Secure Cryptographic Communication System Using Kem-Dem
First Claim
1. A secure communication system comprising:
- a communications network;
at a sending location on said network;
(i) an encapsulator (1) for providing (a) a session key (K), and (b) a plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), each said encryption corresponding to a respective receiving location (1 to n) on said network; and
(ii) a symmetric encryptor (3) for utilising said session key (K) to encrypt a message (M); and
, at each said receiving location (1 to n) on said network;
(i) a decapsulator (5) for decrypting the encryption of said plurality of encryptions (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)) which corresponds to that receiving location (1 to n) to provide said session key (K); and
(ii) a symmetric decryptor (7) for utilising the session key (K) to decrypt the message (M), said encapsulator (1) comprising;
a pseudo random number generator (51 or 91);
symmetric key derivation means (55 or 95) for deriving said session key (K) from a first random number (N) generated by said pseudo random number generator (51 or 91);
means (53 or 93) for utilising said first random number (N) to generate a second random number (r); and
means (57-0 to 57-n and 59-1 to 59-n, or 97-1 to 97-n and 99-1 to 99-(n−
1) and 101-(−
1) to 101-(n−
1) and 103 and 105 and 107) for utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and ski to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said second random number (r) and said first random number (N) to generate said plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), said decapsulator (5) at each receiving location (1 to n) comprising;
means (71, 73, 75, or 111, 113, 115 or 131, 133, 135, 137, 139, 141) for utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption (Ei(K)) corresponding to the receiving location to recover said first random number (N); and
a further symmetric key derivation means (77, or 117 or 143) for deriving said session key (K) from said first random number (N).
3 Assignments
0 Petitions
Accused Products
Abstract
A secure communication system comprising: a communications network; at a sending location on said network: (i) an encapsulator (1) for providing (a) a session key (K), and (b) plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), each said encryption corresponding to a respective receiving location (1 to n) on said network; and (ii) a symmetric encryptor (3) for utilising said session key (K) to encrypt a message (M); and, at each said receiving location (1 to n) on said network: (i) a decapsulator (5) for decrypting the encryption of said plurality of encryptions (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)) which corresponds to that receiving location (1 to n) to provide said session key (K); and (ii) a symmetric decryptor (7) for utilising the session key (K) to decrypt the message (M), said encapsulator (1) comprising: a pseudo random number generator (51 or 91); symmetric key derivation means (55 or 95) for deriving said session key (K) from a first random number (N) generated by said pseudo random number generator (51 or 91); means (53 or 93) for utilising said first random number (N) to generate a second random number (r); and means (57-0 to 57-n and 59-1 to 59-n, or 97-1 to 97-n and 99-1 to 99-(n−1) and 101-(−1) to 101-(n−1) and 103 and 105 and 107) for utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and sk1 to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said second random number (r) and said first random number N to generate said plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3 (K) . . . Ei(K) . . . En(K)), said decapsulator (5) at each receiving location (1 to n) comprising: means (71, 73, 75, or 111, 113, 115 or 131, 133, 135, 137, 139, 141) for utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption (Ei(K)) corresponding to the receiving location to recover said first random number (N); and a further symmetric key derivation means (77, or 117 or 143) for deriving said session key (K) from said first random number (N).
-
Citations
8 Claims
-
1. A secure communication system comprising:
- a communications network;
at a sending location on said network;
(i) an encapsulator (1) for providing (a) a session key (K), and (b) a plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), each said encryption corresponding to a respective receiving location (1 to n) on said network; and
(ii) a symmetric encryptor (3) for utilising said session key (K) to encrypt a message (M); and
, at each said receiving location (1 to n) on said network;
(i) a decapsulator (5) for decrypting the encryption of said plurality of encryptions (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)) which corresponds to that receiving location (1 to n) to provide said session key (K); and
(ii) a symmetric decryptor (7) for utilising the session key (K) to decrypt the message (M), said encapsulator (1) comprising;
a pseudo random number generator (51 or 91);
symmetric key derivation means (55 or 95) for deriving said session key (K) from a first random number (N) generated by said pseudo random number generator (51 or 91);
means (53 or 93) for utilising said first random number (N) to generate a second random number (r); and
means (57-0 to 57-n and 59-1 to 59-n, or 97-1 to 97-n and 99-1 to 99-(n−
1) and 101-(−
1) to 101-(n−
1) and 103 and 105 and 107) for utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and ski to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said second random number (r) and said first random number (N) to generate said plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), said decapsulator (5) at each receiving location (1 to n) comprising;
means (71, 73, 75, or 111, 113, 115 or 131, 133, 135, 137, 139, 141) for utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption (Ei(K)) corresponding to the receiving location to recover said first random number (N); and
a further symmetric key derivation means (77, or 117 or 143) for deriving said session key (K) from said first random number (N).
