Method for encryption and transmission of digital keying data

US 4,731,840 A
Filed: 05/06/1985
Issued: 03/15/1988
Est. Priority Date: 05/06/1985
Status: Expired due to Fees

First Claim

Patent Images

1. A cryptographic method for encrypting, transmitting and decrypting keying data between a master unit and at least one remote unit, comprising the steps of:

storing in said master unit and in said remote unit a plurality of key encryption keys, said key encryption keys being addressed by means of a common addressing system in each unit;

generating a first storage address effective to identify a master key encryption key from said plurality of key encryption keys;

indexing said first storage address by a first predetermined amount to define a second storage address effective to identify a first key encryption key from said plurality of key encryption keys;

indexing said first storage address by a second predetermined amount to define a third storage address effective to identify a second key encryption key from said plurality of key encryption keys;

generating a data encryption key in said master unit, using said first key encryption key;

encrypting said data encryption key using said second key encryption key to produce an encrypted data encryption key;

downloading to said remote unit said encrypted data encryption key together with a designator value for identifying the address of said second key encryption key at said remote unit;

decrypting said encrypted data encryption key at said remote unit to reproduce said data encryption key at said remote unit;

whereby there is enabled subsequent transmission of data between said master unit and said remote unit, using said data encryption key to encrypt and decrypt said data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for the encryption, transmission, and subsequent decryption of digital keying data. The method utilizes the Data Encryption Standard and is implemented by means of a pair of apparatus, each of which is selectable to operate as either a master unit or remote unit. Each unit contains a set of key encryption keys which are indexed by a common indexing system. The master unit operates upon command from the remote unit to generate a data encryption key and encrypt the data encryption key using a preselected key encryption key. The encrypted data encryption key and an index designator are then downloaded to the remote unit, where the data encryption key is decrypted for subsequent use in the encryption and transmission data. Downloading of the encrypted data encryption key enables frequent change of keys without requiring manual entry or storage of keys at the remote unit.

184 Citations

24 Claims

1. A cryptographic method for encrypting, transmitting and decrypting keying data between a master unit and at least one remote unit, comprising the steps of:
- storing in said master unit and in said remote unit a plurality of key encryption keys, said key encryption keys being addressed by means of a common addressing system in each unit;
  
  generating a first storage address effective to identify a master key encryption key from said plurality of key encryption keys;
  
  indexing said first storage address by a first predetermined amount to define a second storage address effective to identify a first key encryption key from said plurality of key encryption keys;
  
  indexing said first storage address by a second predetermined amount to define a third storage address effective to identify a second key encryption key from said plurality of key encryption keys;
  
  generating a data encryption key in said master unit, using said first key encryption key;
  
  encrypting said data encryption key using said second key encryption key to produce an encrypted data encryption key;
  
  downloading to said remote unit said encrypted data encryption key together with a designator value for identifying the address of said second key encryption key at said remote unit;
  
  decrypting said encrypted data encryption key at said remote unit to reproduce said data encryption key at said remote unit;
  
  whereby there is enabled subsequent transmission of data between said master unit and said remote unit, using said data encryption key to encrypt and decrypt said data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method defined in claim 1 wherein all encryption and decryption is performed using a DES mode of encryption and decryption.
  - 3. The method of claim 1 wherein said data encryption key is generated in said master unit by a first method when said data encryption key is the first data encryption key to be generated following actuation of the master unit, and wherein said data encryption key is generated by a second method when said data encryption key is being generated subsequent to previous actuation of the unit and generation of a first data encryption key.
  - 4. The method of claim 3 wherein said first method comprises the steps of:
    - generating an initialization vector;
      
      combining said initialization vector with an arbitrary binary word by a logical EXCLUSIVE OR operation; and
      
      encrypting the combination of said initialization vector and said arbitrary word to produce said data encryption key.
  - 5. The method of claim 4 wherein said initialization vector is generated by DES encryption of a first arbitrary binary word read from a circular counter which is actuated whenever said master unit is powered.
  - 6. The method of claim 5 wherein said first arbitrary binary word is encrypted using said master key encryption key.
  - 7. The method of claim 6 wherein said data encryption key is generated by encrypting the EXCLUSIVE OR combination of said initialization vector and a second arbitrary binary word read from said circular counter.
  - 8. The method of claim 7 wherein encrypting said EXCLUSIVE OR combination of said initialization vector and said second arbitrary binary word includes the steps of:
    - indexing said first storage address by a third predetermined amount to define a fourth storage address effective to identify a third key encryption key;
      
      encrypting said combination by two successive DES encryptions using said third and said second key encryption keys.
  - 9. The method of claim 3 wherein said second method comprises the steps of:
    - generating an initialization vector;
      
