System and method for securing a communication channel over an optical network
First Claim
1. A method for securing a communications channel having perfect forward secrecy comprising the steps of:
- receiving an authorization request message comprising an asymmetric key;
in response to receiving an authorization request message, selecting a symmetric key parameter;
calculating a key exchange parameter based on the symmetric key parameter;
encrypting the key exchange parameter with the symmetric key; and
sending an authorization response message comprising the encrypted asymmetric key exchange parameter.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method establishes a secure communication channel over an optical network. More specifically, the system and method can generally include securing a communications channel to prevent unauthorized access such as eavesdropping or masquerading by employing 1) an encryption scheme derived from the non-linear filtering of shift registers, 2) a method for authenticating and exchanging parameters between two parties over an unsecured data channel for deriving a shared encryption key having a property of perfect forward secrecy, and 3) employing a unique format of the messages that can transport non-secret key exchange parameters over an unsecured data channel and secure communications over a data channel.
187 Citations
35 Claims
-
1. A method for securing a communications channel having perfect forward secrecy comprising the steps of:
-
receiving an authorization request message comprising an asymmetric key;
in response to receiving an authorization request message, selecting a symmetric key parameter;
calculating a key exchange parameter based on the symmetric key parameter;
encrypting the key exchange parameter with the symmetric key; and
sending an authorization response message comprising the encrypted asymmetric key exchange parameter. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for securing a communications channel having perfect forward secrecy comprising the steps of:
-
receiving an authorization response message comprising an encrypted first asymmetric key exchange parameter;
in response to receiving the authorization response message, decrypting the encrypted asymmetric key exchange parameter;
selecting a secret key parameter; and
calculating a second asymmetric key exchange parameter based on the secret key parameter; and
calculating a shared asymmetric encryption key based on the secret key parameter and the first asymmetric key exchange parameter. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for generating non-linear ciphertext derived from a linear source comprising the steps of:
-
selecting a first tap and a second tap in a register;
combining an output of the first tap with an output of the second tap;
calculating a first value from a logical “
and”
operation taken between the outputs of the first and second taps;
selecting a third output bit of the register;
combining the first value with the third output bit of the register;
calculating a second value from an exclusive “
or”
operation taken between the first value and the least significant output bit of the register; and
forming ciphertext derived from plain text and the second value. - View Dependent Claims (14, 15, 16)
-
-
19. A laser transceiver node comprising:
-
an optical tap routing device for apportioning the bandwidth between subscribers of an optical network system, the optical tap routing device further operable for;
selecting a symmetric key parameter;
calculating a key exchange parameter based on the symmetric key parameter;
encrypting the key exchange parameter with the symmetric key;
a tap multiplexer coupled to the optical tap routing device for multiplexing upstream and downstream signals. - View Dependent Claims (17, 18, 20, 21, 22, 23)
-
-
24. A subscriber optical interface comprising:
a processor for controlling the digital optical transmitter and receiver, the processor further operable for;
receiving a message comprising an encrypted first asymmetric key exchange parameter;
in response to receiving the message, decrypting the encrypted asymmetric key exchange parameter;
selecting a secret key parameter; and
calculating a second asymmetric key exchange parameter based on the secret key parameter. - View Dependent Claims (25, 26, 27, 28)
-
29. A system for securing communications channels, comprising:
a register comprising;
a first tap and a second tap for calculating a first value taken between the outputs of the first and second taps, the output between the first tap and second tap comprising a non-linear value;
an output of the register taken between the first value and a third output bit of the register; and
a new bit comprising an operation taken between the taps of the register. - View Dependent Claims (30, 31, 32, 33, 34, 35)
Specification