WO2004100494A1 - System and method for cipher communication - Google Patents

System and method for cipher communication Download PDF

Info

Publication number
WO2004100494A1
WO2004100494A1 PCT/IB2004/001407 IB2004001407W WO2004100494A1 WO 2004100494 A1 WO2004100494 A1 WO 2004100494A1 IB 2004001407 W IB2004001407 W IB 2004001407W WO 2004100494 A1 WO2004100494 A1 WO 2004100494A1
Authority
WO
WIPO (PCT)
Prior art keywords
cryptographic
communication
telecommunication
communication device
data
Prior art date
Application number
PCT/IB2004/001407
Other languages
French (fr)
Other versions
WO2004100494B1 (en
Inventor
Guido Cometto
Original Assignee
Casper Technology S.R.L.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Casper Technology S.R.L. filed Critical Casper Technology S.R.L.
Publication of WO2004100494A1 publication Critical patent/WO2004100494A1/en
Publication of WO2004100494B1 publication Critical patent/WO2004100494B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the present invention relates to a system and method for encrypted communication of voice and/or data and/or fax and/or video, in particular between at least two cryptographic devices each connected to a respective telecommunication apparatus .
  • Today it is widely desired for secure information transfer to be possible not only between fixed telephone apparatuses, but also through cellular telephones and mobile computing and communication devices, whose widespread adoption and whose consequent extensive use expose users to sever problems linked with the possibility of being subjected to eavesdropping.
  • the GSM standard uses an encryption algorithm (A5) that currently no longer appears to provide adequate security guarantees. Due to digital modulation, it is not possible to listen to the conversation through a normal scanner.
  • the only possibility is to receive the bursts (data packets transmitted over the radio channel) and subsequently to analyse them and decode them.
  • Various working groups are studying the algorithm A5 which is used to encrypt the data transmitted via radio. Additionally, use to this algorithm can be disabled by domestic or foreign telephone operators, making the radio communications easy to intercept. Additionally, the cellular telephony system does not perform an end-to-end communication encryption, but only from a telephone apparatus to a radio base station, transmitting the communication in the clear through the fixed line which could be subject to violations.
  • Bluetooth Bluetooth
  • Bluetooth devices in the "Pairing" phase are particularly vulnerable from the authentication point of view.
  • the protections that certain profiles defined in the Bluetooth standard should adopt may not have been implemented by some manufacturer, for example disabling communication ciphering at the link layer (from Bluetooth device to telephone) .
  • Ciphering fixed telephony systems have limits linked to the limited flexibility of fixed telephone apparatuses.
  • Some solutions, to enhance the operating flexibility of fixed telephony systems (voice and fax) are integrated with ciphering cellular telephones (GSM, ETACS) , that are able to communicate with fixed devices, achieving a fixed and mobile private network.
  • GSM ciphering cellular telephones
  • the most important limit linked to the widespread adoption of these technologies is the high purchase price of the apparatuses.
  • systems based on GSM ciphering limit users in the selection of the telephone apparatus today there are only very few models, derived from series-produced models which are often obsolete) .
  • the high costs of development and production of these solutions do not allow to make immediately available to users the more innovative models of cellular telephones.
  • the solution with ciphering device incorporated in the GSM telephone apparatus makes it traceable because it is linked, as are all telephones with this standards, with a serial number (IMEI) that identifies each apparatus accessing the operator's network.
  • IMEI serial number
  • the cryptographic device is, for example, constructed in the form of a shell or battery cover and is connected to the telephone by means of an infrared port or data cable. While this solution is very secure in cryptographic terms (thanks to the high processing capacity of an external device) , is exposed to the risks of interception deriving from the necessary closeness of the cryptographic device to the cellular telephone whereto it is connected.
  • the present invention starting from the notion of said drawbacks, aims to remedy it.
  • one object of the present invention is to provide a system and method for the encrypted communication of voice and/or data and/or fax and/or video, as specified in the preamble of the description, which allow to make fully independent the evolution of the technology of the ciphering means from that of telecommunication apparatuses (telephones), which are subject to rapid obsolescence.
  • Another object of the invention is to provide a system and method for the encrypted communication of voice and/or data and/or fax and/or video, in which the means for communication security through telecommunication apparatuses (in particular, cellular telephones) and mobile device for calculation and communication do not depend on the production decisions of the manufacturers of said apparatuses and devices .
  • Another object of the invention is to provide a system and method as indicated, that allow physically to separate from each other, at a safe distance, the ciphering means and the related telecommunication apparatuses, to protect the user against the possibility of tampering with said apparatuses.
  • Yet another object of the invention is to provide a system and method as indicated, that to improve the quality of the ciphering means, to personalise the ciphering algorithm and also to act on the data, on fax and/or video images, as well as on voice calls.
  • a further object of the present invention is to provide a system and method as specified, which are structurally and functionally simple and economical, whilst maintaining very high levels of protection.
  • the present invention provides a system for the ciphered communication of voice and/or data and/or fax and/or video, as specified in the preamble to the description, whose essential characteristic is set out in claim 1.
  • the invention further provides a method for the ciphered communication of voice and/or data and/or fax and/or video, as specified in the preamble to the description, whose essential characteristic is set out in claim 24.
  • This solution enables not only always to position at a safe distance the ciphering means and the related telecommunication apparatuses, but it also causes the evolution of the technology of the ciphering means no longer to be dependent on the evolution of telephones, which are subject to rapid obsolescence and to the industrial decisions of their manufacturers . This also allows to improve quality, to obtain structural and functional simplifications and to reduce the costs of cryptographic devices .
  • connection technology used between cryptographic devices and respective telecommunication apparatuses and the Bluetooth standard using, for example, mobile communication devices, incorporating said cryptographic devices .
  • Use of the Bluetooth technology allows to obtain a solution for ciphering communications (voice and/or data and/or fax and/or video) end- to-end.
