Methods for providing security over untrusted networks

摘要

Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.

主权项

1. A method of establishing security within an untrusted network, comprising:
providing a digital certificate associated with a first security apparatus associated with a first computerized host device; sending said digital certificate via a message to a second security apparatus associated with a second computerized host device; receiving at said first security apparatus and from said second security apparatus an initialization vector and a cryptographic element which is encrypted, said cryptographic element having been generated by said second apparatus after receiving said digital certificate; decrypting said encrypted cryptographic element to obtain access to said encrypted cryptographic element; verifying an integrity of a second message used to transmit said cryptographic element using a digital signature, at least a portion of said second message wrapped along with said digital signature; initializing an encryption algorithm using the initialization vector; and encrypting one or more datagrams exchanged between the computerized host devices using the decrypted cryptographic element.