Cryptographic key management method and apparatus

US 5,375,169 A
Filed: 05/28/1993
Issued: 12/20/1994
Est. Priority Date: 05/28/1993
Status: Expired due to Term

First Claim

Patent Images

1. A secure cryptographic communication system comprising:

A) a communications channel;

B) encryption means coupled to the communications channel for converting a message to be transmitted to encrypted text and for transmitting the encrypted text on the communications channel; and

C) decryption means coupled to the communications channel for receiving the encrypted text on the communications channel and for converting the encrypted text received on the communications channel to plain text;

D) the encryption means comprising transmit key component generating means for generating a transmit key component and transmitting means for transmitting the transmit key component to the decryption means;

E) the decryption means comprising receive key component generating means for generating a receive key component and receiving means for receiving the transmit key component from the encryption means;

F) the decryption means further comprising transmit key component checking means for determining the validity and transmission accuracy of the transmit key component, transmitting means for transmitting the receive key component to the encryption means, and combining means for combining the transmit key component and the receive key component to form a complete key; and

G) the encryption means further comprising receive key component checking means for determining the validity and transmission accuracy of the receive key component, receiving means for receiving the receive key component from the decryption means, and combining means for combining the transmit key component and the receive key component to form a complete key;

H) the encryption means using the complete key to convert the message to be transmitted to encrypted text and the decryption means using the complete key to convert the encrypted text received on the communications channel to plain text.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations. The identical complete keys are then used to initiate the cryptographic engines at both locations for subsequent encryption and decryption of messages between the two locations.

185 Citations

15 Claims

1. A secure cryptographic communication system comprising:
- A) a communications channel;
  
  B) encryption means coupled to the communications channel for converting a message to be transmitted to encrypted text and for transmitting the encrypted text on the communications channel; and
  
  C) decryption means coupled to the communications channel for receiving the encrypted text on the communications channel and for converting the encrypted text received on the communications channel to plain text;
  
  D) the encryption means comprising transmit key component generating means for generating a transmit key component and transmitting means for transmitting the transmit key component to the decryption means;
  
  E) the decryption means comprising receive key component generating means for generating a receive key component and receiving means for receiving the transmit key component from the encryption means;
  
  F) the decryption means further comprising transmit key component checking means for determining the validity and transmission accuracy of the transmit key component, transmitting means for transmitting the receive key component to the encryption means, and combining means for combining the transmit key component and the receive key component to form a complete key; and
  
  G) the encryption means further comprising receive key component checking means for determining the validity and transmission accuracy of the receive key component, receiving means for receiving the receive key component from the decryption means, and combining means for combining the transmit key component and the receive key component to form a complete key;
  
  H) the encryption means using the complete key to convert the message to be transmitted to encrypted text and the decryption means using the complete key to convert the encrypted text received on the communications channel to plain text.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The secure cryptographic communication system of claim 1, wherein:
    - A) the encryption means further comprises first memory means for storing the transmit key component and receive key component, means for generating a first pseudorandom sequence of bits and for generating a first sequence of check bits based on the first pseudorandom sequence according to a first mathematical algorithm stored in the first memory means, the first pseudorandom sequence and the first sequence of check bits together forming the transmit key component;
      
      B) the decryption means further comprises second memory means for storing the transmit key component and receive key component, means for generating a second pseudorandom sequence of bits and for generating a second sequence of check bits based on the second pseudorandom sequence according to a second mathematical algorithm stored in the second memory means, the second pseudorandom sequence and the second sequence of check bits together forming the receive key component;
      
      C) the encryption means further comprises means for separating the receive key component into the second pseudorandom sequence and the second sequence of check bits, means for generating a first sequence of test bits based on the second pseudorandom sequence according to the second mathematical algorithm stored in the first memory means, means for comparing the first sequence of test bits with the second sequence of check bits, and means for inhibiting message communication between the encryption means and the decryption means if the first sequence of test bits and the second sequence of check bits are not identical; and
      
      D) the decryption means further comprises means for separating the transmit key component into the first pseudorandom sequence and the first sequence of check bits, means for generating a second sequence of test bits based on the first pseudorandom sequence according to the first mathematical algorithm stored in the second memory means, means for comparing the second sequence of test bits with the first sequence of check bits, and means for inhibiting message communication between the encryption means and the decryption means if the second sequence of test bits and the first sequence of check bits are not identical.
  - 3. The secure cryptographic communication system of claim 2, wherein the first mathematical algorithm and the second mathematical algorithm are cyclical redundancy codes.
  - 4. The secure cryptographic communication system of claim 1, wherein the encryption means is a first digital logic circuit and the decryption means is a second digital logic circuit.
  - 5. The secure cryptographic communication system of claim 4, wherein the first digital logic circuit is a first plurality of integrated circuit chips and the second digital logic circuit is a second plurality of integrated circuit chips.
  - 6. The secure cryptographic communication system of claim 4, wherein the first digital logic circuit and the second digital logic circuit are a plurality of integrated circuit chips.
  - 7. The secure cryptographic communication system of claim 4, wherein the first digital logic circuit is a first single integrated circuit chip and the second digital logic circuit is a second single integrated circuit chip.
  - 8. The secure cryptographic communication system of claim 4, wherein the first digital logic circuit and the second digital logic circuit are a single integrated circuit chip.
  - 9. The secure cryptographic communication system of claim 1, wherein the message is a signal selected from the group of signals consisting of digital voice signals, digital data signals, and digitized analog signals.

