Cryptographic key management method and apparatus
First Claim
1. A secure communication system, comprising:
- a) a communications channel;
b) a transmit location coupled to the communications channel; and
c) a receive location coupled to the communications channel;
d) wherein the transmit location includesi) a transmit key component generator for generating a transmit key component,ii) a receive key component receiver for receiving a receive key component,iii) a first key component combiner for combining the transmit key component and the received receive key component to form a transmit key, andiv) transmit memory for storing the receive key component and the transmit key; and
e) wherein the receive location includesi) a receive key component generator for generating a receive key component,ii) a transmit key component receiver for receiving a transmit key component,iii) a second key component combiner for combining the transmit key component and the received receive key component to form a receive key, andiv) receive memory for storing the transmit key component and the receive key.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations. The identical complete keys are then used to initiate the cryptographic engines at both locations for subsequent encryption and decryption of messages between the two locations.
-
Citations
24 Claims
-
1. A secure communication system, comprising:
-
a) a communications channel; b) a transmit location coupled to the communications channel; and c) a receive location coupled to the communications channel; d) wherein the transmit location includes i) a transmit key component generator for generating a transmit key component, ii) a receive key component receiver for receiving a receive key component, iii) a first key component combiner for combining the transmit key component and the received receive key component to form a transmit key, and iv) transmit memory for storing the receive key component and the transmit key; and e) wherein the receive location includes i) a receive key component generator for generating a receive key component, ii) a transmit key component receiver for receiving a transmit key component, iii) a second key component combiner for combining the transmit key component and the received receive key component to form a receive key, and iv) receive memory for storing the transmit key component and the receive key.
-
-
2. The secure communication system of 1, wherein:
-
the transmit location further includes encryption means for encrypting a first plaintext message, using the transmit key, to generate an encrypted message, and the receive location further includes decryption means for decrypting the encrypted message, using the receive key, to generate a second plaintext message corresponding to the first plaintext message. - View Dependent Claims (23)
-
-
3. A method for secure communications, comprising:
-
a) generating a transmit key component at a transmit location; b) generating a receive key component at a receive location; c) receiving the transmit key component at the receive location via a communications channel; d) receiving the receive key component at the transmit location via the communications channel; e) comparing check bits included in the transmit key component with test bits at the receive location; f) comparing check bits included in the receive key component with test bits at the transmit location; g) combining the transmit key component and the receive key component at the receive location to generate a receive key, if the transmit key component check bit comparison resulted in a match; and h) combining the transmit key component and the receive key component at the transmit location to generate a transmit key, if the receive key component check bit comparison resulted in a match. - View Dependent Claims (4)
-
-
5. A secure communication system, comprising:
-
a) a communications channel; b) a transmit device coupled to the communications channel; and c) a receive device coupled to the communications channel; d) wherein the transmit device includes a transmitter, transmit key component generating logic circuitry, and transmission-inhibiting logic circuitry; e) wherein the receive device includes a receiver, and transmit key component generating logic circuitry; f) wherein the transmitter includes transmit combining logic circuitry for combining a transmit key component with a receive key component to form a transmit key, and encrypting logic circuitry for encrypting a message using the transmit key; and g) wherein the transmission-inhibiting logic circuitry includes means for selectively inhibiting transmission of the message by the transmitter, based on a comparison of a receive key component field with a stored sequence. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A secure communication system, comprising:
-
a) a transmitter; b) a transmit port connected to the transmitter; c) a receiver; d) a receive port connected to the receiver; e) transmit key component generating logic circuitry connected to the transmitter; f) inhibiting logic circuitry connected to the transmitter; and g) receive key component generating logic circuitry connected to the receiver; h) wherein the transmitter comprises combining logic circuitry for combining a transmit key component and a receive key component to form a key, and encrypting logic circuitry for encrypting a message using the key; and i) wherein the inhibiting logic circuitry includes means for selectively inhibiting transmission of the message by the transmitter, based on a comparison of a receive key component field with a stored sequence. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for establishing secure communication of messages between locations, comprising:
-
a) generating a transmit key component at a first location when a message is to be transmitted; b) transmitting the transmit key component to a second location; c) receiving the transmit key component at the second location; d) checking the transmit key component for validity; e) generating a receive key component at the second location when a transmit key component is received; f) transmitting the receive key component to the first location; g) receiving the receive key component at the first location; h) checking the receive key component for validity at the first location; and i) enabling message communication between the first location and the second location only if the transmit key component and the receive key component are both valid. - View Dependent Claims (22, 24)
-
Specification