Increased communication security

US 9,419,979 B2
Filed: 08/27/2014
Issued: 08/16/2016
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of increasing communication security, said method comprising:

accessing registration data;

receiving a first message associated with communication between a first computer system and a second computer system, wherein said receiving further comprises receiving said first message at a third computer system;

performing, at said third computer system, processing associated with said first message;

generating, responsive to said processing, a second message including a first data portion and a second data portion, wherein said first data portion includes a unique identifier associated with said second computer system, wherein said registration data is associated with said second computer system, wherein said unique identifier correlates to said registration data, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key; and

communicating said second message from said third computer system for delivery to said first computer system, andwherein said accessing further comprises accessing registration data at said third computer system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of increasing communication security may include receiving a first message associated with communication between a first computer system and a second computer system, wherein the receiving further includes receiving the first message at a third computer system. The method may also include performing, at the third computer system, processing associated with the first message. The method may also include generating, responsive to the processing, a second message including a first data portion and a second data portion, wherein the first data portion is associated with a security token, wherein the first data portion includes a first instance of a session key, and wherein the second data portion includes a second instance of the session key. The method may further include communicating the second message from the third computer system for deliver to the first computer system.

Citations

30 Claims

1. A method of increasing communication security, said method comprising:
- accessing registration data;
  
  receiving a first message associated with communication between a first computer system and a second computer system, wherein said receiving further comprises receiving said first message at a third computer system;
  
  performing, at said third computer system, processing associated with said first message;
  
  generating, responsive to said processing, a second message including a first data portion and a second data portion, wherein said first data portion includes a unique identifier associated with said second computer system, wherein said registration data is associated with said second computer system, wherein said unique identifier correlates to said registration data, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key; and
  
  communicating said second message from said third computer system for delivery to said first computer system, andwherein said accessing further comprises accessing registration data at said third computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said receiving further comprises receiving said first message from said first computer system.
  - 3. The method of claim 1, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, said unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 4. The method of claim 1, wherein said processing includes determining whether said first computer system is authorized to communicate with said second computer system, wherein said generating further comprises generating said second message if said first computer system is authorized to communicate with said second computer system, and wherein said communicating further comprises communicating said second message if said first computer system is authorized to communicate with said second computer system.
  - 5. The method of claim 1, wherein said first message includes authentication data, wherein said processing includes performing, at said third computer system, message validation based on said authentication data, wherein said generating further comprises generating said second message if said first message is valid, and wherein said communicating further comprises communicating said second message if said first message is valid.
  - 6. The method of claim 1 further comprising:
    - generating said first data portion, wherein said generating said first data portion includes;
      
      accessing data, wherein said data includes said first instance of said session key; and
      
      encrypting, using a key associated with said second computer system, said data to generate said first data portion.
  - 7. The method of claim 1 further comprising:
    - generating said second data portion, wherein said generating said second data portion includes;
      
      accessing data, wherein said data includes said second instance of said session key; and
      
      encrypting, using a key associated with said first computer system, said data to generate said second data portion.
  - 8. The method of claim 1 further comprising:
    - accessing permissions data associated with permissions for said first computer system; and
      
      configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 9. The method of claim 1, wherein said first and second messages are Constrained Application Protocol (CoAP) messages.
  - 10. The method of claim 1, wherein said receiving further comprises receiving said first message using Datagram Transport Layer Security (DTLS), and wherein said communicating further comprises communicating said second message using DTLS.

11. An apparatus comprising:
- a communication interface configured to receive a first message associated with communication between a first computer system and a second computer system; and
  
  a security component configured to perform processing associated with said first message; and
  
