EP0259487A1 - Procede et appareil pour repartir et proteger des codes a cles de chiffrement - Google Patents

Procede et appareil pour repartir et proteger des codes a cles de chiffrement

Info

Publication number
EP0259487A1
EP0259487A1 EP19870902878 EP87902878A EP0259487A1 EP 0259487 A1 EP0259487 A1 EP 0259487A1 EP 19870902878 EP19870902878 EP 19870902878 EP 87902878 A EP87902878 A EP 87902878A EP 0259487 A1 EP0259487 A1 EP 0259487A1
Authority
EP
European Patent Office
Prior art keywords
unit
key
master key
code
key code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP19870902878
Other languages
German (de)
English (en)
Inventor
Jeffrey A. Weiss
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP0259487A1 publication Critical patent/EP0259487A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Definitions

  • This invention relates to methods and apparatus for distributing encryption key codes from a central data site to remote access units and for enhancing the security of key codes stored in remote access units.
  • a distributed processing system poses a problem for data integrity and security because sensitive data must be transmitted between t ⁇ e separate data processing machines over transmission facilities, such as telephone lines, which are far from secure.
  • a centralized data processing facility may have the capab i lity of being accessed from many
  • a decoding or decrypting algorithm is used which may be the same or different from the encoding algorithm.
  • master and session keys are used.
  • a master key code is distributed from the central site and is used only to authenticate the user and to encrypt additional encryption keys.
  • the central Fite After the user is authenticated, the central Fite then sends an encrypted session key over the insecure data line to the remote site.
  • the session key is used to encrypt the actual data only for that session and is then discarded. Therefore, even if illicit access is gained to the session key, it can only be used for one session.
  • the master and session key arrangement reduces the probability of illicit access to the master key since the master key is used only briefly, but distribution of master keys remains a problem.
  • One typical method of distributing keys is to generate the master keys at the central site and distribute them ,to the remote sites in plain text by trusted
  • This method is slow, costly and subject to compromise if one or more of the trusted couriers should not have been trusted. In addition, this method is subject to error because the user must enter the key code information into his apparatus and may incorrectly enter the information with the result that he is improperly denied access.
  • a key-loader is an electronic circuit which is programmed with the key information at the central site and then carried by a trusted courier to the remote locations. At each remote location, the key-loader is connected to the remote unit. The key-loader checks an internal identification code in the unit and then automatically loads the correct key information into the unit. While obviating user errors, the key-loader scheme suffers from the remaining problems of manual key distribution in that the courier may inadvertently or intentionally disclose the information or the key-loader may be stolen, the information extracted and then the key-loader returned so that the code theft is not detected.
  • Several prior art systems rely on mechanical steps to make it difficult to gain internal access to the key-loader to extract the key information from a key-loader without causing obvious.
  • Another prior art approach for securing key information in a key-loader is to encrypt the keys by using another password as an encryption key prior to their insertion into the key-loader.
  • the password may be known to the courier who carries the key-loader from site to site, or transported independently to the remote site. Obviously, with such a system, if the password can be intercepted or otherwise obtained prior to, following, or during its entry into the remote unit, then any keys copied from the key-loader can also be decrypted.
  • It is another object of the invention is to provide a remote riiit or key-loader device which cannot be loaded with a known key code even in the
  • a secure data line is used to apply a source number, which may be a random number or a number chosen by the user, from the central site unit to the remote site unit.
  • Both units generate a master key code by passing the source number through circuitry which performs a non-invertible transformation on the source number.
  • a non-invertible transformation is an encoding technique which produces an output number from which the input number cannot be determined even if both the output number and the non-invertible transform algorithm are known.
  • the source number is then destroyed or deleted from both units.
  • the key code can only be loaded into the remote unit through the transform circuitry, the thief will not be able to regenerate the master key code in a duplicate reroute unit without also destroying that unit.
  • the key code thus loaded into the remote unit is used as a master key to authenticate the unit and to load other encryption keys into the unit, however.
  • Figure 1 is a block schematic diagram of a portion of the central site apparatus used for generating key code information and encrypting and decrypting messages.
  • Figure 2 is a block schematic diagram of a portion of the remote data unit used for receiving and storing key code information and encrypting and decrypting messages.
  • Figure 3 is a block schematic diagram of a conventional D.E.S. encryption circuit used as a circuit for performing non-invertible transforms.
