DATA ENCRYPTION SECURITY MODULE
 Inventors: Daniel Nelson Heer, Newton, N.H.;
David P. Maher, Largo, Fla.
 Assignee: Lucent Technologies Inc., Murray Hill, N.J.
[ * ] Notice: This patent issued on a continued prosecution application filed under 37 CFR 1.53(d), and is subject to the twenty year patent term provisions ol 35 U.S.C. 154(a)(2).
 Appl. No.: 08/550,910  Filed: Oct. 31, 1995
 Int. CI.6 H04L 9/00; H04K 1/00
 U.S. CI 380/49; 380/4; 380/21;
 Field of Search 380/21, 23, 25,
380/30, 49, 4
 References Cited
U.S. PATENT DOCUMENTS
4,529,870 7/1985 Chaum 235/380
5,124,117 6/1992 Tatebayashi et al 380/21
5,142,578 8/1992 Matyas et al 380/21
5,228,084 7/1993 Johnson et al 380/23
5,384,850 1/1995 Johnson et al 380/52
5,416,842 5/1995 Aziz 380/30
5,448,638 9/1995 Johnson et al 380/23
5,588,060 12/1996 Aziz 380/30
5,633,933 5/1997 Aziz 380/30
5,668,877 9/1997 Aziz 380/30
We have recognized that there is a strong need to control and maintain the secrecy ol the intelligence that may be used by computers to communicate with another, lor example, by encrypting the messages that they exchange with one another. Thus, the encryption keys used to encrypt such messages need to be managed in a highly secure manner. Accordingly, we provide an encryption module, which, in accord with an aspect ol the invention, generates a unique device encryption key (Stoc(I,), a cryptographic key formed from a unique identification key (Sid) and an associated public key (KPid), and at least one program encryption key, in which the public key is generated as a frxnction ol the unique identification key. The module then encrypts the unique identification key and program encryption key using said device encryption key and stores the encrypted result in memory internal to security module, thereby securing the keys against misappropriation. In addition, the module provides a mechanism for using the program encryption key to encrypt information that it receives from an external source and store the encrypted information in memory external to the security module, and responsive to receiving from a requester a request for the program encryption key, encrypting the program encryption key, in accord with an aspect ol the invention, using a symmetrical encryption key generated as a frxnction ol a public key generated by a security module associated with the requester. The former security module then supplies the encrypted program encryption key to the requester.
14 Claims, 4 Drawing Sheets