Secure communication method and apparatus
First Claim
Patent Images
1. In an apparatus for communicating securely over an insecure communication channel of the type providing for a calling entity and a called entity, each having such apparatus, to establish a cryptovariable for encryption and decryption, the apparatus comprising means forretrieving or generating a first secret parameter in each apparatus;
- exchanging variables over said insecure channel including one-way transformations of said first secret parameters;
independently computing in each apparatus a cryptovariable from said exchanged variables and said first secret parameters;
transmitting from each apparatus over said insecure channel data encrypted according to said cryptovariable; and
decrypting in each apparatus data received over said insecure channel according to said cryptovariable,an improvement characterized bymeans for independently computing in each apparatus an antispoof variable from said exchanged variables and said first secret parameters; and
means in each apparatus for displaying said antispoof variables;
whereby a user associated with said calling entity and a user associated with said called entity may conversationally exchange said antispoof variables, may conclude that a third entity is interposed between said called and calling entities if said antispoof variables do not agree, and may terminate the communication thereupon.
5 Assignments
0 Petitions
Accused Products
Abstract
In communication devices for conducting secure communications over insecure channels, means for detecting active attacks on voice or video communication is provided. These means enhance security of exchange of certificates, netkeys, and the like for use in securing subsequent voice, video, data, or facsimile communications.
180 Citations
3 Claims
-
1. In an apparatus for communicating securely over an insecure communication channel of the type providing for a calling entity and a called entity, each having such apparatus, to establish a cryptovariable for encryption and decryption, the apparatus comprising means for
retrieving or generating a first secret parameter in each apparatus; -
exchanging variables over said insecure channel including one-way transformations of said first secret parameters; independently computing in each apparatus a cryptovariable from said exchanged variables and said first secret parameters; transmitting from each apparatus over said insecure channel data encrypted according to said cryptovariable; and decrypting in each apparatus data received over said insecure channel according to said cryptovariable, an improvement characterized by means for independently computing in each apparatus an antispoof variable from said exchanged variables and said first secret parameters; and means in each apparatus for displaying said antispoof variables; whereby a user associated with said calling entity and a user associated with said called entity may conversationally exchange said antispoof variables, may conclude that a third entity is interposed between said called and calling entities if said antispoof variables do not agree, and may terminate the communication thereupon.
-
-
2. In an apparatus for communicating securely over an insecure communication channel of the type having means for a calling entity and a called entity, each having such apparatus, to establish a cryptovariable fer encryption and decryption, the apparatus comprising means for
retrieving or generating a first secret parameter in each apparatus; -
exchanging variables over said insecure channel including one-way transformations of said first secret parameters; independently computing in each apparatus a cryptovariable from at least said exchanged variables and said first secret parameters; transmitting from each apparatus over said insecure channel data encrypted according to said cryptovariable; and decrypting in each apparatus data received over said insecure channel according to said cryptovariable, an improvement characterized by means in each apparatus for storing and retrieving second secret parameters and indices each uniquely associated with a particular one of said second secret parameters;
means for each entity to exchange with the other over said insecure channel lists of said indices;means in each apparatus for determining from the exchanged lists whether the called and calling entities have an index in common; said means in each apparatus for computing said cryptovariable computes said cryptovariable from said. exchanged variables, said first secret parameter, and said particular one of said second secret parameters associated with the index determined to be common to the called and calling entities.
-
-
3. A method for a calling entity and a called entity to communicate securely over an insecure communication channel wherein:
-
each entity retrieves or generates secret parameters; each entity computes a one-way transformation from cne or more of the secret parameters; the entities exhange variables including the one-way transformations; the entities independently compute, from their own secret parameters and from the variables exchanged from the other entity, a cryptovariable; the entities independently compute, from their own secret parameters and from the variables exchanged from the other entity, an antispoof variable; users associated with the entities verify that the antispoof variables agree; and the entities conduct transmission over the insecure channel of data encrypted according to the cryptovariable before transmission and decrypted according to the cryptovariable after reception if the antispoof variables agree;
orthe entities terminate the communication if the antispoof variables do not agree, whereby secure communication is not attempted if a third entity is interposed between the calling entity and the called entity.
-
Specification