Intercepting key sessions
US-9065642-B2 · Jun 23, 2015 · US
Operator-assisted key establishment
US11799650B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11799650-B2 |
| Application number | US-201816133658-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 17, 2018 |
| Priority date | Dec 21, 2010 |
| Publication date | Oct 24, 2023 |
| Grant date | Oct 24, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal and the server both have access to a second key (K2). The encryption key is derived at the terminal using the first key and the second key. The first key or the derivative thereof is received at the server. The encryption key for decrypting the application message encrypted by the terminal is derived in the server using the shared second key and the received first key of the derivative thereof.
First claim
Opening claim text (preview).
The invention claimed is: 1. A terminal for deriving a cryptographic key, the terminal comprising: a processor configured for deriving the cryptographic key using a first key and a second key, wherein the first key is received by the terminal from a network node in a network or derived by the terminal based on a parameter received from the network node, wherein at least one of the first key or the parameter is generated by the network; wherein the cryptographic key is applicable by the terminal for at least one of encrypting at least a part of data included in an application message for an application server transmitted over the network or authenticating the part of data included in the application message, wherein the terminal and the network both have access to the first key, wherein the terminal and the application server both have access to the second key, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 2. The terminal according to claim 1 , wherein deriving the cryptographic key using the first key and the second key comprises: deriving a partial key using the first key and a parameter associated with a communication session between the terminal and the network; and deriving the cryptographic key using the partial key and the second key. 3. A Universal Subscriber Identity Module configured for use within a terminal, the Universal Subscriber Identity Module comprising a processor configured for deriving a cryptographic key using a first key and a second key, wherein the first key is received by the Universal Subscriber Identity Module from a network node in a network or derived by the Universal Subscriber Identity Module based on a parameter received from the network node, wherein at least one of the first key or the parameter is generated by the network; wherein the cryptographic key is applicable by the terminal for at least one of encrypting at least a part of data included in an application message for an application server transmitted over the network or authenticating the part of data included in the application message, wherein the Universal Subscriber Identity Module and the network both have access to the first key, wherein the Universal Subscriber Identity Module and the application server both have access to the second key, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 4. An application server for deriving a cryptographic key, the server configured for storing a second key, the application server comprising: a processor configured for obtaining a first key or a derivative of the first key, and for deriving the cryptographic key using the obtained first key or the derivative of the first key and the second key, wherein the cryptographic key is applicable by the application server for at least one of decrypting at least a part of data included in an application message for the application server transmitted from a terminal over a network or authenticating the part of data included in the application message, wherein the terminal and the network both have access to the first key, wherein the second key is shared between the terminal and the application server, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 5. The application server according to claim 4 , wherein the derivative of the first key comprises a partial key derived using the first key and a parameter associated with a communication session between the terminal and the network. 6. The application server according to claim 4 , wherein obtaining the first key or the derivative of the first key comprises: at least one of: (i) receiving the first key or the derivative of the first key from the network, or (ii) receiving the application message including the first key or the derivative of the first key, and extracting the first key or the derivative of the first key from the received application message. 7. One or more non-transitory computer-readable storage media including instructions which, when executed by one or more processors, cause the one or more processors to perform operations comprising: deriving a cryptographic key using a first key and a second key, wherein the first key is received from a network node in a network or derived based on a parameter received from the network node, wherein at least one of the first key or the parameter is generated by the network, wherein the cryptographic key is applicable by a terminal for at least one of encrypting at least a part of data included in an application message for an application server transmitted over the network or authenticating the part of data included in the application message, wherein the terminal and the network both have access to the first key, wherein the second key is shared between the terminal and the application server, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 8. One or more non-transitory computer-readable storage media including instructions which, when executed by one or more processors, cause the one or more processors to perform operations comprising: obtaining a first key or a derivative of the first key; retrieving a second key from a storage on an application server; and deriving a cryptographic key using the obtained first key or the obtained derivative of the first key and the second key, wherein the cryptographic key is applicable by the application server for at least one of decrypting at least a part of data included in an application message for the application server transmitted from a terminal over a network or authenticating the part of data included in the application message, wherein the terminal and the network both have access to the first key, wherein the second key is shared between the terminal and the application server, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 9. A method for deriving a cryptographic key in a terminal, the method comprising: deriving the cryptographic key using a first key and a second key, wherein the first key is received by the terminal from a network node in a network or derived by the terminal based on a parameter received from the network node, wherein at least one of the first key or the parameter is generated by the network, wherein the cryptographic key is applicable by the terminal for at least one of encrypting at least a part of data included in an application message for an application server transmitted over the network or authenticating the part of data included in the application message, wherein the terminal and the network both have access to the first key, wherein the second key is shared between the terminal and the application server, wherein the network comprising the network node does not have access to the second key and the cryptographic key, and wherein the network is a telecommunications network connecting the terminal to the application server. 10. The method according to claim 9 , wherein deriving the cryptographic key using the first key and t
Assignees
Inventors
Classifications
- H04L9/32Primary
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
- H04L9/0816Primary
Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use · CPC title
Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these (network architectures or network communication protocols for key exchange in a packet data network H04L63/061) · CPC title
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11799650B2 cover?
- The invention relates to a method and system for key distribution and encryption/decryption. An encryption key (Kenc) is derived in a terminal. The encryption key is applied by the terminal for encrypting at least a part of data included in an application message for an application server transmitted over a network. The terminal and the network both have access to a first key (K1). The terminal…
- Who is the assignee on this patent?
- Koninklijke Kpn Nv, TNO, Nerderlandse Organisatie Voor Toegepast Natuurwetenschappelijk Onderzoek Tno
- What technology area does this patent fall under?
- Primary CPC classification H04L9/32. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 24 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).