Claims
- 1. A method for securing a communications channel having perfect forward secrecy comprising the steps of:
receiving an authorization request message comprising an asymmetric key; in response to receiving an authorization request message, selecting a symmetric key parameter; calculating a key exchange parameter based on the symmetric key parameter; encrypting the key exchange parameter with the symmetric key; and sending an authorization response message comprising the encrypted asymmetric key exchange parameter.
- 2. The method of claim 1, further comprising a step of selecting a random number.
- 3. The method of claim 2, further comprising the step of encrypting the random number with the asymmetric key.
- 4. The method of claim 1, wherein the symmetric key is part of a public-key algorithm.
- 5. The method of claim 1, wherein the symmetric key is part of an RSA public-key certificate.
- 6. The method of claim 1, wherein the symmetric key parameter is part of a Diffie-Hellman key exchange protocol.
- 7. A method for securing a communications channel having perfect forward secrecy comprising the steps of:
receiving an authorization response message comprising an encrypted first asymmetric key exchange parameter; in response to receiving the authorization response message, decrypting the encrypted asymmetric key exchange parameter; selecting a secret key parameter; and calculating a second asymmetric key exchange parameter based on the secret key parameter; and calculating a shared asymmetric encryption key based on the secret key parameter and the first asymmetric key exchange parameter.
- 8. The method of claim 7, wherein the step of receiving an authorization response message further comprises receiving an authorization response message comprising an encrypted random number.
- 9. The method of claim 8, further comprising the step of decrypting the encrypted random number with an asymmetric key.
- 10. The method of claim 7, further comprising the step of encrypting a random number with the shared asymmetric encryption key.
- 11. The method of claim 7, further comprising the step of sending an authorization acknowledgment message comprising the second asymmetric key exchange parameter.
- 12. The method of claim 7, further comprising the step of sending communications traffic encrypted with the shared asymmetric encryption key.
- 13. A method for generating non-linear ciphertext derived from a linear source comprising the steps of:
selecting a first tap and a second tap in a register; combining an output of the first tap with an output of the second tap; calculating a first value from a logical “and” operation taken between the outputs of the first and second taps; selecting a third output bit of the register; combining the first value with the third output bit of the register; calculating a second value from an exclusive “or” operation taken between the first value and the least significant output bit of the register; and forming ciphertext derived from plain text and the second value.
- 14. The method of claim 13, further comprising the step of calculating a plurality of second values with a plurality of registers.
- 15. The method of claim 14, further comprising the steps of:
combining the plurality of second values together; calculating a third value from an exclusive “or” operation taken between the combined second values.
- 16. The method of claim 15, further comprising the step of calculating a plurality of third values from a plurality of sets of registers.
- 17. The method of claim 19, wherein the step of forming cipher text further comprises the step of combining plain text with the plurality of third values.
- 18. The method of claim 17, further comprising the step of determining whether a clock tap of a register matches a majority clock value.
- 19. A laser transceiver node comprising:
an optical tap routing device for apportioning the bandwidth between subscribers of an optical network system, the optical tap routing device further operable for:
selecting a symmetric key parameter; calculating a key exchange parameter based on the symmetric key parameter; encrypting the key exchange parameter with the symmetric key; a tap multiplexer coupled to the optical tap routing device for multiplexing upstream and downstream signals.
- 20. The laser transceiver node of claim 19, further comprising a laser optical transmitter coupled to the tap multiplexer for generating optical signals.
- 21. The laser transceiver node of claim 19, further comprising a laser optical receiver coupled to the tap multiplexer for converting optical signals into electrical signals.
- 22. The laser transceiver node of claim 19, wherein the optical tap routing device further comprises a plurality of registers for generating ciphertext.
- 23. The laser transceiver node of claim 22, wherein the registers employ non-linear filtering to produce the ciphertext.
- 24. A subscriber optical interface comprising:
a processor for controlling the digital optical transmitter and receiver, the processor further operable for:
receiving a message comprising an encrypted first asymmetric key exchange parameter; in response to receiving the message, decrypting the encrypted asymmetric key exchange parameter; selecting a secret key parameter; and calculating a second asymmetric key exchange parameter based on the secret key parameter.
- 25. The subscriber optical interface of claim 24, wherein the processor is further operable for calculating a shared asymmetric encryption key based on the secret key parameter and the first asymmetric key exchange parameter.
- 26. The subscriber optical interface of claim 24, further comprising:
a bidirectional optical signal splitter; a digital optical receiver coupled to the splitter; and a digital optical transmitter coupled to the splitter.
- 27. The subscriber optical interface of claim 24, wherein the processor further comprises a plurality of registers for generating ciphertext.
- 28. The subscriber optical interface of claim 27, wherein the registers employ non-linear filtering to produce the ciphertext.
- 29. A system for securing communications channels, comprising:
a register comprising;
a first tap and a second tap for calculating a first value taken between the outputs of the first and second taps, the output between the first tap and second tap comprising a non-linear value; an output of the register taken between the first value and a third output bit of the register; and a new bit comprising an operation taken between the taps of the register.
- 30. The system of claim 29, wherein the register further comprises a tap coupled to a majority clock function, wherein the register is clocked when the tap coupled to the majority clock function equals a majority value of the majority clock function.
- 31. The system of claim 29, wherein the system comprises a plurality of registers designated as a set and for producing at least one bit of a keystream.
- 32. The system of claim 29, wherein the system comprises a plurality of sets of registers, and wherein output of each set is combined to form a keystream.
- 33. The system of claim 32, wherein the keystream is combined with plain text to form ciphertext.
- 34. The system of claim 32, wherein the keystream is combined with plain text in an exclusive “or” operation to form ciphertext.
- 35. The system of claim 29, wherein the register comprises a Linear Feedback Shifter Register (LFSR).
STATEMENT REGARDING RELATED APPLICATIONS
[0001] The present application is a continuation-in-part of non-provisional patent application entitled “System and Method for Communicating Optical Signals between a Data Service Provider and Subscribers,” filed on Jul. 5, 2001 and assigned U.S. application Ser. No. 09/899,410. The present application also claims priority to provisional patent application entitled, “Last Mile Link Security” filed on Sep. 10, 2001 and assigned U.S. Application Serial No. 60/318,447. The present application further claims priority to provisional patent application entitled, “Fiber—Deep Network Security,” filed on Jun. 14, 2002 and assigned U.S. Application Serial No. 60/388,497. The entire contents of the non-provisional patent application and the provisional patent applications mentioned above are hereby incorporated by reference.
Provisional Applications (2)
|
Number |
Date |
Country |
|
60318447 |
Sep 2001 |
US |
|
60388497 |
Jun 2002 |
US |
Continuation in Parts (1)
|
Number |
Date |
Country |
Parent |
09899410 |
Jul 2001 |
US |
Child |
10238972 |
Sep 2002 |
US |