Method for validating encrypted communications via selection and comparison of source transmitter and destination receiver associated encryption keys
    1.
    发明授权
    Method for validating encrypted communications via selection and comparison of source transmitter and destination receiver associated encryption keys 有权
    用于通过源发射机和目的地接收机相关联的加密密钥的选择和比较来验证加密通信的方法

    公开(公告)号:US08422680B2

    公开(公告)日:2013-04-16

    申请号:US12030441

    申请日:2008-02-13

    IPC分类号: H04K1/02 H04L9/00 G06F12/14

    摘要: A first communication unit receives an encrypted transmission from a second communication unit. The encrypted transmission was encrypted by the second communication unit using a first encryption key. The first communication unit compares the first encryption key to an encryption key associated with the first communication unit. If the first encryption key matches the encryption key associated with the first communication unit, the first communication unit processes the encrypted transmission further. If the first encryption key does not match the encryption key associated with the first communication unit, the first communication unit compares the first encryption key to an encryption key associated with the second communication unit. If the first encryption key matches the encryption key associated with the second communication unit, the first communication unit processes the encrypted transmission further; otherwise, the first communication unit does not process the encrypted transmission further.

    摘要翻译: 第一通信单元从第二通信单元接收加密的传输。 加密的传输由第二通信单元使用第一加密密钥加密。 第一通信单元将第一加密密钥与与第一通信单元相关联的加密密钥进行比较。 如果第一加密密钥与第一通信单元相关联的加密密钥匹配,则第一通信单元进一步处理加密的传输。 如果第一加密密钥与与第一通信单元相关联的加密密钥不匹配,则第一通信单元将第一加密密钥与与第二通信单元相关联的加密密钥进行比较。 如果第一加密密钥与第二通信单元相关联的加密密钥匹配,则第一通信单元进一步处理加密的传输; 否则,第一通信单元不进一步处理加密的传输。

    METHOD AND APPARATUS FOR PROVIDING APPLICATION SERVICE BETWEEN A FIRST PROTOCOL AND A SECOND PROTOCOL
    2.
    发明申请
    METHOD AND APPARATUS FOR PROVIDING APPLICATION SERVICE BETWEEN A FIRST PROTOCOL AND A SECOND PROTOCOL 有权
    “第一个协议”和“第二个协议”之间提供应用程序服务的方法和装置

    公开(公告)号:US20110075614A1

    公开(公告)日:2011-03-31

    申请号:US12570835

    申请日:2009-09-30

    IPC分类号: H04W80/00 H04W84/00 H04J3/24

    摘要: Application service is provided for a subscriber unit (SU), employing a first protocol, in a communication network employing a second protocol. The method includes receiving a CAI OTAR message from the SU. The CAI OTAR message includes at least a key management message (KMM) and a CAI header of the SU. The method then includes determining that the first protocol employed by the SU is different from the second protocol associated with the communication network based on the received CAI OTAR message. The method further includes creating a key management message (KMM) preamble, associated with the second protocol, based on at least one of the CAI header and configuration information of the SU, and creating a data link independent (DLI) OTAR message associated with the second protocol. The DLI OTAR message includes the received KMM. The method finally includes encapsulating the DLI OTAR message with the created KMM preamble, and sending the encapsulated DLI OTAR message to a key management facility (KMF) unit operating at a second protocol.

    摘要翻译: 在采用第二协议的通信网络中,为采用第一协议的用户单元(SU)提供应用服务。 该方法包括从SU接收CAI OTAR消息。 CAI OTAR消息至少包括SU的密钥管理消息(KMM)和CAI头。 该方法然后包括基于所接收的CAI OTAR消息来确定SU使用的第一协议不同于与通信网络相关联的第二协议。 所述方法还包括:基于所述SU的CAI头部和配置信息中的至少一个,创建与所述第二协议相关联的密钥管理消息(KMM)前同步码,以及创建与所述第二协议相关联的数据链路无关(DLI)OTAR消息 第二个协议。 DLI OTAR消息包括接收到的KMM。 该方法最终包括用所创建的KMM前导码封装DLI OTAR消息,并将封装的DLI OTAR消息发送到以第二协议操作的密钥管理设备(KMF)单元。

    Method for a communication device to operate with multiple key management facilities
    3.
    发明授权
    Method for a communication device to operate with multiple key management facilities 有权
    用于通信设备与多个密钥管理设备操作的方法

    公开(公告)号:US08948396B2

    公开(公告)日:2015-02-03

    申请号:US13008251

    申请日:2011-01-18

    摘要: A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF.

    摘要翻译: 一种使用KMF进行操作的方法包括具有存储装置的通信装置:接收用于通信装置的主要KMF的指定,其中在任何给定的时间实例中仅为通信装置指定一个主要的KMF; 接收通信设备的次级KMF的指定; 在所述存储器设备内存储第一组密码组和第二组加密组,其中每组密码组内的每个密码组包括至少一个密钥组,其中每组密码组在存储器设备内仅与一个密钥组相关联 KMF标识符 在所述存储设备内将所述第一组密码组与所述主KMF的标识符相关联; 以及在所述存储器装置内将所述第二组密码组关联到所述次级KMF的标识符。

    Method and apparatus for providing application service between a first protocol and a second protocol
    4.
    发明授权
    Method and apparatus for providing application service between a first protocol and a second protocol 有权
    用于在第一协议和第二协议之间提供应用服务的方法和装置

    公开(公告)号:US08861482B2

    公开(公告)日:2014-10-14

    申请号:US12570835

    申请日:2009-09-30

    摘要: Application service is provided for a subscriber unit (SU), employing a first protocol, in a communication network employing a second protocol. The method includes receiving a CAI OTAR message from the SU. The CAI OTAR message includes at least a key management message (KMM) and a CAI header of the SU. The method then includes determining that the first protocol employed by the SU is different from the second protocol associated with the communication network based on the received CAI OTAR message. The method further includes creating a key management message (KMM) preamble, associated with the second protocol, based on at least one of the CAI header and configuration information of the SU, and creating a data link independent (DLI) OTAR message associated with the second protocol. The DLI OTAR message includes the received KMM. The method finally includes encapsulating the DLI OTAR message with the created KMM preamble, and sending the encapsulated DLI OTAR message to a key management facility (KMF) unit operating at a second protocol.

