System and method for secure cryptographic communications

US 6,590,981 B2
Filed: 02/22/2000
Issued: 07/08/2003
Est. Priority Date: 02/22/2000
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for secure cryptographic communications between a sender location and a receiver location, the apparatus comprising:

first and second timing elements at said sender and receiver locations, respectively;

first and second key generator units at said sender and receiver locations, respectively, each generating a plurality of keys;

a data encryptor, said data encryptor obtaining a key from said first key generator unit at an occurrence of a key time, and said data encryptor using said key to encrypt data inputted during a key period; and

a data decryptor, wherein said data decryptor obtains keys from said second key generator unit at different key times, and wherein said data decryptor concurrently employ a plurality of keys obtained from said second key generator unit to decrypt the received encrypted data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for secure cryptographic communications between a sender and a receiver or multiple receivers that includes first and second timing elements, and first and second key storage units containing multiple keys in a predetermined order for selection depending on respective key times, where the key times occur periodically according to the first and second timing elements, respectively. A data encryptor obtains a new key from the first key storage unit at each occurrence of the key time of the first key storage unit, and uses the key to encrypt an inputted data. And, at least one data decryptor obtains a new key from the second key storage unit at each occurrence of the key time of the second key storage unit. Time synchronization of the participants'"'"' equipment provides the method of selecting compatible keys for the encryption and decryption process. This approach not only selects the compatible keys at the sending and receiving ends but also serves to change keys on a regular basis to enhance the overall security of the system.

68 Citations

View as Search Results

50 Claims

1. An apparatus for secure cryptographic communications between a sender location and a receiver location, the apparatus comprising:
- first and second timing elements at said sender and receiver locations, respectively;
  
  first and second key generator units at said sender and receiver locations, respectively, each generating a plurality of keys;
  
  a data encryptor, said data encryptor obtaining a key from said first key generator unit at an occurrence of a key time, and said data encryptor using said key to encrypt data inputted during a key period; and
  
  a data decryptor, wherein said data decryptor obtains keys from said second key generator unit at different key times, and wherein said data decryptor concurrently employ a plurality of keys obtained from said second key generator unit to decrypt the received encrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 31)
- - 2. The apparatus of claim 1, wherein said data decryptor includes three decrypting sections.
  - 3. The apparatus of claim 2, wherein said three decrypting sections are physically distinct from each other.
  - 4. The apparatus of claim 2, wherein each of said data decrypting sections receive said encrypted data at the same time.
  - 5. The apparatus of claim 2, wherein said data decrypting sections obtain keys at successive periodic key times.
  - 6. The apparatus of claim 2, wherein each of said data decrypting sections uses keys that are different from each other.
  - 7. The apparatus of claim 2, further comprising a processing unit operatively coupled to said data decryptor, wherein said processing unit receives said decrypted data from at least one of said data decrypting sections.
  - 8. The apparatus of claim 1, wherein said key period is settable by a user.
  - 9. The apparatus of claim 1, wherein said first and second timing elements are synchronized.
  - 10. The apparatus of claim 1, wherein corresponding key times of said first and second key generator units occur at a same time.
  - 31. The apparatus of claim 1, wherein said key generator units generate said plurality of keys in a pseudo-random manner.

11. A method for secure cryptographic communications between a sender location and a receiver location, the method comprising:
- providing first and second timing signals at sender and receiver locations, respectively;
  
  in accordance with the first and second key time signals, respectively generating a first and second set of plurality of keys, the values of which are changed periodically according to a key period, wherein said first set of plurality of keys are generated at the sender location and said second set of plurality of keys are generated at the receiver location and the key values are separately generated at each location;
  
  obtaining an encryption key from said first set of plurality of keys and using said encryption key to encrypt data; and
  
  obtaining a plurality of decryption keys from said second set of plurality of keys; and
  
  while applying said plurality of decryption keys, decrypting said encrypted data with one of said plurality of decryption keys.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein said plurality of decryption keys are obtained at successive second key time signals.
  - 13. The method of claim 11, wherein said first and second set of plurality of keys are generated in a pseudo-random manner.
  - 14. The method of claim 11, wherein said plurality of decryption keys are applied to the encrypted data concurrently.
  - 15. The method of claim 11, further comprising the step of monitoring the synchronization of said first and second timing signals.
  - 16. The method of claim 11, further comprising the step of selectably setting said key period to a specific length of time.
  - 17. The method of claim 11, further comprising the step of synchronizing said first and second timing signals.

