Increased communication security

US 9,602,486 B2
Filed: 08/27/2014
Issued: 03/21/2017
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of increasing communication security, said method comprising:

receiving, from a first computer system at a second computer system, a message including a data portion, wherein said data portion is associated with a security token, and wherein said data portion includes a session key;

performing, at said second computer system, processing associated with said message, wherein said processing includes accessing, from said data portion, a first unique identifier associated with said first computer system, and wherein said processing further includes accessing, from a portion of said message other than said data portion, a second unique identifier associated with said first computer system; and

accessing, responsive to said processing, said session key from said data portion, wherein said accessing further comprises accessing said session key if said first unique identifier correlates to said second unique identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of increasing communication security may include receiving, from a first computer system at a second computer system, a message including a data portion, wherein the data portion is associated with a security token, and wherein the data portion includes a session key. The method may also include performing, at the second computer system, processing associated with the message. The method may further include accessing, responsive to the processing, the session key from the data portion.

38 Citations

View as Search Results

37 Claims

1. A method of increasing communication security, said method comprising:
- receiving, from a first computer system at a second computer system, a message including a data portion, wherein said data portion is associated with a security token, and wherein said data portion includes a session key;
  
  performing, at said second computer system, processing associated with said message, wherein said processing includes accessing, from said data portion, a first unique identifier associated with said first computer system, and wherein said processing further includes accessing, from a portion of said message other than said data portion, a second unique identifier associated with said first computer system; and
  
  accessing, responsive to said processing, said session key from said data portion, wherein said accessing further comprises accessing said session key if said first unique identifier correlates to said second unique identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein said data portion includes said security token, and wherein said security token includes a first unique identifier associated with said first computer system, a second unique identifier associated with said second computer system, expiration data associated with said security token, and said session key.
  - 3. The method of claim 1, wherein said processing further includes decrypting said data portion using a key associated with said second computer system.
  - 4. The method of claim 1, wherein said processing further includes comparing said first unique identifier with said second unique identifier.
  - 5. The method of claim 1, wherein said processing further includes:
    - accessing, from said data portion, a unique identifier associated with said second computer system;
      
      accessing a unique identifier associated with registration of said second computer system; and
      
      comparing said unique identifier associated with said second computer system with said unique identifier associated with registration of said second computer system, andwherein said accessing further comprises accessing said session key if said unique identifier associated with said second computer system correlates to said unique identifier associated with registration of said second computer system.
  - 6. The method of claim 1, wherein said processing further includes:
    - accessing, from said data portion, expiration data associated with said security token; and
      
      determining, based on said expiration data, if said security token is valid, andwherein said accessing further comprises accessing said session key if said security token is valid.
  - 7. The method of claim 1 further comprising:
    - generating authentication data using said session key;
      
      generating another message including said authentication data; and
      
      communicating said another message from said second computer system for delivery to said first computer system.
  - 8. The method of claim 7 further comprising:
    - encrypting, using said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said generating said another message further comprises including said encrypted data as a payload of said another message.
  - 9. The method of claim 1 further comprising:
    - receiving another message from said first computer system at said second computer system, wherein said another message includes authentication data;
      
      performing, based on said authentication data, message validation using said session key; and
      
      if said another message is valid, performing at least one operation associated with said another message.
  - 10. The method of claim 9 further comprising:
    - decrypting, using said session key, a payload of said another message to access said authentication data, andwherein said performing message validation further comprises performing message validation responsive to said decrypting.
  - 11. The method of claim 1, wherein said message is a Constrained Application Protocol (CoAP) message.
  - 12. The method of claim 1, wherein said receiving further comprises receiving said message using Datagram Transport Layer Security (DTLS).

13. An apparatus comprising:
- a communication interface configured to receive, at a computer system, a message including a data portion, wherein said data portion is associated with a security token, and wherein said data portion includes a session key; and
  
