Method of using one device to unlock another device
US-2016065374-A1 · Mar 3, 2016 · US
Encrypted group communications
US10305686B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10305686-B2 |
| Application number | US-201615283752-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 3, 2016 |
| Priority date | Oct 2, 2015 |
| Publication date | May 28, 2019 |
| Grant date | May 28, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of operating a remote management system, the method comprising: receiving attribute data from a first communication node and a second communication node; forming a communication node group comprising multiple members, wherein the multiple members comprise the first communication node and the second communication node; receiving a group encryption key request from the first communication node to enable secure communications between the first communication node and the second communication node using one or more transport channels, wherein the group encryption key request is received via one or more control channels, further wherein the one or more control channels are separate from the one or more transport channels, further wherein the group encryption key request comprises identity data comprising at least one of: the communication node group; and/or the first communication node: generating a group encryption key based on the received group encryption key request and further based on the membership of the first and second communication nodes in the communication node group; encrypting the group encryption key using a first device key obtained from the first communication node to generate a first encrypted group encryption key; encrypting the group encryption key using a second device key obtained from the second communication node to generate a second encrypted group encryption key wherein the first device key and the second device key are different; and transferring the first encrypted group encryption key to the first communication node and transferring the second encrypted group encryption key to the group encryption key to the second communication node through the one or more control channels. 2. The method of claim 1 wherein the identity data comprises the first device key. 3. The method of claim 1 wherein the first device key is a first device public key. 4. The method of claim 1 wherein the group encryption key is a symmetric key. 5. The method of claim 2 wherein the first device key is a first ephemeral device key negotiated by the remote management system and the first communication node. 6. A remote management system for managing group communications among communication nodes, the system comprising: one or more processors; a computer readable storage medium having instructions stored thereon that, when executed by the one or more processors, cause the management system to: receive attribute data from a first communication node and a second communication node; form a communication node group comprising multiple members, wherein the multiple members comprise the first communication node and the second communication node; receive a group encryption key request from the first communication node to enable secure communications between the first communication node and the second communication node using one or more transport channels, wherein the group encryption key request is received via one or more control channels, further wherein the one or more control channels are separate from the one or more transport channels, further wherein the group encryption key request comprises identity data comprising at least one of: the communication node group; and/or the first communication node; generate a group encryption key based on the received group encryption key request and further based on the membership of the first and second communication nodes in the communication node group; encrypt the group encryption key using a first device key obtained from the first communication node to generate a first encrypted group encryption key; encrypt the group encryption key using a second device key obtained from the second communication node to generate a second encrypted group encryption key, wherein the first device key and the second device key are different; and transfer the first encrypted group encryption key to the first communication node and transferring the second encrypted group encryption key to the second communication node through the one or more control channels. 7. The system of claim 6 wherein the identity data comprises the first communication node device key. 8. The system of claim 6 wherein the first device key is a first device public key. 9. The system of claim 6 wherein the group encryption key is a symmetric key. 10. The system of claim 7 wherein the device key is a first ephemeral device key negotiated by the remote management system and the first communication node. 11. A method of operating a first communication node in a group communication system, the method comprising: transmitting attribute data to a remote management system; transmitting a group encryption key request to the remote management system through one or more control channels to enable secure communications between the first communication node and a second communication node, wherein the first and second communication nodes are members of a first communication group, wherein first communication group membership is controlled by the remote management system; receiving a first encrypted group encryption key from the remote management system based on the transmitted group encryption key request and the membership of the first communication node in the first communication group, wherein the encrypted group encryption key comprises the group encryption key encrypted using a first device public key; decrypting the encrypted group encryption key using a first device private key, wherein the first device public key and the first device private key are not shared with any other communication node; encrypting user data to generate encrypted user data using the group encryption key; and transmitting the encrypted user data through a data transport network to the second communication node, wherein the one or more control channels are separate from the one or more transport channels. 12. The method of claim 11 wherein the group encryption key request comprises at least one of the following: identity data identifying the first communication group; identity data identifying the first communication node; and/or identity data comprising the first a first communication node device public key. 13. The method of claim 11 wherein the group encryption key is a symmetric key. 14. The method of claim 11 wherein the first and second communication nodes exchange the secure communications to the exclusion of eavesdropping by the remote management system. 15. The method of claim 12 wherein the first device public key is an ephemeral device key negotiated by the remote management system and the first communication node.
Assignees
Inventors
Classifications
applying encryption of the keys · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
- H04L9/0833Primary
involving conference or group key (network architectures or network communication protocols for key management in group communication in a packet data network H04L63/065) · CPC title
Wireless · CPC title
for group communications (cryptographic mechanisms or cryptographic arrangements for key management involving conference or group key H04L9/0833) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10305686B2 cover?
- Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the e…
- Who is the assignee on this patent?
- Orion Labs
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0833. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 28 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).