Techniques for handshake-free encrypted communication using symmetric key caching during request-and-response

US 9,432,189 B1
Filed: 03/08/2013
Issued: 08/30/2016
Est. Priority Date: 03/07/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a processor circuit on a device;

a key component operative on the processor circuit to retrieve a first symmetric encryption key from a key store using an identifier associated with a second device;

a message component operative on the processor circuit to construct a message comprising a data section and a timestamp, the data section encrypted using the first symmetric encryption key, the timestamp comprising a time the message was constructed and to indicate a start of a validity period for the message; and

a network component operative on the processor circuit to transmit the message to the second device and to receive a response to the message from the second device, the response encrypted using the first symmetric encryption key and comprising a second symmetric encryption key, the key component operative to replace the first symmetric key with the second symmetric key in the key store and associate the second symmetric key with the identifier associated with the second device, the second symmetric key to encrypt subsequent messages to the second device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for handshake-free encrypted communication are described. An apparatus may comprise a key component, a message component, and a network component. The key component may be operative to retrieve a first symmetric encryption key from a key store and to store a second symmetric encryption key in the key store. The message component may be operative to construct a message comprising a data section, the data section encrypted using the first symmetric encryption key. The network component may be operative to transmit the message to a device and to receive a response to the message, the response comprising the second symmetric encryption key. Other embodiments are described and claimed.

Citations

16 Claims

1. An apparatus, comprising:
- a processor circuit on a device;
  
  a key component operative on the processor circuit to retrieve a first symmetric encryption key from a key store using an identifier associated with a second device;
  
  a message component operative on the processor circuit to construct a message comprising a data section and a timestamp, the data section encrypted using the first symmetric encryption key, the timestamp comprising a time the message was constructed and to indicate a start of a validity period for the message; and
  
  a network component operative on the processor circuit to transmit the message to the second device and to receive a response to the message from the second device, the response encrypted using the first symmetric encryption key and comprising a second symmetric encryption key, the key component operative to replace the first symmetric key with the second symmetric key in the key store and associate the second symmetric key with the identifier associated with the second device, the second symmetric key to encrypt subsequent messages to the second device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, the second device comprising a web server, the data section comprising a request to receive a web page from the web server, the received response comprising the web page.
  - 3. The apparatus of claim 1, the message comprising a hypertext transfer protocol (HTTP) request, the HTTP request comprising an empty HTTP header and an HTTP body, the HTTP body comprising the data section.
  - 4. The apparatus of claim 1, the key component, the message component, and the network component embedded in a web page for execution by a web browser.
  - 5. The apparatus of claim 1, the network component operative to receive a prior message from the second device, the prior message comprising the first symmetric encryption key, the key component operative to store the first symmetric encryption key in the key store.
  - 6. The apparatus of claim 1, the key component operative to invalidate the first symmetric encryption key in the key store after the expiration of the validity period.

7. A computer-implemented method, comprising:
- retrieving, by a key component, a first symmetric encryption key from a key store using an identifier associated with a device;
  
  encrypting, by a message component, a data section using the first symmetric encryption key;
  
  constructing, by the message component, a message comprising the encrypted data section and a timestamp, the timestamp comprising a time the message was constructed and to indicate a start of a validity period for the message;
  
  transmitting, by a network component, the message to the device;
  
  receiving, by the network component, a response to the message, the response encrypted using the first symmetric encryption key and comprising a second symmetric encryption key;
  
  replacing, by the key component, the first symmetric key with the second symmetric key in the key store; and
  
  associating the second symmetric key with the identifier associated with the device, the second symmetric key to encrypt subsequent messages to the device.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, comprising:
    - decrypting the response using the first symmetric encryption key.
  - 9. The method of claim 7, the device comprising a web server, the data section comprising a request to receive a web page from the web server, the received response comprising the web page, the message comprising a hypertext transfer protocol (HTTP) request, the HTTP request comprising an empty HTTP header and an HTTP body, the HTTP body comprising the data section.
  - 10. The method of claim 7, comprising:
    - receiving a prior message from the device, the prior message comprising the first symmetric encryption key; and
      
      storing the first symmetric encryption key in the key store.
  - 11. The method of claim 7, comprising:
    - invalidating, by the key component, the first symmetric encryption key in the key store after the expiration of the validity period.

12. At least one non-transitory computer-readable storage medium comprising instructions that, when executed, cause a system to:
- retrieve, by a key component, a first symmetric encryption key from a key store using an identifier associated with a device;
  
  encrypt, by a message component, a data section using the first symmetric encryption key;
  
  construct, by the message component, a message comprising the data section and a timestamp, the timestamp comprising a time the message was constructed and to indicate a start of a validity period for the message;
  
  transmit, by a network component, the message to the device;
  
  receive, by the network component, a response to the message, the response encrypted using the first symmetric encryption key and comprising a second symmetric encryption key;
  
  decrypt, by the message component, the response using the first symmetric encryption key;
  
  replace, by the key component, the first symmetric key with the second symmetric key in the key store; and
  
  associate the second symmetric key with the identifier associated with the device, the second symmetric key to encrypt subsequent messages to the device.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The non-transitory computer-readable storage medium of claim 12, the device comprising a web server, the data section comprising a request to receive a web page from the web server, and the received response comprising the web page.
  - 14. The non-transitory computer-readable storage medium of claim 13, the message comprising a hypertext transfer protocol (HTTP) request, the HTTP request comprising an empty HTTP header and an HTTP body, and the HTTP body comprising the data section.
  - 15. The non-transitory computer-readable storage medium of claim 12, comprising further instructions that, when executed, cause a system to:
    - receive a prior message from the device, the prior message comprising the first symmetric encryption key; and
      
      store the first symmetric encryption key in the key store.
  - 16. The non-transitory computer-readable storage medium of claim 12,comprising further instructions that, when executed, cause a system to:
    - invalidate, by the key component, the first symmetric encryption key in the key store after the expiration of the validity period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Wu, Yunnan
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/790,520
Time in Patent Office

1,271 Days
Field of Search

380/260
US Class Current

1/1
CPC Class Codes

H04L 63/045   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/568   Storing data temporarily at...

H04L 9/0819   Key transport or distributi...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/12   Transmitting and receiving ...

H04L 9/14   using a plurality of keys o...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

Techniques for handshake-free encrypted communication using symmetric key caching during request-and-response

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for handshake-free encrypted communication using symmetric key caching during request-and-response

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links