JPH0479462A - Telephone conference method for safety key management system - Google Patents

Abstract

PURPOSE: To establish a safe conference constitution by establishing an un- forgeable lighting method for providing a single session traffic key by exchanging a message from point to point. CONSTITUTION: Safety terminals 2a-2d are designed for full- and semi-duplex voice and data communication. The semi-duplex voice and data communication is performed through a two-wire communication network 1 and the full-duplex voice and data communication is performed through a four-wire telephone communication network 1. For full-duplex transmission, information is simultaneously received and transmitted through two different pairs of wires (channels). Each terminal 2a-2d is certified in advance by means of a common authorized agency. Therefore, a safe telephone conference can be established.

Description

DETAILED DESCRIPTION OF THE INVENTION [Field of Industrial Application] The present invention relates to securing communications between users of a key management system, and more particularly to the use of an unforgeable certification process. The present invention relates to a method for providing more secure teleconferencing.

BACKGROUND OF THE INVENTION In today's telephone equipment, special circuitry within the switching system makes conference calls possible. A conference call is the simultaneous exchange of voice or data between three or more users of a communication system. Typically, specialized networks and circuits within a switching system's network serve to interconnect numerous users in a conference call.

In secure communication systems, the problem of establishing connections between multiple users for the exchange of voice or voice is further complicated by various security protocols. Establishing secure teleconferencing between multiple users over a secure network of switching systems is extremely difficult. This is due to the fact that the terminal equipment in the secure teleconferencing system requires the establishment of a real-time point-to-point, India-to-point traffic key.

[Problems to be Solved by the Invention] Furthermore, a session key is created between the terminal devices connected to the security network of the switching system.
Establishing the key) requires sending many messages between the system and the user. This is very cumbersome and time consuming.

It is an object of the present invention to enable any number of terminal devices connected to a switched network to provide a single session traffic key with a minimum number of point-to-point message exchanges between the terminal devices. An object of the present invention is to provide a method for establishing a secure conference structure by establishing a proof method that cannot be forged.

SUMMARY OF THE INVENTION In achieving the objectives of the present invention, a novel teleconferencing method for a secure key management system is presented.

A secure teleconferencing method is accomplished between a number of interconnected terminals via a switched network. Each terminal is pre-certified by a common authority. The secure conference call method first establishes that all conferenced terminals are pre-certified. Each terminal ensures that all remaining terminals have been previously certified by a common authority.

Second, the terminals have their own unique
Collectively expand session keys for a single session.

"Example" Hereinafter, the present invention will be explained in detail with reference to the drawings.

FIG. 1 shows a number of terminals 2a, 2b, 2c and 2d<A B connected to a switching network 1a.
C and D) are shown. This switching network includes circuitry that allows teleconferencing between these four terminals. The four terminals are shown here by way of example and not by way of limitation. Almost any number of terminals can be connected in a conference call configuration.

The only limitation is the number of terminals that can be physically interconnected by the switching system.

In this system, each of the terminals is a secure voice and data terminal. Each terminal includes this secure conference call method. This method can typically be implemented in software.

However, a hardware implementation is also possible.

Security terminals A-D are dedicated to full-duplex and half-duplex voice and data communications H1. Half-duplex voice and data communications are carried out over a two-wire communications network. Full-duplex voice and data communication is carried out by a four-wire communication network.

For full-duplex transmission, information is received and transmitted simultaneously by two separate pairs of wires (channels). In half-duplex transmission, the terminal energizes line 2 only for information transmission. Once the transmission is complete, the energy is removed and available for transmission by other terminals or on the same channel. Teleconferencing is more direct in a half-duplex configuration because Enel N is on the line only when a particular terminal is transmitting.

The method more easily applies to half-duplex communication mode. However, by time-sharing existing channels or establishing new channels, one for each added terminal, this method can also be applied to full-duplex transmission mode.

