What technology area does this patent fall under?

Primary CPC classification H04L9/0852. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Aug 17 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods for utilizing quantum entropy in single packet authorization for secure network connections

US11095440B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11095440-B2
Application number	US-201916699354-A
Country	US
Kind code	B2
Filing date	Nov 29, 2019
Priority date	Nov 29, 2019
Publication date	Aug 17, 2021
Grant date	Aug 17, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier (UID), a counter, a first one-time password generated based on a first shared key, the UID, and the counter. The device may generate a second shared key associated with the UID, and may compare the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the UID, and the counter. The device may determine whether the SPA packet matches the comparison MAC, and may validate the client device when the SPA packet matches the comparison MAC. The device may provide a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication based on establishing a pre-master key with the client device.

First claim

Opening claim text (preview).

What is claimed is: 1. A method, comprising: receiving, by a device and from a client device, a transmission control protocol request with a single packet authorization (SPA) packet that includes data identifying: a universal client device identifier, a counter, a first one-time password generated based on a first shared key, and a client random number; generating, by the device, a second shared key associated with the universal client device identifier; comparing, by the device, the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the universal client device identifier, and the counter; determining, by the device, whether the SPA packet matches the comparison MAC; validating, by the device, the client device when the SPA packet matches the comparison MAC; and providing, by the device and when the client device is validated, a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication. 2. The method of claim 1 , wherein providing the MAC associated with the SPA packet to the client device comprises: generating a server random number; generating a second one-time password based on the server random number and a MAC that is generated based on the first shared key, the first one-time password, and the client random number; and providing the second one-time password to the client device to enable the client device to validate the device for the secure communication. 3. The method of claim 2 , further comprising: generating each of the client random number and the server random number using a quantum random number generator. 4. The method of claim 2 , wherein the second one-time password causes the client device to compare the second one-time password to a MAC that is generated based on the first shared key, the first one-time password, and the client random number. 5. The method of claim 2 , further comprising: generating a third one-time password based on a MAC that is generated based on the first shared key, the second one-time password, and the server random number; establishing a pre-master key with the client device based on a MAC that is equivalent to the third one-time password; and exchanging encrypted data with the client device based on the pre-master key. 6. The method of claim 1 , further comprising: receiving an entropy block from an entropy-as-a-service, wherein the device is capable of utilizing the entropy block to modify security of the secure communication. 7. The method of claim 1 , further comprising: monitoring entropy sources associated with the device, wherein the device is capable of utilizing the entropy sources to enhance security of the secure communication with the client device. 8. A device, comprising: one or more processors to: receive, from a client device, a connection request with a single packet authorization (SPA) packet that includes data identifying: a universal client device identifier, a timestamp, a first one-time password generated based on a first shared key, a client random number, and a client public key; generate a second shared key associated with the universal client device identifier; compare the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the universal client device identifier, and the timestamp; determine whether the SPA packet matches the comparison MAC; validate the client device when the SPA packet matches the comparison MAC; and provide, when the client device is validated, a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication. 9. The device of claim 8 , wherein the one or more processors, when providing the MAC associated with the SPA packet to the client device, are to: generate a server random number; encrypt the server random number with the client public key to generate an encrypted server random number; generate a second one-time password based on a MAC that is generated based on the first shared key, the first one-time password, and the client random number; and provide the second one-time password and the encrypted server random number to the client device to enable the client device to validate the device for the secure communication. 10. The device of claim 9 , wherein each of the client random number and the server random number includes a quantum random number. 11. The device of claim 9 , wherein the second one-time password causes the client device to compare the second one-time password to a MAC that is generated based on the first shared key, the first one-time password, and the client random number. 12. The device of claim 9 , wherein the one or more processors are further to: generate a third one-time password based on a MAC that is generated based on the first shared key, the second one-time password, and the server random number; establish a pre-master key with the client device based on a MAC that is equivalent to the third one-time password; and exchange encrypted data with the client device based on the pre-master key. 13. The device of claim 8 , wherein the one or more processors are further to: receive an entropy block from an entropy-as-a-service, wherein the device is capable of utilizing the entropy block to modify security of the secure communication. 14. The device of claim 8 , wherein the one or more processors are further to: monitor entropy sources associated with the device, wherein the device is capable of utilizing the entropy sources to enhance security of the secure communication with the client device. 15. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to: generate a master key; provide the master key to a client device; receive, from the client device, a transmission control protocol request with a single packet authorization (SPA) packet that includes data identifying: a universal client device identifier, a counter, a first one-time password generated based on a first shared key that is generated based on the master key and the universal client device identifier, a client random number, and a client public key; generate a second shared key based on the master key and the universal client device identifier; compare the SPA packet to a comparison message authentication code (MAC) generated based on the second shared key, the universal client device identifier, and the counter; determine whether the SPA packet matches the comparison MAC; validate the client device when the SPA packet matches the comparison MAC; and provide, when the client device is validated, a MAC associated with the SPA packet to the client device to enable the client device to validate the device for a secure communication. 16. The non-transitory computer-readable medium of claim 15 , wherein the one or more instructions, that cause the one or more processors to provide the MAC associated with the SPA packet to the client device, cause the one or more processors to: generate a server random number; encrypt the server random number with the client public key to generate an encrypted server random number; generate a second one-time password based on a MAC that is generated based on the first shared key, the first one-time password, and the client random number; and provide the second one-time password and

Assignees

Verizon Patent & Licensing Inc

Inventors

Classifications

H04L9/3242
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
H04L63/0838
using one-time-passwords · CPC title
H04L9/0844
with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys · CPC title
H04L9/0863
involving passwords or one-time passwords (network architectures or network communication protocols for using one-time keys in a packet data network H04L63/067) · CPC title
H04L9/3228
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title

Patent family

Related publications grouped by family.

View patent family 76091289

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11095440B2 cover?: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier (UID), a counter, a first one-time password generated based on a first shared key, the UID, and the counter. The device may generate a second shared key associated with the UID, and may compare the SPA packet to a comparison me…
Who is the assignee on this patent?: Verizon Patent & Licensing Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/0852. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Aug 17 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).