Two-tiered communication security employing asymmetric session keys
First Claim
1. A telecommunication link encryptor/decryptor for data comprising:
- a first line for transceiving plain text and a second line for transceiving cipher text;
a first means for storing a master key, said master key being utilized for encrypting session encryptor keys;
a second means for storing a session encryptor key, said session encryptor key being utilized to encrypt data to be transmitted;
a third means for storing a session decryptor key, said session decryptor key being utilized for decrypting data which has been received in cipher form, said session encryptor key differing from said session decryptor key; and
cipher means connected to said first and said second lines and responsive to said second and third storing means for enciphering plain text under said session encryptor key for transmission on said second line and for deciphering cipher text under said session decryptor key for transmission on said first line.
3 Assignments
0 Petitions
Accused Products
Abstract
Communications security between a host computer and another remote computer or terminal is ensured by a means of a two-tiered cryptographic communications security device and procedure. A master key is used to encrypt a first session key. The session key encrypted under the master key is transmitted from a remote facility to a host computer. At the host computer, the session key is decrypted and stored, a second and different session key is then generated, encrypted under the master key and transmitted to the remote facility where it is utilized as the facilities session decryptor key. Because the session key utilized for transmission of data between the remote facility and the host differs from the session key utilized for transmission of data between the host and the remote facility, communications security is increased.
175 Citations
12 Claims
-
1. A telecommunication link encryptor/decryptor for data comprising:
-
a first line for transceiving plain text and a second line for transceiving cipher text; a first means for storing a master key, said master key being utilized for encrypting session encryptor keys; a second means for storing a session encryptor key, said session encryptor key being utilized to encrypt data to be transmitted; a third means for storing a session decryptor key, said session decryptor key being utilized for decrypting data which has been received in cipher form, said session encryptor key differing from said session decryptor key; and cipher means connected to said first and said second lines and responsive to said second and third storing means for enciphering plain text under said session encryptor key for transmission on said second line and for deciphering cipher text under said session decryptor key for transmission on said first line. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a data communication network including a host interconnected to a facility at a remote location by a telecommunication link, a data security system comprising:
a first link encryptor/decryptor connected between said facility and said link, said first encryptor/decryptor having; a first means for storing a master key, said master key being utiized for enciphering session encryptor/decryptor keys; a second means for storing a facility session encryptor key, said facility session encryptor key being utilized to encrypt data to be transmitted from said remote location; a third means for storing a facility session decryptor key, said facility session decryptor key being utilized for decrypting data received at said remote location, said facility session decryptor key differing from said facility session encryptor key; and cipher means responsive to said second and third storing means, said cipher means for enciphering plain text from said facility under said facility session encryptor key for transmission to said host and for deciphering cipher text from said host under said facility session decryptor key for transmission to said facility. - View Dependent Claims (8, 9, 10, 11)
-
12. A method for transmitting data in a secure manner between a terminal and a host comprising:
-
generating a terminal session encryptor key at said terminal; encrypting said terminal session encryptor key under a master key; transmitting said master key encrypted terminal session encryptor key to said host; decrypting said master key encrypted terminal session encryptor key at said host to form a host session decryptor key; automatically generating a host session encryptor key upon receipt of said master key encrypted terminal session encryptor key, said host session encryptor key being different from said terminal session encryptor key; encrypting said host session encryptor key under said master key; transmitting said master key encrypted host session encryptor key to said terminal; decrypting said master key encrypted host session encryptor key at said terminal to form a terminal session decryptor key; and thereafter transmitting data from said terminal to said host under said terminal session encryptor key and from said host to said terminal under said host session encryptor key.
-
Specification