RU2818177C1 - Advanced encryption system data storage and transmission device - Google Patents

Abstract

FIELD: radio engineering; data processing.

SUBSTANCE: invention relates to radio engineering, computer equipment, storage devices and noise-immune covert transmission of encrypted data in the presence of noise using a finite set of codes of noise-like signals. Technical result is achieved due to the fact that the device comprises a storage device, a communication line, an encryption key generator, an encoder, an address and mode generator, trigger pulse generator, switch unit, code encryption key generator, switch control unit, code generator, receiving device, switch unit, data generator, decoder, decryption key generator, code decryption key generator, switch control unit. During operation of the device, two encryption operations are performed, secret transmission of encrypted data to a user in an optimal way along a communication line, including in the presence of noise.

EFFECT: providing secure transmission of encrypted data to a user.

16 cl, 5 dwg

Description

Field of technology. The invention relates to the field of radio engineering, computer technology, storage devices and noise-resistant secret transmission of encrypted data in the presence of noise using a finite set of noise-like signals (NLS).

State of the art. A data storage device is known [1]. containing a control unit, a memory unit, a switching unit and a key circuit protection unit and ensuring the reliability and safety of data storage in the presence of dangerous external influences (static electricity). The disadvantage of the analogue is the lack of an encryption system and the possibility of secretly transmitting stored data to the user via a communication line (LC) in an optimal way in the presence (in the background) of noise.

A coherent information transmission system is known [2]. A finite set of chaotic signals is used as an NPS. The system contains transmitting and receiving parts. In the transmitting part, chaotic signals are formed, which are multiplied by information sequences so that each bit is transmitted once by its own segment of the chaotic signal, which requires synchronization of the transmitting and receiving parts. On the receiving side, copies of chaotic signals are formed to isolate the information sequence. The disadvantage of the analogue is the need to ensure synchronization of chaotic signals in the receiving and transmitting parts, which requires the use of signals of a sufficient level, and this leads to a lack of energy secrecy in the operation of the system (there is secrecy in the structure of the signals). Synchronization also requires time, which reduces the performance of the system (the wider the range of NPS, the longer the detection and synchronization time). There is also no encryption system or storage device (memory) for storing data. System coherence only means the presence of synchronization of chaotic signals in the transmitting and receiving parts and does not ensure optimal transmission and signal processing (detection and discrimination) in the presence of noise.

An encryption device is considered as an analogue [3, p. 51, fig. 2.5]. in which input character sequences are transformed into output sequences according to the transformation key. The disadvantage of the device is the lack of storage and data transfer capabilities.

The prototype selected is a device [4] containing a memory (a non-volatile memory is indicated), a communication line (a wired or wireless data reception/transmission section is indicated), a random number generator, which is the encryption/recovery keys of the transmitted data, made in the form of one/several integrated circuits or "smart cards", the main control unit, which is a programmable integrated circuit based on software loaded in a special way. The disadvantage is the inability to secretly transfer encrypted data from the memory to the user via LAN in an optimal way in the presence (in the background) of noise.

Brief summary of the essence and composition of the proposed device. Let the input data _X input, consisting of many blocks or bytes, be supplied to the input of the proposed data storage and transmission device with a two-stage encryption system (UHPDS). The task of the device is to save the input data in a form protected from unauthorized correction and restore the data in the place required by the user at the required time, so that as a result X _out = X _in . Each byte corresponds to a numeric value and a symbol of the selected data encoding system. Before storing the numbers corresponding to the input bytes, their numerical values are changed (encrypted) to new values in accordance with the user-selected rule (input signal encryption key). Methods for symbol renumbering are mentioned in [3]. Encryption by renumbering is carried out thanks to control signals, which are the result of comparing the bytes of the selected (reference) encoding system with the signal encryption keys. As a result, the first encryption operation is carried out. Bytes with new, renumbered values are stored in memory. The task of transmitting data over a LAN to reproduce it in its original form in the location desired by the user is implemented using an ensemble of encoded signals belonging to the ShPS class, using optimal processing devices. When transmitting data from the memory, each encrypted byte is transmitted by one of these encoded signals, which are specified by the code encryption keys (the second encryption operation is implemented). The expansion of encryption capabilities is associated with an increase in the number of options for selecting broadband codes (signals) from a set that exceeds the required number of codes (signals) for transmitting data over a communication line. The task of restoring data in its original form is carried out by optimally receiving carrier oscillations secretly transmitted over the communication line and reversely replacing the numerical values of the bytes stored in the memory with the original numbers according to the rule for converting byte numbers. Encryption and decryption are carried out by appropriate devices.

In this way, input data can be saved, protected, secretly transmitted over the LAN in the presence (against the background) of noise using the ShPS and processed in an optimal way, after which it is restored to its original form. R-codes [5, 6] and signals based on them, for example, phase-shift keying signals (PSK), are used.

Secrecy of signal transmission means [7, p. 8, 9], that it is necessary to use special methods and devices to detect the fact of signal transmission in the presence of noise, and it is also necessary to measure the basic parameters of the signals. The larger the signal base, the higher the energy and parametric secrecy. The optimality of signal processing in the presence of noise remains valid even in the presence of a wide range of interference (narrowband, pulsed, structural) [7, p. 7].

Some information about R codes and ensembles. ShPS [7], which have well-known advantages, are widely used in control, communication and radar systems. A type of ShPS are FMS. They consist of a sequence of N radio pulses with the same frequency and amplitude (we consider it equal to unity). The sequence of radio pulses with different initial phases is characterized by a binary code sequence or simply code G. In this case, the FMS based on these codes [5], in which the autocorrelation function (ACF) in the region of the side peaks varies within ±R (0≤R≤N- 1, R - integer), are called signals of the R type (FMS-R. The set of such g codes called R-codes (these are binary codes in which the ACF in the region of the side peaks varies within ±R, where R is the largest permissible value of the side peaks of the ACF modulus).

For a few Barker codes R=1. The highest value (peak) of the ACF modulus of such N-element codes is designated u _m =N, the relative level of the side peaks (SPE) of the ACF is equal to B ₁ =R/N. The FMS base is equal to BN. A sign that a signal is noisy is if the condition is true that the base is large B>>1 [7]. Pairs of codes are characterized by the largest value of the modulus of the cross-correlation function (CCF) W.

FMS-R based on binary R codes are pulse signals. For optimal detection and discrimination between these codes and signals in the presence of noise, well-known methods and schemes (matched filters (MF) and correlators) are used [7].

Some sets of SPS have certain properties that allow us to consider them together as ensembles for constructing alphabets. The works [8-10] discuss the issues of finding R-codes.

The symbol T indicates the duration of each of the N FMS-R radio pulses. The initial phases can be 0 or π (180°), and codes are usually represented as a sequence of coefficients, respectively (+1,-1), for example, (1,-1,-1,-1,-1,1) for N= 6; R=2. In general, the initial phases of radio pulses can be equal to ϕ ₀ +0, when the code coefficient is equal to (+1), or ϕ ₀ +π, in the case when the code coefficient is equal to (-1), where ϕ ₀ is a fixed component of the specified initial phase (the main thing is that the phase difference is 0 or π).

Further, signals based on binary codes are considered to be BPS consisting of radio pulses, the initial phases of which are equal to (ϕ ₀ +0) or (ϕ ₀ +π), and no restrictions are imposed on changes in the amplitudes and frequencies of radio pulses; requirements have been introduced for the UBP of the ACF and VKF.

A variety of binary pulse codes are presented, in which the UBP ACF and VKF satisfy certain requirements, in the form

Where - binary code;

- coefficients of the x-th code of the ensemble;

x - code numbering index, x=1, ..., g;

g - the number of codes in the set or signals based on them;

R - the largest permissible value of the side peaks of the ACF module, 0≤R≤N-1, R - integer;

N is the number of coefficients in codes and in signals based on them.

An ensemble is a name given to a set of codes with introduced restrictions on the UBP of AKF and VKF. For example, for codes with R=3, N=30, W≤29 _, g=256:

The restrictions on the ACF and VCF UBPs are formulated analytically [5, 6]. At moments t _k =k⋅T, where A:=1, …,N-1, counted from the beginning of the ACF (k=0), the values of the ACF module take extreme or zero values and at k=N are equal to N.

The values of the TCF modulus of pairs of ensemble codes with indices “x” and “y” are considered at moments t _k =k⋅T, counted from the beginning of the TCF. Ensemble codes with restrictions on the UBP ACF and VKF according to [5, 6, 8-10] can be represented in the form of inequalities regarding the code coefficients:

Where - coefficients of the i-th code of the ensemble;

N is the number of coefficients in the ensemble codes or in signals based on them;

k - index of numbering of samples of time instants of the autocorrelation function;

R - valid ACF UBP, specified by the user, 0≤R≤N-1, R - integer;

g is the number of codes in the ensemble or signals based on them;

Where - coefficients of the x-th and y-th codes of the ensemble;

x, y (x≠y) - indices of various codes in the ensemble, taking values from 1 to g;

g is the number of codes in the ensemble or signals based on them;

N is the number of coefficients in the ensemble codes or in signals based on them;

k - index of numbering of samples of time instants of the cross-correlation function;

W - permissible level of side peaks of the cross-correlation function specified by the user, N>W≥1;

g=g1 - number of characters in the data coding system.

Ensemble codes are generated by an ensemble code generator. The parameters N, R, W and g are interdependent.

When transmitting data in computer science and computer technology, each byte corresponds to a specific character of the coding system. If each character and, accordingly, byte is associated with a code from the ensemble, then an alphabet will be obtained. When using the well-known ASCII coding system (American Standard Code for Information Interchange), consisting of g1=256 characters, an ensemble of codes of the same number g=g1 is required [8, 9]. Characters correspond to numeric values ranging from 0 to 255, which, as we know, are represented by a set of eight bits that make up a byte.

In general, a g1 character encoding system requires the use of g2=log2g1 bits, so sets of g2 bits (not necessarily eight) are called blocks. For a coding system of two symbols (g1=2) the block consists of a single bit (g2=1) taking two values, an ensemble of two codes is needed.

The coding system can determine the correspondence of analog signal levels at certain points in time and their code values in the form of blocks (bytes). Further, for clarity, the description mentions the ASCII system.

Some terms used to simplify the description.

Alphabet is a one-to-one correspondence between the elements of a coding system and the codes or signals that make up the ensemble.

Ensemble - a set of binary codes or pulse signals based on them, for which restrictions are introduced on the UBP ACF (R) and VCF {W).

Signals based on binary codes are pulse signals consisting of radio pulses, the initial phases of which are equal to (ϕ ₀ +0) or (ϕ ₀ +π), where ϕ ₀ is a fixed component of the specified initial phase, and requirements for changes in the amplitude and frequency of radio pulses are not imposed, for these signals restrictions (2), (3) are introduced on the UBP of the ACF and VKF. If the amplitudes and frequencies are constant, then there are FMS-R.

A block is a collection of g2=log ₂ g1 elements (bits) of a discrete message, where g1 is the number of symbols in a coding system in which each character has a one-to-one correspondence with a specific set of elements (bits), for example, a block of eight bits is called a byte.

In systems for transmitting discrete messages, the elements of message blocks are logical “1” and “0”, and in computer systems, data is represented in the form of bytes, for which pulses of different polarity “±1” are used.

The following description is given using bytes as an example.

L - data - blocks (bytes) of input data, renumbered in the encoder in accordance with the encryption keys indicated by the symbol L.

Writing data is entering bits of encrypted blocks (L - data) into memory cells.

Data recovery - conversion of ensemble codes transmitted via LAN into L - data and their subsequent decryption.

Linganum is a user-specified function (rule, table) that defines a one-to-one correspondence between sets of numbers (0; 1; ...; g1-1) and a set of symbols of the selected coding system. ASCII is a special case of linganum.

Renumbering of blocks (bytes) - changing the order of elements (bits), for example, logical ones and zeros, or positive and negative logical ones included in a block (byte) so that the numerical value determined by the elements of the block (byte) becomes equal to the assigned one number (key).

The numerical values of blocks are determined by a sequence of elements that are considered as digits of the binary number system, and if positive and negative logical units are selected as elements, then when calculating the numerical values of a block, negative logical ones are replaced by zeros.

A form is a set of codes for which a one-to-one correspondence of integers in order from 1 to g3 and ensemble codes (1) is specified, for example, with g3=259.

A functional group is a set of elements of the same type, for example, a group of lines (group communication lines), input/output conductors, devices that perform the same operations (functions).

