×

Distributed information system having automatic invocation of key management negotiations protocol and method

  • US 5,010,572 A
  • Filed: 04/27/1990
  • Issued: 04/23/1991
  • Est. Priority Date: 04/27/1990
  • Status: Expired due to Fees
First Claim
Patent Images

1. In a distributed information system which includes a plurality of end-systems each of which includes data unit transmitting and receiving means having a security protocol and a corresponding security protocol key from one end-system to another end-system, the improvement comprising:

  • secure address storage means for storing a set of end-system addresses and corresponding end-system security protocol keys;

    protocol address storage means for storing a set of end-system addresses requiring security protocol data transfers;

    data unit receiver means for receiving a data unit and for generating a data unit transfer request signal which includes an end-system address and data unit security protocol;

    intermediate storage means for storing a received data unit in response of a data transfer request signal and outputting the stored data unit to the end-system transmitting and receiving means in response to a transfer enable signal;

    automatic key management processor means responsive to the data unit transfer request signal for comparing the received data unit security key and end-system address to the set of end system address and security protocol keys, and for generating the transfer enable signal in response to a match therebetween, and in the absence of a match therebetween, comparing the received data unit address to the end-system addresses from the protocol address storage means and generating a security key protocol request signal in response to a match therebetween, and for generating the transfer enable signal in response to the absence of a match between the data unit address and an address in the set of addresses stored in the protocol address storage means;

    security key negotiating means responsive to the security key protocol request signal for negotiating a security key with another end-system and for generating a security key negotiation confirm signal upon completion of a negotiation;

    means responsive to the security key negotiation confirm signal for storing the security key for the another end-system in the one system secure address store storage means;

    and wherein each end-system is responsive to the security key negotiation confirm signal and is adapted to generate the transfer enable signal, and wherein the end-system data unit transmitting and receiving means are responsive to the transfer enable signal and are adapted to transfer the data unit corresponding to the security protocol of the received data unit, and wherein the security key negotiation comprises a fully encrypted negotiation exchange.

View all claims
  • 18 Assignments
Timeline View
Assignment View
    ×
    ×