  a security component configured to perform processing associated with said message, wherein said security component is further configured to perform said processing by accessing, from said data portion, a first unique identifier associated with another computer system, wherein said security component is further configured to perform said processing by accessing, from a portion of said message other than said data portion, a second unique identifier associated with said another computer system, wherein said security component is further configured to access, responsive to said processing, said session key from said data portion, and wherein said security component is further configured to access said session key if said first unique identifier correlates to said second unique identifier.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The apparatus of claim 13, wherein said data portion includes said security token, and wherein said security token includes a unique identifier associated with said computer system, expiration data associated with said security token, and said session key.
  - 15. The apparatus of claim 13, wherein said communication interface is further configured to receive said message from said another computer system, and wherein said communication interface and said security component are part of said computer system.
  - 16. The apparatus of claim 13, wherein said security component is further configured to perform said processing by decrypting said data portion using a key associated with said computer system.
  - 17. The apparatus of claim 13, wherein said security component is further configured to perform said processing by comparing said first unique identifier with said second unique identifier.
  - 18. The apparatus of claim 13, wherein said security component is further configured to perform said processing by accessing, from said data portion, a unique identifier associated with said computer system, wherein said security component is further configured to perform said processing by accessing a unique identifier associated with registration of said computer system, wherein said security component is further configured to perform said processing by comparing said unique identifier associated with said computer system with said unique identifier associated with registration of said computer system, and wherein said security component is further configured to access said session key if said unique identifier associated with said computer system correlates to said unique identifier associated with registration of said computer system.
  - 19. The apparatus of claim 13, wherein said security component is further configured to perform said processing by accessing, from said data portion, expiration data associated with said security token, wherein said security component is further configured to perform said processing by determining, based on said expiration data, if said security token is valid, and wherein said security component is further configured to access said session key if said security token is valid.
  - 20. The apparatus of claim 13, wherein said security component is further configured to generate authentication data using said session key, and further comprising:
    - a message generation component configured to generate another message including said authentication data, wherein said message generation component is part of said computer system, andwherein said communication interface is further configured to communicate said another message from said computer system for delivery to said another computer system.
  - 21. The apparatus of claim 20, wherein said security component is further configured to encrypt, using said session key, data to generate encrypted data, wherein said data includes said authentication data, and wherein said message generation component is further configured to include said encrypted data as a payload of said another message.
  - 22. The apparatus of claim 13, wherein said communication interface is further configured to receive another message from said another computer system, wherein said another message includes authentication data, wherein said security component is further configured to perform, based on said authentication data, message validation using said session key, and further comprising:
    - an operation component configured to perform, if said another message is valid, at least one operation associated with said another message, and wherein said operation component is part of said computer system.
  - 23. The apparatus of claim 22, wherein said security component is further configured to decrypt, using said session key, a payload of said another message to access said authentication data, and wherein said security component is further configured to perform said message validation responsive to decryption of said payload.
  - 24. The apparatus of claim 13, wherein said message is a Constrained Application Protocol (CoAP) message.
  - 25. The apparatus of claim 13, wherein said communication interface is further configured to receive said message using Datagram Transport Layer Security (DTLS).

26. An apparatus comprising:
- means for receiving, from a first computer system at a second computer system, a message including a data portion, wherein said data portion is associated with a security token, and wherein said data portion includes a session key;
  
  means for performing, at said second computer system, processing associated with said message, wherein said processing includes accessing, from said data portion, a first unique identifier associated with said first computer system, and wherein said processing further includes accessing, from a portion of said message other than said data portion, a second unique identifier associated with said first computer system; and
  
  means for accessing, responsive to said processing, said session key from said data portion, wherein said means for accessing further comprises means for accessing said session key if said first unique identifier correlates to said second unique identifier.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The apparatus of claim 26, wherein said data portion includes said security token, and wherein said security token includes a first unique identifier associated with said first computer system, a second unique identifier associated with said second computer system, expiration data associated with said security token, and said session key.
  - 28. The apparatus of claim 26, wherein said means for processing further includes means for decrypting said data portion using a key associated with said second computer system.
  - 29. The apparatus of claim 26, wherein said means for processing further includes means for comparing said first unique identifier with said second unique identifier.
  - 30. The apparatus of claim 26, wherein said means for processing further includes:
    - means for accessing, from said data portion, a unique identifier associated with said second computer system;
      
      means for accessing a unique identifier associated with registration of said second computer system; and
      
      means for comparing said unique identifier associated with said second computer system with said unique identifier associated with registration of said second computer system, andwherein said means for accessing further comprises means for accessing said session key if said unique identifier associated with said second computer system correlates to said unique identifier associated with registration of said second computer system.
  - 31. The apparatus of claim 26, wherein said means for processing further includes:
    - means for accessing, from said data portion, expiration data associated with said security token; and
      
      means for determining, based on said expiration data, if said security token is valid, andwherein said means for accessing further comprises means for accessing said session key if said security token is valid.
  - 32. The apparatus of claim 26 further comprising:
    - means for generating authentication data using said session key;
      
      means for generating another message including said authentication data; and
      
      means for communicating said another message from said second computer system for delivery to said first computer system.
  - 33. The apparatus of claim 32 further comprising:
    - means for encrypting, using said session key, data to generate encrypted data, wherein said data includes said authentication data, andwherein said means for generating said another message further comprises means for including said encrypted data as a payload of said another message.
  - 34. The apparatus of claim 26 further comprising:
    - means for receiving another message from said first computer system at said second computer system, wherein said another message includes authentication data;
      
      means for performing, based on said authentication data, message validation using said session key; and
      
      means for performing, if said another message is valid, at least one operation associated with said another message.
  - 35. The apparatus of claim 34 further comprising:
    - means for decrypting, using said session key, a payload of said another message to access said authentication data, andwherein said means for performing message validation further comprises means for performing message validation responsive to said decrypting.
  - 36. The apparatus of claim 26, wherein said message is a Constrained Application Protocol (CoAP) message.
  - 37. The apparatus of claim 26, wherein said means for receiving further comprises means for receiving said message using Datagram Transport Layer Security (DTLS).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idaax Technologies Private Limited
Original Assignee
EXILANT Technologies Private Limited
Inventors
Sharma, Vishnu
Primary Examiner(s)
Zee, Edward

Application Number

US14/470,914
Publication Number

US 20150281199A1
Time in Patent Office

937 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

Increased communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Increased communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links