10. A method for establishing secure cryptographic communications comprising the following steps:
- A) generating a transmit key component at a first location;
  
  B) transmitting the transmit key component to a second location;
  
  C) receiving the transmit key component at the second location;
  
  D) checking the transmit key component for validity and errors at the second location;
  
  E) generating a receive key component at the second location;
  
  F) transmitting the receive key component to the first location;
  
  G) receiving the receive key component at the first location;
  
  H) checking the receive key component for validity and errors at the first location;
  
  I) inhibiting message communication between the first location and the second location if the transmit key component is invalid or contains errors;
  
  J) inhibiting message communication between the first location and the second location if the receive key component is invalid or contains errors; and
  
  K) enabling message communication between the first location and the second location if the transmit key component is valid and contains no errors and if the receive key component is valid and contains no errors.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method for establishing secure cryptographic communications according to claim 10, further comprising the following steps if the transmit key component is valid and contains no errors and if the receive key component is valid and contains no errors:
    - A) forming a complete key at the first location by combining the transmit key component with the receive key component at the first location;
      
      B) forming a complete key at the second location by combining the transmit key component with the receive key component at the second location;
      
      C) forming an encrypted message by encrypting a plain text message with the complete key at the first location;
      
      D) transmitting the encrypted message to the second location;
      
      E) receiving the encrypted message at the second location; and
      
      F) retrieving the plain text message by decrypting the encrypted message with the complete key at the second location.
  - 12. The method for establishing secure cryptographic communications according to claim 10, wherein the step of generating a transmit key component at a first location comprises the steps of:
    - A) generating a first pseudorandom sequence of bits at a first location;
      
      B) generating a first sequence of check bits based on the first pseudorandom sequence of bits according to a first mathematical algorithm; and
      
      C) appending the first sequence of check bits to the first pseudorandom sequence of bits.
  - 13. The method for establishing secure cryptographic communications according to claim 10, wherein the step of generating a receive key component at a second location comprises the steps of:
    - A) generating a second pseudorandom sequence of bits at a second location;
      
      B) generating a second sequence of check bits based on the second pseudorandom sequence of bits according to a second mathematical algorithm; and
      
      C) appending the second sequence of check bits to the second pseudorandom sequence of bits.
  - 14. The method for establishing secure cryptographic communications according to claim 13, wherein the step of checking the transmit key component for validity and errors at the second location comprises the steps of:
    - A) separating the transmit key component into the first pseudorandom sequence and the first sequence of check bits at the second location;
      
      B) generating a first sequence of test bits at the second location based on the first pseudorandom sequence of bits according to the first mathematical algorithm;
      
      C) comparing the first sequence of test bits to the first sequence of check bits at the second location;
      
      D) determining that the transmit key component is valid and accurately transmitted if the first sequence of test bits matches the first sequence of check bits identically; and
      
      E) determining that the transmit key component is not valid and accurately transmitted if the sequence of test bits does not match the sequence of check bits identically.
  - 15. The method for establishing secure cryptographic communications according to claim 13, wherein the step of checking the receive key component for validity and errors at the first location comprises the steps of:
    - A) separating the receive key component into the second pseudorandom sequence and the second sequence of check bits at the first location;
      
      B) generating a second sequence of test bits at the first location based on the second pseudorandom sequence of bits according to the second mathematical algorithm;
      
      C) comparing the second sequence of test bits to the second sequence of check bits at the first location;
      
      D) determining that the receive key component is valid and accurately transmitted if the second sequence of test bits matches the second sequence of check bits identically; and
      
      E) determining that the receive key component is not valid and accurately transmitted if the second sequence of test bits does not match the second sequence of check bits identically.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
John J. Crowley
Original Assignee
TecSec, Incorporated
Inventors
Crowley, John J., Seheidt, Edward M.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/069,577
Time in Patent Office

571 Days
Field of Search

380/2, 380/4, 380/9, 380/21, 380/23-25, 380/43, 380/49, 380/30, 380/46, 380/28
US Class Current

713/171
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0877   using additional device, e....

Cryptographic key management method and apparatus

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

185 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic key management method and apparatus

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

185 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links