  a message generation component configured to generate, responsive to said processing, a second message including a first data portion and a second data portion, wherein said first data portion includes a unique identifier associated with said second computer system, wherein said unique identifier correlates to registration data associated with said second computer system, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key, andwherein said communication interface is further configured to communicate said second message.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The apparatus of claim 11, wherein said communication interface is further configured to receive said first message from said first computer system, and wherein said communication interface is further configured to communicate said second message for delivery to said first computer system.
  - 13. The apparatus of claim 11, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, said unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 14. The apparatus of claim 11, wherein said security component is further configured to determine whether said first computer system is authorized to communicate with said second computer system, and wherein said message generation component is further configured to generate said second message if said first computer system is authorized to communicate with said second computer system, and wherein said communication interface is further configured to communicate said second message if said first computer system is authorized to communicate with said second computer system.
  - 15. The apparatus of claim 11, wherein said first message includes authentication data, wherein said security component is further configured to perform message validation based on said authentication data, wherein said message generation component is further configured to generate said second message if said first message is valid, and wherein said communication interface is further configured to communicate said second message if said first message is valid.
  - 16. The apparatus of claim 11, wherein said security component is further configured to access data, wherein said data includes said first instance of said session key, and wherein said security component is further configured to encrypt, using a key associated with said second computer system, said data to generate said first data portion.
  - 17. The apparatus of claim 11, wherein said security component is further configured to access data, wherein said data includes said second instance of said session key, and wherein said security component is further configured to encrypt, using a key associated with said first computer system, said data to generate said second data portion.
  - 18. The apparatus of claim 11, wherein said security component is further configured to access permissions data associated with permissions for said first computer system, and wherein said security component is further configured to configure, based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 19. The apparatus of claim 11, wherein said first and second messages are Constrained Application Protocol (CoAP) messages.
  - 20. The apparatus of claim 11, wherein said communication interface is further configured to receive said first message using Datagram Transport Layer Security (DTLS), and wherein said communication interface is further configured to communicate said second message using DTLS.

21. An apparatus comprising:
- means for accessing registration data;
  
  means for receiving a first message associated with communication between a first computer system and a second computer system, wherein said means for receiving further comprises means for receiving said first message at a third computer system;
  
  means for performing, at said third computer system, processing associated with said first message;
  
  means for generating, responsive to said processing, a second message including a first data portion and a second data portion, wherein said first data portion includes a unique identifier associated with said second computer system, wherein said registration data is associated with said second computer system, wherein said unique identifier correlates to said registration data, wherein said first data portion is associated with a security token, wherein said first data portion includes a first instance of a session key, and wherein said second data portion includes a second instance of said session key; and
  
  means for communicating said second message from said third computer system for delivery to said first computer system, andwherein said means for accessing further comprises means for accessing registration data at said third computer system.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The apparatus of claim 21, wherein said means for receiving further comprises means for receiving said first message from said first computer system.
  - 23. The apparatus of claim 21, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, said unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 24. The apparatus of claim 21, wherein said processing includes determining whether said first computer system is authorized to communicate with said second computer system, wherein said means for generating further comprises means for generating said second message if said first computer system is authorized to communicate with said second computer system, and wherein said means for communicating further comprises means for communicating said second message if said first computer system is authorized to communicate with said second computer system.
  - 25. The apparatus of claim 21, wherein said first message includes authentication data, wherein said processing includes performing, at said third computer system, message validation based on said authentication data, wherein said means for generating further comprises means for generating said second message if said first message is valid, and wherein said means for communicating further comprises means for communicating said second message if said first message is valid.
  - 26. The apparatus of claim 21 further comprising:
    - means for generating said first data portion, wherein said means for generating said first data portion includes;
      
      means for accessing data, wherein said data includes said first instance of said session key; and
      
      means for encrypting, using a key associated with said second computer system, said data to generate said first data portion.
  - 27. The apparatus of claim 21 further comprising:
    - means for generating said second data portion, wherein said means for generating said second data portion includes;
      
      means for accessing data, wherein said data includes said second instance of said session key; and
      
      means for encrypting, using a key associated with said first computer system, said data to generate said second data portion.
  - 28. The apparatus of claim 21 further comprising:
    - means for accessing permissions data associated with permissions for said first computer system; and
      
      means for configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 29. The apparatus of claim 21, wherein said first and second messages are Constrained Application Protocol (CoAP) messages.
  - 30. The apparatus of claim 21, wherein said means for receiving further comprises means for receiving said first message using Datagram Transport Layer Security (DTLS), and wherein said means for communicating further comprises means for communicating said second message using DTLS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idaax Technologies Private Limited
Original Assignee
EXILANT Technologies Private Limited
Inventors
Sharma, Vishnu
Primary Examiner(s)
Zee, Edward

Application Number

US14/470,896
Publication Number

US 20150281241A1
Time in Patent Office

720 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

H04L 9/083   involving central third par...

Increased communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Increased communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links