Sorting is the operation of transforming one finite sequence of numerical values into another so that the indices of the ordinal numbers of the elements of the original sequence are reduced by one and swapped with the values of the elements of this sequence, the ordinal numbers of the new numerical sequence are increased by one and the elements of the resulting sequence with their changed ordinal numbers are arranged in ascending order of these numbers.

Sorting is used to determine the data recovery linganum and decryption keys based on the type of recording linganum and encryption keys, which allows decryption to use the same operations and schemes as for encryption.

The sorting order is determined by the fact that the values of the original sequence must be replaced with new ones, and also take into account that these values and their indices differ by one (for example, in ASCII the indices vary as 1, 2, 3, and the numeric values of the characters change in ascending order 0, 12, …). To do this, the indices of the original sequence before the specified replacement are reduced by one, and the indices of the new sequence must be increased by one.

An example of single-operation (one-time) sorting: the initial sequence is specified , written taking into account the serial number and meaning of the elements, using the correspondence sign "→". That is (ordinal number (original value → new value)): 1(0→5); 2(1→0); 3(2→3); 4(3→2); 5(4→1); 6(5→4). Another possible entry: (there are six elements, and their values vary from 0 to 5). Sorting to determine the required sequence: decreasing the index of the serial number by one - (5 ₀ ; 0 ₁ ; 3 ₂ , 2 ₃ , 1 ₄ ; 4 ₅ ); swapping indices and values - (0 ₅ ; 1 ₀ ; 2 ₁ 3 ₂ ; 4 ₁ ; 5 ₄ ); increasing the indices of the new sequence by one - (0 ₆ ; 1 ₁ ; 2 ₄ ; 3 ₃ ; 4 ₂ ; 5 ₅ ); arrangement of elements in ascending order of indices - . Another entry through the compliance mark for verification: 1(0→1); 2(1→4); 3(2→3); 4(3→2); 5(4→5); 6(5→0). There is an unambiguous relationship between the obtained result and the original sequence presented above through the sign of correspondence and renumbering ("→").

Initial sequence defines the operation of establishing a one-to-one correspondence between a finite set of numerical values (elements of this sequence) and a set of indices used to number them.

For the second example, we assume that there are g3=10 numbers from 0 to g3-1 (that is, 0, ..., 9), from which g1=6 different values are selected and, for example, a sequence is created (indices vary from 1 to g1=6). Sorting operations: (2 ₀ ; 4 ₁ ; 5 ₂ ; 1 ₃ ; 7 ₄ ; 9 ₅ ); (0 ₂ ; 1 ₄ ; 2 ₅ ; 3 ₁ ; 4 ₇ ; 5 ₉ ); (0 ₃ ; 1 ₅ ; 2 ₆ ; 3 ₂ ; 4 ₈ ; 5 ₁₀ ), that is Reconciliation of elements confirms the correctness of the result of the sorting operation. The index values of the sequence obtained after sorting vary within a wider range (from 1 to g3=10). This can be written so that the indices of g1 elements vary in the interval 1≤j≤g3. Elements with missing indexes are not specified; a space is assumed.

Note: the encryption system is called extended, since the required number of codes g for transmitting g1 elements of the coding system (g1=g) is selected from a larger number of codes g3 than required (extended). specified in the form.

Representation of the encryption operation by renumbering the bytes. An option is presented when a block corresponds to a byte. Encryption of signals (the first encryption operation of the two implemented) is carried out by replacing the numerical values of the bytes, that is, by renumbering. Designated:

sequence of linganum values of data recording in binary and decimal representation (the first two and last bytes are written out), each value in brackets is one of the positive integers from 0 to (g1-1), used in composing this sequence only once (g1 is the number of characters in the data coding system, for example, g1=256);

for a binary representation system L _i,j sets the i-th bit of the j-th byte (taken as logical values "1" or "0"). The L values set the values used as encryption keys for the data signals.

The values of the sequence L determine the values of the encryption keys (4), for which a generator of the same name with g1 outputs is used. When recovering data, sequence sorting is used (4).

Designation introduced:

input data in binary and decimal systems (only the first two bytes are written);

data after encryption by renumbering using the sequence L, written in binary and decimal systems (the first two bytes are written out);

i, j are bit and byte numbering indices.

When recording values in tables (Fig. 2, 3) index j is omitted, its role is played by the row numbers of the table. The renumbering of bytes (5) to (6) is carried out in the encoder (before writing to the memory) and in the decryptor (when restoring data) by performing an operation of checking the feasibility of certain conditions and performing an assignment operation. The first encryption operation can be represented as:

"If" or

"If" or

"If " or…

"If"

encryption operation by replacing numeric values,

where j=1, 2, … - byte numbering index;

X _{input j} - value of the j-th byte of input data;

- the value of the j-th byte after encryption;

L ₁ ; _L2 ; …, L _g1 - sequence of values of single-operation encryption keys;

g1 is the number of characters in the data encoding system.

Note that if j>(g1-1), for example, j=1000, then “If” or "If" "If" therefore expression (7) is applicable (the value is important, not the index).

Output after recovery:

output data in binary and decimal systems, the first two bytes are written out.

With two-operation encryption, in addition to the first operation of signal encryption, a second operation is carried out associated with changing the numbering of the broadband codes used for data transmission. Such encryption consists in the fact that, according to some rule known to the user, only a part of the codes (g1=g≤g3) is selected for use from a form containing g3 codes. As a result of this encryption stage, a one-to-one correspondence is established between part of the codes selected from the form (they are used to transmit bytes over the communication line) and the previously encrypted bytes. The selection rule is set by the code encryption keys:

sequence of values in binary and decimal representation (the first two and last bytes are written out). These values are one of the positive integers from 0 to (g3-1) (according to the number of codes (1) in the ensemble), each of the numbers is used only once, while some of them remain unused (from the possible g3 values of code numbers from the form only g1=g≤g3 values are used according to the number of characters in the coding system). For the binary number system, M _{i, j} specifies the i-th bit of the j-th byte. As follows from the example given with the indices in (9) vary from 1 to g1.

The values of the sequence M determine the values of the encryption keys for the code numbers, to obtain which the generator of the same name is used. The results of two-operation encryption can be represented as a sequence

data after encryption by renumbering using the sequence L, written in binary and decimal systems (the first two bytes are written out) and as a result of varying the numbering of the ShPS codes using encryption keys M; i, j - bit and byte numbering indices.

Two-op encryption byte sequence values:

"If" or one of the sequence values (9) specifically defined by the encryption keys or

"If" takes one of the values of the sequence (9) from which the element previously used in the assignment operation is excluded, or

"If" takes one of the values of the sequence (9) from which the elements used in earlier assignment operations are excluded, or...

"If" takes one of the values of the sequence (9) from which the elements used in earlier assignment operations are excluded - (11) encryption operation by using code encryption keys,

where j=1, 2, … - byte numbering index;

- the value of the j-th byte after two-operation encryption;

- the value of the j-th byte after the first encryption of data signals;

M ₁ , M ₂ , M _g1 - sequence of values of code encryption keys;

g1 - the number of codes and symbols used in the coding system.

Specific meanings assigned to elements of a sequence determined by encryption keys. As a result, the encrypted data bytes (6) in accordance with the code encryption keys M of formula (9) are associated with codes (1) that are transmitted to the input of the communication line (Fig. 1). Sequence elements correspond to the result of encrypting code numbers, which consists in switching the outputs of the switch block to the inputs of the code generator.

Thus, encryption of signals is implemented with keys L of expression (4) (the first encryption operation), as well as encryption of code numbers from the form with keys M of relation (9).

When recovering two-operation encryption data, sorting sequences (4), (9) is used. As a result, sequences L' and M' were found that determine the decryption keys for each of the encryption operations performed. Decryption keys are generated by a decryption key generator and code decryption key generators. For the first decryption operation:

sequence of linganum values for data recovery in binary and decimal representation (the first two and last bytes), each value in brackets in decimal representation is a positive integer from 0 to (g1-1), used when composing the linganum only once, g1 is the number of characters in a data encoding system, for a binary system L' _i,j determines the i-th bit of the j-th byte. This decryption linganum is used as decryption keys in the recovery part decryptor.

For the second decryption operation, for example, the sequence is used:

a sequence of some linganum values for data recovery in binary and decimal representation, each value in brackets in decimal representation is a positive integer from 0 to (g1-1), used when compiling the linganum only once; g1 is the number of elements in the coding system.

The decryption linganum is used as decryption keys in a corresponding generator, and decryption is realized by a switch control device and a switch block. In general, the sequence of decryption keys M' obtained after sorting, by analogy with the previously presented example related to has g1 elements, the indices are determined by specific values of the encryption keys, the values of the indices j take values from the interval from one to g3. Therefore, the sequence entry in general looks like:

Data recovery after implementing two-operation encryption on the storing and transmitting side is carried out sequentially, using decryption keys (first by code numbers, and then by numeric byte values).

Decryption by code numbers consists of converting two-operation encrypted values in formula (11) in the sequence of values arriving at the input of the corresponding decoder, which are designated and are similar, if decrypted correctly, to the elements sequences (6) of single-operation encrypted signals:

"If" or one of the sequence values (13) specifically determined by the decryption keys or

"If" takes one of the values of the sequence (13) from which the element used in the assignment operation was excluded earlier, or

"If" takes one of the values of the sequence (13) from which elements used in assignment operations earlier or... are excluded.

"If" takes one of the values of the sequence (13) from which the elements used in the assignment operations earlier are excluded - (14) decryption operations by restoring single-operation encrypted bytes,

where j=1, 2, … - byte numbering index;

- the value of the j-th byte before decryption;

- the value of the j-th byte after this decryption stage;

g1, g3 - the number of characters in the coding system and codes in the form.

Specific meanings assigned to elements of a sequence determined by decryption keys.

The second stage decryption by renumbering the bytes is that the values expressions (13) are transformed into X _output from formula (8):

"If" or

"If" or

"If"

"If"

decryption operations by replacing numeric values,

where j=1, 2, … - byte numbering index;

- the value of the j-th byte before decryption;

X _{out j} - the value of the j-th byte of the output data;

- sequence of decryption key values;

g1 is the number of characters in the data encoding system.

Assuming that decryption is implemented error-free, in formulas (14), (15) the values equal to the values of the encrypted bytes When implementing the circuit implementation of the procedure for deciphering code numbers, the required switching of the outputs of the switch block to the inputs of the data generator is carried out.

The values of L in formula (4) and M' in expression (9) are used to set control signals for the operation of inverter keys used to obtain logical functions (LF), which provide renumbering of data during encryption (7). (11) and decryption (14). (15). Such LFs are implemented, for example, on logical elements [11, 12]. Encryption is carried out in accordance with the LF, which is built on the basis of a truth table. To implement the required inversions of the LF arguments, inverters are used. After generating the inverter control signals, the UHPDSH is ready for operation.

To implement data operations in the declared UHPDSH, devices are used that have several inputs or outputs, for which, for the purpose of convenience of presentation, the following numbering has been introduced. Encryptor - the first input is the UHPDSH input; the second input is the one connected to the output of the encryption key generator; storage device - the first input is the one connected to the output of the encoder; the second input is the one that is connected to the output of the address and mode generator; switch block - the first inputs are connected to the outputs of the trigger pulse shaper; the second group of inputs is connected to groups of outputs of the switch control unit; switch block - the first input is a group of inputs connected to the outputs of the receiving device; the second input is a group of inputs connected to a group of outputs of the switch control unit; decryptor - the first input is the one that is connected to the output of the decryption key generator; the second input is the one connected to the output of the data generator; logical encryption device - the first input is the one that is connected to the output of the encoder interface device; the second input is the one that is connected to the output of the encryption key converter; decryption logical device - the first input is the one that is connected to the output of the decryption key converter; the second input is the one connected to the second input of the decryptor; switches of the switch block - their first inputs are connected to the corresponding inputs of the switch block (connected to the output of the trigger pulse shaper); the second inputs of the switches are the second inputs of the switch block and are connected to the corresponding outputs of the switch control block; switch block switches—the first inputs are connected to the first inputs of the switch block; the second inputs are connected to the second group of inputs of the switch block.

The essence of the invention. The task to be solved by the claimed invention is to ensure the protection of data from external influences during their storage and transmission.

