Hierarchical key management system

US 4,888,801 A
Filed: 05/02/1988
Issued: 12/19/1989
Est. Priority Date: 05/02/1988
Status: Expired due to Term

First Claim

Patent Images

1. A hierarchical key management system for enabling ones of a plurality of users to establish secure communications via a switching network, said hierarchical key management system comprising:

predefined user groups of said users;

each of said users prior to communication with one another having certification by a common authority said certification comprising the generation a a set asymmetric domain keys which are encrypted and modified to include the authorization predetermined time interval for which said certification is valid;

terminal means connected to said switching network, said terminal means for establishing secure communications through said switching network;

groups of terminal means, each group corresponding to said group of users, a first terminal means establishing communications with a second terminal means via said switching network; and

said first and second terminal means directly establishing secure communications via said switching network, without subsequent connection to said common authority.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hierarchical key management system includes a number of secure terminals. These terminals provide secure access to a corresponding number of users. A user inserts a security activation device or key into the secure terminal to access a secure connection through the established communication network. A group of secure wireline terminals is connected to a key certification authority. There may be several groups of key certification authorities and corresponding secure terminal users. At the highest level, a key certification center authorizes secure communications by the key certification authorities. In turn, the key certification authorities authorize secure communications between the users. As a result, if one level of key management is compromised, other levels and users are not affected.

Citations

24 Claims

1. A hierarchical key management system for enabling ones of a plurality of users to establish secure communications via a switching network, said hierarchical key management system comprising:
- predefined user groups of said users;
  
  each of said users prior to communication with one another having certification by a common authority said certification comprising the generation a a set asymmetric domain keys which are encrypted and modified to include the authorization predetermined time interval for which said certification is valid;
  
  terminal means connected to said switching network, said terminal means for establishing secure communications through said switching network;
  
  groups of terminal means, each group corresponding to said group of users, a first terminal means establishing communications with a second terminal means via said switching network; and
  
  said first and second terminal means directly establishing secure communications via said switching network, without subsequent connection to said common authority.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13)
- - 2. A hierarchical key management system as claimed in claim 1, said common authority including:
    - a plurality of key certification authority means for certifying said users of a user group, each of said key certification authority means corresponding to a user group and to a terminal means group, each key certification authority means certifying its corresponding users for use of said terminal means for direct secure communications with other users of said user group, each of said plurality of key certification authority means being connected to said terminal means of said corresponding group; and
      
      key certification center means connected to each of said plurality of key certification authority means, said certification center means for granting certification authority to each of said key certification authority means for authorizing direct secure communications between terminal means of different groups.
  - 3. A hierarchical key management system as claimed in claim 1, wherein there is further included security activation device means corresponding to an individual user and being connectable to said terminal means, said security activation device means operating to store authentication, encryption and decryption information for transmission to said terminal means.
  - 4. A hierarchical key management system as claimed in claim 3, said security activation device means further connected to said terminal means to enable said terminal means to program said security activation device means with certification information.
  - 5. A hierarchical key management system as claimed in claim 1, said security activation device means being further connected to said terminal means to permit said terminal means to repetitively reprogram said security activation device means with regenerated communication information.
  - 6. A hierarchical key management system as claimed in claim 2, wherein said users of a user group are directly connected to said key certification center means for the condition of the user group'"'"'s key certification authority means being out of service.
  - 7. A hierarchical key management system as claimed in claim 2, said terminal means including modem means for establishing said connections between said corresponding key certification authority means and said other users.
  - 8. A hierarchical key management system as claimed in claim 7, said key certification authority means including:
    - modem means connected to said key certification center means and to said users of said corresponding user group, said modem means providing high speed communication from said key certification authority means to said key certification center means and to said users of said corresponding user group; and
      
      computer means connected to said users of said user group via said modem means for certifying each of said users of said user group for secure communications.
  - 9. A hierarchical key management system as claimed in claim 8, said computer means including:
    - CPU means;
      
      display means for providing visual display of information and said display means being connected to said CPU means;
      
      keyboard means for entering information into said CPU and said keyboard means being connected to said CPU means; and
      
      printer means connected to said CPU means and said printer means providing a hard copy of information.
  - 10. A hierarchical key management system as claimed in claim 9, said key certification center means including:
    - modem means connected to each of said key certification authority means, said modem means providing high speed communication between said key certification authority means and said key certification center means; and
      
      computer means connected to said key certification authority means via said modem means for certifying each of said key certification authority means for secure communications.
  - 11. A hierarchical key management system as claimed in claim 10, said computer means including:
    - CPU means;
      
      display means for providing visual display of information and said display means being connected to said CPU means;
      
      keyboard means for entering information into said CPU and said keyboard means being connected to said CPU means; and
      
      printer means connected to said CPU means, said printer means providing a hard copy of information.
  - 13. A method for secure communications as claimed in claim 11, wherein there is further included the step of inserting a security activation device into said terminals for insuring that each user of the corresponding terminal is certified for secure communications.

