shared key and said second counter, said other computing device also storing said first shared key and said first and second counters;
  
  wherein said first and said second counters are asynchronous,wherein said encryption module synchronizes said second counter with said other computing device using a second one-time password received therefrom, and wherein said encryption module generates a third hash-based message authentication code from said first shared key and a first value of said second counter, a fourth hash-based message authentication code from said first shared key and a second value of said second counter, and a second encryption key as a first function of said third hash-based message authentication code and said fourth hash-based message authentication code, wherein said encryption module decrypts one of said incoming messages using said second encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IQVIA, Inc. (IQVIA Holdings, Inc.)
Original Assignee
IMS Health Incorporated (IQVIA Holdings, Inc.)
Inventors
Machani, Salah
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
Tolentino, Roderick

Application Number

US13/028,613
Publication Number

US 20110208965A1
Time in Patent Office

1,602 Days
Field of Search

713/155, 713168-170, 380/229
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0435   wherein the sending and rec...

H04L 63/0838   using one-time-passwords

H04L 63/123   received data contents, e.g...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0891   Revocation or update of sec...

H04L 9/3228   One-time or temporary data,...

H04L 9/3242   involving keyed hash functi...

Method and system for secure communication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for secure communication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links