 Source data compression and decompression in code symbol printing and decoding |
| In accordance with the teachings of the present invention, a coded symbol encoding and decoding ... |
|
| Noise eliminating circuit |
| Accordingly, it is an object of the present invention to provide a noise eliminating circuit in ... |
|
| High common mode relay multiplexer |
| I claim: 1. In a multiplexer having a plurality of signal channels, each of said channels having a ... |
|
| Loudspeaker having a voice coil and a piezoelectric feedback transducer |
| What is claimed is: 1. A loudspeaker comprising, a cone-shaped vibratory diaphragm having an inner ... |
|
| Speech recognition apparatus with means for preventing errors due to delay in speech recognition |
| The present invention has been made in consideration of the above conventional problem and has as ... |
|
| Electronic musical instrument with manipulation plate |
| An object of this invention is to provide an electronic musical instrument capable of forming ... |
|
| Health club audio system |
| In accordance with this invention, there is provided an integrated audio amplifier system ... |
|
| Sound reproduction system |
| The sound system A of this invention is particularly adapted for reproducing music, irrespective ... |
|
| Speech aid apparatus for laryngectomees |
| What is claimed is: 1. Speech aid apparatus for laryngectomees, comprising a sound head consisting ... |
|
|
Method and apparatus for sending secure datagram multicasts
| Details |
Inventors: Aziz, Ashar;
Assignee: Sun Microsystems, Inc. (Palo Alto, CA)
Primary Examiner: Swann; Tod R.
Assistant Examiner: Callahan; Paul E.
Attorney, Agent or Firm: Beyer & Weaver, LLP
A method and apparatus for generating additional implicit keys from a key [K.sub.ij ].sub.N without the necessity of generating a new Diffie-Helman (DH) certificate or requiring communication between nodes to change implicit master keys is disclosed. A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet. A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates with node J using the Internet protocol. Node I is provided with a secret value i and a public value. Data packets (referred to as "datagrams") are encrypted to enhance network security. Each node maintains an internal value of N which is incremented based on time and upon the receipt of a data packet from another node. The key [K.sub.ij ].sub.N.sbsb.i is derived from the appropriate quantity of .varies..sup.Nij by using high order key-sized bits of the respective quantity. The present invention then utilizes the key [K.sub.ij ].sub.N.sbsb.i to encrypt a transient key which is referred to as K.sub.p. Node I encrypts the IP data in K.sub.p and encrypts K.sub.p in [K.sub.ij ].sub.N.sbsb.i. Node I transmits the encrypted IP datagram packet in the encrypted key K.sub.p to the receiving node J. Node I further includes its current internal value of N.sub.i in the outgoing packet. The present invention also provides for the application of one-way functions to the shared secret to enhance security. Thus, either node I or node J may change the context such that if in the future [K.sub.ij ].sub.Ni is compromised, or is not useable by a cracker to either decrypt prior encrypted packets. The present invention discloses methods and apparatus for achieving perfect forward security for closed user groups, and for the application of the SKIP methodology to datagram multicast protocols. |
|
DETAILED DESCRIPTION The present invention provides an improved simple key management scheme (SKIP) having particular application to datagram protocols, such as the Internet protocol (IP).
In one embodiment, the present invention discloses a method and apparatus for generating additional implicit keys from a key [K.
sub.
ij ].
sub.
N without the necessity of generating a new Diffie-Helman (DH) certificate or requiring any communication between nodes to change keys.
A first data processing device (node I) is coupled to a private network which is in turn coupled to the Internet.
A second data processing device (node J) is coupled to the same, or to a different network, which is also coupled to the Internet, such that node I communicates with node J using the Internet protocol.
Node I is provided with a secret value i and a public value which in one embodiment takes the form .
varies.
.
sup.
i mod p.
Data packets (referred to as "datagrams") are encrypted using the teachings of the present invention to enhance network security.
A source node I obtains a DH certificate for node J and obtains node J's public value .
varies.
.
sup.
j mod p from the DH certificate.
Node I then computes the value of, in one embodiment .
varies.
.
sup.
Nij mod p, and derives a key [K.
sub.
ij ].
sub.
N.
sbsb.
i from the value .
varies.
.
sup.
Nij mod p (or alternatively, .
varies.
.
sup.
(M.
spsp.
N.
sup.
)ij mod p, where M=2, 3, .
.
.
and N=0, 1, 2 .
.
.
).
Each node maintains an internal value of N which is incremented based on time and upon the receipt of a data packet from another node.
In the presently preferred embodiment, the value N is stored within the Security Association ID (SAID) field of an Internet specification of the IP Security Protocol (IPSP) defined by the Internet Engineering Task Force.
The key [K.
sub.
ij ].
sub.
N.
sbsb.
i is derived from the appropriate quantity of .
varies.
.
sup.
Nij by using low order key-sized bits of the respective quantity.
The present invention then utilizes the key [K.
sub.
ij ].
sub.
N.
sbsb.
i to encrypt a transient key which is referred to as K
|
|
Audio Signal Processing 
