최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0396464 (2012-02-14) |
등록번호 | US-8549587 (2013-10-01) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 7 인용 특허 : 557 |
A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.
1. A method for independently encrypting channels of data in a transaction, the transaction comprising a transaction message, the method comprising: encryption of a first data channel in the transaction message using a first security association; andencryption of a second data channel in the transac
1. A method for independently encrypting channels of data in a transaction, the transaction comprising a transaction message, the method comprising: encryption of a first data channel in the transaction message using a first security association; andencryption of a second data channel in the transaction message using a second security association. 2. A method according to claim 1 further comprising, encryption of an arbitrary number of additional data channels contained within the transaction message using a unique security association for each channel, wherein the first data channel consists of point-to-point control data and the second data channel consists of end-to-end content data. 3. A method according to claim 2 wherein the control data in the first data channel includes transaction authentication and routing information, and the end-to-end content data in the second data channel includes the contents of email messages, electronic files, or other electronic data. 4. A method according to claim 1 including: negotiation of a first encryption key and security association for the first data channel between a mobile device and a server operating as a transfer agent for the transaction; andnegotiation of a second encryption key and security association for the second data channel between a mobile device and a computer operating as an endpoint for the transaction; andnegotiation of a third encryption key and security association for the first data channel between the server and an endpoint. 5. A method according to claim 4 including: decryption of the first data channel at the server using the first encryption key; andre-encryption of the first data channel at the server using the third encryption key. 6. A method according to claim 5 including leaving the second data channel in the transaction at the server encrypted and unmodified. 7. A method according to claim 1 including leaving a third data channel in the transaction unencrypted. 8. A method according to claim 1 including: assigning each item in the transaction to one of the data channels;separating the different items in the transaction according to the assigned data channel;encoding the separated items into data groups;encrypting some or all of the data groups using the security associations assigned to the data channel corresponding to each data group; andencoding the processed data groups into one or more packets. 9. A method according to claim 7 including: receiving the packets;separating the contents of the packets according to the different data channels;decrypting only the separated contents which correspond to known security associations;decoding the decrypted contents into items; andprocessing the transaction according to the decoded items while the contents of data channels with unknown security associations remain encrypted and unmodified. 10. A method according to claim 1 including: encoding a first set of packets containing only the data encrypted using the first security association;encoding a second set of packets containing only the data encrypted using the second security association; andencoding a packet header that contains unencrypted data, the packet header identifying a data size for the first set of packets and the second set of packets; andtransporting the first set of packets and then transporting the second set of packets immediately after the first set of packets. 11. A mobile device, comprising: a processor configured to transmit or to receive a transaction message, the transaction message associated with a transaction, the transaction message having a first portion of data encrypted using a first security association and a second portion of data encrypted using a second security association. 12. A mobile device according to claim 11 wherein the processor is located either in a mobile device, a desktop computer, a server, or another computing node. 13. A mobile device according to claim 11 wherein the first portion of data comprises control information used for transporting the transaction over a network and the second portion of data comprises contents of a file, document, message, or document request. 14. A mobile device according to claim 11 wherein the processor is configured to send the transaction to an intermediary server for forwarding to an endpoint, the processor negotiating a point-to-point encryption key only with the intermediary server and negotiating a end-to-end encryption key only with the endpoint. 15. A mobile device according to claim 11 wherein the processor is configured to separate data items in the transaction into different channels, and is further configured to separately encode and encrypt the data channels according to the corresponding security associations. 16. A mobile device according to claim 11 wherein the processor is configured to encode the transaction into multiple packets, wherein each one of the packets contains data encrypted using the same encryption key. 17. A mobile device according to claim 11 wherein the processor is configured to generate a header that identifies a first set of the packets containing data encrypted using a first encryption key and a second set of the packets containing data encrypted using a second encryption key. 18. A system, comprising: a server configured to: receive a transaction message associated with a transaction, the transaction message containing a first portion of data encrypted using a first known encryption key and a second portion of data encrypted using a second unknown encryption key; anddecrypt the first portion of data to determine how to process the transaction while the second portion of data remains encrypted. 19. A system according to claim 11 wherein the transaction includes a third unencrypted portion of data, the server combining the decrypted first portion of data with the third unencrypted portion of data and processing the transaction according to the combined first and third portions of data. 20. A system according to claim 19 wherein the server is further configured to: re-encrypt at least some of the decrypted first portion of data using a third encryption key; andcombine the re-encrypted first portion of data with the encrypted second portion of data to form a new transaction. 21. A system according to claim 20, further including multiple servers each configured to perform different operations on the transaction while being transported between two endpoints, the multiple servers configured to negotiate point-to-point encryption keys and to encrypt portions of the transaction using the negotiated encryption keys when the transaction is transported between the multiple servers. 22. A method for encrypting information, comprising: associating different types of items in transaction messages associated with transactions with different security associations;processing various different transactions at the network processing device;correlating security associations with different channels in each of the transaction messages. 23. A method according to claim 22 including: encrypting or decrypting the items in the transactions according to the corresponding security associations;configuring the network processing device with different security associations containing encryption keys, the security associations correlated with at least some of the data channels;decrypting only the items from the data channels having corresponding known security associations with configured encryption keys, while keeping the channels without known security associations encrypted; andprocessing the transactions according to the decrypted items. 24. A method according to claim 23 including: re-encrypting only the items in the processed transactions having corresponding security associations while preserving unmodified the data channels without known security associations; andtransporting the transactions containing re-encrypted and/or unmodified data channels to an endpoint. 25. A method according to claim 22 including: separating items in the received transactions into channels associated with the different security associations;encoding the items in each channel into bit arrays; andencrypting or decrypting the bit arrays for each channel according to the associated encryption. 26. A method according to claim 22 including configuring the network processing device with an encryption schema that associates different types of items in the transactions with the different security associations, the network processing device encrypting or decrypting items in various received or transmitted transactions according to the configured encryption schema. 27. A method according to claim 26 including configuring the network processing device with the encryption schema by loading a list of the security associations into the network processing device, the list indexing the different items.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.