Key distribution protocol for file transfer in the local area network

US 5,313,521 A
Filed: 04/15/1992
Issued: 05/17/1994
Est. Priority Date: 04/15/1992
Status: Expired due to Term

First Claim

Patent Images

1. A cryptographic communications system for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising:

first generating means, located at said first terminal, for generating a first identification signal and a request signal;

first encoding means, located at said first terminal and coupled to said first generating means and said communications channel, for transforming, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal and the request signal, to a first ciphertext signal, and for transmitting the first ciphertext signal over said communications channel;

first decoding means, located at said key-distribution center and coupled to said communications channel, for decoding, using a Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal and the request signal;

first verifying means, located at said key-distribution center and coupled to said first decoding means, for verifying the first identification signal, and responsive to verifying the first identification signal, for generating a first verification signal;

second generating means, located at said key-distribution center and coupled to said first verifying means, and, responsive to the first verification signal, for generating a second identification signal;

second encoding means, located at said key-distribution center and coupled to said second generating means and said communications channel, for transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal and the request signal, to a second ciphertext signal, and for transmitting the second ciphertext signal over said communications channel;

second decoding means, located at said file server and coupled to said communications channel, for decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal and the request signal;

second verifying means, located at said file server and coupled to said second decoding means, for verifying the second identification signal and for verifying access rights of the first identification signal for the request signal, and, responsive to verifying the second identification signal and the access rights, for generating a second verification signal;

third generating means, located at said file server and responsive to the second verification signal and the request signal, for generating a third identification signal, an answer signal and a communication-encryption-key signal;

third encoding means, located at said file server and coupled to said third generating means, said second decoding means and said communications channel for transforming, using the DES encryption algorithm with the second encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal, and for transmitting the third ciphertext signal over said communications channel;

wherein said first decoding means, located at said key-distribution center, decodes, using the DES decryption algorithm with the second encryption-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;

wherein said first verifying means verifies the third identification signal, and, responsive to verifying the third identification signal, generates a third verification signal;

wherein said second encoding means, responsive to the third verification signal, transforms, using the DES encryption algorithm with the first encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal, to a fourth encryption signal, and transmits the fourth encryption signal over said communications channel;

third decoding means, located at said first terminal and coupled to said communications channel, for decoding, using the DES decryption algorithm with the first encryption-key signal, the fourth ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal;

third verifying means, located at said first terminal and coupled to said third decoding means, for verifying the first identification signal and the second identification signal, and, responsive to the answer signal and to verifying the first identification signal and the second identification signal, for generating a fourth verification signal; and

means, located at said first terminal and said file server, responsive to the fourth verification signal and the answer signal, and using the communication-encryption-key signal, for communicating between said first terminal and said file server with an encrypted signal.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic communications apparatus and method for use with a first terminal, a file server, a key distribution center and a communications channel. The method is made simple by using classical-key-encryption algorithms for electronic generation of session keys. The terminal is verified at a key distribution center, using time stamp and secret identification numbers. Each path is encrypted, with each encrypted message decoded at the key distribution center and file server.

152 Citations

29 Claims

1. A cryptographic communications system for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising:
- first generating means, located at said first terminal, for generating a first identification signal and a request signal;
  
  first encoding means, located at said first terminal and coupled to said first generating means and said communications channel, for transforming, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal and the request signal, to a first ciphertext signal, and for transmitting the first ciphertext signal over said communications channel;
  
  first decoding means, located at said key-distribution center and coupled to said communications channel, for decoding, using a Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal and the request signal;
  
  first verifying means, located at said key-distribution center and coupled to said first decoding means, for verifying the first identification signal, and responsive to verifying the first identification signal, for generating a first verification signal;
  
  second generating means, located at said key-distribution center and coupled to said first verifying means, and, responsive to the first verification signal, for generating a second identification signal;
  
  second encoding means, located at said key-distribution center and coupled to said second generating means and said communications channel, for transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal and the request signal, to a second ciphertext signal, and for transmitting the second ciphertext signal over said communications channel;
  
  second decoding means, located at said file server and coupled to said communications channel, for decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal and the request signal;
  
  second verifying means, located at said file server and coupled to said second decoding means, for verifying the second identification signal and for verifying access rights of the first identification signal for the request signal, and, responsive to verifying the second identification signal and the access rights, for generating a second verification signal;
  
  third generating means, located at said file server and responsive to the second verification signal and the request signal, for generating a third identification signal, an answer signal and a communication-encryption-key signal;
  
  third encoding means, located at said file server and coupled to said third generating means, said second decoding means and said communications channel for transforming, using the DES encryption algorithm with the second encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal, and for transmitting the third ciphertext signal over said communications channel;
  
  wherein said first decoding means, located at said key-distribution center, decodes, using the DES decryption algorithm with the second encryption-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  wherein said first verifying means verifies the third identification signal, and, responsive to verifying the third identification signal, generates a third verification signal;
  
  wherein said second encoding means, responsive to the third verification signal, transforms, using the DES encryption algorithm with the first encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal, to a fourth encryption signal, and transmits the fourth encryption signal over said communications channel;
  
  third decoding means, located at said first terminal and coupled to said communications channel, for decoding, using the DES decryption algorithm with the first encryption-key signal, the fourth ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal;
  
  third verifying means, located at said first terminal and coupled to said third decoding means, for verifying the first identification signal and the second identification signal, and, responsive to the answer signal and to verifying the first identification signal and the second identification signal, for generating a fourth verification signal; and
  
  means, located at said first terminal and said file server, responsive to the fourth verification signal and the answer signal, and using the communication-encryption-key signal, for communicating between said first terminal and said file server with an encrypted signal.
- View Dependent Claims (2, 3, 22)
- - 2. The cryptographic system as set forth in claim 1 further including:
    - first structure means located at said first terminal for generating a first data signal; and
      
      wherein said first encoding means is coupled to said first structure means for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the first data signal to the first ciphertext signal.
  - 3. The cryptographic system as set forth in claim 2 further including first structure-verifying means located at said key-distribution center and coupled to said first decoding means for verifying the first data signal and for generating a first verification signal;
    - andwherein said second encoding means is coupled to said first structure-verifying means and is responsive to the first verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 22. The cryptographic system as set forth in claim 3 further including:
    - second structure means located at said key-distribution center for generating a second data signal; and
      
      wherein said second encoding means is coupled to said second structure means for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the second data signal to the second ciphertext signal.

4. A cryptographic communications system for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising:
- first generating means, located at said first terminal, for generating a first identification signal, a response key signal and a request signal;
  
  first encoding means, located at said first terminal and coupled to said first generating means and said communications channel, for transforming, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal, the response-key signal and the request signal, to a first ciphertext signal, and for transmitting the first ciphertext signal over said communications channel;
  
  first decoding means, located at said key-distribution center and coupled to said communications channel, for decoding, using the Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal, the response-key signal and the request signal;
  
  first verifying means, located at said key-distribution center and coupled to said first decoding means, for verifying the first identification signal, and, responsive to verifying the first identification signal, for generating a first verification signal;
  
  second generating means, located at said key-distribution center and coupled to said first verifying means, and, responsive to the first verification signal, for generating a second identification signal;
  
  second encoding means, located at said key-distribution center and coupled to said second generating means and said communications channel, for transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal, the response-key signal and the request signal, to a second ciphertext signal, and for transmitting the second ciphertext signal over said communications channel;
  
  second decoding means, located at said file server and coupled to said communications channel, for decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal, the response-key signal and the request signal;
  
  second verifying means, located at said file server and coupled to said second decoding means for verifying the second identification signal and for verifying access rights of the first identification signal for the request signal, and, responsive to verifying the second identification signal and the access rights, for generating a second verification signal;
  
