111111
`
`1111111111111111111111111111111111111111111111111111111111111
`US006980659B 1
`
`(12) United States Patent
`Elliott
`
`(10) Patent No.:
`(45) Date of Patent:
`
`US 6,980,659 BI
`Dec. 27, 2005
`
`(54) METHODS AND SYSTEMS FOR SUPPLYING
`ENCRYPTION KEYS
`
`6,560,581 B1 * 5/2003 Fox et al. ..................... 705/51
`6,708,273 B1 * 3/2004 Ober et al.
`................. 713/189
`
`(76)
`
`Inventor: Brig Barnum Elliott, 25 Wollaston
`Ave., Arlington, MA (US) 02476
`
`( *) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.c. 154(b) by 1035 days.
`
`(21) Appl. No.: 09/585,933
`
`(22) Filed:
`
`Jun. 2, 2000
`
`Int. CI? ............................. H04L 9/00; H04L 9/32
`(51)
`(52) U.S. CI. ....................... 380/277; 713/189; 713/193
`(58) Field of Search ................................ 380/228,247,
`380/255,262,270,277-279,44,47,283; 713/168-172,
`713/192-194,189
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,897,875 A
`5,126,959 A
`5,586,185 A
`6,052,468 A
`6,212,639 B1
`6,359,986 B1 *
`
`................ 380/21
`1/1990 Pollard et al.
`6/1992 Kurihara ..................... 364/717
`12/1996 Shibata et al. ................ 380/21
`4/2000 Hillhouse
`4/2001 Erickson et al. ............ 713/200
`3/2002 Tatebayashi ................ 380/277
`
`OTHER PUBLICATIONS
`
`Bruce Schneier, Applied Cryptography, Second Edition,
`Protocols, Algorithms and Source Code in C, John Wiley &
`Sons, Inc., 1996, pp. 176-181.
`* cited by examiner
`
`Primary Examiner-Hosuk Song
`(74) Attorney, Agent, or Firm-Leonard C. Suchyta, Esq.;
`Joseph R. Palmieri, Esq.
`
`(57)
`
`ABSTRACT
`
`A system encrypts information. The system includes a key
`storage module (135) configured to store encryption bits in
`a memory of the key storage module. The system further
`includes a communication device (105) configured to
`retrieve a quantity of encryption bits from the memory of the
`key storage module. The retrieval depletes a total amount of
`encryption bits stored in the key storage module. The
`communication device is further configured to encrypt data
`transmitted from the communication device using the quan(cid:173)
`tity of retrieved encryption bits.
`
`17 Claims, 8 Drawing Sheets
`
`135
`\
`~
`n
`
`COMMUNICATION
`DEVICE
`105
`
`125
`I
`----z---
`
`I
`120
`
`KEY SUPPLY
`DEVICE
`130
`
`125
`I
`----z---
`
`I
`120
`
`COMMUNICATION
`DEVICE
`110
`
`1
`
`NEST 1011
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 1 of 8
`
`US 6,980,659 BI
`
`KEY SUPPLY
`DEVICE
`130
`
`135
`\
`~
`n
`
`125
`I
`--z---
`
`COMMUNICATION
`DEVICE
`105
`
`I
`120
`
`FIG.l
`
`125
`I
`--z---
`
`120
`
`COMMUNICATION
`DEVICE
`110
`
`105
`
`COMM
`INTERFACE
`205
`
`OUTPUT
`DEVICE
`210
`
`INPUT
`DEVICE
`215
`
`KEY
`CONTAINER
`135
`
`240
`
`/
`
`DATABASE
`220
`
`- , -
`
`PROCESSOR
`225
`
`RAM
`230
`
`ROM
`235
`
`FIG. 2
`
`2
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 2 of 8
`
`US 6,980,659 BI
`
`135
`~
`
`305
`
`FIG. 3
`
`135
`
`/
`
`800
`800
`800
`000
`
`FIG. 4
`
`3
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 3 of 8
`
`US 6,980,659 BI
`
`135
`
`I
`
