Cryptography – Key management – Key distribution
Reexamination Certificate
1998-04-23
2002-11-12
Hayes, Gail (Department: 2131)
Cryptography
Key management
Key distribution
C380S033000, C713S153000
Reexamination Certificate
active
06480608
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to the updating of encryption keys within an Asynchronous Transfer Mode (ATM) system using for example ATM Virtual paths or Virtual circuits which allows very simple ways to update and manage encryption keys without the usual problem of synchronizing changes between transmitters and receivers of information.
If data is being encrypted, transmitted across a system and then decrypted at the other side as in
FIG. 1
, this is straightforward if the encryption keys are constant. However, for a system that has to operate for some time there will be a desire to change the key from time to time. In prior art systems this has been done by transmitting the new key across the system, pre-loading the second key at the destination and giving some changeover signal. Then the receiver has to be able to hold two keys and to change over between them very fast, in a carefully controlled manner, without losing data. Synchronizing the changeover between the two ends is the real problem.
Document entitled “Design of a Key Agile Cryptographic System for OC-12c Rate ATM”, by Stevenson, et al., Proceedings of the Symposium of Network and Distributed System Security, San Diego, USA, February 1995, pages 17-30 describes an experimental key agile cryptographic system under design at MCNC. The system is compatible with ATM local- and wide-area networks. The system establishes and manages secure connections between hosts in a manner which is transparent to the end users and compatible with existing public network standards.
A Cryptographic Unit supports hardware encryption and decryption at the ATM protocol layer. The system is SONET compatible and operates full duplex at the 0C-12c rate (622 Mbps). Separate encryption keys are negotiated for each secure connection. Each Crytographic Unit can manage more than 65,000 active secure connections. The Cryptographic Unit can be connected either in a security gateway mode referred to as a ‘bump-in-the-fibre’ or as a direct ATM host interface. Authentication and access control are implemented through a certificate-based system.
SUMMARY OF THE INVENTION
According to the present invention there is provided in an Asynchronous Transfer Mode (ATM) telecommunications network having a plurality of virtual paths, a method of updating an encryption key used for data transmitted between a source and a receiver, the data being transmitted initially using a first encryption key, by a first of the plurality of virtual paths and a connection being established by a second of the plurality of virtual paths, by which connection a second encryption key is sent from the source to the receiver and subsequently the data being transmitted using the second encryption key by the second of the plurality of virtual paths.
There is further provided, in an Asynchronous Transfer Mode (ATM) telecommunications network having a plurality of virtual circuits, a method of updating an encryption key used for data transmitted between a source and a receiver, the data being transmitted initially using a first encryption key, by a first of the plurality of virtual circuits and a connection being established by a second of the plurality of virtual circuits, by which connection a second encryption key is sent from the source to the receiver and subsequently the data being transmitted using the second encryption key by the second of the plurality of virtual circuits.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1
shows a prior art method of encryption; and
FIG. 2
illustrates the sequence of operations followed in the method of the present invention.
REFERENCES:
patent: 4965804 (1990-10-01), Trbovich et al.
patent: 5016243 (1991-05-01), Fite, Jr.
patent: 5239537 (1993-08-01), Sakauchi
patent: 5412376 (1995-05-01), Chujo et al.
patent: 5455826 (1995-10-01), Özveren et al.
patent: 5781528 (1998-07-01), Sato et al.
patent: 5805705 (1998-09-01), Gray et al.
patent: 5920627 (1999-07-01), Mionet et al.
patent: 197 26 003 (1998-12-01), None
patent: 0 660 570 (1995-06-01), None
Cheng, K. and F. Lin. “On the Joint Virtual Path Assignment and Virtual Circuit Routing Problem in ATM Networks.” IEEE. 1994. See p. 777.*
Secure Communications in ATM Networks,Daniel Stevenson, Nathan Hillery and Greg Byrd, Feb. 1995, vol. 38, No. 2, Communications of the ACM, pp. 49-52.
Design of a Key Agile Cryptographic system for OC-12c Rate ATM,Daniel Stevenson, Nathan Hillery, Greg Byrd, Fengmin Gong and Dan Winkelstein, 1995 IEEE, pp. 17-30.
DiLorenzo Anthony
Kirschstein et al.
Marconi Communications Limited
LandOfFree
Method for exchanging cryptographic keys in an ATM network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for exchanging cryptographic keys in an ATM network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for exchanging cryptographic keys in an ATM network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2922890