Patent attributes
The invention discloses a method of updating, in nodes on both ends of a secure link, the encryption key they share to encrypt and decrypt data. When having to transmit data from one of the nodes towards its peer remote node, a data base in the forwarding node, is first updated from the data to be transmitted. Then, encryption is performed and data transmitted to the peer remote node while a next-to-use encryption key is derived from the new contents of the data base. When received, data are decrypted with the current value of the encryption key and the peer remote node data base is updated identically from the received decrypted data after which a next-to-use encryption key is derived, thereby obtaining in the peer remote node, a next-to-use identical key. The data base is preferably the dictionary of a data compression/decompression system used simultaneously with encryption/decryption to transmit data over the secure link. While keys are frequently updated, for improved security, the invention does not require that key updates need to be actually distributed.