`I
`
`I
`
`CONTAINER
`ID
`510
`
`CONTAINER
`KEY
`515
`
`SESSION KEY STORAGE
`520
`
`I
`
`I
`
`I
`
`ASIC
`505
`
`I
`I
`D D
`
`525
`
`530
`
`I
`
`I
`
`n n D
`
`535
`
`540
`
`545
`
`COMMAND
`IN
`
`DATA IN
`
`DATA OUT
`
`ST8TUS
`OUT
`
`POWER IN
`
`FIG. 5
`
`COMMAND
`OUT
`
`DATA OUT
`
`D8TAIN
`
`SlATUS IN
`
`EQWEB
`OUT
`
`§QQ
`
`655
`
`22Q
`
`665
`
`D D n n D
`I
`I
`I
`I
`
`QIQ
`
`I
`
`130
`
`PROCESSING UNIT
`605
`
`I
`
`COMM
`INTERFACE
`610
`
`I
`
`INPUT
`DEVICE
`615
`
`I
`
`OUTPUT
`DEVICE
`620
`
`I
`
`I
`
`ROM
`625
`
`I
`
`RAM
`630
`
`POWER
`SUPPLY
`640
`
`I
`I ""- BUS
`
`645
`
`DATABASE
`635
`
`FIG. 6
`
`4
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 4 of 8
`
`US 6,980,659 BI
`
`705
`
`,
`
`KSD SUPPLIES POWER TO KEY
`CONTAINER VIA POWER OUT
`INTERFACE
`
`710 ,
`
`KEY CONTAINER RECEIVES
`THE SUPPLIED POWER VIA
`POWER IN INTERFACE
`
`715
`
`KSD PLACES "DISPLAY ID"
`COMMAND ON COMMANP IN
`INTERFACE
`
`720
`
`,
`
`KEY CONTAINER RECEIVES COMMAND ON
`COMMAND IN INTERFACE AND PLACES
`CONTAINER IDENTIFIER BITS ON DATA OUT
`INTERFACE
`
`725 ,
`
`Y e s - - - -.. ·~O
`
`No
`
`730,
`
`KSD CREATES A NEW
`CONTAINER ID
`
`735,
`
`KSD CREATES A NEW
`CONTAINER KEY
`
`740,
`
`KSD STORES CONTAINER ID
`AND CONTAINER KEY IN
`DATABASE
`
`FIG. 7
`
`5
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 5 of 8
`
`US 6,980,659 BI
`
`KSD PLACES "PROGRAM 10"
`COMMAND ON COMMANP OUT
`INTERFACE
`
`KSD PLACES CONTAINER ID
`ON DATA OUT INTERFACE
`
`805 ,
`810 ,
`815 , KEY CONTAINER RECEIVES COMMAND
`
`ON COMMAND IN INTERFACE AND
`CONTAINER IDENTIFIER ON DATA IN
`INTERFACE
`
`No
`
`830 ,
`
`KEY CONTAINER STORES NEW
`10 IN CONTAINER ID STORAGE
`
`835,
`
`KSD PLACES "PROGRAM KEY"
`COMMAND ON COMMAND OUT
`INTERFACE AND CONTAINER
`KEY ON DATA OUT INTERFACE
`
`840,
`
`KEY CONTAINER ACCEPTS
`NEW CONTAINER KEY AND
`STORES IN CONTAINER KEY
`STORAGE
`
`845,
`
`KSD PLACES "PROGRAM
`SESSION KEYS" COMMAND ON
`COMMAND OUT INTERFACE
`AND CONTAINER KEY ON
`DATA OUT INTERFACE
`
`825
`/
`
`PROCESS FAILS
`
`FIG. 8
`
`6
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 6 of 8
`
`US 6,980,659 BI
`
`905,
`
`KEY CONTAINER RECEIVES
`COMMAND ON COMMAND IN
`INTERFACE AND CONTAINER
`KEY ON QAffilN INTERFACE
`
`910 ,
`
`KEY CONTAINER COMPARES
`CONTAINER KEY WITH VALUE
`STORED IN CONTAINER KEY
`STORAGE
`
`No
`
`KSD GENERATES NEW BIT
`VALUES
`
`KSD PLACES A SERIES OF
`NEW BIT VALUES ON DATA
`OUT INTERFACE
`
`KSD STORES SERIES OF NEW
`BITS VALUES
`
`925,
`
`930 ,
`
`935 ,
`
`940,
`
`KEY CONTAINER ACCEPTS
`NEW BITS AND STORES THEM
`IN SESSION KEY STORAGE
`MEMORY
`
`945,
`
`KSD DISABLES SUPPLY OF
`POWER TO KEY CONTAINER
`
`920
`/
`
`FIG. 9
`
`7
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 7 of 8
`
`US 6,980,659 BI
`
`START
`
`1005,
`
`COMMUNICATION DEVICE
`SUPPLIES POWER TO KEY
`CONTAINER
`
`1010 ,
`
`COMMUNICATION DEVICE
`PLACES A "GIVE KEY"
`COMMAND ON COMMANP IN
`INTERFACE
`
`1020
`/
`
`Yes
`
`KEY CONTAINER PLACES
`"INSUFFICIENT BITS"
`MESSAGE ON STATUS
`OUT INTERFACE
`
`No
`
`END
`
`KEY CONTAINER RETRIEVES
`AN AMOUNT OF SESSION KEY
`INFORMATION FROM SESSION
