Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network

US 6,084,969 A
Filed: 12/31/1997
Issued: 07/04/2000
Est. Priority Date: 12/31/1997
Status: Expired due to Term

- Alert
- Pin

First Claim

Patent Images

1. A system for adding encryption services to an existing pager network, the pager network including a network operations center which provides a means for receiving an alphanumeric message from any of a plurality of handheld pager units and forwarding the alphanumeric message to another of the plurality of handheld pager units, at least two of said pager units comprising:

means for inputting an alphanumeric message and a destination address;

means for including the alphanumeric message in a packet for transmission to the destination address by wireless transmission via the network operations center;

means for receiving an alphanumeric message from the network operations center; and

means for displaying the alphanumeric message received from the network operations center; and

a memory,wherein the system for adding encryption services comprises;

means in at least one of said pager units for generating a first session key, encrypting a message using the first session key, retrieving an encryption key from said memory, encrypting the first session key using said retrieved encryption key, and transmitting the encrypted message and the encrypted first session key via the network operations center to another of said pager units;

means in said another one of said pager units for decrypting and displaying the encrypted message; and

a pager proxy server including means for receiving a packet containing the encrypted message that has been sent to the network operations center, decrypting the first session key and at least a portion of the packet, and re-encrypting said portion of the packet for delivery to said another of said pager units via said network operations center.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method and system allows encryption services can be added to an existing wireless two-way alphanumeric pager network by providing a pager proxy which is arranged to receive an encrypted message from a sending pager and re-packages it for re-transmission to the destination pager. The sending pager encrypts the message using a session key, and encrypts the session key so that it can only be recovered by a secret key of the pager proxy. The pager proxy, upon recovery of the session key, decrypts the message, generates a new session key, re-encrypts the message, and encrypts the new session key so that it can only be recovered by a secret key of the destination pager. Encryption of the session key can either be carried out by shared secret key encryption or encryption of the session key by a public key corresponding to a private key of the pager proxy or destination pager. Authentication of the sending pager and proxy server is provided by encryption of the session keys together with identifying data, and authentication of the message is provided by a message authentication code generated by computing a message authentication code based on the session key, identifying data, and the message.

501 Citations

51 Claims

1. A system for adding encryption services to an existing pager network, the pager network including a network operations center which provides a means for receiving an alphanumeric message from any of a plurality of handheld pager units and forwarding the alphanumeric message to another of the plurality of handheld pager units, at least two of said pager units comprising:
- means for inputting an alphanumeric message and a destination address;
  
  means for including the alphanumeric message in a packet for transmission to the destination address by wireless transmission via the network operations center;
  
  means for receiving an alphanumeric message from the network operations center; and
  
  means for displaying the alphanumeric message received from the network operations center; and
  
  a memory,wherein the system for adding encryption services comprises;
  
  means in at least one of said pager units for generating a first session key, encrypting a message using the first session key, retrieving an encryption key from said memory, encrypting the first session key using said retrieved encryption key, and transmitting the encrypted message and the encrypted first session key via the network operations center to another of said pager units;
  
  means in said another one of said pager units for decrypting and displaying the encrypted message; and
  
