Secure communication setup method

US 5,615,266 A
Filed: 01/11/1996
Issued: 03/25/1997
Est. Priority Date: 07/13/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method of engaging in a secure communication session with one of a plurality of remote terminals, said method comprising the steps of:

maintaining a list of approved network addresses;

obtaining a current network address for said one remote terminal;

determining whether said current network address corresponds to one of said approved network addresses;

automatically initiating a secure call setup procedure when said current network address corresponds to one of said approved network addresses;

performing a full secure call setup process when no prior secure communication session has been conducted with said one remote terminal;

performing an abbreviated secure call setup process when a prior secure communication session has been conducted with said one remote terminal;

maintaining a list in which approved user-identities are associated with approved traffic keys, said approved user-identities serving to identify at least some users of said remote terminals;

establishing a plain-text communication session with said one remote terminal;

receiving, after said automatically initiating step, a current identity from said one remote terminal;

determining whether said current identity corresponds to one of said approved user-identities from said list; and

effecting said abbreviated secure call setup process performing step when said current identity corresponds to one of said approved user-identities.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A call is connected between secure terminals (16) through a network (12). If a network address for the call is included on an approved list (46), a secure call setup procedure (54) is performed automatically. One terminal (16) automatically sends an auto-secure signal. If the other terminal detects the auto-secure signal, secure call setup procedure (54) is performed automatically. The secure call setup procedure (54) determines a current user-identity for the opposing party. If the current user-identity corresponds to a user-identity included on an approved list (76), an abbreviated secure call setup process (80) is performed. If the current user identity is not approved, a full secure call setup process (78) is performed. The abbreviated process (80) differs from the full process (78) in that it uses a traffic key obtained from a prior secure communication session and may be performed more quickly.

116 Citations

14 Claims

1. A method of engaging in a secure communication session with one of a plurality of remote terminals, said method comprising the steps of:
- maintaining a list of approved network addresses;
  
  obtaining a current network address for said one remote terminal;
  
  determining whether said current network address corresponds to one of said approved network addresses;
  
  automatically initiating a secure call setup procedure when said current network address corresponds to one of said approved network addresses;
  
  performing a full secure call setup process when no prior secure communication session has been conducted with said one remote terminal;
  
  performing an abbreviated secure call setup process when a prior secure communication session has been conducted with said one remote terminal;
  
  maintaining a list in which approved user-identities are associated with approved traffic keys, said approved user-identities serving to identify at least some users of said remote terminals;
  
  establishing a plain-text communication session with said one remote terminal;
  
  receiving, after said automatically initiating step, a current identity from said one remote terminal;
  
  determining whether said current identity corresponds to one of said approved user-identities from said list; and
  
  effecting said abbreviated secure call setup process performing step when said current identity corresponds to one of said approved user-identities.
- View Dependent Claims (2, 3, 4)
- - 2. A method of engaging in a secure communication session as claimed in claim 1 additionally comprising the step of sending an auto-secure signal to said one remote terminal, said auto-secure signal serving to request said one remote terminal to automatically send said current identity.
  - 3. A method of engaging in a secure communication session as claimed in claim 1 wherein said method additionally comprises the step of effecting said full secure call setup process performing step when said current identity does not correspond to one of said approved user-identities, and said full secure call setup process performing step comprises the steps of:
    - obtaining a new traffic key; and
      
      encrypting session data using said new traffic key.
  - 4. A method of engaging in a secure communication session as claimed in claim 3 wherein said obtaining a new traffic key step comprises the step of engaging in a public key exchange to generate said new traffic key.