  third generating means, located at said file server and responsive to the second verification signal and the request signal, for generating a third identification signal, an answer signal and a communication-encryption-key signal;
- View Dependent Claims (6, 24)
- - 6. The cryptographic system as set forth in claim 4 further including:
    - first structure means located at said first terminal for generating a first data signal; and
      
      wherein said first encoding means is coupled to said first structure means for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the first data signal to the first ciphertext signal.
  - 24. The cryptographic system as set forth in claim 6 further including:
    - second structure means located at said key-distribution center for generating a second data signal; and
      
      wherein said second encoding means is coupled to said second structure means for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the second data signal to the second ciphertext signal.

5. third encoding means, located at said file server and coupled to said third generating means, said second decoding means and said communications channel, for transforming, using the DES encryption algorithm with the response-key signal, the communication-encryption-key signal, the answer signal the first identification signal and the third identification signal, to a third ciphertext signal, and for transmitting the third ciphertext signal over said communications channel;
- third decoding means, located at said first terminal and coupled to said communications channel, for decoding, using the DES decryption algorithm with the response key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  third verifying means, located at said first terminal and coupled to said third decoding means, for verifying the first identification signal and the third identification signal, and, responsive to the answer-signal and to verifying the first identification signal and the third identification signal, for generating a third verification signal; and
  
  means, located at said first terminal and said tile server, responsive to the third verification signal and the answer signal, and using the communication-encryption-key signal, for communicating between said first terminal and said file server with an encrypted signal.
- View Dependent Claims (7, 9, 11, 13, 26)
- - 7. The cryptographic system as set forth in claim 5 further including structure-verifying means located at said key-distribution center and coupled to said first decoding means for verifying the first data signal and for generating a first verification signal;
    - andwherein said second encoding means is coupled to said first structure-verifying means and is responsive to the first verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 9. The method as set forth in claim 7 wherein:
    - said generating step at said first terminal includes generating a first data signal; and
      
      said verifying step, at said key-distribution center, verifies the first time stamp signal.
  - 11. The method as set forth in claim 9 wherein:
    - said generating step at said first terminal includes generating a first data signal; and
      
      said verifying step, at said key-distribution center, verifies the first time stamp signal.
  - 13. The cryptographic system as set forth in claim 11 further including:
    - a first data-structure device located at said first terminal for generating a first data signal; and
      
      wherein said first DES encoding device is coupled to said first data-structure device for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the first data signal to the first ciphertext signal.
  - 26. The cryptographic system as set forth in claim 13 further including:
    - a second data-structure device located at said key-distribution center for generating a second data signal; and
      
      wherein said second DES encoding device is coupled to said second data-structure device for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the second data signal to the second ciphertext signal.

8. A cryptographic communications method for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising the steps of:
- generating, at said first terminal, a first identification signal and a request signal;
  
  transforming, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, at said first terminal, the first identification signal and the request signal, to a first ciphertext signal;
  
  transmitting, from said first terminal, the first ciphertext signal over said communications channel;
  
  decoding, using the Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, at said key-distribution center, the first ciphertext signal, thereby generating the first identification signal and the request signal;
  
  verifying, at said key-distribution center, the first identification signal;
  
  generating, at said key-distribution center, in response to verifying the first identification signal, a first verification signal;
  
  generating, at said key-distribution center, in response to the first verification signal, a second identification signal;
  
  transforming, using the DES encryption algorithm with a second encryption-key signal, at said key-distribution center, the first identification signal, the second identification signal and the request signal to a second ciphertext signal;
  
  transmitting, from said key-distribution center, the second ciphertext signal over said communications channel;
  
  decoding, at said file server, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal and the request signal;
  
  verifying, at said file server, the second identification signal and access rights of the first identification signal for the request signal;
  
  generating, at said file server, in response to verifying the second identification signal and the access rights, a second verification signal;
  
