JP2002539489A - Voice and data encryption method using encryption key split combiner - Google Patents

Abstract

(57) Abstract: An encryption key split combiner including several key split generators for generating an encryption key split, and a key split randomizer for randomizing the encryption key split to generate an encryption key, and encryption. This is the process of forming the key. Each key split generator generates a key split from the seed data. The key split generator may include a random split generator that generates a random key split based on the reference data. Other key split generators include token split generators that generate token key splits based on label data, console split generators that generate console key splits based on maintenance data, and biometric data. It may include a biometric split generator that generates a biometric key split. All splits may also be based on static data, which may be updated, for example, by changing the prime divisor of the static data. Label data can be read from a storage medium and can include user authentication data. The label data may be associated with the recipient's label category or subcategory, which is meaningful to the user identifying or determining the intended recipient (s) of the encrypted information or object. The array associated with the software component object may use key splits to determine which methods and properties are allowed and to control access to memory addresses for those allowed methods and properties. The resulting encryption key may be, for example, a stream of symbols, at least one symbol block, or a key matrix.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001] This disclosure relates to US Pat. No. 5,410,599 to Crawley et al. (“Voice and Data Encryption Device”) and US Pat. No. 5,375,169 to Shate et al. Key Management Method and Apparatus ”).

TECHNICAL FIELD [0002] The present invention relates to an encryption system and an encrypted long-distance communication method between a transmission space and a reception space. In particular, the present invention provides a system for encrypting a plaintext message or embedded object and creating an encryption key for use in decrypting a ciphertext communication medium, transmitting voice and data in an encrypted form including two or more parties, and It relates to the selective reception and decoding of voice and data.

<Background Art> In the modern society, communication between groups uses many different communication media,
It is done in a variety of different ways. Electronic communication is becoming popular as an efficient method of information transfer, and in particular, electronic mail is expanding due to the immediacy of the medium. Other communication media at the software program level define objects as specific pieces of compiled code that provide specific services within the overall system.

[0004] Unfortunately, the benefits provided by electronic communication have drawbacks, especially in the privacy area. Electronic communications can be intercepted by unintended recipients. Wireless communication such as voice communication using a mobile phone and e-mail are particularly susceptible to such interception. Further, the retention of information on the computing system can also create another privacy issue. One of the scenarios where privacy can be an issue is when there are multiple users on a common computing device, and when separating information about multiple applications in a network of users communicating different categories of information. is there. In another situation, the notion of privacy extends beyond protecting information from prying eyes, and the integrity of software program objects can be an issue. Manipulation or other changes to the object can cause unintended consequences for the creator of the object.

[0005] The privacy problem of electronic communications has been addressed and solutions to this problem have been implemented. One form of the solution uses encryption to provide privacy for electronic communications. Cryptography involves encrypting or encoding a message or object to be transmitted or stored, and subsequently decrypting or decoding the message or object to be received or captured. This message or object typically takes the form of a digital signal, a digitized analog signal, or a function of the object. If this communication is intercepted in transit or extracted from storage due to unauthorized presence, this message is of no value to unauthorized persons who do not have the means to decrypt the encrypted message. Become.

In a system using encryption, an encoding device or an encryption engine is incorporated on the encryption side of communication. The encoding device receives a plaintext (unencrypted) message (or object) and an encryption key, and encrypts the plaintext message (or object) with the key according to a predetermined encryption relationship between the plaintext communication and the key. I do. That is, the message or object is a text / key relationship (
In a predetermined manner described in text / key relation), a key is operated to create a ciphertext (encrypted) message or object.

Similarly, the decoding side of the communication incorporates a decoding device or engine.
The decoding device receives the ciphertext and the cipher key, and decrypts the ciphertext message with the key according to a predetermined decryption relationship between the ciphertext message (or object) and the key. That is, the message (or object) is manipulated with the key in a predetermined manner described in a text / key relationship to create a new plaintext message corresponding to the original plaintext message.