5. A method of engaging in a secure communication session with one of a plurality of remote terminals, said method comprising the steps of:
- establishing a plain next communication session;
  
  detecting the receipt of an auto-secure signal from said one remote terminal;
  
  automatically initiating a secure call setup procedure in response to said auto-secure signal;
  
  performing a full secure call setup process when no prior secure communication session has been conducted with said one remote terminal;
  
  performing an abbreviated secure call setup process when a prior secure communication session has been conducted with said one remote terminal;
  
  maintaining a list in which approved user-identities are associated with approved traffic keys, said approved user-identities serving to identify at least some users of said remote terminals;
  
  receiving, after said automatically initiating step, a current identity from said one remote terminal;
  
  determining whether said current identity corresponds to one of said approved user-identities from said list; and
  
  effecting said abbreviated secure call setup process performing step when said current identity corresponds to one of said approved user-identities.
- View Dependent Claims (6)
- - 6. A method of engaging in a secure communication session as claimed in claim 5 additionally comprising the step of sending an auto-secure signal to said one remote terminal, said auto-secure signal serving to request said one remote terminal to automatically send said current identity.

7. A method of engaging in a secure communication session with one of a plurality of remote terminals, said method comprising the steps of:
- detecting the receipt of an auto-secure signal from said one remote terminal;
  
  automatically initiating a secure call setup procedure in response to said auto-secure signal;
  
  performing said full secure call setup process when no prior secure communication session has been conducted with said one remote terminal;
  
  performing an abbreviated secure call setup process when a prior secure communication session has been conducted with said one remote terminal;
  
  maintaining a list in which approved user-identities are associated with approved traffic keys, said approved user-identities serving to identify at least some users of said remote terminals;
  
  initiating a plain-text communication session with said one remote terminal;
  
  receiving a current identity from said one remote terminal;
  
  determining whether said current identity corresponds to one of said approved user-identities from said list; and
  
  when said current identity corresponds to one of said approved user-identities, encrypting session data using one of said approved traffic keys that is associated in said list with one approved user-identity to which said current identity corresponds.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. A method of engaging in a secure communication session as claimed in claim 7 additionally comprising the steps of:
    - obtaining a new traffic key when said current identity does not correspond to one of said approved user-identities; and
      
      encrypting session data using said new traffic key when said current identity does not correspond to one of said approved user-identities.
  - 9. A method of engaging in a secure communication session as claimed in claim 8 wherein said obtaining step comprises the step of engaging in a public key exchange to generate said new traffic key.
  - 10. A method of engaging in a secure communication session as claimed in claim 7 additionally comprising the steps of:
    - generating a future approved traffic key; and
      
      updating said list to associate said future approved traffic key with said one approved user-identity to which said current identity corresponds.
  - 11. A method of engaging in a secure communication session as claimed in claim 10 wherein:
    - said secure communication session occurs during said encrypting step;
      
      said communication session continues for a variable duration; and
      
      said generating and updating steps occur approximately at the beginning of said variable duration.
  - 12. A method of engaging in a secure communication session as claimed in claim 7 wherein said maintaining step additionally records a list of approved network addresses, and said initiating step comprises the steps of:
    - obtaining a current network address for said one remote terminal;
      
      determining whether said current network address corresponds to one of said approved network addresses; and
      
      automatically performing said receiving, determining, and encrypting steps when said current network address corresponds to one of said approved network addresses.
  - 13. A method of engaging in a secure communication session as claimed in claim 7 additionally comprising the steps of:
    - detecting the receipt of an auto-secure signal from said one remote terminal; and
      
      interpreting said auto-secure signal as a request to automatically establish a secure communication session.
  - 14. A method of engaging in a secure communication session as claimed in claim 7 wherein said initiating step comprises the step of sending an auto-secure signal to said one remote terminal, said auto-secure signal requesting said one remote terminal to transmit said current identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Hardy, Douglas A., Altschuler, Barry N., Stephens, James A., Kish, Joseph III
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/585,076
Time in Patent Office

439 Days
Field of Search

380/21, 380/25, 380/30, 380/49
US Class Current

713/162
CPC Class Codes

H04L 9/0891 Revocation or update of sec...

Secure communication setup method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communication setup method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links