Increased communication security

US 9,419,949 B2
Filed: 08/27/2014
Issued: 08/16/2016
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of increasing communication security, said method comprising:

responsive to receiving a first message from a first computer system, determining whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system;

if said first computer system is authorized to communicate with a second computer system, communicating a second message from said third computer system for delivery to said first computer system, wherein said second message includes a first data portion and a second data portion, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key;

communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion;

communicating a fourth message from said first computer system for delivery to said second computer system; and

performing, using said first instance of said session key, message validation associated with said fourth message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of increasing communication security may include determining whether a first computer system is authorized to communicate with a second computer system, wherein the determining is performed at a third computer system. A message may be communicated from the third computer system for delivery to the first computer system, wherein the message includes a first data portion and a second data portion, wherein the first data portion includes a first instance of a session key, and wherein the second data portion includes a second instance of the session key. Another message, including the first data portion, may be communicated from the first computer system for delivery to the second computer system. Yet another message may be communication from the first computer system for delivery to the second computer system. Message validation associated with the yet another message may be performed using the first instance of the session key.

41 Citations

View as Search Results

42 Claims

1. A method of increasing communication security, said method comprising:
- responsive to receiving a first message from a first computer system, determining whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system;
  
  if said first computer system is authorized to communicate with a second computer system, communicating a second message from said third computer system for delivery to said first computer system, wherein said second message includes a first data portion and a second data portion, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key;
  
  communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion;
  
  communicating a fourth message from said first computer system for delivery to said second computer system; and
  
  performing, using said first instance of said session key, message validation associated with said fourth message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 3. The method of claim 1 further comprising:
    - generating, at said first computer system, said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system; and
      
      communicating said first message from said first computer system for delivery to said third computer system.
  - 4. The method of claim 1 further comprising:
    - accessing permissions data associated with permissions for said first computer system; and
      
      configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 5. The method of claim 1, wherein said first message includes authentication data, and further comprising:
    - performing, at said third computer system, message validation based on said authentication data, andwherein said communicating said second message further comprises communicating said second message if said first message is valid.
  - 6. The method of claim 1 further comprising:
    - generating said first data portion, wherein said generating said first data portion includes;
      
      accessing data, wherein said data includes said first instance of said session key, and wherein said data further includes other data; and
      
      encrypting, using a key associated with said second computer system, said data to generate said first data portion.
  - 7. The method of claim 1 further comprising:
    - generating said second data portion, wherein said generating said second data portion includes;
      
      accessing data, wherein said data includes said second instance of said session key; and
      
      encrypting, using a key associated with said first computer system, said data to generate said second data portion.
  - 8. The method of claim 1 further comprising:
    - generating, at said first computer system, authentication data using said second instance of said session key;
      
      generating said fourth message including said authentication data, andwherein said performing further comprises performing message validation at said second computer system based on said authentication data, and further comprising;
      
      if said fourth message is valid, performing at least one operation associated with said fourth message.
  - 9. The method of claim 8 further comprising:
    - encrypting, at said first computer system using said second instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said generating said fourth message further comprises including said encrypted data as at least a portion of a payload of said fourth message, and further comprising;
      
      decrypting, at said second computer system using said first instance of said session key, said encrypted data to access said authentication data, andwherein said performing further comprises performing message validation responsive to said decrypting.
  - 10. The method of claim 1 further comprising:
    - generating, at said second computer system, authentication data using said first instance of said session key;
      
      generating a fifth message including said authentication data;
      
      communicating said fifth message from said second computer system for delivery to said first computer system;
      
      performing, at said first computer system based on said authentication data, message validation using said second instance of said session key; and
      
      if said fifth message is valid, performing at least one operation associated with said fifth message.
  - 11. The method of claim 10 further comprising:
    - encrypting, at said second computer system using said first instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said generating said fifth message further comprises including said encrypted data as at least a portion of a payload of said fifth message, and further comprising;
      
      decrypting, at said first computer system using said second instance of said session key, said encrypted data to access said authentication data, andwherein said performing further comprises performing message validation responsive to said decrypting.
  - 12. The method of claim 1, wherein said first message, said second message, said third message, and said fourth message are Constrained Application Protocol (CoAP) messages.
  - 13. The method of claim 1, wherein said communicating said second message further comprises communicating said second message using Datagram Transport Layer Security (DTLS), wherein said communicating said third message further comprises communicating said third message using DTLS, and wherein said communicating said fourth message further comprises communicating said fourth message using DTLS.
  - 14. The method of claim 1 further comprising:
    - decrypting, at said first computer system, said second data portion to access said second instance of said session key, wherein said decrypting further comprises decrypting said second data portion using a first key associated with said first computer system; and
      
      decrypting, at said second computer system, said first data portion to access said first instance of said session key, wherein said decrypting further comprises decrypting said first data portion using a second key associated with said second computer system.