The way in which the keys and the above relationships are applied to the communication process and the way in which the keys are managed define the cryptosystem. Currently, many conventional cryptosystems are used. For example, perhaps the most common scheme is public key cryptography. According to this type of scheme, the key used is actually a combination of a public key component available to any person or large set of entities, and a private key component specific to a particular communication. Such public key schemes have been extensively described in the relevant technical literature, and are described in particular by Martin E. Hermann, Beili W. Diffie, and Ralph C. Markle (eg, herein incorporated by reference in their entirety). Nos. 4,200,770 and 4,218,582, entitled "Diffy-Hellman Method".

An important consideration in determining whether a particular encryption scheme is suitable for an application is the degree of difficulty required to break the encryption, that is, the ability of an unauthorized person to decrypt the encrypted message. Is the amount of work required. One way to increase the security of a cryptosystem is to minimize the probability that a valid key can be stolen, computed, or found. The more difficult it is for an unauthorized person to obtain a valid key, the more secure communication under a particular scheme will be.

DISCLOSURE OF THE INVENTION Accordingly, it is an object of the present invention to provide a process and a method for assembling a key that provides additional security against the exposure of a communication medium, which may include software components, by an unauthorized entity. It is to provide a device.

It is a further object of the present invention to provide a process and apparatus for formulating key components that cannot be duplicated by unauthorized persons.

The present invention has at least the following further objects. a. Advance the use of public keys through access control through symmetric encryption. b. Adapting Constructive Key Management (referred to herein as "CKM") for use in transmission media. c. For voice or data using an analog or digital phone, or voice or data from a phone to a computing base such as the Internet,
Use public key and CKM key methods to establish private link or conferencing capabilities. d. To ensure data integrity and promote fast, encrypted connections between phones,
Adding an error detection field to the conference encryption settings. e. To provide a way to securely establish a session key between two phones. f. Using a portable voice and data encryption platform composed of voice and / or data modules, encryption and control modules, and modem modules. g. Provides a display module such as an LED on this platform to present a visual confirmation of the number of other platform users to be included in the cryptographic process and identify the platform user by a number that can be verified by the sender as an authentication function To do.

[0013] The other objects and advantages are provided by a cryptographic key split combiner.
key split combiner). This includes a number of key split generators that generate cryptographic key splits, and a key split randomizer that randomizes the cryptographic key splits to generate cryptographic keys. Each key split generator generates a key split from seed data. The source of the seed data may be a pseudo-random or random data sequence that can be included in a key management scheme that uses key splits to determine data encryption or session keys. Managing key splits can include providing a source of seed data and a distribution process to ensure that the desired combination of key splits is generated.

In one embodiment of the present invention, the key split generator includes a random split generator that generates a random key split based on reference data. The random split generator can generate a random sequence based on reference data, or can generate a pseudo-random sequence based on reference data. This random key split is also used for chronological data.
data). This random key split can instead be based on reference data and updatable static data. One way to update static data is to change the prime divisor of the static data.

Other key split generators include, for example, a token split generator that generates a token key split based on label data and / or organization data and / or static data, and a previous or current maintenance data. And / or including a console split generator for generating a console key split based on static data, an asymmetric key split generator for generating pair-wise data, and a biometric data vector. And a biometric split generator that generates a biometric key split based on biometric data, and biometric combiner data, and / or static data. This label data can be associated with the recipient's label categories and subcategories that are meaningful to the user specifying or determining the intended recipient (s) of the encrypted information or object. This label data can be read from a storage medium and can include user authentication data.
The resulting encryption key can be, for example, a stream of symbols, at least one symbol block, or a key matrix.

An asymmetric key split generator can be used to ensure the integrity of one or more key split generators, such as a random key split, or to ensure the integrity of the sender's data. .

The key split generator can be used to determine which of the recognized methods and properties, if any, exist in the software program containing the component object. The component object is
A compiled piece of software code in computer memory that has an array of memory addresses and indicates the relative location in memory where a particular function or method of the object and data or properties are stored. . The array associated with the component object can use key splits to determine which methods and properties are authorized and to control access to memory addresses by those authorized methods and properties.

The invention further includes a process for forming a cryptographic or session key, comprising generating a plurality of cryptographic key splits from seed data and randomizing the cryptographic key split to generate a cryptographic key. included. This process can include generating a reference pointer to the key split that facilitates selection of the key split during the encryption or decryption process. After the data or object has been encrypted, such pointers can be included in the ciphertext.

The encryption key split includes, for example, a random key split based on reference data,
It may include a token key split based on label data, a console key split based on maintenance data, and a biometric key split based on biometric data. Such a key split may be a random sequence or a pseudo-random sequence.

Generating a random key split can include generating a key split based on reference data and temporal data, or based on reference data and static data. Generating a token key split includes generating a key split based on label data and organization data that are readable from a storage medium and that can include authentication data, or based on label data and static data. Can be included. Generating a console key split can include generating a key split based on previous maintenance data and current maintenance data, or based on maintenance data and static data. Generating a biometric key split includes generating a key split based on biometric data vectors and biometric combiner data, or based on biometric data and static data. Can be included.

The static data provided for any key split can be updated. Updating the static data may include changing the prime divisor of the static data.

The resulting encryption or session key is a stream of symbols, at least one of
One symbol block, or key matrix.

According to a further aspect of the invention, for transmitting voice and data in encrypted form,
A portable voice and data encryption platform for use with a telephone, cell phone, or satellite device is provided. The control logic that is part of this platform manages the analog and data sequences. See Crawli et al. The information channel between two or more telephones, two or more faxes, or two or more computers is established by an initial key exchange that securely distributes CKM key fragments. The public key material can be established on the fly with only pre-computed and distributed parameters common to the parties of the information channel, in which case there is no ability to recover the data or key and the session Public key fragments are generated and exchanged immediately before the session. A set of a private link label and a conference label composed of a random number or a pseudo-random number is linked to a combination label used for a session key and a session random number generating a random number. With the combined session key,
The same full key is used which is used for encrypting or decrypting voice or data. The choice of any label depends on the user's selection of a conference call, which can be a two-way link or a temporary or collective call. An error detection field that is mathematically calculated based on the session key is added to the combination conference session key.

The enforcement of the use of public keys with access control is provided through symmetric encryption,
In this case, the public key can be based on a known algorithm such as the Diffie-Hellman or elliptic curve algorithm. Constructive Key Management is adapted for use on transfer media. Diffie-Hellman notes the pre-positioned key fragments, the construction of session keys from these fragments, and the use of labels specified through the key fragments used to add a variable random function that is part of the session key. Is what you do. This label key fragment can be symmetric or asymmetric depending on whether there is a software (symmetric) or encrypted (asymmetric) forced read / write requirement. The number of bits in the label and the random number are determined by the selected digital encryption algorithm (eg, Data Encryption Standard can be used). Public key and CKM key methods are used to establish private links or conferencing capabilities for voice or data using analog or digital phones, or voice or data from a phone to a computing base such as the Internet. . An error detection field is added to the conference encryption settings to ensure data integrity and promote a quick encrypted connection between phones. A method is provided for securely establishing a session key between two phones. A portable voice and data encryption platform composed of voice and / or data modules, encryption and control modules, and modem modules is used (see Crawley et al.). The platform may consist of devices connected between the handset and the telephone equipment (in this case, the analog voice is converted to digital, the digital block data is encrypted, and the resulting encrypted data is converted. Back to analog and exchanged within the POTS network). In this platform, a display module such as an LED can be used. This LED can be used to provide a visual confirmation of the number of other platform users involved in the cryptographic process. This LED can also identify a platform user by a number that can be confirmed by the sender as an authentication function.

The present invention will be more completely understood from the following detailed description and with reference to the following drawings.