  a pager proxy server including means for receiving a packet containing the encrypted message that has been sent to the network operations center, decrypting the first session key and at least a portion of the packet, and re-encrypting said portion of the packet for delivery to said another of said pager units via said network operations center.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. A system as claimed in claim 1, wherein said encryption key is a public key corresponding to a private key held by the pager proxy server so that the session key can be recovered only by the paging proxy server.
  - 3. A system as claimed in claim 2, wherein said sending pager unit further comprises means for encrypting at least the first session key by a private key of the sending pager unit, and wherein said pager proxy server includes means for retrieving a public key corresponding to the private key of the sending pager unit for use as a first level authentication of the sending pager unit.
  - 4. A system as claimed in claim 3, further comprising means for appending a unique user identification number of the sending pager unit to the header in clear text form, said user identification number being hard-coded into the sending pager unit.
  - 5. A system as claimed in claim 4, wherein said means for encrypting at least the session key by a private key of the sending pager unit also encrypts the user identification number of the sending pager unit, and said paging proxy server includes means for decrypting the encrypted user identification number together with the first session key and comparing it with the clear text user identification number in order to authenticate the contents of the field containing the encrypted user identification number and first session key.
  - 6. A system as claimed in claim 3, wherein said secret key is a first session key generated by a sending pager unit and said first session key is encrypted by a stream cipher that uses a shared secret key.
  - 7. A system as claimed in claim 3, wherein an encryption algorithm used to encrypt the first session key is a public-private key encryption algorithm.
  - 8. A system as claimed in claim 3, wherein the sending pager further comprises means for adding an encryption method identifier in clear text to the packet header.
  - 9. A system as claimed in claim 3, wherein the sending pager unit further comprises means for generating a first message authentication code based on various header data and the message and encrypting the various information together with the session key and the first message authentication code using the private key of the sending pager unit, and wherein the pager proxy server further comprises means for decrypting the various header data, first message authentication code, and session key using a public key corresponding to the private key of the sending pager unit, decrypting the message using the session key, generating a second message authentication code based on the message and various header data, and comparing the first message authentication code with the second message authentication code in order to authenticate the message.
  - 10. A system as claimed in claim 9, wherein said message authentication code is an error correction code function.
  - 11. A system as claimed in claim 9, wherein said various header data includes at least a user identification number of the sending pager and a destination header corresponding to the input address of the destination pager.
  - 12. A system as claimed in claim 11, wherein said various header data further includes a message number and application header.
  - 13. A system as claimed in claim 1, wherein said sending pager unit further comprises means for generating an address mode and appending the address mode in clear text to the packet header.
  - 14. A system as claimed in claim 13, wherein said address mode indicates an address type selected from the group consisting of pager address types and e-mail address types, and wherein the pager proxy server is connected to a computer network gateway server and includes means for re-packaging said message in an e-mail packet and transmitting the e-mail packet via said computer network server to an e-mail address.
  - 15. A system as claimed in claim 14, further comprising means for receiving e-mail packets from said computer network gateway server, and re-packaging said e-mail packets for transmission to the destination pager unit via said network operation center, and means for repackaging packets received from the network operations center for forwarding to an e-mail server.
  - 16. A system as claimed in claim 1, wherein said means included in the pager proxy server for decrypting at least a portion of the packet includes means for decrypting a portion of the packet containing said first session key.
  - 17. A system as claimed in claim 16, wherein said pager proxy server further includes means for decrypting said message using said first session key, means for generating a second session key, and means for re-encrypting the message using the second session key.
  - 18. A system as claimed in claim 17, wherein said means for re-encrypting said portion of the packet includes means for encrypting the second session key by a secret key.
  - 19. A system as claimed in claim 18, wherein said means for encrypting said portion of the packet by a secret key includes means for re-encrypting the second session key by a public key corresponding to a private key of a destination pager unit.
  - 20. A system as claimed in claim 19, wherein said means for encrypting said portion of the packet by a secret key further includes means for, before re-encrypting the second session key by the public key corresponding to a private key of the destination pager, encrypting the second session key and various additional data by a private key of the pager proxy server.
  - 21. A system as claimed in claim 20, wherein said additional data includes a second user identification number, said second user identification number corresponding to a first destination header included in said decrypted portion of the packet received from the sending pager unit, and wherein said destination paging unit includes means for comparing said second user identification number encrypted with said second session key to a clear text version of the second user identification number received from the pager proxy server in order to authenticate the pager proxy server.
  - 22. A system as claimed in claim 21, wherein said additional data includes a second destination header corresponding to the first user identification number, and wherein said second pager unit includes means for displaying information included in said second destination header in order to indicate an address of the sending pager unit.
  - 23. A system as claimed in claim 21, wherein said additional data includes a second destination header corresponding to the first user identification number, a message number recovered from said decrypted portion of the packet received from the sending pager unit, and an application number.
  - 24. A system as claimed in claim 21, wherein said pager proxy server further comprises means for generating a message authentication code based on said message, said second session key, and said additional data, and said destination pager unit includes means for recovering said additional data and computing a message authentication code based on the additional data, said second session key, and said message in order to authenticate said message.

