| CPC H04L 9/0618 (2013.01) [H04L 9/0869 (2013.01); H04L 9/14 (2013.01)] | 21 Claims |
|
1. A secure device for transmitting encrypted communications over a network comprising:
a. a processor having an input for receiving at least one message to send to a first other secure device, the processor coupled to at least one data bus;
b. a memory communicatively coupled to the processor, and for storing at least one list of cipher keys for use with communication with the first other secure device, the first other secure device also having a memory with an identical stored copy of the at least one list of cipher keys;
c. cipher selection circuitry coupled to the processor, wherein the cipher selection circuitry is adapted to generate a selection code indicative of a message encryption cipher key, a message decryption cipher key, a handshake message encryption cipher key, and a handshake message decryption cipher key, that are based on the at least one list of cipher keys identically stored in each of the memories of the secure device and the first other secure device, wherein the first other secure device has corresponding cipher selection circuitry adapted to process the selection code to produce a copy of the message encryption cipher key, message decryption cipher key, handshake message encryption cipher key, and handshake message decryption cipher key, from the stored copy of the at least one list of cipher keys in the memory of the first other secure device; and
d, a network interface communicatively coupled to said processor and adapted for transmitting and receiving digital information over a network to and from the first other secure device,
wherein the processor is adapted to operate in an initialization phase by activating the cipher selection circuitry to produce the selection code, and to produce and transmit a handshake message via the network interface to the first other secure device, the handshake message comprising unencrypted network addresses of the secure device and the first other secure device, and the selection code, and
wherein the processor is further adapted to operate in a confirmation phase upon receiving a response handshake message transmitted by the first other secure device and to process first and second segments of the response handshake message with the handshake message encryption cipher key and the handshake message decryption cipher key, respectively, to obtain first and second data sequences and to compare the first data sequence to the message encryption cipher key, and to compare the second data sequence to the message decryption, to confirm that the first and second data sequences correspond to the respective message encryption and decryption cipher keys associated with the selection code, and
wherein, upon confirming that the obtained first and second data sequences correspond to the respective message encryption and decryption cipher keys associated with the selection code, the processor is further adapted to operate in a transmission phase by encrypting at least one message received at its input based on the message encryption cipher key, and to transmit the resulting encrypted at least one message via the network interface to the first other secure device.
|