Means for identification and exchange of encryption keys
First Claim
1. A method of confirming the identity of and the exchange of encryption keys for a communication link between two communication apparatus each having a smart card reader for reading a first smart card at said first smart card reader and a second smart card at said second smart card reader wherein said first smart card reader is operatively coupled to a first communication apparatus and said second smart card reader is operatively coupled to said second communication apparatus comprising the steps of:
- performing a read of a secure secret key from a first of said cards;
generating from inside said first smart card an encryption key for said communication link in response to said secure secret key;
providing an authenticating key from a precomputed and prestored value, stored within said first smart card a validation key based upon a secured common authority data base which at one time was common to said first and second smart cards;
authenticating the identity of said first communication apparatus by said second reader by virtue of said authentication key without transmitting the secret key based upon a calculation of said authentication key and information in said second smart card as to a key from said common authority data base;
reversing said performing, generating, providing and authenticating steps to establish the identify and key of said second communication apparatus with said first apparatus;
transmitting the encryption keys after the authentiticy of said first communication apparatus has been established with said second communication apparatus and vice versa; and
establishing a public key/private key communication link based upon the exchanged keys.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention relates to a means for identification and exchange of encryption keys between communicating apparatuses for encrypted transmissions. The means comprises a card reader for smart cards connected to the communication apparatus which may be a telecommunication apparatus, e.g. of telephone or facsimile type. The reader can communicate with another reader at a called telecommunication apparatus. For identification and exchange of encryption keys the required calculations are performed by the reader or the smart card using data stored on the smart card in a protected field with limited access. The means enable intercommunication between products of different makes owing to a standard identification procedure and exchange of encryption keys.
91 Citations
7 Claims
-
1. A method of confirming the identity of and the exchange of encryption keys for a communication link between two communication apparatus each having a smart card reader for reading a first smart card at said first smart card reader and a second smart card at said second smart card reader wherein said first smart card reader is operatively coupled to a first communication apparatus and said second smart card reader is operatively coupled to said second communication apparatus comprising the steps of:
-
performing a read of a secure secret key from a first of said cards; generating from inside said first smart card an encryption key for said communication link in response to said secure secret key; providing an authenticating key from a precomputed and prestored value, stored within said first smart card a validation key based upon a secured common authority data base which at one time was common to said first and second smart cards; authenticating the identity of said first communication apparatus by said second reader by virtue of said authentication key without transmitting the secret key based upon a calculation of said authentication key and information in said second smart card as to a key from said common authority data base; reversing said performing, generating, providing and authenticating steps to establish the identify and key of said second communication apparatus with said first apparatus; transmitting the encryption keys after the authentiticy of said first communication apparatus has been established with said second communication apparatus and vice versa; and establishing a public key/private key communication link based upon the exchanged keys. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification