-
公开(公告)号:US08509448B2
公开(公告)日:2013-08-13
申请号:US12511731
申请日:2009-07-29
申请人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
发明人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
IPC分类号: G06F21/00
CPC分类号: H04L63/061 , G06F21/57 , G06F21/602 , G06F21/606 , H04L9/0822 , H04L9/0825 , H04L63/0428 , H04L2209/80 , H04L2463/062 , H04W12/04
摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.
摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。
-
公开(公告)号:US20110026714A1
公开(公告)日:2011-02-03
申请号:US12511731
申请日:2009-07-29
申请人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
发明人: Shanthi E. Thomas , Michael W. Bright , Chris A. Kruegel , Anthony R. Metke , Scott J. Pappas , Thomas J. Senese
CPC分类号: H04L63/061 , G06F21/57 , G06F21/602 , G06F21/606 , H04L9/0822 , H04L9/0825 , H04L63/0428 , H04L2209/80 , H04L2463/062 , H04W12/04
摘要: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.
摘要翻译: 发送设备生成第一和第二KMM,其中第一KMM包括第一KEK和KMM加密密钥,并且第二KMM包括一组对称加密密钥。 所述发送装置使用所述第一KEK进一步加密所述一组对称加密密钥; 使用接收设备的第一公钥加密第一KEK和KMM加密密钥; 并且使用KMM加密密钥对第二KMM进行加密,以在将第一KMM和加密的第二KMM发送到接收设备之前生成加密的第二KMM。 接收设备使用对应于第一公钥的第一私钥对第一KEK和KMM加密密钥进行解密; 并使用KMM加密密钥解密加密的第二KMM以获得加密的对称密钥集。
-
3.发明授权公开(公告)号:US08724812B2
公开(公告)日:2014-05-13
申请号:US12983067
申请日:2010-12-31
IPC分类号: H04L9/08
CPC分类号: H04W12/04 , H04L63/045 , H04L63/061 , H04L63/0807 , H04L63/0823 , H04W12/06
摘要: Methods for establishing secure point-to-point communications in a trunked radio system include receiving, at a trunking controller, a request from a source endpoint for a traffic channel for confidential communications between the source endpoint and a destination endpoint using a shared unique first symmetric key. The trunking controller provides keying material related to the symmetric key over the secured control channel to at least one of the source or destination endpoints and assigns a traffic channel. Moreover, in response to the request, the controller assigns a traffic channel. The keying material enables the unique first symmetric key to be securely established between the source and destination endpoints.
摘要翻译: 用于在集群无线电系统中建立安全点对点通信的方法包括在中继控制器处,使用共享唯一的第一对称来在源端点和目的地端点之间接收来自源端点的业务信道的业务信道的请求 键。 中继控制器将与安全控制信道上的对称密钥相关的密钥材料提供给源端点或目的端点中的至少一个,并分配业务信道。 此外,响应于该请求,控制器分配业务信道。 密钥材料使得能够在源端点和目的端点之间安全地建立唯一的第一对称密钥。
-
公开(公告)号:US08059817B2
公开(公告)日:2011-11-15
申请号:US11765085
申请日:2007-06-19
申请人: Chris A. Kruegel , Michael W. Bright , Dipendra M. Chowdhary , Thomas J. Senese , Timothy G. Woodward , Larry Murrill
发明人: Chris A. Kruegel , Michael W. Bright , Dipendra M. Chowdhary , Thomas J. Senese , Timothy G. Woodward , Larry Murrill
CPC分类号: H04L63/0428 , H04L9/083 , H04L9/0894 , H04L63/0485 , H04L63/062 , H04L63/164 , H04L2209/80 , H04L2463/061
摘要: Disclosed is a method for encrypted communications. A first IPsec endpoint selects a security association (SA) from a security association database (SAD) by using a selector and then extracts an indexing parameter from SA. The indexing parameter is used to determine an active key location from a key storage database (KSD). Data packets are then encrypted using a key from the active key location. The first IPsec endpoint also forms a security parameter index (SPI) in a header of the data packet by using a keyID from the active key location and transmits the encrypted data packet with the header indicating the SPI to a second IPsec endpoint.