  • Figure 4 is a block schematic diagram of a portion of key-loader apparatus which may be used to manually deliver key codes to remote sites.
  • typical central site apparatus 110 includes data encoding/decoding unit 104, key code generating and storage units 113, 117 and 119, control unit 120 and modem 106.
  • Data encoding circuitry 104 may comprise any of a variety of well-known encoding/decoding circuits which use key codes to encrypt or decrypt data. ith such systems, plain text data generated by a host
  • Data encryption/decryption module 104 can embody one of any number of well-known techniques of data encryption.
  • the most popular method of encryption presently used in the United States is the known as the "data encryption standard" or D.E.S.
  • the theory of operation and practical circuits using this encryption method are well-known and discussed in detail in Federal Information Processing Standard (FIPS) Publication No. 46 and U.S. Patent 3,958,081.
  • the basic algorithm set forth in the foregoing D.E.S. publications uses a digital key code consisting of 56 binary bits, and performs a non-linear decoding or encoding of plain text data in blocks of 64 bits to produce cipher text.
  • data encryption module 104 may be a D.E.S. encryption/decryption circuit and may be implemented by a special purpose hardware circuit or may be implemented by means of a suitably-programmed microprocessor.
  • non-volatile storage unit 119 Since unit 110 is a central site unit, many key codes may be stored in storage unit 119. Accordingly, storage unit 119 may
  • control unit 120 authenticates a remote site, it provides address signals over bus 111 to storage unit 119 to cause it
  • encryption/decryption module 104 generates cipher text and applies it to bus 105.
  • Bus 105 applies the cipher text data to modem 106.
  • Control unit 120 controls authentication, key loading and encryption/decryption operations in
  • Modem 106 serves as a modulator to transform digital cipher text data into signals which can be transmitted over va-ious types of data transmission media such as dial telephone lines, dedicated data
  • modem 106 are well-known to individuals skilled, in the communication.arts and form no part of the present invention. Accordingly, neither c ⁇ ircuit will be discussed in detail hereinafter.
  • cipher text generated by the remote sites and sent to central site unit 110 arrives over data lines 107 and is demodulated by modem 106 to produce digital cipher data on line 105.
  • the digital cipher data is provided to encryption/decryption circuit 104 which then generates plain text that is provided to the host computer system via link 102.
  • the key distribution and management portion of central site 110 comprises a source number generator 113, a non-invertible transform module 117 and an encryption and key control unit 120. These pieces of apparatus function as described in detail to generate and distribute keys in a secure manner in accordance with the invention.
  • remote site unit 200 comprises encrypt ng/decrypting unit 241, key handling units 232 and 246, control unit 248 and modem 238.
  • Data lines 207 which may be secure or unsecure, connect modem 238 to the central site and transmit or receive the cipher text carried thereon to modem 238.
  • modem 238 receives digital cipher data on lines 270 and converts the data into signals for transmission on
  • Data output 270 of modem 238 applies digital cipher text data to data encryption/decryption circuit 241.
  • data encryption/decryption circuit 241 As with the encryption/decryption circuit 104 of the central site unit,
  • encryption/decryption circuit 241 receives one or more encoding/decoding keys from non-volatile storage unit 246 via bus 272. Since the remote site unit need only store the code keys pertaining to itself, storage unit 246 may comprise an
  • EEPROM electrically erasable programmable read-only memory
  • the decryption portion of encryption/decryption circuit 241 decrypts the cipher text data in accordance with its internal decryption algorithm and the key codf to regenerate the plain text data transmitted from 25 the central site unit 110 ( Figure 1).
  • Circuit 241 applies the plain text data to secure lines 243 fur transmission to the local user.
  • Outgoing plain text data presented to the unit on lines 243 by the local user is, in turn, encrypted by the encryption portion of circuit 241 and sent as cipher text, via lines 270, to modem 238 for transmission over lines 207.
  • the key management section of remote unit 200 comprises non-invertible transformation module 232 and control unit 248 which operate in conjunction with their counterparts in the central site to generate and manage the key code information.
  • the inventive system uses a combination of master and session keys to provide increased security during operation.
  • the first step in the initialization of the system or in the addition of new remote units to the system is the generation and distribution of master key code information for each remote unit which is added to the system.
  • the unit is connected by means of data links 215 and 115 to the central site.
  • Data links 115 and 215 must be secure and not subject to line taps.
  • the remote unit will be brouyht to the physical location of the central site for master key generation (alternatively, a secure key-loader, discussed below, may be employed). Although bringing the remote unit to the central location may
  • the master key data is more secure than with prior art arrangements and thus, it is presumed that the master key generation routine will not have to be repeated often.
  • a central site security officer instructs control unit 120, via secure communications path 112, to generate and store a master key.
  • control unit 120 instructs source number generator 113, by means of control bus 109, to generate a 56-bit digital number.
  • Source number generator 113 may be any secure source of 56-bit digital numbers such as a protected memory. The number is latched in the output registers of generator 113. However, it is desirable that the source number not be stored after it is used in the generation process to increase the difficulty of re-generating the master key code.
  • source number generator 113 may comprise a random number generator which will provide source numbers which are sufficiently random such that even the knowledge of one or more prior numbers will not enable an observer to predict, with any significant probability, the values of subsequently generated numbers.
  • the 56-bit number may have additional bits added for error-checking purposes.
  • the source number has eight appended parity checking bits for error detection purposes.
  • the random source number is transmitted as plain text to non-invertible transform circuit 117 in the central site and, via secure data buses 115 and 215, to non-invertible transform circuit 232 in remote unit 200.
  • Transform circuits 117 and 232 mathematically process the source number to produce a 56-bit master key digital code number.
  • the particular mathematical process chosen is known as a non-invertible transform.
  • a non-invertible transformation is a mathematical manipulation which accepts an input number and produces an output number from which the input number cannot be determined even if both the output number and the non-invertible transform algorithm are known. Circuitry which performs such transformations may be embodied by any one of several conventional circuits. In the preferred embodiment of the invention, the non-invertible transformation is conveniently performed by using a
  • the 56-bit source number 305 is applied to the D.E.S. encryption module 301, via bus 306, as the encryption key.
  • a 64-bit predetermined constant number 304 is applied, via bus 303, to the data input and the least significant 56 bits of the resulting 64-bit output 302 are retained as the master code key number.
  • the algorithm has the property that given the input data (in this case the predetermined constant number) and the resulting output (in this case the master key code), the encryption key (the source number) can only be found by an exhaustive search of all possible encryption key numbers - a task which is beyond the capability of present computers.
  • both transform circuits 117 and 232 are identical and use the same predetermined constant as a data input.
  • the constant is applied over line 150 to transform module 117.
  • the same constant is applied to transform module 232 over line 252 in remote unit
  • control unit 120 instructs storage unit 119, via - control bus 111, to accept and store the master key code.
  • Control unit 120 may be any of a number of well-known circuits, such as a microprocessor.
  • the master key code is thereupon stored in storage means 119 as the master encryption key which is applied to encryption module 104 to control the data encryption/decryption algorithms as previously described.
  • Control unit 120 may also store a suitable identification number in storage unit 119 which identification number is associated with the master key code so that the proper key code can be used when a remote unit identifies itself upon requesting access to the system.
  • the source number is applied via lines 215 to transformation module 232 of remote unit 200.
  • the output of transform circuit 232 on lines 280 is applied to non-volatile storage circuit 246.
  • control unit 248 instructs non- volatile storage unit 246, via control bus 250, to store master key information on lines
  • control unit 120 After loading of the master key information, control unit 120 commands source code number generator 113 to destroy the source number by clearing its output register. Consequently, the source number, in recognizable form, is not resident in either the central unit 110 or the remote unit 200 after the loading of the master key information. After the master key code information has been entered the data links connecting the central unit and the remote unit are disconnected and the remote unit is returned to its operating location.
  • non-invertible transform unit 232 and storage unit 246 in remote unit 200 are packaged so that the non-invertible transform module 232 cannot be circumvented and the master key code loaded directly into non-volatile memory 246.
  • storage unit 246 may illustratively be a battery-backed CMOS random access memory and the entire key management portion of remote unit 200 may be fully encapsulated in epoxy.
  • One or more safety mechanisms can be encapsulated with the circuits so that if the unit is chemically or mechanically opened the power
  • CMOS random access memory supplied to the CMOS random access memory by the battery circuits will be disconnected and all keys will be lost.
  • a single integrated circuit chip containing both the transform circuit 232 and the storage unit 246 can be used.
  • the remote unit During operation of the remote unit additional safeguards are used to ensure security of the system. For example, access to the remote unit may be restricted to a user having a valid password.
  • the password could be stored in the storage unit 246 in the unit along with the key code information and may be changed at will by a user possessing the password.
  • a password so stored would be vulnerable to disclosure were a thief able to gain access to the storage unit as previously described.