`KEY STORAGE
`
`1030,
`
`KEY CONTAINER ADVANCES
`POINTER
`
`1035,
`
`r----------- ------------~
`
`: KEY CONTAINER OVERWRITES:
`: "USED" BITS IN SESSION KEY :
`: STORAGE WITH RANDOM
`:
`:
`VALUES OR ZERO
`:
`~------------ -----------_.
`
`1040,
`
`KEY CONTAINER PLACES NEW
`SESSION KEY BITS ON Q8I8
`Q!ITINTERFACE
`
`FIG. to
`
`8
`
`

`
`u.s. Patent
`
`Dec. 27, 2005
`
`Sheet 8 of 8
`
`US 6,980,659 BI
`
`No - - - - - - '
`
`1105,
`
`KEY CONTAINER PLACES
`STATUS INFORMATION ON
`STATUS OUT INTERFACE
`
`1110 ,
`
`COMMUNICATION DEVICE
`ACCEPTS SESSION KEY BITS
`FROM DATA OUT INTERFACE
`
`Yes
`
`COMMUNICATION DEVICE
`DISABLES SUPPLY OF POWER
`TO KEY CONTAINER
`
`1125,
`
`COMMUNICATION DEVICE
`ENCRYPTS COMMUNICATION
`DATA USING EXTRACTED
`SESSION KEY BITS
`
`1130,
`
`COMMUNICATION DEVICE
`COMMUNICATES WITH OTHER
`COMMUNICATION DEVICES USING
`ENCRYPTED DATA
`
`1135, COMMUNICATION DEVICE
`DISCARDS SESSION KEY BITS
`WHEN COMMUNICATION
`SESSION COMPLETES
`
`FIG. 11
`
`9
`
`

`
`US 6,980,659 Bl
`
`1
`METHODS AND SYSTEMS FOR SUPPLYING
`ENCRYPTION KEYS
`
`FIELD OF THE INVENTION
`
`The present invention relates generally to encryption
`devices and, more particularly, to a system and method for
`supplying encryption keys to encryption devices.
`
`BACKGROUND OF THE INVENTION
`
`2
`supplying the first collection of encryption bits from the
`module to the data production device, deleting the first
`collection of encryption bits from the memory of the key
`storage module, and encrypting data produced by the data
`5 production device using the first collection of encryption
`bits.
`In another implementation consistent with the present
`invention, a method of encrypting information includes
`retrieving a quantity of encryption bits from a memory of a
`10 key storage module connected to a port of a communication
`device. The retrieval depletes a total amount of encryption
`bits stored in the key storage module. The method further
`includes encrypting data transmitted from the communica-
`tion device using the quantity of encryption bits.
`In a further implementation consistent with the present
`invention, a system for encrypting information includes a
`key storage module configured to store encryption bits in a
`memory of the key storage module. The system further
`includes a communication device configured to retrieve a
`20 quantity of encryption bits from the memory of the key
`storage module. The retrieval depletes a total amount of
`encryption bits stored in the key storage module. The
`communication device is further configured to encrypt data
`transmitted from the communication device using the quan-
`25 tity of encryption bits.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Accompanying the phenomenal growth in consumer com(cid:173)
`munications has been an ever-growing need for ensuring the
`privacy of consumer communications. This need has been
`satisfied to some extent for cellular telephones by using 15
`various encryption techniques. It is expected that the need
`will soon become apparent for data communications as well.
`As wireless communications become more prevalent, the
`need for ensuring the privacy of consumer communications
`will likely grow even further.
`Conventional methods of ensuring consumer communi(cid:173)
`cation privacy typically use message encryption keys (i.e.,
`session keys). Session keys generally are only used once to
`encrypt a given flow of messages. For instance, a cell phone
`conversation would likely use only a single session key.
`Once a call is finished, the session key would be discarded.
`A subsequent call would require a new session key.
`Session keys can be created "on the fly" by algorithmic
`techniques or they can be created "in the factory" and used
`as needed. Conventionally, consumer communications 30
`devices create session keys "on the fly" by algorithmic
`techniques. This approach has two major drawbacks, how(cid:173)
`ever. First, it is difficult to guarantee truly random session
`keys because the algorithms have only a limited set of
`possible inputs and, therefore, will generate only a limited 35
`set of pseudo-random outputs. Second, generating good
`session keys
`is computationally expensive and,
`thus,
`requires a powerful processing unit and an ample supply of
`power. Both of these requirements are problematic for
`hand-held wireless devices.
`Therefore, there exists a need for a system and method
`that can generate encryption keys and supply the generated
`encryption keys to consumer communications devices with
`low power requirements and without requiring a powerful
`processor in the communication device.
`
`The accompanying drawings, which are incorporated in
`and constitute a part of this specification, illustrate an
`embodiment of the invention and, together with the descrip(cid:173)
`tion, explain the invention. In the drawings,
`FIG. 1 illustrates an exemplary network in which a system
`and method, consistent with the present invention, may be
`implemented;
`FIG. 2 illustrates exemplary components of a communi(cid:173)
`cation device consistent with the present invention;
`FIG. 3 illustrates an exemplary key container housing
`40 consistent with the present invention;
`FIG. 4 illustrates a handset of an exemplary communica(cid:173)
`tion device consistent with the present invention;
`FIG. 5 illustrates exemplary components of a key con(cid:173)
`tainer consistent with the present invention;
`FIG. 6 illustrates exemplary components of a key supply
`device consistent with the present invention; and
`FIGS. 7-11 are flow diagrams of exemplary system
`processing consistent with the present invention.
`
`45
`
`SUMMARY OF THE INVENTION
`
`Systems and methods consistent with the present inven(cid:173)
`tion address this need by providing low power plug-in key 50
`storage modules that can supply encryption key bits to
`cellular telephones, computers, or other communications
`devices. Each plug-in key storage module stores a limited
`supply of encryption session keys that can be used for
`encrypting communications. Each plug-in key storage mod- 55
`ule can store encryption session keys of any desired length,
`thus, allowing different communication sessions to use dif(cid:173)
`ferent sized encryption session keys.
`In accordance with the purpose of the invention as
`embodied and broadly described herein, a method of 60
`encrypting information includes generating a first collection
`and a second collection of encryption bits in a key supply
`device, supplying the first collection of encryption bits to a
`key storage module, storing the first collection of encryption
`bits in a memory of the key storage module, transporting the 65
`key storage module to a data production device, connecting
`the key storage module to the data production device,
`
`DETAILED DESCRIPTION
`
`The following detailed description of the invention refers
`to the accompanying drawings. The same reference numbers
`in different drawings identify the same or similar elements.
`Also, the following detailed description does not limit the
`invention. Instead, the scope of the invention is defined by
`the appended claims.
`Systems and methods consistent with the present inven(cid:173)
`tion provide plug-in key storage modules that can supply
`encryption key bits to communications devices. Each plug(cid:173)
`in key storage module stores a limited supply of encryption
`session keys that can be used for encrypting communica(cid:173)
`tions in the communications devices. Each plug-in key
`storage module can store encryption session keys of any
`desired length, thus, allowing different communication ses(cid:173)
`sions to use different sized encryption session keys.