摘要翻译: 公开了一种用于加密通信的方法。 第一个IPsec端点通过使用选择器从安全关联数据库(SAD)中选择安全关联(SA),然后从SA提取索引参数。 索引参数用于从密钥存储数据库(KSD)确定活动密钥位置。 然后使用活动密钥位置的密钥对数据包进行加密。 第一IPsec端点还通过使用来自活动密钥位置的密钥ID在数据包的报头中形成安全参数索引(SPI),并将具有指示SPI的标题的加密数据包发送到第二IPsec端点。
-
5.发明授权Method for a communication device to operate with multiple key management facilities 有权用于通信设备与多个密钥管理设备操作的方法公开(公告)号:US08948396B2
公开(公告)日:2015-02-03
申请号:US13008251
申请日:2011-01-18
CPC分类号: H04L9/088 , H04L9/083 , H04L9/16 , H04L63/062 , H04L2209/80 , H04W12/04
摘要: A method for operating with KMFs includes a communication device having a memory device: receiving a designation of a primary KMF for the communication device, wherein only one primary KMF is designated for the communication device at any given time instance; receiving a designation of a secondary KMF for the communication device; storing, within the memory device, a first and a second set of crypto groups, wherein each crypto group within each set of crypto groups comprises at least one keyset, wherein each set of crypto groups is associated, within the memory device, to only one KMF identifier; associating, within the memory device, the first set of crypto groups to an identifier for the primary KMF; and associating, within the memory device, the second set of crypto groups to an identifier for the secondary KMF.
摘要翻译: 一种使用KMF进行操作的方法包括具有存储装置的通信装置:接收用于通信装置的主要KMF的指定,其中在任何给定的时间实例中仅为通信装置指定一个主要的KMF; 接收通信设备的次级KMF的指定; 在所述存储器设备内存储第一组密码组和第二组加密组,其中每组密码组内的每个密码组包括至少一个密钥组,其中每组密码组在存储器设备内仅与一个密钥组相关联 KMF标识符 在所述存储设备内将所述第一组密码组与所述主KMF的标识符相关联; 以及在所述存储器装置内将所述第二组密码组关联到所述次级KMF的标识符。
-
6.发明授权Method and apparatus for authenticating a digital certificate status and authorization credentials 有权用于认证数字证书状态和授权凭证的方法和装置公开(公告)号:US09071964B2
公开(公告)日:2015-06-30
申请号:US13234640
申请日:2011-09-16
CPC分类号: H04W12/06 , H04L63/0823 , H04L63/123 , H04W12/10 , H04W84/08
摘要: A radio is authenticated at the site and unique authentication information for the radio is stored at the site. A subsequent non-authentication message from the radio is received at the site and authentication information in the non-authentication message is identified. The unique authentication information stored at the site is compared with authentication information identified in the non-authentication message. If there is a match, the non-authentication message is authenticated with an authentication code included in the non-authentication message, wherein a predefined portion of the authentication code is obtained from at least one of a header portion or a data portion of the non-authentication message. Upon successfully completing authentication, the site repeats the non-authentication message towards destination radios indicated in non-authentication message.
摘要翻译: 收音机在现场进行认证,无线电的唯一认证信息存储在现场。 在站点处接收到来自无线电的后续非认证消息,并且识别非认证消息中的认证信息。 将存储在站点的唯一认证信息与在非认证消息中识别的认证信息进行比较。 如果存在匹配,则使用包括在非验证消息中的认证码对非验证消息进行认证,其中从非标识符的头部部分或数据部分中的至少一个获得认证码的预定义部分, 认证信息。 在成功完成认证后,站点重复非认证消息到非认证消息中指示的目的无线电。
-
公开(公告)号:US08650404B2
公开(公告)日:2014-02-11
申请号:US13406610
申请日:2012-02-28
IPC分类号: H04L29/00
CPC分类号: H04L63/123 , H04L9/0822 , H04L9/0891 , H04L9/3242 , H04L9/3247 , H04L2209/80 , H04W12/10
摘要: A method and apparatus for authenticating a key management message within a secure communication system is provided herein. During operation, a digital signature for message authentication of a Project 25 Key Management Message (KMM) is utilized. In particular, the digital signature will be used to authenticate the KMM in scenarios where there is no Message Authentication Code (MAC). The MAC will be utilized to authenticate the KMM when available. Because authentication of KMMs take place, even when no MAC is available, it becomes increasingly more difficult to tamper or spoof the delivery of encryption keys.