  generating, at said file server, in response to the second verification signal and the request signal, a third identification signal, an answer signal and a communication-encryption-key signal;
  
  transforming, at said file server, using the DES encryption algorithm with the second encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal;
  
  transmitting, from said file server, the third ciphertext signal over said communications channel;
  
  decoding at said key-distribution center, using the DES decryption algorithm with the second encryption-key signal, the third ciphertext signal, thereby generating the communication-encryption key signal, the answer signal, the first identification signal and the third identification signal;
  
  verifying, at said key-distribution center, the third identification signal;
  
  generating, at said key-distribution center, in response to verifying the third identification signal, a third verification signal;
  
  transforming, at said key-distribution center, in response to the third verification signal, using the DES encryption algorithm with the first encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal, to a fourth ciphertext signal;
  
  transmitting, from said key-distribution center, the fourth ciphertext signal over said communications channel;
  
  decoding, at said first terminal, using the DES decryption algorithm with the first encryption-key signal, the fourth ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal;
  
  verifying, at said first terminal, the first identification signal and the second identification signal;
  
  generating, at said first terminal, in response to the answer signal and to verifying the first identification signal and the second identification signal, a fourth verification signal; and
  
  communicating, in response to the fourth verification signal and the answer signal, and using the communication-encryption-key signal, between said first terminal and said file server with an encrypted signal.

10. A cryptographic communications method for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising the steps of:
- generating, at said first terminal, a first identification signal, a response-key signal and a request signal;
  
  transforming, at said first terminal, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal, the response-key signal and the request signal, to a first ciphertext signal;
  
  transmitting, from said first terminal, the first ciphertext signal over said communications channel;
  
  decoding, at said key-distribution center, using Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal, the response-key signal and the request signal;
  
  verifying, at said key-distribution center, the first identification signal;
  
  generating, at said key-distribution center, in response to verifying the first identification signal, a first verification signal;
  
  generating, at said key-distribution center and in response to the first verification signal, a second identification signal;
  
  transforming, at said key-distribution center, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal, the response key signal and the request signal, to a second ciphertext signal;
  
  transmitting, from said key distribution center, the second ciphertext signal over said communications channel;
  
  decoding, at said file server, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal, the response key signal and the request signal;
  
  verifying, at said file server, the second identification signal and access rights of the first for the request signal;
  
  generating, at said file server, in response to verifying the second identification signal and the access rights, a second verification signal;
  
  generating, at said file server and in response to the second verification signal and the request signal, a third identification signal, an answer signal and a communication-encryption-key signal;
  
  transforming, at said file server, using the DES encryption algorithm with the response-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal;
  
  transmitting, from said file server, the third ciphertext signal over said communications channel;
  
  decoding, at said first terminal, using the DES decryption algorithm with the response-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  verifying, at said first terminal, the first identification signal and the third identification signal;
  
  generating, at said first terminal, in response to the answer signal and to verifying the first identification signal and the third identification signal, a third verification signal; and
  
  communicating, in response to the third verification signal and the answer signal, and using the communication-encryption-key signal, between said first terminal and said file server with an encrypted signal.

12. A cryptographic communications system for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising:
- a first key-encryption-key generator, located at said first terminal, for generating a first identification signal and a request signal;
  
  a first Data Encryption Standard (DES) encoding device, located at said first terminal and coupled to said first key-encryption-key generator and said communications channel, for transforming, using a DES encryption algorithm with a first encryption-key signal, the first identification signal and the request signal, to a first ciphertext signal, and for transmitting the first ciphertext signal over said communications channel;
  
  a first Data Encryption Standard (DES) decoding device, located at said key-distribution center and coupled to said communications channel, for decoding, using the DES decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal and the request signal;
  
  a first data-structure-verification device, located at said key-distribution center and coupled to said first DES decoding device, for verifying the first identification signal, and responsive to verifying the first identification signal, for generating a first verification signal;
  
