System and method for changing the security level of a communications terminal during operation
First Claim
Patent Images
1. A method of changing the security level of a communications terminal during operation, the method comprising:
- providing a key loading device to the communications terminal, wherein the key loading device comprises a secure memory, and stored within the secure memory are;
a wrapped first key (wK1) wrapped utilizing a single key encryption key (KEK) and a first split partial portion (s1KEK) of the single KEK but not a second split partial portion (s2KEK) of the single KEK or a third split partial portion (s3KEK) of the single KEK, wherein the single KEK cannot be reconstituted from less than all of the s1KEK, the s2KEK, and the s3KEK, wherein the s1KEK and the wK1 are at a first security level;
loading the s2KEK into the secure memory of the key loading device via a physical interface to the key loading device;
transferring the s3KEK into the secure memory of the key loading device via a communications link, wherein the communications link is different than the physical interface; and
reconstituting the single KEK from the s1KEK, the s2KEK and the s3KEK, wherein the reconstituted single KEK is at a third security level higher than the first security level;
unwrapping the wK1 using the reconstituted, single KEK to obtain a first key (K1), wherein the K1 is at a second security level higher than the first security level; and
using the K1 within the communications terminal to perform cryptographic operations.
2 Assignments
0 Petitions
Accused Products
Abstract
The security level of a communications terminal can be changed during operation. A key loading device can reconstitute a key encryption key from plural split portions. The split portions can be loaded into the key loading device via various interfaces. The reconstituted key encryption key can be used to unwrap wrapped keys stored in the key loading device.
-
Citations
27 Claims
-
1. A method of changing the security level of a communications terminal during operation, the method comprising:
-
providing a key loading device to the communications terminal, wherein the key loading device comprises a secure memory, and stored within the secure memory are;
a wrapped first key (wK1) wrapped utilizing a single key encryption key (KEK) and a first split partial portion (s1KEK) of the single KEK but not a second split partial portion (s2KEK) of the single KEK or a third split partial portion (s3KEK) of the single KEK, wherein the single KEK cannot be reconstituted from less than all of the s1KEK, the s2KEK, and the s3KEK, wherein the s1KEK and the wK1 are at a first security level;loading the s2KEK into the secure memory of the key loading device via a physical interface to the key loading device; transferring the s3KEK into the secure memory of the key loading device via a communications link, wherein the communications link is different than the physical interface; and reconstituting the single KEK from the s1KEK, the s2KEK and the s3KEK, wherein the reconstituted single KEK is at a third security level higher than the first security level; unwrapping the wK1 using the reconstituted, single KEK to obtain a first key (K1), wherein the K1 is at a second security level higher than the first security level; and using the K1 within the communications terminal to perform cryptographic operations. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of preparing a communications terminal for secure operation when the communications terminal security level can be changed during operation, the method comprising:
-
generating a single key encryption key (KEK) to produce a single generated KEK, wherein the single generated KEK is at a third security level; wrapping a first key (K1) using the single generated KEK within the secure facility to form a wrapped first key (wK1), wherein the K1 is at a second security level and the wK1 is at the first security level and the first security level is lower than the second security level; after the wrapping, splitting the single generated KEK into a plurality of at least three split partial portions of the single generated KEK each of which is a split of the single generated KEK within a key loading device, wherein the single generated KEK cannot be reconstituted from less than a predefined number of the plurality of split partial portions of the single generated KEK, wherein the plurality of split partial portions is at the first security level and the first security level is lower than the third security level; storing the wK1 and at least a first one (s1KEK) of the plurality of split partial portions of the single generated KEK in a secure memory within the key loading device; providing at least a second one (s2KEK) of the plurality of split partial portions of the single generated KEK to at least one initiation device; providing at least a third one (s3KEK) of the plurality of split partial portions of the single generated KEK to a communications facility configured to communicate over a communications link with the communications terminal; and erasing the single generated KEK and all but the at least first one (s1KEK) of the plurality of split partial portions of the single generated KEK from the secure memory, so that the key loading device is at the first security level, wherein after the erasing step, the at least first one (s1KEK) is stored in the secure memory but the at least second one (s2KEK) and the at least third one (s3KEK) are not stored in the secure memory. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A communications system for changing a security level during operation, the system comprising:
-
a communications terminal; an encryption device disposed within the communications terminal and configured to accept a traffic encryption key; a secure memory coupled to the communications terminal, wherein the secure memory is configured to store a wrapped first key wrapped using a single key encryption key (KEK) and a plurality of split partial portions of the single KEK, wherein a first split partial portion (s1KEK) of the single KEK is stored therein; a physical interface to the secure memory and configured to temporarily interface physically with a portable crypto ignition key memory and accept from the crypto ignition key memory a second split partial portion (s2KEK) of the single KEK; a communication interface to the secure memory configured to transfer a third split partial portion (s3KEK) of the single KEK received at the communications terminal from a source external to the communications system into the secure memory; and a key reconstitutor coupled to the secure memory and configured to reconstitute the single KEK from the s1KEK, s2KEK, and s3KEK; and a key unwrapper coupled to the secure memory and configured to decrypt the first key using the reconstituted single KEK; and a key fill interface between the key unwrapper and the encryption device configured to transfer a traffic encryption key into the encryption device, wherein the traffic encryption key is any of;
the first key, a second key unwrapped using the first key, a second key received over an encrypted communications link protected by the first key, and a third key wrapped using a second key and received over an encrypted communications link protected by the first key. - View Dependent Claims (19, 20, 21, 22)
-
-
23. A key loading device for changing the security level of a communications terminal, the key loading device comprising:
-
a secure memory configured to store a first split partial portion (s1KEK) of a single key encryption key (KEK), and a wrapped (wK1) first key (K1) wrapped by the single KEK; a data input port coupled to the secure memory and configured to temporarily interface physically with a portable crypto ignition key memory and accepting from the crypto ignition key memory a second split partial portion (s2KEK) of the single KEK and storing the s2KEK into the secure memory; a terminal interface configured to interface to a communications terminal that is remotely located from the key loading device, accept a third split partial portion (s3KEK) of the single KEK from the remote communications terminal, and store the s3KEK into the secure memory; a means for combining the s1KEK, s2KEK and s3KEK to reconstitute the single KEK, the means for combining being coupled to the secure memory, wherein the s1KEK, s2KEK and s3KEK are at a first security level, the single KEK cannot be reconstituted from less than all of the s1KEK, s2KEK and s3KEK, and the single KEK is at a third security level higher than the first security level; a means for unwrapping the wK1 using the reconstituted single KEK to obtain the K1, the means for unwrapping being coupled to the secure memory; and a key output port configured to transfer a traffic key to cryptographic unit of the communications terminal. - View Dependent Claims (24, 25, 26, 27)
-
Specification