Secure transport channel using multiple cipher suites
US-9923923-B1 · Mar 20, 2018 · US
Mutual secure communications
US11824853B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11824853-B2 |
| Application number | US-202217883162-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 8, 2022 |
| Priority date | Apr 5, 2019 |
| Publication date | Nov 21, 2023 |
| Grant date | Nov 21, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.
First claim
Opening claim text (preview).
The invention claimed is: 1. A first device comprising: one or more processors; and memory storing instructions, when executed by the one or more processors, cause the first device to: determine a second device for receipt of data; determine certificate data associated with the first device; encrypt the certificate data, using a public key associated with the second device, to generate encrypted certificate data that comprises an encrypted version of the certificate data; generate request data comprising: the certificate data; and the encrypted certificate data comprising the encrypted version of the certificate data; send the request data; and establish, based on the request data, a secure communication channel. 2. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the first device to: generate a nonce; generate a timestamp; generate an indication of a type of the certificate data; and include the nonce, the timestamp, and the indication of the type in the request data. 3. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the first device to encrypt the request data using a private key associated with the first device. 4. The first device of claim 1 , wherein the request data is included in a header of a message. 5. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the first device to receive, from a certificate authority, the certificate data. 6. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the first device to encode, using a Base64 encoding, the request data. 7. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the first device to establish, based on the request data, the secure communication channel by: sending, to an intermediate device, a request message; and receiving, from the intermediate device, a response message. 8. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, cause the first device to establish, based on the request data, the secure communication channel by receiving a message from an intermediate device, the message indicating at least one of: a chosen protocol version, a random number, a cipher suite, a compression method, a session identifier, a public key associated with the intermediate device, or the public key associated with the second device. 9. The first device of claim 1 , wherein the instructions, when executed by the one or more processors, further cause the first device to send, to the second device and via an intermediate device, data that is encrypted by the first device, wherein the first device and the second device are managed by a first service provider, and the intermediate device is managed by a second service provider. 10. The first device of claim 9 , wherein the intermediate device is an endpoint of the secure communication channel established between the first device and the second device. 11. A non-transitory computer-readable medium storing instructions, when executed, cause a first device to: determine a second device for receipt of data; determine certificate data associated with the first device; encrypt the certificate data, using a public key associated with the second device, to generate encrypted certificate data that comprises an encrypted version of the certificate data; generate request data comprising: the certificate data; and the encrypted certificate data comprising the encrypted version of the certificate data; send the request data; and establish, based on the request data, a secure communication channel. 12. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, further cause the first device to: generate a nonce; generate a timestamp; generate an indication of a type of the certificate data; and include the nonce, the timestamp, and the indication of the type in the request data. 13. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, further cause the first device to encrypt the request data using a private key associated with the first device. 14. The non-transitory computer-readable medium of claim 11 , wherein the request data is included in a header of a message. 15. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, further cause the first device to receive, from a certificate authority, the certificate data. 16. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, further cause the first device to encode, using a Base64 encoding, the request data. 17. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, cause the first device to establish, based on the request data, the secure communication channel by: sending, to an intermediate device, a request message; and receiving, from the intermediate device, a response message. 18. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, cause the first device to establish, based on the request data, the secure communication channel by receiving a message from an intermediate device, the message indicating at least one of: a chosen protocol version, a random number, a cipher suite, a compression method, a session identifier, a public key associated with the intermediate device, or the public key associated with the second device. 19. The non-transitory computer-readable medium of claim 11 , wherein the instructions, when executed, further cause the first device to send, to the second device and via an intermediate device, data that is encrypted by the first device, wherein the first device and the second device are managed by a first service provider, and the intermediate device is managed by a second service provider. 20. The non-transitory computer-readable medium of claim 19 , wherein the intermediate device is an endpoint of the secure communication channel established between the first device and the second device. 21. A second device comprising: one or more processors; and memory storing instructions, when executed by the one or more processors, cause the second device to: receive, from an intermediate device, request data comprising: certificate data associated with a first device; and encrypted certificate data comprising an encrypted version of the certificate data; decrypt the encrypted certificate data using a private key associated with the second device to obtain decrypted certificate data; validate the request data based on the decrypted certificate data and the certificate data; and verify an identity of the first device based on the certificate data. 22. The second device of claim 21 , wherein the instructions, when executed by the one or more processors, further cause the second device to decrypt the request data using a public key associated with the first device. 23. The second device of claim 21 , wherein the instructions, when executed by the one or more processors, further cause the second device to decode, using a Base64 decoding, the request data. 24. The second device of claim 21
Assignees
Inventors
Classifications
- H04L63/0869Primary
for achieving mutual authentication (cryptographic mechanisms or cryptographic arrangements for mutual authentication H04L9/3273) · CPC title
involving a third party or a trusted authority · CPC title
involving digital signatures · CPC title
using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL] · CPC title
involving time stamps, e.g. generation of time stamps · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11824853B2 cover?
- A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through t…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0869. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).