Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-09-21
2001-11-13
Hayes, Gail (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S151000, C713S181000, C380S223000, C380S260000, C380S262000
Reexamination Certificate
active
06317831
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to wireless networks, and more particularly, to secure data transmissions over wireless networks.
2. Description of the Related Art
Wireless networks are often used to transmit messages from one location in a network to a destination location in the network. These messages contain data to be supplied to the destination location. More specifically, the messages include a header portion and a data portion. The header portion includes an address of the destination location, and the data portion contains data. The destination location is, for example, a mobile device or a server. A mobile device typically interacts with wireless networks to receive various types of notifications or to request and receive data from another network to which the wireless network is connected.
FIG. 1
is a block diagram of a conventional wireless communication network
100
. The wireless communication system
100
includes a sever
102
, a wireless network
104
, and mobile devices
106
. There are n mobile devices
106
-
1
through
106
-n. The server
102
is typically a computer system that operates to send and receive messages to and from the mobile devices
106
. The messages are often blocks of data that are to be transmitted to the mobile device
106
. As examples, the data can pertain to various types of notifications, electronic mail, news data, configuration information, data files, library files, program files, etc. The messages can also be requests for information (e.g., certain data) that are transmitted from the mobile devices
106
to the server
102
. The server
102
may also connect to other wired or wireless networks to receive messages from or forward messages to other computer systems. As an example, the server
102
can be connected to the Internet. For example, the server
102
can be a proxy server (or link server) coupled to the Internet or a network gateway coupled to a network. The tremendous growth of the Internet in recent years has fueled the need to provide mobile devices such as mobile telephones, personal digital assistants (PDAs) and the like with access to information and services available on the Internet.
The wireless network
104
typically uses radio transmissions to communicate with the mobile devices
106
. The wireless network
104
can use a variety of different networks and communication protocols. Examples of wireless networks include Cellular Digital Packet Data (CDPD), Global System for Mobile Communications (GSM), Code Division Multiple Access (CDMA) and Time Division Multiple Access (TDMA) to name a few, and each of these wireless networks has different data transfer characteristics such as latency, bandwidth, protocols and connection methods. As examples, protocols can be Internet Protocol (IP), Short Messaging System (SMS) and Unstructured Supplementary Service Data (USSD), and connection methods can include packet switched or circuit switched.
As an example, a message to be sent by the server
102
to the mobile device
106
-
2
would contain an address that particularly identifies the mobile device
106
-
2
. The message is then provided by the server
102
to the wireless network
104
. For example, one wireless data network is a packet switched network using a Small Message Server Center (SMSC) which has a relatively small packet size (e.g., 140 bytes). The wireless network
104
causes the message to be properly routed to the mobile device
106
-
2
(i.e., in accordance with the address). The transmission between the wireless network
104
and mobile device
106
-
2
is wireless. The mobile device
106
-
2
receives the message that has been transmitted the wireless network
104
. The mobile device
106
-
2
can then store the message and perform predetermined processing actions such as, for example, notifying a user of the mobile device
106
-
2
of the reception of the message.
Before transmitting messages or data between the server
102
and the mobile devices
106
, a connection between the server
102
and the particular one of the mobile devices
106
needs to be made, unless already established. Additionally, when the data to be transmitted is private or confidential, then a secure connection is to be used. A secure connection is a type of connection in which security measures are taken so that only the sender and desired receiver can understand the data. The security measures are implemented by cryptographic techniques such as encryption. Cryptographic techniques are described in detail in Schneier, “Applied Cryptography,” Second Edition, John Wiley & Sons, Inc. (1996), which is hereby incorporated by reference.
A secure connection is established in accordance with protocols concerning transmissions over wireless networks. Examples of protocols that are able to provide secure connections include Handheld Device Transport Protocol (HDTP) and Wireless Transport Layer Security (WTLS). HDTP is described in “HDTP Draft Specification,” version 1.1 (1997), and is hereby incorporated by reference. The WTLS is the security layer protocol for Wireless Application Protocol (WAP). WTLS is described in “Wireless Application Protocol Wireless Transport Layer Security” (WAP WTLS), Wireless Application Forum, Apr. 30, 1998, and is hereby incorporated by reference.
One problem with the conventional approach to establishing a secure connection is that it requires a two-way data channel. As examples, both the HDTP and the WTLS protocols require a handshake operation between the server and a mobile device to establish a secure connection. Conventionally, the two-way data channel is needed to provide the handshake operation. As a result, one-way data channels have not been able to utilize the security features of protocols that require a handshake operation.
In some wireless networks, the server and the mobile devices can be connected by two or more channels. In one case, the server and mobile devices can be connected over a one-way data channel and a two-way data channel. A representative network (e.g., GSM) having such characteristics can use a Short Message Service Center (SMSC) to provide the one-way data channel and an Interworking Function (IFW) to provide the two-way data channel. In such a network, the one-way data channel is often considered a narrowband channel and the two-way data channel is often considered a wideband channel. As an example, the narrowband channel can transfer data at a rate of about 400 bits per second (bps), while the wideband channel can transfer data at a rate of at least 14400 bps. It is thus not uncommon that a server and a mobile device be connected (or connectable) by both a two-way channel and a one-way channel. Typically, the server and the client will decide to use either or both of the channels depending on the urgency of the data, the cost willing to incur, etc. Use of a two-way channel often causes the mobile device to incur charges (i.e., fees) from a carrier that provides the service to the mobile device. In contrast, use of a one-way, narrowband channel is often available at no cost or at a fixed cost regardless of usage. The one-way channel, however, is not able to establish secure connections because the conventional approaches to security require a two-way channel. This seriously impedes the secure transmission of data over one-way channels.
Thus, there is a need for improved approaches to providing secure data transmissions over one-way channels.
SUMMARY OF THE INVENTION
Broadly speaking, the invention relates to improved techniques for facilitating secure data transfer over one-way data channels or narrowband channels. Often, these channels are wireless channels provided by wireless data networks. The invention enables cryptographic handshake operations for a one-way data channel to be performed over a companion two-way data channel so that the one-way data channel is able to effectively satisfy security protocols that require two-way communications for the cryptographic handshake operations. Once the cryptographic handshake
Beyer Weaver & Thomas LLP
Darrow Justin T.
Hayes Gail
Openwave Systems Inc.
LandOfFree
Method and apparatus for establishing a secure connection... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for establishing a secure connection..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for establishing a secure connection... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2613638