Method for algorithm independent cryptographic key management

US 5,179,591 A
Filed: 10/16/1991
Issued: 01/12/1993
Est. Priority Date: 10/16/1991
Status: Expired due to Term

First Claim

Patent Images

1. A method for establishing a secure communications link between first and second terminals, wherein the terminals follow a procedure including the steps of:

exchanging a first message containing information on encryption devices and communications modes available within the terminals;

selecting in at least one terminal a common key generation and ciphering method and a common data rate;

exchanging a second message containing user authentication information;

exchanging a third message for providing data to form traffic keys;

exchanging a fourth message for synchronizing secure communications; and

initiating secure communication.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for secure communications contains a controller for automatically selecting one of several data ciphering means utilizing one of a plurality of ciphering algorithms common to transmitting and receiving terminals. A transmitting means for transmitting encrypted data, and a receiving means for receiving encrypted data are coupled to the plurality of ciphering means. The control means automatically determines which of the ciphering means to employ for any given secure communication. The method for establishing a secure communications link includes the steps of exchanging a first message for determining a common key generation and ciphering method and comparing a further shared message for validation of communications terminal security. Additionally, the steps of trading a still further message for providing data to form traffic keys to initialize key generators, interchanging an additional message for synchronizing and verifying synchronization of secure communications between secure communications terminals, and initiating secure communication are used.

201 Citations

15 Claims

1. A method for establishing a secure communications link between first and second terminals, wherein the terminals follow a procedure including the steps of:
- exchanging a first message containing information on encryption devices and communications modes available within the terminals;
  
  selecting in at least one terminal a common key generation and ciphering method and a common data rate;
  
  exchanging a second message containing user authentication information;
  
  exchanging a third message for providing data to form traffic keys;
  
  exchanging a fourth message for synchronizing secure communications; and
  
  initiating secure communication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as claimed in claim 1, wherein said first exchanging step further includes the step of:
    - selecting a common ciphering algorithm by means of an automatic programmed hierarchy of secure information interchange methods.
  - 3. A method as claimed in claim 1, wherein said third exchanging step further includes the steps of:
    - generating a first random number in the first terminal;
      
      generating a second random number in a second terminal;
      
      exchanging random numbers; and
      
      forming in each terminal, a third random number from the first and second random numbers to form a traffic key.
  - 4. A method as claimed in claim 3, wherein said forming step further includes the step of exclusive ORing.
  - 5. A method as claimed in claim 1, wherein said fourth exchanging step further includes the steps of:
    - encrypting a known data pattern using the information from the third exchanging step;
      
      transmitting the encrypted known data pattern;
      
      receiving an encrypted known data pattern;
      
      decrypting the received encrypted known data pattern using a traffic key derived from the third exchanging step; and
      
      comparing the decrypted received encrypted known data pattern to a stored known data pattern to determine agreement.
  - 6. A method as claimed in claim 5, wherein said decrypting step of comparing further includes the step of decrypting a random number for use as a linear feedback shift register seed.
  - 7. A method as claimed in claim 1, wherein said fourth exchanging step further includes the step of generating an initial linear feedback shift register seed value.

8. A method for establishing a secure communications link, between terminals wherein each terminal follows a procedure comprising the steps of:
- exchanging an Access Domain and Capabilities Message comprising ciphering and deciphering capabilities;
  
  trading Authentication Messages comprising certified user authentication data, a certified user public key;
  
  transmitting a first Random Component Message including a first random number receiving a second Random Component Message including a second random number, and forming a traffic key;
  
  interchanging Cryptographic Synchronization messages; and
  
  initiating a secure information interchange.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. A method as claimed in claim 8, wherein said exchanging step further includes choosing a common secure information exchange ciphering algorithm.
  - 10. A method as claimed in claim 9, wherein said choosing step further includes the step of selecting a common ciphering algorithm by means of an automatic programmed hierarchy of secure information interchange methods.
  - 11. A method as claimed in claim 8, wherein said interchanging step further includes the step of decrypting a random number for use as a linear feedback shift register seed.
  - 12. A method as claimed in claim 8, wherein said initiating step further includes the steps of:
    - generating an initial linear feedback shift register value;
      
      concatenating traffic modality and initial linear feedback shift register value information;
      
      appending data of variable length to the concatenated information to form a Cryptographic Synchronization message;
      
      interchanging said Cryptographic Synchronization message; and
      
      determining a traffic modality.
  - 13. A method as claimed in claim 12, wherein said appending step further includes the step of including unused information in the appended data to form the Cryptographic Synchronization message to a standard length.
  - 14. A method as claimed in claim 8, wherein said transmitting step further includes the step of interchanging a traffic key variable.
  - 15. A method as claimed in claim 8, wherein said initiating step includes the step of permitting a user to alter a chosen data rate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Dynamics C4 Systems Incorporated (General Dynamics Corporation)
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Lewis, Leslie K., Hardy, Douglas A., Altschuler, Barry N.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/777,870
Time in Patent Office

454 Days
Field of Search

380/21
US Class Current

713/171
CPC Class Codes

H04L 2209/80 Wireless network architectu...

H04L 9/0844 with user authentication or...

Method for algorithm independent cryptographic key management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

201 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for algorithm independent cryptographic key management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links