Authentication method, authentication system, and controller
US-2017126404-A1 · May 4, 2017 · US
Encrypted group communications
US11683160B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11683160-B2 |
| Application number | US-201916394162-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 25, 2019 |
| Priority date | Oct 2, 2015 |
| Publication date | Jun 20, 2023 |
| Grant date | Jun 20, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the encrypted group encryption key to the first and second nodes using one or more control channels. The first and second communication nodes decrypt the group encryption key and use it to encrypt data transmitted between the nodes using a data transport network. In some implementations the securely communicating nodes may use encryption keys and/or techniques that prevent the remote management system from eavesdropping on the nodes' communications.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: managing a group of communication nodes, including establishing secure communication between communication nodes, via a remote management system, including: receiving, at the remote management system via a control channel including a first network link used by the remote management system to manage communication nodes, a request from a first communication node to enable secure communications between the first communication node and a second communication node across a transport channel, the transport channel including a second network link separate from the control channel; generating, at the remote management system in response to the received request, a group encryption key to enable secure communication between the first communication node and the second communication node via the transport channel; encrypting the group encryption key prior to transferring the group encryption key to the first and second communication nodes through one or more control channels; and transferring the group encryption key from the remote management system to the first and second communication nodes through the control channel. 2. The method of claim 1 wherein the request comprises identity data identifying a communication group to which the first and second communication nodes belong. 3. The method of claim 1 wherein the request comprises identity data identifying the first communication node. 4. The method of claim 1 further comprising: encrypting, at the remote management system, the group encryption key with a key uniquely associated with the first communication node prior to transferring the group encryption key to the first communication node; and encrypting, at the remote management system, the group encryption key with a key uniquely associated with the second communication node prior to transferring the group encryption key to the second communication node. 5. The method of claim 3 wherein the identity data comprises a first communication node device key. 6. The method of claim 5 wherein the first communication node device key is an ephemeral device key negotiated by the remote management system and the first communication node. 7. A system comprising: a remote management computer configured for managing a group of communication nodes, including establishing secure communication between communication nodes, the remote management computer comprising: one or more processors; a computer readable storage medium having instructions stored thereon that cause the one or more processors to: receive, via a control channel including a first network link used by the remote management system to manage communication nodes, a request from a first communication node to enable secure communications between the first communication node and a second communication node across a transport channel, the transport channel including a second network link separate from the control channel; generate a group encryption key in response to the received request; encrypt the group encryption key prior to transferring the group encryption key to the first and second communication nodes through one or more control channels; and transfer the group encryption key to the first and second communication nodes through the control channel. 8. The system of claim 7 wherein the request comprises identity data identifying a communication group to which the first and second communication nodes belong. 9. The system of claim 7 wherein the request comprises identity data identifying the first communication node. 10. The system of claim 7 wherein the instructions further cause the management computer to: encrypt the group encryption key with a first key uniquely associated with the first communication node prior to transferring the group encryption key to the first communication node; and encrypt the group encryption key with a second key uniquely associated with the second communication node prior to transferring the group encryption key to the second communication node. 11. The system of claim 7 wherein the group encryption key is a symmetric key. 12. The system of claim 9 wherein the identity data comprises a first communication node device key. 13. The system of claim 12 wherein the first communication node device key is an ephemeral device key negotiated by the remote management computer and the first communication node. 14. A method comprising: operating a first communication node in a group of communication nodes managed by a remote management system, including: transmitting a request to the remote management system through a control channel, including a first network link used by the remote management system to manage communication nodes, to enable secure communications between the first communication node and a second communication node in the group of communication nodes; receiving a group encryption key from the remote management system based on the received request, wherein the group encryption key has been encrypted prior to receipt via one or more control channels; encrypting user data using the group encryption key; and transmitting the encrypted user data through a data transport network to the second communication node, the transport channel including a second network link separate from the control channel. 15. The method of claim 14 wherein the request comprises at least one of the following: identity data identifying the group of communication nodes to which the first and second communication nodes belong; identity data identifying the first communication node; and identity data comprising a first communication node device key. 16. The method of claim 14 further comprising decrypting, at the first communication node, the group encryption key received from the remote management system using a private key of the first communication node. 17. The method of claim 14 wherein the group encryption key is a symmetric key. 18. The method of claim 14 wherein the first and second communication nodes exchange the secure communications to the exclusion of eavesdropping by the remote management system. 19. The method of claim 15 wherein the first communication node device key is an ephemeral device key negotiated by the remote management system and the first communication node.
Assignees
Inventors
Classifications
for group communications (cryptographic mechanisms or cryptographic arrangements for key management involving conference or group key H04L9/0833) · CPC title
wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for symmetric key encryption H04L9/06) · CPC title
- H04L9/0833Primary
involving conference or group key (network architectures or network communication protocols for key management in group communication in a packet data network H04L63/065) · CPC title
Wireless · CPC title
applying encryption of the keys · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11683160B2 cover?
- Secure data transfers between communication nodes is performed using a group encryption key supplied by a remote management system. A first node transmits a request for secure communications with a second node to the remote management system using a control channel. The remote management system generates and encrypts a group encryption key usable by the first and second nodes and forwards the e…
- Who is the assignee on this patent?
- Orion Labs, Orion Labs Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0833. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 20 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).