DE3325349A1 - Method and circuit arrangement for monitoring and restoring the synchronous running of data encoding devices - Google Patents

Abstract

To detect the various causes of transmission errors, the method according to the invention utilises the equal statistical distribution of the binary character combinations in encrypted texts and monitors the encrypted texts to be sent out and the encrypted texts received for their intra-structural composition or statistical distribution of the binary character sequences. <IMAGE>

Description

Method and circuit arrangement for monitoring and re-

production of synchronous operation of data encryption devices The procedure is used to monitor and restore the synchronization of encryption facilities in remote data transmission systems. The data encryption devices used in such systems contain facilities for synchronizing the devices prior to the actual transmission of messages. There are also facilities to maintain the synchronization of the devices during the message transmission provided. However, every link in the chain is one Message transmission exposed to environmental disturbances. The spectrum of operational disruptions ranges from a brief mains voltage interruption to electromagnetic ones Influences, and the probability or frequency of malfunctions grows with the number of links in the remote data transmission chain.

Previously known solutions In data transmission devices (modems) it is common to to monitor the received signal level and to use an agreed interface to notify connected devices via a message signal that the received signal level has fallen below a limit value and no demodulation of the received signal more is possible.

Example: CCITT recommendation V.24 line 109 received signal level. Of the On-state of this line indicates that the received signal is within the agreed upon Limits. The off state of this line indicates that the received signal is not within the agreed limits.

Another message from data transmission devices says something about the reception quality.

Example. CCITT V.24 line 110 reception quality. The off state of this Line indicates that the received data is likely to have errors contain.

These two message lines, if available, can be connected to the data encryption device can be supplied and evaluated via the V.24 interface.

Disadvantage: These messages only cover a part of the possible malfunctions. In addition, the data encryption device cannot assume that every data transmission device carries out this monitoring and transfers it via a standardized interface.

Another known solution in data encryption devices is that at the sending end Insertion of test characters or test words in the crypto text to be transmitted and the receiving-side monitoring of the received text for the agreed test characters.

The disadvantages of this solution are: 1. During the transfer No information station can be transmitted from test marks.

2. The test characters and the time of transmission must be between Sender and recipient are agreed. This way, the code transparency on the Transmission path between the data encryption devices lost.

3. The test characters can be faked by the crypto text and it Measures must be taken that reduce the likelihood of pretending consider.

The invention is based on the object for data encryption devices to create an independent, safe and simple monitoring facility that Detects operational disruptions and restores every conceivable operational disruption of synchronous operation.

The solution to the problem is described in claim 1.

The subclaims indicate advantageous developments.

The invention solves the task of monitoring and recovery of synchronous operation independently of the monitoring devices in the others the devices involved in data transmission in a very simple, economical way and avoids the disadvantages of the above mentioned transfer of check marks during of messaging.

In the following the invention is exemplified with the help of figures explained in more detail.

Fig. 1 shows the principle block diagram of an encrypted, tenx data transmission.

The following means: DTE data terminal DQ data source DS Data sink DSG data encryption device DUE data transmission device STR transmission path K / G plain text / ciphertext converter sync synchronization device D1 transmit data D2 Receive data üD1 Monitoring of the send data D2 Monitoring of the receive data Fig. 2 shows the block diagram of a data encryption system with monitoring.

Fig. 3 shows the circuit arrangement of a monitoring circuit of the Option A).

Fig. 4 shows the circuit arrangement of a monitoring circuit of the Variant b).

Fig. 5 shows the circuit arrangement of a monitoring circuit of the Variant c).

6 shows the symbolic representation of the autocorrelation function (AKF).

According to Fig. 1, from a data station 1 via a transmission link STR transfer data to a data station 2 and vice versa. The data transmission system can be operated half duplex or duplex. The transmission path can be a Wire connection, a radio link, a switching system or a global communication system be.

. So there are a number of other Think of system components that pass on the data. One can continue Think of a multitude of possible malfunctions faced by such a system exposed is. Many of the possible disturbances are only temporary, such as atmospheric Conditional disturbances, local mains voltage interruptions, electrical or electromagnetic Glitches etc. and act as temporary interruptions in the flow of data the end.

Such disturbances that affect the transmitted cryptotext the data encryption device must recognize and automatically after the disturbance has subsided restore synchronism between the key devices.