- a communications network;
-
2. A secure communication system comprising:
- a communications network;
at a sending location on said network an encryptor (1) for providing a plurality of asymmetric encryptions of a message (M), each said encryption corresponding to a respective receiving location (1 to n) on said network, said encryptor comprising;
means (53 or 93) for deriving from said message (M) a first random number (r); and
means (57-0 to 57-n and 59-1 to 59-n, or 97-1 to 97-n and 99-1 to 99-(n−
1) and 101-(−
1) to 101-(n−
1) and 103 and 105 and 107) for utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and sk1 to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said first random number (r) and said message (M) to generate said plurality of asymmetric encryptions of the message; and
, at each said receiving location (1 to n) on said network a decryptor (5) for decrypting the encryption of said plurality of encryptions which corresponds to that receiving location (1 to n) to provide said message (M), said decryptor (5) comprising means (71, 73, 75, or 111, 113, 115 or 131, 133, 135, 137, 139, 141) for utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption corresponding to the receiving location to recover the message (M). - View Dependent Claims (3, 4)
- a communications network;
-
5. A secure communication method comprising:
- at a sending location on a communications network;
(i) providing (a) a session key (K), and (b) a plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), each said encryption corresponding to a respective receiving location (1 to n) on said network; and
(ii) utilising said session key (K) to encrypt symmetrically a message (M; and
, at each said receiving location (1 to n) on said network;
(i) decrypting the encryption of said plurality of encryptions (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)) which corresponds to that receiving location (1 to n) to provide said session key (K); and
(ii) utilising the session key (K) to decrypt the message (M), said step (i) carried out at the sending location comprising;
generating a first random number (N);
deriving said session key (K) from said first random number (N);
utilising said first random number (N) to generate a second random number (r); and
utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and sk1 to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said second random number (r) and said first random number (N) to generate said plurality of asymmetric encryptions of the session key (E1(K), E2(K), E3(K) . . . Ei(K) . . . En(K)), said step (i) carried out at each receiving location (1 to n) comprising;
utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption (Ei(K)) corresponding to the receiving location to recover said first random number (N); and
deriving said session key (K) from said first random number (N).
- at a sending location on a communications network;
-
6. A secure communication method comprising:
- at a sending location on a communications network providing a plurality of asymmetric encryptions of a message (M), each said encryption corresponding to a respective receiving location (1 to n) on said network, said step of providing said plurality of asymmetric encryptions comprising;
deriving from said message (M) a first random number (r); and
utilising the first keys (pk1 to pkn, or id1 to idn) of asymmetric encryption key pairs (pk1 to pkn and sk1 to skn, or id1 to idn and S1 to Sn) of the intended recipients at the receiving locations (1 to n) together with said first random number (r) and said message (M) to generate said plurality of asymmetric encryptions of the message; and
, at each said receiving location (1 to n) on said network decrypting the encryption of said plurality of encryptions which corresponds to that receiving location (1 to n) to provide said message (M), said step of decrypting comprising utilising the second key (ski or Si) of the asymmetric encryption key pair (pki and ski, or idi and Si) of the recipient at the receiving location together with the asymmetric encryption corresponding to the receiving location to recover the message (M). - View Dependent Claims (7, 8)
- at a sending location on a communications network providing a plurality of asymmetric encryptions of a message (M), each said encryption corresponding to a respective receiving location (1 to n) on said network, said step of providing said plurality of asymmetric encryptions comprising;
Specification