-
公开(公告)号:US07613925B2
公开(公告)日:2009-11-03
申请号:US10340370
申请日:2003-01-10
IPC分类号: G06F7/04
CPC分类号: H04L63/126 , H04L9/0643 , H04L9/3242
摘要: A transmitting device (100) generates a message (102). The message has a message length (104) and comprises message data (106). A key input (108) is identified, and a message authentication key (112) is derived based on the key input and the message length. Based on the message authentication key and the message data, a message authentication code (118) is derived, which is used to authenticate the message.
摘要翻译: 发送设备(100)生成消息(102)。 消息具有消息长度(104)并且包括消息数据(106)。 识别密钥输入(108),并且基于密钥输入和消息长度导出消息认证密钥(112)。 基于消息认证密钥和消息数据,导出消息认证码(118),用于认证消息。
-
公开(公告)号:US5247576A
公开(公告)日:1993-09-21
申请号:US661792
申请日:1991-02-27
申请人: Michael W. Bright
发明人: Michael W. Bright
IPC分类号: H04L9/08
CPC分类号: H04L9/0833 , H04L9/16 , H04L2209/80
摘要: In a communication system that includes a plurality of communication units, a communication resource allocator, and a limited number of transceivers that transceive information amongst the plurality of communication units via a limited number of communication resources, at least some of the information is transceived utilizing encryption means. To enhance the security of the communication system multiple keys are employed wherein a first communication unit transmits information identifying a particular key of the plurality of keys. Upon receiving the identifying information, at least a second communication unit looks up the particular key that is represented by the identifying information. Once the key is determined, it is loaded into a cryptographic circuit of the second communication unit enabling the second communication unit to receive encrypted messages from the first communication unit.
摘要翻译: 在包括多个通信单元,通信资源分配器和有限数量的收发器的通信系统中,其通过有限数量的通信资源来收发多个通信单元中的信息,至少一些信息利用加密来收发 手段。 为了增强通信系统的安全性,使用多个密钥,其中第一通信单元发送标识多个密钥的特定密钥的信息。 在接收到识别信息时,至少第二通信单元查找由识别信息表示的特定密钥。 一旦确定了密钥,就将其加载到第二通信单元的加密电路中,使得第二通信单元能够从第一通信单元接收加密的消息。
-
公开(公告)号:US5164986A
公开(公告)日:1992-11-17
申请号:US662582
申请日:1991-02-27
申请人: Michael W. Bright
发明人: Michael W. Bright
CPC分类号: H04L9/12 , H04L9/0891 , H04L9/32 , H04L2209/34 , H04L2209/80
摘要: Formation and sending of rekeying messages (305, 415, 515, and 605) in an encrypted communication system with over-the-channel rekeying of communication units is performed by a KMC, key management controller (101). The KMC (101) forms messages to provide new keys (1541), zeroization information (1549), and key indexing information (1543) to communication units (107), and to provide keyloader upload data (1563). Acknowledgments and rekey requests are also handled between the KMC (101) and communication units (107).
摘要翻译: 密钥管理控制器(101)由KMC,密钥管理控制器(101)执行在具有通信单元的通道重新密钥的加密通信系统中的密钥消息(305,415,515和605)的形成和发送。 KMC(101)形成消息以向通信单元(107)提供新密钥(1541),归零信息(1549)和密钥索引信息(1543),并提供密钥加载器上载数据(1563)。 KMC(101)和通信单元(107)之间也可以处理致谢和重新密钥请求。
-
公开(公告)号:US4754457A
公开(公告)日:1988-06-28
申请号:US903326
申请日:1986-09-03
申请人: Michael W. Bright , Alan L. Wilson
发明人: Michael W. Bright , Alan L. Wilson
CPC分类号: H04L25/061 , H04L7/042 , H04L7/043
摘要: The transmitter in a digital communication system sends a synchronization sequence that uniquely identifies the polarity of the received data. From the received data, the receiver produces non-inverted and inverted polarity data streams that couple to like synchronization detectors. Only the detector to which the correct polarity data stream is coupled responds. Logic circuitry determines which detector responds and, accordingly, selects the polarity of received data to be further processed by the receiver.After polarity is established, both detectors monitor the received data stream of the selected polarity to determine whether synchronization shifts after having been initially established. Monitoring continues until terminated by other receiver circuits.
摘要翻译: 数字通信系统中的发射机发送唯一标识接收数据的极性的同步序列。 从接收到的数据中,接收器产生耦合到相似同步检测器的非反相和反相极性数据流。 只有正确极性数据流耦合到的检测器才能响应。 逻辑电路确定哪个检测器作出响应,并因此选择要由接收机进一步处理的接收数据的极性。 在极性建立之后,两个检测器都监视所选极性的接收数据流,以确定在初始建立之后是否同步移位。 监控继续,直到其他接收机电路终止。
-
15.发明授权公开(公告)号:US08059817B2
公开(公告)日:2011-11-15
申请号:US11765085
申请日:2007-06-19
申请人: Chris A. Kruegel , Michael W. Bright , Dipendra M. Chowdhary , Thomas J. Senese , Timothy G. Woodward , Larry Murrill
发明人: Chris A. Kruegel , Michael W. Bright , Dipendra M. Chowdhary , Thomas J. Senese , Timothy G. Woodward , Larry Murrill
CPC分类号: H04L63/0428 , H04L9/083 , H04L9/0894 , H04L63/0485 , H04L63/062 , H04L63/164 , H04L2209/80 , H04L2463/061
摘要: Disclosed is a method for encrypted communications. A first IPsec endpoint selects a security association (SA) from a security association database (SAD) by using a selector and then extracts an indexing parameter from SA. The indexing parameter is used to determine an active key location from a key storage database (KSD). Data packets are then encrypted using a key from the active key location. The first IPsec endpoint also forms a security parameter index (SPI) in a header of the data packet by using a keyID from the active key location and transmits the encrypted data packet with the header indicating the SPI to a second IPsec endpoint.
