Cryptographic key management apparatus and method
First Claim
1. A method for establishing a communications link between first and second terminals for exchanging encrypted information, wherein the first and second terminals follow a procedure including steps of:
- (a) exchanging a first message containing plaintext information identifying encryption devices and communication modes available within the first and second terminals and containing public key encrypted information describing user authentication information;
(b) selecting in at least one of the first and second terminals a common key generation and encryption and decryption methods;
(c) exchanging a second message containing public-key encrypted data for forming traffic keys;
(d) exchanging a third message for synchronizing encrypted communications; and
(e) initiating encrypted conununication.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for establishing a secure communications link between first and second terminals includes a step of exchanging a first message. The first message contains information describing encryption devices and communications modes available within the terminals and user authentication information. The method also includes a step of selecting, in at least one terminal, a common key generation and ciphering algorithm. The method further includes steps of exchanging a second message for providing data to form traffic keys, exchanging a third message for synchronizing secure communications and initiating secure communication.
228 Citations
20 Claims
-
1. A method for establishing a communications link between first and second terminals for exchanging encrypted information, wherein the first and second terminals follow a procedure including steps of:
-
(a) exchanging a first message containing plaintext information identifying encryption devices and communication modes available within the first and second terminals and containing public key encrypted information describing user authentication information; (b) selecting in at least one of the first and second terminals a common key generation and encryption and decryption methods; (c) exchanging a second message containing public-key encrypted data for forming traffic keys; (d) exchanging a third message for synchronizing encrypted communications; and (e) initiating encrypted conununication. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for establishing a communication link between at least a first and a second terminal, wherein each of the first and second terminals follows a procedure comprising steps of:
-
(a) transmitting a first message comprising an Authentication Package for Data, the Authentication Package for Data identifying encryption and decryption capabilities, certified user authentication data and a first public encryption key; (b) receiving a second message comprising an Authentication Package for Data, the Authentication Package for Data identifying encryption and decryption capabilities, certified user authentication data and a second public encryption key; (c) transmitting a first Random Component Message including a first pseudorandom number; (d) receiving a second Random Component Message including a second pseudorandom number; (e) forming a traffic key from the first and second pseudorandom numbers; (f) interchanging Cryptographic Synchronization messages; and (g) initiating interchange of encrypted information. - View Dependent Claims (8, 9, 10, 11)
-
-
12. An apparatus for providing encrypted communication between first and second terminals, said apparatus comprising:
-
means for encrypting and decrypting using a plurality of different encryption and decryption algorithms; means for transmitting messages, said transmitting means coupled to said encrypting and decrypting means; means for receiving messages, said receiving means coupled to said encrypting and decrypting means; and controller means coupled to said encrypting and decrypting, transmitting and receiving means, said controller means, transmitting means and receiving means for; (i) sending a first message to said second terminal, the first message comprising a first plaintext portion providing information identifying encryption and decryption algorithms and communication modes available within said first terminal and comprising a second encrypted portion identifying terminal authentication information; (ii) sending a second message to said second terminal for providing pseudorandom data; and (iii) initiating encrypted communication with said second terminal using a traffic key formed from said pseudoramdom data. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A communication apparatus comprising:
-
means for providing different encryption modes, decryption modes and conununication modes; means for sending messages including a first capabilities and authentication message to and receiving messages including a second capabilities and authentication message from another conununication apparatus, said first and said second capabilities and authentication messages having predetermined plaintext data fields identifying said different encryption modes, decryption modes and communication modes resident in said communication apparatus and in said another communication apparatus, having further predetermined plaintext data fields labelling current and previous public decryption keys and having predetermined encrypted data fields providing a user public key; and means for comparing said first and said second capabilities and authentication messages to identify and select compatible encryption modes, compatible decryption modes and compatible communication modes according to a stored preference protocol. - View Dependent Claims (19, 20)
-
Specification