WO1991012680A1 - Appareil et procede de communication de donnees - Google Patents
Appareil et procede de communication de donnees Download PDFInfo
- Publication number
- WO1991012680A1 WO1991012680A1 PCT/GB1991/000227 GB9100227W WO9112680A1 WO 1991012680 A1 WO1991012680 A1 WO 1991012680A1 GB 9100227 W GB9100227 W GB 9100227W WO 9112680 A1 WO9112680 A1 WO 9112680A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- station
- key
- algorithm
- data
- unique
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
Definitions
- This invention relates to the communication of data between stations in a network of stations adapted for communication with ⁇ one another.
- the invention is applicable primarily to digital electronic communication, for example the transmission of messages between facsimile transceivers, the transmission of data between computers, electronic mail, and digital telephony.
- the data can be any data for example computer data, the content of a message to
- a further consideration is whether or not enciphering and deciphering are to take place on the fly, i.e the plain message is enciphered at the output of the transmitter and deciphered at the input of the receiver.
- An alternative is to encipher a message and hold it on file, e.g in a computer memory, prior to transmission.
- the enciphered message can then be sent by modem or other means without adaptation to the technology of the communication channel between the stations.
- the received ciphered message can be stored in the receiver's computer memory and deciphered at a later time. It is usually convenient to encipher and decipher on the fly and this is obviously a necessary criterion for digital telephony applications.
- N x (N-l)/2 i.e 4950 different keys for a network of 100 stations. If different keys are required for a message from A to B and a message from B to A then the number of keys required is N x (N-l ) , i.e 9900 different keys for a network of 100 stations.
- Another existing proposal in the art is to replace the supposedly secret keys with public keys, and instead to require a prior separate communication from A to B to enable both A and B to generate an agreed secret key specific to the occasion of transmitting a particular enciphered data message.
- the separate communication poses problems both administratively and as to potential loss of security.
- An object of the present invention is to provide an apparatus and method which takes into account the desired criteria and which mitigates the described disadvantages.
- a method of communicating data from a first transmitting station to a selected second receiving station in a network of stations adapted for communication with one another characterised by said method comprising:
- This method can be used for example for fax transmissions or digital telephony where the routine requirement for confidentiality is relatively low.
- the invention further provides a method of gaining access to the data transmitted in enciphered form by communication method as disclosed in the immediately preceding paragraph, said method comprising:
- each station also locally stores a substantially unique membership key, all the membership keys being known to users at all the stations;
- said transmission initiation request is generated as a combination of the unique station key and the unique membership key of the first station together with the unique station key and the unique membership key of the intended recipient station.
- a station actually receiving a transmission signal can decipher the transmission to recreate the data only if said receiving station has both the unique station key and the unique membership key identifying the intended recipient station.
- a common key symmetric ciphering third algorithm is locally stored at each station; a substantially random key is enciphered by used of said working key and said third algorithm; said data to be transmitted is ciphered by use of said random key in said first algorithm; and said ciphered random key is transmitted together with the ciphered data as said transmission signal, whereby to permit local deciphering of the enciphered random key and consequently of the ciphered data substantially only by an intended recipient station.
- the third algorithm may be identical to the first algorithm.
- the methods disclosed in the above paragraphs within this section permit the enforcement of successively higher levels of security and can be used for example for transmission of valuable or confidential data between main frame computers.
- the invention also provides, separately, the transmission and reception methods embodied in the communication methods disclosed above.
- the invention further provides a communication network for carrying out the communication methods described above as well as, separately, transmission and reception apparatus embodied in the communication network, and transceiver apparatus selectively operable in transmission or reception modes embodied in the communication network.
- the invention further provides apparatus for use with any such communication apparatus to enable the communication apparatus to carry out the disclosed methods.
- the invention provides a method, and separately an apparatus, for communicating data substantially as described herein; and in certain embodiments with reference to, and as illustrated in, the accompanying drawings.
- Figure 1 is a flow chart summarising the operation of the third and fourth embodiments of the present invention in the transmission mode; and Figure 2 is a flow chart summarising operation of the third and fourth embodiments of the present invention in the reception mode.