`
`10
`
`

`
`US 6,980,659 Bl
`
`3
`Exemplary Network
`
`4
`for use by processor 225. Read Only Memory (ROM) 235
`provides permanent or semi-permanent storage of data and
`instructions for use by processor 225. Bus 240 interconnects
`the various components of communication device 105 and
`5 allows the components to communicate with one another.
`FIG. 3 illustrates exemplary physical packaging for key
`container 135. Key container 135 may include a housing 305
`that houses the electrical circuitry of the key container. Key
`container 135 may also include an electrical interface 310
`10 for plugging into a port of communication device 105.
`FIG. 4 illustrates an example of an exemplary key con(cid:173)
`tainer 135 plugged into an interface port of an exemplary
`communication device 105 (e.g., a cellular phone).
`
`15
`
`Exemplary Key Container
`
`FIG. 1 illustrates an exemplary network 100 in which a
`system and method, consistent with the present invention,
`may operate to deliver supplies of encryption session keys to
`communication devices communicating within network
`100. Network 100 includes communication device 105
`connected with communication device 110 via network 115,
`using wired (120), wireless (125) or optical connection links
`(not shown). Network 100 further includes key supply
`device (KSD) 130 and key container(s) 135.
`Network 115 can include one or more networks of any
`type, including a local area network (LAN), metropolitan
`area network (MAN), wide area network (WAN), Internet,
`Intranet, or Public Switched Telephone Network (PSTN).
`Communication devices 105 and 110 may be similarly
`constructed and may include personal computers, personal
`digital assistants (PDAs), telephones, cellular telephones,
`computer game machines (e.g., Gameboy), small network(cid:173)
`resident devices (e.g., thermostats, sensors, actuators, or 20
`other network appliances) or similar communications
`devices.
`Key supply device 130 can include a computer or Appli(cid:173)
`cation Specific Integrated Circuit (AS I C) that generates
`encryption session keys and stores then in a database. Key 25
`container 135 can be electrically interfaced with key supply
`device 130 to receive a new supply of encryption session
`keys.
`Key container(s) 135 includes electrical devices that store
`encryption session keys received from key supply device 30
`130. Key container(s) 135 includes some form of non(cid:173)
`volatile memory and circuitry sufficient to retrieve session
`keys from the memory and supply the session keys
`to communication device 105. The packaging of Key con(cid:173)
`tainer(s) 135 can include the logical and physical interfaces 35
`defined for PCMCIA cards, compact flash cards (such as
`those used in digital cameras), Subscriber Identity Modules
`for Global System for Mobile communications (GSM) cell
`phones or cable set-top devices, serial ports or the like.
`
`40
`
`FIG. 5 illustrates an exemplary key container 135 con-
`sistent with the present invention. Key container 135 can
`include an Application Specific Integrated Circuit (ASIC)
`505, a container identifier storage 510, a container key
`storage 515, and a session key storage 520. Key container
`135 may further include input electrical interfaces and
`output electrical interfaces. These interfaces can include
`logically distinct channels for receiving data from key
`supply device 130 or supplying data to communication
`device 105. The interfaces may be implemented using
`different physical connectors or through multiplexing across
`a small number of connectors. The interfaces may be serial
`or parallel. In the case of serial interfaces, the format of the
`messages can be designed so that the messages clearly
`indicate which messages contain commands, data or status
`information.
`FIG. 5 illustrates exemplary input electrical interfaces
`COMMAND IN 525, DATA IN 530 and POWER IN 545,
`and exemplary output electrical interfaces DATA OUT 535
`and STATUS OUT 540. Interfaces 525 through 540 connect
`to ASIC 505. POWER IN interface 545 additionally supplies
`power to ASIC 505, container identifier storage 510, con(cid:173)
`tainer key storage 515 and session key storage 515.
`ASIC 505 can include conventional low power logic
`circuitry (e.g., CMOS) for implementing the processing that
`stores and retrieves key container identifiers, container keys
`and session keys.
`Container identifier storage 510 includes programmable
`45 or non-programmable memory and stores a unique identifier
`for key container 135. The unique identifier is typically
`assigned to key container 135 when session keys are stored
`in the key container 135 for the first time. The unique
`container identifier may, for example, be approximately 8
`50 bytes in length, though any length identifier may be used.
