WO1991012680A1 - Appareil et procede de communication de donnees - Google Patents

Appareil et procede de communication de donnees Download PDF

Info

Publication number
WO1991012680A1
WO1991012680A1 PCT/GB1991/000227 GB9100227W WO9112680A1 WO 1991012680 A1 WO1991012680 A1 WO 1991012680A1 GB 9100227 W GB9100227 W GB 9100227W WO 9112680 A1 WO9112680 A1 WO 9112680A1
Authority
WO
WIPO (PCT)
Prior art keywords
station
key
algorithm
data
unique
Prior art date
Application number
PCT/GB1991/000227
Other languages
English (en)
Inventor
William Mcmullan Hawthorne
Original Assignee
Enfranchise Sixty Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Enfranchise Sixty Limited filed Critical Enfranchise Sixty Limited
Publication of WO1991012680A1 publication Critical patent/WO1991012680A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key

Definitions

  • This invention relates to the communication of data between stations in a network of stations adapted for communication with ⁇ one another.
  • the invention is applicable primarily to digital electronic communication, for example the transmission of messages between facsimile transceivers, the transmission of data between computers, electronic mail, and digital telephony.
  • the data can be any data for example computer data, the content of a message to
  • a further consideration is whether or not enciphering and deciphering are to take place on the fly, i.e the plain message is enciphered at the output of the transmitter and deciphered at the input of the receiver.
  • An alternative is to encipher a message and hold it on file, e.g in a computer memory, prior to transmission.
  • the enciphered message can then be sent by modem or other means without adaptation to the technology of the communication channel between the stations.
  • the received ciphered message can be stored in the receiver's computer memory and deciphered at a later time. It is usually convenient to encipher and decipher on the fly and this is obviously a necessary criterion for digital telephony applications.
  • N x (N-l)/2 i.e 4950 different keys for a network of 100 stations. If different keys are required for a message from A to B and a message from B to A then the number of keys required is N x (N-l ) , i.e 9900 different keys for a network of 100 stations.
  • Another existing proposal in the art is to replace the supposedly secret keys with public keys, and instead to require a prior separate communication from A to B to enable both A and B to generate an agreed secret key specific to the occasion of transmitting a particular enciphered data message.
  • the separate communication poses problems both administratively and as to potential loss of security.
  • An object of the present invention is to provide an apparatus and method which takes into account the desired criteria and which mitigates the described disadvantages.
  • a method of communicating data from a first transmitting station to a selected second receiving station in a network of stations adapted for communication with one another characterised by said method comprising:
  • This method can be used for example for fax transmissions or digital telephony where the routine requirement for confidentiality is relatively low.
  • the invention further provides a method of gaining access to the data transmitted in enciphered form by communication method as disclosed in the immediately preceding paragraph, said method comprising:
  • each station also locally stores a substantially unique membership key, all the membership keys being known to users at all the stations;
  • said transmission initiation request is generated as a combination of the unique station key and the unique membership key of the first station together with the unique station key and the unique membership key of the intended recipient station.
  • a station actually receiving a transmission signal can decipher the transmission to recreate the data only if said receiving station has both the unique station key and the unique membership key identifying the intended recipient station.
  • a common key symmetric ciphering third algorithm is locally stored at each station; a substantially random key is enciphered by used of said working key and said third algorithm; said data to be transmitted is ciphered by use of said random key in said first algorithm; and said ciphered random key is transmitted together with the ciphered data as said transmission signal, whereby to permit local deciphering of the enciphered random key and consequently of the ciphered data substantially only by an intended recipient station.
  • the third algorithm may be identical to the first algorithm.
  • the methods disclosed in the above paragraphs within this section permit the enforcement of successively higher levels of security and can be used for example for transmission of valuable or confidential data between main frame computers.
  • the invention also provides, separately, the transmission and reception methods embodied in the communication methods disclosed above.
  • the invention further provides a communication network for carrying out the communication methods described above as well as, separately, transmission and reception apparatus embodied in the communication network, and transceiver apparatus selectively operable in transmission or reception modes embodied in the communication network.
  • the invention further provides apparatus for use with any such communication apparatus to enable the communication apparatus to carry out the disclosed methods.
  • the invention provides a method, and separately an apparatus, for communicating data substantially as described herein; and in certain embodiments with reference to, and as illustrated in, the accompanying drawings.
  • Figure 1 is a flow chart summarising the operation of the third and fourth embodiments of the present invention in the transmission mode; and Figure 2 is a flow chart summarising operation of the third and fourth embodiments of the present invention in the reception mode.
  • the first embodiment is applicable e.g to fax transmissions, and also to electronic mail and digital telephony, where the routine requirement for confidentiality is relatively low.
  • the ordinary requirement is to ensure that if the destination telephone number for a fax message is incorrectly dialled and the transmission is therefore received at the wrong receiver, the message is unintelligible at that wrong receiver.
  • the first embodiment can solve this problem of protection from dialling errors.
  • Each fax transceiver in the network is provided with a tamper- proof control means such as a sealed box, board or integrated circuit connected to or embedded within the transceiver.
  • the control means is selectively operable in transmission and reception modes and comprises a memory for storing a key and an algorithm, processing means for running the algorithm, means for reading a fax number and means, such as a keypad, allowing entry of a key such as a number or number and letter combination. If this embodiment is utilised by an original equipment manufacturer, the control means can be incorporated into the design of the fax transceiver, in which case the telephone/fax dialling keys can themselves serve the additional function of allowing entry of the key number.
  • the memory in each control means stores a key which is unique to that control means and which is suitably read from the transceiver as its own public telephone/fax number. This unique key is thus a public key and is known to users at all the stations.
  • the memory in e ch control ⁇ oeans also stores a common key symmetric message ciphering first algorithm.
  • a key symmetric algorithm is a cipher which, in response to activation by a key, converts an intelligible stream of letters and numbers, i.e the message, into an unintelligible stream, and which also operates in reverse to convert the unintelligible stream back to the intelligible stream upon activation by an identical key.
  • a user at a first fax transceiver wishes to send a message he dials or keys in the public fax number of the intended recipient to make a line connection.
  • the control means also reads this number and takes the last four digits as a working key.
  • the message is transmitted via the processor in the control means.
  • the processor operates to cipher the data on the fly by use of the working key in the first algorithm.
  • the recipient station can similarly use its control means to decipher the received data on the fly by use of the identical working key in its own stored first algorithm.
  • the recipient's working key is identical because it is the last four digits of the recipient's own public fax number and is available in the control means in reception mode.
  • each station in the network which subscribes to an organised message ciphering facility is preferably also provided with a substantially unique membership key.
  • the key may be valid for an indefinite term or for a fixed period against a charge, and then changed.
  • the working key is then formed as the last four digits of the intended recipient's fax number together with the four digits of the intended recipient's membership key.
  • the keypad allows entry of the intended recipient's membership key into the memory of the control means.
  • the processor operates as before to encipher the data on the fly by use of the 8-digit working key in the first algorithm. Any dialling error will then result in the message being enciphered by use of a working key created from a combination of fax number and membership key number which does not exist and therefore no recipient can decipher the ciphered transmission.
  • the second embodiment is similar in principle to the first embodiment and is applicable to digital telephony.
  • Each telephone handset is provided with a similar control means to the first embodiment except that, for telephony, the control means is adapted to operate simultaneously in send and receive modes and is adapted to switch from an inactive to an active state upon reception of data to be received and data to be transmitted.
  • the control means is preferably embodied in an integrated circuit contained within the telephone handset, and the telephone keypad then also serves to enter the keys required to initiate enciphering of a telephone conversation.
  • the working key is formed as a combination of the call originator's unique public key (e.g the last portion of his telephone number) and bis unique membership key together with the unique key and the unique membership key of the intended recipient.
  • the unique keys and the unique membership keys are all known to all subscribers to the telephone ciphering facility, and it will be appreciated that each unique key is associated with a specific unique membership key.
  • the working key may then be used as described above in the stored first algorithm to encipher the call originator's conversation, or other data he may wish to transmit over the telephone channel, on the fly.
  • the correct intended recipient station can likewise decipher the transmitted enciphered conversation on the fly and can respond.
  • the third embodiment is applicable e.g to digital telephony electronic mail or data transmission between computers, for example, where a higher level of security is required.
  • the working key is not simply a combination of the keys as described above, but is an enciphered version thereof.
  • Each control means of each telephone or station in the network is further provided with a locally stored common ciphering second algorithm.
  • the call originator When a conversation, or other data transmission (see Figure 1), is required the call originator generates a transmission initiation request comprising a combination of the unique keys which identify respectively the call originator's telephone and the intended recipient's telephone and preferably also together with unique membership keys of the call originator and of the intended recipient.
  • the transmission initiation request is then enciphered by use of the second algorithm whereby the enciphered request constitutes the working key.
  • the working key is then used in the first algorithm to encipher the data on the fly as before.
  • the further key can be regarded as an addition to the membership key.
  • the further key would be for example a number known only to a selected group of persons from among those who might be users of the receiving fax or telephone apparatus.
  • the receiving station (see Figure 2) would then only operate to decipher the incoming enciphered message if a person from the selected group had previously attended and keyed in the further key.
  • the further key must have been agreed between transmitter and receiver in a previous communication of any kind. In the case of a fax message the received enciphered message can be held in computer memory in ciphered form until the authorised person with the further agreed key is available.
  • the fourth embodiment is applicable to communication between main frame digital computers, for example, where a very high level of security is required.
  • a working key is formed as described in relation to the third embodiment.
  • a random number generator is operated to provide a random number.
  • the random number is then itself enciphered by using the working key in a third algorithm to produce a ciphered random key.
  • the third algorithm is a common key symmetric algorithm and is locally stored at each station.
  • the . third algorithm may be the same as the first algorithm.
  • the data to be transmitted is then enciphered by use of the random key in the first algorithm and the ciphered random key is itself transmitted together with the transmitted ciphered data (see Figure 1).
  • the intended recipient station locally generates its own working key and deciphers the transmitted ciphered random key by use of the working key in the locally stored third algorithm.
  • the random key is then available for use in deciphering the transmitted ciphered data (see Figure 2).
  • the data to be transmitted is enciphered by use of a key in the first algorithm.
  • the key is of sufficient length as to be capable of producing a large number of variants, preferably greater than 1 x lO 1 ⁇ .
  • the working key is, in the .higher security embodiments, produced by enciphering a combination of inputted keys by means of a second algorithm.
  • the second algorithm is preferably a fixed key transformation algorithm, the fixed key being chosen from a very large number of possible variants, preferably greater than 1 x 10 3 ".
  • the second algorithm is not a key symmetric algorithm since reversibility is not required.
  • Each station has the available information to produce the necessary working key when required and when called by a station desiring to transmit data thereto.
  • the second algorithm thus requires a one-way transformation only and can accordingly be selected by those skilled in the art to be sufficiently difficult as to make it seriously uneconomic or unrealistically time-consuming to attempt to decipher the captured data.

Abstract

On décrit un procédé de communication de données depuis une première station d'émission vers une deuxième station de réception sélectionnée dans un réseau de stations adaptées à réaliser des communications mutuelles. Le procédé comprend: le stockage local d'une clé sensiblement unique à chaque station, toutes les clés étant connues aux utilisateurs à toutes les stations; le stockage local d'un premier algorithme à clé symétrique commune pour coder les messages, à chaque station; génération à la première station d'une clé de travail comme représentation de la clé unique qui identifie la station réceptrice prévue; codage des données à transmettre par l'utilisation de ladite clé de travail dans ledit premier algorithme; et transmission desdites données codées, pour permettre le décodage desdites données codées par la deuxième station choisie. On décrit également un appareil et un réseau pour la mise en oeuvre dudit procédé.
PCT/GB1991/000227 1990-02-14 1991-02-14 Appareil et procede de communication de donnees WO1991012680A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB9003326A GB9003326D0 (en) 1990-02-14 1990-02-14 Apparatus and method for data communication
GB9003326.7 1990-02-14

Publications (1)

Publication Number Publication Date
WO1991012680A1 true WO1991012680A1 (fr) 1991-08-22

Family

ID=10670967

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1991/000227 WO1991012680A1 (fr) 1990-02-14 1991-02-14 Appareil et procede de communication de donnees

Country Status (3)

Country Link
AU (1) AU7238991A (fr)
GB (2) GB9003326D0 (fr)
WO (1) WO1991012680A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0576224A2 (fr) * 1992-06-22 1993-12-29 NCR International, Inc. Dispositif et procédé d'administration de clés cryptographiques
WO1995008232A1 (fr) * 1993-09-14 1995-03-23 Chantilley Corporation Limited Dispositif de repartition de cle dans un systeme de chiffrement
US6636833B1 (en) 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US7433845B1 (en) 1999-04-13 2008-10-07 Orbis Patents Limited Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions
US10592901B2 (en) 2001-06-04 2020-03-17 Orbis Patents, Ltd. Business-to-business commerce using financial transaction numbers

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ332952A (en) * 1996-05-24 2000-04-28 Christopher John Stanford System with and method of cryptographically protecting communications
GB9624127D0 (en) * 1996-11-20 1997-01-08 British Telecomm Transaction system
WO1999037052A1 (fr) * 1998-01-19 1999-07-22 Terence Edward Sumner Procede et appareil d'envoi d'un message prive a des membres selectionnes

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0123360A1 (fr) * 1983-04-26 1984-10-31 Koninklijke Philips Electronics N.V. Procédé de distribution et d'utilisation de clés de chiffrage
EP0127381A1 (fr) * 1983-05-27 1984-12-05 M/A-Com Government Systems, Inc. Système de cryptage et de distribution d'un signal de cryptage pour cryptage commandé et décryptage sélectif à distance de signaux de télévision
EP0287720A1 (fr) * 1987-04-22 1988-10-26 International Business Machines Corporation Administration de clés cryptographiques
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system
US4887296A (en) * 1984-10-26 1989-12-12 Ricoh Co., Ltd. Cryptographic system for direct broadcast satellite system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0123360A1 (fr) * 1983-04-26 1984-10-31 Koninklijke Philips Electronics N.V. Procédé de distribution et d'utilisation de clés de chiffrage
EP0127381A1 (fr) * 1983-05-27 1984-12-05 M/A-Com Government Systems, Inc. Système de cryptage et de distribution d'un signal de cryptage pour cryptage commandé et décryptage sélectif à distance de signaux de télévision
US4887296A (en) * 1984-10-26 1989-12-12 Ricoh Co., Ltd. Cryptographic system for direct broadcast satellite system
EP0287720A1 (fr) * 1987-04-22 1988-10-26 International Business Machines Corporation Administration de clés cryptographiques
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Informationstechnik It, vol. 28, no. 3, 1986, Oldenbourg Verlag, DE, H. Sedlak "Ein Public-Key-Code Kryptogra- phie-Prozessor", pa *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0576224A2 (fr) * 1992-06-22 1993-12-29 NCR International, Inc. Dispositif et procédé d'administration de clés cryptographiques
EP0576224A3 (fr) * 1992-06-22 1994-10-12 Ncr Int Inc Dispositif et procédé d'administration de clés cryptographiques.
WO1995008232A1 (fr) * 1993-09-14 1995-03-23 Chantilley Corporation Limited Dispositif de repartition de cle dans un systeme de chiffrement
GB2296639A (en) * 1993-09-14 1996-07-03 Chantilley Corp Ltd Apparatus for key distribution in an encryption system
GB2296639B (en) * 1993-09-14 1998-01-21 Chantilley Corp Ltd Apparatus for key distribution in an encryption system
US5768381A (en) * 1993-09-14 1998-06-16 Chantilley Corporation Limited Apparatus for key distribution in an encryption system
US6636833B1 (en) 1998-03-25 2003-10-21 Obis Patents Ltd. Credit card system and method
US7571142B1 (en) 1998-03-25 2009-08-04 Orbis Patents Limited Credit card system and method
US8676707B2 (en) 1998-03-25 2014-03-18 Orbis Patents Ltd. Credit cards system and method having additional features
US8756150B2 (en) 1998-03-25 2014-06-17 Orbis Patents Limited Credit card system and method
US9881298B2 (en) 1998-03-25 2018-01-30 Orbis Patents Limited Credit card system and method
US9898730B2 (en) 1998-03-25 2018-02-20 Orbit Patents Limited Credit card system and method
US7433845B1 (en) 1999-04-13 2008-10-07 Orbis Patents Limited Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions
US7895122B2 (en) 1999-04-13 2011-02-22 Orbis Patents Limited Person-to-person, person-to business and business-to-business financial transaction system
US10592901B2 (en) 2001-06-04 2020-03-17 Orbis Patents, Ltd. Business-to-business commerce using financial transaction numbers

Also Published As

Publication number Publication date
GB9103139D0 (en) 1991-04-03
GB2241414A (en) 1991-08-28
GB9003326D0 (en) 1990-04-11
AU7238991A (en) 1991-09-03

Similar Documents

Publication Publication Date Title
US6266418B1 (en) Encryption and authentication methods and apparatus for securing telephone communications
US5475757A (en) Secure data transmission method
Jerichow et al. Real-time mixes: A bandwidth-efficient anonymity protocol
US4797672A (en) Voice network security system
US5450493A (en) Secure communication method and apparatus
US5392355A (en) Secure communication system
JPH05227152A (ja) 機密通信リンクを確立する方法および装置
US7284123B2 (en) Secure communication system and method for integrated mobile communication terminals comprising a short-distance communication module
RU2495532C2 (ru) Способ и устройство для осуществления связи со сквозным шифрованием
JPH07245605A (ja) 暗号化情報中継装置とそれに接続される加入者端末装置ならびに暗号通信方法
EP0925664A2 (fr) Transmission de donnees par telecommunications securisees
WO1991012680A1 (fr) Appareil et procede de communication de donnees
EP0018129B1 (fr) Procédé pour assurer les données sur une voie de transmission
CN111541603B (zh) 独立智能安全邮件终端及加密方法
KR100287674B1 (ko) 통신방법
JP2753564B2 (ja) 暗号鍵管理方法
WO1998027517A1 (fr) Procede et systeme servant a chiffrer des codes
JPH07303104A (ja) 暗号機能付き蓄積形通信システム
JPH05122217A (ja) 秘話通信方法
JP2541307B2 (ja) 暗号鍵通信方法及びその装置
JP2005051368A (ja) 通信装置、基地局装置及び通信システム
JPH08223152A (ja) 暗号化方法および暗号情報変換装置
JPH05244153A (ja) ディジタル通信装置
JPH09181716A (ja) 無線ネットワークにおける秘密鍵生成方法及び無線端末
JPH10336338A (ja) アナログ電話回線を使用したデジタル暗号通話システム

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AT AU BB BG BR CA CH DE DK ES FI GB HU JP KP KR LK LU MC MG MW NL NO PL RO SD SE SU US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE BF BJ CF CG CH CM DE DK ES FR GA GB GR IT LU ML MR NL SE SN TD TG

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: CA