Encryption system key distribution method and apparatus
First Claim
1. A key distribution method for communicating cipher keys between two terminals via a key distribution center, KDC, said method comprisingestablishing between any one terminal and said key distribution center a terminal-unique cipher key for controlling the generating of session keys,cooperating by transmitting information using said established terminal-unique cipher key between said KDC and said one terminal on a subsequent connection between said KDC and said one terminal to establish a session key for use by said one terminal in a subsequent secure transmission between said one terminal and a second terminal, andchanging said priorly established terminal-unique cipher key in response to use of said priorly established terminal-unique cipher key on said subsequent connection between said one terminal and said KDC.
1 Assignment
0 Petitions
Accused Products
Abstract
Encryption systems typically rely on the distribution of cipher keys between terminals for scrambling and unscrambling transmitted messages. Elaborate security precautions are necessary to protect the cipher keys since a compromise of the key could result in a compromise of the transmission. There is disclosed a key distribution method and apparatus which uses a channel from identified terminals to a central key distribution center for the establishment, on a one-session basis, of the key which is to be used for the next session between those terminals. The key establishing link is itself encoded using a cipher key which changes after each usage. Provision is made to verify, for each new connection, that a compromise has not priorly occurred.
145 Citations
18 Claims
-
1. A key distribution method for communicating cipher keys between two terminals via a key distribution center, KDC, said method comprising
establishing between any one terminal and said key distribution center a terminal-unique cipher key for controlling the generating of session keys, cooperating by transmitting information using said established terminal-unique cipher key between said KDC and said one terminal on a subsequent connection between said KDC and said one terminal to establish a session key for use by said one terminal in a subsequent secure transmission between said one terminal and a second terminal, and changing said priorly established terminal-unique cipher key in response to use of said priorly established terminal-unique cipher key on said subsequent connection between said one terminal and said KDC.
-
5. A key distribution center for controlling the dissemination of session cipher keys between remotely located terminals, said center arranged for switched access to a plurality of said terminals, said center comprising
means for establishing communication cipher keys between said center and each said terminal having access thereto, each cipher key unique to each said terminal, means operative when said terminals access said center for bidirectional asymmetrically exchanging information with said accessing terminals using, as a foundation for said exchange, said priorly established communication cipher keys, and means responsive to said exchanged information between said center and two of said terminals and the subsequent bidirectional asymmetrical exchange of information between said two terminals for allowing said two terminals to establish a session cipher key for secure transmission between said two terminals.
-
9. A key distribution center for controlling the distribution of cipher control information among a number of terminals, said center comprising
means for individually exchanging encoded information between any of said terminals, said exchange for any particular terminal based partially upon a last information exchange between said particular terminal and said center, means for identifying at least two terminals where encrypted session information is to be exchanged and for accepting from said identified terminals certain encryption control information, and means for modifying, according to a preestablished pattern, accepted information from said identified terminals and for communicating said modified information to the other of said terminals so as to allow each of said terminals to thereafter establish, independent of any information available at said center, a cipher key allowing said session information to be encrypted.
-
10. An encryption terminal operable for communicating with other said terminals for the exchange of encrypted information, said encryption occurring under control of a session encryption key, said terminal including
means for establishing between said terminal and a key distribution center a unique cipher key for exchanging information between said terminal and said center, means for storing information pertaining to established exchanged cipher keys with said center, means for comparing said stored information against information received from said center during an information exchange for verifying that the information on the last exchange to said center was not modified, and session means for enabling a secure transmission with a selected other terminal, said session means controlled in part by said accepted exchanged information.
-
14. An encryption terminal operable for communicating with other said terminals for the exchange of encrypted information, said encryption occurring under control of a session encryption key, said terminal including
means for establishing between said terminal and a key distribution center a unique cipher key for exchanging information between said terminal and said center, means for storing information pertaining to established exchanged cipher keys with said center, means for exchanging information with said center, said information exchange enabled by said stored cipher key information, session means for enabling a secure transmission with a selected other terminal, said session means controlled in part by said information exchange, and means for modifying said unique cipher key after each said information exchange with said center.
-
17. A cipher key distribution method for controlling the dissemination of session cipher keys between remotely located terminals and a key distribution center, said center arranged for switched access to a plurality of said terminals, said method comprising
establishing pairs of communication cipher keys between said center and each said terminal having access thereto, each said pair being unique to each said terminal, exchanging, when one of said terminals accesses said center, information with said accessed terminal using, as a foundation for said exchange, said priorly established communication cipher key, communicating to said terminal, in response to said exchanged information, other information allowing said terminal to establish a session cipher key for use with an identified other terminal also having access to said center, said information exchanged between said center and said terminal includes receiving from said center the base Y and modulus Q of a Diffie-Hellman algorithm.
Specification