The problem is solved due to the fact that an encryptor, an address and mode generator, a trigger pulse shaper, a switch unit, and a code encryption key generator are introduced as new features into a data storage device with an extended encryption system containing a storage device, a communication line and an encryption key generator. , switch control unit, code generator, receiving device, switch unit, data generator, decryptor, decryption key generator, code decryption key generator, switch control unit, and

the first input of the encoder is connected to the input of the entire device, the second input of the encoder is connected to the output of the encryption key generator, the output of the encoder is connected to the first input of the storage device, the second input of the storage device is connected to the output of the address and mode generator, the output of the storage device is connected to the input of the trigger pulse shaper, the outputs of the trigger pulse shaper are connected to the first group of inputs of the switch block, the second group of inputs of the switch block are connected to the corresponding groups of outputs of the switch control block, the inputs of the switch control block are connected to the outputs of the code encryption key generator, the outputs of the switch block are groups connected to the corresponding inputs of the generator codes, the output of the code generator is connected to the input of the communication line, and the output of the communication line is connected to the input of the receiving device, the outputs of the receiving device are connected to the first group of inputs of the switch block, the second groups of inputs of the switch block are connected to the groups of outputs of the switch control block, the inputs of the switch control block are connected with the outputs of the code decryption key generator, groups of outputs of the switch block are connected to the corresponding inputs of the data generator, the output of which is connected to the second input of the decryptor. the output of the decryptor is the output of the entire device, the first input of the decryptor is connected to the output of the decryption key generator, while

the code generator generates a set of codes (1) or signals based on them; the coefficients of these codes also satisfy relations (2). ensemble codes satisfy constraints (3),

the encryption key generator generates signals corresponding to the elements of the sequence expressions (4), where g1 is the number of elements in the data coding system,

the encoder generates signals based on conditions (7),

the data generator generates signals according to formula (14),

decoder generates signals based on conditions (15),

the encryption key generator generates signals corresponding to the elements sequence (4), where g1 is the number of elements in the encoding system, the code encryption key generator generates signals corresponding to the elements of the sequence M _j , j=1, 2, …, g1 of formula (9), where g1 is the number of elements in the data encoding system ,

the decryption key generator generates signals corresponding to the elements (12) of the sequence where g1 is the number of elements in the data coding system obtained so that

sequence numbers jx of elements of the encryption key sequence are decreased by one and swapped with the values of the elements of this sequence, the serial numbers of the new numerical sequence are increased by one and the elements of the resulting sequence with their changed serial numbers are arranged in ascending order of these numbers, the code decryption key generator generates signals corresponding to the elements (13) of the sequence where g3 is the total number of codes in the ensemble or signals based on them, entered into the form, obtained so that the serial numbers jx of the elements of the sequence of code encryption keys M _j , j=1, 2, ..., g3 are reduced by one and swapped with the values elements of this sequence, the serial numbers of the new numerical sequence are increased by one and the elements of the resulting sequence with their changed serial numbers are arranged in ascending order of these numbers, the encoder contains an encoder interface device. encryption key converter and encryption logic device,

the input of the encryption key converter is the second input of the encryptor, and the output of the encryption key converter is connected to the second input of the logical encryption device, the first input of the logical encryption device is connected to the output of the interface device of the encryptor. the input of the encoder mating device is the first input of the encoder and the entire device, the output of the logical encryption device is the output of the encoder;

the switch block contains a functional group of g1 switches, the first inputs of which are connected to the corresponding inputs of the first functional group of inputs of the switch block, the second inputs of these switches represent a functional group of inputs and are connected to the corresponding inputs of the second functional groups of inputs of the switch block, the outputs of each of the switches constitute functional groups and connected to the outputs of the switch block; the switch control unit contains a functional group of g1 control drivers, the inputs of which are connected to the inputs of the switch control unit, the outputs of each control driver form functional groups of g3 outputs connected to the corresponding outputs of the switch control unit; the switch block contains a functional group g3 of switches, the first and second inputs of which are connected to the first and second group of inputs of the switch block, g1 outputs of each switch form a functional group of outputs connected to the corresponding outputs of the switch block;

the switch control unit contains a functional group g3 of control converters, the inputs of which are connected to the inputs of the switch control unit, the outputs of the control converters constitute a functional group g3 of outputs connected to the outputs of the switch control unit;

the decryptor contains a decryption key converter, a decryption logical device and a decryptor interface device,

the input of the decryption key converter is the first input of the decryptor, the output of the decryption key converter is connected to the first input of the decryption logical device, the second input of the decryption logical device is the second input of the decryptor, the output of the decryption logical device is connected to the input of the decryptor interface device, the output of which is the output of the decryptor and the entire device .

The presented set of essential features allows us to obtain a technical result and achieve the purpose of the invention, which is to further increase the security of data storage by encrypting it, expanding the choice of encryption keys, two-operation encryption and ensuring energy-secret transmission of encrypted data to the user via LAN, including in the presence of noise in an optimal way.

The proposed device is illustrated by a block diagram (Fig. 1). It follows from it that the input bytes (5) are renumbered in accordance with the encryption keys (4) and encrypted bytes (6), (7) are formed, which are one-to-one assigned to the NPS codes selected from the form according to a certain rule specified by the keys encryption (9) according to rules (11). The received encoded signals from the transmitting, storage side via the communication line arrive at the receiving, restoring side, are recognized in the receiving device, the outputs of which are re-switched by switches to the inputs of the data shaper so that at the output of the recovered byte shaper the same signals are received that were at the output of the encoder on transmitting side of the UHPDSH. When working correctly, this corresponds to decryption (14) with decryption keys (13), that is, transformation of sequence (10) into the sequence obtained after single-operation encryption (6). The second stage of decryption is implemented by a decryptor using keys (12) according to rules (15) by renumbering the bytes and generating output signals (8).

List of figures in a graphic image.

Fig. 1 - block diagram of a data storage and transmission device with an extended two-operation encryption system.

Explanation of numerical designations:

1. Storage device. 2. Communication line. 3. Encryption key generator. 4. Encryptor. 5. Address and mode generator. 6. Trigger pulse generator. 7. Switch block. 8. Code encryption key generator. 9. Switch control unit. 10. Code generator. 11. Receiving device. 12. Switch block. 13. Data generator. 14. Decoder. 15. Decryption key generator. 16. Code decryption key generator. 17. Switch control unit. 18. Encryptor interface device. 19. Logical encryption device. 20. Encryption key converter. 21. First switch. 22. k-th commutator, k=2, …, g ₁ -1. 23. g _1st switch. 24. The first control shaper. 25. k-th control driver, k=2, …, g ₁ -1. 26. g _1st control driver. 27. First switch. 28. kth switch, k=2, …, g ₃ -1. 29. g _3rd switch. 30. Logical decryption device. 31. Decryption key converter. 32. Decryptor interface device. 33. First control converter. 34. kth control converter, k=2, …, g ₃ -1. 35. g _3rd control converter.

Fig. 2 - table of binary values of LF encryption arguments;

Fig. 3 - table of binary values of encrypted data and LF encryption;

Fig. 4 - table of decimal values of linganum for data recording and encryption;

Fig. 5 - table of values of the LF control of the ensemble code generator.

Information confirming the possibility of implementing the invention.

1. Used logical functions, sorting operation to carry out decryption. The LFs on which the work of the UHPDSH is based are considered, and the sorting operation used in decryption is analyzed.

1.1 LF for a logical unit (LU) of single-operation encryption.

For the LF record, a truth table has been compiled, which indicates the numbers of symbols and bytes before encryption and after this operation based on the linganum of the record. If the implicitly specified values of the linganum of record (4) are introduced into the truth table, then the LF cannot be expressed explicitly. Therefore, as an example, one of the possible variants of linganum is given, which made it possible to write the LF in explicit form. This example is considered for the case where blocks correspond to bytes.

The arguments of the desired LF of the specified encryption are the input bytes (5), and the values of the function are the resulting encrypted bytes (6). Placing the input and output bytes in one table is difficult, so two tables are used. In fig. Figure 2 shows the values of the LF encryption argument table for the lingamum record chosen as an example. It does not contain the symbols of the coding system, but their serial numbers are given, the values of the binary digits and the decimal values of these binary numbers are indicated (numbering in order starts from one, and the values start from zero). For example, the symbol “E” corresponds to the binary and decimal numbers 1000101 ₂ =69 ₁₀ , the serial number in the table is 70. The first column contains the numbers in order, then eight columns with bit values for all byte options (binary representation of the number) and in the last column contains decimal values X ₁₀ (from 0 to 255 for g1=256).

In fig. Figure 3 shows a table of argument values and a truth table for LF encryption, which allows, using the correspondence sign “→,” to write down the operation of converting the numeric values of the arguments (Fig. 2) into certain function values. Then, using the example of linganum (4) we get:

The first column of the table in Fig. 3 - byte numbers in order; the second - new decimal values in accordance with the given linganum; Columns 3…10 - encrypted binary values; Columns 11…18 are new binary values in accordance with the linganum (they coincide with the values of columns 3…10, but are highlighted for the convenience of constructing the LF according to the rules [11, p. 31; 12, p. 18]).

Explanation of the designation. LF encryption is a set of components designated which together with indexed row by row and by column. Variation by index i is carried out by introducing columns for LF components, and variation by j in the designation of components in the specified table of Fig. 3 is not shown, since it is carried out in accordance with the known rules for constructing a LF. That is, the encrypted data values in binary form of the j-th row are equal to the values of the components (line index j omitted). The inversion operation is indicated by the symbol (…)*. Using a particular example of the tables in Fig. 2, 3 show the most significant components (bits) of LF encryption which are usually written in a line from oldest to youngest:

The ellipsis in the sums (16) means the possible presence of other terms (Fig. 3 shows part of the rows of the complete table for all possible bytes). Other components of the LF are also compiled. Examples of expressions define the LF record during single-operation encryption of input bytes for any set of arguments that specify the numerical values of all possible bytes before encryption.

1.2 Sorting operation.

When restoring data, two sets of decryption keys (12) and (13) are used, the numerical values of which are the result of sorting sequences (4), (9). A variant of the sequence L _} is given in the table of Fig. 4 (this table is expanded compared to the table in Fig. 3).

Designations in the table: j - numbering index in the order of the numerical values of the coding system symbols; X ₁₀ - decimal numeric values of the bytes of the coding system; L _j - decimal numbers of the renumbering linganum (new numeric value of the bytes that need to be obtained after encryption). The following relation is valid: j=1+X ₁₀ . For the sake of brevity in presenting the example, this table shows only part of the numerical values of the coding system for g1=256. For example, j=111th character of the coding system is described by a byte corresponding to the decimal number 110 ₁₀ , and in accordance with the linganum of the recording, the character is renumbered and corresponds to the decimal number 149 ₁₀ and so on. The table data (Fig. 4) is an example for the case of encrypting bytes by renumbering and allows you to obtain decryption keys after sorting.

Based on the data in the table of Fig. 4 linganum record has the form:

For example, the element j=55 is equal to the decimal number X ₁₀ =54 and is renumbered to the number 250.

Recovery by decryption occurs in the reverse order. It is required to swap the first and second numbers (or change the direction of the arrows of the correspondence sign “→”) and sort (rearrange, change the writing order) these pairs of numbers so that the first numbers (the left ones) after the rearrangement increase.

Based on the previously described sorting procedure, we obtain step-by-step results of performing operations to obtain the required sequence L':

- increasing the indices in the new sequence by one and arranging the elements in ascending order of indices.

Therefore, the recovery linganum defining the decryption keys is:

A procedure is shown for sorting the linganum values of a record to construct a linganum (17) for restoring data obtained after single-operation encryption, as well as determining the decryption keys.

Similar operations are carried out for the sequence M of expression (9) in order to obtain the elements of the sequence M' of formula (13), which determine the decryption keys of the codes of the corresponding generator.

1.3 LF control of the ensemble code generator.

For certainty, the ASCII system was chosen (g1=256). The type of logical functions is considered , which must be used to receive impulses to start the code generator. Since encrypted bytes are stored in the memory , then each of them corresponds to a decimal number, which is designated

It is required to receive an impulse (the LF value is marked as "1") only on output from all available g1=256 outputs, and the value “0” should be generated at the remaining outputs. The received signal then allows, using a code generator, to generate only ensemble code from all possible g1=256 options. That is, if a byte is extracted from the memory, which corresponds, for example, to the decimal number 184, then the command generator circuit in question creates a “1” pulse only on its exit. This makes it possible to launch a device that exclusively generates only the 185th code from the ensemble code book. If code encryption is implemented, the corresponding form code is generated. The LF is considered for the procedure for obtaining the required signal at the output of the corresponding logical device.