  • the password is not explicitly stored in storage unit 246. Instead, a predetermined fixed value is encrypted by means of an additional D.E.S. encryption circuit utilizing the password as the key code and the encrypted value is stored in the unit's memory.
  • the master key information can also be encrypted by using a D.E.S. encoding module with the user's password as the key code .
  • the transfer of information between the remote unit and the central site over links 107 and 207 may be accomplished by the use of the multiple key codes.
  • multi-level key hierarchies are well-known in the art. Illustrative systems are disclosed in U.S. Patent nos. 4,238,853 and 4,386,234.
  • the first key code is the master key code which, as previously discussed, is loaded at the central site. This code is used at the start of each data session for authentication of the remote unit as
  • the second key is a primary encryption key which is used to encrypt each session key and another primary key to transfer these keys from the central site to the remote location. Each primary encryption key is used once then destroyed.
  • the final key used in the transfer is a session key. This key is used to encrypt and decrypt data which passes between the central site and the remote unit.
  • the session key is used for one data s-ession and is then destroyed.
  • a user at the remote unit To initiate communications with a central site, a user at the remote unit must manually supply a valid password to the unit. After the password is supplied, the remainder of the initialization sequence is performed automatically by the remote unit circuitry without user control. More specifically, after receiving the user password, the unit uses it to decrypt the primary encryption key, master key and the predetermined constant whic ", as discussed above have already been stored in the unit's internal memory. If the value obtained by decrypting the stored predetermined constant matches a predetermined value stored in the unit, the password is declared valid and the remote
  • an authentication routine is initiated. Specifically, the central site unit transmits in plain text a message identifying itself and requesting the remote unit's identification number corresponding to that central site. The remote unit then uses the central site's identification number to look up its corresponding equipment identification number and encryption keys which are to be used for communications with that central site. The remote unit then returns its identification number to the central site in plain text. Upon receiving the remote identification number, the central site uses it to look up the corresponding access limitations (if any) and the corresponding master key code in non-volatile storage unit 119. If the remote unit is currently authorized to access the site, the central site generates a random number using generator 113 and encrypts the number using the remote unit's master key code as the key. The resulting encrypted c_.pher text is then returned to the remote unit. The remote unit decodes the cipher text by using its internally-stored copy of its master key Cv.de to obtain the random number, increments the number.
  • 5 equipment decrypts the returning cipher text and compares it to the original random number sent to the remote unit. If the returning text corresponds to the incremented random number, the remote unit is considered as authenticated.
  • the central site next transfers a session key and a new primary encryption key to the remote site. More specifically, the central site searches in memory 119 for the active primary encryption key code for that remote When the primary key is
  • a session key for use in the current session and a new primary key for use in re-establishing communications during the next data session are generated in unit 113, saved in unit 119, encrypted using the current active primary
  • the current primary key is erased from central site memory 119.
  • the primary key is used only once as a "transport vehicle" for the session and for the new
  • key loaders are electronic devices which can be loaded with master key information at a central site and carried to various remote sites where, in response to an identification code generated by a remote unit, the key loader unit -can electronically transfer appropriate key code information to the unit.
  • the invertible transform arrangement of the instant invention can be used with the latter type of key loader to increase security by preventing the key information from being reloaded into an undamaged unit.
  • the key loader and the central site are equipped with non-invertible transform circuits in a manner similar to the remote unit discussed in detail above.
  • a typical key loader apparatus 400 conrcructed in accordance with the present invention includes, along with other circuitry (not shown), data encoding unit 404, non-volatile storage unit 403, non-invertible transformation unit 402, and control unit 401.
  • Control unit 401 may be comprised of any well-known sequencing circuitry such as hard-wired logic or a microprocesso .
  • Non-invertible transformation module 402 is identical in construction and function to non-invertible transform units 117 and 232 shown in Figures 1 and 2, respectively, and discussed above.
  • Non-volatile storage unit 403 is identical in construction and function to storage unit 246 shown in Figure 2.
  • encryption/decryption circuit 404 is identical in construction and function to units 104 and 241 ( Figures 1 and.2, respectively).
  • Non-invertible transformation module 402 is identical in construction and function to non-invertible transform units 117 and 232 shown in Figures 1 and 2, respectively, and discussed above.
