Secure messaging systems

US 4,888,800 A
Filed: 03/01/1988
Issued: 12/19/1989
Est. Priority Date: 03/03/1987
Status: Expired due to Term

First Claim

Patent Images

1. A secure messaging system comprising:

at least three terminals;

a key distribution center;

communication means for carrying messages amongst the terminals and between the terminals and the center; and

means for providing a key means, a key transport key, and a plurality of data transport keys,the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals,each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communication system wherein encrypted messages are passed between selected pairs of user terminals in a secure messaging system. A link is first established between the two terminals of the pair, one terminal sending a request to a key distribution center (KDC), which then provides encrypting keys to both terminals so they can communicate with each other. (Messages involving the KDC are themselves protected by encryption). The keys sent out by the KDC are key transporting keys, which are used by the terminals solely to transport data transporting keys between each other. The data transporting keys are used to transport (encrypt) the actual messages, and for security are changed after a usage count is reached; a fresh data transporting key is then generated and transferred under the key transporting key. This minimizes the load on the KDC. A hierarchy or key transporting keys can be used. The KDC (but not the user terminals) maintains a log to enable recover after a system failure. A journey key can be generated to allow a user temporary access to a link from a third terminal.

199 Citations

10 Claims

1. A secure messaging system comprising:
- at least three terminals;
  
  a key distribution center;
  
  communication means for carrying messages amongst the terminals and between the terminals and the center; and
  
  means for providing a key means, a key transport key, and a plurality of data transport keys,the center being responsive to a message requesting a communication link between first and second ones of the terminals to encrypt the key means according to the key transport key and to send the encrypted key means to both terminals,each terminal being operative to decrypt the key means, to encrypt an associated one of the data transport keys according to the key means, to send the encrypted data transport key to the other terminal, to encrypt data according to the data transport keys, and to exchange the encrypted data with the other terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A messaging system according to claim 1 wherein the key means comprises two keys, one for use in encrypting a data transport key to be sent from the first terminal to the second and the other for use in encrypting a data transport key to be sent from the second terminal to the first.
  - 3. A messaging system according to claim 1 wherein the means for providing data transport keys is included within the terminals whereby each terminal can generate data transport keys and wherein the data transport key associated with a terminal is generated in that terminal.
  - 4. A messaging system according to claim 3 wherein a terminal comprises:
    - means for measuring the usage of its associated data transport key;
      
      means for changing the key when it has been used a predetermined amount in communication with another terminal; and
      
      means for causing the changed key to be sent to the other terminal.
  - 5. A messaging system according to claim 1 wherein a key transporting key comprises a heirarchy of keys, a key higher in the heirarchy being used for encrypting a key lower in the heirarchy.
  - 6. A messaging system according to claim 5 wherein a terminal comprises:
    - means for measuring the usage of each key transporting key less than the highest in the heirarchy;
      
      means for changing such key when it has been used a predetermined amount in communication with another terminal; and
      
      means for encrypting the changed key according to the next highest in the heirarchy; and
      
      means for causing the changed key to be sent to the other terminal.
  - 7. A messaging system according to claim 1 and further comprising:
    - link termination means in a terminal responsive to a request to terminate a communication link between that terminal and a second terminal to delete from the first terminal any keys associated with the link and to send a termination message;
      
      means in the key distribution center for logging the termination message; and
      
      means for deleting from the second terminal any keys associated with the link.
  - 8. A messaging system according to claim 7 wherein the means for deleting the keys from the second terminal comprises means in the key distribution center for sending a message to the second terminal instructing that the keys be deleted.
  - 9. A messaging system according to claim 1 and further comprising:
    - means in the key distribution center responsive to a request to forward messages from a first terminal to a second terminal to provide a journey key and to send the key to both terminals;
      
      means in the first terminal for storing the journey key and any received messages; and
      
      means in the second terminal for storing the journey key,the first terminal being responsive to a message call from the second terminal to encrypt any stored messages according to the journey key and to send the encrypted messages to the second terminal.
  - 10. A messaging system according to claim 1 and further comprising:
    - means for keeping a log of any messages received and sent by the key distribution center;
      
      means for storing from time to time backup information indicative of the status of the center; and
      
      means, operative if there is a failure in the center, to restore the center according to the stored backup information and to cause the center to again generate and transmit any keys which were sent subsequent to the last storage of the backup information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Company (HP Inc.)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Proudler, Graeme J., Mitchell, Christopher J., Marshall, Alan D.
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US07/162,706
Time in Patent Office

658 Days
Field of Search

380/21, 380/25, 380/49
US Class Current

380/281
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

Secure messaging systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

199 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Secure messaging systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

199 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links