      combining said initialization vector with an arbitrary binary word by a logical EXCLUSIVE OR operation; and
      
      encrypting the combination of said initialization vector of said arbitrary word to produce said data encryption key.
  - 10. The method of claim 9 wherein said initialization vector is generated by encrypting a binary word derived from previously encrypted data.
  - 11. The method of claim 10 wherein said initialization vector is generated by encryption using said master key encryption key.
  - 12. The method of claim 11 wherein said arbitrary binary word is derived by stringing together a plurality of previously generated encrypted data words and encrypting said plurality of encrypted data words.
  - 13. The method of claim 12 wherein said plurality of encrypted data words are encrypted using a key encryption key stored at a location which is indexed in a predetermined manner to said master key encryption key address.
  - 14. The method of claim 13 wherein said arbitrary binary word and said initialization vector are logically combined by said EXCLUSIVE OR operation and wherein encrypting the combination of said arbitrary binary word and said initialization vector includes the steps of:
    - indexing said first storage address by a third predetermined amount of define a fourth storage address effective to identify a third key encryption key;
      
      encrypting said combination by two successive DES encryptions using said third and said second key encryption keys.
  - 15. The method of claim 1 wherein said data encryption key is generated in said master unit by a first method when said data encryption key is the first data encryption key to be generated following actuation of said master unit, and wherein said data encryption key is generated by a second method when said data encryption key is being generated subsequent to previous actuation of said master unit and generation of a data encryption key;
    - said first method comprising the steps of;
      
      (a) generating an initialization vector;
      
      (b) combining said initialization vector with an arbitrary binary word by a logical EXCLUSIVE OR operation; and
      
      (c) encrypting the combination of said initialization vector and said arbitrary word to produce a data encryption key;
      
      and wherein said second method comprises the steps of;
      
      (d) generating an initialization vector;
      
      (e) combining said initialization vector with an arbitrary binary word by a logical EXCLUSIVE OR operation; and
      
      (f) encrypting the combination of said initialization vector and said arbitrary word to produce a data encryption key.
  - 16. The method of claim 15 wherein the generation of said initialization vector in step (a) is conducted by DES encryption of a first arbitrary binary word read from a circular counter which is actuated each time said master unit is powered.
  - 17. The method of claim 16 wherein said first arbitrary binary word is encrypted using said master key encryption key.
  - 18. The method of claim 17 wherein said data encryption key is generated by encrypting the EXCLUSIVE OR combination of said initialization vector and a second arbitrary binary word read from said circular counter.
  - 19. The method of claim 18 wherein encrypting said EXCLUSIVE OR combination of said initialization vector and said second arbitrary binary word includes the steps of:
    - indexing said first storage address by a third predetermined amount to define a fourth storage address effective to identify a third key encryption key;
      
      encrypting said combination by two successive DES encryptions using said third and said second key encryption keys.
  - 20. The method of claim 19 wherein said initialization vector is generated in step (d) by encrypting a binary word derived from previously encrypted data.
  - 21. The method of claim 20 wherein said initialization vector generated in step (d) is generated by encryption using said master key encryption key.
  - 22. The method of claim 21 wherein said arbitrary binary word in step (e) is derived by stringing together a plurality of previously generated encrypted data words and encrypting said plurality of encrypted data words.
  - 23. The method of claim 22 wherein said plurality of encrypted data words are encrypted using a key encryption key stored at a location which is indexed in a predetermined manner to said master key encryption key address.
  - 24. The method of claim 23 wherein said arbitrary binary word of step (e) and said initialization vector of step (d) are logically combined by said EXCLUSIVE OR operation, and wherein encrypting the combination of said arbitrary binary word and said initialization vector includes the steps of:
    - indexing said first storage address by a third predetermined amount to define a fourth storage address effective to indentify a third key encryption key;
      
      encrypting said combination by two successive DES encryptions using said third and said second key encryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United States Of America As Represented By The Department Of Energy
Original Assignee
United States Department of Energy (Government of the United States of America)
Inventors
Springer, Edward A., Mniszewski, Susan M., Brenner, David P.
Primary Examiner(s)
Cangialosi, Salvatore
Assistant Examiner(s)
Lewis, Aaron J.

Application Number

US06/730,529
Time in Patent Office

1,044 Days
Field of Search

178/22.07, 178/22.08, 178/22.09, 178/22.16, 380/24, 380/21, 380/23, 380/25, 380/28, 380/43, 380/44, 380/48
US Class Current

380/284
CPC Class Codes

H04L 9/0625   with splitting of the data ...

H04L 9/0822   using key encryption key

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Method for encryption and transmission of digital keying data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

184 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method for encryption and transmission of digital keying data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

184 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links