  • Non-volatile storage unit 403 is identical in construction and function to storage unit 246 shown in Figure 2.
  • encryption/decryption circuit 404 is identical in construction and function to units 104 and 241 ( Figures 1 and.2, respectively).
  • encryption/decryption circuit 404 may be constructed from discrete logic circuitry or integrated circuit chips, or may be implemented as software programs which execute in the control unit 401.
  • non-invertible transformation unit 402, encryption/decryption unit 404 and storage unit 403 are physically packaged together such that key codes cannot be loaded directly into non-volatile memory
  • unit 400 may be fully encapsulated in epoxy plastic along with special circuits that can detect penetration into the epoxy and, in the event of such penetration, destroy or erase key information stored in storage unit 403.
  • the storage, transform and encryption functions may be constructed on a single-chip integrated circuit.
  • Key loader unit 400 is initialized by bringing it to a secure central site such as that shown in Figure 1. During such initialization, source code generator 113 at the central site generates two random numbers. One random number is used to generate the key code for each remote unit and must be generated separately for each unit.
  • the other random number (as will be described in detail below) is used to authenticate the key loader and may be the same (or different) for each remote unit which is to be loaded from the key loader apparatus.
  • One of these random numbers (designated as random number 1) is passed through non-invertible transformation module 117 once, and stored in cen_tral site non-volatile memory 119 along with a code identifying the remote unit associated with the number.
  • This first transformed random number i j used durinj an -31-
  • the remaining random number (designated as random number 2) is passed through non-invertible transform circuit 117 and then the transformed result is again passed through non-invertible transform circuit 117 via link 151.
  • the result of two passes through the non-invertible transform circuit is subsequently stored in storage unit 119 as the master key for the corresponding remote unit.
  • Both of the random source numbers generated by the central site are also provided to key loader 400 via secure data links 115 and 408.
  • the number pair are sequentially passed, via link 405, to non-invertible transform module 402.
  • the transformed results are passed, via link 409, to non-volatile storage unit 403, where both transformed numbers are stored under the control of control unit 401 by means of control bus 406.
  • an identification number uniquely identifying the remote unit to the central site is stored in unit 403 with the transformed number pair.
  • the random numbers used in the initialization are then destroyed or erased from both the key loader circuitry and the central site. The above process is repeated for each remote unit to which
  • the key loader is physically carried to the remote unit, where a secure connection is established between the remote unit and the key loader via links 408 and 215.
  • the key loader control unit 401 then forwards a request to the remote unit control circuit 248 for *an identification number for that remote site.
  • the identification number is supplied by remote site control unit 248 to key loader controller 401, which thereupon checks storage unit 403 for the identification number to locate the corresponding stored number pair.
  • the value stored in storage unit 403 corresponding to the transformed value of random source number 2 is forwarded to the remote unit as the new master code encryption/decryption key. More particularly, transformed random number 2 is read from memory 403 and transferred to control unit 401 via link 410.
  • the transformed number is transferred via links 408 and 215 to the remote unit where it is then passed through non-invertible transformation module 232 and the twice-transformed result is stored as the master key code in non-volatile storage unit 246.
  • the stored number is now identical to the
  • the stored master key code is used as previously described to authenticate the unit.
  • the extracted key information cannot be reloaded into the same key-loader unit, or a similar undamaged unit, because upon loading, the key information is passed through the non-invertible transform unit in the key-loader, and thus the result will not be the master key code information stored in the central site, but instead a transform of the master key code information.
  • a modified authentication procedure may be performed to insure that the key information stored in the remote unit, was transferred to the remote unit from the key loader that the central site originally loaded, and not from a duplicate key
  • the remote unit generates a random, or pseudo-random number, in control unit 248, stores the number in storage unit 246 and also passes the number to the key loader module over links 215 and 408.
  • the key loader module control unit 401 forwards the number received from the remote unit to its internal encryption/decryption circuit 404, via link 407.
  • the number received from the remote unit is encrypted by circuit 404 using, as a key code, the transformed result of original random number 1 retrieved from non-volatile storage unit 403.
  • the encrypted result is returned to the remote unit 200 and stored in non-volatile storage unit 246.