The method according to the invention makes the statistical uniform distribution uses the binary character combination in crypto texts and monitors the ones to be sent as well as the received crypto texts for their internal structural composition or statistical distribution of binary strings. There are three alternative monitoring methods applied: a) Monitoring for continuous signals in the data sequence.

b) The monitoring of the equal distribution of '> 0 "and" 1 "in the Data sequence.

c) The monitoring of the data sequence by autocorrelation analysis according to defined limit values.

to a) In a cryptotext sequence to be monitored with statistically good Properties, certain data words of length n bits occur with a probability pev 0.5. 2 n 2-n on. One can choose n as a limit value so large that with undisturbed Operating conditions the probability that a defined watchword occurs with n bits is very very small. You can also use the watchdog choose so that its appearance is typical of certain error symptoms, such as an open circuit or power failure.

to b) In a crypto text sequence with statistically good properties the sum of the "ones" is equal to the sum in each sample from the data sequence the "zeros" when you consider the mathematically definable tolerance on the length depends on the sample and the properties of the crypto generator.

The permissible deviation from the uniform distribution is therefore a limit value to specify. If this limit value is exceeded, one speaks of a "skewness" in one episode. If a "skew" is found in a crypto-text sequence, it indicates this always indicates an error and is therefore used as a criterion for the monitoring variant b) used.

to c) The autocorrelation function AKF is defined: The following applies to the evaluation of the autocorrelation function AKF: AKF = 1.0: periodic sequence f1 (t) AKF = O for all * 0: ideal random sequence with statistical equal distribution AKF fi 0: sub-periods of the sequence f1 (t) AKF = 1 and AKF = 0.5 ... 1.0: are therefore rated as errors when monitoring crypto texts.

According to Fig. 2, there are two monitoring circuits in each data encryption device Ü Dl and üD2 used. With üD1, the crypto data to be transmitted are sent on the transmission side D1 monitors.

If the monitoring circuit ÜDl finds the expected error structure, which in this case can only have been caused by the local data station, the further transmission of data is blocked and an alarm message is issued.

With ÜD2, the received crypto data D2 is monitored on the receiving side. If the monitoring circuit Ü D2 finds the expected error structure, then the Cause of the error both in the local station and in the transmission path, as well as in the remote transmitting data station.

A recognized faulty structure in the received crypto data leads to an error message in Ü D2 and this is used as a standardization signal for the relevant Data encryption device is used, i.e. a basic position for the encryption device is used established and a resynchronization between the workstations initiated.

3 shows an exemplary monitoring circuit of the variant a), which can be used as ÜD1 and / or ÜD2. A binary counter with a Limit address 2 is set by a transmission clock Tü for each cryptotext bit to be transmitted counted up by one digit until a reset pulse is received at the reset input of the counter and resets the counter to zero.

The reset pulse is made up of the polarity changes "0" / "1" to monitored crypto data. To do this, the data is sent once directly to the input 1 of an exclusive-OR circuit, on the other hand delayed by the time = R.C. to input 2. A reset pulse is then always sent to output 3 of the EX-OR gate of width T when the data signal has its polarity "O" - "1" or "1" -. "0" changes. Because the EX-OR gate corresponds to the following truth table: e1 e2 a O o O = O 1 0 1 = 0 O 1 = 1 1 O 0 = 1 An error message f appears always output when the counter merges the set limit address when No reset pulse derived from crypto data changes for 2n transmission cycles could be. This means that crypto data values with n. "O" and n. "1" as faulty recognized. This error pattern is, for example, symptomatic of voltage interruptions, Line breaks, squelch, etc.

4 shows an exemplary monitoring circuit of the variant b), which can be used as üD1 and / or ÜD2. The crypto data to be monitored control an up-down counter ZR in such a way that a "1" also controls the counter the clock T1 can count up, an "O" can count down on the other hand. Are defined if an average counter value is used as the output address, limit values can also be set Set p for an excess of "ones" and q for an excess of "zeros". A sample counter SZ with the limit address 2n defines the scope of the sample fixed. After 2 bits of a sample from the crypto data sequence, the error detection logic is activated inquires whether the measured "skewness" lies within the limit values p and q. then the counter ZR is reset to the initial value after a delay T. and a new sample is measured.

With the monitoring variant b) all "crooked" error structures are eliminated recognized.

5 shows an exemplary monitoring circuit of the variant c), which can be used as ÜDl and / or ÜD2.

The crypto data to be monitored is sent bit by bit with the clock T1 at the same time in the memory stage S1 and the memory location 1 of a delay register Registered at VR.

After the writing, the changeover switch u is switched so that a ring shift register from the delay register VR will. With the clock T2 from the clock multiplier TV = n. l1 is now the ring gatekeeper pushed n times. There are already Contain the last n bits from the history of the crypto text, consecutively in the order of their temporal occurrence. The modulo-2 adder M compares now the current crypto data bit in S1 with the n previous crypto data bits from the shift register according to the rule: 00 = O 11 = 0 O t 1 = 1 1 0 = 1 This is how a series of n binary additions according to the relationship f1 (t1) p f1 (t1-n.t2).

The result of this addition is in a counting register Zp, which is organized as an up-down counter with a connected result memory SR, summed up.

The following applies: m = 0 counting down with T2 m = 1 counting up with T2.

