Cryptography – Particular algorithmic function encoding – Public key
Patent
1994-06-10
1995-05-16
Gregory, Bernarr E.
Cryptography
Particular algorithmic function encoding
Public key
380 4, 380 21, 380 23, 380 25, 380 49, H04L 930, H04L 908, H04L 900
Patent
active
054168422
ABSTRACT:
The present invention includes a first data processing device (node I) coupled to a first private network and to a firewall server (FWA). Firewall server FWA is in turn coupled to a public network, such as the Internet. A second data processing device (node J) is coupled to a second private network which is coupled to the Internet through a firewall server (FWB). Node I provides a data packet including IP data and a destination address for the intended receiving node J to firewall FWA. Firewall FWA is provided with a secret value a, and a public value .varies..sup.a mod p. Similarly, firewall FWB is provided with a secret value b and a public value .varies..sup.b mod p. The firewall FWA obtains a Diffie-Hellman (DH) certificate for firewall FWB and determines the public value .varies..sup.b mod p from the DH certificate. Firewall FWA then computes the value of .varies..sup.ab mod p, and derives a key K.sub.ab from the value .varies..sup.ab mod p. A transient key K.sub.p is randomly generated and is used to encrypt the data packet to be transmitted by firewall FWA to firewall FWB. The encrypted data packet is then encapsulated in a transmission packet by the firewall FWA. The transmission packet includes an unencrypted destination address for the firewall FWB. Firewall FWA then sends the transmission packet to firewall FWB over the Internet. Upon receipt of the transmission packet from firewall FWA, firewall FWB obtains a DH certificate for firewall FWA, and determines the public value of .varies..sup.a mod p from the DH certificate. Firewall FWB computes the value of .varies..sup.ab mod p, and derives the key K.sub.ab. Firewall B utilizes the key K.sub.ab to decrypt the transient key K.sub.p, and using the decrypted transient key K.sub.p, firewall FWB decrypts the encrypted data packet received from FWA, thereby resulting in the recovery of the original data sent by node I in unencrypted form to the firewall FWA. The firewall FWB then transmits the decrypted data packet to the receiving node J over the second private network.
REFERENCES:
patent: 4916704 (1990-04-01), Bruckert et al.
Whitfield Diffie, "The First Ten Years of Public-Key Cryptography", (Proceedings of the IEEE, vol. 76, No. 5, May 1988).
Paul Fahn, "Answers to Frequently Asked Questions About Today's Cryptography", (RSA Laboratories, 1992).
"Part I: Message Encryption and Authentication Procedures", (Privacy Enhancement for Internet Electronic Mail, J. Linn (Network Working Group), Feb., 1993.
"Part II: Certificate-Based Key Management", (Privacy Enhancement for Internet Electronic Mail, S. Kent (Network Working Group), Feb., 1993.
"Part III: Algorithms, Modes, and Identifiers", (Privacy Enhancement for Internet Electronic Mail), D. Balenson (Network Working Group), Feb., 1993.
"Part IV: Key Certification and Related Services" (Privacy Enhancement for Internet Electronic Mail), B. Kaliski (Network Working Group), Feb., 1993.
Whitfield Diffie, Paul C. Van Oorschoot and Michael J. Wiener, "Authentication and Authenticated Key Exchanges" (Designs, Codes and Cryptography, 2-107-125 (1992), Kluwer Academic Publishers).
"The MD5 Message-Digest Algorithm"; MIT Laboratory for Computer Science and RSA Data Security, Inc. (1992), R. Rivest (Network Working Group).
RSA Data Security, Inc. Technology Bulletin, copy undated.
Gregory Bernarr E.
Sun Microsystems Inc.
LandOfFree
Method and apparatus for key-management scheme for use with inte does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for key-management scheme for use with inte, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for key-management scheme for use with inte will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-644339