Method for ensuring secure communications
First Claim
1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of:
- (a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station;
(b) encrypting the first part encryption key at said one station;
(c) transmitting the encrypted first part encryption key to the other station;
(d) decrypting the first part encryption key at said other station;
(e) encrypting the second part encryption key at said other station;
(f) transmitting the encrypted second part encryption key to said one station;
(g) decrypting the second part encryption key at said one station; and
(h) combining the first part and the second part encryption keys at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for initiating secure communications between two stations. In this method, a first portion of a session data encryption key (DEK1) is randomly generated by an EDU in one of the stations. The DEK1 is then encrypted using a key exchange key (KEK) selected from a table as a function of a check value determined by applying the DEK1 to encrypt a predefined zero function. The encrypted DEK1 is transmitted to the other station, along with an encrypted EDU ID number for the station that generated the DEK1 and a cyclic redundancy check (CRC) value of the KEK table. The encrypted table entry value used to define the KEK is decrypted at the other station, and a check is made to determine if the KEK table CRC and the EDU ID are correct. If not, communication is terminated. Otherwise, the second portion of the data encryption key (DEK2) is generated by the station that received the first portion, and encrypted by it using a different KEK value selected from the table for transmission to the other station, along with the EDU ID of the station then transmitting. The encrypted DEK2 is decrypted at the other station and a check made of the EDU ID. Both stations logically XOR the values of DEK1 and DEK2 together to determine the session data encryption key (DEK), which is used to encrypt and decrypt all further transmissions between the two stations during the current session.
142 Citations
20 Claims
-
1. A method for defining an encryption key that is used to encrypt and decrypt transmissions between two stations, comprising the steps of:
-
(a) randomly selecting a first part encryption key at one of the stations and a second part encryption key at the other station; (b) encrypting the first part encryption key at said one station; (c) transmitting the encrypted first part encryption key to the other station; (d) decrypting the first part encryption key at said other station; (e) encrypting the second part encryption key at said other station; (f) transmitting the encrypted second part encryption key to said one station; (g) decrypting the second part encryption key at said one station; and (h) combining the first part and the second part encryption keys at each station to determine the encryption key, which is then used to encrypt and decrypt further communications between the two stations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for ensuring secure communications between a first cryptographic encoder/decoder device and a second cryptographic encoder/decoder device, comprising the steps of:
-
(a) at the first cryptographic encoder/decoder device; (i) randomly generating a first part session encryption key; (ii) determining a first check value as a function of the first part session encryption key; (iii) encrypting the first part session key using a first key exchange key selected as a function of the first part session key; (iv) transmitting the encrypted first part session key and the first check value to the second cryptographic encoder/decoder device; and (b) at the second cryptographic encoder/decoder device; (i) determining the first key exchange key at the second cryptographic encoder/decoder device as a function of the first check value; (ii) decrypting the first part session key with the first key exchange key; (iii) randomly generating a second part session key at the second cryptographic encoder/decoder device; (iv) encrypting the second part session key using a second key exchange key selected as a function of the second part session key; (v) transmitting the encrypted second part session key and the second check value to the first cryptographic encoder/decoder device; and (c) at the first cryptographic encoder/decoder device; (i) determining the second key exchange key as a function of the second check value; (ii) decrypting the second part session key with the second key exchange key; and (d) at both the first and the second cryptographic encoder/decoder devices, determining a session key for encrypting and decrypting transmissions during a current communication session by combining the first and the second part session keys. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for ensuring secure communications between a first cryptographic encoder/decoder device and a second cryptographic encoder/decoder device, comprising the steps of:
-
(a) at the first cryptographic encoder/decoder device; (i) randomly generating a first part session encryption key; (ii) selecting a first key exchange from a predefined table of encryption keys entered with at least one check character that is determined as a function of the first part session key and a predefined alphanumeric value, said predefined alphanumeric value and said predefined table of encryption keys being also available to the second cryptographic encoder/decoder device; (iii) encrypting the first part session key with the first key exchange key to produce an encrypted first part session key; and (iv) transmitting the encrypted first part session key and the at least one first check character to the second cryptographic encoder/decoder device; (b) at the second cryptographic encoder/decoder device; (i) receiving the encrypted first part session key and the at least one first check character; (ii) entering the predefined table of encryption keys with the at least one first check character to determine the first key exchange key used by the first cryptographic encoder/decoder device to encrypt the first part session key; (iii) decrypting the first part session key with the first key exchange key determined from the table in step (b)(ii); (iv) randomly generating a second part session key; (v) logically combining the first part session key and the second part session key to determine a session key; (vi) selecting a second key exchange key from the predefined table of encryption keys entered with at least one second check character that is determined as a function of the second part session key and the predefined alphanumeric value; (vii) encrypting the second part session key with the second key exchange key to produce an encrypted second part session key; and (viii) transmitting the encrypted second part session key and the at least one second check character to the first cryptographic encoder/decoder device; (c) at the first cryptographic encoder/decoder device; (i) receiving the encrypted second part session key and the at least one second check character; (ii) entering the predefined table of encryption keys with the at least one second check character to determine the second key exchange key used by the second cryptographic encoder/decoder device to encrypt the second part session key; (iii) decrypting the second part session key with the second key exchange key determined from the table in step (c)(ii); and (iv) logically combining the first part session key and the second part session key to determine the session key;
whereby,(d) the first cryptographic encoder/decoder device uses the session key for encrypting messages transmitted to the second cryptographic encoder/decoder device, the second cryptographic encoder/decoder device uses the session key for decrypting those messages, and vice versa. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification