Cryptographic key management method and apparatus

US 5,787,173 A
Filed: 03/12/1997
Issued: 07/28/1998
Est. Priority Date: 05/28/1993
Status: Expired due to Term

First Claim

Patent Images

1. A secure communication system, comprising:

a) a communications channel;

b) a transmit location coupled to the communications channel; and

c) a receive location coupled to the communications channel;

d) wherein the transmit location includesi) a transmit key component generator for generating a transmit key component,ii) a receive key component receiver for receiving a receive key component,iii) a first key component combiner for combining the transmit key component and the received receive key component to form a transmit key, andiv) transmit memory for storing the receive key component and the transmit key; and

e) wherein the receive location includesi) a receive key component generator for generating a receive key component,ii) a transmit key component receiver for receiving a transmit key component,iii) a second key component combiner for combining the transmit key component and the received receive key component to form a receive key, andiv) receive memory for storing the transmit key component and the receive key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations. The identical complete keys are then used to initiate the cryptographic engines at both locations for subsequent encryption and decryption of messages between the two locations.

Citations

24 Claims

1. A secure communication system, comprising:
- a) a communications channel;
  
  b) a transmit location coupled to the communications channel; and
  
  c) a receive location coupled to the communications channel;
  
  d) wherein the transmit location includesi) a transmit key component generator for generating a transmit key component,ii) a receive key component receiver for receiving a receive key component,iii) a first key component combiner for combining the transmit key component and the received receive key component to form a transmit key, andiv) transmit memory for storing the receive key component and the transmit key; and
  
  e) wherein the receive location includesi) a receive key component generator for generating a receive key component,ii) a transmit key component receiver for receiving a transmit key component,iii) a second key component combiner for combining the transmit key component and the received receive key component to form a receive key, andiv) receive memory for storing the transmit key component and the receive key.

2. The secure communication system of 1, wherein:
- the transmit location further includes encryption means for encrypting a first plaintext message, using the transmit key, to generate an encrypted message, andthe receive location further includes decryption means for decrypting the encrypted message, using the receive key, to generate a second plaintext message corresponding to the first plaintext message.
- View Dependent Claims (23)
- - 23. The method of claim 2, wherein combining the transmit key component and the receive key component includes serially linking the transmit key component and the receive key component.

3. A method for secure communications, comprising:
- a) generating a transmit key component at a transmit location;
  
  b) generating a receive key component at a receive location;
  
  c) receiving the transmit key component at the receive location via a communications channel;
  
  d) receiving the receive key component at the transmit location via the communications channel;
  
  e) comparing check bits included in the transmit key component with test bits at the receive location;
  
  f) comparing check bits included in the receive key component with test bits at the transmit location;
  
  g) combining the transmit key component and the receive key component at the receive location to generate a receive key, if the transmit key component check bit comparison resulted in a match; and
  
  h) combining the transmit key component and the receive key component at the transmit location to generate a transmit key, if the receive key component check bit comparison resulted in a match.
- View Dependent Claims (4)
- - 4. The method of claim 3, further comprising:
    - encrypting a first plaintext message, using the transmit key, to generate an encrypted message, anddecrypting the encrypted message, using the receive key, to generate a second plaintext message corresponding to the first plaintext message.

5. A secure communication system, comprising:
- a) a communications channel;
  
  b) a transmit device coupled to the communications channel; and
  
  c) a receive device coupled to the communications channel;
  
  d) wherein the transmit device includes a transmitter, transmit key component generating logic circuitry, and transmission-inhibiting logic circuitry;
  
  e) wherein the receive device includes a receiver, and transmit key component generating logic circuitry;
  
  f) wherein the transmitter includes transmit combining logic circuitry for combining a transmit key component with a receive key component to form a transmit key, and encrypting logic circuitry for encrypting a message using the transmit key; and
  
  g) wherein the transmission-inhibiting logic circuitry includes means for selectively inhibiting transmission of the message by the transmitter, based on a comparison of a receive key component field with a stored sequence.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The system of claim 5, wherein the receiver includes receive combining logic circuitry for combining the transmit key component and the receive key component to form a receive key, and decrypting logic circuitry for decrypting an encrypted message using the receive key.
  - 7. The system of claim 5, wherein the transmit key component includes a first pseudorandom sequence and the receive key component includes a second pseudorandom sequence.
  - 8. The system of claim 7, wherein the first pseudorandom sequence is a maximal length pseudorandom sequence.
  - 9. The system of claim 7, wherein the transmit key component further includes a first error detection field based on the first pseudorandom sequence, and the receive key component further includes a second error detection field based on the second pseudorandom sequence.
  - 10. The system of claim 9, further including:
    - a) a first test error detection sequence stored in a first memory; and
      
      b) a second test error detection sequence stored in a second memory;
      
      c) wherein the transmitter includes first comparison logic circuitry for comparing the first error detection field with the first test error detection sequence; and
      
      d) wherein the receiver includes second comparison logic circuitry for comparing the second error detection field with the second test error detection sequence.
  - 11. The system of claim 5, wherein the transmit combining logic circuitry includes linking logic circuitry for serially linking the transmit key component and the receive key component.
  - 12. The system of claim 5, wherein the transmit combining logic circuitry includes addition logic circuitry for adding the transmit key component and the receive key component.

13. A secure communication system, comprising:
- a) a transmitter;
  
  b) a transmit port connected to the transmitter;
  
  c) a receiver;
  
  d) a receive port connected to the receiver;
  
  e) transmit key component generating logic circuitry connected to the transmitter;
  
  f) inhibiting logic circuitry connected to the transmitter; and
  
  g) receive key component generating logic circuitry connected to the receiver;
  
  h) wherein the transmitter comprises combining logic circuitry for combining a transmit key component and a receive key component to form a key, and encrypting logic circuitry for encrypting a message using the key; and
  
  i) wherein the inhibiting logic circuitry includes means for selectively inhibiting transmission of the message by the transmitter, based on a comparison of a receive key component field with a stored sequence.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, further comprising a memory device for storing the transmit key component and the receive key component.
  - 15. The system of claim 14, wherein the pseudorandom sequence is a maximal length pseudorandom sequence.
  - 16. The system of claim 13, wherein the transmit key component includes a pseudorandom sequence.
  - 17. The system of claim 16, wherein the transmit key component further includes an error detection field based on the pseudorandom sequence.
  - 18. The system of claim 17, further comprising storage for a test error detection sequence, wherein the transmitter includes comparison logic circuitry for comparing the error detection field with the test error detection sequence.
  - 19. The system of claim 13, wherein the combining logic circuitry includes key linking logic circuitry for linking the transmit key component and the receive key component.
  - 20. The system of claim 13, wherein the combining logic circuitry includes addition logic circuitry for adding the transmit key component and the receive key component.

21. A method for establishing secure communication of messages between locations, comprising:
- a) generating a transmit key component at a first location when a message is to be transmitted;
  
  b) transmitting the transmit key component to a second location;
  
  c) receiving the transmit key component at the second location;
  
  d) checking the transmit key component for validity;
  
  e) generating a receive key component at the second location when a transmit key component is received;
  
  f) transmitting the receive key component to the first location;
  
  g) receiving the receive key component at the first location;
  
  h) checking the receive key component for validity at the first location; and
  
  i) enabling message communication between the first location and the second location only if the transmit key component and the receive key component are both valid.
- View Dependent Claims (22, 24)
- - 22. The method of claim 21, further comprising, if message communication is enabled:
    - a) combining the transmit key component and the receive key component at the first location to form a transmit key;
      
      b) combining the transmit key component and the receive key component at the second location to form a receive key;
      
      c) forming an encrypted message by encrypting a first plain text message using the transmit key;
      
      d) transmitting the encrypted message to the second location;
      
      e) receiving the encrypted message at the second location; and
      
      f) forming a second plain text message corresponding to the first plain text message by decrypting the encrypted message using the receive key.
  - 24. The method of claim 22, wherein combining the transmit key component and the receive key component includes bitwise modulo-2 adding the transmit key component and the receive key component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TecSec, Incorporated
Original Assignee
TecSec, Incorporated
Inventors
Crowley, John J., Seheidt, Edward M.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/815,903
Time in Patent Office

503 Days
Field of Search

380/1, 380/2, 380/9, 380/21, 380/44, 380/46, 380/49, 380/50, 380/59, 380/23, 380/24, 380/25, 380/28
US Class Current

380/277
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0877   using additional device, e....

Cryptographic key management method and apparatus

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic key management method and apparatus

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links