`Container key storage 515 includes programmable or
`non-programmable memory and may store a unique secret
`key for key container 135. This secret key may be assigned
`to key container 135 when session keys are first supplied to
`55 the container from key supply device 130. The unique secret
`key can be used by key supply device 130 to "unlock" key
`container 135 so that session key information may be stored
`in session key storage 520. The unique secret key may, for
`example, be a random number that is approximately 20 bytes
`60 in length.
`Session key storage 520 includes a non-volatile, re(cid:173)
`programmable memory that stores unused session keys for
`key container 135. The stored session keys can be encryp(cid:173)
`tion key bits generated using conventional techniques or
`65 randomized bits that can be used as "seeds" for generating
`cryptographically secure pseudo-random sequences
`in
`accordance with conventional techniques. Session key stor-
`
`Exemplary Communication Device
`
`FIG. 2 illustrates an exemplary communication device
`105, consistent with the present invention, that may use
`session key bits from key container 135 for encrypting data.
`Communication device 105 may include a communication
`interface 205, an output device 210, an input device 215, a
`database 220, a processor 225, a Random Access Memory
`(RAM) 230, a Read Only Memory (ROM) 235 and a bus
`240. Communication device 105 may additionally include a
`key container electrically interfaced with bus 240.
`Communication interface 205 connects communication
`device 105 to another device or network, such as network
`115. Communication interface 205 may include transceiver
`circuitry well known to one skilled in the art that can be
`tuned to multiple channels for transmitting data in a net(cid:173)
`work, such as network 115. Output device 210 permits the
`output of data in video, audio, or hard copy format. Input
`device 215 permits entry of data into communication device
`105 and may include a user interface (not shown).
`Database 220 maintains encryption session keys and may
`include a large-capacity storage device, such as a magnetic
`or optical recording medium and its corresponding drive.
`Processor 225 performs all data processing functions for
`inputting, outputting, and processing of communication
`device 105 data. Random Access Memory (RAM) 230
`provides temporary working storage of data and instructions
`
`11
`
`

`
`US 6,980,659 Bl
`
`6
`that the messages clearly indicate which messages contain
`commands, data or status information. Exemplary output
`electrical interfaces of key supply device 130 include COM(cid:173)
`MAND OUT 650, DATA OUT 655 and POWER OUT 670.
`5 Exemplary input electrical interfaces of key supply device
`130 include DATA IN 660 and STATUS IN 665. Interfaces
`650 through 670 connect to processing unit 605.
`COMMAND OUT interface 650 supplies commands to
`key container 135. DATA OUT interface 655 supplies data
`to key container 135. Such data can include container
`identifiers, container keys, and session key bits. POWER
`OUT interface 670 supplies power to key container 135.
`DATA IN interface 660 receives data from key container
`135. STATUS IN interface 665 receives status information
`15 such as, for example, data indicating how many unused
`session key bits are still stored in session key storage 520 of
`key container 135.
`
`Exemplary Key Supply Processing
`
`5
`age 520 may include flash memory, battery-backed RAM,
`static RAM, magnetic memory, or the like. The session key
`bits stored in session key storage 520 can be supplied by key
`supply device 130. Session key storage 520 may also store
`certain values needed by ASIC 505, such as a pointer in the
`memory to indicate the next unused byte of session key bits.
`COMMAND IN interface 525 accepts commands from
`communication device 105 or key supply device 130. DATA
`IN interface 530 accepts data from key supply device 130.
`Such data can include container identifiers, container keys, 10
`and session key bits. POWER IN interface 545 accepts
`power supplied by key supply device 130 or communication
`device 105 for energizing key container 135. DATA OUT
`interface 535 outputs container identifiers or session keys
`bits according to instructions from ASIC 505. STATUS OUT
`interface 540 outputs status information, such as information
`indicating how many unused session key bits are still stored
`in session key storage 520. For example, the status infor(cid:173)
`mation may indicate a quantitative value, such as the number
`of bits or bytes remaining in session key storage 520. As a 20
`further example, such information may indicate that session
`key storage 520 is "running low" on session key bits.