- the first embodiment is applicable e.g to fax transmissions, and also to electronic mail and digital telephony, where the routine requirement for confidentiality is relatively low.
- the ordinary requirement is to ensure that if the destination telephone number for a fax message is incorrectly dialled and the transmission is therefore received at the wrong receiver, the message is unintelligible at that wrong receiver.
- the first embodiment can solve this problem of protection from dialling errors.
- Each fax transceiver in the network is provided with a tamper- proof control means such as a sealed box, board or integrated circuit connected to or embedded within the transceiver.
- the control means is selectively operable in transmission and reception modes and comprises a memory for storing a key and an algorithm, processing means for running the algorithm, means for reading a fax number and means, such as a keypad, allowing entry of a key such as a number or number and letter combination. If this embodiment is utilised by an original equipment manufacturer, the control means can be incorporated into the design of the fax transceiver, in which case the telephone/fax dialling keys can themselves serve the additional function of allowing entry of the key number.
- the memory in each control means stores a key which is unique to that control means and which is suitably read from the transceiver as its own public telephone/fax number. This unique key is thus a public key and is known to users at all the stations.
- the memory in e ch control ⁇ oeans also stores a common key symmetric message ciphering first algorithm.
- a key symmetric algorithm is a cipher which, in response to activation by a key, converts an intelligible stream of letters and numbers, i.e the message, into an unintelligible stream, and which also operates in reverse to convert the unintelligible stream back to the intelligible stream upon activation by an identical key.
- a user at a first fax transceiver wishes to send a message he dials or keys in the public fax number of the intended recipient to make a line connection.
- the control means also reads this number and takes the last four digits as a working key.
- the message is transmitted via the processor in the control means.
- the processor operates to cipher the data on the fly by use of the working key in the first algorithm.
- the recipient station can similarly use its control means to decipher the received data on the fly by use of the identical working key in its own stored first algorithm.
- the recipient's working key is identical because it is the last four digits of the recipient's own public fax number and is available in the control means in reception mode.
- each station in the network which subscribes to an organised message ciphering facility is preferably also provided with a substantially unique membership key.
- the key may be valid for an indefinite term or for a fixed period against a charge, and then changed.
- the working key is then formed as the last four digits of the intended recipient's fax number together with the four digits of the intended recipient's membership key.
- the keypad allows entry of the intended recipient's membership key into the memory of the control means.
- the processor operates as before to encipher the data on the fly by use of the 8-digit working key in the first algorithm. Any dialling error will then result in the message being enciphered by use of a working key created from a combination of fax number and membership key number which does not exist and therefore no recipient can decipher the ciphered transmission.
- the second embodiment is similar in principle to the first embodiment and is applicable to digital telephony.
- Each telephone handset is provided with a similar control means to the first embodiment except that, for telephony, the control means is adapted to operate simultaneously in send and receive modes and is adapted to switch from an inactive to an active state upon reception of data to be received and data to be transmitted.
- the control means is preferably embodied in an integrated circuit contained within the telephone handset, and the telephone keypad then also serves to enter the keys required to initiate enciphering of a telephone conversation.
- the working key is formed as a combination of the call originator's unique public key (e.g the last portion of his telephone number) and bis unique membership key together with the unique key and the unique membership key of the intended recipient.
- the unique keys and the unique membership keys are all known to all subscribers to the telephone ciphering facility, and it will be appreciated that each unique key is associated with a specific unique membership key.
- the working key may then be used as described above in the stored first algorithm to encipher the call originator's conversation, or other data he may wish to transmit over the telephone channel, on the fly.
- the correct intended recipient station can likewise decipher the transmitted enciphered conversation on the fly and can respond.
- the third embodiment is applicable e.g to digital telephony electronic mail or data transmission between computers, for example, where a higher level of security is required.
- the working key is not simply a combination of the keys as described above, but is an enciphered version thereof.
- Each control means of each telephone or station in the network is further provided with a locally stored common ciphering second algorithm.
