CA1189925A - Method and apparatus for forming secret codes - Google Patents

Method and apparatus for forming secret codes

Info

Publication number
CA1189925A
CA1189925A CA 361831 CA361831A CA1189925A CA 1189925 A CA1189925 A CA 1189925A CA 361831 CA361831 CA 361831 CA 361831 A CA361831 A CA 361831A CA 1189925 A CA1189925 A CA 1189925A
Authority
CA
Grant status
Grant
Patent type
Prior art keywords
key
new
defined
means
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
CA 361831
Other languages
French (fr)
Inventor
Hans Baldinger
Peter Hartmann
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Patelhold Patenverwertungs and Elektro-Holding AG
Original Assignee
Patelhold Patenverwertungs and Elektro-Holding AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner

Abstract

INVENTORS: HANS BALDINGER and PETER HARTMANN
INVENTION: METHOD AND APPARATUS FOR FORMING SECRET CODES
ABSTRACT OF THE DISCLOSURE

During the secret data transmission the problem exists of transmission of keys between the subscribers with-out utilizing the same enciphered transmission system.
To generate a new key from the momentarily existing key by means of the existing ciphering equipment, however while incorporating at least one additional element, there is employed the point in time when the new key is produced to-gether with the existing key. This time point can be agreed upon between the subscribers ahead of time or by means of an enciphered tranmission path. At each station of a key signal generator there is removed a pseudo-random signal and infed by means of a gate to a key storage or memory. The gate is released or rendered conductive, starting from an externally determined point in time, for a number of bits which at least correspond to the capacity of the key storage.

Description

I

background OF THE INVENTION
.. . _ . Jo The present invention relates to a new and improved method of generating identical keys for the enciphering and deciphering of signal sequerlces at the end locations of a transmission path from exist:irlg identical secret keys as well as to an apparatus for the performance of the method.

During the enciphered transmission of data in networks the transmission of the key between the subscribers constitutes an important problem. Basically, new keys cannot he transmitted over the same enciphered network. A new key is especially employed because the longer that a key is used the greater the danger that such key will be discovered by an opponent or unauthorized party. Therefore, there is available as a counter measure or alternative procedure the dissemination of the message by a messenger or by means of a special transmission network which, however, is not always available. The distribution of the message by a messenger can be difficult, for instance in wartime, when the subscribers or network support points are isolated or cut-off from one another.

There are already known to the art methods by means of which a secret key or code can be agreed upon between two stations by means of an unprotected line, i.e. a line which is accessible to third parties. Significant in this regard is the article of W. Defoe and M. Bellman, entitled "New Directions in Cryptography", IEEE Trans. on Inform-anion Theory, Volume 22, No. 6, 1976, pages 644 - 65~.
However, these techniques require a high expenditure in come putter equipment in order to ensure for adequate cryptological security.

SUMMARY OF THE INVENTION

Therefore, with the foregoing in mind it is a primary object of the present invention to provide a new and improved method of, and apparatus for, generating a new key from an existing key by means of the available ciphering equipment, wherein there can be externally incorporated at least one additional element, i.e. by the user. Otherwise the cipher-in equipment with altered key simply can be viewed as an expanded or augmented ciphering device having a fixed key.

Now in order to implement these and still further objects of the invention, which will become more readily apparent as the description proceeds, the method of generating identical keys for the erlciphering and deciphering of signal sequences at the end locations or terminals of a transmission path from identical keys, con-templates determining the new key, on the one hand, from a preceding key and, on -the other hand, from the point in time of the command for generating the new key.

The invention also concerns an apparatus for per-pheromones of the method, wherein there is provided a key signal generator from which there is removed a pseudo-random signal which is transmitted by means of a gate circuit to a key storage. The gate circuit is freed, starting from an extern-ally predetermined point in time, for a number of bits which correspond at least to the capacity of -the key storage.

One of the basic concepts of the invention resides in employing the point in time, at which the new key is pro-dazedly together with the existing key, for determining the new key. This point in time can be agreed upon ahead of time by the subscribers or, if necessary, also can be agreed upon by means of the enciphered transmission path. In the last-mentioned situation the opponent only then can learn about the new code if he or she already knows the existing key and can decipher such on-line with an identical device.

The opponent can learn about the existing key either by having the same disclosed without authorization, for instance by spying, or through cryptological analysis. In the last-mentioned case it would be possible to preclude the on-line listening opponent from directly learning about the new key, in that for the generation of the new key, in addition to the key used for data transmission, there is I

employed a furtherkeywhich is only used for the generation of the key.