    摘要翻译: 在采用第二协议的通信网络中,为采用第一协议的用户单元(SU)提供应用服务。 该方法包括从SU接收CAI OTAR消息。 CAI OTAR消息至少包括SU的密钥管理消息(KMM)和CAI头。 该方法然后包括基于所接收的CAI OTAR消息来确定SU使用的第一协议不同于与通信网络相关联的第二协议。 所述方法还包括基于所述SU的所述CAI头部和配置信息中的至少一个,创建与所述第二协议相关联的密钥管理消息(KMM)前导码,以及创建与所述第二协议相关联的数据链路无关(DLI)OTAR消息 第二个协议。 DLI OTAR消息包括接收到的KMM。 该方法最终包括用所创建的KMM前导码封装DLI OTAR消息,并将封装的DLI OTAR消息发送到以第二协议操作的密钥管理设备(KMF)单元。

    Methods and device for secure transfer of symmetric encryption keys
    5.
    发明授权
    Methods and device for secure transfer of symmetric encryption keys 有权
    用于安全传输对称加密密钥的方法和设备

    公开(公告)号:US08509448B2

    公开(公告)日:2013-08-13

    申请号:US12511731

    申请日:2009-07-29

    IPC分类号: G06F21/00

    摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

    摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

    Method and apparatus for authenticating a digital certificate status and authorization credentials
    7.
    发明授权
    Method and apparatus for authenticating a digital certificate status and authorization credentials 有权
    用于认证数字证书状态和授权凭证的方法和装置

    公开(公告)号:US09071964B2

    公开(公告)日:2015-06-30

    申请号:US13234640

    申请日:2011-09-16

    摘要: A radio is authenticated at the site and unique authentication information for the radio is stored at the site. A subsequent non-authentication message from the radio is received at the site and authentication information in the non-authentication message is identified. The unique authentication information stored at the site is compared with authentication information identified in the non-authentication message. If there is a match, the non-authentication message is authenticated with an authentication code included in the non-authentication message, wherein a predefined portion of the authentication code is obtained from at least one of a header portion or a data portion of the non-authentication message. Upon successfully completing authentication, the site repeats the non-authentication message towards destination radios indicated in non-authentication message.

    摘要翻译: 收音机在现场进行认证,无线电的唯一认证信息存储在现场。 在站点处接收到来自无线电的后续非认证消息,并且识别非认证消息中的认证信息。 将存储在站点的唯一认证信息与在非认证消息中识别的认证信息进行比较。 如果存在匹配,则使用包括在非验证消息中的认证码对非验证消息进行认证,其中从非标识符的头部部分或数据部分中的至少一个获得认证码的预定义部分, 认证信息。 在成功完成认证后,站点重复非认证消息到非认证消息中指示的目的无线电。

    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS
    9.
    发明申请
    METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS 有权
    用于安全转发对称加密密钥的方法和设备

    公开(公告)号:US20110026714A1

    公开(公告)日:2011-02-03

    申请号:US12511731

    申请日:2009-07-29

    IPC分类号: H04L9/08 H04L9/00

    摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

    摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。

    Managing multiple cryptographic periods in a single cryptographic group
    10.
    发明授权
    Managing multiple cryptographic periods in a single cryptographic group 有权
    在单个加密组中管理多个加密周期

    公开(公告)号:US07643636B2

    公开(公告)日:2010-01-05

    申请号:US10654075

    申请日:2003-09-03

    申请人: Chris A. Kruegel

    发明人: Chris A. Kruegel

    摘要: A plurality of storage location numbers (“SLNs”), each having a cryptographic period, is received at a first device (100). A system cryptographic period is determined based on the SLN cryptographic periods. Prior to expiration of each system cryptographic period, if at least one SLN requires an updated, the first device sends updated key material for the at least one SLN. A second device (102) maintains first, second, and third keysets, wherein the first and second keysets comprise key material. The second device receives a message to make the first keyset active, and a second message for updating at least a portion of the key material in the second keyset with updated key material for at least one SLN. The second device makes the third keyset equivalent to the second keyset, updates the second keyset with the updated key material, and receives a third message to make the second keyset active.

    摘要翻译: 在第一设备(100)处接收多个具有加密周期的存储位置号码(“SLN”)。 基于SLN密码周期来确定系统密码周期。 在每个系统加密周期期满之前,如果至少一个SLN需要更新,则第一设备发送用于至少一个SLN的更新密钥材料。 第二设备(102)维护第一,第二和第三键组,其中第一和第二键组包括键材料。 第二设备接收使第一密钥集有效的消息,以及第二消息,用于使用用于至少一个SLN的更新密钥材料来更新第二密钥集中的密钥材料的至少一部分。 第二设备使第三密钥组与第二密钥集相当,用更新的密钥资料更新第二密钥集,并接收第三个消息以使第二个密钥集有效。