25. An encryption method according to which encryption services may be added to an existing two-way wireless pager network, the pager network including a network operations center which provides a means for receiving an alphanumeric message from any of a plurality of handheld pager units and forwarding the alphanumeric message to another of the plurality of handheld pager units, comprising the steps of:
- causing one of said pager units to perform the steps of generating a first session key, encrypting a message using the first session key, retrieving an encryption key from a memory of said pager unit, encrypting the first session key using said retrieved encryption key, including the encrypted message and the encrypted first session key in a wireless transmission packet, and transmitting the encrypted message from said one of said pager units to a pager proxy server via the network operations center,causing the pager proxy server to perform the steps of receiving the encrypted message and repackaging it for transmission to another of said pager units via the network operations center; and
  
  causing said another of said pager units to perform the steps of decrypting and displaying the encrypted message,wherein said step of repackaging the encrypted message for transmission includes the step of causing the pager proxy server to encrypt, using a secret key, a portion of the packet containing a first session key used by a sending pager unit to encrypt said portion of the packet,wherein said pager proxy server further performs the steps of decrypting said message using said first session key, generating a second session key, and re-encrypting the message using the second session key,wherein said pager proxy server further performs the step of encrypting the second session key by a secret key,wherein said step of encrypting said portion of the packet by a secret key includes the step of re-encrypting the second session key by a public key corresponding to a private key of a destination pager unit, andwherein said step of encrypting said portion of the packet by a secret key further includes the step of, before re-encrypting the second session key by the public key corresponding to a private key of the destination pager, encrypting the second session key and various additional data by a private key of the pager proxy server.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 26. A method as claimed in claim 25, wherein said encryption key is a public key corresponding to a private key held by the pager proxy server.
  - 27. A method as claimed in claim 26, wherein said sending pager unit further performs the step of encrypting at least the first session key by a private key of the sending pager unit, and wherein said pager proxy server performs the step of retrieving a public key corresponding to the private key of the sending pager unit for use as a first level authentication of the sending pager unit.
  - 28. A method as claimed in claim 27, further comprising of the step of appending a unique user identification number of the sending pager unit to the header of the transmission to the paging proxy server in clear text form, said user identification number being hard-coded into the sending pager unit.
  - 29. A method as claimed in claim 28, wherein said step of encrypting at least the session key by a private key of the sending pager unit includes the step of encrypting the user identification number of the sending pager unit, and said paging proxy server further performs the steps of decrypting the encrypted user identification number together with the first session key and comparing it with the clear text user identification number in order to authenticate the contents of the field containing the encrypted user identification number and first session key.
  - 30. A method as claimed in claim 27, wherein an encryption algorithm used to encrypt the first session key is a public-private key encryption algorithm.
  - 31. A method as claimed in claim 30, wherein said sending pager unit further performs the step of generating an address mode and appending the address mode in clear text to the packet header.
  - 32. A method as claimed in claim 31, wherein said address mode indicates an address type selected from the group consisting of pager address types and e-mail address types, and wherein the pager proxy server is connected to a computer network gateway server and further performs the step of re-packaging said message in an e-mail packet and transmitting the e-mail packet via said computer network server to an e-mail address.
  - 33. A method as claimed in claim 32, further performs the steps of receiving e-mail packets from said computer network gateway server, and re-packaging said e-mail mail packets for transmission to the destination pager unit via said network operation center.
  - 34. A method as claimed in claim 27, wherein the sending pager unit further performs the step of computing a first message authentication code based on various header data and the message and encrypting the various information together with the session key and the first message authentication code using the private key of the sending pager unit, and wherein the pager proxy server further performs the steps of decrypting the various header data, first message authentication code, and session key using a public key corresponding to the private key of the sending pager unit, decrypting the message using the session key, generating a second message authentication code based on the message and various header data, and comparing the first message authentication code with the second message authentication code in order to authenticate the message.
  - 35. A method as claimed in claim 34, wherein said message authentication code is an error correction code function.
  - 36. A method as claimed in claim 34, wherein said various header data includes at least the user identification number of the sending pager and a destination header corresponding to the input address of the destination pager.
  - 37. A method as claimed in claim 36, wherein said various header data further includes a message number and application header.
  - 38. A method as claimed in claim 36, wherein the sending pager further performs the step of adding an encryption method identifier in clear text to the packet header.
  - 39. A method as claimed in claim 25, wherein said first session key is encrypted by a stream cipher that uses a shared secret key.
  - 40. A method as claimed in claim 25, wherein said additional data includes a second user identification number, said second user identification number corresponding to a first destination header included in said decrypted portion of the packet received from the sending pager unit, and wherein said destination paging unit perform the step of comparing said second user identification number encrypted with said second session key to a clear text version of the second user identification number received from the pager proxy server in order to authenticate the pager proxy server.
  - 41. A method as claimed in claim 40, wherein said additional data includes a second destination header corresponding to the first user identification number, and wherein said second pager unit performs the step of displaying information included in said second destination header in order to indicate an address of the sending pager unit.
  - 42. A method as claimed in claim 40, wherein said pager proxy server further performs the step of computing a message authentication code based on said message, said second session key, and said additional data, and said destination pager unit further performs the step of recovering said data and computing a message authentication code based on the additional data, said second session key, and said message in order to authenticate said message.
  - 43. A method as claimed in claim 40, wherein said additional data includes a second destination header corresponding tot he first user identification number, a message number recovered from said decrypted portion of the packet received from the sending pager unit, and an application number.

