Algorithm independent cryptographic key management apparatus

US 5,341,427 A
Filed: 04/23/1993
Issued: 08/23/1994
Est. Priority Date: 10/16/1991
Status: Expired due to Term

First Claim

Patent Images

1. A secure communications apparatus, comprising:

signaling means for communicating with another communication apparatus;

means for generating a first random number;

memory means for at least temporarily storing data including said first random number;

first ciphering means coupled to said signaling means and said random number generating means, said first ciphering means for encrypting said first random number to provide an encrypted first random number for transmission to said another communication apparatus, and for decrypting an encrypted second random number received from said another communication apparatus to recover a second random number;

means for combining coupled to said memory means and first ciphering means, said combining means for combining said first and second random numbers to provide a third random number;

second ciphering means coupled to said signaling means and said combining means, said second ciphering means for encrypting or decrypting messages using said third random number as a traffic key, said messages for transmission to or reception from said another communication apparatus by said signaling means; and

means for automatically determining a data rate for communicating with another communications apparatus in response to messages exchanged between said secure communications apparatus and said another communications apparatus.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering devices utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitter for transmitting encrypted data, and a receiver for receiving encrypted data are coupled to the plurality of ciphering devices. The controller automatically determines which of the ciphering devices to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security. Additionally, the steps of trading a still further message for providing data to form traffic keys to initialize key generators, interchanging an additional message for synchronizing and verifying synchronization of secure communications between secure communications terminals, and initiating secure communication are used.

99 Citations

View as Search Results

18 Claims

1. A secure communications apparatus, comprising:
- signaling means for communicating with another communication apparatus;
  
  means for generating a first random number;
  
  memory means for at least temporarily storing data including said first random number;
  
  first ciphering means coupled to said signaling means and said random number generating means, said first ciphering means for encrypting said first random number to provide an encrypted first random number for transmission to said another communication apparatus, and for decrypting an encrypted second random number received from said another communication apparatus to recover a second random number;
  
  means for combining coupled to said memory means and first ciphering means, said combining means for combining said first and second random numbers to provide a third random number;
  
  second ciphering means coupled to said signaling means and said combining means, said second ciphering means for encrypting or decrypting messages using said third random number as a traffic key, said messages for transmission to or reception from said another communication apparatus by said signaling means; and
  
  means for automatically determining a data rate for communicating with another communications apparatus in response to messages exchanged between said secure communications apparatus and said another communications apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. An apparatus as claimed in claim 1, wherein said first ciphering means is a public key ciphering means and said second ciphering means is a Data Encryption Standard (DES) ciphering means.
  - 3. An apparatus as claimed in claim 1, wherein said first and second ciphering means comprise a computational apparatus responsive to stored programs for executing at least first and said second ciphering algorithms corresponding to said first and second ciphering means.
  - 4. An apparatus as claimed in claim 3, wherein said first ciphering means uses a public key ciphering algorithm and said second means uses a non-public key ciphering algorithm.
  - 5. An apparatus as claimed in claim 4, further comprising means for exchanging authentication messages with said another communication apparatus, said authentication messages including a public key, wherein said computational apparatus uses said public key for encrypting said first random number to produce said encrypted first random number.
  - 6. An apparatus as claimed in claim 5, further comprising means for crypto synchronization for initiating exchange of encrypted messages with said another communication apparatus, including providing said encrypted messages using said third random number as a traffic key.
  - 7. An apparatus as claimed in claim 6, wherein said crypto synchronization means comprises:
    - means for encrypting and transmitting a predetermined data pattern, said predetermined data pattern known to said another communication apparatus; and
      
      means for decrypting and comparing a known data pattern received from said another communication terminal with another known data pattern stored in said memory means, wherein said another known data pattern is identical to said known data pattern.
  - 8. An apparatus as claimed in claim 1, further comprising:
    - a plurality of cryptographic means including said first and said second ciphering means, wherein said first ciphering means is a public key ciphering means; and
      
      means for determining in accordance with a preprogrammed hierarchy, which of said plurality of cryptographic means comprises said second ciphering means, said determining means operating in response to capabilities information describing said plurality of cryptographic means in said another communication apparatus, said capabilities information contained in capabilities messages exchanged between said secure communications apparatus and said another communication apparatus.