`
`Exemplary Key Supply Device
`
`FIG. 6 illustrates an exemplary key supply device 130
`consistent with the present invention. Key supply device 130
`can include a processing unit 605, a communication inter(cid:173)
`face 610, an input device 615, an output device 620, a ROM
`625, a RAM 630, a database 635, a power supply 640 and
`a bus 645. Key supply device 130 further includes input
`electrical interfaces DATA IN 660 and STATUS IN 665 and
`output electrical interfaces COMMAND OUT 650, DATA
`OUT 655 and POWER OUT 670. Interfaces 650 through
`670 connect to processing unit 605.
`Processing unit 605 can include conventional logic cir(cid:173)
`cuitry for implementing the processing that retrieves and
`supplies key container identifiers, container keys and session
`keys to communication device 105. Alternatively, process(cid:173)
`ing unit 605 can include a conventional microprocessor or 40
`micro-controller.
`Communication interface 610 may connect key supply
`device 130 to another device or network, such as network
`115. Input device 615 permits entry of data into key supply
`device 130 and may include a user interface (not shown). 45
`Output device 620 permits the output of key supply device
`130 data in video, audio, or hard copy format.
`ROM 625 may provide permanent or semi-permanent
`storage of data and instructions for use by processing unit
`605. RAM 630 provides temporary working storage of key 50
`supply device data and instructions for use by processing
`unit 605. Database 635 maintains session keys bits and may
`include a large-capacity storage device, such as a magnetic
`or optical recording medium and its corresponding drive.
`Power supply 640 includes conventional circuitry for sup- 55
`plying power to key container 135 via POWER OUT
`interface 670. Bus 645 interconnects the various compo(cid:173)
`nents of key supply device 130 and allows the components
`to communicate with one another.
`Key supply device 130 further includes input electrical 60
`interfaces and output electrical interfaces. These interfaces
`can include logically distinct channels for supplying/retriev(cid:173)
`ing data to/from key container 135. The interfaces may be
`implemented using different physical connectors or through
`multiplexing across a small number of connectors. The 65
`interfaces may be serial or parallel. In the case of serial
`interfaces, the format of the messages can be designed so
`
`FIGS. 7-9 are flowcharts that illustrate exemplary pro(cid:173)
`cessing, consistent with the present invention, for supplying
`encryption keys to key container 135. To supply session
`25 keys to key container 135, key container 135 may first be
`plugged into an electrical interface of key supply device 130.
`After being electrically interfaced with key container 135,
`key supply device 130 supplies power to key container via
`POWER OUT interface 670 [step 705] (FIG. 7). Key
`30 container 135 receives the supplied power via POWER IN
`interface 545 [step 710]. Key supply device 130 then places
`a "display identifier" command on COMMAND OUT inter(cid:173)
`face 650 [step 715]. Key container 135 receives the com(cid:173)
`mand at the COMMAND IN interface 525 and, in response,
`35 places container identifier bits stored in container ID storage
`510 on DATA OUT interface 535 [step 720].
`Key supply device 130 receives the container identifier
`bits on DATA IN 660 and checks to verify that the bits are
`valid identifier bits (i.e., key container 135 already has an
`assigned identifier) [step 725]. For example, all zeros may
`indicate that the key container 135 has not been assigned an
`identifier. If key container 135 already has an assigned
`identifier then processing continues at step 835 below. If the
`container identifier bits indicate that key container 135 has
`not been assigned a container identifier, then key supply
`device 130 creates a new container identifier [step 730]. Key
`supply device 130 further creates a new container key [step
`730]. As discussed previously, this container key may be
`used by key supply device 130 to unlock key container 135
`to store session key information in key container 135. Key
`supply device 130 stores the created container identifier and
`container key in database 635 [step 740].
`Key supply device 130 next places a "program identifier"
`command on COMMAND OUT interface 650 [step 805]
`(FIG. 8). Key supply device 135 also places the newly
`created container identifier on DATA OUT interface 655
`[step 810]. Key container 135 receives the command on
`COMMAND IN interface 525 and the newly created con(cid:173)
`tainer identifier on DATA IN interface 530 [step 815]. Key
`container 135 checks the container ID storage 510 to verify
`that the key container does not have already have an
`assigned container identifier [step 820]. If key container 135
`already has an assigned container identifier, the process fails
`at step 825. Key container 135 stores the new container
`identifier in container ID storage 510 if the key container
`135 does not have an assigned container identifier [step
`830].
