-
公开(公告)号:US08650404B2
公开(公告)日:2014-02-11
申请号:US13406610
申请日:2012-02-28
IPC分类号: H04L29/00
CPC分类号: H04L63/123 , H04L9/0822 , H04L9/0891 , H04L9/3242 , H04L9/3247 , H04L2209/80 , H04W12/10
摘要: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.
摘要翻译: 本文提供了一种在安全通信系统内验证密钥管理消息的方法和装置。 在操作期间,利用了一个用于项目25密钥管理消息(KMM)的消息认证的数字签名。 特别地,在不存在消息认证码(MAC)的情况下,数字签名将用于认证KMM。 当可用时,MAC将用于认证KMM。 由于KMM的认证发生,即使没有MAC可用,变得越来越难以篡改或欺骗加密密钥的传送。
-
公开(公告)号:US20130236014A1
公开(公告)日:2013-09-12
申请号:US13416468
申请日:2012-03-09
CPC分类号: H04L9/0822 , H04L9/0825 , H04L63/0442 , H04L2463/062 , H04W12/02 , H04W12/04 , H04W84/08
摘要: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.
摘要翻译: 本发明提供一种用于在安全通信系统中发送加密密钥的方法和装置。 在设备的密钥更新期间,当KEK可用于设备时,利用密钥加密密钥(KEK)来包裹(加密)流量加密密钥(TEK)。 如果不可用,TEK将使用公钥加密与收件人设备的公钥进行包装。 接收设备将能够使用其自己的私钥使用公钥解密来解开TEK。 由于TEK始终以安全的方式传输,因此可能会发生外部网络上设备的安全高效的密钥密钥。
-
3.发明授权Method for key identification using an internet security association and key management based protocol 有权使用互联网安全关联和基于密钥管理的协议进行密钥识别的方法公开(公告)号:US08448235B2
公开(公告)日:2013-05-21
申请号:US13173020
申请日:2011-06-30
IPC分类号: G06F9/00
CPC分类号: H04L9/0838 , H04L63/061 , H04L63/164
摘要: An initiating device: generates a message having an ISAKMP-based header that includes a security parameter index (SPI) field; identifies a key in the SPI field of the ISKMP-based header; and sends the message to a responding device. The responding device: receives the message; extracts the key identifier; and when a shared key is selected using the key identifier, uses the selected shared key to establish, with the initiating device, a session having a secure tunnel.
摘要翻译: 发起设备:生成具有基于ISAKMP的报头的消息,该报头包括安全参数索引(SPI)字段; 识别基于ISKMP的头部的SPI字段中的键; 并将消息发送到响应设备。 响应设备:接收消息; 提取密钥标识符; 并且当使用密钥标识符选择共享密钥时,使用所选择的共享密钥与发起设备建立具有安全隧道的会话。
-
4.发明授权Method for a communication device to operate with multiple key management facilities 有权用于通信设备与多个密钥管理设备操作的方法公开(公告)号:US08948396B2
公开(公告)日:2015-02-03
申请号:US13008251
申请日:2011-01-18
CPC分类号: H04L9/088 , H04L9/083 , H04L9/16 , H04L63/062 , H04L2209/80 , H04W12/04
摘要: A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF.
摘要翻译: 一种使用KMF进行操作的方法包括具有存储装置的通信装置:接收用于通信装置的主要KMF的指定,其中在任何给定的时间实例中仅为通信装置指定一个主要的KMF; 接收通信设备的次级KMF的指定; 在所述存储器设备内存储第一组密码组和第二组加密组,其中每组密码组内的每个密码组包括至少一个密钥组,其中每组密码组在存储器设备内仅与一个密钥组相关联 KMF标识符 在所述存储设备内将所述第一组密码组与所述主KMF的标识符相关联; 以及在所述存储器装置内将所述第二组密码组关联到所述次级KMF的标识符。
-
公开(公告)号:US08509448B2
公开(公告)日:2013-08-13
申请号:US12511731
申请日:2009-07-29
申请人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
发明人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
IPC分类号: G06F21/00
CPC分类号: H04L63/061 , G06F21/57 , G06F21/602 , G06F21/606 , H04L9/0822 , H04L9/0825 , H04L63/0428 , H04L2209/80 , H04L2463/062 , H04W12/04
摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.
摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。
-
6.发明申请公开(公告)号:US20120170743A1
公开(公告)日:2012-07-05
申请号:US12983067
申请日:2010-12-31
IPC分类号: H04L9/00
CPC分类号: H04W12/04 , H04L63/045 , H04L63/061 , H04L63/0807 , H04L63/0823 , H04W12/06
摘要: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.