The point in time of generating -the new key must be determined by the users only within certain limits. The exact point in time is determined by the ciphering devices which anyway operate in synchronism A further development of the method resides in the features that the new key not only is determined by the existing key and the point in time of generating the new key but additionally by a key or code number which is in-corporate at both sides or ends of the system, and as to such additionally inserted key number such must not be a complete key, rather there is adequate a simple number which can be easily remembered, for instance a three decimal number.

The method especially has the advantage that the new key is not even known to the users themselves, and thus, cannot become known to the opponent either through unauthorized disclosure nor by blackmail or the like.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be better understood and objects other than those set forth above will become apparent when consideration is given to the following detailed rescript-ion thereof. Such description makes reference to the annexed drawings wherein:

Figure 1 is a principle schematic block air-cult diagram of a data transmission and enciphering system showing the transmitter station and receiver station;

Figure 2 is a functional block circuit diagram of the transmitting station and receiving station;

Figure 3 is a multiple-signal diagram for explaining the mode of operation of the circuitry of Figure Figure 4 illustrates a further embodiment in block circuit diagram of a code transmission system composed of a transmitting station and reeving station;

Figure 5 is a further exemplary embodiment, likewise in functional block circuit diagram of a trays-milting station; and Figure 6 is a still further exemplary embody-mint, again in functional block circuit diagram of a transmitting station.

DETAILED DESCRIPTION OF TIE PREFERRED EMBODIMENTS

Describing now the drawings, with the principle circuit arrangement shown in Figure 1 there is provided s at the transmitter or transmitting station S a key modulator SUM with associated key computer SO as the enciphering equip-mint or device and at the receiver station or receiver E a key demodulator SD with associated key computer SO as the deciphering equipment or device. The key modulator So has inked thereto the pulse sequence x corresponding to a clear signal and from the key computer SO a pulse sequence _ serving as the key signal. Due to the continuous mixing of the key signal bits and the clear signal bits -there is produced the pulse sequence z of the enciphered signal which arrives by means of a transmission channel UK at the no-sever station E. At this location the key demodulator SD has applied thereto the pulse sequences Xanadu _*, from which there can be again obtained the clear signal-pulse sequence x (which for the sake of simplicity has been basically designated in the same manner as at the transmitter end of the system).

For a correct deciphering at the receiver end of the system the there located key computer SO must be exactly synchronized with the transmitter-end key computer SO.
With a transparent enciphering system the synchronization occurs, for instance, by a synchronization sequence which must be sent at the start of the transmission from the transmitter to the receiver.

At the transmitter-end and receiver-end key computers there is available a multiplicity of synchronous pseudo random sequences, which can be obtained by tapping in each case the same points of the circuitry. If a section of such type sequence is read-in at both stations simultaneously into a storage, then both of the storages contain the same numbers, which therefore can be employed as the new key or code for the computer.

So that the storage content of both stations coincides, the starting point in time of reading into the computer must exactly coincide at the transmitter and no-sever. This coincidence can be obtained in that a trip or trigger pulse is transmitted by means of a special channel. The transmission of the trigger pulse must be accomplished encoded, since the point in time of reading into the storage or memory constitutes the new key or code information. If the transmitted useful information or data is constituted by a multi-channel signal in time multiplex, then the trigger pulse can be transmitted by means of one of the channels, for instance the service channel.

A further possibility for determining the reading-in time point at the storage resides in agreeing - upon such point in time at both of these stations. This time point can be determined bit-synchronously by control pulses which themselves are bit-synchronouslygenerated in the come putters. If the control pulses arise relatively seldom, for instance on the average every five seconds, then it is sufficient that at the transmitter and receiver there are selected the same intervals which precede the momentary con-trot pulse. The reading-in at the storage then begins bit-synchronouslywith.the control pulse at the end of the interval.

The selection of the interval does not place any great no-quirements upon the synchronization accuracy. If there are selected at the transmitter and receiver the intervals at certain points in time, which are spaced from one another by several milliseconds, then the start of the reading-in operation occurs with great probability at the same control pulse, i.e. bit-synchronously.

