This invention relates in general to the field of communications and in particular to encrypting information within a communications network.
Many communications networks incorporate techniques for encryption of the information transmitted between components in the network. For example, a local area network (LAN) connecting multiple end stations and supporting Internet Protocol (IP) might incorporate a technique for encrypting voice, data, video, or other information streams transmitted between end stations during a communications session. Successful operation of the network will in many instances depend on the ability of this encryption technique to satisfy performance, flexibility, regulatory, and other requirements while providing a desired level of privacy for communications over the network.
As the communications industry continues to dominate the growth of the global economy, providing a desired level of privacy for network users while also satisfying performance, flexibility, regulatory, and other requirements has become increasingly important. In particular, the advent of IP telephony has increased the requirements for information privacy to a marked degree. However, prior encryption techniques used for transferring information streams between computers typically involve computationally intensive encipherment techniques that provide a much higher level of security than is typically needed for IP telephony. As such, use of these techniques in an IP telephony environment may contravene the cryptography axiom that the encryptor should ideally be tailored to particular security needs rather than providing, in all situations and without regard to the data being transmitted, the most powerful encryption possible. Other prior encryption techniques, although generally better adapted to the information and other requirements associated with IP telephony, use relatively simple linear and non-linear feedback shift registers to provide the output key sequences. Although such techniques provide reasonable levels of security and are typically less computationally intensive, they are often inflexible in their structure and with respect to the privacy provided. As a result of these and other deficiencies, prior encryption techniques are inadequate to meet the requirements associated with IP telephony and other communications within communications networks.
According to the present invention, disadvantages and problems associated with encryption in a communications network are substantially reduced or eliminated.
According to one embodiment of the present invention, in a communications system, two or more end stations coupled to a network participate in a communications session with one another using the network. Each end station includes an encryptor having at least a first linear feedback shift register (LFSR) and at least an associated first interconnect mask of a length not longer than the length of the first LFSR. At one end station, the encryptor generates an output sequence using the first LFSR and the first interconnect mask. An interconnect mask table contains polynomials that correspond to available interconnect masks. The end station receives a session key specifying the first interconnect mask. The end station uses the output sequence of the encryptor to encrypt an information stream during the session. In a more particular embodiment, the network includes a local area network (LAN) supporting Internet Protocol (IP) and end stations use real time protocol (RTP) to communicate audio information streams.
The present invention provides a number of important technical advantages. Unlike prior encryption techniques used for transferring information streams between computers, which typically involve computationally intensive encipherment techniques and provide a higher level of security than typically needed for IP telephony, encryption according to the present invention may be less computationally intensive. In addition, LFSRs of any length may be used up to the maximum length of the underlying hardware or machine without increasing processing requirements. Also unlike computationally simpler prior encryption techniques that use linear or non-linear feedback shift registers to provide the output key sequences, the present invention provides a flexible structure that may adapted as appropriate to provide a desired level of privacy.
The use of pointers to specify interconnect maps greatly expands the number of potential combinations of interconnect maps, substantially increasing the security that may be provided. In addition, multiple sets of interconnect maps may be used to provide different security modes depending on the particular end station and the nature of the session. Furthermore, the use of pointers, possibly to specify interconnect maps longer than the lengths of the pointers, increases the effective length of the session key. The session key may be any suitable length according to the desired security level, regulatory restrictions on session key length, and other particular needs. The session key structure of the present invention further increases the effective length of the session key. As a result of these and other important technical advantages, the present invention is well suited for IP telephony and other types of communications. Other technical advantages are readily apparent to those skilled in the art.