Algorithm independent cryptographic key management apparatus
First Claim
1. A secure communications apparatus, comprising:
- signaling means for communicating with another communication apparatus;
means for generating a first random number;
memory means for at least temporarily storing data including said first random number;
first ciphering means coupled to said signaling means and said random number generating means, said first ciphering means for encrypting said first random number to provide an encrypted first random number for transmission to said another communication apparatus, and for decrypting an encrypted second random number received from said another communication apparatus to recover a second random number;
means for combining coupled to said memory means and first ciphering means, said combining means for combining said first and second random numbers to provide a third random number;
second ciphering means coupled to said signaling means and said combining means, said second ciphering means for encrypting or decrypting messages using said third random number as a traffic key, said messages for transmission to or reception from said another communication apparatus by said signaling means; and
means for automatically determining a data rate for communicating with another communications apparatus in response to messages exchanged between said secure communications apparatus and said another communications apparatus.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering devices utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitter for transmitting encrypted data, and a receiver for receiving encrypted data are coupled to the plurality of ciphering devices. The controller automatically determines which of the ciphering devices to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security. Additionally, the steps of trading a still further message for providing data to form traffic keys to initialize key generators, interchanging an additional message for synchronizing and verifying synchronization of secure communications between secure communications terminals, and initiating secure communication are used.
99 Citations
18 Claims
-
1. A secure communications apparatus, comprising:
-
signaling means for communicating with another communication apparatus; means for generating a first random number; memory means for at least temporarily storing data including said first random number; first ciphering means coupled to said signaling means and said random number generating means, said first ciphering means for encrypting said first random number to provide an encrypted first random number for transmission to said another communication apparatus, and for decrypting an encrypted second random number received from said another communication apparatus to recover a second random number; means for combining coupled to said memory means and first ciphering means, said combining means for combining said first and second random numbers to provide a third random number; second ciphering means coupled to said signaling means and said combining means, said second ciphering means for encrypting or decrypting messages using said third random number as a traffic key, said messages for transmission to or reception from said another communication apparatus by said signaling means; and means for automatically determining a data rate for communicating with another communications apparatus in response to messages exchanged between said secure communications apparatus and said another communications apparatus. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for secure communications, comprising:
-
a plurality of different data ciphering means for encrypting input data to be transmitted and for decrypting received data to provide decrypted output data, some of said plurality of different data ciphering means requiring traffic keys of different lengths; transceiver means coupled to said plurality of different data ciphering means, said transceiver means for exchanging encrypted data with another secure communication apparatus; control means coupled to said transceiver means and said plurality of different data ciphering means, said control means for selecting a first of said plurality of different data ciphering means according to a predetermined preference hierarchy, said first of said plurality of different data ciphering means for encrypting and decrypting messages exchanged with said another secure communication apparatus, said control means creating a traffic key by combining data contained in said exchanged messages and selecting a second of said plurality of different data ciphering means for using said traffic key to exchange encrypted data with said another secure communication apparatus. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A secure communications apparatus for communicating with other secure communication apparatus, said secure communications apparatus comprising:
-
means for providing different encryption modes and communication modes; means for sending a first capabilities message to and receiving a second capabilities message from said other secure communication apparatus, said first and said second capabilities messages having predetermined data fields identifying said different encryption modes and communication modes resident in said secure communication apparatus and in said other secure communication apparatus, said means for sending a first capabilities message and receiving a second capabilities message coupled to said means for providing different encryption modes and communication modes; and means for comparing said first and said second capabilities messages to identify and select compatible encryption modes and compatible communication modes according to a stored preference protocol, said comparing means coupled to said means for sending a first capabilities message and receiving a second capabilities message. - View Dependent Claims (15, 16, 17)
-
-
18. An apparatus for establishing a secure communications link using any of several ciphering algorithms including in combination:
-
a plurality of means for ciphering utilizing different ciphering algorithms; means for transmitting encrypted data, said transmitting means coupled to said plurality of ciphering means; means for receiving encrypted data, said receiving means coupled to said plurality of ciphering means; and control means coupled to said plurality of ciphering means, said transmitting means and said receiving means, said control means for; (i) automatically determining a data rate for communicating with another communications apparatus in response to unencrypted messages exchanged between said apparatus and said another communications apparatus; and (ii) automatically determining which of said plurality of ciphering means to employ for any given secure communication.
-
Specification