1. Statement of the Technical Field
The invention concerns devices for securing transmitted data in radio communications, telecommunication, and voice over internet protocol communications. More particularly, the invention concerns a cryptographic processing module having a network centered recovery process.
2. Description of the Related Art
A cryptographic processing module (sometimes referred to as a programmable encryption module) is a device for securing transmitted data in a radio communication, a telecommunication, a voice over internet protocol communication, and/or other network communications. The cryptographic processing module requires cryptographic initialization to provide full functionality to a user. Cryptographic initialization refers to the conventional process by which one or more initialization vectors are provided to a cryptographic processing module so that the module can perform cryptographic processing. An initialization vector is defined in this context to be one or more blocks of data that when properly implemented enable full funtionality of a crytographic processing module. Without such an initialization vector, a cryptographic processing module will not function at full capability.
Typically, this cryptographic initialization is performed at a factory facility or at some other high level customer assembly or maintenance facility before the unit is deployed as part of a communication system. After the unit is deployed however, there are various situations that can arise which result in the need to once again perform a cryptographic initialization. For example, as a consequence of performing maintenance on the cryptographic processing module, the module's information security related functions could be disabled. Subsequently, the cryptographic processing module would need to be re-initialized to once again provide full system functionality to a user.
In general, the cryptographic initialization process requires appropriately approved classified locations and cleared personnel in order to maintain the cryptographic processing modules. The need for such classified locations and cleared personnel does not present a significant problem at factory facilities or other high level maintenance facilities. However, it is often inconvenient to provide such capabilities at customer production facilities. Likewise, there can be difficulties with providing such capabilities at end user field maintenance locations, which are often operated in remote or even hostile environments. For example, the necessity of having appropriately approved classified locations is costly. Furthermore, this approach requires the use of cleared personnel who are in short supply.
In view of the foregoing, there remains a need for a module re-initialization method that can be performed outside of a classified environment. Also necessary is a method that provides a global maintenance approach to module re-initialization through the use of a network, such as an Internet or an Intranet, thereby providing a cost effective approach.