Browse Prior Art Database

SECURE COMMUNICATION SYSTEM ON INTERNET

IP.com Disclosure Number: IPCOM000007578D
Original Publication Date: 1995-Nov-01
Included in the Prior Art Database: 2002-Apr-08
Document File: 6 page(s) / 202K

Publishing Venue

Motorola

Related People

Jingsheng Fu: AUTHOR

Abstract

The present invention provides a method and apparatus for secure communications over Internet. The invention dynamically divides data in a packet into multiple variable length sub-packets, applies difi ferent keys to encrypt the sub-packets. Furthermore, the keys are dynamically changing. Aher a packet is sent, the keys are swapped, and/or some keys are replaced by other keys. The changed keys will be applied to the next packet. Because the total num- ber of combinations of sub-packets is almost unlim- ited, and the total number of combinations of keys is very big, it is very difftcult to intercept the encryption data. The system in the invention is very secure. On the other hand, the invention does not depend upon routers, gateways, repeater, bridges. So that the system in the invention is also flexible. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram of secure communi- cation system on Internet;

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 42% of the total text.

Page 1 of 6

MO3VROl.A Technical Developments

SECURE COMMUNICATION SYSTEM ON INTERNET

by Jingsheng Fu

INTRODUCTION

  The present invention provides a method and apparatus for secure communications over Internet. The invention dynamically divides data in a packet into multiple variable length sub-packets, applies difi ferent keys to encrypt the sub-packets. Furthermore, the keys are dynamically changing. Aher a packet is sent, the keys are swapped, and/or some keys are replaced by other keys. The changed keys will be applied to the next packet. Because the total num- ber of combinations of sub-packets is almost unlim- ited, and the total number of combinations of keys is very big, it is very difftcult to intercept the encryption data. The system in the invention is very secure. On the other hand, the invention does not depend upon routers, gateways, repeater, bridges. So that the system in the invention is also flexible. BRIEF DESCRIPTION OF THE DRAWINGS

Figure 1 is a block diagram of secure communi- cation system on Internet;

  Figure 2 is a diagram of the format of security control information in the option held of an IP datagram, which complies with the format in RFC 1108, "U.S. Department of Defense Security Options for the Internet Protocol";

Figure 3 is a flow chart of sending secured packets;

Figure 4 is a flow chart of receiving secured packets;

Table 1 is a table ofthe sub-packet numbers and the corresponding key numbers for one packet;

  Table 2 is a table ofthe sub-packet numbers and the corresponding key numbers for another packet, keys are swapped;

  Table 3 is a table ofthe sub-packet numbers, the numbers of a starting byte in a sub-packet, the length ofthe sub-packets in a packet;

  Table 4 is a table ofthe sub-packet numbers, the numbers of a starting byte in a sub-packet, the length of the sub-packets in another packet, the way to divide data here is different from that in Table 3. DETAILED DESCRIPTION OF

PREFERED EMBODIMENTS

  Figure 1 shows that the secure communication system comprises computers, Internet, security serv- ers. A computer contains a security card, on which microprocessors and memory chips are installed. Security algorithms and keys are stored in the mem- ory. Keys are stored in look-up tables at both ends. The microprocessors execute the security software.

  Figure 2 illustrates the format of security con- trol information. The type field tells the type of the option in an IP datagram. The length tiled specifies the total number of bytes in the option held, the field of algorithms and key sets indices allows the sender to inform the receiver what algorithms and

key sets should be used to decrypt data. The field of the total number of sub-packets tells how many sub- packets the data in the packet are divided into. A data packet is divided up to 18 sub-packets, The rest fields tell where the first byte in a sub-packet is located.

OPERATlON OVERVIEW

  As Figure 3 and figure 4 illustrate, prior to starting secure communications,...