  a second key-encryption-key generator, located at said key-distribution center and coupled to said first data-structure-verification device, and, responsive to the first verification signal, for generating a second identification signal;
  
  a second DES encoding device, located at said key-distribution center and coupled to said second key-encryption-key generator and said communications channel, for transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal and the request signal, to a second ciphertext signal, and for transmitting the second ciphertext signal over said communications channel;
  
  a second DES decoding device, located t said file server and coupled to said communications channel, for decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal and the request signal;
  
  a second data-structure-verification device, located at said file server and coupled to said second DES decoding device, for verifying the second identification signal and for verifying access rights of the first identification signal for the request signal, and, responsive to verifying the second identification signal and the access rights, for generating a second verification signal;
  
  a third key-encryption-key generator, located at said file server and responsive to the second verification signal and the request signal, for generating a third identification signal, an answer signal and a communication-encryption-key signal;
  
  a third DES encoding device, located at said file server and coupled to said third key-encryption-key generator, said second DES decoding device and said communications channel for transforming, using the DES encryption algorithm with the second encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal, and for transmitting the third ciphertext signal over said communications channel;
  
  wherein said first DES decoding device, located at said key-distribution center, decodes, using the DES decryption algorithm with the second encryption-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  wherein said first data-structure-verification device verifies the third identification signal, and, responsive to verifying the third identification signal, generates a third verification signal;
  
  wherein said second DES encoding device, responsive to the third verification signal, transforms, using the DES encryption algorithm with the first encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal, to a fourth encryption signal, and transmits the fourth encryption signal over said communications channel;
  
  a third DES decoding device, located at said first terminal and coupled to said communications channel, for decoding, using the DES decryption algorithm with the first encryption-key signal, the fourth ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal;
  
  a third data-structure-verification device, located at said first terminal and coupled to said third DES decoding device, for verifying the first identification signal and the second identification signal, and, responsive to the answer signal and to verifying the first identification signal and the second identification signal, for generating a fourth verification signal; and
  
  wherein said first DES encoding device, said third DES decoding device, said second DES decoding device, and said third DES encoding device, responsive to the fourth verification signal and the answer signal, and using the communication-encryption-key signal, communicate between said first terminal and said file server with an encrypted signal.
- View Dependent Claims (14, 16, 28)
- - 14. The cryptographic system as set forth in claim 12wherein said first data-structure-verification device verifies the first data signal and generates a first verification signal;
    - andwherein said second DES encoding device is coupled to said first data-structure-verification device and is responsive to the first verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 16. The cryptographic system as set forth in claim 14 further including:
    - a first data-structure device located at said first terminal for generating a first data signal; and
      
      wherein said first DES encoding device is coupled to said first data-structure device for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the first data signal to the first ciphertext signal.
  - 28. The cryptographic system as set forth in claim 16 further including:
    - a second data-structure device located at said key-distribution center for generating a second data signal; and
      
      wherein said second DES encoding device is coupled to said second data-structure device for transforming, using the DES encryption algorithm, the first identification signal, the request signal and the second data signal to the second ciphertext signal.

15. A cryptographic communications system for use with a first terminal, a file server, a key-distribution center, and a communications channel, comprising:
- a first key-encryption-key generator, located at said first terminal, for generating a first identification signal, a response-key signal and a request signal;
  
  a first Data Encryption Standard (DES) encoding device, located at said first terminal and coupled to said first key-encryption-key generator and said communications channel, for transforming, using a DES encryption algorithm with a first encryption-key signal, the first identification signal, the response-key signal and the request signal, to a first ciphertext signal, and for transmitting the first ciphertext signal over said communications channel;
  
  a first Data Encryption Standard (DES) decoding device, located at said key-distribution center and coupled to said communications channel, for decoding, using the DES decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal, the response-key signal and the request signal;
  