12. A method for secure communications via a switching network between at least two terminals of a plurality of terminals, each of said terminal receiving prior to communication with one another having certification said certification comprising generating a a set of asymmetric domain keys which are encrypted and modified to include the authorization predetermined time interval for which said certification is valid from a common authority, said method comprising the steps of:
- completing a connection directly between said two terminals via said switching network for the transmission of information;
  
  exchanging keying information between said two terminals under said previous certification of said common authority;
  
  establishing without subsequent connection to said common authority a session key directly between said two terminals; and
  
  determining crypto synchronization information for each terminal, to allow secure communications directly between said two connected terminals.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 22, 23, 24)
- - 14. A method for secure communications as claimed in claim 12, wherein there is further included the step of verifying information contained on said security activation device by said terminal to insure that said user is presently certified.
  - 15. A method for secure communications as claimed in claim 14, said step of exchanging including the steps of:
    - first transmitting an access/domain message from one terminal to another terminal;
      
      first receiving an access/domain message from said other terminal; and
      
      first comparing said transmitted access/domain message with said received access/domain message to determine whether said messages have a common key certification center or key certification authority.
  - 16. A method for secure communications as claimed in claim 15, said step of exchanging further including the steps of:
    - second transmitting a registration message from said one terminal to said other terminal;
      
      second receiving said registration message from said other terminal; and
      
      first extracting an asymmetric domain key of said other terminal.
  - 17. A method for secure communications as claimed in claim 16, wherein said step of exchanging further includes the steps of:
    - third transmitting an authentication message from said one terminal to said other terminal;
      
      third receiving said authentication message of said other terminal; and
      
      second extracting an asymmetric encrypt key from said received authentication packet.
  - 18. A method for secure communications as claimed in claim 17, said step of exchanging further including the step of generating a random component for encrypting transmit and receive keys.
  - 19. A method for secure communications as claimed in claim 18, said step of exchanging further including the steps of:
    - fourth transmitting a random component message from said one terminal to said other terminal;
      
      fourth receiving said random component message of said other terminal; and
      
      third extracting said receive key from said random component message.
  - 20. A method for secure communications as claimed in claim 19, wherein said step of exchanging further includes the steps of:
    - fifth transmitting a crypto synchronization message from said one terminal to said other terminal; and
      
      fifth receiving said crypto synchronization message from said other terminal.
  - 22. A hierarchical key management system as claimed in claim 12, said terminal means including means for communication between said key certification authority means and said users.
  - 23. A hierarchical key management system as claimed in claim 12, said key certification authority means including means for communication between said key certification center means and said terminal means.
  - 24. A hierarchical key management system as claimed in claim 12, said key certification center means including means for communication between said key certification center means and said terminal means.

21. A hierarchical key management system for establishing secure communications between at least two users of a plurality of users via a switching network, said hierarchical key management system comprising:
- key certification means said key certification means comprising means for the generation a a set of asymmetric domain keys which are encrypted and modified to include the authorization predetermined time interval for which said certification is valid;
  
  predefined user groups of said users;
  
  terminal means connected to said key certification mans for certifying said users of prior to communication with one another;
  
  groups of terminal means, each group corresponding to said groups of users, each said terminal means permitting direct secure communications between users of said plurality through said switching network; and
  
  key certification means for off-line certification of said users for user of said terminal means for on-line secure communications between said at least two users without subsequent connection to said key certification authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Pfeifer, Robert F., Mihm, Thomas J. Jr., Foster, Robert I.
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US07/188,868
Time in Patent Office

596 Days
Field of Search

380/21, 380/25, 380/49
US Class Current

380/277
CPC Class Codes

H04L 9/0836 using tree structure or hie...

H04L 9/3263 involving certificates, e.g...

Hierarchical key management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical key management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links