4. Cryptography
  5. Key management

Cryptosystem

Cryptography – Key management

Reexamination Certificate

Rate now
  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C380S259000, C380S283000, C713S168000

Reexamination Certificate

active

06178244

ABSTRACT:

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a cipher communication in the communication network.
2. Description of the Related Art
One example of a conventional cipher communication system is disclosed in “Installment and evaluation of the LAN cipher communication system”, OFS-38(1994-3) p. 7-p. 12, published by the Institute of Electronics, Information and Communication Engineers. This system is configured by a communication terminal and a key managing workstation, which include ciphertext communication boards and are connected to the Local Area Network (“LAN”, hereinafter).
The above conventional cipher communication system is shown in FIG.
38
.
Communication terminals
210
and
220
are connected to the LAN
10
through encryptors
410
and
420
.
30
denotes a key manager.
The communication terminals respectively include applications
2110
and
2210
, communication controlling units
2120
and
2220
, and cipher communication controlling units
2130
and
2230
. The key manager
30
includes a session key generating unit
310
, a session key managing unit
320
, a session key encrypting unit
340
, a session key sending unit
350
and a session key enquiry receiving unit
360
. The encryptors
410
and
420
respectively include session key decrypting units
4110
and
4210
, user data encrypting/decrypting units
4130
and
4230
, user data sending/receiving units
4140
and
4240
, and session key enquiring units
4160
and
4260
.
FIG. 39
shows a configuration of the session key enquiring unit
4160
in detail. The session key enquiring unit
4160
includes a session key memorizing unit
4161
, a session key enquiry sending unit
4162
, and a session key receiving unit
4163
. The session key enquiring unit
4260
has the same configuration as the above session key enquiring unit
4160
.
Data communication procedure will be explained in the following in the above conventional cipher communication system.
Both encryptors connected to the communication terminals have the common session key to encrypt/decrypt data for the cipher communication between two terminals. To have the common session keys in the encryptors, a procedure called “key distribution” is executed.
The cipher communication requires a key distribution procedure and a user data sending/receiving procedure. Conventionally, every sending/receiving procedure of user data has to follow the key distribution procedure in the cipher communication with an arbitrary partner.
In the following, the key distribution procedure is explained when the application
2110
of the communication terminal
210
communicates with the application
2210
of the communication terminal
220
connected through the LAN
10
.
It is assumed that an address of the communication terminal
210
, which sends data first, is “A” and the communication terminal
220
has an address “B”.
FIG. 40
is a sequence chart showing a procedure of distributing the session key in the conventional cipher communication system.
When the application
2110
of the communication terminal
210
starts to communicate with the application
2210
of the communication terminal
220
connected through the LAN
10
, the application
2110
activates the communication controlling unit
2120
. The application
2110
sends information of the address “B” of the communication terminal
220
to the communication controlling unit
2120
as an address of the communicating partner.
The communication controlling unit
2120
stores the address “B” of the communication terminal
220
in storage (this is not shown in the figure) and sends information of the address “B” of the communication terminal
220
to the cipher communication controlling unit
2130
.
The cipher communication controlling unit
2130
sends a requesting command of starting communication including the information of the address “B” to the encryptor
410
. The requesting command of starting communication is sent to the session key enquiry sending unit
4162
of the session key enquiring unit
4160
of the encryptor
410
.
The session key enquiry sending unit
4162
gets the information of the address “B” included in the above requesting command of starting communication. The session key enquiry sending unit
4162
generates a key distribution requesting command “KEYREQ” including the address “B” and sends the key distribution requesting command “KEYREQ” to the key manager
30
through the LAN
10
(see S
13
in FIG.
40
). The session key memorizing unit
4161
receives the information of the address “B” from the session key enquiry sending unit
4162
and memorizes the information of the address “B”.
The key distribution requesting command “KEYREQ” received by the key manager
30
is sent to the session key enquiry receiving unit
360
. The session key enquiry receiving unit
360
gets the address “A” of the instructing partner of the key distribution requesting command. The address “A” is defined as an address of a key distribution requesting partner. The session key enquiry receiving unit
360
also gets the address “B” from the information included in the key distribution requesting command “KEYREQ”. The address “B” is defined as an address of a communicating partner and is sent to the session key managing unit
320
.
The session key managing unit
320
stores a pair of the address “A” of the key distribution requesting partner and the address “B” of the communicating partner in the storage (not shown in the figure). The session key managing unit
320
also activates the session key generating unit
310
.
When activated by the session key managing unit
320
, the session key generating unit
310
generates a random number. This random number is sent to the session key managing unit
320
as a session key.
The session key managing unit
320
stores a pair of the above session key and the pair of the address “A” and the address “B” in the storage. The session key managing unit
320
also sends the session key to the session key encrypting unit
340
.
The session key encrypting unit
340
encrypts the session key by a master key (key encryption key) and sends the encrypted result to the session key managing unit
320
as an encryption session key.
The session key managing unit
320
sends the encryption session key and the pair of the address “A”, the address of the key distribution requesting partner, and the address “B”, the address of the communicating partner, stored in the storage, to the session key sending unit
350
.
The session key sending unit
350
generates a session key distributing command “KEYDIST” including the encryption session key and the address “B” of the communicating partner and sends “KEYDIST” to the encryptor
410
connected to the communication terminal
210
located in the address “A” of the key distribution requesting partner (see S
14
).
The session key distributing command “KEYDIST” received from the encryptor
410
is sent to the session key receiving unit
4163
of the session key enquiring unit
4160
.
The session key receiving unit
4163
gets the encryption session key and the address “B” of the communicating partner from the session key distributing command “KEYDIST”. The session key receiving unit
4163
stores the address “B” in the storage and sends the encryption session key to the session key decrypting unit
4110
.
The session key decrypting unit
4110
decrypts the encryption session key by the preset master key. The decrypted result is sent to the session key receiving unit
4163
as the session key.
The session key receiving unit
4163
sends the session key to the session key memorizing unit
4161
. The session key receiving unit
4163
also sends a session key acknowledging command “KEYDIST-ACK” to the key manager
30
(see S
15
). The session key memorizing unit
4161
memorizes the information of the address “B” of the communicating partner stored in the storage and the session key as a pair.
The session key acknowledging command “KEYDIST-ACK” received by the key manager
30
is sent to the session key sending unit
35

Haseyama Toshio

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Shinoda Seiichi

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Takeda Noriko

Inventor

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Burns Doane , Swecker, Mathis LLP

Law Firm

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Jack Todd

Examiner

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Mitsubishi Denki & Kabushiki Kaisha

Corporate Assignee

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Swann Tod R.

Examiner

  [ 0.00 ] – not rated yet Voters 0   Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Cryptosystem does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Cryptosystem, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Cryptosystem will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2515447

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

 Charities
 Companies
 MP Candidates
 Patents
 Employee Salary Disclosure

World

 Places of the World
 Scientific Papers

United States

 Banks
 Companies
 Counties
 Patents
 Employee Salary Disclosure