9. An apparatus for secure communications, comprising:
- a plurality of different data ciphering means for encrypting input data to be transmitted and for decrypting received data to provide decrypted output data, some of said plurality of different data ciphering means requiring traffic keys of different lengths;
  
  transceiver means coupled to said plurality of different data ciphering means, said transceiver means for exchanging encrypted data with another secure communication apparatus;
  
  control means coupled to said transceiver means and said plurality of different data ciphering means, said control means for selecting a first of said plurality of different data ciphering means according to a predetermined preference hierarchy, said first of said plurality of different data ciphering means for encrypting and decrypting messages exchanged with said another secure communication apparatus, said control means creating a traffic key by combining data contained in said exchanged messages and selecting a second of said plurality of different data ciphering means for using said traffic key to exchange encrypted data with said another secure communication apparatus.
- View Dependent Claims (10, 11, 12, 13)
- - 10. An apparatus as claimed in claim 9, wherein said first of said plurality of different data ciphering means is a public key encryption and decryption means whereby encrypted random numbers are exchanged with said another secure communication apparatus and wherein said exchanged encrypted random numbers are combined by said control means to form said traffic key.
  - 11. An apparatus as claimed in claim 10, wherein said traffic key created by said control means has a length equal to or greater than a longest key required by any of said plurality of different data ciphering means.
  - 12. An apparatus as claimed in claim 11, further comprising means for truncating said traffic key to match a key length required by said second of said plurality of different data ciphering means.
  - 13. An apparatus as claimed in claim 10, wherein said control means and said public key encryption and decryption means comprise microprocessor means.

14. A secure communications apparatus for communicating with other secure communication apparatus, said secure communications apparatus comprising:
- means for providing different encryption modes and communication modes;
  
  means for sending a first capabilities message to and receiving a second capabilities message from said other secure communication apparatus, said first and said second capabilities messages having predetermined data fields identifying said different encryption modes and communication modes resident in said secure communication apparatus and in said other secure communication apparatus, said means for sending a first capabilities message and receiving a second capabilities message coupled to said means for providing different encryption modes and communication modes; and
  
  means for comparing said first and said second capabilities messages to identify and select compatible encryption modes and compatible communication modes according to a stored preference protocol, said comparing means coupled to said means for sending a first capabilities message and receiving a second capabilities message.
- View Dependent Claims (15, 16, 17)
- - 15. An apparatus as claimed in claim 14, further including:
    - means for generating, encrypting and transmitting a first random number to said other secure communication apparatus, said means for generating, encrypting and transmitting coupled to said means for providing different encryption modes and communication modes;
      
      means for receiving and decrypting a second random number from said other secure communication apparatus; and
      
      means for combining said first and second random numbers to form a secure communication traffic key for use with said compatible encryption mode, said combining means coupled to said means for receiving and decrypting.
  - 16. An apparatus as claimed in claim 14, further including:
    - means for sending a first authentication message, said first authentication message including a first public key encryption key, said first authentication message sending means coupled to said means for providing different encryption modes and communication modes;
      
      means for receiving a second authentication message, said second authentication message including a second public key encryption key;
      
      means for generating a first random number coupled to said means for providing different encryption modes and communication modes, wherein said means for providing different encryption modes and communication modes encrypts said first random number using said second public key encryption key and provides an encrypted random number; and
      
      means for transmitting said encrypted random number, said transmitting means coupled to said means for providing different encryption modes and communication modes.
  - 17. An apparatus as claimed in claim 16, wherein said first authentication message further includes a first expiration date for said first public key, and wherein said second authentication message further includes a second expiration date for said second public key.

18. An apparatus for establishing a secure communications link using any of several ciphering algorithms including in combination:
- a plurality of means for ciphering utilizing different ciphering algorithms;
  
  means for transmitting encrypted data, said transmitting means coupled to said plurality of ciphering means;
  
  means for receiving encrypted data, said receiving means coupled to said plurality of ciphering means; and
  
  control means coupled to said plurality of ciphering means, said transmitting means and said receiving means, said control means for;
  
  (i) automatically determining a data rate for communicating with another communications apparatus in response to unencrypted messages exchanged between said apparatus and said another communications apparatus; and
  
  (ii) automatically determining which of said plurality of ciphering means to employ for any given secure communication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Hardy, Douglas A., Altschuler, Barry N., Lewis, Leslie K.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/052,438
Time in Patent Office

487 Days
Field of Search

380/21, 380/46, 380/49, 380/50
US Class Current

380/273
CPC Class Codes

H04L 2209/80 Wireless network architectu...

H04L 9/0844 with user authentication or...

Algorithm independent cryptographic key management apparatus

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Algorithm independent cryptographic key management apparatus

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others