System and method for providing trusted links between applications
US-11972029-B2 · Apr 30, 2024 · US
Methods and systems for encrypting communications using a secure element
US10237730B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10237730-B2 |
| Application number | US-201615151224-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 10, 2016 |
| Priority date | Feb 17, 2016 |
| Publication date | Mar 19, 2019 |
| Grant date | Mar 19, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed herein are methods and systems for encrypting communications using a secure element. An embodiment takes the form of a method including the steps of performing a key-exchange procedure with an endpoint via a voice-communication device to obtain a symmetric seed key for a secure voice session with the endpoint; generating first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key; receiving outbound voice packets from the voice-communication device in connection with the secure voice session, each outbound voice packet including a header and an unencrypted payload; using a first symmetric encryption algorithm and the first symmetric session key, followed by a second symmetric encryption algorithm and the second symmetric session key to generate and output twice-encrypted outbound-voice-packet payloads to the voice-communication device for transmission to the endpoint in connection with the secure voice session.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: exchanging keys with an endpoint via a voice-communication device to obtain a symmetric seed key for a secure voice session with the endpoint; generating via a symmetric diversification algorithm, symmetrically diverse first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key; receiving outbound voice packets from the voice-communication device in connection with the secure voice session, each outbound voice packet including an outbound-voice-packet header and an unencrypted outbound-voice-packet payload; generating once-encrypted outbound-voice-packet payloads based on the first symmetric session key, the respective outbound-voice-packet headers, and the respective unencrypted outbound-voice-packet payloads; generating twice-encrypted outbound-voice-packet payloads based on the second symmetric session key and the respective once-encrypted outbound-voice-packet payloads; and providing the respective twice-encrypted outbound-voice-packet payloads to the voice-communication device for assembly with the respective outbound-voice-packet headers for transmission to the endpoint in connection with the secure voice session. 2. The method of claim 1 , wherein the generating symmetrically diverse first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key occurs on a secure element as a component on a printed circuit board (PCB) of the voice-communication device. 3. The method of claim 1 , wherein the generating symmetrically diverse first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key occurs on a secure element communicatively coupled with the voice-communication device via a microSD interface. 4. The method of claim 1 , wherein the generating symmetrically diverse first and second symmetric session keys for the secure voice session based on the obtained symmetric seed key occurs on a secure element communicatively coupled with the voice-communication device via a secure identity module (SIM) interface. 5. The method of claim 1 , wherein the key exchanging is via a Diffie-Hellman key-exchange procedure. 6. The method of claim 5 , wherein the Diffie-Hellman key-exchange procedure comprises an elliptical-curve Diffie-Hellman key-exchange procedure. 7. The method of claim 1 , wherein: each outbound-voice-packet header includes a respective index value; and generating the respective once-encrypted outbound-voice-packet payloads based on the respective outbound-voice-packet headers includes generating the respective once-encrypted outbound-voice-packet payloads based on the respective index values in the respective outbound-voice-packet headers. 8. The method of claim 7 , wherein: each outbound-voice-packet header further comprises a respective synchronization-source (SSRC) value; and using a first symmetric encryption algorithm to generate the respective once-encrypted outbound-voice-packet payloads based on the respective SSRC values in the respective outbound-voice-packet headers. 9. The method of claim 1 , further comprising: generating respective outbound-voice-packet authentication tags based on the first symmetric session key, the respective outbound-voice-packet headers, and the respective unencrypted outbound-voice-packet payloads; and outputting the respective outbound-voice-packet authentication tags to the voice-communication device for assembly with the respective outbound-voice-packet headers and the respective twice-encrypted outbound-voice-packet payloads for transmission to the endpoint in connection with the secure voice session. 10. The method of claim 9 , wherein: each outbound-voice-packet header includes a respective index value; and generating the respective outbound-voice-packet authentication tags based on the respective outbound-voice-packet headers includes generating the respective outbound-voice-packet authentication tags based on the respective index values in the respective outbound-voice-packet headers. 11. The method of claim 10 , wherein: each outbound-voice-packet header further comprises a respective synchronization-source (SSRC) value; and generating the respective outbound-voice-packet authentication tags based on the respective outbound-voice-packet headers includes generating the respective outbound-voice-packet authentication tags based on the respective SSRC values in the respective outbound-voice-packet headers. 12. The method of claim 1 , further comprising: receiving inbound voice packets from the voice-communication device in connection with the secure voice session, each inbound voice packet including an inbound-voice-packet header and a twice-encrypted inbound-voice-packet payload; generating respective once-encrypted inbound-voice-packet payloads based on the second symmetric session key and the respective twice-encrypted inbound-voice-packet payloads; generating respective decrypted inbound-voice-packet payloads based on the first symmetric session key, the respective inbound-voice-packet headers, and the respective once-encrypted inbound-voice-packet payloads; and providing the respective decrypted inbound-voice-packet payloads to the voice-communication device for assembly with the respective inbound-voice-packet headers and ensuing playout of the decrypted inbound-voice-packet payloads via a user interface of the voice-communication device in connection with the secure voice session. 13. The method of claim 12 , wherein: each inbound-voice-packet header comprises a respective index value; and generating the respective decrypted inbound-voice-packet payloads based on the respective inbound-voice-packet headers includes generating the respective decrypted inbound-voice-packet payloads based on the respective index values in the respective inbound-voice-packet headers. 14. The method of claim 13 , wherein: each inbound-voice-packet header further comprises a respective synchronization-source (SSRC) value; and generating the respective decrypted inbound-voice-packet payloads based on the respective inbound-voice-packet headers further comprises generating the respective decrypted inbound-voice-packet payloads based on the respective SSRC values in the respective inbound-voice-packet headers. 15. The method of claim 12 , wherein each inbound voice packet further comprises an inbound-voice-packet authentication tag, the method further comprising: authenticating the respective inbound voice packets based on the respective inbound-voice-packet authentication tags. 16. The method of claim 12 , wherein each inbound voice packet further comprises an inbound-voice-packet authentication tag, the method further comprising: verifying the integrity of the respective inbound voice packets based on the respective inbound-voice-packet authentication tags. 17. The method of claim 1 , wherein: generating once-encrypted outbound-voice-packet payloads based on the first symmetric session key, the respective outbound-voice-packet headers, and the respective unencrypted outbound-voice-packet payloads is through a published symmetric encryption algorithm; and generating twice-encrypted outbound-voice-packet payloads based on the second symmetric session key and the respective once-encrypted outbound-voice-packet payloads is through an unpublished symmetric encryption algorithm. 18. The method of claim 1 , wherein the generating once-encrypted outbound-voice-packet payloads and the generating twice-encryp
Assignees
Inventors
Classifications
- G06F21/606Primary
by securing the transmission between two devices or processes · CPC title
applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys · CPC title
involving algebraic varieties, e.g. elliptic or hyper-elliptic curves · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10237730B2 cover?
- Disclosed herein are methods and systems for encrypting communications using a secure element. An embodiment takes the form of a method including the steps of performing a key-exchange procedure with an endpoint via a voice-communication device to obtain a symmetric seed key for a secure voice session with the endpoint; generating first and second symmetric session keys for the secure voice ses…
- Who is the assignee on this patent?
- Nagravision Sa
- What technology area does this patent fall under?
- Primary CPC classification G06F21/606. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).