Apparatus and method for encrypting communications without exchanging an

Abstract

An encryption/decryption unit (EDU) and method for determining a data encryption key used in encrypting and decrypting data transmitted over a non-secure communication link. Each EDU includes a central processing unit (CPU) that controls its operation, random access memory (RAM) in which one or more sets of seed keys are stored, and a data encryption standard (DES) coprocessor that implements a data encryption algorithm developed by the U.S. National Bureau of Standards. The CPU includes special circuitry enabling it to operate in an encrypted mode so that it cannot be interrogated to discover the program or data stored therein. Each EDU randomly generates a pointer, bytes of which determine the number of times that a loop is repeated in which values (initially determined by two of the seed keys) are XORed together and encrypted using one of the seed keys to determine a portion of the data encryption key (DEK). The pointer is encrypted, along with other information, producing an encrypted key header that is transmitted to the other EDU establishing the link. Upon receiving the encrypted key header, it is decrypted, and the decrypted pointer is used by the receiving EDU to determine the portion of the DEK developed by the other EDU. The two portions of the DEK are then logically combined at each EDU to produce the final DEK, which is then used during the current communication session for encrypting data exchange between the two EDUs.