Method and apparatus for providing an adaptable security level in an electronic communication

US 9,191,395 B2
Filed: 09/04/2014
Issued: 11/17/2015
Est. Priority Date: 07/07/2003
Status: Active Grant

First Claim

Patent Images

1. A method performed by a communication device, said method comprising:

said communication device preparing a plurality of frames, each frame having a header and data, wherein the preparing the plurality of frame comprises;

on a frame-by-frame basis, for each individual frame;

determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame; and

based on said security level, including security control bits in the header of the individual frame; and

said communication device communicating the plurality of frames to a recipient device, wherein the security control bits include one or more security mode bits and integrity level bits, wherein the one or more security mode bits are used to indicate whether encryption is on or off, wherein the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength, and wherein said security control bits allow the recipient device to identify said security level for each individual frame and to reject an individual frame if said security level does not comply with a minimum security level required by the recipient device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

Citations

20 Claims

1. A method performed by a communication device, said method comprising:
- said communication device preparing a plurality of frames, each frame having a header and data, wherein the preparing the plurality of frame comprises;
  
  on a frame-by-frame basis, for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame; and
  
  based on said security level, including security control bits in the header of the individual frame; and
  
  said communication device communicating the plurality of frames to a recipient device, wherein the security control bits include one or more security mode bits and integrity level bits, wherein the one or more security mode bits are used to indicate whether encryption is on or off, wherein the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength, and wherein said security control bits allow the recipient device to identify said security level for each individual frame and to reject an individual frame if said security level does not comply with a minimum security level required by the recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, further comprises receiving a frame, wherein the frame indicates a version of a key to be used in an encryption system.
  - 3. The method according to claim 1, wherein said communication device provides the plurality of frames for transmission to multiple recipients, and determining said security level includes determining a minimum security level to satisfy all of the recipients, wherein said security control bits are based on said minimum security level.
  - 4. The method according to claim 1, wherein said security level is determined based on predetermined minimum requirements.
  - 5. The method according to claim 4, wherein said predetermined minimum requirements are determined among said communication device and at least one recipient device based on an agreed-upon rule.
  - 6. The method according to claim 1, wherein said security level is determined based upon content of that individual frame.
  - 7. The method according to claim 1, further comprising said communication device encrypting the data for each individual frame according to said security level for the frame.
  - 8. The method according to claim 1, wherein said security control bits include an indication of a cryptographic algorithm parameter.
  - 9. The method according to claim 1, further comprising the communication device signing the header and data for each individual frame according to said security level for the frame.
  - 10. The method of claim 1, wherein the number of integrity levels is four, and the four integrity levels correspond to key lengths of 0, 32, 64, and 128 bits.
  - 11. The method of claim 1, wherein one of the integrity levels uses a key length of 128 bits.
  - 12. The method of claim 1, wherein one of the integrity levels indicates no integrity security.
  - 13. The method of claim 1, wherein the number of integrity levels is at least four, and the at least four levels include four levels corresponding to key lengths of 0, 32, 64, and 128 bits.

14. A non-transitory computer-readable storage medium comprising computer-executable instructions that are configured when executed by data processing apparatus to perform operations comprising:
- preparing a plurality of frames, each frame having a header and data, wherein the preparing the plurality of frames comprises;
  
  on a frame-by-frame basis, for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame; and
  
  based on said security level, including security control bits in the header of the individual frame; and
  
  communicating the plurality of frames to a recipient device, wherein the security control bits include one or more security mode bits and integrity level bits, wherein the one or more security mode bits are used to indicate whether encryption is on or off, wherein the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength, and wherein said security control bits allow the recipient device to identify said security level for each individual frame and to reject an individual frame if said security level does not comply with a minimum security level required by the recipient device.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The non-transitory computer-readable storage medium according to claim 14, wherein said plurality of frames are provided for transmission to multiple recipients, determining said security level includes determining a minimum security level to satisfy all of the recipients, and said security control bits are based on said minimum security level.
  - 16. The non-transitory computer-readable storage medium according to claim 14, wherein said security level is determined based on predetermined minimum requirements.
  - 17. The non-transitory computer-readable storage medium according to claim 14, wherein said security level is determined based upon content of the individual frame.
  - 18. The non-transitory computer-readable storage medium according to claim 14, the operations further comprising encrypting the data for each individual frame according to said security level for the frame.
  - 19. The non-transitory computer-readable storage medium according to claim 14, wherein said security control bits include an indication of a cryptographic algorithm parameter.

20. A transmitter device, comprising:
- a memory; and
  
  one or more processors communicatively coupled with the memory and configured to;
  
  prepare a plurality of frames, each frame having a header and data, wherein the preparing the plurality of frames comprises;
  
  on a frame-by-frame basis, for each individual frame;
  
  determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame; and
  
  based on said security level, including security control bits in the header of the individual frame; and
  
  communicate the plurality of frames to a recipient device, wherein the security control bits include one or more security mode bits and integrity level bits, wherein the one or more security mode bits are used to indicate whether encryption is on or off, wherein the integrity level bits indicate which of at least four integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength, and wherein said security control bits allow the recipient device to identify said security level for each individual frame and to reject an individual frame if said security level does not comply with a minimum security level required by the recipient device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Struik, Marinus
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US14/477,637
Publication Number

US 20150046983A1
Time in Patent Office

439 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/123   received data contents, e.g...

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04L 9/00   Cryptographic mechanisms or...

H04L 9/088   Usage controlling of secret...

H04W 12/02   Protecting privacy or anony...

H04W 12/67   Risk-dependent, e.g. select...

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing an adaptable security level in an electronic communication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links