- the call originator When a conversation, or other data transmission (see Figure 1), is required the call originator generates a transmission initiation request comprising a combination of the unique keys which identify respectively the call originator's telephone and the intended recipient's telephone and preferably also together with unique membership keys of the call originator and of the intended recipient.
- the transmission initiation request is then enciphered by use of the second algorithm whereby the enciphered request constitutes the working key.
- the working key is then used in the first algorithm to encipher the data on the fly as before.
- the further key can be regarded as an addition to the membership key.
- the further key would be for example a number known only to a selected group of persons from among those who might be users of the receiving fax or telephone apparatus.
- the receiving station (see Figure 2) would then only operate to decipher the incoming enciphered message if a person from the selected group had previously attended and keyed in the further key.
- the further key must have been agreed between transmitter and receiver in a previous communication of any kind. In the case of a fax message the received enciphered message can be held in computer memory in ciphered form until the authorised person with the further agreed key is available.
- the fourth embodiment is applicable to communication between main frame digital computers, for example, where a very high level of security is required.
- a working key is formed as described in relation to the third embodiment.
- a random number generator is operated to provide a random number.
- the random number is then itself enciphered by using the working key in a third algorithm to produce a ciphered random key.
- the third algorithm is a common key symmetric algorithm and is locally stored at each station.
- the . third algorithm may be the same as the first algorithm.
- the data to be transmitted is then enciphered by use of the random key in the first algorithm and the ciphered random key is itself transmitted together with the transmitted ciphered data (see Figure 1).
- the intended recipient station locally generates its own working key and deciphers the transmitted ciphered random key by use of the working key in the locally stored third algorithm.
- the random key is then available for use in deciphering the transmitted ciphered data (see Figure 2).
- the data to be transmitted is enciphered by use of a key in the first algorithm.
- the key is of sufficient length as to be capable of producing a large number of variants, preferably greater than 1 x lO 1 ⁇ .
- the working key is, in the .higher security embodiments, produced by enciphering a combination of inputted keys by means of a second algorithm.
- the second algorithm is preferably a fixed key transformation algorithm, the fixed key being chosen from a very large number of possible variants, preferably greater than 1 x 10 3 ".
- the second algorithm is not a key symmetric algorithm since reversibility is not required.
- Each station has the available information to produce the necessary working key when required and when called by a station desiring to transmit data thereto.
- the second algorithm thus requires a one-way transformation only and can accordingly be selected by those skilled in the art to be sufficiently difficult as to make it seriously uneconomic or unrealistically time-consuming to attempt to decipher the captured data.
Abstract
On décrit un procédé de communication de données depuis une première station d'émission vers une deuxième station de réception sélectionnée dans un réseau de stations adaptées à réaliser des communications mutuelles. Le procédé comprend: le stockage local d'une clé sensiblement unique à chaque station, toutes les clés étant connues aux utilisateurs à toutes les stations; le stockage local d'un premier algorithme à clé symétrique commune pour coder les messages, à chaque station; génération à la première station d'une clé de travail comme représentation de la clé unique qui identifie la station réceptrice prévue; codage des données à transmettre par l'utilisation de ladite clé de travail dans ledit premier algorithme; et transmission desdites données codées, pour permettre le décodage desdites données codées par la deuxième station choisie. On décrit également un appareil et un réseau pour la mise en oeuvre dudit procédé.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB9003326A GB9003326D0 (en) | 1990-02-14 | 1990-02-14 | Apparatus and method for data communication |
