Abstract: At least one embodiment takes the form of a process carried out by a key-management infrastructure (KMI). The KMI receives first and second disassembly products of a high-security cryptographic key and provides the first and second disassembly products to a mobile radio for reassembly of the high-security cryptographic key. Providing the first disassembly product to the mobile radio includes providing the first disassembly product to the mobile radio over a local connection via a restricted-access key variable loader. Providing the second disassembly product to the mobile radio includes (i) generating a medium-security-encrypted second disassembly product at least in part by encrypting the second disassembly product based on at least one medium-security cryptographic key, and (ii) providing the medium-security-encrypted second disassembly product to the mobile radio over an air interface.

Abstract: A secure memory system binds an encrypted first data value stored in a memory with a state of the memory by selecting, at random, an address in the memory and mixing a second data value, stored at the address, with a hash value of the first data value to produce a split value. The address, split value and first data value are encrypted and stored in the memory. To detect tampering of the memory, the encrypted address is decrypted and the corresponding value read from the memory and used to recover a hash value from the decrypted split value. The recovered hash value is then compared with the original hash value.

Abstract: A transceiver receives channel control commands which communicate predictions of upcoming frequency bands that might be used for communication or which communicate activations of upcoming frequency bands and time units which will be used for communication. The transceiver includes a plurality of synthesizers which can be switched to control the frequencies at which a receiver and transmitter operate. When predictions are received, frequency IDs associated therewith are used in programming new frequencies into non-activated ones of the synthesizers. When each activation is received, a memory structure is programmed to identify one of the synthesizers, to record a frequency for programming into the identified synthesizer, and to record timing data describing when to program the identified synthesizer and when to activate the identified synthesizer. The memory structure is used to control the programming and switching of synthesizers which drive the receiver and the transmitter.

Abstract: A hand-portable position locating radio has a geolocation (e.g. GPS) receiver providing local position and timing information from geolocation means (e.g. GPS or IRIDIUM satellites) and a local transceiver for sending local position and other information to a communication system (e.g., an IRIDIUM or MILSAT satellite). A data processor coupled to the local transceiver and receiver controls operation of the device, including storing local position information and separating signals broadcast by the communication system into those intended or not intended for the device. The radio prepares an emergency access message which it sends to the satellite communication system in a manner to insure rapid detection of the emergency signal and allocation of a clear channel and time slot for further communication.

Abstract: An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The authentication center receives an equipment ID for each terminal, generates a series of sequence numbers and uses a secret key to encrypt the sequence numbers and the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber's terminal. The authentication center sends a public key to network authentication nodes. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The node decrypts the encrypted block and evaluates the IDs and sequence number to determine whether to grant access to services.

Abstract: A slave station, such as an orbiting satellite, and a master station, such as a ground control station, have their own lists of random pads. The master and slave station lists are identical. When the master station sends a critical command to the slave station, a selected one of the pads is combined with the command and transmitted to the slave station as a data communication message. Each pad is used only once. The slave station evaluates the received pad value using its version of the same selected pad. If the evaluation detects correspondence, then the command is authenticated and the slave station acts upon the command. The random pads are generated by the slave station. They are encrypted using an asymmetric encryption process and transmitted to the master station so that the master and slave stations will operate on common sets of pads.

Abstract: An environment which includes a communications network, user terminals, and an authentication center provides communication services only to legitimate subscribers. The center receives an equipment ID for each terminal and uses a secret key to encrypt the equipment ID with a user ID and an error detection code to form an encrypted block. This block is programmed into an authentication module and sent to the subscriber for installation in the subscriber's terminal. The center sends a public key to authentication nodes of the network. When the subscriber operates the terminal to gain access to the network, a log-on message, which includes the encrypted block and an unencrypted version of the equipment ID, is sent to an authentication node. The authentication node decrypts the encrypted block and evaluates the IDs to determine whether to grant access to services offered by the network.

Abstract: A secure teleconferencing method for a key management system is shown. This method directly establishes a secure teleconference among a number of terminals without the intervention of a certifying authority. The terminals of this system have been previously certified by a common certification authority. Upon detection of a secure teleconference, the terminals orient themselves in a master/slave configuration. The terminals exchange certification messages. As a result, each terminal determines the identity of the other terminals. Under the supervision of the master terminal, the terminals establish a single session, session key which permits secure communication among the terminals. A new session key is pseudorandomly generated for each teleconference call. A minimum number of messages is exchanged to establish the secure teleconference.

Abstract: A hierarchical key management system includes a number of secure terminals. These terminals provide secure access to a corresponding number of users. A user inserts a security activation device or key into the secure terminal to access a secure connection through the established communication network. A group of secure wireline terminals is connected to a key certification authority. There may be several groups of key certification authorities and corresponding secure terminal users. At the highest level, a key certification center authorizes secure communications by the key certification authorities. In turn, the key certification authorities authorize secure communications between the users. As a result, if one level of key management is compromised, other levels and users are not affected.