Key distribution in public communication networks taking account of security gradations
First Claim
1. An arrangement for key transmission in a public communication system having a plurality of subscriber stations, in which a key ia agreed to between transmitting station of the plurality of subscriber stations and a receiving station of the plurality of subscriber stations for encrypted transmission of messages, and in which a cryptographic device is provided in each of the transmitting station and the receiving station, to which device a station key is assigned, comprising:
- a) means for authentification of the subscriber stations for the key transmission,b) depending on at least one of a security level of the key transmission and an operating mode of the subscriber stations, the means for authentification has,c) on a first level, a means for monitoring a time frame of the key transmission and a means for indication of the agreed key in reduced form at a respective subscriber station of the plurality of subscriber stations,d) on a second level for automatic traffic handling, a key management station with integrated cryptographic device which, before key transmission, receives an identification message block encrypted with a first key from the transmitting station and forwards it encrypted with a second key to the receiving station, in which the identification message block has code words addressing the transmitting station and receiving station and authentification code words, derived from the agreed key of a checking sequence.
1 Assignment
0 Petitions
Accused Products
Abstract
A public communication system for a plurality of communication services (ISDN) has an arrangement for the authentification of the subscriber stations (TLN A, TLN B) for the key transmission. For a first security level this authentification arrangement has an arrangement for monitoring the time frame (24) of the key transmission and/or an arrangement (A) for the indication of the agreed key in reduced form at the subscriber end, and for a second security level a key management station (SMZ) for authenticated traffic handling
-
Citations
8 Claims
-
1. An arrangement for key transmission in a public communication system having a plurality of subscriber stations, in which a key ia agreed to between transmitting station of the plurality of subscriber stations and a receiving station of the plurality of subscriber stations for encrypted transmission of messages, and in which a cryptographic device is provided in each of the transmitting station and the receiving station, to which device a station key is assigned, comprising:
-
a) means for authentification of the subscriber stations for the key transmission, b) depending on at least one of a security level of the key transmission and an operating mode of the subscriber stations, the means for authentification has, c) on a first level, a means for monitoring a time frame of the key transmission and a means for indication of the agreed key in reduced form at a respective subscriber station of the plurality of subscriber stations, d) on a second level for automatic traffic handling, a key management station with integrated cryptographic device which, before key transmission, receives an identification message block encrypted with a first key from the transmitting station and forwards it encrypted with a second key to the receiving station, in which the identification message block has code words addressing the transmitting station and receiving station and authentification code words, derived from the agreed key of a checking sequence. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for key transmission in a public communication system having a plurality of subscriber stations in which a key is agreed between a transmitting station of the plurality of subscriber stations and a receiving station of the plurality of subscriber stations of encrypted transmission of messages, and in which a cryptographic device is provided in each of the transmitting stations and the receiving stations, and having a key management station, comprising the steps of:
-
a) in the transmitting station specifying a key to be agreed to, calculating an authentification code of the key and forming an identification message block with an identification code of the subscribers contained therein, b) encrypting the identification message block in the transmitting station with a first key and transmitting the identification message block to the key management station, c) in the key management station, decrypting the identification message block, checking the authenticity of eh transmitting station and transmitting the identification message block encrypted with a second key to the receiving station, and d) in the receiving station notifying the transmitting station, in which the key was specified, for the key transmission of the agreed key.
-
Specification