  a first data-structure-verification device, located at said key-distribution center and coupled to said first DES decoding device, for verifying the first identification signal, and, responsive to verifying the first identification signal, for generating a first verification signal;
  
  a second key-encryption-key generator, located at said key-distribution center and coupled to said first data-structure-verification device, and, responsive to the first verification signal, for generating a second identification signal;
  
  a second DES encoding device, located at said key-distribution center and coupled to said second key-encryption-key generator and said communications channel, for transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal, the response-key signal and the request signal, to a second ciphertext signal, and for transmitting the second ciphertext signal over said communications channel;
  
  a second DES decoding device, located at said file server and coupled to said communications channel, for decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal, the response-key signal and the request signal;
  
  a second data-structure-verification device, located at said file server and coupled to said second DES decoding device for verifying the second identification signal and for verifying access rights of the first identification signal for the request signal, and, responsive to verifying the second identification signal and the access rights, for generating a second verification signal;
  
  a third key-encryption-key generator, located at said file server and responsive to the second verification signal and the request signal, for generating a third identification signal, an answer signal and a communication-encryption-key signal;
  
  a third DES encoding device, located at said file server and coupled to said third key-encryption-key generator, said second DES decoding device and said communications channel, for transforming, using the DES encryption algorithm with the response-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal, and for transmitting the third ciphertext signal over said communications channel;
  
  a third DES decoding device, located at said first terminal and coupled to said communications channel, for decoding, using the DES decryption algorithm with the response-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  a third data-structure-verification device, located at said first terminal and coupled to said third DES decoding device, for verifying the first identification signal and the third identification signal, and, responsive to the answer-signal and to verifying the first identification signal and the third identification signal, for generating a third verification signal; and
  
  wherein said first DES encoding device, said third DES decoding device, said second DES decoding device, and said third DES encoding device, responsive to the third verification signal and the answer signal, and using the communication-encryption-key signal, communicate between said first terminal and said file server with an encrypted signal.
- View Dependent Claims (17, 19, 21, 23, 25, 27, 29)
- - 17. The cryptographic system as set forth in claim 15wherein said first data-structure-verification device verifies the first data signal and generates a first verification signal;
    - andwherein said second DES encoding device is coupled to said first data-structure-verification device and is responsive to the first verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 19. The method as set forth in claim 17 wherein:
    - said generating step includes generating a first data signal; and
      
      said verifying step verifies the first time stamp signal.
  - 21. The method as set forth in claim 19 wherein:
    - said generating step includes generating a first data signal; and
      
      said verifying step verifies the first time stamp signal.
  - 23. The cryptographic system as set forth in claim 21 further including second structure-verifying means located at a second terminal and coupled to said second decoding means for verifying the second data signal and for generating a second verification signal;
    - andwherein said second encoding means is coupled to said second structure-verifying means and is responsive to the second verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 25. The cryptographic system as set forth in claim 23 further including second structure-verifying means located at a second terminal and coupled to said second decoding means for verifying the second data signal and for generating a second verification signal;
    - andwherein said second encoding means is coupled to said second structure-verifying means and is responsive to the second verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 27. The cryptographic system as set forth in claim 25wherein said second data-structure-verification device verifies the second data signal and generates a second verification signal;
    - andwherein said second DES encoding device is coupled to said second data-structure-verification device and is responsive to the second verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.
  - 29. The cryptographic system as set forth in claim 27wherein said second data-structure-verification device verifies the second data signal and generates a second verification signal;
    - andwherein said second DES encoding device is coupled to said second data-structure-verification device and is responsive to the second verification signal for transforming, using the DES encryption algorithm, the first identification signal and the second identification signal to the second ciphertext signal and for transmitting the second ciphertext signal over said communications channel.