15. A system comprising:
- a first computer system;
  
  a second computer system; and
  
  a third computer system configured to determine, responsive to receiving a first message from said first computer system, whether said first computer system is authorized to communicate with said second computer system, and wherein said third computer system is further configured to communicate, if said first computer system is authorized to communicate with a second computer system, a second message for delivery to said first computer system, wherein said second message includes a first data portion and a second data portion, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key, andwherein said first computer system is configured to communicate a third message for delivery to said second computer system, wherein said third message includes said first data portion, and wherein said first computer system is further configured to communicate a fourth message for delivery to said second computer system, andwherein said second computer system is configured to perform, using said first instance of said session key, message validation associated with said fourth message.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 16. The system of claim 15, wherein said first data portion includes said security token, and wherein said security token includes a first unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 17. The system of claim 15, wherein said first computer system is further configured to generate said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system, and wherein said first computer system is further configured to communicate said first message for delivery to said third computer system.
  - 18. The system of claim 15, wherein said third computer system is further configured to access permissions data associated with permissions for said first computer system, and wherein said third computer system is further configured to configure, based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 19. The system of claim 15, wherein said first message includes authentication data, wherein said third computer system is further configured to perform message validation based on said authentication data, and wherein said third computer system is further configured to communicate said second message if said first message is valid.
  - 20. The system of claim 15, wherein said third computer system is further configured to access data, wherein said data includes said first instance of said session key, and wherein said data further includes other data, and wherein said third computer system is further configured to encrypt, using said second a key associated with said second computer system, said data to generate said first data portion.
  - 21. The system of claim 15, wherein said third computer system is further configured to access data, wherein said data includes said second instance of said session key, and wherein said third computer system is further configured to encrypt, using a key associated with said first computer system, said data to generate said second data portion.
  - 22. The system of claim 15, wherein said first computer system is further configured to generate authentication data using said second instance of said session key, wherein said first computer system is further configured to generate said fourth message including said authentication data, andwherein said second computer system is further configured to perform message validation based on said authentication data, and wherein said second computer system is further configured to perform, if said fourth message is valid, at least one operation associated with said fourth message.
  - 23. The system of claim 22, wherein said first computer system is further configured to encrypt, using said second instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, and wherein said first computer system is further configured to include said encrypted data as at least a portion of a payload of said fourth message, andwherein said second computer system is further configured to decrypt, using said first instance of said session key, said encrypted data to access said authentication data, and wherein said second computer system is further configured to perform message validation responsive to decryption of said payload.
  - 24. The system of claim 15, wherein said second computer system is further configured to generate authentication data using said first instance of said session key, wherein said second computer system is further configured to generate a fifth message including said authentication data, and wherein said second computer system is further configured to communicate said fifth message for delivery to said first computer system, andwherein said first computer system is further configured to perform, based on said authentication data, message validation using said second instance of said session key, and wherein said first computer system is further configured to perform, if said fifth message is valid, at least one operation associated with said fifth message.
  - 25. The system of claim 24, wherein said second computer system is further configured to encrypt, using said first instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, and wherein said second computer system is further configured to include said encrypted data as at least a portion of a payload of said fifth message, andwherein said first computer system is further configured to decrypt, using said second instance of said session key, said encrypted data to access said authentication data, and wherein said first computer system is further configured to perform message validation responsive to said decryption of said payload.
  - 26. The system of claim 15, wherein said first message, said second message, said third message, and said fourth message are Constrained Application Protocol (CoAP) messages.
  - 27. The system of claim 15, wherein said third computer system is further configured to communicate said second message using Datagram Transport Layer Security (DTLS), wherein said first computer system is further configured to communicate said third message using DTLS, and wherein said first computer system is further configured to communicate said fourth message using DTLS.
  - 28. The system of claim 15, wherein said first computer system is configured to decrypt, using a first key associated with said first computer system, said second data portion to access said second instance of said session key, andwherein said second computer system is configured to decrypt, using a second key associated with said second computer system, said first data portion to access said first instance of said session key.
  - 30. The system of claim 27, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 31. The system of claim 27 further comprising:
    - means for generating, at said first computer system, said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system; and
      