Each terminal A-D includes a half-duplex modem. Each terminal includes input devices such as push buttons on the front panel to indicate that the conference mode has been selected and that the secure mode has been selected. Each terminal also includes the ability to display the identity of each of the other conference participants. These identities can be scrolled onto the visual display L at the lick of each terminal user.

Safety lick, each of the terminals is one type of asymmetric (
aymIletric) uses the RS A public encryption and private decryption process. The encryption process is EM
and the decryption process is represented by DM.

Turning now to FIGS. 2A and 2B, at 1 an inexpensive teleconference method is shown. First, 2 users go off-hook, block 1°. Next, all users or users are established in a non-secure teleconference configuration by normal exchange system procedures, block 2°. This is an exchange screw 1 - conference in the work. This is accomplished in a typical manner by circuits. Calls or data transmissions at this point are not secure.

To accomplish a conference call, each user of terminals A-D selects conference mode by pressing a conference pushbutton on his or her terminal. Next, one of the users presses the security key on his or her terminal, block 3, which serves two functions. Initially, the terminal becomes the primary (mask) terminal for controlling the teleconferencing feature. By including this method to all terminal powers, any terminal can become the master (mask) for a conference call.

``Determination of the primary terminal for the conference call is determined by first pressing the security key on his terminal.

The second function of the main terminal is its 7' access domain message (access domain message)
age) to each of the other conference terminals in unit weight. To do this, the master is P180
block 4), then sends P1800 data to 776 bits 1, blocks 5), S(, R
1 data (scrambled for synchronization), followed by block 6°, during which the slave is set to half duplex mode, block 7° slave checks stop gap, block 8° slave P1800 detect data, block 9 and direct their modems to receive, block 10° mask send access domain message (ADM), block 11° followed by end of message (ROM) indication, block 2° Next, each slave receives the access domain message and stores it for later processing, block 13.
ion) Processed when a message is received.

Sending of the mask access domain message occurs as shown in FIG. 3A. The mask initially costs P180.
0 protocol, followed by a gap, followed by another P1800 protocol, 5CRI (scrambled 1 and O for modem synchronization) pitstream and then an access domain message pitstream, followed by an end of message ( (not shown) follows. Each slave then responds in the appropriate time slot, which is determined by the queue index function. This queue index function can be implemented in a number of ways, such as in a strictly arbitrary sequence.

The master terminal then sets its modem to receive, blocks 14 and 15. Each slave in the conference call then responds with its access domain message in the selected time slot. Since the slave terminal has received the masked access domain message, the No route is taken from block 16 to block 17. Then it is the slave's turn to send its access domain message and the YES path is taken from block 17 to block 18. In Figure 3A, slave 1 responds with its P1800 protocol (block 18) followed by 5CR1 (block 19).
, and its access domain message ADM, block 20, followed by ROM, block 21. Similarly, each slave responds in its time slot. Slave 2 responds in time slot 2.

Slave n responds in time slot n. The master terminal receives all access domain messages of each of the slaves, block 22. Block 23 determines whether all slaves have responded. If all slaves are not responding, block 23 transfers control to block 14 to wait for a response. When all slave terminals have responded, the mask (block 24) processes the access domain message for each of the slaves.

Next, the mask checks its authentication (authentication).
n) Send a message to each slave, blocks 25 to 28. The master terminal's authentication message is given by equation (1).

AM-[(IDL1aster' naster”
1 BM x DMkoa (1) This authentication message indicates a particular master terminal, its public or encryption key and its certification authority (KCA)'s private decryption key. This message is valid only if certified by a key certification authority. Furthermore, each of the other terminals can decode this message only if they are certified under the same key certification authority.

Block 16 determines for each slave terminal that this is an authentication message. As a result, block 16 transfers control to block 29 which sends the mask's access domain message (ADMII) and the other slave's access domain message (A D
M3. 's).

- Once access domain messages have been exchanged, each terminal determines the identity of the terminals to which it is connected via conference call and whether they are certified by a common certification authority such as the KCA. It can be determined that there is a Figure 3B shows this transmission of the mask. This transmission has 5 RCI bits or <1 soo protocol followed by an authorization message and ROM (not shown). The master terminal configures itself to receive the slave's authentication messages, blocks 31 and 3.
2. Next, each slave terminal processes the mask authentication message (AM, , ), block 306. Each slave terminal processes its own random number <RNS) and from the random number a random component message (RO
M), block 33. The ROM is created by encrypting the slave's own random number in the public key of the mask as shown in equation (2).

Each slave then stores its own copy of the random number for later use in the final stage of the process. Each slave then responds in its appropriate time slot with its message, followed by its random component message. The slave's authorization message is similar to the mask's authorization message. It is formula (3)
It is indicated by.

AM − [(ID , EM
)]s save
s avex D M kca
...(3) This includes the slave's public key covered by the slave's identity, certification authority, or KCA's private key.

If each slave determines that its time slot is present, it "broadcasts" its authorization message (AM), block 346.
The slave terminal initializes its modem, blocks 35 and 36. Next, each slave's authorization message (AM) and random component message (ROM) are sent to each of the other slaves, including the master terminal. , block 37,
This is followed by an end of message (EOM), block 38. Block 38 transfers control to block 34. Since this slave terminal has transmitted its AM and RCM, block 34 transfers control to block three.

The transmission for slave 1 is shown in Figure 3B. First the 1800 Pro 1 Hecol is sent, then the SCR
1 bit, slave 1 authorization message,
This is followed by a filler of approximately 200 milliseconds, which is a predefined binary bit pattern.
followed by and finally a random component message of slave 1 and an end of message indication (not shown) are sent.

Each slave responds in a similar manner in its assigned time slot 1.

Each slave terminal sets its modem to receive A, M, and RCM3 messages on the other terminal's AM terminal.
, and RCM. At the same time, the master terminal receives the AM of each of the slave terminals.
and R0M's mes
Receive s message, block 43. When all slave terminals have responded, each block 39 of each slave terminal transfers control to block 44. At the same time, block 45 transfers control to block 46 when the master terminal has received all AMS and RCM messages.

Each terminal's random component message contains a unique random number generated by that terminal. This random number is sent to the master terminal and is also stored within the terminal.6 The random number is encrypted by the public key of the mask to create a random compophone.
~ form a message.

Therefore, all other slave terminals in the conference call will receive the R,CM or they will resolve it.
I wouldn't be able to sell it.

As a result of these transmissions, each slave terminal receives all of the other terminal's authorization messages. Each slave then processes each of the other slaves' authorization messages, block 44, which determines the identity of each of the other slaves (1dent i
ty). The identities of each slave are then scrolled on the terminal's viewing device in the order in which they are received. As a result, each terminal is revealing the authenticated identity of each of the other conferees.

The master terminal also receives each of the other terminals' authentication messages and processes them in the same manner as described above for the slaves, block 466. Next, the mask decrypts each of the slaves' random component messages. Block 46. Since each of the slave's random component messages is covered by Mask's public key, Mask can decrypt them by applying his private key, but this is not an asymmetric or one-way function. This is because. Each slave configures its modem to receive messages from the master terminal, block 47.
and 48° When the master terminal receives each of the authorization messages, it decodes the other terminal's identification. In addition to this, the master terminal then scrolls each of the slave terminal's identities on each of the visual displays on the terminal. The master terminal then decodes each of the slaves' random component messages. Since each of the slaves has covered their random components by the public encryption of the mask, it is possible to decode each of the random component messages by applying either the mask alone or his private decryption key. can. The random component is a predetermined number of bits of information.

The random component, as its name suggests, is randomly generated by each of the terminals. The larger the random component is in terms of bits, the more difficult it is to determine this component for listening purposes.

As a result, the master terminal obtains each of the slave terminal's random components.

Additionally, the master terminal stores its previously generated random components.

The master terminal then generates a set of random numbers based on each of the slaves' random numbers and the random component or number of the mask, block 49. The equation for generating this set of random numbers is equation set (4). Indicated by

RNs(1)+RNs(2)+-RNs(n-111-
RNm = RNs (n) RNs (1) + RNs (
2) +-RNs(n-2)+RNs(n)+RN11-
RNS(n-1) RNsm+RNs(2)+-Rt4s(n-3)+RN
S(11-1)+RNs(n)+RNI=RNS(n-
2) RNs(1) +RNs(3)+=-RNs(n)
+RNtn -1iNs(2)RNs(2)
+RNs(3)+-RNs(n)-RNm
- old (s(1)... (4) 2. Taking the last expression of each set of expressions in set (4) as an example, the new random number RNs (1)' for slave 1 is It can be seen that it is constructed by each of the random numbers in the mask. These random numbers are exclusive-ORed. Each tens sign represents an exclusive-OR operation. A new random number R for slave 2, N(2)' is the exclusive OR of each of the other terminal's random numbers except terminal 2. As a result, the masked terminal generates one new random number for each terminal in the conference call, which Except for the terminal to which the random number is sent, it is the exclusive OR of all other terminals in that random number being conferenced.

The terminal to which the random number is to be sent has previously stored its own random number. Thus, in Figure 4, when a given terminal receives a new random number from the master terminal, it simply exclusive-ORs its own stored random number with the primed random number sent from the master terminal. Do 99. As a result, each terminal reveals its session key.

This session key is only useful for this session and is generated for each conference call. The generation and transmission of session keys also follows the two-man rule in that intercepting a single message will not result in obtaining a random component and therefore a session key.

The master terminal covers each newly generated primed random number with the slave terminal's public encryption key and sets the random number to two sets (
5).

[RN(1)'']xEl-1= RCMm(1)s
avel[RN(2)']xEMS, aV, = RCHm(2
)IRNfn-1)'1xr)IS]aVo(,-1,
= PCIim(n-1)IItN(n)']xEH8
,,Vo(n, -RCHn+(n) -(5)
Again, the new primed random number is covered by the slave's public encryption key, so only that particular slave or his private decryption key can decode the new primed random component message. . The mask generates one such random component message for each slave and covers that message with the slave's public encryption key.

Next, the mask is a secret (crypto) synchronization pattern (
C8), the block 50° master terminal then forms the final secure call setup message. This message is formed by the P1800 protocol (block 51) followed by the SCR1 information (block 52), followed by a random component message for each slave in the appropriate time slot. Following the last random component message. After the filler pit, a secret synchronization message is sent to all terminals by a mask. The secret synchronization message indicates point 1 - where the symmetric encryption/decryption function begins. The master terminal then sends a formatted message (corresponding to the primed random zero number) followed by a secret synchronization message to block 53, followed by the ROM, and block 54 to each slave. The terminal then receives its new primed random component message, block 55. In addition, each terminal receives a secret synchronization message, block 56. Next, each terminal receives its new primed random component message. to block 57, which processes the primed random component it receives by exclusive-ORing it with its own pre-stored random component to generate a session key. Then we have this session key.Therefore, this session key is used for each terminal's symmetric encryption/
A decryption process can be used to provide secure communications between each of the terminals in a telephony IIM configuration. A minimum number of messages is used to achieve security.

Finally, each terminal processes the secret synchronization message, block 58, which starts each of the symmetric encryption/decryption functions at a predetermined point. Therefore, since each terminal has a key and a starting point,
It is capable of encoding and decoding information sent to other terminals and received from the pond terminal in a secure manner.

While a preferred embodiment of the invention has been shown and described in detail in its form, it will be apparent to those skilled in the art that various changes may be made therein without departing from the spirit of the invention or the scope of the appended claims. It should be readily apparent that this is the case.

Figures 3A and 3B are timing diagrams illustrating message transmission between terminals.

FIG. 4 is a block diagram showing the exclusive OR operation of each terminal.

1a: exchange network, a 2b, 2c, 2d: Ta Minal.

Patent Applicant: Motorola Incorporated
Attorney Yoshiaki Ikeuchi

[Brief explanation of drawings]

FIG. 1 is a block diagram showing the configuration of a teleconferencing device via a switching network. 2A and 2B are flowcharts illustrating a secure teleconference method implementing the principles of operation of the present invention. Toshiruku fake evil

Claims (1)

[Claims] 1. A secure teleconferencing method for a key management system, the system including a plurality of terminals certified in advance by a common authority of the key management system, the secure teleconferencing method comprising: , connecting at least three of said terminals in an unsecured conference call via a switched network; selecting any one of said connected terminals as a master terminal; excluding said master terminal; selecting all of the connected terminals as slave terminals; ensuring by each terminal that each of the remaining connected terminals is certified by a common certification authority; between the connected terminals; and initiating a secure conference call between each of said connected terminals to provide for secure voice and data communications between said connected terminals. A secure teleconference method comprising the following. 2. The confirmation step includes: sending an access domain message from the master terminal to each of the slave terminals; receiving the access domain message by each of the slave terminals; and receiving the access domain message from the master terminal to each of the slave terminals. and determining whether each of the slave terminals has a common access domain; responding by each of the slave terminals to the master terminal with an access domain message for each slave terminal; and 2. The secure teleconference method of claim 1, including the step of determining whether each of the slave terminals and the master terminal have a common access domain. 3. The method of claim 2, further comprising the step of organizing the transmissions and receptions of each of the slave terminals into time slots for the transmission and reception of messages by each of the terminals. 4. The verifying step further includes: transmitting by the master terminal an authentication message containing the identity of the master terminal to each of the slave terminals; and receiving the authentication message of the master terminal by each of the slave terminals. , and determining the identity of the master terminal by each of the slave terminals. 5. The step of authenticating further comprises: sending by each of the slave terminals a corresponding authentication message containing the identity of the corresponding slave terminal to the master terminal; 5. The secure teleconferencing method of claim 4, including the steps of receiving the transmitted authentication message and determining by the master terminal the identity of each of the slave terminals. 6. The secure teleconferencing of claim 5, wherein the step of directly deploying includes the step of generating a set of random numbers by the master terminal, each random number in the set corresponding to each of the terminals. Method. 7. Generating the set of random numbers includes: generating a random number corresponding to each of the terminals connected in the conference call;
Each random number is the exclusive OR of each of the random numbers in the set corresponding to each terminal, except for the random number corresponding to one terminal that is to receive the random number; and 7. The secure teleconferencing method of claim 6, including the step of: transmitting each corresponding random number of the random numbers to the corresponding terminal in an appropriate time slot. 8. The method of claim 7, wherein the step of generating the set of random numbers further comprises the step of encrypting the set of random numbers by an asymmetric RSA type function. 9. A secure teleconferencing method for establishing a secure teleconferencing between a plurality of interconnected terminals that have been previously certified by a common authority via a switching network, the method comprising: , selecting any one of said connected terminals as a master terminal; selecting all of said connected terminals, except for said master terminal, as slave terminals; and controlling said remaining interconnections by each terminal. establishing that each of the interconnected terminals is certified by a common certification authority; deploying session keys for a single session directly between the interconnected terminals; and initiating a secure conference call between the interconnected terminals to provide secure voice and data communication between the interconnected terminals. 10. A secure teleconferencing method for establishing a secure teleconferencing between a plurality of interconnected terminals pre-certified by a common authority via a switching network, the secure teleconferencing method comprising: selecting any one of the connected terminals as a master terminal; selecting all of the connected terminals, except for the master terminal, as slave terminals; establishing that each of the terminals is certified by a common certification authority, and providing secure voice and data communications between the interconnected terminals; A secure teleconference method comprising directly deploying a session key for a single session to a user.