Method and apparatus for encrypted communication in data networks
First Claim
1. In a data communications network having a plurality of nodes interconnected for communicating messages through the network, the method of performing secure message communication, comprising the steps ofdetermining a route from an originating node to a destination node,selecting as a decrypting node any other node along the route with which the originating node shares an encryption key,encrypting a message intended for the destination node with the selected key and adding in clear form both the identities of the originating and decrypting nodes to the message,transmitting the message along the route,decrypting the message at the decrypting node in response to receipt of the message,if the decrypting node is not the destination node, repeating the selecting, encrypting and transmitting steps by the decrypting node with respect to any other node in the remaining route to the destination node with which the decrypting node shares an encryption key, andtransmitting the newly encrypted message along the remaining route.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure network data communication technique that allows the designation of selected network nodes to share encryption keys with other selected network nodes. A message originating node determines nodes along a message route with which it shares encryption keys. One of these keys is selected and a message is encrypted with the key. The identity of the originating node and the decrypting node that also knows the selected key is added to the encrypted message in clear form. The decrypting node receives the message, recognizes its identity in the message and decrypts the message using the key shared with the originating node. If it is also not the destination node, it repeats the process of selecting a new encrypting node with which it shares a key, re-encrypting and transmitting re-encrypted message toward the destination.
-
Citations
11 Claims
-
1. In a data communications network having a plurality of nodes interconnected for communicating messages through the network, the method of performing secure message communication, comprising the steps of
determining a route from an originating node to a destination node, selecting as a decrypting node any other node along the route with which the originating node shares an encryption key, encrypting a message intended for the destination node with the selected key and adding in clear form both the identities of the originating and decrypting nodes to the message, transmitting the message along the route, decrypting the message at the decrypting node in response to receipt of the message, if the decrypting node is not the destination node, repeating the selecting, encrypting and transmitting steps by the decrypting node with respect to any other node in the remaining route to the destination node with which the decrypting node shares an encryption key, and transmitting the newly encrypted message along the remaining route.
-
2. In a data communications network having a plurality of nodes interconnected for communicating messages through the network, the method of performing secure message communication, comprising the steps of
at a message originating node, determining the identity of a destination node to receive a message, selecting an encryption key from one or more alternative keys, said selected key being shared with another node along a route toward the destination node, encrypting the message with the selected key, forming a communication by, including with the encrypted message a clear identification of the originating node and an clear identification of the decrypting node with which the selected key is shared, and transmitting the communication toward the node with which the selected key is shared.
-
5. In a data communications network having a plurality of nodes interconnected in a selected manner for communicating messages through the network, the method of performing secure message communication, comprising the steps of
at a message originating node, determining the identity of a destination node to receive a message, determining if the originating node shares a first encryption key with the destination node, and, if so, encrypting the message with the first key, otherwise, selecting a second encryption key shared with any other node along the message route to the destination node and encrypting the message with the second key, forming a communication by including with the encrypted message a clear identification of the decrypting node with which the selected key is shared by the originating node and a clear identification of the originating node, transmitting the communication along a route which includes the node with which the selected key is shared.
-
7. A method for secure communication performed at a node of a communication network, comprising the steps of
generating an encrypted version of a message to be transmitted to a destination node by selecting an encryption key from one or more alternative keys, said selected key being shared with another node along a route toward the destination node, encrypting the message with the selected key, forming a communication by including with the encrypted message a clear identification of the encrypting node and an clear identification of the decrypting node with which the selected key is shared, and transmitting the communication toward the node with which the selected key is shared.
-
10. Apparatus in a data communications network having a plurality of nodes interconnected for communicating messages through the network, comprising
means for determining a route from an originating node to a destination node, means for encrypting a message intended for the destination node with one or more alternative keys known to other nodes in the route, means at each node in the route for determining if a received message is encrypted with a key known to the receiving node, means responsive to the last determining means for decrypting the message, means for re-encrypting the decrypted message with a different key shared with any other selected node in the remaining route, and means for transmitting the re-encrypted message on the remaining route.
-
11. Apparatus at each node of a data communications network having a plurality of nodes interconnected for communicating messages through the network, comprising
means for determining a route from an originating node to a destination node, means for selecting as a message decrypting node any other node along the route with which the originating node shares an encryption key, means for encrypting a message with the selected key, means for adding the identities of the originating and decrypting nodes in clear form to the encrypted message, means for transmitting the message along the route, means for decrypting a received message, means for determining if the node is not the destination node for the received message, and means responsive to the last determining means for re-encrypting the decrypted received message with a key shared with any other selected node in the remaining route, and means for transmitting the re-encrypted message on the remaining route.
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsKlonowski, John L.
-
Primary Examiner(s)Buczinski, Stephen C.
-
Application NumberUS08/200,610Time in Patent Office671 DaysField of Search380/47, 380/48, 380/23, 380/25US Class Current380/47CPC Class CodesH04L 63/0435 wherein the sending and rec...H04L 63/0464 using hop-by-hop encryption...H04L 9/0822 using key encryption keyH04L 9/16 the keys or algorithms bein...H04L 9/32 including means for verifyi...H04L 9/40 Network security protocols
