Method and apparatus for key-management scheme for use with internet protocols at site firewalls
US5416842A · kind A · utility
Assignee
Inventor
Key dates
| Filing date | Jun 10, 1994 |
| Grant date | May 16, 1995 |
| Priority date | — |
| Expiry date | Jun 10, 2014 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/083
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
The present invention includes a first data processing device (node I) coupled to a first private network and to a firewall server (FWA). Firewall server FWA is in turn coupled to a public network, such as the Internet. A second data processing device (node J) is coupled to a second private network which is coupled to the Internet through a firewall server (FWB). Node I provides a data packet including IP data and a destination address for the intended receiving node J to firewall FWA. Firewall FWA is provided with a secret value a, and a public value .varies..sup.a mod p. Similarly, firewall FWB is provided with a secret value b and a public value .varies..sup.b mod p. The firewall FWA obtains a Diffie-Hellman (DH) certificate for firewall FWB and determines the public value .varies..sup.b mod p from the DH certificate. Firewall FWA then computes the value of .varies..sup.ab mod p, and derives a key K.sub.ab from the value .varies..sup.ab mod p. A transient key K.sub.p is randomly generated and is used to encrypt the data packet to be transmitted by firewall FWA to firewall FWB. The encrypted data packet is then encapsulated in a transmission packet by the firewall FWA. The transm…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.