Cryptography – Key management – Having particular key generator
Patent
1994-09-23
1996-12-10
Gregory, Bernarr E.
Cryptography
Key management
Having particular key generator
380 9, 380 23, 380 25, 380 29, 235380, 235382, H04L 900
Patent
active
055839401
DESCRIPTION:
BRIEF SUMMARY
BACKGROUND OF THE INVENTION
The present invention relates to a method of enciphering messages transmitted between networks interconnected via highways using a specified network protocol, in particular and for example the Internet protocol (IP), a device for communicating enciphered data between at least two items of equipment belonging to two different networks interconnected via highways using the specified network protocol, and an enciphering apparatus implementing the aforesaid method.
SUMMARY OF THE INVENTION
The term highway is to be understood as meaning a network or intermediate medium enabling the messages to be carried.
A protocol is a set of conventions or rules which define in particular the format, the sequences, the algorithm for detecting errors of transmission of the transferred data, etc.
A network protocol corresponds to a level 3 network layer of the OSI layered architecture (X200 Standard) proposed by the ISO (International Standardisation Organisation). The role of the network layer is to provide the procedures and functional mechanism required for exchanging the information given by the OSI transport layer. The data packets are routed in the form of messages comprising "headers" affixed to the data and consisting of several segments indicating in particular the address of the sender and of the receiver.
The present invention has a preferred application of protecting access to the servers of remote computer networks.
Devices allowing the enciphering of data transferred serially over a low-speed line, for example according to the CCITT V24 recommendation (two-wire RS 232 serial link), are already known. Such devices provide for encipherment of the transmitted data messages and their headers, without concern for a protocol. This type of device, developed in particular in the area of banking, also operates with microprocessor cards.
It has disadvantages. Indeed it is of limited scope and does not allow, in particular, interconnection and communication of data between two networks in complete security, via unmonitored highways.
The present invention provides a method of enciphering messages transmitted between interconnected networks, an apparatus and a device implementing such a method responding to the requirements of practice better than those previously known, in particular in that it enables data to be transferred between items of equipment connected to these networks, in an enciphered manner and in complete security, while implementing a simple method easily adaptable to existing protocols and equipment.
For this purpose, the invention is a method of enciphering messages transmitted between networks interconnected via highways using a specified network protocol, characterised in that the messages are enciphered while keeping the "header" part of the message plain (not enciphered) allowing its routing via the highways.
Such enciphering makes it possible to provide for the transfer of data while protecting confidentiality, over the network parts or highways considered insecure and situated between the relevant networks.
Advantageously, the network protocol being used is the Internet protocol (IP). The enciphering method has the messages enciphered while keeping the IP headers plain (not enciphered) and enciphering at the same time as the data at least a portion of the headers corresponding to the TCP or UDP transport protocols being used.
The IP protocol is a sub-layer of the network layer (layer 3) of the OSI layered architecture. The Internet layer converts any network service into a data transmission and thus standardises the networks with respect to the transport layer (layer 4 of the ISO architecture).
The TCP and UDP protocols are transport layer protocols, TCP (Transmission Control Protocol) provides a so-called virtual circuit surface and uses an acknowledgement system for error checking; and UDP (User Datagram Protocol) provides a medium for transactional protocols not requiring the same checks as TCP.
In a preferred embodiment, the cryptosystem used for enciphering the mes
REFERENCES:
patent: 4203166 (1980-05-01), Ehrsam et al.
patent: 4227253 (1980-10-01), Ehrsam et al.
patent: 5070528 (1991-12-01), Hawe et al.
patent: 5309437 (1994-05-01), Perlman et al.
Bellovin, S. M.: "Security Problems in the TCP/IP Protocol Suite", Computer Communication Review, vol. 19, No. 2, pp. 32-48, Apr. 1989.
Konigs, H.-P.: "Cryptographic Identification Methods for Smart Cards in the Process of Standardization", IEEE Communications Magazine, vol. 29, No. 6, pp. 42-48, Jun. 1991.
Computer Communication Review, vol. 19, No. 2, Apr. 1989, New York US, pp. 32-48, by S. M. Bellovin, entitled "Security Problems in the TCP/IP Protocol Suite".
"Security for Computer Networks", by D. W. Davies et al, 1989, J. Wiley, New York, U.S., appearing in "Wiley Series in Communication and Distributed Systems".
Philips TDS Review, vol. 47, No. 3, Sep. 1989, Hilversum, Netherlands, pp. 1-19, by R. C. Ferreira, entitled "The Smart Card: A High Security Tool in EDP".
Dherbecourt Yves M. J.
Herodin Jean-Marc
Vidrascu Andrei
Electricite de France (Service National
Gregory Bernarr E.
LandOfFree
Method, apparatus and device for enciphering messages transmitte does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method, apparatus and device for enciphering messages transmitte, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method, apparatus and device for enciphering messages transmitte will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-430639