With m = 0 the number of matches becomes, with m = 1 it becomes the Number of non-conformities counted. The storage registers SR with n storage locations for each of the y-counter digits are used to store the measurement results for each the n-shifts of the delay register VR.

Define a mean output address of the counter ZR as the Autocorrelation value AKF = O, one can have a positive limit value p and a Define negative limit value q for the AKF. If one of these limit values is exceeded, there is an error in the monitored data sequence.

A delay element T in the error detection logic takes care of the Start of operations to ensure that a minimum of Evaluated measured values must be before an error detection is possible. With this monitoring variant c) periodic error structures are also recognized in the cryptotext sequences.

- blank page -

Claims (7)

Claims Öi method for monitoring and synchronization of data encryption devices, with data from a first station to a second station and vice versa and the stations by a agreed single-phase procedure are synchronized with each other, characterized by the following process steps: a) that the crypto data to be transmitted is on the transmitting side (Di) by a first monitoring circuit (and1) for their internal structural composition controlled that deviations from the expected structure are used as criteria can be used to block any further transmission of crypto data and to generate an alarm to cause b) that the received crypto data i (D2) by a second monitoring circuit (ÜD2) for their structural composition are controlled and that deviations from this expected structure are used as criteria can be used to set the receiving data station in a basic position and a resynchronization between the sending and receiving data stations to cause. 2. The method according to claim 1, characterized in that both monitoring circuits (and) Recognize and display or display continuous signal sequences above the limit value of n characters. Report. 3. The method according to claim 1, characterized in that both monitoring circuits (UD) check the equal distribution of "O" and "1" within defined limit values and report if they are exceeded. 4. The method according to claim 1, characterized in that both monitoring circuits (and) form the autocorrelation function (ACF) and control an ACF limit value, if this is exceeded, a message is issued. 5. Arrangement for performing the method according to claim 1, characterized characterized in that the monitoring circuits with an "exclusive OR gate" and a counter are built that at the first input of the "exclusive OR gate" directly the crypto data to be monitored is created so that at the second input of the "exclusive OR gate" the delayed by the delay Tü crypto data is applied that the output of the "exclusive OR gate" is connected to the reset input of the counter that on Clock input of the counter is connected to the transfer clock TU and that the counter has a limit address 2, upon reaching which an error message f can be emitted is (Figure 3). 6. Arrangement for performing the method according to claim 1, characterized characterized in that the monitoring circuits (ÜD) with an up-down counter (ZR), one Sample counter (SZ) and an error detection logic is set up that the crypto data to be monitored at the input of the up-down counter are applied that the transmission clock (T1) at the clock input of the up-down counter and at the input of the sample counter (SZ) it is applied that the limit address 2n of the sample counter on the one hand via a delay element (T) with the reset input of the up-down counter and on the other hand to the first input of a first AND gate (U1) is connected that the last two addresses of the up-down counter (ZR) viewed in a positive way with the two inputs of a second AND gate and viewed in negative counting via an inverting element with the two The inputs of a third AND gate are connected to the outputs of the second and third AND gate (U2, U3) connected to the inputs of an OR gate are that the output of the OR gate with the second input of the first AND gate (U1) is connected and that the error message (f) at the output of the first AND gate can be delivered (Figure 4). 7. Arrangement for performing the method according to claim 1, characterized characterized in that the monitoring circuits ÜD with a shift register (VR), Modulo-2 adder (M), an up-down counter (ZR) with storage registers (SR) and an error detection logic is set up that the crypto data to be monitored on the one hand a storage stage (S1) and on the other hand a shift register (VR) are fed that the shift register (VR) through a switch (u) to a Rftng the most shiftable switchable is that the output of the shift register (VR) and the output of the storage stage (S1) each with an input of a modulo-2 adder that the output of the modulo-2 adder is connected to the input of the up-down counter (place) connected is that the transmission clock (T1) on the one hand with a clock multiplier (TV), at whose output the clock T2 = n. T1 is present, and on the other hand connected to the clock input of the storage stage (S1) that the output the clock multiplier (TV) with the clock inputs of the up-down counter (ZR), the storage register (SR), as well as the shift register (VR) are connected that the Address outputs of the up-down counter (ZR) each with the inputs of the Storage register (SR) and the outputs of the storage register (SR) each with the Inputs of the addresses of the up-down counter (ZR) are connected that the the last two addresses of the up-down counter (ZR) on the one hand in positive Considered counting with the two inputs of a first AND gate and on the other hand viewed in negative counting via an inverting element with the two Inputs of a second AND gate are connected to the outputs of the first and the second AND gate are each connected to the inputs of an OR gate, that the output of the OR gate with an input of a third AND gate and the other input of the third AND gate is connected to a delay element and that the error message f can be output at the output of the third AND gate (Figure 5).