  • remote unit 200 is attached to central site unit 110, via insecure links 107 and 207, and an authentication procedure is performed, in addition to - ⁇ _he information transferred between the central site and the remote unit as described above, the random number generated by the remote unit and the result of the encryption of the random number by th".
  • key loader unit both of which are
  • the random number received from the remote unit is encrypted using the random source number 1 stored in the central site memory during the key loader initialization procedure (described in detail above).
  • the result of this latter encryption is compared to the encrypted result received from the remote unit. A match indicates that the key loader used to load key information into the remote unit was the original key loader.
  • the remote unit generates a random, or pseudo-random number, in control unit 248, stores the number in storage unit 246 and also passes the number to the key loader module over links 215 and 408.
  • The.key loader module control unit 401 forwards the rt ber received from the remote unit to its internal encryption/decryption circuit 404, via link 407.
  • the encrypted result is returned to the remote unit 200 and stored in -non-volatile storage unit 246.
  • the 0 random number generated by the remote unit and the result of the encryption of the random number by the key loader unit are passed to the central site unit.
  • the random number received from the 5 remote unit is encrypted using a copy of the authentication number stored in the central site memory during the key loader initialization procedure.
  • the result of this latter encryption is compared to the encrypted result received from the ° remote unit. A match indicates that the key loader used to load key information into the remote unit was the original key loader.
  • a procedure may be followed in which the first time a remote unit is loaded with master key information, it must be physically transported to the central site to have the master key loaded as previously described. If, in the future, the master key information stored in the remote unit is changed by means of a key loader, in addition to transforming the master key information obtained from the key loader as set forth above, the remote unit logically combines (by means of an exclusive-OR function) the transformed information transferred from the key loader with the master key information currently stored in the
  • the random source number which is to- be used to generate the new master key information is passed through non-invertible transformation module 117 twice as previously described.
  • the twice-transformed result is exclusive OR-ed with the presently-active master key information for the remote unit and the result of the logical combination is stored in unit 119 as the new master key information (the circuitry to perform the exclusive-OR operation may be part of the memory control circuitry in unit 119).
  • the source number is also transferred to the key loader unit where it is transformed and stored.
  • the master key information when the master key information is loaded into the remote unit memory from the key-loader, it is transformed again to generate the master key information to be stored. In accordance with the additional protection procedure, the twice-transformed result is also exclusive-ORed with the active master key and is stored as the new master key in storage unit 246.
  • the new master key information is then used to calculate the new master key information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Procédé et appareil permettant de prévenir la découverte et l'usage impropre de codes à clés de chiffrement. Pour initialiser le système de chiffrement, un nombre de base est généré au hasard au niveau d'une unité pilote et transmis par l'intermédiaire d'une liaison de transmission sûre à une unité asservie. L'unité pilote et l'unité asservie opèrent une transformation irréversible sur le nombre de base afin de produire deux clés identiques de codage permanentes qui sont ensuite mémorisées dans des mémoires rémanentes à la fois dans l'installation centrale et l'unité asservie. Le numéro de base dans chaque unité est ensuite effacé ou détruit. Par conséquent, lors d'une cession de transfert d'informations entre l'unité pilote et l'unité asservie, qui se produit par l'intermédiaire d'une liaison de transmission sûre, la clé permanente mémorisée est utilisée pour identifier l'unité asservie et peut être utilisée pour transférer de manière sûre des clés de chiffrement complémentaires. Divers procédés mécaniques sont utilisés pour rendre sûre l'unité asservie de sorte qu'il est difficile d'extraire de l'unité les informations relatives à la clé permanente sans causer des dommages physiques évidents à ladite unité. Même si l'on parvient à extraire le code à clé permanent, celui-ci ne peut être chargé dans une unité non endommagée, du fait de la présence dans cette unité des circuits de transformation irréversible; on a besoin du numéro de base initial qui alors n'est plus disponible ou ne peut plus être extrait. D'autres modes de réalisation révèlent des modifications apportées à l'appareil classique de chargement de clé en utilisant la technique de transformation irréversible afin de prévenir la découverte ou l'usage impropre de codes à clés mémorisés dans le chargeur de clés. Est également décrit un appareil qui met en oeuvre soit une technique de transformation irréversible soit une technique cryptographique pour authentifier l'appareil de chargement de clés depuis un point d'implantation central.
EP19870902878 1986-02-24 1986-12-04 Procede et appareil pour repartir et proteger des codes a cles de chiffrement Withdrawn EP0259487A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US83281986A 1986-02-24 1986-02-24
US832819 1986-02-24

