Increased communication security

US 9,876,643 B2
Filed: 07/21/2016
Issued: 01/23/2018
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method of increasing communication security, said method comprising:

responsive to receiving a first message from a first computer system, determining whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system;

generating a first data portion associated with a security token, wherein said generating said first data portion includes accessing data, wherein said data includes a first instance of a session key, and wherein said generating said first data portion further includes encrypting, using a key associated with said second computer system, said data to generate said first data portion;

if said first computer system is authorized to communicate with said second computer system, communicating a second message from said third computer system for delivery to said first computer system, wherein said second message includes said first data portion and a second data portion, and wherein said second data portion includes a second instance of said session key;

communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of increasing communication security may include determining, responsive to receiving a first message from a first computer system, whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system. The method may also include generating a first data portion associated with a security token, wherein said generating said first data portion includes accessing data, wherein said data includes a first instance of a session key, and wherein said generating said first data portion further includes encrypting, using a key associated with said second computer system, said data to generate said first data portion. The method may further include communicating, if said first computer system is authorized to communicate with said second computer system, a second message from said third computer system for delivery to said first computer system.

Citations

42 Claims

1. A method of increasing communication security, said method comprising:
- responsive to receiving a first message from a first computer system, determining whether said first computer system is authorized to communicate with a second computer system, wherein said determining is performed at a third computer system;
  
  generating a first data portion associated with a security token, wherein said generating said first data portion includes accessing data, wherein said data includes a first instance of a session key, and wherein said generating said first data portion further includes encrypting, using a key associated with said second computer system, said data to generate said first data portion;
  
  if said first computer system is authorized to communicate with said second computer system, communicating a second message from said third computer system for delivery to said first computer system, wherein said second message includes said first data portion and a second data portion, and wherein said second data portion includes a second instance of said session key;
  
  communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 3. The method of claim 1 further comprising:
    - generating, at said first computer system, said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system; and
      
      communicating said first message from said first computer system for delivery to said third computer system.
  - 4. The method of claim 1 further comprising:
    - accessing permissions data associated with permissions for said first computer system; and
      
      configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 5. The method of claim 1, wherein said first message includes authentication data, and further comprising:
    - performing, at said third computer system, message validation based on said authentication data, andwherein said communicating said second message further comprises communicating said second message if said first message is valid.
  - 6. The method of claim 1 further comprising:
    - generating said second data portion, wherein said generating said second data portion includes;
      
      accessing second data, wherein said second data includes said second instance of said session key; and
      
      encrypting, using a key associated with said first computer system, said second data to generate said second data portion.
  - 7. The method of claim 1 further comprising:
    - communicating a fourth message from said first computer system for delivery to said second computer system; and
      
      performing, using said first instance of said session key, message validation associated with said fourth message.
  - 8. The method of claim 7 further comprising:
    - generating, at said first computer system, authentication data using said second instance of said session key;
      
      generating said fourth message including said authentication data, andwherein said performing further comprises performing message validation at said second computer system based on said authentication data, and further comprising;
      
      if said fourth message is valid, performing at least one operation associated with said fourth message.
  - 9. The method of claim 8 further comprising:
    - encrypting, at said first computer system using said second instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, andwherein said generating said fourth message further comprises including said encrypted data as at least a portion of a payload of said fourth message, and further comprising;
      
      decrypting, at said second computer system using said first instance of said session key, said encrypted data to access said authentication data, andwherein said performing further comprises performing message validation responsive to said decrypting.
  - 10. The method of claim 1 further comprising:
    - generating, at said second computer system, authentication data using said first instance of said session key;
      
      generating a fifth message including said authentication data;
      
      communicating said fifth message from said second computer system for delivery to said first computer system;
      
      performing, at said first computer system based on said authentication data, message validation using said second instance of said session key; and
      
      if said fifth message is valid, performing at least one operation associated with said fifth message.
  - 11. The method of claim 10 further comprising:
    - encrypting, at said second computer system using said first instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, andwherein said generating said fifth message further comprises including said encrypted data as at least a portion of a payload of said fifth message, and further comprising;
      
      decrypting, at said first computer system using said second instance of said session key, said encrypted data to access said authentication data, andwherein said performing further comprises performing message validation responsive to said decrypting.
  - 12. The method of claim 1, wherein said first message, said second message, and said third message are Constrained Application Protocol (CoAP) messages.
  - 13. The method of claim 1, wherein said communicating said second message further comprises communicating said second message using Datagram Transport Layer Security (DTLS), and wherein said communicating said third message further comprises communicating said third message using DTLS.
  - 14. The method of claim 1 further comprising:
    - decrypting, at said first computer system, said second data portion to access said second instance of said session key, wherein said decrypting further comprises decrypting said second data portion using a first key associated with said first computer system; and
      
      decrypting, at said second computer system, said first data portion to access said first instance of said session key, wherein said decrypting further comprises decrypting said first data portion using a second key associated with said second computer system.

15. A system comprising:
- a first computer system;
  
  a second computer system; and
  
  a third computer system configured to determine, responsive to receiving a first message from said first computer system, whether said first computer system is authorized to communicate with said second computer system, wherein said third computer system is further configured to access data, wherein said data includes a first instance of a session key, wherein said third computer system is further configured to encrypt, using a key associated with said second computer system, said data to generate a first data portion, wherein said first data portion is associated with a security token, and wherein said third computer system is further configured to communicate, if said first computer system is authorized to communicate with said second computer system, a second message for delivery to said first computer system, wherein said second message includes said first data portion and a second data portion, and wherein said second data portion includes a second instance of said session key, andwherein said first computer system is configured to communicate a third message for delivery to said second computer system, wherein said third message includes said first data portion.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 17. The system of claim 15, wherein said first computer system is further configured to generate said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system, and wherein said first computer system is further configured to communicate said first message for delivery to said third computer system.
  - 18. The system of claim 15, wherein said third computer system is further configured to access permissions data associated with permissions for said first computer system, and wherein said third computer system is further configured to configure, based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 19. The system of claim 15, wherein said first message includes authentication data, wherein said third computer system is further configured to perform message validation based on said authentication data, and wherein said third computer system is further configured to communicate said second message if said first message is valid.
  - 20. The system of claim 15, wherein said third computer system is further configured to access second data, wherein said second data includes said second instance of said session key, and wherein said third computer system is further configured to encrypt, using a key associated with said first computer system, said second data to generate said second data portion.
  - 21. The system of claim 15, wherein said first computer system is further configured to communicate a fourth message for delivery to said second computer system, andwherein said second computer system is configured to perform, using said first instance of said session key, message validation associated with said fourth message.
  - 22. The system of claim 21, wherein said first computer system is further configured to generate authentication data using said second instance of said session key, wherein said first computer system is further configured to generate said fourth message including said authentication data, andwherein said second computer system is further configured to perform message validation based on said authentication data, and wherein said second computer system is further configured to perform, if said fourth message is valid, at least one operation associated with said fourth message.
  - 23. The system of claim 22, wherein said first computer system is further configured to encrypt, using said second instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, and wherein said first computer system is further configured to include said encrypted data as at least a portion of a payload of said fourth message, andwherein said second computer system is further configured to decrypt, using said first instance of said session key, said encrypted data to access said authentication data, and wherein said second computer system is further configured to perform message validation responsive to decryption of said payload.
  - 24. The system of claim 15, wherein said second computer system is further configured to generate authentication data using said first instance of said session key, wherein said second computer system is further configured to generate a fifth message including said authentication data, and wherein said second computer system is further configured to communicate said fifth message for delivery to said first computer system, andwherein said first computer system is further configured to perform, based on said authentication data, message validation using said second instance of said session key, and wherein said first computer system is further configured to perform, if said fifth message is valid, at least one operation associated with said fifth message.
  - 25. The system of claim 24, wherein said second computer system is further configured to encrypt, using said first instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, and wherein said second computer system is further configured to include said encrypted data as at least a portion of a payload of said fifth message, andwherein said first computer system is further configured to decrypt, using said second instance of said session key, said encrypted data to access said authentication data, and wherein said first computer system is further configured to perform message validation responsive to said decryption of said payload.
  - 26. The system of claim 15, wherein said first message, said second message, and said third message are Constrained Application Protocol (CoAP) messages.
  - 27. The system of claim 15, wherein said third computer system is further configured to communicate said second message using Datagram Transport Layer Security (DTLS), and wherein said first computer system is further configured to communicate said third message using DTLS.
  - 28. The system of claim 15, wherein said first computer system is configured to decrypt, using a first key associated with said first computer system, said second data portion to access said second instance of said session key, andwherein said second computer system is configured to decrypt, using a second key associated with said second computer system, said first data portion to access said first instance of said session key.