18. An apparatus for decrypting encrypted data, said apparatus comprising:
- a timing element;
  
  a key generator unit autonomously generating keys in sequence upon occurrences of key times, wherein the key times occur periodically as indicated by the timing element; and
  
  a data decryptor, wherein said data decryptor obtains keys from said second key generator unit at different key times, and wherein said data decryptor concurrently employ a plurality of keys obtained from said second key generator unit to decrypt the received encrypted data.
- View Dependent Claims (19, 20, 45)
- - 19. The apparatus of claim 18, wherein said data decryptor includes three data decrypting sections.
  - 20. The apparatus of claim 19, wherein said data decrypting sections are physically distinct from each other.
  - 45. The method of claim 19, wherein said data decrypting sections obtain keys are successive periodic key times.

21. A method for decrypting encrypted data at a receiver location, said method comprising the steps of:
- providing a timing signal;
  
  autonomously generating a plurality of keys in sequence at the receiver location without communication with any source of encrypted data to be sent to the receiver location;
  
  providing a plurality of key times periodically; and
  
  employing at least two of said plurality of keys at each occurrence of said plurality of key times to decrypt the encrypted data, wherein one of said at least two of said plurality of keys is the appropriate key for decrypting the encrypted data.
- View Dependent Claims (22, 23, 46)
- - 22. The method of claim 21, wherein said at least two of said plurality of keys are successively generated.
  - 23. The method of claim 21, wherein said plurality of keys are generated in a pseudo-random manner.
  - 46. The method of claim 21, wherein said at least two of said plurality of keys are employed concurrently to decrypt the encrypted data.

24. An apparatus for receiving and decrypting encrypted data, said apparatus comprising:
- a timing element;
  
  a key generator that automatically and autonomously generates a plurality of keys in sequence following an initial key, wherein each key is generated at the start of a respective key period, wherein said respective key periods occur periodically; and
  
  a data decryptor for decrypting data using at least two keys from said plurality of keys, said at least two keys including a current-key-period decryption key and an adjacent-key-period decryption key, wherein only one of said current-key-period decryption key and said adjacent-key-period decryption key decrypts the encrypted data during a key period; and
  
  a data processor operatively coupled to said data decryptor for detecting a key-switching event wherein, during a key period, said one of said current-key-period decryption key and said adjacent-key-period decryption key ceases to decrypt the encrypted data, and the other one of said current-key-period decryption key and said adjacent-key-period decryption key begins to decrypt the encrypted data, wherein said detection is used to monitor the synchronization between the timing element and another timing element located outside of the apparatus.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The apparatus of claim 24, wherein said key generator generates keys in a pseudo-random manner.
  - 26. The apparatus of claim 24, wherein said key periods occur in accordance with a timing signal provided by said timing element.
  - 27. The apparatus of claim 24, wherein said data processor monitors the synchronization between said timing element and said another timing element by measuring the time period between said key-switching event and the start of the next key period, and by comparing the measured time period with a predetermined offset limit period.
  - 28. The apparatus of claim 27, wherein if said measured time period is greater than said predetermined offset limit period, said data processor generates a flag signal, said flag signal used to cause said timing element and said other timing element to synchronize.