BEST MODE FOR CARRYING OUT THE INVENTION Referring to FIG. 1, a communication has a starting space 2 and a destination space 4. Starting space 2
Defines the time and place where communication occurs. The destination space 4 defines the location and time at which the communication is to be decoded. The starting space 2 and the destination space 4 can be separated from each other. Alternatively, they can be in the same place, shifted in time.
The space and time corresponding to the start space 2 and the destination space 4 depend on the nature of the particular communication. The starting space 2 and the destination space 4 are coupled to a common communication channel 6. This communication channel 6 can bridge a physical space such as the air in the case of a call by a portable voice telephone. Alternatively, the communication channel 6 can be a temporary storage of the communication between the start space 2 and the destination space 4 during the passage of time, for example by a first user in the memory of the computer. A message is left and a second user reads it at a later time on the same computer. The communication channel 6 can be a combination of two types, for example, a telephone cable and a storage memory in the case of electronic mail transmission. Communication channel 6 may be a component object in computer memory.

A component object is a compiled piece of software code in computer memory that has an array of memory addresses and in which memory a particular function or method and data or properties of the object are stored. Indicates the relative location of. The application programmer uses the component object by obtaining a pointer to the memory including the array. This creates an instance of the component object,
Known in the art. Programmers can take advantage of component object methods and properties by indirectly addressing through this array.

In the starting space 2, the original plaintext message 8 is received and encrypted according to the ciphertext / key relationship 14 using the provided cryptographic key 10 to create a ciphertext message 16. . The ciphertext message 16 is received in the destination space 4 via the communication channel 6. Next, an authorized presence with the correct decryption key 20 can provide the decryption key 20 to the destination space 4, where a new plaintext message 24 corresponding to the original plaintext message 8 is created. The decryption key 2 is added to the ciphertext message 16 according to the decryption text / key relationship 22.
0 applies.

The start space 2 and the destination space 4 can be, for example, a plurality of computers or the same computer. An example computer may have a certain amount of storage capacity in the form of a memory for storing text / key relationships. A microprocessor or similar controller, along with a control structure and random access memory for storing the original plaintext and keys provided by the user, can be included in each space to perform the functions of the encryption / decryption engine. Can be.
Input devices 26, 28, such as a keyboard, a floppy disk drive, a CD-ROM drive, or a biometric reader, may also be used to receive keys and plaintext messages from the initiating user and keys from the destination user. Can be provided. In destination space 4, an output device 30, such as a monitor, disk drive, or audio speaker, can be provided to provide a new plaintext message to the destination user. The text / key relationship is not stored in the computer's hard storage, but rather on a floppy disk or other permanent or temporary portable storage, and can be used by different users or in different situations to store different text / key relationships. Can be applied.

The key provided in the starting space and the key provided in the destination space are composed of several components, namely splits, each of which can be provided from different sources. As shown in FIG. 2, the random key split 32 can be generated randomly or pseudo-randomly. The second split 34 can be stored in the token. A third split 36 can be stored on the console and a fourth split 38 can be provided by a biometric source. Key splits can be combined to form a complete encryption key. This key may take the form of a stream of symbols, a collection of symbol blocks, an N-dimensional key matrix, or any form of use in a particular cryptosystem.

The random split 32 provides a random component to the encryption key. The split 32 is randomly or pseudo-randomly generated based on a seed provided as reference data 40 by an arbitrary source. For example, when a user attempts to log on to the system, the date and time of the user's logon attempt, expressed in digital form, can be used as a seed for key split generation. That is,
The seed can be provided to a pseudo-random sequence generator or other randomizer to create a random split. Such pseudo-random sequence generators are widely known in the art. For example, a simple hardware implementation could include a shift register, which has the various outputs of the exclusive-ORed register and the result fed back to the input of the register. Alternatively, the seed is a built-in component 4 such as a fixed key seed stored in the starting space.
2, or can be randomized thereby. This randomization can be performed, for example, by applying a variation of the text / key relationship to the generated seed and the stored fixed key seed. The result is
To create a random key split 32, it can be further randomized, for example, by a digital representation 44 of the date and time of the encryption.