GB9003326.7 | 1990-02-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1991012680A1 true WO1991012680A1 (fr) | 1991-08-22 |
Family
ID=10670967
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1991/000227 WO1991012680A1 (fr) | 1990-02-14 | 1991-02-14 | Appareil et procede de communication de donnees |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU7238991A (fr) |
GB (2) | GB9003326D0 (fr) |
WO (1) | WO1991012680A1 (fr) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0576224A2 (fr) * | 1992-06-22 | 1993-12-29 | NCR International, Inc. | Dispositif et procédé d'administration de clés cryptographiques |
WO1995008232A1 (fr) * | 1993-09-14 | 1995-03-23 | Chantilley Corporation Limited | Dispositif de repartition de cle dans un systeme de chiffrement |
US6636833B1 (en) | 1998-03-25 | 2003-10-21 | Obis Patents Ltd. | Credit card system and method |
US7433845B1 (en) | 1999-04-13 | 2008-10-07 | Orbis Patents Limited | Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions |
US10592901B2 (en) | 2001-06-04 | 2020-03-17 | Orbis Patents, Ltd. | Business-to-business commerce using financial transaction numbers |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NZ332952A (en) * | 1996-05-24 | 2000-04-28 | Christopher John Stanford | System with and method of cryptographically protecting communications |
GB9624127D0 (en) * | 1996-11-20 | 1997-01-08 | British Telecomm | Transaction system |
WO1999037052A1 (fr) * | 1998-01-19 | 1999-07-22 | Terence Edward Sumner | Procede et appareil d'envoi d'un message prive a des membres selectionnes |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0123360A1 (fr) * | 1983-04-26 | 1984-10-31 | Koninklijke Philips Electronics N.V. | Procédé de distribution et d'utilisation de clés de chiffrage |
EP0127381A1 (fr) * | 1983-05-27 | 1984-12-05 | M/A-Com Government Systems, Inc. | Système de cryptage et de distribution d'un signal de cryptage pour cryptage commandé et décryptage sélectif à distance de signaux de télévision |
EP0287720A1 (fr) * | 1987-04-22 | 1988-10-26 | International Business Machines Corporation | Administration de clés cryptographiques |
US4853962A (en) * | 1987-12-07 | 1989-08-01 | Universal Computer Consulting, Inc. | Encryption system |
US4887296A (en) * | 1984-10-26 | 1989-12-12 | Ricoh Co., Ltd. | Cryptographic system for direct broadcast satellite system |
-
1990
- 1990-02-14 GB GB9003326A patent/GB9003326D0/en active Pending
-
1991
- 1991-02-14 GB GB9103139A patent/GB2241414A/en not_active Withdrawn
- 1991-02-14 AU AU72389/91A patent/AU7238991A/en not_active Abandoned
- 1991-02-14 WO PCT/GB1991/000227 patent/WO1991012680A1/fr unknown
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0123360A1 (fr) * | 1983-04-26 | 1984-10-31 | Koninklijke Philips Electronics N.V. | Procédé de distribution et d'utilisation de clés de chiffrage |
EP0127381A1 (fr) * | 1983-05-27 | 1984-12-05 | M/A-Com Government Systems, Inc. | Système de cryptage et de distribution d'un signal de cryptage pour cryptage commandé et décryptage sélectif à distance de signaux de télévision |
US4887296A (en) * | 1984-10-26 | 1989-12-12 | Ricoh Co., Ltd. | Cryptographic system for direct broadcast satellite system |
EP0287720A1 (fr) * | 1987-04-22 | 1988-10-26 | International Business Machines Corporation | Administration de clés cryptographiques |
US4853962A (en) * | 1987-12-07 | 1989-08-01 | Universal Computer Consulting, Inc. | Encryption system |
Non-Patent Citations (1)
Title |
---|