29. A method of cryptographic communication at a receiving location comprising the steps of:
- receiving data;
  
  receiving a timing signal;
  
  generating a plurality of cryptographic keys in sequence following an initial key, said keys being autonomously generated in a pseudo-random manner;
  
  receiving a new generated cryptographic key in sequence at key change times determined by the timing signal; and
  
  decrypting data using at least two keys from said plurality of cryptographic keys, said at least two keys including a current-key-period decryption key and an adjacent-key-period decryption key, wherein only one of said current-key-period decryption key and said adjacent-key-period decryption key decrypts the encrypted data during a key period.
- View Dependent Claims (30)
- - 30. The apparatus of claim 29, further comprising the step of generating a flag signal in response to an event wherein, in between key change times, said one of said current-key-period decryption key and said adjacent-key-period decryption key ceases to decrypt the encrypted data, and the other one of said current-key-period decryption key and said adjacent-key-period decryption key begins to decrypt the encrypted data.

32. A system for secure cryptographic communication between a sender location and a receiver location, the system comprising:
- first and second timing elements at said sender and receiver locations, respectively, for generating key change signals nominally at the same times;
  
  first and second key generator units at said sender and receiver locations, respectively, wherein said first and second key generator units independently generate a first and second set of plurality of cryptographic keys in sequence without communication with one another, wherein said first and second set of plurality of cryptographic keys are generated in sequence in accordance with a first and second key change signals provided by said first and second timing elements, respectively;
  
  a data encryptor for encrypting data using at least one key from the first set of plurality of cryptographic keys;
  
  a data decryptor for decrypting data using at least two keys from the second set of plurality of cryptographic keys, said at least two keys including a current-key-period decryption key and an adjacent-key-period decryption key, wherein only one of said current-key-period decryption key and said adjacent-key-period decryption key decrypts the encrypted data between key change signals; and
  
  a data processor for generating a flag signal in response to an event wherein, in between key change signals, said one of said current-key-period decryption key and said adjacent-key-period decryption key ceases to decrypt the encrypted data, and the other one of said current-key-period decryption key and said adjacent-key-period decryption key begins to decrypt the encrypted data, wherein said flag signal is used to monitor the synchronization between the first and second timing elements.
- View Dependent Claims (33, 34, 35, 44)
- - 33. The system for secure cryptographic communication of claim 32, wherein said first and second set of cryptographic keys are generated in a pseudo-random manner.
  - 34. The system for secure cryptographic communication of claim 32, wherein, for a given time period, the key generated by said first key generator unit is identical to the key generated by said second key generator unit.
  - 35. The system according to claim 32, wherein, in response to said flag signal from said data processor, the system causes said first and said second timing elements to synchronize.
  - 44. The system for secure cryptographic communication of claim 32, wherein, in response to the flag signal, the data processor measures the offset between the first and second timing elements.

36. A communications device for secure cryptographic communications with other communications devices comprising:
- a key generation unit for autonomously generating plural key values in sequence at nominal key change points in time based upon provided initialization data, the plural key values being generated without communication with other communications devices;
  
  a data encryptor for encrypting data to be transmitted based upon a current key value; and
  
  a clock for controlling the key change times, wherein the clock controls the key generation unit to generate keys sequentially at regular intervals, and wherein the clock includes a reference time input for synchronization to a reference time provided from outside the communication device.
- View Dependent Claims (37)
- - 37. A communications device according to claim 36, wherein the clock is a free running clock.

38. A communications system for secure cryptographic communications among plural devices employing cryptographic keys, comprising a plurality of communications devices for transmitting and/or receiving data, wherein each communications device comprises:
- a key generation unit for generating plural key values in sequence at key change points in time based upon provided initialization data, the plural key values being generated at the communications device after receipt of the initial key value without communication with any of the other communications devices, wherein the key change points in time are nominally the same at each communications device; and
  