[0032] The token split 34 can be generated in a similar manner. in this case,
The seed is provided on the token, that is, stored on a medium owned by the user. For example, the seed can be stored on a floppy disk that needs to be read by the system as part of the cryptographic procedure. The token can store a number of different seeds, or label data 46, each of which corresponds to a different authentication provided by the system or a different authentication specified by the user. For example, a seed can be used to generate a key split that authenticates a particular user reading a message at a particular destination space. Another key seed is a key that authenticates that any member of a set of multiple users reads a message in any destination space, and that a particular user reads the message and overwrites the message in a specific destination space. Can be used to generate splits. The label data 46 can also specify a time width during which access to communication is valid. This seed can be randomized by a built-in component 48 such as a seed stored in the starting space, and then further randomized by organization data 50 provided to the organization to which the user belongs.

The console split 36 is derived from a change value stored in a user space such as a system console. Such change values can be created using maintenance data such as checksums taken from the defragmentation table set. For example, the current maintenance data 52 can be randomized with certain previous maintenance data. Alternatively, any previous maintenance data 54
Can be randomized by a built-in component 56 stored in the starting space, the results of which are exclusive-ORed together and randomized by the current maintenance data 52. The result of the randomization of the change value is the console split 36.

The biometric split 38 is generated from a biometric data vector 58 provided by the user's biometric sample. For example, a retinal scanner can be used to obtain a unique retinal signature from a user. This information is used in digital form and subsequently to generate a biometric split 38. This is achieved, for example, by randomizing the digital string corresponding to the biometric vector 58 with the biometric combiner data 60, wherein the biometric combiner data 60 contains the user's system identification number, It can be a digital hash of some other identifying data that can be linked to the user's physical data provided by the metrological reader.
The resulting randomized data is a biometric split 38. Biometric split 38 provides information that cannot be duplicated to anyone other than the user who provided biometric data vector 58.

The embedded key split components 42, 48, 56 described herein can be static in that they are not changed based on uncontrolled parameters in the system. However, it is possible to update for control purposes. For example, the embedded key split components 42, 48, 56 can be changed to change the participation status of a particular user. This key split component can be completely changed to deny access by the user. Alternatively, only the single prime divisor of the original key split component can be retrieved from the key split component as a change to preserve the legacy file. That is, the user can access the version created prior to the modification, but cannot modify the file, effectively giving the user read-only access. Similarly, changing the key split component can give users more broad access.

According to one encryption scheme that can be used in accordance with the present invention, prime numbers and random numbers are generated from a data seed source for one or more communicating parties. The random numbers can be used in the "public" domain, such as a public server, or can be negotiated between parties before the communication process. To establish communication between the two parties, a polynomial or modulo operation is performed using the sender's prime number and the recipient's random number for the sender. The recipient calculates the recipient's prime number and the sender's random number. The inter-computation creates a cryptographic or session key used to encrypt the random key split or to encrypt the hash of the transmitted or stored message, thereby creating the asymmetric split 64. Other key split generators used on the encryption side of the communication provide integrity to asymmetric key split generators.

After the key splits 32, 34, 36, 38 are generated, they can be randomized together to create an encryption key 62 for communication. In performing each combination to generate a complete encryption key, different variations of the text / key relationship can be applied. The use of a plurality of different text / key relationship variations increases the security of the overall cryptosystem. It is contemplated that key splits other than those specifically described herein may be combined in forming the complete key 62. The total number of splits can also be varied and these splits can be used to build a key matrix to increase the complexity of the system. The perfect key 62 should be in a form that is optimal for use in a particular encryption scheme. That is, different fields of the key can have different functions in the protocol of communication,
These should be properly located in the key.