      means for communicating said first message from said first computer system for delivery to said third computer system.
  - 32. The system of claim 27 further comprising:
    - means for accessing permissions data associated with permissions for said first computer system; and
      
      means for configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 33. The system of claim 27, wherein said first message includes authentication data, and further comprising:
    - means for performing, at said third computer system, message validation based on said authentication data, andwherein said means for communicating said second message further comprises means for communicating said second message if said first message is valid.
  - 34. The system of claim 27 further comprising:
    - means for generating said first data portion, wherein said means for generating said first data portion includes;
      
      means for accessing data, wherein said data includes said first instance of said session key, and wherein said data further includes other data; and
      
      means for encrypting, using a key associated with said second computer system, said data to generate said first data portion.
  - 35. The system of claim 27 further comprising:
    - means for generating said second data portion, wherein said means for generating said second data portion includes;
      
      means for accessing data, wherein said data includes said second instance of said session key; and
      
      means for encrypting, using a key associated with said first computer system, said data to generate said second data portion.
  - 36. The system of claim 27 further comprising:
    - means for generating, at said first computer system, authentication data using said second instance of said session key;
      
      means for generating said fourth message including said authentication data, andwherein said means for performing further comprises means for performing message validation at said second computer system based on said authentication data, and further comprising;
      
      means for performing, if said fourth message is valid, at least one operation associated with said fourth message.
  - 37. The system of claim 36 further comprising:
    - means for encrypting, at said first computer system using said second instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said means for generating said fourth message further comprises means for including said encrypted data as at least a portion of a payload of said fourth message, and further comprising;
      
      means for decrypting, at said second computer system using said first instance of said session key, said encrypted data to access said authentication data, andwherein said means for performing further comprises means for performing message validation responsive to decryption of said encrypted data.
  - 38. The system of claim 27 further comprising:
    - means for generating, at said second computer system, authentication data using said first instance of said session key;
      
      means for generating a fifth message including said authentication data;
      
      means for communicating said fifth message from said second computer system for delivery to said first computer system;
      
      means for performing, at said first computer system based on said authentication data, message validation using said second instance of said session key; and
      
      means for performing, if said fifth message is valid, at least one operation associated with said fifth message.
  - 39. The system of claim 38 further comprising:
    - means for encrypting, at said second computer system using said first instance of said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said means for generating said fifth message further comprises means for including said encrypted data as at least a portion of a payload of said fifth message, and further comprising;
      
      means for decrypting, at said first computer system using said second instance of said session key, said encrypted data to access said authentication data, andwherein said means for performing further comprises means for performing message validation responsive to decryption of said encrypted data.
  - 40. The system of claim 27, wherein said first message, said second message, said third message, and said fourth message are Constrained Application Protocol (CoAP) messages.
  - 41. The system of claim 27, wherein said means for communicating said second message further comprises means for communicating said second message using Datagram Transport Layer Security (DTLS), wherein said means for communicating said third message further comprises means for communicating said third message using DTLS, and wherein said means for communicating said fourth message further comprises means for communicating said fourth message using DTLS.
  - 42. The system of claim 27 further comprising:
    - means for decrypting, at said first computer system, said second data portion to access said second instance of said session key, wherein said means for decrypting said second data portion further comprises means for decrypting said second data portion using a first key associated with said first computer system; and
      
      means for decrypting, at said second computer system, said first data portion to access said first instance of said session key, wherein said means for decrypting said first data portion further comprises means for decrypting said first data portion using a second key associated with said second computer system.

29. A system comprising:
- means for determining, responsive to receiving a first message from a first computer system, whether said first computer system is authorized to communicate with a second computer system, wherein said means for determining is part of a third computer system;
  
  means for communicating, if said first computer system is authorized to communicate with a second computer system, a second message from said third computer system for delivery to said first computer system, wherein said second message includes a first data portion and a second data portion, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key;
  
  means for communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion;
  
  means for communicating a fourth message from said first computer system for delivery to said second computer system; and
  
  means for performing, using said first instance of said session key, message validation associated with said fourth message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idaax Technologies Private Limited
Original Assignee
EXILANT Technologies Private Limited
Inventors
Sharma, Vishnu
Primary Examiner(s)
Zee, Edward

Application Number

US14/470,917
Publication Number

US 20150326539A1
Time in Patent Office

720 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3242   involving keyed hash functi...

Increased communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

41 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Increased communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links