18. A cryptographic communications method comprising the steps of:
- generating a first identification signal and a request signal;
  
  transforming, using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal and the request signal, to a first ciphertext signal;
  
  transmitting the first ciphertext signal;
  
  decoding, using the Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal and the request signal;
  
  verifying the first identification signal;
  
  generating, in response to verifying the first identification signal, a first verification signal;
  
  generating, in response to the first verification signal, a second identification signal;
  
  transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal and the request signal to a second ciphertext signal;
  
  transmitting the second ciphertext signal;
  
  decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal and the request signal;
  
  verifying the second identification signal and access rights of the first identification signal for the request signal;
  
  generating, in response to verifying the second identification signal and the access rights, a second verification signal;
  
  generating, in response to the second verification signal and the request signal, a third identification signal, an answer signal and a communication-encryption-key signal;
  
  transforming, using the DES encryption algorithm with the second encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal;
  
  transmitting the third ciphertext signal;
  
  decoding, using the DES decryption algorithm with the second encryption-key signal, the third ciphertext signal, thereby generating the communication-encryption key signal, the answer signal, the first identification signal and the third identification signal;
  
  verifying the third identification signal;
  
  generating, in response to verifying the third identification signal, a third verification signal;
  
  transforming, in response to the third verification signal, using the DES encryption algorithm with the first encryption-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal, to a fourth ciphertext signal;
  
  transmitting the fourth ciphertext signal;
  
  decoding, using the DES decryption algorithm with the first encryption-key signal, the fourth ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the second identification signal;
  
  verifying the first identification signal and the second identification signal;
  
  generating, in response to the answer signal and to verifying the first identification signal and the second identification signal, a fourth verification signal; and
  
  communicating, in response to the fourth verification signal and the answer signal, and using the communication-encryption-key signal, with an encrypted signal.

20. A cryptographic communications method comprising the steps of:
- generating a first identification signal, a response-key signal and a request signal;
  
  transforming using a Data Encryption Standard (DES) encryption algorithm with a first encryption-key signal, the first identification signal, the response-key signal and the request signal, to a first ciphertext signal;
  
  transmitting the first ciphertext signal;
  
  decoding, using the Data Encryption Standard (DES) decryption algorithm with the first encryption-key signal, the first ciphertext signal, thereby generating the first identification signal, the response-key signal and the request signal;
  
  verifying the first identification signal;
  
  generating, in response to verifying the first identification signal, a first verification signal;
  
  generating, in response to the first verification signal, a second identification signal;
  
  transforming, using the DES encryption algorithm with a second encryption-key signal, the first identification signal, the second identification signal, the response-key signal and the request signal, to a second ciphertext signal;
  
  transmitting the second ciphertext signal;
  
  decoding, using the DES decryption algorithm with the second encryption-key signal, the second ciphertext signal, thereby generating the first identification signal, the second identification signal, the response-key signal and the request signal;
  
  verifying the second identification signal and access rights of the first identification signal for the request signal;
  
  generating, in response to verifying the second identification signal and the access rights, a second verification signal;
  
  generating, in response to the second verification signal and the request signal, a third identification signal, an answer signal and a communication-encryption-key signal;
  
  transforming, using the DES encryption algorithm with the response-key signal, the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal, to a third ciphertext signal;
  
  transmitting the third ciphertext signal;
  
  decoding using the DES decryption algorithm with the response-key signal, the third ciphertext signal, thereby generating the communication-encryption-key signal, the answer signal, the first identification signal and the third identification signal;
  
  verifying the first identification signal and the third identification signal;
  
  generating in response to the answer signal and to verifying the first identification signal and the third identification signal, a third verification signal; and
  
  communicating, in response to the third verification signal and the answer signal, and using the communication-encryption-key signal, with an encrypted signal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Newman, David B. Jr., Torii, Naoya
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/868,571
Time in Patent Office

762 Days
Field of Search

380/21, 380/25, 380/49
US Class Current

380/281
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3297   involving time stamps, e.g....

Key distribution protocol for file transfer in the local area network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

152 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Key distribution protocol for file transfer in the local area network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links