In the destination space, the process is reversed to determine whether the user attempting to access the message has authentication, ie, has a valid key. The key provided by the user in the destination space must contain the information required by the label used to create the token split in the starting space. This information can also take the form of a token split. In addition, a biometric split can be required as part of the destination key to provide a link between the identification data assigned to the user and the biometric data collected from the user. Token splits and biometric splits can be combined with other splits in the destination space to form a complete destination key.

FIG. 3 shows an example of a hardware implementation for key generation and management according to the present invention.

For component object control, an array of addresses can be encrypted in the component object's executable file. An application program using the component object can then call a special "create instant" function to transfer the key split or label representation. This "create instant" is based on the transmitted key split, 1) using the key split to determine which, if any, methods and properties are present, and 2) determining which of these recognized Decipher the memory addresses for the methods and properties that were used, and 3) change the address of the unauthorized methods and properties, thereby calling instead a "stub" function that returns an error code corresponding to the deauthorization decision. Note that no attempt is made to encrypt the application data when interacting with the component object.

The following description pertains to using the described method to provide a private voice or data link, or to provide conferencing capabilities.

Process A public key establishment is used based on the Diffie-Hellman key agreement. Each platform device has a different set of definitions designated as P, Q, and G.
A universal set of Hermann parameters is loaded. From these parameters, a public / private pair of public key fragments is generated by each platform. Each platform has random or pseudo-random number generation and storage capabilities. Depending on each platform, C
A pair of KM labels (an ID number and a random number for each label) can be generated.

One of the platform users is designated as the sender (S) that initiates and manages the encryption exchanged between one or more platform users.

<< Two-Party Call >> A plain text call is started between 1.2 platform users. 2. One of the users can state that they are S and press the "Privacy Protection" button to trigger the encryption process. The recipient user's platform, R, automatically senses the start and responds in the following sequence (see FIG. 1 for the computation process).

A. S tells R to perform a protected communication. S is "protected"
I press the button. The coded signal is sent to R and there is a visual indication on R's LED that a protected exchange has been initiated. The automatic process proceeds. b. S creates a Diffie-Hellman asymmetric key pair from the common P, Q, and G parameters, generates a net label, generates a private label, and generates a random number. c. R generates a Diffie-Hellman asymmetric key pair from the common P, Q, and G parameters. d. R sends to S the public part of the asymmetric key pair.

E. S calculates the Diffie-Hellman shared key from the public part of the asymmetric key pair of R, and encrypts the net label, the private label, and the random number with the shared key. f. S represents the encrypted net label, private label,
, And a public part of S's own Diffie-Hellman asymmetric key. g. R computes a Diffie-Hellman shared key from the public key portion of S's Diffie-Hellman asymmetric key pair. h. R uses the Diffie-Hellman computational shared key to decrypt the label and random number from S. i. Each identification number is exchanged and received on both platforms. One or both users can verbally verify the number over the phone. j. To cancel the call, a cancel button or equivalent is activated.

Extraordinary Conference Call The encryption process for an extraordinary conference call is similar to a two-party call in that a clear text call is initiated between two platform users. A "protected" exchange is completed between two users as defined in a two-party call.

During a call exchange, one of the parties determines that it is desirable to have additional users participate in the conversation or data exchange. The following steps are performed to establish a crypto exchange with a new user, R1 (see FIG. 2 for the computation process).

A. S suspends the encryption channel with R but maintains encryption synchronization "
Press the "Reserve button for R". The S LED confirms that R is pending. b. S establishes a POTS connection with R1. c. S informs R1 that protected communication is being performed. S is "
Press the "Protect" button. A coded signal is sent to R1 indicating that a protected exchange is to be initiated, which is confirmed by the LED through the R1 LED. Since only one party exists, the communication protocol between the two determines that this is not a broadcast conference call.