`
`12
`
`

`
`7
`Key supply device 135 next places a "program key"
`command on COMMAND OUT interface 650 and a con(cid:173)
`tainer key on DATA OUT interface 655 [step 835]. Key
`container 135 receives the command on COMMAND IN
`interface 525 and the new container key on DATA IN 5
`interface 530 and stores the new container key in container
`key storage 515 [step 840].
`Key supply device 135 then places a "program session
`keys" command on COMMAND OUT interface 650 and a
`container key corresponding to key container 135 on DATA 10
`OUT interface 655 [step 845]. Key container 135 receives
`the command on COMMAND IN interface 525 and the
`container key on DATA IN interface 530 [step 905] (FIG. 9).
`Key container 135 compares the received container key with
`the container key stored in container key storage 515 [step 15
`910]. If the comparison indicates that the keys differ [step
`915], then the process fails at step 920. If the keys are the
`same, key supply device 130 generates new session key bit
`values using one of any number of conventional key gen(cid:173)
`eration algorithms [step 925]. For example, a random physi- 20
`cal process, such as thermal noise, can be used to generate
`new session key bit values.
`Key supply device 130 retrieves generated session key bit
`values from database 635 and places the session key bit
`values on DATA OUT interface 655 [step 930]. Key supply 25
`device 130 further stores the session key bit values in
`database 635 [step 935]. Storing these bit values in database
`635 enables key container 135 to perform auditing and other
`record keeping functions at a later time. Key container 135
`receives the new session key bit values on DATA IN 30
`interface 530 and stores the keys in session key storage 520
`[step 940]. Key supply processing completes with key
`supply device 130 disabling the supply of power to key
`container 135 [step 945]. In the manner described above,
`session keys are supplied to key container 135 in an efficient, 35
`secure manner for later use by a device, such as communi(cid:173)
`cation device 105, as described in more detail below.
`
`Exemplary Key Extraction Processing
`
`FIGS. 10--11 are flowcharts that illustrate exemplary
`processing, consistent with the present invention, for
`extracting keys from key container 135 for use in encrypting
`data produced in communication device 105. Key extraction
`processing begins with communication device 105 supply- 45
`ing power to key container 135 via POWER IN 545 [step
`1005] (FIG. 10). Communication device 105 then places a
`"give key" command on COMMAND IN interface 525 of
`key container 135 [step 1010]. Key container 135 checks
`session key storage 520 to verify that sufficient unused 50
`session bits remain in storage [step 1015]. If there are not
`sufficient unused session key bits in session key storage 520,
`the key container 135 places an "insufficient bits" message
`on STATUS OUT interface 540 [step 1020]. If sufficient
`unused session keys bits remain in session key storage 520, 55
`key container 135 retrieves an amount of session key bits
`from session key storage 520 [step 1025]. The amount of
`session key bits retrieved from session key storage 520 can
`depend on parameters such as, for example, the desired level
`of encryption security or the length of the data message, and 60
`may be user-selectable. Key container 135 advances a
`session key storage pointer [step 1030]. Key container 135
`may optionally delete "used" bits in session key storage 520
`by, for example, overwriting "used" bits in session key
`storage 520 with random values or zeros [step 1035]. Key 65
`container 135 then places new session key bits on DATA
`OUT interface 535 [step 1040]. Key container 135 also may
`
`US 6,980,659 Bl
`
`8
`place status information on STATUS OUT interface 540
`[step 1105] (FIG. 11). For example, key container 135 may
`output information relating to the number of unused session
`key bits remaining in session key storage 520.
`Communication device 105 accepts the session key bits
`received from DATA OUT interface 535 of key container
`135 [step 1110]. Communication device 105 then determines
`if the device 105 has received a sufficient quantity of bits
`from key container 135 for performing encryption [step
`1115]. If not, processing returns to step 1010. If communi(cid:173)
`cation device 105 has a sufficient quantity of session key
`bits, key extraction processing completes with communica(cid:173)
`tion device 105 disabling the supply of power to key
`container 135 [step 1120].
`After communication device 105 extracts the session k