摘要翻译: 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处,使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个,并分配业务信道。 此外,响应于该请求,控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。
-
公开(公告)号:US20100165839A1
公开(公告)日:2010-07-01
申请号:US12345160
申请日:2008-12-29
申请人: THOMAS J. SENESE , MICHAEL W. BRIGHT , DIPENDRA M. CHOWDHARY , CHRIS A. KRUEGEL , LARRY MURRILL , TIMOTHY G. WOODWARD
发明人: THOMAS J. SENESE , MICHAEL W. BRIGHT , DIPENDRA M. CHOWDHARY , CHRIS A. KRUEGEL , LARRY MURRILL , TIMOTHY G. WOODWARD
IPC分类号: H04L12/26
CPC分类号: H04W28/06 , H04L43/106 , H04L43/16 , H04L63/0272 , H04L63/164 , H04L67/2842 , H04L69/28
摘要: A method for managing a packet in a communication system between two or more endpoints, a sender and one or more recipients, comprises receiving a first packet comprising a source identifier that uniquely identifies a sender of the first packet and a current source time assigned to the first packet by the sender, determining a received time for the first packet, retrieving a cached source time assigned by the sender to a second packet that was received prior to receiving the first packet, and determining whether to discard or process the first packet based on the current source time, the received time, and the cached source time. The current source time, the received time, and the cached time, in addition to predetermined parameters such as a maximum age and an anti-replay window allows a recipient to determine whether to process or discard a packet.
摘要翻译: 一种用于管理两个或多个端点之间的通信系统中的分组的方法,发送方和一个或多个接收者,包括:接收第一分组,其包括唯一地标识所述第一分组的发送者的源标识符和分配给所述第一分组的当前源时间 由发送方确定第一分组,确定接收到的第一分组的时间,将发送方分配的高速缓存的源时间检索到在接收第一分组之前接收的第二分组,以及基于是否丢弃或处理第一分组 当前源时间,接收时间和缓存的源时间。 除了诸如最大年龄和反重播窗口的预定参数之外,当前源时间,接收时间和缓存时间允许接收者确定是处理还是丢弃分组。
-
公开(公告)号:US20130227294A1
公开(公告)日:2013-08-29
申请号:US13406610
申请日:2012-02-28
IPC分类号: H04L9/32
CPC分类号: H04L63/123 , H04L9/0822 , H04L9/0891 , H04L9/3242 , H04L9/3247 , H04L2209/80 , H04W12/10
摘要: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.
摘要翻译: 本文提供了一种在安全通信系统内验证密钥管理消息的方法和装置。 在操作期间,利用了一个用于项目25密钥管理消息(KMM)的消息认证的数字签名。 特别地,在不存在消息认证码(MAC)的情况下,数字签名将用于认证KMM。 当可用时,MAC将用于认证KMM。 由于KMM的认证发生,即使没有MAC可用,变得越来越难以篡改或欺骗加密密钥的传送。
-
公开(公告)号:US09143321B2
公开(公告)日:2015-09-22
申请号:US13416468
申请日:2012-03-09
CPC分类号: H04L9/0822 , H04L9/0825 , H04L63/0442 , H04L2463/062 , H04W12/02 , H04W12/04 , H04W84/08
摘要: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.
摘要翻译: 本发明提供一种用于在安全通信系统中发送加密密钥的方法和装置。 在设备的密钥更新期间,当KEK可用于设备时,利用密钥加密密钥(KEK)来包裹(加密)流量加密密钥(TEK)。 如果不可用,TEK将使用公钥加密与收件人设备的公钥进行包装。 接收设备将能够使用其自己的私钥使用公钥解密来解开TEK。 由于TEK始终以安全的方式传输,因此可能会发生外部网络上设备的安全高效的密钥密钥。
-
10.发明申请公开(公告)号:US20120036567A1
公开(公告)日:2012-02-09
申请号:US13174324
申请日:2011-06-30
IPC分类号: G06F21/20
CPC分类号: H04L9/0838 , H04L63/061 , H04L63/164
摘要: A security gateway and an initiating device perform methods for establishing a security session. The methods includes the security gateway: receiving a first message from an initiating device, the first message including a first message authentication code; validating the first message using the message authentication code; and responsive to the validating, sending a second message to the initiating device, the second message including a timestamp and further including a second message authentication code for authenticating of the timestamp by the initiating device, wherein the first and second messages are used to establish the security session, and the authenticated timestamp is used for subsequent replay protection of messages between the security gateway and the initiating device. The method further includes the security gateway validating a dynamically assigned IP address for the initiating device to use in authorizing VPN traffic between the two devices.
摘要翻译: 安全网关和启动设备执行用于建立安全会话的方法。 所述方法包括所述安全网关:从发起设备接收第一消息,所述第一消息包括第一消息认证码; 使用消息认证码验证第一个消息; 并且响应于验证,向所述发起设备发送第二消息,所述第二消息包括时间戳,并且还包括用于由所述发起设备认证所述时间戳的第二消息认证码,其中所述第一和第二消息用于建立 安全会话和经过身份验证的时间戳用于安全网关和启动设备之间的消息的后续重放保护。 该方法还包括安全网关验证动态分配的IP地址以用于发起设备用于授权两个设备之间的VPN流量。
-
-
-
-
-
-
-
-
-
搜索结果
21 条记录 (耗时 0.014 秒)
