Method and apparatus for performing secure communications

US 7,113,601 B2
Filed: 09/26/2001
Issued: 09/26/2006
Est. Priority Date: 09/26/2001
Status: Active Grant

First Claim

Patent Images

1. A method for securely transmitting data from a sending communication device to a receiving communication device comprising:

in response to a user input selecting a secure mode via a user interface on a sending communication device, asserting a first notification via said user interface indicating to a user that a secured connection is not ready, and initiating a connection with a receiving communication device;

determining whether said receiving communication device is capable of secured communication, and based on said determination selectively asserting a second notification via said user interface indicating to said user that a channel status from the set comprising;

unsecured channel available; and

secured channel pending;

receiving at said sending communication device at least one public key from said receiving communication device, said public key corresponding to at least one private key of said receiving communication device that is stored in a secure portion of said receiving communication device;

in response to receipt of said at least one public key, said sending communication device redirecting user communications through an encryption circuit and asserting a third notification via said user interface indicating to said user that a secure channel is active;

using at said sending communication device said at least one public key to transform clear digital data into encrypted digital data;

said sending communication device forwarding said encrypted digital data to said receiving communication device; and

using said at least one private key at said receiving communication device to decrypt said encrypted digital data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enabling secure communication over a network is described. This method employs a public/private key encryption/decryption algorithm through a secure communication device. The communication device is designated as capable of secure communication when it is equipped with the necessary electronics to perform the encryption and decryption, as one embodiment is described herein. The encryption/decryption method utilized by embodiments of the invention can be incorporated into the modification of, conventional communication terminals such as a telephone. Such modifications are comprised of, but not limited to, the addition of components (refer to FIG. 1) capable of converting voice signals to digital signals and vice versa. The communication terminal may also include, for example, a specially designed ASIC processor and/or software configured to encrypt and decrypt data. In one embodiment of the invention measures are taken to limit accessibility to the keys utilized to perform encryption/decryption.

54 Citations

View as Search Results

30 Claims

1. A method for securely transmitting data from a sending communication device to a receiving communication device comprising:
- in response to a user input selecting a secure mode via a user interface on a sending communication device, asserting a first notification via said user interface indicating to a user that a secured connection is not ready, and initiating a connection with a receiving communication device;
  
  determining whether said receiving communication device is capable of secured communication, and based on said determination selectively asserting a second notification via said user interface indicating to said user that a channel status from the set comprising;
  
  unsecured channel available; and
  
  secured channel pending;
  
  receiving at said sending communication device at least one public key from said receiving communication device, said public key corresponding to at least one private key of said receiving communication device that is stored in a secure portion of said receiving communication device;
  
  in response to receipt of said at least one public key, said sending communication device redirecting user communications through an encryption circuit and asserting a third notification via said user interface indicating to said user that a secure channel is active;
  
  using at said sending communication device said at least one public key to transform clear digital data into encrypted digital data;
  
  said sending communication device forwarding said encrypted digital data to said receiving communication device; and
  
  using said at least one private key at said receiving communication device to decrypt said encrypted digital data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein said secure portion comprises a processor.
  - 3. The method of claim 2 wherein said processor comprises an Application Specific Integrated Circuit (ASIC) having said secure portion for holding said at least one private key.
  - 4. The method of claim 1 wherein said secure manner comprises a means for tamper proofing.
  - 5. The method of claim 4 wherein said means for tamper proofing erases said at least one private key upon an indication of tampering.
  - 6. The method of claim 1 wherein said using said at least one private key at said receiving communication device to decrypt said encrypted digital data further comprises:
    - obtaining said at least one private key from a processor.
  - 7. The method of claim 1 wherein said receiving communication device determines the authenticity of said at least one public key.
  - 8. The method of claim 1 wherein said secure portion comprises a tamper proof ASIC.
  - 9. The method of claim 8 wherein authentication is required for access to said secure portion.
  - 10. The method of claim 9 wherein said authentication utilizes encryption.

11. A system for securing data communications between a sending communication device and a receiving communication device comprising:
- a sending communication device comprising;
  
  a first processor comprising a sender'"'"'s secure portion, said sender'"'"'s secure portion having at least one sender'"'"'s private key;
  
  a first Analog to Digital Converter (ADC) configured to obtain analog data from a user and convert said analog data to digital data;
  
  a first memory medium comprising a receiver'"'"'s public key;
  
  a user interface configured to receive a user input to toggle between a clear channel and a secured channel, said user interface comprising a user notification element indicating a current mode from a clear mode and a secure mode and a current status from an active status and a pending status; and
  
  a first module configured to forward at least one sender'"'"'s public key to a receiving communication device associated with said at least one sender'"'"'s private key, wherein said first module is responsive to said user input;
  
  an interconnection fabric configured to couple said sending communication device with a receiving communication device;
  
  said receiving communication device comprising;
  
  a second memory medium comprising a second module configured to obtain said at least one sender'"'"'s public key from said sending communication device;
  
  a second processor comprising a secure portion, said secure portion having at least one receiver'"'"'s private key which complements said at least one receiver'"'"'s public key;
  
  said first module configured to transform said digital data to encrypted data using said at least one receiver'"'"'s public key and provide said encrypted data to said receiving communication device via said interconnection fabric;
  