The intervals are determined in the following manner: To the extent that the start of each interval is indicated to the operator, then he can select a certain interval, for instance by depressing a key or button or the like. In order to accomplish a synchronous change of the key signal the operators reach agreement by means of a spear-ate line or a service channel and subsequently agree upon the depression of a key at the start of a certain interval.

s Figure 2 illustrates in functional block circuit diagram the transmitting station and receiving station. The data x from the information -transmitter IS, and which is to be enciphered arrives by means of a line at the transmitter-end ciphering device COG, where it is mixed in a key modulator SUM with the key signal w generated in the key generator SO. The enciphered output signal z arrives by means of the transmission channel UK at the receive rend ciphering device COG*, where it is deciphered in the key demodulator SD*. The ciphering devices COG furthermore contain at least two storages or memories for the keys or codes, namely a first storage So and a second storage So, as well as a change-over or reversing switch B, by means of which there can be selected one of these storages. Furthermore, the ciphering devices contain a synchronization circuit SUE

At the random pulse counter ZZ there are counted the seldom random pulses generated by the key generator! as will be evident by also referring to Figure 3. The counter ZZ its a revolving counter which upon reaching the highest counter state again begins to count from null. Two states Al and Z2 of the counter (in Figure 3 the counter states 15 and 10) are decoded. During each pass of the counter state Al the counter delivers a control US

pulse s which turns on the switch C for a predetermined number of clock steps provided that the gate circuit or gate G is in its conductive state. This is then the case when the output of the flip flop OF has been set to 1 by previously pressing the key T. The number of clock steps is at least equal to the number of bits of the story age So and is determined by -the counter Al. Due to this operation new information u is read-in by the key generator SO into the key storage So.

The synchronism of -the transmitter-end and receiver-end control pulses s and s* is ensured in that during each synchronization of the key generators the counters ZZ and ZZ* are set to null by the reset signals r and r* respectively.

A single interval is determined by one revolution of the counter Al to Al The decoding of Z2 results in the division of the interval into two sub sections. During the first interval there is delivered a signal EEL, whereas during the second interval there is delivered a signal SLY These signals FL and SO are indicated at the front panel or plate of the ciphering device by a green and red lamp, respectively. Basically, the operator can actuate the key T during the entire interval.

S

- If it is prescribed that the key only be actuated during the first section, i.e. during the illumination of the green lamp, then the second section constitutes a safety interval, whereby there is prevented too slate depression of the key.

The key contained in the storage So first becomes active by actuating the switch B. Advantageously the actuation of the transmitter-end and receiver-end switches B and B* likewise occur in bit-synchronism, so that the key change is accomplished synchronously, i.e.

without disturbing the network data. The synchronous change can either be triggered by pressing a second key -- while using the same principle with the random counter I-, or is accomplished automatically following the reading-in of the new key in-to the storage So.

Based upon the time diagrams of Figure 3 there will now be more fully explained the mode of operation of the circuitry of Figure 2.

In line (a) of Figure 3 there has been shown a pseudo-random pulse sequence I, as the same is synchronously formed with the circuitry of Figure 4, -to be discussed more fully hereinafter, at the transmitter station and receiver station. The line (b) represents a time interval Try which is determined during upwards counting between 0 and Al in the counter ZZ according to Figure 2. The individual counting steps and thus also the renewed counting upon reaching Al during the counter state 0 occurs synchronously with the pulses of the sequence I. In line (c) there has been indicated the signal of the signal transmitter FL
for marking the partial section of the time interval Try and which is provided for the triggering of the switching operation, and in line (d) there has been indicated the lo signal of -the signal transmitter SO for marking the remain in partial section as a safety interval. In the line (e) there has been indicated the transmitter-end change-over or switching release signal is and in line (f) the receiver-end release signal f . us will be apparent e both of these signals can be delivered within the comparatively large time interval Try in accordance with a manual trigger-in at different time points, i.e. asynchronously.
Independently thereof there is accomplished inch case, at the end of the selected frame-time interval the actual switching-overof the key signal sequence by actuating the switch B (see Figure 2) with the control pulse g indicated in line (g), in other words simultaneously at both stations.

If desired, this change-over or switching operation also can be triggered by an external control signal, wherein likewise the asynchronous preelection at both stations constitutes a facilitation in system operation.

The block circuit diagram of such type apparatus has been shown in Figure 4. In addition to the devices of Figure 2 the circuitry of Figure 4 contains a second counter Z2, which at a certain point ion -time after -the occurrence of the random pulse s switches the electronic switch B, whereby the new key stored at the storage So becomes active.

It can happen that for some reason different intervals are selected at the transmitter S and receiver R. In such case at the transmitter-end and receiver-end of the system different keys are read into the storages So and So*, respectively, so that upon actuation of the switch B there is lost the synchronism of both key generators SO and SO*. Therefore, the ciphering devices are ad van-tageous.ly designed such that in such case there is accomplished an automatic renewed synchronization of the equipment with the old or prior key stored in the storage So and an alarm is triggered.

Particularly, during the transmission of greater quantities of data or information by means of the channel it is conceivable that the opponent can ~1~9~

determine the employed key by cryptological analysis.
Hence, he or she is then in a position to listen to the connection and also to produce an identical new key. The generation of a new key by the opponent can be prevented in that only part of the key stored in the storage So is effective during the enciphering of the data or information, i.e. during the generation of -the key signal Warsaw the remaining part of the key is exiles-lively employed for generating the new key u. The opponent does not have any possibility of determining by crypt-analytical techniques the remaining part of the key, and therefore is not capable of producing a new identical key, even if he has determined the initial part of the old key.

A further development of this solution resides in that for generating the new key by the operators there are inputted additional key numbers at an additional or auxiliary storage US, which becomes effective during such time as there is generated the new key u. These additional key numbers should not be agreed upon over the line. The new key therefore is not only determined by the old key and the point in time that the new key is produced, but also by the additional key.

~L3L~9~2~

A block circuit diagram suitable for carrying out the foregoing described operations has been shown in Figure 5. The affect of the additional key upon the genera-lion of -the new key u has been indicated by the auxiliary generator ZIG. The auxiliary generator ZIG forms the new code u from a number of pseudo-random signals removed from the key generator SO. The principle of formation of the new code is governed by the auxiliary key stored in the auxiliary storage or memory US.

lo A second possibility resides in influencing the auxiliary key at the point in time of actuation of the switch C. This can be realized, for instance in that the auxiliary key causes a certain time-delay of the control pulse s. This has been indicated in Figure 6 by the time-delay element V.

After having successfully accomplished the generation and activation of a new key it is possible to produce further new keys or codes by means of the described method, and the original key contained in the storage or memory So is extinguished or written-over and thus is lost. Both owe the ciphering devices therefore contain, following the second key change, in the storages Sleazily*
an S2/S2* the same, but unknown keys or codes. Now if - i-t is necessary to exchange one of the ciphering devices, for instance because of a defect, then in both devices there must be externally inputted a new key. The requirement of a new input of the key can be avoided in that, there is provided an additional reserve storage in which there can be stored an additional key which also is not changed upon multiple key change-over. Therefore, after exchanging a device it is possible to manually switch-over to the reserve key, and subsequently there also can be generated from the reserve key new keys or codes, which are then stored in the storages So or Sly

Claims (15)

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:
1. A method of generating identical secret keys for controlling the generation of a pseudo-random pulse sequence for the enciphering and deciphering of signal sequences at the end points of a transmission path from existing, identical keys, comprising the steps of:
forming a new key from a preceding key and from the point in time of a command for generating said new key.
2. The method as defined in claim 1, further including the steps of:
obtaining the new key by synchronously removing signals at both end points of the transmission path from synchronous pseudo-random signal sequences and reading-in the signals into a key storage.
3. The method as defined in claim 2, further including the steps of:
triggering the start of the removal of the new key by a signal transmitted over a transmission channel.
4. The method as defined in claim 2, further including the steps of:

deriving in timewise correlation to the transmitter-end and receiver-end key signal sequences synchronous pseudo-random control pulses from said key signal sequences and having a repetition frequency which is less than the repetition frequency of the key signal sequences;
undertaking the start of the removal of the new key only in coincidence with the control pulses; and determining the actual point in time by the selection of a signal sequence-interval which precedes the corresponding control pulse.
5. The method as defined in claim 2, further including the steps of:
utilizing at least a part of the existing key used for the generation of the new key exclusively for the generation of said new key.
6. The method as defined in claim 1, further including the steps of:
determining the formation of the new key by the use of an additional key; and inputting the additional key at both ends of the transmission path prior to the command to generate the new key.
7. The method as defined in claim 1, further including the steps of:

automatically and synchronously replacing the existing key with the newly generated key at both ends of the transmission path.
8. An apparatus for generating identical keys for the enciphering and deciphering of signal sequences at end points of a transmission path, comprising:
a key signal generator from which a pseudo-random signal can be removed;
gate means in circuit with said key signal generator for controlling the pseudo-random output;
a key storage operatively associated with said gate means;
said gate means transmitting the pseudo-random signal to said key storage; and means for opening said gate means starting at an externally determined point in time for a number of bits which at least correspond to the capacity of the key storage.
9. The apparatus as defined in claim 8, wherein:
said key signal generator has removed therefrom a number of pseudo-random signals;
logic circuit means for logically linking said signals with one another; and an auxiliary storage containing an auxiliary key which governs the logical linking of said signals at said logic circuit means.
10. The apparatus as defined in claim 9, wherein:
said logic circuit means contains storage means.
11. The apparatus as defined in claim 9, wherein:
said auxiliary key influences the point in time of release of the gate means.
12. The apparatus as defined in claim 8, further including:
means for manually triggering the activation of the newly generated key.
13. The apparatus as defined in claim 8, further including:
means for automatically and bit-synchronously accomplishing activation of the newly generated key following the generation of such key.
14. The apparatus as defined in claim 13, further including:
means for automatically accomplishing a new-synchronization of the key signal generators with the old key upon unsuccessful new-synchronization with the newly generated key and for tripping an alarm.
15. The apparatus as defined in claim 8, further including:
additional storage means for a reverse key whose content is not influenced by the automatic generation of new keys.
CA 361831 1979-11-03 1980-10-08 Method and apparatus for forming secret codes Expired CA1189925A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CH9861/79 1979-11-03
CH986179 1979-11-03

Publications (1)

Publication Number Publication Date
CA1189925A true CA1189925A (en) 1985-07-02

Family

ID=4356476

Family Applications (1)

Application Number Title Priority Date Filing Date
CA 361831 Expired CA1189925A (en) 1979-11-03 1980-10-08 Method and apparatus for forming secret codes

Country Status (3)

Country Link
EP (1) EP0028273B1 (en)
CA (1) CA1189925A (en)
DE (1) DE2966235D1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5261070A (en) * 1986-07-24 1993-11-09 Meiji Milk Product Co., Ltd. Method and apparatus for forming unique user identification data at remote terminal for secure transmission of data from host terminal

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3150254A1 (en) * 1981-04-13 1983-07-14 Siemens Ag Means for encrypted digital informationsuebertragung
JPS6120442A (en) * 1984-07-09 1986-01-29 Toshiba Corp Chargeable broadcasting system
FR2724514B1 (en) * 1994-09-08 1996-12-13 Sagem Key Management Method for scrambling and unscrambling of data transmission devices
CN1333987A (en) * 1998-11-12 2002-01-30 艾利森电话股份有限公司 System and method for secured transference of temporary mobile subscriber information

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA947661A (en) * 1970-08-24 1974-05-21 Ciba-Geigy Ag Apparatus for producing coding pulse sequences
GB1566442A (en) * 1977-07-29 1980-04-30 Marconi Co Ltd Data transmission systems

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5261070A (en) * 1986-07-24 1993-11-09 Meiji Milk Product Co., Ltd. Method and apparatus for forming unique user identification data at remote terminal for secure transmission of data from host terminal

Also Published As

Publication number Publication date Type
CA1189925A1 (en) grant
DE2966235D1 (en) 1983-11-03 grant
EP0028273B1 (en) 1983-09-28 grant
EP0028273A1 (en) 1981-05-13 application

Similar Documents

Publication Publication Date Title
Baran On Distributed Communications: IX.: Security, Secrecy, and Tamper-free Considerations
US4182933A (en) Secure communication system with remote key setting
US4809327A (en) Encrtption of messages employing unique control words and randomly chosen encryption keys
US4538174A (en) Two-way subscriber TV system with multiple subscriber's sets
US4115662A (en) One way data transmission system
US5081679A (en) Resynchronization of encryption systems upon handoff
US3798359A (en) Block cipher cryptographic system
US4079414A (en) Interrogated transponder system
US5179591A (en) Method for algorithm independent cryptographic key management
US4965827A (en) Authenticator
US4048619A (en) Secure two channel sca broadcasting system
US3997718A (en) Premium interactive communication system
US5602845A (en) Method of generating a random element as well as a method for traffic mixing, random element generator and system component therewith
US4924516A (en) Method and system for a synchronized pseudo-random privacy modem
US7200233B1 (en) System and method for fast data encryption/decryption using time slot numbering
US4930140A (en) Code division multiplex system using selectable length spreading code sequences
US5613195A (en) Burst output timing control system in satellite communication system
US4811394A (en) Variable starting state scrambling circuit
US4827514A (en) Method and apparatus to detect and recover a pseudo-random sequence
US5515439A (en) Exchange certificate for one way validation of information
US4145568A (en) Method and apparatus for ciphering and deciphering messages
US20030014637A1 (en) Time varying presentation of items based on a key hash
US4002842A (en) Time multiplex loop telecommunication system
US5651066A (en) Cipher key distribution system effectively preventing illegitimate use and charging of enciphered information
US3601702A (en) High speed data transmission system utilizing nonbinary correlative techniques

Legal Events

Date Code Title Description
MKEX Expiry