Encrypted communication system

Abstract

A system for exchanging encrypted data between selected devices at stations comprising a network. The system includes an encrypted communications device (ECOM) (12) that selectively encrypts data from one of a plurality of different devices. With the ECOM, a user selectively encrypts voice transmissions from a telephone, facsimile transmissions produced by a facsimile machine, or data transmissions, either from a personal computer (PC) or from a modem connected to a PC for transmission over non-secure telephone lines (18) to another such device connected to an ECOM at the other location. The receiving ECOM initiates secure communications by encrypting a portion of a data encryption key (DEK) that is transmitted back to the first ECOM, which decrypts it and then generates a second portion of the DEK for transmission back to the receiving ECOM. These two portions are then exclusively ORed (XORed) together by each ECOM to determine the DEK for use in encrypting and decrypting data during the current session. Each ECOM includes a public network of key exchange keys (KEKs) that are used for encrypting the selected portions of the DEK used during the session. In addition, a private network of ECOMs includes a private table of KEKs, so that only those ECOMs comprising the private network can establish secure communications with each other using the private table of KEKs.