  said receiving communication device configured to utilize said at least one receiver'"'"'s private key from said receiver'"'"'s secure portion to transform said encrypted data back to said digital data;
  
  said receiving communication device having a second Digital to Analog Converter (DAC) configured to transform said digital data to resulting analog data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein said first processor and said second processor each comprise at least one Application Specific Integrated Circuit (ASIC).
  - 13. The system of claim 11 wherein said first module configured to forward said at least one sender'"'"'s public key to said receiving communication device encapsulates said sender'"'"'s public key in a data header.
  - 14. The system of claim 11 wherein said receiving communication device authenticates said sender'"'"'s public key.
  - 15. The system of claim 14 wherein said authentication depends upon verification of a sender'"'"'s digital signature associated with said at least one sender'"'"'s public key.
  - 16. The system of claim 11 wherein said sending communication device authenticates said receiver'"'"'s public key.
  - 17. The system of claim 16 wherein said authentication depends upon verification of a receiver'"'"'s digital signature associated with said at least one receiver'"'"'s public key.
  - 18. The system of claim 11 wherein said analog data comprises voice data provided by said user.
  - 19. The system of claim 11 wherein said sending communication device and said receiving communication device are telephones.
  - 20. The system of claim 11 wherein said receiving communication device further comprises:
    - a second ADC configured to obtain an analog data reply from a receiving user at said receiving communication device and convert said analog data reply to a digital data reply;
      
      said second module configured to transform said digital data reply to an encrypted data reply using said at least one sender'"'"'s public key and forward said encrypted data reply to said sending communication device;
      
      said sending communication device configured to obtain said at least one sender'"'"'s private key from said secure portion and utilize said at least one sender'"'"' private key to transform said encrypted data reply to said digital data reply;
      
      said sending communication device having a first DAC configured to transform said digital data reply to an analog data reply.

21. An apparatus for sending secure data to a receiving apparatus comprising:
- a first Analog to Digital Converter (ADC) configured to obtain an analog data signal and convert said analog data signal to digital data;
  
  a first Application Specific Integrated Circuit (ASIC) comprising a secure portion, said secure portion having at least one sender'"'"'s private key;
  
  a first memory medium comprising a means for obtaining a receiver'"'"'s public key from a receiving apparatus and using said at least one receiver'"'"'s public key to transform said digital data to encrypted data;
  
  a communication link for transmitting said encrypted data to said receiving apparatus; and
  
  a user interface enabling a user to selectively engage said first ADC and said means in a communication path to toggle between a secure mode and a clear mode, said user interface providing an indicator to said user of a current mode from said clear mode and said secure mode and a current status from an active status and a pending status.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The apparatus of claim 21 further comprising:
    - said first memory medium comprising a means for transmitting at least one sender'"'"'s public key which complements said at least one sender'"'"'s private key to said receiving apparatus.
  - 23. The apparatus of claim 21 wherein said sending apparatus comprises a telephone.
  - 24. The apparatus of claim 23 wherein said telephone further comprises a means for determining if said receiving apparatus is secure.
  - 25. The apparatus of claim 21 further comprising:
    - an interface configured to convey to a user when said communication link is secure.
  - 26. The apparatus of claim 25 wherein said interface comprises an indicator light for conveying whether said communication link is secure.
  - 27. The apparatus of claim 21 wherein said first ASIC comprises a means for tamper proofing.
  - 28. The apparatus of claim 27 wherein said means for tamper proofing erases said at least one sender'"'"'s private key upon an indication of tampering.
  - 29. The apparatus of claim 21 wherein access to said secure portion of said ASIC requires authentication.

30. A communication device comprising:
- a first public key of a first public key/private key pair;
  
  a memory;
  
  an integrated circuit having in a secured portion an embedded private key of said first public key/private key pair, said integrated circuit comprising a processor configured to provide asymmetric decryption using said embedded private key and asymmetric encryption using a second public key accessed from said memory;
  
  a user interface comprising at least one user input element and at least one user notification element, wherein said at least one user input element is responsive to user input to select from a clear communication mode and a secure communication mode, and wherein said at least one user notification element is configured to indicate a selected mode from said clear communication mode and said secure communication mode, and to indicate a current status of said selected mode from a pending status and an active status;
  
  a channel securing function responsive to said at least one user input element, wherein said channel securing function is configured to determine whether a target communication device is enabled for said asymmetric encryption and asymmetric decryption, to forward said first public key to said target communication device and obtain said second public key associated with a second public key/private key pair of said target communication device, and to engage said asymmetric encryption and asymmetric decryption of communications once a connection with said target communication device is established and said second public key is obtained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mohan Ananda
Original Assignee
Mohan Ananda
Inventors
Ananda, Mohan
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US09/965,682
Publication Number

US 20030061496A1
Time in Patent Office

1,826 Days
Field of Search

380/282, 380/283, 380/277, 380/285, 380/44, 380/270, 380/255, 380/247, 455/410
US Class Current

380/282
CPC Class Codes

H04L 9/0897 involving additional device...

H04L 9/30 Public key, i.e. encryption...

Method and apparatus for performing secure communications

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for performing secure communications

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links