Designated: - arguments, - LF from these arguments, and the LF value is equal to “1” (Fig. 5) only for - set of arguments , and for other options the value is “0”. A truth table has been compiled (Fig. 5), and for simplicity, only a few numerical values are indicated. In the first column - numbers in order, in columns from the second to tenth - decimal and binary numeric bit values corresponding to ASCII characters. The remaining columns contain the required LF values.

If the signal is at the first output of a device that implements LF, then at all other outputs the function is zero, if the signal is at the second output, then at all others it is zero, and so on ( only for the nth byte, n=1, …, g1). Applying the known rules [11, p. 31; 12, p. 18], we obtain the required LFs, for example:

where n=g1=256, j=1, 2, … - byte numbering index.

If we substitute the binary values of the numbers, sequentially, for example, for j=1, 185, 256 from the table in Fig. 5 into formula (18), we obtain, respectively, (other components are equal to zero), (other components are equal to zero), (other components are equal to zero). These quantities determine the LF of the control of the SPS drivers. If blocks of elements are used, then the LF contains g1 component, g1 is the number of elements in the coding system. The components of the considered LF determine the operating mode of the ensemble code generators.

2. Example of an ensemble code form

The largest value of the TCF is always less than the largest value (peak) of the ACF, therefore for any set of codes W<N. Consequently, the codes of the presented form form an ensemble with parameters N, R, W and conditions (2), (3) are satisfied. This allows, by analyzing the ACF and VKF UBPs, to distinguish codes and signals based on them from each other and to restore encrypted data blocks transmitted over the LAN and the original input data after they are stored in the memory. It is necessary to use ensembles of codes and signals based on them with the lowest possible values of the ACF and VCF SBP [5, 6].

Comment. The following parameters are used in the description: g - the number of codes selected from the form for data transmission; g1 - number of elements in the coding system (g1=g); g3 - the number of codes included in the form, from which g codes used for data transmission are selected (g≤g3).

3. Description of the proposed device.

A block diagram of a data storage and transmission device with an advanced encryption system is presented in (Fig. 1), a decoding of the numerical designations is given, while

the first input of the encoder 4 is connected to the input of the entire device, the second input of the encoder 4 is connected to the output of the encryption key generator 3, the output of the encoder 4 is connected to the first input of the storage device 1, the second input of which is connected to the output of the address and mode generator 5, the output of the storage device 1 is connected with the input of the trigger pulse shaper 6. the outputs of which are connected to the corresponding inputs of the first functional group of inputs of the switch block 7, the outputs of the code encryption key generator 8 are connected to the inputs of the switch control unit 9, the functional groups of outputs of which are connected to the inputs of the second functional group of inputs of the switch block 7 , functional groups of outputs of the switch block 7 are connected to the corresponding inputs of the code generator 10, the output of which is connected to the input of communication line 2, the output of communication line 2 is connected to the input of the receiving device 11, the outputs of which are connected to the inputs of the first functional group of inputs of the switch block 12, generator outputs code decryption keys 16 are connected to the inputs of the switch control unit 17, the functional groups of outputs of which are connected to the inputs of the second functional group of inputs of the switch block 12, the functional groups of outputs of the switch block 12 are connected to the corresponding inputs of the data generator 13, the output of which is connected to the second input of the decoder 14, the first input of the decryptor 14 is connected to the output of the decryption key generator 15, at the same time, the encryptor 4 contains an encoder interface device 18. a logical encryption device 19, an encryption key converter 20,

the input of the encryption key converter 20 is the second input of the encoder 4, and the output of the encryption key converter 20 is connected to the second input of the logical encryption device 19, the first input of the logical encryption device 19 is connected to the output of the coupling device of the encryptor 18, the input of which is the first input of the encryptor 4, the output of the logical encryption device 19 is the output of encoder 4;

block of switches 7 contains a functional group of g1 switches, such as the first switch 21. k-th switch (k=2, ..., g1-1) 22, g1-th switch 23,

the first inputs of each of the switches are connected to the corresponding inputs of the first functional group of inputs of the switch block 7, the second inputs of the switches represent a functional group of inputs and are connected to the corresponding inputs of the second functional groups of inputs of the switch block 7, g3 outputs of each switch represent a functional group connected to the corresponding group switch block outputs 7;

the switch control unit 9 contains a functional group of g1 control drivers 24, 25, 26, the inputs of which are connected to the inputs of the switch control unit 9, the outputs of each control driver form a functional group of g3 outputs connected to the corresponding outputs of the switch control unit 9;

switch block 12 contains a functional group of g3 switches 27, 28, 29, the inputs of which are connected to the first and second group of inputs of the switch block 12, the outputs of each switch form a functional group of g1 outputs connected to the corresponding outputs of the switch block 12;

the switch control unit 17 contains a functional group of g3 control converters 33, 34, 35, the inputs of which are connected to the g3 inputs of the switch control unit 17, the outputs of any control converter constitute a functional group of g1 outputs, which are connected to the outputs of the switch control unit 17;

decryptor 14 contains a logical decryption device 30, a decryption key converter 31 and a decryptor interface device 32, the input of the decryption key converter 31 is connected to the first input of the decryptor 14, the output of the decryption key converter 31 is connected to the first input of the logical decryption device 30, the second input of the logical decryption device 30 connected to the second decryption input 14. The output of the logical decryption device 30 is connected to the input of the decryptor interface device 32, the output of which is the output of the decryptor 14 and the entire device.

4. Composition and operation of individual devices included in the claimed device.

Devices 1, 3 -10 from the diagram in Fig. 1 for convenience of presentation are assigned to the storage part, and devices 11-17 are assigned to the restoring part, both parts are connected by LS 2 and make up the UHPDSH. To make the presentation concrete, a description of these devices is presented in relation to blocks in the form of bytes.

4.1 Storage device. Memory 1 is intended for recording, storing and reproducing at its output the stored data obtained after single-operation encryption. Memory 1 is non-volatile and repeatedly reprogrammable. These requirements, in particular, are satisfied by solid-state integrated reprogrammable memories with electrical erasure (without removing the chip from the contact pads) or EEPROM [13, p. 231, 233] and hard drives (with a large amount of memory for stationary use of UHDSH or small-sized for mobile use).

There is a matrix consisting of storage cells (SC), decoders for selecting rows and columns, address buses for writing and reading signals from cells [13, p. 237, 239]. Cell selection signals are supplied from the output of the address and mode generator 5 (Fig. 1). Operating modes: reading, writing, erasing.

In operating mode, the L-data bytes are entered into the SL. The sequence of writing and reading is regulated by the control signals of the SZ addresses and the operating mode. The signals are sent to the second input of memory 1. After the recording is completed, the encryption key generator 3 can be turned off (or disconnected from the entire device). When power is removed from the entire device, memory 1 goes into storage mode. Reading data from memory 1 is implemented in a similar way. Deleting data from memory 1 is possible by sending signals (4) from the encryption key generator, all of which have the same values. All embodiments of memory 1 allow one to obtain the same technical result.

4.2 Communication line. LS 2 is designed to transmit ensemble codes or signals based on them from the storage to the restoring part of the device. LS 2 is a set of technical means and physical environment that ensures the propagation of data signals [14, p. 189]. Technical means may include a modulator (for example, a mixer with an amplifier), a transmitter (for example, amplifiers and antennas), a receiver (for example, a frequency converter with an amplifier), and a demodulator. Physical media: solid, liquid, gaseous, vacuum. There are lines of electrical communication (wired and radio communication), sound (acoustic) and light (optical) communication.

Data can be transmitted using electromagnetic waves propagating through wires, cables, waveguides, light guides, as well as in air and airless space. In particular, through twisted pair cable, fiber optic cable (FOC), coaxial cable, radio channel of terrestrial or satellite communication [15].

An example of a solid physical medium is sound ducts of surface and volumetric acoustic waves made of, for example, piezoquartz and lithium niobate. The length of the sound pipes is short, but they are practically insensitive to external influences, excluding direct physical destruction. Devices based on volumetric and surface acoustic waves for sound (acoustic) communication lines are presented in [16].

Sound (acoustic) communication lines in a liquid medium are considered in [17], light (optical) communication lines are presented in [18].

When directly connecting the input and output contacts of communication line 2 (Fig. 1), the functions of the communication line are performed by the conductors of the circuit elements of the corresponding devices 11 and 12. Auxiliary equipment (converters, amplifiers, antennas, and so on) are not considered here. All implementation options for LS 2 provide the same technical result.

4.3 Encryption key generator. Generator 3 is designed to generate signals corresponding to the encryption linganum (4). These signals represent a set of g1=g bytes, the numerical values of each of which correspond to the value of L _j in expression (4), each set of bytes consists of a set of elements (bits). Parameters g, g1 - the number of codes selected from the form for transmission via LAN 2 and the number of elements in the coding system. The device can be made on elements of discrete circuitry, for example, on shift registers with taps [7], so that inverters are connected to the corresponding taps, which allows the adder to receive signals from all taps the required numerical combination of elements (bits), that is, the necessary key bytes encryption.

A possible embodiment is in the form of a storage device in which all the required signals are recorded and from which they can be retrieved. These signals are the outputs for encryption key generator 3.

The encryption key generator 3 can be made in the form of a programmable logic integrated circuit (FPGA) [12, 13, p. 494, 534] or a variation thereof or an FPGA variant that may be created in the future. Control signals supplied to the FPGA make it possible to implement the proper LFs and obtain the required byte sequences. In any case, the same technical result is ensured.

4.4 Encryptor. Device 4 is designed to encrypt input data by renumbering the bytes in accordance with the recording lingo (based on expression (4)) specified by the encryption key generator 3. Encryptor 4 performs the first of two encryption operations.

To realize this purpose, LFs similar to formula (16) are used; the construction is given in the example. LFs can be implemented, for example, on logical elements “AND”, “OR”, “NOT” [11, 12]. The encoder includes an encoder interface device 18, an encryption LU 19 and an encryption key converter 20.

A summary of the essence of encryption operations. To implement LF encryption, as follows from expression (16), it is necessary to perform inversion operations, which is possible by using inverters, the operating mode of which is regulated by control signals. These operations are carried out in the encryption LU 19, and the specified control signals are generated by the encryption key converter 20. The control signals depend on the results of comparison (according to a certain rule) of the bytes generated by the encryption key generator 3 (they are specified by the user) with the bytes of the selected encoding system (they perform role of standards).

The purpose of inverters is to carry out the operation of inversion (negation) of a binary variable (let's denote it "A") under the influence of an external control signal U. For example, variable A is converted to A* if U is equal to logical "1" and is not converted if U is equal to logical " 0".

In particular, the inverter can be built from two electronic switches (Cl. 1.2) and a circuit that performs the “NOT” inversion function. The general circuit consists of two parallel branches. The first is located Cl. 1, in the second - the element “NOT” and sequentially with it Cl. 2. The inputs and outputs of the branches are also the inputs and outputs of the inverter. Cl.1 opens when a positive signal U is applied to the control input of the key (let’s denote it “+1”), and Cl. 2 closes when this signal is applied. In this case, the input variable A passes to the output through Cl.2 and is inverted (“+1” - there is inversion). If the opposite control signal is supplied (denoted by “0”), then Cl. 1 closes, and Cl. 2 opens. Input variable A passes to the output without inversion ("0" - no inversion). By changing the value of U, you can get the arguments of the LF in the required form, invertible or not. The LF for controlling inverters is set as follows: the inverter control device has two inputs, to which the logical values “B” and “C” are supplied, then the values of the control signals are formed at the output in the form of the ratio U=C⋅B*. This LF takes a non-zero value only for the set of arguments (B;C)=(0;1). Inverter control devices using U signals can be implemented using “AND” and “NOT” logic elements [11, 12].

Based on the established values of U (the value takes a single value only for a pair of arguments (0;1)), to carry out the inversion operation it is necessary to generate the following set of values: the variable “C” (the value of the conversion function) is equal to “1”, and the argument “B”( input signal) is "0".

Designation introduced: - je components of LF encryption, each of which is equal to the product of bits, some of which can be inverted. These values must be generated schematically; they correspond to the linganum of the record. LF encryption is a set of values which are the sums of the specified LF components for all values j=1, ..., g1 (for example, g1=256).

In the relation U=C⋅B*, we consider that the variable “C” is similar to the values of the LF encryption components and at the same time to the values of the linganum of the record (table Fig. 3), and “B” is the argument of this function (table Fig. 2). Then, to carry out the inversion operation, the control signal U in the form of a logical "+1" will be created when "C" is equal to "+1" and "B" is equal to "0". For all other sets of variables (B;C), “0” will be generated at the output of the control signal generation circuit U. The U signal is determined by the specified rule for each i-th bit of any j-th byte in relation to each function (Fig. 3). Consequently, inverter control signals in general depend on the three indicated indices (i, j, k) and are therefore designated U _{i, j, k} .. That is, the value “C” (LF components and recording linganum values) is the enabling signal for inversion values "B" (LF arguments).

The encryption key converter 20 generates control signals C.^ for the inverters based on the user-selected linganum, which is implemented in the form of signals from the encryption key generator 3, and the encryption LU 19 allows you to obtain the components and build the required encryption LF.

Implementation diagram of the encryption key converter 20. In a possible circuit of the encryption key converter 20 for the formation of U _i,j,k, there is an input for the linganum values L transmitted to the second input of the encoder 4 from the encryption key generator 3, and there is also a byte generator for the coding system. The system bytes are known. For g1=256, by analogy with (5), these bytes are designated The values take the values of decimal integers from 0 to 255, and in the binary system they coincide with the numbers in the rows of the table in Fig. 2 (from set (0,…, 0) to (1,…, 1)). These values play the role of standards. Byte generator The coding system can be implemented on registers with weight taps and adders [7] or in the form of a storage device. This byte generator starts when the supply voltage is connected. Quantities are created by the coding system byte generator and set the values of the byte numbers (standards) used in the preparatory mode to receive inverter installation signals. These installation signals are further used in the encryption LU 19 to form the encryption LF in operating mode.

Circuits for implementing the LF U=С⋅В* and the byte generator of the coding system are included in the encryption key converter 20 and can be built on logical elements “NOT”, “AND” for all bits (i=1, …, 8) j- th byte. Similar circuits are needed for all different values of j=1, ..., g1 in order to create control voltages for all inverters, which makes it possible to obtain the required LF encryption.

For example, L _1,j is sequentially multiplied by the inversions of the values and signals are received If L _8.j is multiplied by as a result, the values are formed and so on for all bytes j=1, ..., gl. For ASCII, the indices of the values U _ijk characterize: i=1, ..., 8 - dependence on the number of bits in the byte; j=1, …, 256 - subordination of the byte number; k=1, …, 8 - connection with the number of LF components encryption. Inverters are numbered with the same indices for their purpose, that is, I _ijk .

Operation of the encryption key converter 20. After connecting the power supply, the encryption key generator 3 and the encoding system byte generator are started. In accordance with these rules, control voltages for the inverters U are created. As a result, the encryption key converter 20 transforms the encryption keys into control voltages for the inverters LU encryption 19.

Encryption LU 19 is designed to perform the operation of encrypting input bytes by renumbering them in accordance with the recording linganum, using inverter control voltages. To implement this task, you can use circuits for implementing LFs similar to expression (16), using logical elements “AND”, “OR”, “NOT” [11, 12].

There are some peculiarities in the structure of the LF expression (16). Previously, arguments were designated and in the given example of expressions for single-index numbering is used X _i , i=1, …, 8. This is due to the fact that each term in the LF corresponds to a certain index value j, that is, the variation of this index is taken into account when constructing the LF, therefore, to simplify the records, single-index numbering was introduced. When constructing the LU encryption scheme 19, this circumstance was taken into account in that the scheme has two parts: one forms the components of the sums of various LFs, and the other combines them, resulting in the required entire function.

Each of the indicated LFs is represented by the sum of products of arguments as in formula (16), some of them are inverted. The number of terms for g1=256 is equal to the number of rows in the tables of Fig. 2, 3. Depending on the type of linganum notation, some of the terms of the indicated sum of products are equal to zero, therefore they are absent in the example of expression (16). In the general case, for each of the eight LF components (a block of eight bits is considered), during their circuit implementation it is required to form all g1 terms (for example, g1=256).

According to the rules [11, p. 31; 12, p. 18] of the formation of any LF, sets of arguments are identified for which the function is equal to one (marked in Fig. 3 with a sign (*)). Inverters are used to invert the null values from this set of arguments. Inverters I _{ij k} are controlled by signals U _ijk generated by encryption key converters 20. In the preparatory mode, control voltages for the operation of the inverters are generated, and in the operating mode, data bytes are supplied to the inputs of the corresponding devices for further encryption, storage and recovery.

That is, encryption LU 19 consists of component shapers each j-th byte (the product of bits, some of which can be inverted) and adders to obtain a set of LF encryption

The circuit composition of one of the possible implementation options for driver components includes inverters I_{ij k}, i=1, …, 8; j=1,…, g1 (for example, g1=256); k=1, …, 8 and multipliers of binary signals (8 input elements “AND”). In write mode, input data values (LF arguments) are supplied to the inputs of the component shapers (X₁. j, X₂._j,…, X_{8, j}). The output contains the values of the LF components for each value j=1, ..., g1, and these components are products of the values of the input data (LF arguments) and some of them are inverted. As a result, terms are formed for the components of each of the LFs, corresponding to all j=1, ..., g1. Next, summation is carried out over all index values].

The implementation circuit of the LF component driver also provides an input for inverter control signals U _{i, j, k} (i is the index for changing the bits of the input bytes; j is the variation index of the input bytes; k is the numbering index of the LF components

For example, for inverters , allowing to receive input bits inverted or not, 1, 2, ..., 8th bits of the j-th byte of input data are supplied , as well as recording control signals As a result of multiplying the signals at the outputs of the inverters, the LF component is obtained . Other inverters are used in the same way, in particular if the inverters 8 Apply recording control signals , then the LF component will be found Such operations are carried out for all index values j=1, ..., g1 (for example, g1=256). Circuits are used for each specified value] separately, which differ in the state of the inverters (different control signals are supplied, depending on the linganum).

There are schemes for summing the terms that make up the components of the LF for various] and schemes for forming a set of LF. Let the example be expression (14) for one of the functions of the set, let's say F° ₈ . Each component summation circuit (“OR” elements) receives signals from the generators of these components for different j. Components related to the same LF, but for different values], are summed up on the “OR” elements, which allows us to obtain the required LF.

The output of the component summation circuit contains the values of the LF encryption set which correspond to the bits of bytes encrypted by renumbering (6). As a result, encoder 4 allows you to implement operations of converting input data into single-operation encrypted bytes, which are stored in memory 1.

The interface device of the encoder 18 is designed to coordinate the encryption LU 19 with the transmission line through which input data is supplied to the UHPDSH or to agree on the form of data presentation or to apply known rules that must be implemented for the functionality of the encryption LU 19.

Coordination in the coupling device of the encoder 18 allows the input data to be transmitted to the encryption LU 19 energy-efficiently and without distortion. The function of coordinating the data form may consist, for example, in converting serial transmission of bytes into a parallel sequence of bytes or in the use of certain protocols and standards for data transmission/reception.

In uncoordinated communication lines, data distortion is possible [13, p. 29-32]. They can be reduced by using a matching device [13, p. 32-40] or data input/output standards [13, p. 43-53], which also applies to the function of the coupling device. It can be implemented on passive or active elements (transistors, microcircuits) or in the form of a universal serial bus USB as in [4]. All options provide the same technical result.

The work of encoder 4 begins with the supply of input data bytes - these are the bits of binary numbers of the j-th row of the table in Fig. 2). The inverters are set by control signals in the preparatory mode, so the required LF encryptions are available. As a result, each of the input symbols (input bytes) is given a new number according to the given encryption LF, which is what needs to be obtained.

The encoder circuits 4 can be implemented on logical elements or in the form of an FPGA [12, 13, p. 494, 534] or a variation thereof or a variant of the FPGA that may be created in the future. All embodiments provide the same technical result.

4.5 Address and mode generator. To control memory 1, an address and mode generator 5 is used. This device is a signal generator for controlling operations of writing/reading encrypted data to or from memory cells 1. One of the possible implementation options for device 5 involves generating the following signals: 1) pulses of the addresses of the rows and columns of each cell - control signals for enumerating the numbers, respectively, of the rows and columns of the ZY matrix, into which Z,-data is entered byte-by-byte for storage in memory 1 and their further reading); 2) signals for setting the mode of writing/reading data to/from memory 1 (this signal is designated It controls the operation of writing encrypted data to memory 1 and reading this data for further transmission to the recovery part of the UHPDSH. 5 address and mode generator is standard. Writing, reading and controlling these modes is carried out using bit buses connected to all SVs. The generation of address and mode signals is possible using known methods and devices [11-13].

Operation of the device 5. Depending on the operating mode of the UHPDSH, the address generator and modes 5 generate pulses for writing, reading, and erasing the bytes of memory 1.

4.6 Trigger pulse generator. This device 6 implements LF type (18). The purpose of the trigger signal generator 6 is to: that the combination of encrypted signals (block elements) is converted into another set of signals required to carry out the operation of generating the necessary BPS code. That is, the principle of operation of the shaper is similar to that used in encoder 4 (one combination of input signals is converted into another set of output values through the use of LF).

The input of the trigger pulse shaper 6 is connected to the output of memory 1. The output of this shaper 6 is a functional group of g=g1 outputs (for example, g1=256). When one of the possible L-data bytes arrives from memory 1, only at one of all these g1 outputs a reaction signal (start pulse) appears, which is transmitted to the corresponding inputs of the first functional group of inputs of the switch block 7.

In the example of formula (18) LF are a product of arguments that are included in this product with or without inversion. Therefore, the circuit of the trigger pulse shaper 6 consists of g1 (for example, g1=256 - according to the number of LFs) eight input (according to the number of bits in the bytes of the input signals of this shaper) multipliers (branches), to which input signals are transmitted directly or after inversion, depending on the value of the LF index. The connection of inverters to multipliers is carried out during manufacture and is unchanged (no control signals are required). The inverter can be built on "NOT" elements. The multiplication results are fed to g1 outputs of the trigger signal shaper 6 and ensure the achievement of the result of the influence of the LF on the output signals of the encoder 4. That is, as a result, each branch of the circuit allows one to obtain one of the LF components formulas (18).

The trigger signal generator 6 can be built, for example, on logical elements “AND”, “OR”, “NOT” [11, 12], can be made in the form of an FPGA [12, 13, p. 494, 534] or a variation thereof or an FPGA variant that may be created in the future. Control signals supplied to the FPGA make it possible to implement the proper LFs and obtain the required output signals. All embodiments provide the same technical result.

4.7 Switch block. This device 7 is designed to redirect signals from the pulse shaper 6 to the inputs of the code generator 10 in accordance with the code encryption keys created by the generator 8.

The switch block 7 contains g1 switches, the input of each of which is connected to one of the corresponding inputs of the specified block. The output of each switch 21, 22, 23 is a functional group of g3 outputs connected to groups of outputs of the switch block 7 and connected in series to all inputs of the code generator 10. Which of the outputs of each of the switches of block 7 is active depends on the control signals received to the second group of inputs of each switch from the switch block 7. The second groups of switch inputs are connected to the second inputs of the switch block 7 (Fig. 1).

Each of the switches of the switch block 7, for example, can consist of a functional group g3 of electronic keys (according to the number of outputs of any switch), the first inputs of which are connected in parallel and constitute the input of the switch. The second (control) functional groups of electronic key inputs are connected to the second inputs of each switch. All g3 outputs of electronic keys of any switch constitute a functional group of its outputs.

In operating mode, depending on the control signals arriving at each switch of the switch block 7, each output signal of the trigger pulse shaper is connected to one of the inputs of the code generator 10. As a result, coded signals are created at the output of the code generator 10, put in one-to-one correspondence with the trigger (clock) pulses of the trigger pulse shaper 6, which, in turn, correspond one-to-one to the encrypted blocks (bytes) of data stored in memory 1. For example, the signal from the first output of the trigger pulse shaper 6 (Fig. 1) can be connected to any but the only input of the code generator 10 in accordance with the code encryption keys. The same applies to signals from other outputs of trigger pulse shaper 6.

Sequence elements determine the operations of re-switching the outputs of the switch block 7 to the inputs of the code generator 10. The switches of the switch block can be made on elements of analog and digital circuitry [11, 14] or on FPGA [12, 13. p. 494, 534] or its variants. All embodiments provide the same technical result.

4.8 Code encryption key generator. The generation of signals corresponding to the elements M of formula (9) is provided by a code encryption key generator 8, which is similar to the previously presented encryption key generator 3. The device can be made on discrete circuitry elements, for example, on shift registers with taps [7], so that Inverters are connected to the corresponding taps, which allows the adder to receive signals from all taps with the required numerical combination of elements (bits), that is, the required bytes of the encryption keys.

