×

Method and apparatus for key-management scheme for use with internet protocols at site firewalls

  • US 5,416,842 A
  • Filed: 06/10/1994
  • Issued: 05/16/1995
  • Est. Priority Date: 06/10/1994
  • Status: Expired due to Term
First Claim
Patent Images

1. In a network including a first data processing device node I coupled to a first firewall server FWA and a second data processing device node J coupled to a second firewall server FWB, said first and second firewall servers disposed between said respective nodes I and J and said network, an improved method for sending data from said node I to said node J, comprising the steps of:

  • providing an element for performing the step of said node I sending a data packet, including data and a destination address for node J, to said FWA;

    providing an element for performing the step of providing a secret value a, and a public value ∝

    a mod p to said FWA;

    providing an element for performing the step of providing a secret value b, and a public value ∝

    b mod p to said FWB;

    said FWA performing the steps of;

    adapting FWA for obtaining a Diffie-Hellman DH certificate for FWB and determining said public value ∝

    b mod p from said DH certificate;

    said firewall FWA computing the value of ∝

    ab mod p, said FWA further deriving a key Kab from said value ∝

    ab mod p;

    said firewall FWA utilizing said key Kab to encrypt a randomly generated transient key Kp, and encrypting said data packet to be transmitted to FWB using said key Kp, said encrypted data packet being encapsulated in a transmission packet including an unencrypted destination address for FWB;

    said FWA sending said transmission packet to said FWB.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×