29. A system comprising:
- means for determining, responsive to receiving a first message from a first computer system, whether said first computer system is authorized to communicate with a second computer system, wherein said means for determining is part of a third computer system;
  
  means for generating a first data portion associated with a security token, wherein said means for generating said first data portion includes means for accessing data, wherein said data includes a first instance of a session key, and wherein said means for generating said first data portion further includes means for encrypting, using a key associated with said second computer system, said data to generate said first data portion;
  
  means for communicating, if said first computer system is authorized to communicate with said second computer system, a second message from said third computer system for delivery to said first computer system, wherein said second message includes said first data portion and a second data portion, and wherein said second data portion includes a second instance of said session key; and
  
  means for communicating a third message from said first computer system for delivery to said second computer system, wherein said third message includes said first data portion.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 30. The system of claim 29, wherein said first data portion includes said security token, and wherein said security token includes a unique identifier associated with said first computer system, a unique identifier associated with said second computer system, expiration data associated with said security token, and said first instance of said session key.
  - 31. The system of claim 29 further comprising:
    - means for generating, at said first computer system, said first message, wherein said first message is associated with communication between said first computer system and said second computer system, and wherein said first message includes a unique identifier associated with said second computer system; and
      
      means for communicating said first message from said first computer system for delivery to said third computer system.
  - 32. The system of claim 29 further comprising:
    - means for accessing permissions data associated with permissions for said first computer system; and
      
      means for configuring, at said third computer system based on said permissions data, permissions for said first computer system with respect to said second computer system.
  - 33. The system of claim 29, wherein said first message includes authentication data, and further comprising:
    - means for performing, at said third computer system, message validation based on said authentication data, andwherein said means for communicating said second message further comprises means for communicating said second message if said first message is valid.
  - 34. The system of claim 29 further comprising:
    - means for generating said second data portion, wherein said means for generating said second data portion includes;
      
      means for accessing second data, wherein said second data includes said second instance of said session key; and
      
      means for encrypting, using a key associated with said first computer system, said second data to generate said second data portion.
  - 35. The system of claim 29 further comprising:
    - means for communicating a fourth message from said first computer system for delivery to said second computer system; and
      
      means for performing, using said first instance of said session key, message validation associated with said fourth message.
  - 36. The system of claim 35 further comprising:
    - means for generating, at said first computer system, authentication data using said second instance of said session key;
      
      means for generating said fourth message including said authentication data, andwherein said means for performing further comprises means for performing message validation at said second computer system based on said authentication data, and further comprising;
      
      means for performing, if said fourth message is valid, at least one operation associated with said fourth message.
  - 37. The system of claim 36 further comprising:
    - means for encrypting, at said first computer system using said second instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, andwherein said means for generating said fourth message further comprises means for including said encrypted data as at least a portion of a payload of said fourth message, and further comprising;
      
      means for decrypting, at said second computer system using said first instance of said session key, said encrypted data to access said authentication data, andwherein said means for performing further comprises means for performing message validation responsive to said decrypting.
  - 38. The system of claim 29 further comprising:
    - means for generating, at said second computer system, authentication data using said first instance of said session key;
      
      means for generating a fifth message including said authentication data;
      
      means for communicating said fifth message from said second computer system for delivery to said first computer system;
      
      means for performing, at said first computer system based on said authentication data, message validation using said second instance of said session key; and
      
      means for performing, if said fifth message is valid, at least one operation associated with said fifth message.
  - 39. The system of claim 38 further comprising:
    - means for encrypting, at said second computer system using said first instance of said session key, second data to generate encrypted data, wherein said second data includes said authentication data, andwherein said means for generating said fifth message further comprises means for including said encrypted data as at least a portion of a payload of said fifth message, and further comprising;
      
      means for decrypting, at said first computer system using said second instance of said session key, said encrypted data to access said authentication data, andwherein said means for performing further comprises means for performing message validation responsive to said decrypting.
  - 40. The system of claim 29, wherein said first message, said second message, and said third message are Constrained Application Protocol (CoAP) messages.
  - 41. The system of claim 29, wherein said means for communicating said second message further comprises means for communicating said second message using Datagram Transport Layer Security (DTLS), and wherein said means for communicating said third message further comprises means for communicating said third message using DTLS.
  - 42. The system of claim 29 further comprising:
    - means for decrypting, at said first computer system, said second data portion to access said second instance of said session key, wherein said means for decrypting further comprises means for decrypting said second data portion using a first key associated with said first computer system; and
      
      means for decrypting, at said second computer system, said first data portion to access said first instance of said session key, wherein said means for decrypting further comprises means for decrypting said first data portion using a second key associated with said second computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idaax Technologies Private Limited
Original Assignee
EXILANT Technologies Private Limited
Inventors
Sharma, Vishnu
Primary Examiner(s)
Zee, Edward

Application Number

US15/215,971
Publication Number

US 20170099146A1
Time in Patent Office

551 Days
Field of Search
US Class Current
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3242   involving keyed hash functi...

Increased communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Increased communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links