  at least one of a data encryptor and data decryptor for encrypting or decrypting data to be transmitted or received, respectively, by employing a current key value, wherein each data decryptor employs a plurality of sequentially generated key values for decrypting data, whereby a particular decryptor can decrypt data that was encrypted with a key value which is adjacent to the current key value at the particular decryptor, and wherein the decryptor employs the current key value, a next key value, and an immediately preceding key value for decryption, thereby permitting decryption of data that was encrypted with a key which is either just ahead or just behind the current key value of the particular decryptor so as to compensate for lack of exact synchronization between different key generation units and/or transmission delays.
- View Dependent Claims (39, 40, 41)
- - 39. A communications system according to claim 38, wherein each communications device include a reference time input for receiving a common timing reference for synchronizing the key generation operations of the respective key generation units.
  - 40. A communications system according to claim 38, wherein the key change points occur periodically.
  - 41. A communications system according to claim 38, wherein the key generation units generate sequential key values in accordance with a key generation algorithm.

42. A method for secure cryptographic communications between plural communications devices comprising the steps of:
- providing initialization data to each communication device;
  
  generating sequential key values at each communications device based upon the initialization data at nominal key change points in time without any communication between the communications devices;
  
  encrypting data for transmission from a communications device employing a current key value at that communications device; and
  
  decrypting the received encrypted data at a communications device by concurrently employing a plurality of sequential key values generated at that communications device, wherein the plurality of sequential key values include a current key value, a preceding key value that immediately precede the current key value, and a proceeding key value immediately following the current key value at that communications device.
- View Dependent Claims (43)
- - 43. A method for secure cryptographic communications as in claim 42, further comprising the step of synchronizing the key generation operation of a communications device with a timing reference to which other communications devices are also synchronized.

47. A method for secure cryptographic communication between a sender location and a receiver location, the method comprising the steps of:
- generating a first and second set of key change signals at said sender and receiver location, respectively;
  
  generating a first and second set of plurality of cryptographic keys at said sender and receiver locations, respectively, wherein said first and second set of plurality of cryptographic keys are generated in sequence independently, and wherein said first and second set of plurality of cryptographic keys are generated in sequence in accordance with said first and second set of key change signals;
  
  encrypting data using at least one key from the first set of plurality of cryptographic keys;
  
  decrypting data using at least two keys from the second set of plurality of cryptographic keys, said at least two keys including a current-key-period decryption key and an adjacent-key-period decryption key, wherein only one of said current-key-period decryption key and said adjacent-key-period decryption key decrypts the encrypted data between key change signals; and
  
  generating a flag signal in response to an event wherein, in between key change signals, said one of said current-key-period decryption key and said adjacent-key-period decryption key ceases to decrypt the encrypted data, and the other one of said current-key-period decryption key and said adjacent-key-period decryption key begins to decrypt the encrypted data, wherein said flag signal is used to monitor the synchronization between the first and second set of key change signals.
- View Dependent Claims (48, 49, 50)
- - 48. The method for secure cryptographic communication of claim 47, wherein said first and second set of cryptographic keys are generated in a pseudo-random manner.
  - 49. The system according to claim 47, further comprising the steps of:
50. The system for secure cryptographic communication of claim 47, further comprising the steps of:
- detecting the flag signal; and
  
  in response to detection of the flag signal, measuring the offset between the first and second set of key change signals.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stealthkey Incorporated
Original Assignee
Zyfer, Inc. (Frequency Electronics, Inc.)
Inventors
Fruehauf, Hugo, Au, Derek C.
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Callahan, Paul E.

Application Number

US09/510,540
Publication Number

US 20020006202A1
Time in Patent Office

1,232 Days
Field of Search

380/262, 380/273, 380/277, 380/260, 380/47
US Class Current

380/260
CPC Class Codes

H04L 9/0894   Escrow, recovery or storing...

H04L 9/12   Transmitting and receiving ...

H04L 9/16   the keys or algorithms bein...

System and method for secure cryptographic communications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

50 Claims

Specification

Use Cases

Quick Links

Others

System and method for secure cryptographic communications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

50 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others