Management of cryptographic keys
First Claim
1. A method of encoding messages in a communication network in which a first set of nodes transmits and receives messages to and from a second set of nodes, each of the nodes in each set having an identification code unique, the method including the steps of:
- deriving a first common cryptographic key for said first set and a second common cryptographic key for said second set;
storing, at each node of the first set of nodes, said first key common to the first set of nodes and a first value derived from the encryption of said second key common to the second set of nodes with a node identification code;
storing, at each node of the second set of nodes, said second key common to the second set of nodes and a second value derived from the encryption of said first key common to the first set of nodes with a node identification code;
and whenever a sender node of said first set has a message to transmit to a destination node of said second set;
deriving a message encryption key from a combination of the destination node identification code encrypted by said first set common key and said first derived value;
transmitting to the destination node the sending node'"'"'s identification code and the message encrypted under the derived message encryption key;
and at the destination node;
deriving said message encryption key from a combination of the sending node'"'"'s identification code encrypted by said second set common key and said second derived value; and
decoding the message.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for simplifying key management in situations where unique cryptographic keying relationships are required end-to-end between pairs of parties and a symmetric encryption algorithm is to be used. It is useful in cases where the parties come from disjoint subsets of the total population of parties. The method provides some of the characteristics of a public key crypto system (PKS) utilizing the public identities of the parties as part of the key, but lacks the property of PKS which allows a party to independently generate a secret key which is known only to that party.
-
Citations
13 Claims
-
1. A method of encoding messages in a communication network in which a first set of nodes transmits and receives messages to and from a second set of nodes, each of the nodes in each set having an identification code unique, the method including the steps of:
-
deriving a first common cryptographic key for said first set and a second common cryptographic key for said second set; storing, at each node of the first set of nodes, said first key common to the first set of nodes and a first value derived from the encryption of said second key common to the second set of nodes with a node identification code; storing, at each node of the second set of nodes, said second key common to the second set of nodes and a second value derived from the encryption of said first key common to the first set of nodes with a node identification code; and whenever a sender node of said first set has a message to transmit to a destination node of said second set; deriving a message encryption key from a combination of the destination node identification code encrypted by said first set common key and said first derived value; transmitting to the destination node the sending node'"'"'s identification code and the message encrypted under the derived message encryption key; and at the destination node; deriving said message encryption key from a combination of the sending node'"'"'s identification code encrypted by said second set common key and said second derived value; and decoding the message. - View Dependent Claims (2, 3, 4)
-
-
5. A communication network in which a first set of nodes transmits and receives messages to and from a second set of nodes, each of the nodes in each set having an identification code;
-
each node of the first set of nodes including;
storage means which stores a first key common to the first set of nodes and a first value derived from the encryption of a second key common to the second set of nodes with a node identification code;data processing means operable, whenever the node is a sending node and has a message to transmit to a destination node of the second set, to derive a message encryption key from a combination of a destination node identification code encrypted by said first set common key and said first derived value; and means to transmit to the destination node of the second set the sending node'"'"'s identification code and the message encrypted under the derived message encryption key; and at each node of the second set of nodes; storage means which stores said second key common to the second set of nodes and a second value derived from the encryption of said first key common to the first set of nodes with a node identification code; data processing means operable, whenever the node is a destination node and receives a message from a sending node of the first set, to derive a message encryption key from a combination of said sending node identification code encrypted by said second set common key and said second derived value, and to use the derived key to decode the message. - View Dependent Claims (6, 7, 8)
-
-
9. A method for encoding messages in a communications network including a first node with a first ID and a second node with a second ID in a first set coupled over said network to a second set including a third node with a third ID and a fourth node with a fourth ID, comprising the steps of:
-
storing a first base key at said first and second nodes and storing a second base key at said third and fourth nodes; deriving a first value of said first ID enciphered under said second base key and storing it at said first node; deriving a second value of said second ID enciphered under said second base key and storing it at said second node; deriving a third value of said third ID enciphered under said first base key and storing it at said third node; deriving a fourth value of said fourth ID enciphered under said first base key and storing it at said fourth node; generating a communications key for transmission of messages from said first node to said third node by enciphering said third ID under said first base key and logically combining the result thereof with said first value; generating said communications key for receiving messages transmitted from said first node to said third node by enciphering said first ID under said second base key and logically combining the result thereof with said third value; enciphering a message under said communications key at said first node for transmission over said network to said third node and deciphering said message under said communications key at said third node. - View Dependent Claims (10, 11, 12, 13)
-
Specification