D. S generates a private label (between S and R1) and a Diffie-Hellman asymmetric key pair and sends the public part to R1. e. R1 generates a Diffie-Hellman asymmetric key pair from the common P, Q, and G parameters and computes a Diffie-Hellman shared key from the public key portion from S. R1 sends the public part of the key pair to S. f. S calculates a Diffie-Hellman shared key from the public key from R1.

G. S encrypts the private label, the net label established with R, and the random number established with R, and sends this to R1. S holds a private label. h. R1 decrypts the data from S and holds the private label.

I. S suspends the encryption channel with R but maintains encryption synchronization "
Press the "Reserve button for R1". The S LED confirms that R and R1 are pending as private conversations. j. S presses the "meeting button". A coded signal is sent to R and R1 that initiate the conference call. Confirmation is made with the respective LEDs of R and R1. S generates a net label and a new random number. k. First, S sends a net label encrypted with the public key portion of R and concatenated to the new random number. An error detection scheme such as CRC is applied to the combined net labels and random numbers, and the resulting error detection data is included in the transmission of the labels and random numbers. R receives the data, performs a CRC on the data, verifies the data, and decrypts the net label and random number with the private part of the public key.

L. All three users have a common net label and a common random key from S. You can initiate a secure conference call. m. Note: Private conversation with R or R1 can be resumed by putting the conference call on hold and initiating a protected call.

N. To interrupt the call, a cancel button or equivalent process is performed.

Broadcast Call This encryption process is temporary in that all conference parties are available at once and a secure relationship is established while all parties are present. Different from conference call. The broadcast conference call uses an extraordinary conference call process, with a slight difference in sequence (see FIG. 3 for the computation process).

After all parties have been connected and confirmed to be present, one of the parties states that they are S. a. S presses the "Protect" button. A coded signal that a protected exchange is to be initiated is sent to all other parties present. LED confirmation is activated for all conference call participants' LEDs. The communication protocol is established such that the protection processes are activated in a mutually determined order for each existing conference participant.

B. Each participant completes the exchange with S as follows. 1. S generates a net label, a random number, and a Diffie-Hellman asymmetric key pair from the common P, Q, and G parameters, and sends the public part to R. 2. R is a common P, Q, and private label (used between R and S)
And a Diffie-Hellman asymmetric key pair from the G parameter. R is S
Computes the Diffie-Hellman shared key from the public key of R encrypts the private label with the shared key. R sends to S the public key portion of his asymmetric key pair. R also sends encrypted private labels for R and S.

[0058] 3. S computes the Diffie-Hellman shared key from the public key from R. S
Decrypts the private label using this shared key. S holds a private label. 4. S encrypts the net label and the random number with the shared key, and sends this to R. A CRC is performed on the encrypted serial number and the CRC number is sent with the encrypted serial number. 5. R receives the net label and the random number and decrypts it using the calculated shared key. R holds these.

6 S presses the "Reserve button for R" and suspends the encryption channel with R but maintains encryption synchronization. The LED of S confirms that R is suspended. 7. R1 and the rest of the conference call parties perform the processes b1 to b6 above. The S LED reflects which party has successfully completed the underlying protection exchange.

C. S presses the "meeting button". A coded signal is sent to all parties that a conference call will be initiated. Confirmation is made by the LED of each person concerned. S
Generates a net label and a random number. d. S sends the concatenated net label and random number encrypted with the public key portion of R. S repeats this process for each party in the conference call. The LED of S reflects which party the network data was sent to. e. All parties in the conference call have a common net label from S and a common random key. A conference call protected by keying material by a cryptographic algorithm can be initiated.

F. Note: Private conversations with any participant and S put the meeting on hold,
It can begin by establishing a protected two-way call. g. S presses a cancel button or equivalent process to interrupt the conference call.

The present invention has been described based on exemplary and preferred embodiments. However, the scope of the present invention is not limited to these particular disclosed embodiments,
On the contrary, the invention is considered to cover various alternatives and similar arrangements. Therefore, the appended claims should be accorded the broadest interpretation so as to encompass all such modifications and similar arrangements.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating communication events characterizing cryptography.

