The invention relates to an arrangement and a method for key transmission in a public communication system having a plurality of subscriber stations.
In communication networks with an integrated services network such as ISDN represents for example, voice, text, data and images are transmitted over a line on a digital basis All services of a subscriber can be reached by the same call number on the same main subscriber line. This enables a flexible and versatile exchange of data between the various subscribers; however it is just this versatility of the various services offered which awakens the desire to exchange, besides public ones, also encrypted messages and data. In this case it is to be made more difficult for a third party to gain knowledge of the messages and data.
Various encryption methods are known for encrypting the data, for example symmetrical encryption methods or encryption methods with so-called public keys. In addition, in particular the three-pass protocol (U.S. Pat. No. 4,567,600, U.S. Pat. No. 4,587,627) and, for example, the method with a codeword (German Patent Specification 3,123,168) are of significance as encryption methods.
The encryption methods used here must be such that the various services of the network, such as, for example, conference connections, abbreviated numbers and connection establishment abbreviated for example by means of name keys by storage of the connections frequently dialled, are fully retained.
In order to ensure the authenticity of the subscribers, that is to say to verify that the transmission did in fact take place to the desired subscriber, it is customary to provide in the network a key distribution station on the basis of the public key systems, in which the keys for transmission are generated and distributed. In addition, all the call numbers and the associated public keys of all subscribers must be maintained there.
Key distribution stations of this type represent the main point of attack and the security weak point of the entire network. It is therefore necessary to protect them comprehensively.
In communication networks for a plurality of communication services, the desire also exists to be able to employ protection methods with different security levels appropriate to the services used. Thus, a system which is particularly easy to use and does not hinder the communication should be used for the telephone service. For the other services, such as text and data, an automatically executed protection method would be advantageous.