Informationstechnik It, vol. 28, no. 3, 1986, Oldenbourg Verlag, DE, H. Sedlak "Ein Public-Key-Code Kryptogra- phie-Prozessor", pa * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0576224A2 (fr) * | 1992-06-22 | 1993-12-29 | NCR International, Inc. | Dispositif et procédé d'administration de clés cryptographiques |
EP0576224A3 (fr) * | 1992-06-22 | 1994-10-12 | Ncr Int Inc | Dispositif et procédé d'administration de clés cryptographiques. |
WO1995008232A1 (fr) * | 1993-09-14 | 1995-03-23 | Chantilley Corporation Limited | Dispositif de repartition de cle dans un systeme de chiffrement |
GB2296639A (en) * | 1993-09-14 | 1996-07-03 | Chantilley Corp Ltd | Apparatus for key distribution in an encryption system |
GB2296639B (en) * | 1993-09-14 | 1998-01-21 | Chantilley Corp Ltd | Apparatus for key distribution in an encryption system |
US5768381A (en) * | 1993-09-14 | 1998-06-16 | Chantilley Corporation Limited | Apparatus for key distribution in an encryption system |
US6636833B1 (en) | 1998-03-25 | 2003-10-21 | Obis Patents Ltd. | Credit card system and method |
US7571142B1 (en) | 1998-03-25 | 2009-08-04 | Orbis Patents Limited | Credit card system and method |
US8676707B2 (en) | 1998-03-25 | 2014-03-18 | Orbis Patents Ltd. | Credit cards system and method having additional features |
US8756150B2 (en) | 1998-03-25 | 2014-06-17 | Orbis Patents Limited | Credit card system and method |
US9881298B2 (en) | 1998-03-25 | 2018-01-30 | Orbis Patents Limited | Credit card system and method |
US9898730B2 (en) | 1998-03-25 | 2018-02-20 | Orbit Patents Limited | Credit card system and method |
US7433845B1 (en) | 1999-04-13 | 2008-10-07 | Orbis Patents Limited | Data structure, method and system for generating person-to-person, person-to-business, business-to-person, and business-to-business financial transactions |
US7895122B2 (en) | 1999-04-13 | 2011-02-22 | Orbis Patents Limited | Person-to-person, person-to business and business-to-business financial transaction system |
US10592901B2 (en) | 2001-06-04 | 2020-03-17 | Orbis Patents, Ltd. | Business-to-business commerce using financial transaction numbers |
Also Published As
Publication number | Publication date |
---|---|
GB9103139D0 (en) | 1991-04-03 |
GB2241414A (en) | 1991-08-28 |
GB9003326D0 (en) | 1990-04-11 |
AU7238991A (en) | 1991-09-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6266418B1 (en) | Encryption and authentication methods and apparatus for securing telephone communications | |
US5475757A (en) | Secure data transmission method | |
Jerichow et al. | Real-time mixes: A bandwidth-efficient anonymity protocol | |
US4797672A (en) | Voice network security system | |
US5450493A (en) | Secure communication method and apparatus | |
US5392355A (en) | Secure communication system | |
JPH05227152A (ja) | 機密通信リンクを確立する方法および装置 | |
US7284123B2 (en) | Secure communication system and method for integrated mobile communication terminals comprising a short-distance communication module | |
RU2495532C2 (ru) | Способ и устройство для осуществления связи со сквозным шифрованием | |
JPH07245605A (ja) | 暗号化情報中継装置とそれに接続される加入者端末装置ならびに暗号通信方法 | |
EP0925664A2 (fr) | Transmission de donnees par telecommunications securisees | |
WO1991012680A1 (fr) | Appareil et procede de communication de donnees | |
EP0018129B1 (fr) | Procédé pour assurer les données sur une voie de transmission | |
CN111541603B (zh) | 独立智能安全邮件终端及加密方法 | |
KR100287674B1 (ko) | 통신방법 | |
JP2753564B2 (ja) | 暗号鍵管理方法 | |
WO1998027517A1 (fr) | Procede et systeme servant a chiffrer des codes | |
JPH07303104A (ja) | 暗号機能付き蓄積形通信システム | |
JPH05122217A (ja) | 秘話通信方法 | |
JP2541307B2 (ja) | 暗号鍵通信方法及びその装置 | |
JP2005051368A (ja) | 通信装置、基地局装置及び通信システム | |
JPH08223152A (ja) | 暗号化方法および暗号情報変換装置 | |
JPH05244153A (ja) | ディジタル通信装置 | |
JPH09181716A (ja) | 無線ネットワークにおける秘密鍵生成方法及び無線端末 | |
JPH10336338A (ja) | アナログ電話回線を使用したデジタル暗号通話システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AT AU BB BG BR CA CH DE DK ES FI GB HU JP KP KR LK LU MC MG MW NL NO PL RO SD SE SU US |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE BF BJ CF CG CH CM DE DK ES FR GA GB GR IT LU ML MR NL SE SN TD TG |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |