KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY

US 20100169645A1
Filed: 10/22/2009
Published: 07/01/2010
Est. Priority Date: 12/30/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

selecting a plaintext message to be authenticated and encrypted;

selecting an associated data to be authenticated and transmitted, but not encrypted;

creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner;

creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message, and the data key;

creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key;

generating a communication comprising at least the encrypted data key and the ciphertext message;

wherein each of the above steps is performed by one or more processors.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system for authenticating, encrypting, and transmitting a secret communication, where the encryption key is transmitted along with the encrypted message, is disclosed. In an embodiment, a first transmitting processor encrypts a plaintext message to a ciphertext message using a data key, encrypts the data key using a key encrypting key, and sends a communication comprising the encrypted data key and the ciphertext message. A second receiving processor receives the communication and then decrypts the encrypted data key using the key encrypting key and decrypts the ciphertext message using the data key to recover the plaintext message.

Citations

30 Claims

1. A computer-implemented method comprising:
- selecting a plaintext message to be authenticated and encrypted;
  
  selecting an associated data to be authenticated and transmitted, but not encrypted;
  
  creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner;
  
  creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message, and the data key;
  
  creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key;
  
  generating a communication comprising at least the encrypted data key and the ciphertext message;
  
  wherein each of the above steps is performed by one or more processors.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - parsing the communication into at least the encrypted data key and the ciphertext message;
      
      regenerating the data key, wherein the data key is a function of at least the encrypted data key, and the key encrypting key;
      
      performing an authentication test on the encrypted data key, and the key encrypting key;
      
      determining that the data key is authentic only when all of the encrypted data key, and the key encrypting key are authentic according to the authentication test;
      
      generating and communicating a failure indication when at least one of the encrypted data key and the key encrypting key is not authentic according to the authentication test;
      
      regenerating the plaintext message, wherein the plaintext message is a function of at least the ciphertext message, and the data key, wherein the plaintext message comprises a failure indication if at least one of the ciphertext message and the data key is not authentic according to the authentication test;
      
      wherein each of the above steps is performed by one or more processors.
  - 3. The method of claim 1, wherein the communication comprises a data packet comprising an internet protocol header, an encapsulating security payload header, an initialization vector, a decryption context, an encrypted region, and an integrity check value.
  - 4. The method of claim 3, wherein the decryption context comprises the encrypted data key and instructions regarding how a decryptor can decrypt and process the encrypted data key.
  - 5. The method of claim 4, wherein the instructions comprise key management information received from a Logical Key Hierarchy (LKH) group key management protocol or a Subset-Difference key management method.
  - 6. The method of claim 1, wherein the encrypted data key is derived using any of AES-CCM (Advanced Encryption Standard, Counter with Cipher Block Chaining Message Authentication Code), AES-CBC and AES-GCM (Galois/Counter Mode).
  - 7. The method of claim 3, wherein an Internet Protocol security (IPsec) Encapsulating Security Payload (ESP) Transform describes the decryption context (DC) in a ciphertext field, following an initialization vector (IV) and optionally a sequence number and preceding the ciphertext, and wherein the IV and the DC are in an ESP Payload Data field.
  - 8. The method of claim 1, further comprising creating the key encrypting key using any of Electronic Codebook (ECB) encryption of Advanced Encryption Standard 128-bit (AES-128) keys, and AES in Key Wrap mode with a 256-bit encryption key.
  - 9. The method of claim 1, further comprising distributing the key encrypting key to a plurality of group members using Group Domain of Interpretation (GDOI).
  - 10. The method of claim 1, performed as part of a transport layer security (TLS) protocol, or as part of secure real time protocol (RTP), or as part of secure shell (SSH) communications.
  - 11. The method of claim 3, performed as part of Internet Key Exchange (IKE) or as part of Group Domain of Interpretation (GDOI) and in which the decryption context is conveyed as an octet string to be associated with a Encapsulating Security Payload (ESP) Security Association (SA).
  - 12. The method of claim 1, further comprising setting the key encrypting key as expired, continuing to use the key encrypting key for decryption but not for encryption, and initiating using a new key encrypting key for both decryption and encryption.

13. An apparatus, comprising:
- a data storage medium storing;
  
  a key encrypting key;
  
  a plaintext message to be authenticated, encrypted, and transmitted;
  
  an associated data to be authenticated and transmitted, but not encrypted;
  
  logic configured to generate;
  
  a data key in a uniformly random or pseudorandom manner;
  
  a nonce that is either unique for any particular value of the data key or zero-length;
  
  a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is determined from at least the plaintext message, the data key, and the nonce;
  
  an encrypted data key, wherein the encrypted data key is derived from at least the data key and the key encrypting key;
  
  logic configured to generate the communication comprising at least the encrypted data key, the ciphertext message and the associated data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The apparatus of claim 13, further comprising:
    - logic configured to parse the communication into at least the encrypted data key, the ciphertext message and the associated data, and to reconstruct or receive the nonce;
      
      logic configured to regenerate the data key, wherein the data key is a function of at least the encrypted data key and the key encrypting key, and to regenerate the authentic data key if all of the encrypted data key, the key encrypting key, and the nonce are authentic and to generate a failure indication if at least one of the encrypted data key, the key encrypting key, and the nonce is not authentic;
      
      logic configured to regenerate the plaintext message, wherein the plaintext message is a function of at least the ciphertext message, the data key, and the nonce, and to regenerate the authentic plaintext message if all of the ciphertext message, the data key, and the nonce are authentic and to generate a failure indication if at least one of the ciphertext message, the data key, and the nonce is not authentic.
  - 15. The apparatus of claim 13, wherein a first device contains logic configured to generate the data key and to encrypt the data, and a second device comprises a data storage medium storing the key encrypting key and is configured to generate the decryption context associated to the data key and to return the decryption context to the first device.
  - 16. The apparatus of claim 13, wherein the communication comprises a data packet comprising an internet protocol header, an encapsulating security payload header, an initialization vector, a decryption context, an encrypted region, and an integrity check value.
  - 17. The apparatus of claim 16, wherein the decryption context comprises the encrypted data key and instructions regarding how a decryptor can decrypt and process the encrypted data key.
  - 18. The apparatus of claim 17, wherein the instructions comprise key management information received from a Logical Key Hierarchy (LKH) group key management protocol or a Subset-Difference key management method.
  - 19. The apparatus of claim 13, further comprising logic configured to derive the encrypted data key using any of AES-CCM (Advanced Encryption Standard, Counter with Cipher Block Chaining Message Authentication Code), AES-CBC and AES-GCM (Galois/Counter Mode).
  - 20. The apparatus of claim 16, wherein an Internet Protocol security (IPsec) Encapsulating Security Payload (ESP) Transform describes the decryption context (DC) in a ciphertext field, following an initialization vector (IV) and optionally a sequence number and preceding the ciphertext, and wherein the IV and the DC are in an ESP Payload Data field.
  - 21. The apparatus of claim 13, further comprising logic configured to create the key encrypting key using any of Electronic Codebook (ECB) encryption of Advanced Encryption Standard 128-bit (AES-128) keys, and AES in Key Wrap mode with a 256-bit encryption key.
  - 22. The apparatus of claim 13, further comprising logic configured to distribute the key encrypting key to a plurality of group members using Group Domain of Interpretation (GDOI).
  - 23. The apparatus of claim 13, further comprising logic configured to operate the apparatus as part of a transport layer security (TLS) protocol, or as part of secure real time protocol (RTP), or as part of secure shell (SSH) communications.
  - 24. The apparatus of claim 16, further comprising logic configured to operate the apparatus as part of Internet Key Exchange (IKE) or as part of Group Domain of Interpretation (GDOI) and in which the decryption context is conveyed as an octet string to be associated with a single Encapsulating Security Payload (ESP) Security Association (SA).
  - 25. The apparatus of claim 13, further comprising logic configured to cause setting the key encrypting key as expired, continuing to use the key encrypting key for decryption but not for encryption, and initiating using a new key encrypting key for both decryption and encryption.

26. A computer-readable storage medium storing one or more sequences of instructions which, when executed by one or more processors, cause performing:
- selecting a plaintext message to be authenticated, encrypted and transmitted;
  
  selecting an associated data to be authenticated and transmitted, but not encrypted;
  
  creating and storing a data key to encrypt the plaintext message in a uniformly random or pseudorandom manner;
  
  creating and storing a ciphertext message, wherein the ciphertext message is at least as long as the plaintext message and is derived from at least the plaintext message and the data key;
  
  creating and storing an encrypted data key, wherein the encrypted data key is derived from at least the data key, and a key encrypting key;
  
  generating a communication comprising at least the encrypted data key, the ciphertext message, and the associated data;
  
  wherein each of the above steps is performed by one or more processors.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The computer-readable storage medium of claim 26, further comprising instructions which when executed cause:
    - parsing the communication into at least the encrypted data key, the ciphertext message, and the associated data;
      
      regenerating the data key, wherein the data key is a function of at least the encrypted data key, and the key encrypting key;
      
      performing an authentication test on the encrypted data key and the key encrypting key;
      
      determining that the data key is authentic only when all of the encrypted data key and the key encrypting key are authentic according to the authentication test;
      
      generating and communicating a failure indication when at least one of the encrypted data key and the key encrypting key is not authentic according to the authentication test;
      
      regenerating a plaintext message, wherein the plaintext message is a function of at least the ciphertext message and the data key, wherein the plaintext message comprises a failure indication if at least one of the ciphertext message and the data key is not authentic according to the authentication test;
      
      wherein each of the above steps is performed by one or more processors.
  - 28. The computer-readable data storage medium of claim 26, wherein the communication comprises a data packet comprising an internet protocol header, an encapsulating security payload header, an initialization vector, a decryption context, an encrypted region, and an integrity check value.
  - 29. The computer-readable data storage medium of claim 28, wherein the decryption context comprises the encrypted data key and instructions regarding how a decryptor can decrypt and process the encrypted data key.
  - 30. The computer-readable medium of claim 29, wherein the instructions comprise key management information received from a Logical Key Hierarchy (LKH) group key management protocol or a Subset-Difference key management method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Weis, Brian E., McGrew, David A., Maino, Fabio R.

Granted Patent

US 8,356,177 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0822   using key encryption key

H04L 9/0833   involving conference or gro...

H04L 9/3242   involving keyed hash functi...

KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

KEY TRANSPORT IN AUTHENTICATION OR CRYPTOGRAPHY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links