A possible embodiment is in the form of a storage device in which all the required signals are recorded and from which they can be retrieved. These signals are the output for the code encryption key generator 8, which can also be made in the form of a programmable logic integrated circuit (FPGA) [12, 13, p. 494, 534] or a variation thereof or an FPGA variant that may be created in the future. Control signals supplied to the FPGA make it possible to implement the proper LFs and obtain the required byte sequences. In any case, the same technical result is ensured.

4.9 Control unit for switches and. This block 9 is designed to create control signals for the operating modes of the switch block 7. The operation of the switch control block itself is determined by the output signals of the code encryption key generator 8. The switch control block 9 consists of g1 control generators 24, 25, 26 (Fig. 1). the inputs of which are connected to the corresponding inputs of the switch control unit, and the outputs of all control generators are connected to the corresponding outputs of the switch control unit 9. Any control generator has g3 outputs.

Control drivers 24, 25, 26 can be made, for example, in the form of logical control devices. Each of these control LUs implements LFs that are similar in appearance and essence to expressions (18) and analyzed in section 1.3. Control LUs perform the same functions as trigger pulse formers 6. As a result, only one of the outputs of the output functional groups of each of the control LUs 24, 25, 26 (Fig. 1) (and all others) generates an output signal, and all others the pins of the specified output functional groups do not have it. This ensures the closure of the electronic keys of the switch block 7 in such a way as to ensure the required one-to-one correspondence between the encrypted blocks (bytes) from the memory 1 and the codes generated by the code generator 10, specified by the code encryption keys.

The purpose and operation of the LU switch control unit 9 is similar to the trigger pulse generator 6 (clause 4.6) and can be built, for example, on logical elements “AND” and “OR”. "NOT" [11. 12], made in the form of FPGA [12, 13. p. 494, 534] or a variation thereof or an FPGA variant that may be created in the future. Control signals supplied to the FPGA allow the proper LF to be implemented. All embodiments provide the same technical result.

4.10 Code generator. This device 10 is designed to generate ensemble codes or signals based on them with the same serial numbers from the form as the corresponding numerical byte values specified by the code encryption keys.

Generator 10 is a set of g3 ensemble code generators that can be built on microcircuits [7, Fig. 3.11, p. 47 example for KB, p. 357] or in the form of devices based on surface acoustic waves (SAW) [14, 16]. The sequence of alternating symbols in codes (1) determines the geometric arrangement of the electrodes of the surfactant converters in the specified devices. SAW devices allow the use of codes and signals based on them with coefficients (+1, -1) (1), which ensures high energy efficiency and microminiaturization of UHPDSH.

For the ensemble code generators there are individual inputs, which are collectively connected to the functional groups of outputs of the switch block 7 (the number of output groups is equal to the number of code generators g3, which ensures a one-to-one correspondence of bytes and codes, for example, g3=259). The outputs of the code generators are connected to g3 - an input adder that combines ensemble codes or signals based on them, then they are transmitted to the output of code generator 10.

In operating mode, at one of the inputs of the code generator 10 generators there is a triggering clock pulse transmitted from one of the outputs of the switch block 7, and at all other inputs there is no such pulse. Therefore, one of the shapers responds with the corresponding code (1), appearing at the output of the adder and the entire code generator 10. As a result, each byte of L-data is assigned one of the g3 required codes of the ensemble or signal based on this code, presented in the form specified by the keys encryption codes. The output codes of generator 10 are transmitted via LAN 2 for further conversion and data recovery operations.

SAW devices allow you to immediately obtain signals based on selected ensemble codes. It is possible to first generate ensemble codes, and then use a modulator to generate signals based on the selected codes at the required carrier frequency suitable for a specific LAN.

The code generator 10 can be made in the form of code generators and signals based on them and in the form of a modulator of carrier oscillations for transmission over a communication channel, and these codes and signals are the modulating signals. This generator can be made in the form of a storage device into which all the required signals of the specified generator can be written and extracted; it can be made in the form of an FPGA [12, 13, p. 494, 534] or a variation or variant thereof that may be created in the future. The output signal is determined by the LF and control signals. All implementation options provide the same technical result.

4.11 Receiving device. The receiving device (RU) 11 is designed for optimal (in the presence of noise) reception of ensemble codes or signals based on them, transmitted via LAN 2. The optimal receiver is a set of SFs or correlators [7, p. 26, 159]. Both options provide the same technical result. An option using SF was considered. Each of them is coordinated with one of the codes or signals generated by the code generator 10.

A possible version of the PU 11 circuit may consist of branches with parallel-connected inputs. Any branch includes the SF for one of the ensemble codes (1, 2, ..., g3, for example g3=259) from the form and the threshold device. SF in branches are numbered in the same way as the codes themselves. The threshold device generates a signal when the output signal of the SF exceeds the set threshold value, which means that a code with a certain number is received at the input of the PU 11 according to the form agreed with the SF of this branch. These code recognition signals and outputs of PU 11 are designated The output of each branch is one of the g3 outputs of PU 11 (in Fig. 1, the outputs are shown for simplicity as a single line), but only one has a signal. For each byte of received data, one of the recognition signals is equal to, for example, "1", and all others are equal to "0".

SF can be implemented on microcircuits [7, p. 48, fig. 3.13, p. 366, fig. 22.5] or on surfactant devices [7, p. 357, fig. 21], [14, 16]. The structure of interdigital SAW SF converters is associated with the alternation of “1” and “-1” in ensemble codes (1).

The input of PU 11 is connected to LAN 2 (Fig. 1), the outputs of PU 11 are connected to the inputs of the first functional group of inputs of the switch block 12. When operating, all parallel branches are supplied with an input signal received from LAN 2 (one of the possible codes (1) from forms or signals based on them). At the output of the SF of the corresponding branch, the ACF signal of the code that was used to transmit the corresponding byte is generated. The ACF consists of two areas of side peaks, between which there is a main peak with a high signal level. At all outputs of other SF there is a CCF signal, which can have several peaks, but the largest of them is always lower than the main ACF peak. It is necessary to use ensembles of codes with a low level of VCF peaks, which improves the quality of distinguishing one code from another, that is, different symbols of the coding system. Next, the threshold device compares the signal received from the SF and the threshold level. If it is exceeded, it generates a recognition pulse at the corresponding output of PU 11, meaning the acceptance of a specific form code (that is, the arrival at the input of a very specific data symbol due to the one-to-one correspondence of codes and bytes). All bytes are also accepted and distinguished.

A differential cascade circuit or a digital comparator can be used as a comparison device [12]. The threshold should be set above the level of the side peaks of the ACF and the highest value W of all VCF codes, but below the level of the main peak of the ACF of all codes in the ensemble. There is a reaction only to the peak of the ACF, without a response to the signals of the VKF, therefore, in the operating mode, PU 11 distinguishes the received codes of the form.

4.12 Switch block. To implement the operation of restoring a one-to-one correspondence between codes (signals based on them) and single-operation encrypted bytes (blocks) of data, there is a switch block 12 that connects the corresponding outputs of the control unit 12 to the required inputs of the data generator 13. These actions are implemented due to the fact that the switch block 12 contains a functional group of k=1,g3 switches (some of them in Fig. 1 are indicated by numbers 27, 28, 29), the inputs of which are connected to the first and second group of inputs of the switch block 12, the outputs of each switch form a functional group g1 of outputs connected with the corresponding outputs of the switch block 12. These switches can be made, for example, in the form of electronic keys [11-14], the first (signal) inputs of which are connected to one of the corresponding inputs of the switch block 12. The second (control) inputs of the electronic keys are connected to one of the second functional groups of inputs of the switch block 12. The outputs of each electronic key are connected to the outputs of the groups of outputs of each switch block 12 (Fig. 1), each group consists of g=g1 outputs.

4.13 Data generator. This device 13 is designed to ensure that the recognition pulses generated in the PU 11 after re-switching in the switch block 12 in accordance with the code decryption keys, it was possible to generate (reproduce) bytes of the type corresponding to single-operation encryption carried out on the storage, transmitting side.

If the encrypted byte on the storage, transmitting side was associated with a certain code for transmission via LAN 2, then the data generator 13, using recognition pulses, restores the encrypted byte on the restoring, receiving side.

The 13 bytes and bits recovered by the data generator are denoted respectively and when working correctly they are equal to the encrypted data , Where in formula (6).

The composition of a possible variant of the circuit may include parallel branches, each of which consists of a byte generator of the selected encoding system. For example, branch is intended to form byte corresponding to the number -1, where (numeric values are presented in binary notation). Each branch is activated only by the recognition signal corresponding to this branch. The outputs of these branches can be connected in parallel, but only one of the branches is active.

The input of the data generator 13 is the separate inputs of all branches, indicated in Fig. 1 for simplicity with a single line. The output of the data generator 13 is connected to the second input of the decryptor 14, to which the recovered data bytes are transferred For simplicity of depicting the circuit in Fig. 1 output of the data generator 13 is depicted as a single line along which all bits are transmitted every jth byte recovered.

The data shaper 13 consists of g1 shapers of various bytes, each of the byte shapers is connected to the corresponding input of the data shaper 13. Each byte shaper is a pulse sequence generator. Sequences consist of logical elements ("1"."0") or ("1", "-1") and form sets of bits of each byte of data recovered after transmission over the communication line, j=1, 2..., (the ratio of the index] and the set of byte bits is presented in the table of Fig. 2). These generators can be made using discrete circuitry elements, for example, shift registers with taps [7]. Inverters are connected to the corresponding taps, which makes it possible to obtain the required combination of signals at the adder of signals from all taps. The data generator 13 may be a read-only memory containing the values of all the bytes.

In operating mode, a code recognition signal is received from the control panel 11 to one of the inputs of the data generator 13, for example h-th It runs the pulse shaper of this branch, which generates one set of bits corresponding to the h-th byte of the recovered data. The bytes follow the same order in which they were written to memory 1. Each of them is supplied to the output of data former 13. The recovered data has the form according to formula (6).

The data generator 13 can be made in the form of a storage device from which the desired signals can be retrieved using the corresponding input control signals. The data generator 13 can be made in the form of an FPGA [12, 13, p. 494, 534] or its variation or variant that may be created in the future. Control signals allow you to implement the necessary LFs and obtain the required bytes. All embodiments provide the same technical result.

Comment. The codes at the output of PU 11 can be re-switched, run the data generator and then decrypted, or at the outputs of PU 11 SF responses to input influences are formed, which are then regenerated into output data using a decryptor. The presented device describes the first case.

4.14 Decryptor. Device 14 is designed to decrypt 2 bytes received via LAN in accordance with the decryption keys (12) according to the rules (15). For this purpose, schemes are used and LFs are formed, similar to those intended for encryption. The indicated circuits can be implemented, for example, on logical elements “AND”, “OR”, “NOT” [11, 12] or on an FPGA. The decryption operation is implemented using the decryption LU 30 of the decryption key converter 31 and the decryptor interface device 32.

The decryption key converter 31 is similar to the encryption key converter 20. The difference between the encryption and decryption keys is due to the differences in the linganums. The values generated by the decryption key generator 15 are obtained as a result of sorting according to the previously stated rules, using the values of the signals of the encryption key generators 3.

Sorting allows you to achieve unification by using the same operations and schemes for decryption and encryption (the differences lie in the inverter control signals). Compiling the LF of byte recovery by decryption is carried out in the same way as when implementing the encryption operation.

The designation V=V _{ij k} is introduced - control signals for the decoder inverters used in the decryption LU 30, where i is the index for bit numbering; j - byte variation index; k is the index of the LF decryption components.

Implementation diagram of the decryption key converter ZEV This circuit for the formation of V=V _{ij k} has an input for the values of the decryption keys transmitted to the first input of the decryptor 14 from the decryption key generator 15. Just like in the encryptor 4, this device uses a byte generator of the encoding system. These pre-known bytes, for example, for g1=256, by analogy with formula (5), are designated The values of these bytes, which act as standards, take on the values of integer decimal numbers from 0 to 255, and in the binary number system they coincide with the numbers in the rows of the table in Fig. 2 (from set (0, …, 0) to (1, … ,1)). Byte generator The coding system can be implemented on registers with weight taps and adders [7] or in the form of a storage device. This byte generator starts when the supply voltage is connected. Sequence elements - these are the reference numerical byte values used in the preparatory mode to obtain signals V _{ij k} for installing inverters, which are used in the operating mode in the decryption LU 28.

Next, on the logical elements “NOT” and “AND”, the LF V=С⋅В* is repeatedly implemented for all bits (i=1, …, 8) of each j-th byte, similar to paragraph 4.4. Similar circuits for different values of j=1, ..., g1 make it possible to obtain the required LFs for the control signals of all inverters of the decryption LU 30.

The decoder interface device 32 is designed to match the resistance of the decryption LU 30 with the transmission line through which output data is supplied from the UHPDSH or to match the form of data presentation. This allows you to transmit data to the output of the UHPDSH energy-efficiently and without distortion. Coordination of the data form may consist, for example, in converting serial transmission of bytes into a parallel sequence of bytes or in the use of known protocols or standards for data transmission/reception.

In uncoordinated communication lines, data distortion is possible [13, p. 29-32]. They can be reduced by using matching devices [13, p. 32-40] or data input/output standards [13, p. 43-53], which is also provided by the interface device 32. It can be made on passive or active elements (transistors, microcircuits) or in the form of a universal serial bus USB as in [4]. For any option, the same technical result is provided.

Operation of the decryption key converter 31. After connecting the power supply, the decryption key generator 15 and the encoding system byte generator are started, as a result, inverter control signals are generated. As a result, the decryption key converter 31 transforms the decryption keys into control signals of the inverters located in the decryption LU 30.

The decryption LU 30 is designed to perform the decryption operation of encrypted bytes received from the memory 1 by renumbering them in accordance with the data recovery linganum, using the inverter control voltages. To implement this task, it is necessary to use circuits that implement LF, previously discussed using the example of expression (16). Circuit design LU decryption 28 can be implemented on logical elements "AND", "OR", "NOT" or on an FPGA.

Inverters by means of which the required LF arguments are inverted according to the rules [11, 12], they are controlled by signals V _{ij k} generated by decryption key converters 31 in the preparatory mode. As a result of the preliminary installation, only the bits necessary for data decryption, coming from the data generator 13, are inverted.

The decryption LU 30 consists of component shapers each j-th byte (this is the product of bits, some of which can be inverted) and adders of the specified components to obtain a set of LF decryption for all values j=1, …, g1 (for example, g1=256).

The essence of LU decryption operations 30. The circuit of one of the possible implementation options for the driver LF components consists of inverters (for example, g1=256); k=1, …, 8 and binary signal multipliers (8 input “AND” elements to obtain the product of eight bit values of each byte, some of which are inverted). In the data recovery mode, the values of the received encrypted data are supplied to the input of the shapers of the LF components, which in this case are the input signals and arguments of the LF. Inverters, as with encryption, have an input for control signals V _{i, j, k} (i is the index for changing the bits of the input bytes; j is the variation index of the input bytes; k is the index of the LF components). As a result, the output of these circuits contains the values of the LF decryption components To obtain a set of decryption LFs, these terms are summed over all possible values of the index j, which is implemented by component adders (OR circuits). Each of these circuits receives signals from the shapers of these components, that is, LF terms for different values of the index j. As a result, components related to the same LF, but for different values of j, are summed at g1 - input elements "OR" (for example, g1=256). After summing the components, a set of decryption LFs is generated which in operating mode correspond to the bits of the bytes recovered as a result of decryption (8).

In operating mode, the inverter control signals V _{ij k} and encrypted data (6) are supplied to the input of the decryption LU 30. In accordance with the LF decryption F', the necessary renumbering operations are implemented, resulting in the restoration of data (8) in its original form (X _out = X _in ).

The decoder circuits 14 can be made on logical elements or in the form of an FPGA [12, 13, p. 494, 534] or on its variety or variant that may be created in the future. All options provide the same technical result.

4.15 Decryption key generator. To generate signals corresponding to the decryption keys in formula (12), a decryption key generator 15 is used. The signals represent a set of g1=g bytes corresponding to the j-th elements in expression (12), for example, in a binary system.

Generator 15 can be made using discrete circuitry elements, for example, shift registers with taps [7]. Inverters are connected to the corresponding taps, which allows the adder to receive signals from all taps corresponding to the required numerical combination of bits (the necessary bytes of the decryption linganum). The generator 15 can be made in the form of a storage device in which all the required signals are recorded and from which they can be retrieved.

The decryption key generator 15 can be made in the form of an FPGA [12, 13, p. 494, 534] or its variation or variant that may be created in the future. Control signals allow you to implement the proper LF and obtain the required sets of bytes. All embodiments provide the same technical result.

4.16 Code decryption key generator. To control the block of switches 12 and influence the control block of switches 17, a code decryption key generator 16 is used. The signals represent a set of g3 bytes, the values of each of which correspond to the j-th element in expression (13), represented in the binary system. This allows, by re-switching the outputs of the control unit 11 to the inputs of the data generator 13, to implement decryption operations (14).

Generator 16 can be made using discrete circuitry elements, for example, shift registers with taps [7]. Inverters are connected to the corresponding taps, which allows the adder to receive signals from all taps corresponding to the required numerical combination of bits. The generator 16 can be made in the form of a storage device in which all the required signals are recorded and from which they can be retrieved, and can also be implemented as an FPGA [12. 13, p. 494, 534] or its variation or variant that may be created in the future. Control signals allow you to implement the proper LF and obtain the required sets of bytes. All embodiments provide the same technical result.

4.17 Switch control unit. To convert the code decryption keys generated by the generator 16 into control signals for the switch block 12, a switch control unit 17 is used. It contains a group of g3 control converters 33, 34. 35, the inputs of which are connected to one of the g3 outputs of the code decryption key generator 16.

This block is similar in functionality to the trigger pulse shaper 6 (clause 4.6) and the switch control unit 9 (clause 4.9).

Each of the control converters 33, 34, 35 is a logical device that converts the code decryption key signals from the input of each of these control converters into a single signal at one of its outputs g1. The control converters are designed to generate the LF according to formula (18), clause 1.3 and, as a result, re-switch the input signals of the control unit 11 to the inputs of the data generator 13 in accordance with the code decryption keys.

Control converters can be built, for example, on logical elements “AND”, “OR”, “NOT” [11, 12], made in the form of FPGA [12, 13, p. 494, 534] or its variation or variant that may be created in the future. FPGA control signals allow you to implement the proper LF and obtain the required output signals. All embodiments provide the same technical result.

5. Operation of the claimed device. Using the example of texts, the operations of recording, storing and restoring data are considered; the linganum option (4) (single-operation encryption) from the table in Fig. is used. 4 for single word text with the word yES. In the complete table of the coding system, the symbol “y” corresponds to the number 121 (in [19] the term code is used) with the order number j=122. Let the specified character be renumbered to number 11, also for other characters: "E" - 69→169; "S" - 83→183. The specified renumbering operations are performed by encoder 4, the received data is stored in memory 1.

To illustrate two-operation encryption, the code encryption keys specified by the sequence (9) are selected, which together with the signal encryption keys of the table in Fig. 4 defines the required encryption keys. More specifically, let (9) be equal to , that is, the bytes of the “yES” characters receive new values 11;169; 183 (indexes in order in the encoding table equal to 12; 170; 184), which, as a result of second-stage encryption, are assigned codes from the form with the same numbers as the new byte values. These operations are carried out by switch unit 7.

The encrypted data is transmitted via LAN 2 to the receiving side, filtered in PU 11, switched to the inputs of the data former 13 via a switch block 12. The decoder 14 reproduces the original signals using the decryptor keys, which correspond to the sequence (13) obtained after sorting:

When restoring data in the decryptor 14, from all possible options for decryption keys, we can use, for example, those in which the values are in ascending order (Fig. 4), that is, without the sorting required for correct encryption. Then, at the output of the switch block 12, the initially encrypted symbols with values 121, 69, 83 will be decrypted in the decoder 14 as characters with values 11, 169, 183 (in numerical order these are symbols 12, 170, 184). It was noted that the number and index in the tables differ by one. As a result, instead of the text yES, the characters will be received Consequently, the use of a false linganum leads to distorted data recovery. If the correct restoration linganum is used, as shown earlier, the data is reproduced without distortion.

The operation of the claimed device begins with the preparatory stage and the user specifying the keys for the encryption key generator 3 (clause 4.3). This allows the encryption key converter 20 to determine the values of the inverter control signals, which are used to set the operating modes of the encryption LU inverters 19 (clause 4.4). In the recording and saving operating mode, data (5) is supplied to the input of encoder 4, which is encrypted according to formulas (7) and written to memory 1 (clause 4.1). Next, encryption of the codes is implemented by establishing a one-to-one correspondence between the bytes recorded in memory 1 and the codes of generator 10 transmitted via LAN 2.

Data recovery also begins with the user specifying decryption keys (12), (13) in generators 15, 16. At the preparatory stage, in the decryption key converter 31 of the decryptor 14 (clause 4.14), the values of the control signals for the decryptor inverters are determined, according to which the operating modes of the inverters are established for each decryption LF. In the switch block 12, signals are also set that allow the required re-switching of the outputs of the control panel 11 to the corresponding inputs of the data generator 13. Next, the address and mode generator 5 generates the signals to start reading data from memory 1 (clause 4.5), the address pulse generator is started, which controls the reading of bytes from the memory (clause 4.1) and the transfer of bytes to LAN 2. After the reading is completed, the process is completed until the next signal U(t) arrives, which is intended to begin the procedure for transmitting and further recovering data at the output of the UHPDSH and can be created in various ways. For example, the desired signal can be triggered manually by the user receiving the output data (by shifting a switch), manually by the UHPDSH administrator, or by using a generator operating in a self-oscillating mode and setting the frequency of data recovery, for example, every minute, hour, day, and so on.

After reading data from memory 1, trigger pulse shaper 6 (clause 4.6) starts code generator 10 (clause 4.10). This makes it possible to generate ensemble codes with such serial numbers from the form that are created by the code encryption key generator 16. Using the signals of this generator, the code numbers from the form are encrypted. In the switch control unit 9, signals are generated to set the switch modes of the switch block 7, as a result of which a one-to-one correspondence is introduced between the bytes read from memory 1 and the codes through which data is transferred via LAN 2 from the storage, transmitting part to the restoring, receiving part. The received codes are sent to PU 11 (clause 4.11), which generates code recognition signals, which are then supplied to one of the corresponding inputs of the data generator 13 (clause 4.13), which reproduces the structure of the bytes received on the transmitting side after two-operation encryption. The bytes recreated in this way are redirected to the input of decoder 14 (clause 4.14). That is, the encrypted data (10) is regenerated in its original form and is output (Fig. 1). which means the data recovery operation is complete.

It is important to note that after generating the necessary control signals, key generators 3, 15 and 16 can be turned off. When the power of the entire UHPDSH is turned off, the inverter installation signals are not saved and without entering the encryption and decryption keys, it is impossible to use the inventive device in operating mode (only the data is saved in non-volatile memory 1), unauthorized access is excluded. You can reset the inverters by setting encryption (decryption) keys that are equal to the same value.

Interface devices 18 and 32 may operate using the USB 2.0 standard or any other faster standard that may be created later.

6. Justification for achieving a technical result. The technical result, which consists in ensuring secure and energy-secret transmission of encrypted data to the user via LAN 2, is ensured by the transmission of ensemble codes at a level below the noise level ( - the ratio of the powers of the broadband network and interference) [7]. The signal-to-noise ratio at the output of the SF or correlator with optimal reception is 2-B times greater than at the input [7, p. 6]. It is necessary to use ensemble codes with a base B"] (codes with B=N=30 are presented), since the larger the base, the greater the excess over noise and the higher the secrecy [7, p. 9]. In case of unauthorized access, it will be necessary to use special methods and devices to resolve the question of whether any signals are being transmitted, or whether there is only noise [7, p. 6]. In addition, the use of a receiving device consisting of a set of SFs for each ensemble code allows for optimal detection and discrimination of signals in the presence of noise [7].

7. Security of the device from unauthorized access.

Unauthorized access can only be carried out by searching through all possible options for converting byte numbers (their number is equal to the factorial and versions of ShPS, determined by the number of combinations , as well as analysis of the results obtained. For example, for each option with g1=256, g3=259 it is necessary to spend a significant amount of time. To establish the presence of informative significance in the received data (to determine whether it makes sense), a high-speed intelligent system is required, which increases the time consumption. Statistical methods for finding decryption keys are not applicable in this case. For any set of decryption keys, the output will be obtained; it is valid only for a single set of decryption keys. The number of options for enumerating encryption keys in two-operation encryption is equal to (g1 is the number of elements in the coding system, g3 is the number of codes from which a choice can be made, this parameter can be equal to thousands, tens of thousands or more [8, 9]). that is, the increase in the number of variations is nonlinearly greater than with any single operation, and the security against unauthorized access is the same number of times higher.