摘要翻译: 公开了一种用于加密通信的方法。 第一个IPsec端点通过使用选择器从安全关联数据库(SAD)中选择安全关联(SA),然后从SA提取索引参数。 索引参数用于从密钥存储数据库(KSD)确定活动密钥位置。 然后使用活动密钥位置的密钥对数据包进行加密。 第一IPsec端点还通过使用来自活动密钥位置的密钥ID在数据包的报头中形成安全参数索引(SPI),并将具有指示SPI的标题的加密数据包发送到第二IPsec端点。
-
公开(公告)号:US20110026714A1
公开(公告)日:2011-02-03
申请号:US12511731
申请日:2009-07-29
申请人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
发明人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
CPC分类号: H04L63/061 , G06F21/57 , G06F21/602 , G06F21/606 , H04L9/0822 , H04L9/0825 , H04L63/0428 , H04L2209/80 , H04L2463/062 , H04W12/04
摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.
摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。
-
公开(公告)号:US5729559A
公开(公告)日:1998-03-17
申请号:US411243
申请日:1995-03-27
申请人: Michael W. Bright , Eric F. Ziolko
发明人: Michael W. Bright , Eric F. Ziolko
摘要: An apparatus for and method of correcting errors in a received signal comprised of a rate-one orthogonal convolutional code generated by an LFSR involved feeding (403) a received signal into a multiple-stage shift register (201). Estimates of one of the stages of the shift register are performed by estimators (203, 205, 207, 209, 211, 213, and 215) and are based on the outputs of several of the other stages of the shift register (201). These estimates are combined on a bit-by-bit basis to provide a corrected received signal, which is used as the output of the shift register (201).
摘要翻译: 一种用于校正由LFSR生成的速率一正交卷积码的接收信号中的误差的装置和方法,包括将接收的信号馈送(403)到多级移位寄存器(201)中。 估计器(203,205,207,209,211,213和215)执行移位寄存器的一个级的估计,并且基于移位寄存器(201)的其他几个级的输出。 这些估计被逐位地组合以提供用作移位寄存器(201)的输出的校正接收信号。
-
公开(公告)号:US5694473A
公开(公告)日:1997-12-02
申请号:US650071
申请日:1996-05-17
CPC分类号: H04L9/0637 , H04L9/12 , H04L1/1809
摘要: A method of decrypting retransmitted parts of a message includes receiving (201) a message comprising encryption synchronization and a plurality of encrypted blocks. Until a first block of the plurality of encrypted blocks is received with error, a first keystream is generated (205) from the encryption synchronization and at least one of the plurality of encrypted blocks, and, using the first keystream, the plurality of encrypted blocks, received without error before the first block of the plurality of encrypted blocks is received with error, is decrypted (207). A priming block is determined (211) from the message. When the first block of the plurality of encrypted blocks is received with error, a second message is transmitted (219) requesting a retransmission of the first block. Upon receiving the retransmission of the first block without error, a second keystream is generated (223) from the priming block and the retransmission of the first block and decrypting the retransmission of the first block is decrypted (225) using the second keystream.
摘要翻译: 解密消息的重传部分的方法包括接收(201)包括加密同步和多个加密块的消息。 在错误地接收到多个加密块的第一块之前,从加密同步和多个加密块中的至少一个生成第一密钥流(205),并且使用第一密钥流来生成多个加密块 在多个加密块的第一块被错误地接收之前没有错误地接收到,被解密(207)。 从消息确定启动块(211)。 当多个加密块的第一块被错误地接收时,发送第二消息(219)请求重发第一块。 在没有错误地接收到第一块的重传时,从启动块生成第二密钥流(223),并且使用第二密钥流解密第一块的重传并解密第一块的重传。
-
公开(公告)号:US5404403A
公开(公告)日:1995-04-04
申请号:US942864
申请日:1991-11-12
CPC分类号: H04L9/083 , H04L9/0891 , H04L2209/80
摘要: A key management system for encryption keys removes the effect of secure communications loss during a rekey period in a secure communications system. Use of key indexes to partition encryption keys into usable subgroups such that during a rekey period, continuous secure communications are maintained throughout the entire secure communications system.
摘要翻译: 用于加密密钥的密钥管理系统消除了在安全通信系统中的重新密钥期间的安全通信丢失的影响。 使用关键索引将加密密钥分成可用的子组,使得在重新密钥期间,在整个安全通信系统中保持连续的安全通信。
-
公开(公告)号:US5185795A
公开(公告)日:1993-02-09
申请号:US661921
申请日:1991-02-27
申请人: Michael W. Bright
发明人: Michael W. Bright
CPC分类号: H04L1/1854 , H04L1/1607 , H04L9/0891 , H04L9/12 , H04L9/32
摘要: A method of message authentication in an encrypted communication system with over-the-channel rekeying features the ability of a communication unit (107) to authenticate (1709) a rekeying message (701) from a key management controller (101) using a message number (1517A) comparison, thereby preventing outside interference from unauthorized rekeying message transmissions.
摘要翻译: 在具有通道重新密钥的加密通信系统中的消息认证方法特征在于通信单元(107)使用消息号码(101)从密钥管理控制器(101)认证(1709)密钥消息(701)的能力 (1517A)比较,从而防止来自未经授权的密钥消息传输的外部干扰。
-
-
-
-
-
-
-
-
-
搜索结果
25 条记录 (耗时 0.024 秒)