FIG. 2 is a block diagram showing a key split combiner.

FIG. 3 is a diagram illustrating an example of hardware implementation of a key generation mode according to the present invention.

──────────────────────────────────────────────────続 き Continuation of front page (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE ), OA (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, KE, LS, MW, SD, SL, SZ, TZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, CA, CH, CN, CR, CU, CZ, DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU , ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW [Summary continued] This makes sense for the user to identify or determine the intended recipient (s) of the encrypted information or object. Arrays associated with software component objects may use key splits to determine which methods and properties are allowed and to control access to memory addresses for those allowed methods and properties. The resulting encryption key may be, for example, a stream of symbols, at least one symbol block, or a key matrix.

Claims (28)

[Claims] 1. An encryption key split combiner comprising: a) a plurality of key split generators for generating an encryption key split; b) a key split randomizer for randomizing said encryption key split to generate an encryption key. C) each of said key split generators comprises means for generating a key split from seed data; d) at least one of said key split generators is an asymmetric key split generator; . 2. The encryption key split combiner according to claim 1, wherein the plurality of key split generators include a random split generator that generates a random key split based on reference data. 3. The encryption key split combiner according to claim 2, wherein said random split generator includes means for generating a random sequence based on reference data. 4. The encryption key split combiner according to claim 2, wherein said random split generator includes means for generating a pseudo-random sequence based on reference data. 5. The encryption key split combiner according to claim 2, wherein said random split generator includes means for generating a key split based on reference data and temporal data. 6. The encryption key split combiner according to claim 2, wherein said random split generator includes means for generating a key split based on reference data and static data. 7. The encryption key split combiner according to claim 6, further comprising means for updating static data. 8. The encryption key split combiner according to claim 7, wherein said means for updating said static data includes means for changing a divisor of a prime number of said static data. 9. The encryption key split combiner according to claim 1, further comprising means for receiving a prime number and a random number. 10. The encryption key split combiner according to claim 9, further comprising means for executing a polynomial calculation on said prime number and said random number. 11. The encryption key split combiner according to claim 9, further comprising means for performing a modulo operation on said prime number and said random number. 12. The encryption key split combiner according to claim 9, further comprising means for generating a session key based on said prime number and said random number. 13. The encryption key split combiner according to claim 12, wherein the plurality of key split generators include a random split generator that generates a random key split based on reference data. 14. The encryption key split combiner according to claim 13, further comprising means for encrypting said random key split with said session key to create an asymmetric split. 15. A process for forming an encryption key, comprising: a) generating a plurality of encryption key splits from seed data; b) randomizing the encryption key split to create an encryption key. C) wherein at least one of the cryptographic key splits is an asymmetric key split. 16. The process of claim 15, wherein generating a plurality of cryptographic key splits comprises generating a random key split based on reference data. 17. The process of claim 16, wherein generating a random key split comprises generating a random sequence based on reference data. 18. The process of claim 16, wherein generating a random key split includes generating a pseudo-random sequence based on reference data. 19. The process of claim 16, wherein generating a random key split comprises generating a key split based on reference data and time-lapse data. 20. The process of claim 16, wherein generating a random key split includes generating a key split based on reference data and static data. 21. The process of claim 20, further comprising updating the static data. 22. The process of claim 21, wherein updating the static data comprises changing a prime divisor of the static data. 23. The process of claim 15, further comprising receiving a prime and a random number. 24. The process of claim 23, further comprising performing a polynomial calculation on said prime and said random number. 25. The process of claim 23, further comprising performing a modulo operation on said prime number and said random number. 26. The process of claim 23, further comprising generating a session key based on said prime number and said random number. 27. The process of claim 26, wherein generating a plurality of cryptographic key splits comprises generating a random key split based on reference data. 28. The process of claim 27, further comprising encrypting a random key split with the session key to create an asymmetric split.