Preventing the possibility of unauthorized access increases the security of data transmission from source to user. Encryption keys must be kept secret, updated frequently, and it is advisable to make the encryption and decryption key generators disconnectable from the power supply.

8. Some options for using the proposed device.

1. Stationary option.

The source of input data can be sensors or databases. The information is accumulated for a certain time, after which it is transmitted via LAN 2 (twisted pair cable or fiber optic cable) to many consumers. The function of secure storage and secret transmission of data across all kinds of physical media is implemented (clause 4.2).

2. Mobile option. After writing data to the UHPDSH, the restoring, receiving side is turned off and moved to another location at the user’s discretion (the power source must be built-in or external). The radio channel is selected as LAN 2. The output of the restoring part (the entire device) is connected to the display device (tablet, terminal). The user can move within the work area and use stored and updated input data. Additional equipment is not considered. The choice of starting the data recovery process is determined by the user (clause 4.5). There are some similarities with Wi-Fi, but it uses effective encryption and ensures secrecy in the presence of noise and interference. Another option is that data is recorded in one place, and transmission via radio channel to the restoring side is carried out in another place.

The contacts of LS 2 can be connected directly (direct connection of the storage and restoration parts). The communication line will be the connecting conductors of the output of the final element of the code generator 10 and the input conductors of the control unit 11.

The claimed device can be used covertly and securely in systems for remote control of objects in various physical environments in the presence of interference. Objects can be, for example, robotic systems, aircraft and swimming vehicles.

Bibliographic list.

1. Patent RU No. 2506633, “Data storage device”; IPC: G06F 12/14, G11C 16/22, G06F 21/60; published 02/10/2014, Bull. No. 4.

2. Patent RU No. 2326500, “Coherent system for transmitting information by chaotic signals”; IPC: H04L 9/00; published 06/10/2008, Bull. No. 16.

3. Romanets Yu.V., Timofeev P.A., Shangin V.F. Protection of information in computer systems and networks. - M.: Radio and communications. 2001. - 376 p.

4. Patent RU No. 2342697, “Portable data storage device with an encryption system”; IPC G06F 12/14; published 12/27/2008, Bulletin. No. 36.

5. Cheprukov Yu.V., Sokolov M.A. Synthesis of phase-shift keyed signals with the required level of ACF side peaks // Radio engineering. 1991. No. 5. pp. 68-70.

6. Cheprukov Yu.V., Sokolov M.A. Binary R2 codes, their characteristics and application // Information and control systems. 2014. No. 1. pp. 76-82.

7. Varakin L.E. Communication systems with noise-like signals. - M.: Radio and communication, 1985. - 384 p.

8. Cheprukov Yu.V. Sokolov M.A. Correlation characteristics and application of some binary R3 codes // Information and control systems. 2014. No. 3. pp. 93-102.

9. Cheprukov Yu.V., Sokolov M.A. Correlation characteristics of some binary R4 codes and ensembles of signals based on them // Information and control systems. 2014. No. 5. pp. 87-96.

10. Cheprukov Yu.V. Synthesis of binary R-codes // Information and control systems. 2015. No. 1.S. 59-67.

11. Boyko V.I. and others. Circuitry of electronic systems. Digital devices. - St. Petersburg: BHV-Petersburg, 2004. - 512 p.

12. Lekhin S.N. Computer circuitry. - St. Petersburg: BHV-Petersburg, 2010. - 672 p.

13. Ugryumov E.P. Digital circuitry. - St. Petersburg: BHV-Petersburg, 2004. - 800 p.

14. Electronics. Encyclopedic Dictionary. Ch. ed. Kolesnikov V.G., - M. Sov. encyclopedia. 1991, - 688 p.

15. Olifer V.G., Olifer N.A. Computer networks. Principles, technologies, protocols. - St. Petersburg: Peter, 2002.-672 p.

16. Bugaev A.S., Dmitriev V.F., Kulakov S.V. Devices based on surface acoustic waves: textbook. allowance / A.S. Bugaev, V.F. Dmitriev, S.V. Kulakov. - St. Petersburg: GUAP, 2009. - 188 p.

17. https://www.hooksite.rU/fulltext/l/001 /008/045/201.htm, 03.28.2021

18. https://www.booksite.rU/fulltext/l/001/008/084/692.htm, 03.28.2021

19. ftp://ftp.vt.tpu.ru/studv/Malchukov/public/PHDL/Proiects/ascii.pdf, November 28, 2020

Claims (49)

1. A device for storing and transmitting data with an encryption system, containing a storage device, a communication line and an encryption key generator, characterized in that encoder, address and mode generator, trigger pulse shaper, switch unit, code encryption key generator, switch control unit, code generator, receiving device, switch unit, data shaper, decryptor, decryption key generator, code decryption key generator, switch control unit, and the first input of the encoder is connected to the input of the entire device, the second input of the encoder is connected to the output of the encryption key generator, the output of the encoder is connected to the first input of the storage device, the second input of the storage device is connected to the output of the address and mode generator, the output of the storage device is connected to the input of the trigger pulse shaper, the outputs of the trigger pulse shaper are connected to the first functional group of inputs of the switch block, the second functional group of inputs of the switch block is connected to the corresponding groups of outputs of the switch control block, the inputs of the switch control block are connected to the outputs of the code encryption key generator, the outputs of the switch block are functional groups connected to corresponding inputs of the code generator, the output of the code generator is connected to the input of the communication line, and the output of the communication line is connected to the input of the receiving device, the outputs of the receiving device are connected to the first functional group of inputs of the switch block, the second groups of inputs of the switch block are connected to the groups of outputs of the switch control block, the inputs the switch control unit is connected to the outputs of the code decryption key generator, the functional groups of the switch block outputs are connected to the corresponding inputs of the data generator, the output of which is connected to the second input of the decryptor, the output of the decryptor is the output of the entire device, the first input of the decryptor is connected to the output of the decryption key generator, while the code generator generates a set of g3 pulse codes or signals based on them, satisfying such conditions that the level of the side peaks of the autocorrelation function of each of them does not exceed a positive number R, where R<u _m is the largest value of the modulus of the autocorrelation functions of these codes or noise-like signals, and the level of side peaks of the cross-correlation function of each code or noise-like signal based on them with all other (g3 -1) generated codes or signals also does not exceed a positive number W, where W<u _m , the encoder generates signals X° _j , where j=l, 2, ...., based on the conditions: where j=l, 2,... - block numbering index; X _{input j} - value of the j-th block of input data; X° _j is the value of the j-th encrypted data block after encryption; L ₁ ; L ₂ ;…L _g1 - sequence of encryption key values; gl is the number of elements in the data coding system, the encryption key generator generates signals corresponding to the elements of the sequence L _j , j=1, 2, ..., gl, each value of which is one of the positive integers from 0 to (gl-1), used in composing this sequence only once, where gl - the number of elements in the coding system, the code encryption key generator generates signals corresponding to the elements of the sequence M _j , j=l,2, ..., gl, each value of which is a positive integer from 0 to (g3-l), used only once, where g3 is the total number of codes in the ensemble or signals based on them, gl≤g3, the decryption key generator generates signals corresponding to the sequence L' _j , j= l, 2, …, gl, where g1 is the number of elements in the data encoding system obtained so that the serial numbers jx of the elements of the encryption key sequence L _j , j=l, 2, ..., gl are reduced by one and swapped with the values of the elements of this sequence, the serial numbers of the new numerical sequence are increased by one and the elements of the resulting sequence with their changed serial numbers are placed in in ascending order of these numbers, the code decryption key generator generates signals corresponding to the elements of the sequence obtained in such a way that the serial numbers jx of the elements of the code encryption key sequence M _j, j=l, 2,...,gl are reduced by one and swapped with the values of the elements of this sequence, the serial numbers of the new numerical sequence are increased by one and the elements of the resulting sequence with their changed serial numbers are placed in ascending order of these numbers, the decoder generates signals X _out j, where j=l,2, ..., based on the conditions: where j=l, 2, …, is the block numbering index; Х° _j is the value of the j-th encrypted data block at the decryptor input; _Xoutj - value of the j-th block of output data; L'₁;L'₂;…;L' _g1 - sequence of decryption key values; gl - number of characters in the coding system. 2. The device according to claim 1, characterized in that the communication line is a set of technical means such as a modulator, transmitter, receiver, demodulator and a physical medium such as gas or liquid or solid or vacuum; the communication line is a wired electrical or radio communication line or an audio acoustic communication line or a light optical communication line; The communication line is made in the form of conductors of circuit elements or a fiber-optic cable or a coaxial cable or a waveguide or an audio cable or a twisted pair or a radio channel for terrestrial or satellite communications. 3. The device according to claim 1, characterized in that the encryption key generator is made on discrete circuitry elements or in the form of a storage device or on programmable logic matrices. 4. The device according to claim 1, characterized in that the encoder contains an encryption key converter, a logical encryption device and an encoder interface device, the input of the encryption key converter is connected to the second input of the encryptor, the output of the encryption key converter is connected to the second input of the logical encryption device, the first input of the logical encryption device is connected to the output of the encoder interface device, the input of the interface device the encoder is connected to the first input of the encoder and the entire device, the output of the logical encryption device is connected to the output of the encoder; the encoder is made on logical elements or programmable logic matrices; The encoder's interface device is made of passive elements or transistors or microcircuits or in the form of a universal USB bus. 5. The device according to claim 1, characterized in that the trigger pulse generator is made on logical elements or programmable logic matrices. 6. The device according to claim 1, characterized in that the switch block contains a functional group of gl switches, the first inputs of which are connected to the corresponding inputs of the first functional group of inputs of the switch block, the second inputs of each switch represent functional groups of g3 inputs and are connected to the corresponding inputs the second functional groups of inputs of the switch block, g3 outputs of each of the switches form functional groups and are connected to the outputs of the switch block, where g1 is the number of symbols in the data encoding system, g3 is the total number of codes in the ensemble, signals based on them; the switch block is made on elements of analog or digital circuitry or programmable logic matrices. 7. The device according to claim 1, characterized in that the code encryption key generator is made on discrete circuitry elements or in the form of a storage device or on programmable logic matrices. 8. The device according to claim 1, characterized in that the switch control unit contains gl control generators, the inputs of which are connected to the corresponding inputs of the switch control unit, and the outputs of each of the control generators form functional groups of g3 outputs connected to the corresponding outputs of the switch control unit ; The switch control unit is made on elements of analog or digital circuitry or on programmable logic matrices. 9. The device according to claim 1, characterized in that the code generator made in the form of devices based on surface acoustic waves or elements of discrete circuitry, or in the form of a storage device or on programmable logic matrices for direct transmission over a communication channel; The ensemble code generator is made in the form of devices for generating codes and signals based on them and in the form of a modulator of carrier oscillations for transmission over a communication channel, and these codes and signals are the modulating signals. 10. The device according to claim 1, characterized in that the receiving device is made in the form of a functional group of matched filters or correlators for each code of the ensemble code generator or each signal based on them. 11. The device according to claim 1, characterized in that the data generator is made on discrete circuitry elements or in the form of a storage device or on programmable logic matrices. 12. The device according to claim 1, characterized in that the decryptor contains a decryptor interface device, a decryption key converter and a logical decryption device, the input of the decryption key converter is the first input of the decryptor, the output of the decryption key converter is connected to the first input of the decryption logical device, the second input of the decryption logical device is the second input of the decryptor, the output of the decryption logical device is connected to the input of the decryptor mating device, the output of which is connected to the output of the decryptor and everything devices; the decryptor is made on logical elements or programmable logic matrices; The interfacing device of the decryptor is made of passive elements or transistors or microcircuits or as a universal USB bus. 13. The device according to claim 1, characterized in that the decryption key generator is made on discrete circuitry elements or in the form of a storage device or on programmable logic matrices. 14. The device according to claim 1, characterized in that the code decryption key generator is made on discrete circuitry elements or in the form of a storage device or on programmable logic matrices. 15. The device according to claim 1, characterized in that the switch block contains a functional group g3 of switches, the first and second inputs of which are connected to the first and second functional group of inputs of the switch block, the outputs of each switch form a functional group gl of outputs connected to the corresponding outputs of the switch block; the switch block is made on elements of analog or digital circuitry or programmable logic matrices. 16. The device according to claim 1, characterized in that the switch control unit contains a functional group g3 of control converters, the inputs of which are connected to the inputs of the switch control unit, the outputs of each control converter constitute a functional group of g1 outputs connected to the outputs of the switch control unit; The switch control unit is made on elements of analog or digital circuitry or on programmable logic matrices.

Images