44. A system for adding encryption services to an existing pager network, the pager network including a network operations center which provides a means for receiving an alphanumeric message from any of a plurality of handheld pager units and forwarding the alphanumeric message to another of the plurality of handheld pager units, at least two of said pager units comprising:
- means for inputting an alphanumeric message and a destination address;
  
  means for including the alphanumeric message in a packet for transmission to the destination address by wireless transmission via the network operations center;
  
  means for receiving an alphanumeric message from the network operations center; and
  
  means for displaying the alphanumeric message received from the network operations center; and
  
  said system further comprising;
  
  a pager proxy server including means for receiving a packet containing the encrypted message that has been sent to the network operations center, decrypting at least a portion of the packet, and re-encrypting said portion of the packet for delivery to said another of said pager units via said network operations center,wherein said handheld pager units are further arranged to utilize a key to encrypt said alphanumeric message before inclusion in said packet.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51)
- - 45. A system as claimed in claim 44, wherein said key is a unique session key generated each time a message is encrypted.
  - 46. A system as claimed in claim 45, wherein each of said handheld pager units includes a memory for storing an encryption key, and is arranged to encrypt said session key using said encryption key.
  - 47. A system as claimed in claim 46, wherein said encryption key is a public key corresponding to a private key held by said pager proxy server.
  - 48. A system as claimed in claim 47, wherein said pager proxy server is further arranged to authenticate said packet.
  - 49. A system as claimed in claim 48, wherein each of said handheld pager units is arranged to retrieve a private key from said memory and encrypt said encrypted session key using the private key to thereby provide said pager proxy server with a way of authenticating said message.
  - 50. A system as claimed in claim 44, wherein said pager proxy server is further arranged to authenticate said packet.
  - 51. A system as claimed in claim 49, wherein each of said handheld pager units is arranged to retrieve a private key from said memory and encrypt said encrypted session key using the private key to thereby provide said pager proxy server with a way of authenticating said message.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SSL Services LLC
Original Assignee
V-ONE Corp. (AEP Networks Ltd.)
Inventors
Wright, Steven R., Brook, Christopher T.
Primary Examiner(s)
Hayes, Gail O.
Assistant Examiner(s)
SONG, HOSUK

Application Number

US09/001,463
Time in Patent Office

916 Days
Field of Search

380/21, 380/25, 380/49, 380/30, 380/44, 380/45, 380/271, 380/282, 455/31.2, 455/31.3, 713/170, 713/153
US Class Current

380/271
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/0464   using hop-by-hop encryption...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04W 88/185   Selective call encoders for...

Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network

First Claim

5 Assignments

Litigations

0 Petitions

Accused Products

Abstract

501 Citations

51 Claims

Specification

Use Cases

Quick Links

Others

Key encryption system and method, pager unit, and pager proxy for a two-way alphanumeric pager network

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

501 Citations

51 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others