Communication security
First Claim
1. A method of distributing though a communication network, enciphering key data to be used in encrypting and decrypting data at first and second terminals so as to provide secure data transmission between the terminals through the network, the terminals each storing corresponding first and second terminal keys, the method comprising:
- storing the first and second keys remotely of the terminals;
generating at a location remote from both of the terminals, first and second separate partial keys each as a masked function of a common number and a corresponding one of said stored keys;
dispatching the first partial keV separately towards the first terminal; and
separately dispatching the second partial key towards the second terminal, wherein the enciphering key data is to be used for encrypting and decrypting data at said first and second terminals and at least one further terminal so as to provide security for concurrent data transmissions between all of said terminals through the network, the method further including;
storing a further key remotely of the terminals corresponding to the terminal key of the further terminal;
generating a further partial key as a masked function of the common number and said remotely stored further key; and
dispatching the further partial key towards the further terminal.
4 Assignments
0 Petitions
Accused Products
Abstract
A satellite mobile telecommunications system includes mobile terminals 2a, 2b which can communicate with one another using end-to end encryption and decryption techniques. When secure end-to-end communication is required, each terminal uses a common encryption code (RAND) to encode data and decode data transmitted between the terminals. The encryption code is transmitted in a secure manner from a remote database station (15) to the terminals. Each terminal stores a terminal key (Ka, Kb) on its SIM card and the keys are also held in the remote station (15). Partial keys (Kpa, Kb) comprising the pseudo random number (RAND) and the keys Ka, Kb stored at the station (15) are produced at the station (15) by an exclusive OR process in order to mask the keys and the random number. The partial key Kpa=Ka+(RAND) is sent to terminal 2a. At the terminal 2a, the partial key Kpa is exclusive OR-ed with the locally stored terminal key Ka on the SIM card, so as to recover (RAND). The common code (RAND) is determined by the same process at terminal 2b, from Kpb=Kb+(RAND) and the locally stored key Kb. The terminals then both run a GSM encryption algorithm (A5) to encrypt and decrypt transmitted data, on the basis of the common code (RAND).
127 Citations
6 Claims
-
1. A method of distributing though a communication network, enciphering key data to be used in encrypting and decrypting data at first and second terminals so as to provide secure data transmission between the terminals through the network, the terminals each storing corresponding first and second terminal keys, the method comprising:
-
storing the first and second keys remotely of the terminals;
generating at a location remote from both of the terminals, first and second separate partial keys each as a masked function of a common number and a corresponding one of said stored keys;
dispatching the first partial keV separately towards the first terminal; and
separately dispatching the second partial key towards the second terminal, wherein the enciphering key data is to be used for encrypting and decrypting data at said first and second terminals and at least one further terminal so as to provide security for concurrent data transmissions between all of said terminals through the network, the method further including;
storing a further key remotely of the terminals corresponding to the terminal key of the further terminal;
generating a further partial key as a masked function of the common number and said remotely stored further key; and
dispatching the further partial key towards the further terminal. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A terminal for communicating through a communication network with at least one further terminal, comprising:
-
means to receive a store that stores an individual terminal key;
a key generator to receive from the network a partial key comprising a masked function of the individual terminal key and a number transmitted in common to said at least one further terminal, and operative to compare the individual key stored in the store with said partial key so as to produce an encryption code as a function of said number;
enciphering means operative to encipher data transmitted through the network in accordance with the encryption code; and
user operable means for selectively initiating operation of the enciphering means, the terminal being operative to transmit and receive data in different channels through the network, wherein the enciphering means is operative to encipher data transmitted through the network in accordance with a first said encryption code, and including deciphering means operative to decipher data received through the network in accordance with a second, different said encryption code.
-
Specification