Synchronization of encryption/decryption keys in a data communication network

US 5,805,705 A
Filed: 01/29/1996
Issued: 09/08/1998
Est. Priority Date: 01/29/1996
Status: Expired due to Fees

First Claim

Patent Images

1. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:

sending a decryption key from the source node to the destination node;

storing said decryption key at the destination node;

at the source node, writing a predetermined binary value into one or more predetermiined bit positions in the header portion of each data packet to be decrypted using said decryption key,at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and

at the destination node, activating said decryption key when said predetermined binary value is detected in said one or more predetermined bit positions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To enhance the security provided by data encryption in a data communication network, the encryption/decryption keys are changed periodically at the source and destination nodes for an established connection. A destination node must know not only the value of any new key but also when to begin using that key to decrypt received data packets. Synchronization (making sure a data packet is decrypted using a decryption key correlated with the encryption key used to encrypt the same packet) is achieved by defining a single bit in each packet header as a key synchronization bit. As long as key synchronization bit value remains unchanged from one received packet to the next, a receiving node will continue to use the same decryption key it has been using. When a change in the key synchronization bit value is detected, the receiving node will begin using a previously-received, new decryption key.

159 Citations

16 Claims

1. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:
- sending a decryption key from the source node to the destination node;
  
  storing said decryption key at the destination node;
  
  at the source node, writing a predetermined binary value into one or more predetermiined bit positions in the header portion of each data packet to be decrypted using said decryption key,at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and
  
  at the destination node, activating said decryption key when said predetermined binary value is detected in said one or more predetermined bit positions.
- View Dependent Claims (2)
- - 2. A method as set forth in claim 1 wherein the predetermined binary value comprises the binary complement of the binary value stored in the corresponding predetermined bit positions of the header portion of the prior data packet.

3. For use at a source node in a system including one or more such source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between an encryption key used at the source node in encrypting data packets and a decryption key used at a destination node to decrypt the same packets after transmission through the network, said method comprising the steps of:
- when an encryption key is to be activated, sending the corresponding decryption key from the source node to the destination node; and
  
  writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key.
- View Dependent Claims (4)
- - 4. A method as set forth in claim 3 wherein the predetermined binary value comprises the binary complement of the binary value stored in the corresponding bit positions of the header portion of the prior data packet.

5. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a key-synchronizing system for maintaining synchronization between the encryption key used at a source node to encrypt a data packet and the decryption key used at the destination node in decrypting the same data packet after transmission through the network, said key-synchronizing system comprising:
- at the source node from which the encrypted packet is to be sent, means for sending a decryption key to the destination node which is to receive the packet;
  
  at the destination node, means for storing said decryption key;
  
  at the source node, means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of a data packet to be decrypted using said decryption key;
  
  at the destination node, means monitoring the header portion of each received data packet for the presence of the predetermined binary value in the predetermined bit positions; and
  
  at the destination node, means for activating said decryption key when the predetermined binary value is detected.
- View Dependent Claims (6)
- - 6. A system as set forth in claim 5 wherein the predetermined binary value comprises the binary complement of the binary value written into corresponding bit positions of the prior data packet.

7. A key-synchronizing source node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing source node comprising:
- means for sending a decryption key to at least one destination node to which data packets are to be sent; and
  
  means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet which is to be decrypted using said decryption key at the destination node.

8. A key-synchronizing destination node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing destination node comprising:
- means for receiving a decryption key from a source node from which data packets are being transmitted;
  
  means for storing said decryption key;
  
  means for monitoring one or more predetermined bit positions in the header portion of each received data packet;
  
  means for activating said decryption key when a predetermined change is detected in the predetermined bit positions of a received data packet.

9. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:
- storing at least one unactivated decryption key at the destination node;
  
  at the source node, writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key;
  
  at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and
  
  at the destination node, activating said decryption key when the predetermined binary value is detected in said one or more predetermined bit positions of a received data packet.
- View Dependent Claims (10)
- - 10. A method as set forth in claim 9 wherein the predetermined binary value comprises the binary complement of the binary value stored in the corresponding bit positions of the header portion of the prior data packet.

11. For use at a source node in a system including one or more such source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between an encryption key used at the source node in encrypting data packets and a decryption key used at a destination node to decrypt the same packets after transmission through the network, said method comprising the steps of:
- determining that a decryption key is to be activated at the destination node; and
  
  in response to such determination, writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key.
- View Dependent Claims (12)
- - 12. A method as set forth in claim 11 wherein the predetermined binary value comprises the binary complement of the binary value stored in the corresponding bit positions of the header portion of the prior data packet.

13. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a key-synchronizing system for maintaining synchronization between the encryption key used at a source node to encrypt a data packet and the decryption key used at the destination node in decrypting the same data packet after transmission through the network, said key-synchronizing system comprising:
- at the destination node, means for storing at least one decryption key;
  
  at the source node, means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of a data packet to be decrypted using said decryption key;
  
  at the destination node, means monitoring the header portion of each received data packet for the presence of said predetermined binary value in the predetermined bit positions; and
  
  at the destination node, means for retrieving said decryption key from storage and activating said key for each received data packet in which the predetermined binary value is detected.
- View Dependent Claims (14)
- - 14. A system as set forth in claim 13 wherein the predetermined binary value comprises the binary complement of the binary value written into corresponding bit positions of the prior data packet.

15. A key-synchronizing source node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing source node comprising:
- means for determining when a decryption key is to be used at a destination node; and
  
  means for writing a predetermined binary value into predetermined bit positions in the header portion of each data packet which is to be decrypted at the destination node using said decryption key.

16. A key-synchronizing destination node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing destination node comprising:
- means for storing at least one decryption key;
  
  means for monitoring predetermined bit positions in the header portion of each received data packet;
  
  means for activating a stored decryption key when a change is detected in the predetermined bit positions of a received data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Henkel KGaA (Henkel AG & Co KGaA), International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Peyravian, Mohammad, Gray, James P., Onvural, Raif O.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/592,931
Time in Patent Office

953 Days
Field of Search

380/48, 380/49, 380/21
US Class Current

713/160
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 69/22   Parsing or analysis of headers

H04L 9/0891   Revocation or update of sec...

H04L 9/12   Transmitting and receiving ...

Synchronization of encryption/decryption keys in a data communication network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Synchronization of encryption/decryption keys in a data communication network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others