Synchronization of encryption/decryption keys in a data communication network
First Claim
1. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:
- sending a decryption key from the source node to the destination node;
storing said decryption key at the destination node;
at the source node, writing a predetermined binary value into one or more predetermiined bit positions in the header portion of each data packet to be decrypted using said decryption key,at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and
at the destination node, activating said decryption key when said predetermined binary value is detected in said one or more predetermined bit positions.
2 Assignments
0 Petitions
Accused Products
Abstract
To enhance the security provided by data encryption in a data communication network, the encryption/decryption keys are changed periodically at the source and destination nodes for an established connection. A destination node must know not only the value of any new key but also when to begin using that key to decrypt received data packets. Synchronization (making sure a data packet is decrypted using a decryption key correlated with the encryption key used to encrypt the same packet) is achieved by defining a single bit in each packet header as a key synchronization bit. As long as key synchronization bit value remains unchanged from one received packet to the next, a receiving node will continue to use the same decryption key it has been using. When a change in the key synchronization bit value is detected, the receiving node will begin using a previously-received, new decryption key.
159 Citations
16 Claims
-
1. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:
-
sending a decryption key from the source node to the destination node; storing said decryption key at the destination node; at the source node, writing a predetermined binary value into one or more predetermiined bit positions in the header portion of each data packet to be decrypted using said decryption key, at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and at the destination node, activating said decryption key when said predetermined binary value is detected in said one or more predetermined bit positions. - View Dependent Claims (2)
-
-
3. For use at a source node in a system including one or more such source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between an encryption key used at the source node in encrypting data packets and a decryption key used at a destination node to decrypt the same packets after transmission through the network, said method comprising the steps of:
-
when an encryption key is to be activated, sending the corresponding decryption key from the source node to the destination node; and writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key. - View Dependent Claims (4)
-
-
5. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a key-synchronizing system for maintaining synchronization between the encryption key used at a source node to encrypt a data packet and the decryption key used at the destination node in decrypting the same data packet after transmission through the network, said key-synchronizing system comprising:
-
at the source node from which the encrypted packet is to be sent, means for sending a decryption key to the destination node which is to receive the packet; at the destination node, means for storing said decryption key;
at the source node, means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of a data packet to be decrypted using said decryption key;at the destination node, means monitoring the header portion of each received data packet for the presence of the predetermined binary value in the predetermined bit positions; and at the destination node, means for activating said decryption key when the predetermined binary value is detected. - View Dependent Claims (6)
-
-
7. A key-synchronizing source node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing source node comprising:
-
means for sending a decryption key to at least one destination node to which data packets are to be sent; and means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet which is to be decrypted using said decryption key at the destination node.
-
-
8. A key-synchronizing destination node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing destination node comprising:
-
means for receiving a decryption key from a source node from which data packets are being transmitted; means for storing said decryption key;
means for monitoring one or more predetermined bit positions in the header portion of each received data packet;means for activating said decryption key when a predetermined change is detected in the predetermined bit positions of a received data packet.
-
-
9. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between the encryption key used at a source node in encrypting a data packet and the decryption key used at a destination node to decrypt the same data packet, said method comprising the steps of:
-
storing at least one unactivated decryption key at the destination node; at the source node, writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key; at the destination node, monitoring said one or more bit positions in the header portion of each received data packet for the presence of said predetermined binary value; and at the destination node, activating said decryption key when the predetermined binary value is detected in said one or more predetermined bit positions of a received data packet. - View Dependent Claims (10)
-
-
11. For use at a source node in a system including one or more such source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a method of maintaining synchronization between an encryption key used at the source node in encrypting data packets and a decryption key used at a destination node to decrypt the same packets after transmission through the network, said method comprising the steps of:
-
determining that a decryption key is to be activated at the destination node; and in response to such determination, writing a predetermined binary value into one or more predetermined bit positions in the header portion of each data packet to be decrypted using said decryption key. - View Dependent Claims (12)
-
-
13. For use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, a key-synchronizing system for maintaining synchronization between the encryption key used at a source node to encrypt a data packet and the decryption key used at the destination node in decrypting the same data packet after transmission through the network, said key-synchronizing system comprising:
-
at the destination node, means for storing at least one decryption key; at the source node, means for writing a predetermined binary value into one or more predetermined bit positions in the header portion of a data packet to be decrypted using said decryption key; at the destination node, means monitoring the header portion of each received data packet for the presence of said predetermined binary value in the predetermined bit positions; and at the destination node, means for retrieving said decryption key from storage and activating said key for each received data packet in which the predetermined binary value is detected. - View Dependent Claims (14)
-
-
15. A key-synchronizing source node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing source node comprising:
-
means for determining when a decryption key is to be used at a destination node; and means for writing a predetermined binary value into predetermined bit positions in the header portion of each data packet which is to be decrypted at the destination node using said decryption key.
-
-
16. A key-synchronizing destination node for use in a system including one or more source nodes for encrypting information using an encryption key, an interposed data communication network through which data packets including the encrypted information are transmitted, each of said data packets including a header and a data payload portion, and one or more destination nodes for decrypting received data packets using a decryption key, said key-synchronizing destination node comprising:
-
means for storing at least one decryption key; means for monitoring predetermined bit positions in the header portion of each received data packet; means for activating a stored decryption key when a change is detected in the predetermined bit positions of a received data packet.
-
Specification