Cryptography – Key management – Having particular key generator
Patent
1993-02-08
1994-04-12
Cangialosi, Salvatore
Cryptography
Key management
Having particular key generator
H04K 100
Patent
active
053033035
DESCRIPTION:
BRIEF SUMMARY
This invention relates to data transmission systems, in particular secure data transmission systems in which data is encrypted for transmission over a non-secure data transmission network such as a packet switching network.
In this specification, the word "data" encompasses digitally-encoded information of any type. It includes, but is not restricted to, alpha-numeric data such as ASCII; video; teletext; facsimile; speech; and digitally-encoded analogue signals e.g. telemetry
In this specification, the word "crypto" has been used as an abbreviation for "encryption device".
As is know to those skilled in the art, in order to transmit data over a packet switching network it is necessary to produce a packet comprising a header portion, a data portion containing data to be transmitted, and a trailer portion. The header portion contains information identifying the destination of the packet, and may contain such additional information as is permitted by the packet switching network protocols, such as call redirection and ringback facilities. Where the data to be transmitted needs to be kept secure, it would be possible to encrypt the data per se: however it would not be possible to encrypt the header and trailer data as the packet switching network needs this header and trailer data to allow it to deliver the packet to the correct destination. In certain cases it would be undesirable for any information identifying the originator and/or recipient of the data to be transmitted over non-secure channels. The present invention arose from an attempt to overcome or mitigate these problems.
According to the invention apparatus for encrypting data for transmission over a communications network comprises: means for generating a first packet comprising a header portion, an information - containing portion and a trailer portion, means for encrypting the first packet, and means for generating a second packet comprising a further header portion, the encrypted first packet, and a further trailer portion.
According to a further aspect of the invention a communication system is provided in which data is encoded by such apparatus prior to being transmitted.
In encrypting the first packet, the information-carrying portion may be incrypted separately form the header portion and trailer portion.
The system may comprise a plurality of subscribers connected by a communications network via a plurality of nodes, at least one subscriber being associated with each node. Each node may include means for encrypting data in the manner referred to in the two preceding paragraphs for transmission to another node, and means for decrypting data for transmission to an associated subscriber.
The further header portion need only contain data relating to the encrypting and the decrypting nodes. At least one node may allow communication between a pair of subscribers connected to that node. This avoids the need for those subscribers to use the non-secure communications network when communicating with each other. The header portion may contain information relating to the destination subscriber address. The header portion may also contain other information such as ring-back or redirect calls, or the security classification of the data. In at least one node the means for decrypting data may comprise a crypto bypass. The bypass may be used for non-secure traffic.
At least one node may comprise a respective encryption device for communication between that node and each respective other node. This allows that node to communicate directly with all other nodes, each node having its own code. At least one node may comprise a respective encryption device for communication between that node and at least one respective group of other nodes.
At least one node may comprise means for padding the traffic with dummy information. This ensures that the node is busy at all times, making it difficult to detect when genuine secure traffic is being conveyed.
At least one node may function as an exchange node so that traffic between nodes has to pass via at least one exchang
REFERENCES:
patent: 4837822 (1989-06-01), Crosley et al.
patent: 4910777 (1990-03-01), Larson et al.
ACM Transactions on Computer Systems, vol. 3, No. 1, (Feb. 1985), New York, pp. 1-14, "Secure Communication Using Remote Procedure Calls".
Proceedings of IEEE, vol. 71, No. 12, (Dec. 1983), New York, pp. 1334-1340, Day et al., "OSI Reference Model".
Cangialosi Salvatore
GPT Limited
LandOfFree
Data communication system using encrypted data packets does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data communication system using encrypted data packets, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data communication system using encrypted data packets will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2105675