Publications (1)

Publication Number Publication Date
EP0259487A1 true EP0259487A1 (fr) 1988-03-16

Family

ID=25262688

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19870902878 Withdrawn EP0259487A1 (fr) 1986-02-24 1986-12-04 Procede et appareil pour repartir et proteger des codes a cles de chiffrement

Country Status (3)

Country Link
EP (1) EP0259487A1 (fr)
AU (1) AU7289287A (fr)
WO (1) WO1987005175A1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5293576A (en) 1991-11-21 1994-03-08 Motorola, Inc. Command authentication process
EP0756397B1 (fr) * 1995-07-28 2003-06-25 Hewlett-Packard Company, A Delaware Corporation Système et procédé pour la distribution de clé et pour l'authentification entre un ordinateur hôte et un dispositif portable
JPH09167098A (ja) * 1995-07-28 1997-06-24 Hewlett Packard Co <Hp> 携帯装置用通信システム
DE19822685A1 (de) * 1998-05-20 2000-01-27 Deutsche Telekom Ag Verfahren zur gesicherten Übertragung von Nachrichten
GB2367726B (en) * 2000-10-07 2003-04-23 Complementary Tech Ltd Communications with remote embedded applications

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4281216A (en) * 1979-04-02 1981-07-28 Motorola Inc. Key management for encryption/decryption systems
DE3244538A1 (de) * 1982-12-02 1984-06-07 ANT Nachrichtentechnik GmbH, 7150 Backnang Schluesseleingabegeraet fuer ver- und entschluesselgeraete der geheimen nachrichtenuebertragung
EP0142013A3 (en) * 1983-10-14 1988-01-20 Gerhard Marte Portable memory for recording, storing and reproducing data
DE3340582A1 (de) * 1983-11-10 1985-05-23 ANT Nachrichtentechnik GmbH, 7150 Backnang Elektronischer schluesselspeichermodul

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO8705175A1 *

Also Published As

Publication number Publication date
WO1987005175A1 (fr) 1987-08-27
AU7289287A (en) 1987-09-09

Similar Documents

Publication Publication Date Title
US6339828B1 (en) System for supporting secured log-in of multiple users into a plurality of computers using combined presentation of memorized password and transportable passport record
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user
US4864494A (en) Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software
US5517567A (en) Key distribution system
US7783887B2 (en) Method and apparatus for providing television services using an authenticating television receiver device
US4386233A (en) Crytographic key notarization methods and apparatus
US6160891A (en) Methods and apparatus for recovering keys
US5604801A (en) Public key data communications system under control of a portable security device
EP0043027A1 (fr) Procédé et système électronique de vérification d&#39;une signature
US20070074046A1 (en) Secure microprocessor and method
CN101142599A (zh) 基于硬件识别的数字权利管理系统
EP1992101A2 (fr) Transmission sécurisée de données utilisant des données non découvrables &#34;noires&#34;
JPH0524696B2 (fr)
JPH10508438A (ja) キー・エスクローおよびデータ・エスクロー暗号化のためのシステムおよび方法
CN111295654B (zh) 安全地传递数据的方法和系统
CN101084482A (zh) 电子软件分配方法及使用以硬件识别为基础的数字权利管理方法的系统
WO2000049764A1 (fr) Systeme d&#39;authentification de donnees a blocs d&#39;integrite cryptes
EP1636664A2 (fr) Preuve d&#39;execution par fonction aleatoire
US7131001B1 (en) Apparatus and method for secure filed upgradability with hard wired public key
CN111614467B (zh) 系统后门防御方法、装置、计算机设备和存储介质
CN113472793A (zh) 一种基于硬件密码设备的个人数据保护系统
CN111540093A (zh) 一种门禁控制系统及其控制方法
EP0912011A2 (fr) Procédé et dispositif de chiffrage et de récupération de clé
EP0259487A1 (fr) Procede et appareil pour repartir et proteger des codes a cles de chiffrement
JPH09261217A (ja) 通信装置及びその方法

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH DE FR GB IT LI LU NL SE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 19871127