摘要翻译: 本文提供了一种在安全通信系统内验证密钥管理消息的方法和装置。 在操作期间,利用了一个用于项目25密钥管理消息(KMM)的消息认证的数字签名。 特别地,在不存在消息认证码(MAC)的情况下,数字签名将用于认证KMM。 当可用时,MAC将用于认证KMM。 由于KMM的认证发生,即使没有MAC可用,变得越来越难以篡改或欺骗加密密钥的传送。
-
8.发明授权Method for key identification using an internet security association and key management based protocol 有权使用互联网安全关联和基于密钥管理的协议进行密钥识别的方法公开(公告)号:US08448235B2
公开(公告)日:2013-05-21
申请号:US13173020
申请日:2011-06-30
IPC分类号: G06F9/00
CPC分类号: H04L9/0838 , H04L63/061 , H04L63/164
摘要: An initiating device: generates a message having an ISAKMP-based header that includes a security parameter index (SPI) field; identifies a key in the SPI field of the ISKMP-based header; and sends the message to a responding device. The responding device: receives the message; extracts the key identifier; and when a shared key is selected using the key identifier, uses the selected shared key to establish, with the initiating device, a session having a secure tunnel.
摘要翻译: 发起设备:生成具有基于ISAKMP的报头的消息,该报头包括安全参数索引(SPI)字段; 识别基于ISKMP的头部的SPI字段中的键; 并将消息发送到响应设备。 响应设备:接收消息; 提取密钥标识符; 并且当使用密钥标识符选择共享密钥时,使用所选择的共享密钥与发起设备建立具有安全隧道的会话。
-
公开(公告)号:US09143321B2
公开(公告)日:2015-09-22
申请号:US13416468
申请日:2012-03-09
CPC分类号: H04L9/0822 , H04L9/0825 , H04L63/0442 , H04L2463/062 , H04W12/02 , H04W12/04 , H04W84/08
摘要: A method and apparatus for transmitting encryption keys in a secure communication system is provided herein. During rekeying of a device, a key encryption key (KEK) is utilized to wrap (encrypt) the traffic encryption key (TEK) when the KEK is available to the device. If unavailable, the TEK will be wrapped using public key encryption with the recipient device's public key. The receiving device will then be able to unwrap the TEK using public key decryption with its own private key. Because TEKs are always transmitted in a secure manner, secure and efficient rekeying of devices on foreign networks can occur.
摘要翻译: 本发明提供一种用于在安全通信系统中发送加密密钥的方法和装置。 在设备的密钥更新期间,当KEK可用于设备时,利用密钥加密密钥(KEK)来包裹(加密)流量加密密钥(TEK)。 如果不可用,TEK将使用公钥加密与收件人设备的公钥进行包装。 接收设备将能够使用其自己的私钥使用公钥解密来解开TEK。 由于TEK始终以安全的方式传输,因此可能会发生外部网络上设备的安全高效的密钥密钥。
-
公开(公告)号:US07729701B2
公开(公告)日:2010-06-01
申请号:US11191563
申请日:2005-07-28
CPC分类号: H04W16/14 , H04W52/0206 , Y02D70/00
摘要: A method and system include de-keying a base station in a conventional TDMA communications system and staffing a timer in the base station when the base station de-keys. The method and system further include receiving a transmission from a mobile station and re-keying and repeating the transmission, if the transmission is received with proper synchronization before expiration of the timer.
摘要翻译: 一种方法和系统包括在传统的TDMA通信系统中对基站进行解密,并且当基站解密时在基站中配置定时器。 所述方法和系统还包括如果在定时器到期之前以适当的同步接收到传输,则从移动站接收传输并重新键入并重复传输。
-
-
-
-
-
-
-
-
-
搜索结果
12 条记录 (耗时 0.029 秒)