  • the selection of a mobile communication device allows the utmost operating flexibility, with the freedom to choose the telephone apparatus (GSM, GPRS, UMTS, POTS, ISDN, satellite) to be used with the sole constraint of Bluetooth compatibility.
  • Example of mobile communication devices usable for the purposes of the invention are the palm-top computer version or the Bluetooth headset.
  • the cryptographic device consists of ciphering equipment that, using the GSM data channel, ciphers the data stream bit by bit using public an proprietary algorithms .
  • the GSM telephone is used as a modem, which through the Bluetooth connection is connected to the mobile communication device (e.g., palm-top computer, portable computer, Bluetooth headset) incorporating the cryptographic device.
  • the software that ciphers the communication flow also manages one or more cryptographic keys which are used to communicate with the different groups of users.
  • the reception of a call can also be handled without using the telephone.
  • the cryptographic device performs the negotiation (with asymmetric key) of the session key (with symmetric key) to cipher the communication, in a manner that is transparent to the user.
  • the method for the ciphered communication of data and voice between at least two cryptographic devices, connected with respective telecommunication apparatuses connected in a common telephone network e.g. GSM /GPRS / UMTS / POTS / ISDN / satellite
  • a common telephone network e.g. GSM /GPRS / UMTS / POTS / ISDN / satellite
  • at least a first user who wishes to send a protected communication, operates with a first communication device incorporating a respective cryptographic device and which is physically separate and connected, through wired or wireless local connection means, with a respective telecommunication apparatus, in turn connected in said telephone network, so that said first communication device uses said respective telecommunication apparatus to effect transmissions on voice and/or data and/or fax and/or video line
  • at least another user who wishes to receive and decipher the communication sent by the first user, operates with at least another telecommunication apparatus connected to said telephone network and connected, through wired or wireless connection means, with a respective second communication device incorporating
  • Each mobile communication device is programmed or pre-configured with at least one of the following functions: audio acquisition, data acquisition, fax acquisition, video acquisition, audio reproduction, data display, image display, video display, management of cryptographic keys, ciphering functions, authentication functions, in order to incorporate a cryptographic device.
  • each cryptographic device is initialised with at least one cryptographic key and carries out the following operations : ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video, manages the corresponding cryptographic keys associating them to the appropriate group or user, sends the ciphered traffic to said telecommunication apparatuses, and receives the ciphered traffic from said telecommunication apparatuses, whilst said telecommunication apparatuses mutually transfer audio and/or data and/or fax and/or video traffic and communicate locally, each with the respective communication device incorporating the related cryptographic device.
  • the method according to the invention comprises the steps consisting of: a) initialising the cryptographic means or devices, inserting at least one cryptographic key, b) associating at least one recipient user with at least one corresponding cryptographic key, c) negotiating at least one session key for the communication to be activated, and d) ciphered communication between two or more users provided with said communication devices incorporating respective cryptographic devices through respective telecommunication apparatuses .
  • - fig. 1 is a general diagram showing the general configuration of the system for the ciphered communication of data, voice, fax, video in a first example of embodiment of the invention
  • Figures 2 through 9 are diagrams illustrating additional examples of embodiment of the system according to the present invention
  • - fig. 10 is a block diagram illustrating the flow of the audio data during a protected telephone conversation on a common telephone network, according to the system of the invention
  • fig. 11 is a block diagram illustrating the ciphering algorithm used in the system according to the invention.
  • the system for ciphered communication according to the invention is globally designated with the number 10.
  • a communication device 11 incorporating a cryptographic device and which is physically separated at a safe distance (against communication interception) and connected, through wired or wireless local communication means (e.g., Bluetooth or infrared) 12, with a telecommunication apparatus 13, in turn connected, in known fashion, in a telephone network, e.g. fixed network or GSM,
  • a telephone network e.g. fixed network or GSM
  • the communication device 11 uses the telecommunication apparatus 13 as modem to perform transmissions on voice and/or data and/or fax and/or video line.
  • the system 10 comprises a telecommunication apparatus 15 connected, in known fashion, the telephone network 14 and connected, through wired or wireless local communication means 16, with a communication device 17 incorporating a cryptographic device and physically separate relative to the telecommunication apparatus
  • the communication device 17 which is used by the communication device 17 as a modem for the reception of transmissions on voice and/or data and/or fax and/or video line.
  • each mobile communication device 11, 17 incorporates a cryptographic device programmed or configured with at least one of the following functions: audio acquisition, data acquisition, fax image acquisition, video acquisition, audio reproduction, data display, fax image display, video display, management of cryptographic keys, ciphering functions, authentication functions.
  • each cryptographic device is initialised with at least one cryptographic key and carries out the following operations : ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video, manages the corresponding cryptographic keys associating them to the appropriate group or user, sends the ciphered traffic to said telecommunication apparatuses, and receives the ciphered traffic from said telecommunication apparatuses.
  • Said telecommunication apparatuses 13, 15 mutually transfer audio, data, fax, video traffic and locally communicate, each with the respective communication devices 11, 17 incorporating the related cryptographic device.
  • Said telecommunication apparatuses 13, 15 are both cellular telephones, both suitably adapted fixed network telephones, or a cellular telephone and an adapted fixed network telephone. It should also be noted that said communication devices incorporating respective cryptographic devices communicate with said telecommunication apparatuses through local wireless connection:
  • the ciphered traffic comprises a voice and/or data and/or fax and/or video telephone communication;
  • the ciphered traffic comprises messages which can be transmitted over the cellular telephone network, in particular said messages are SMS (Short Message Service) , or said messages are MMS (Multimedia Messaging Service) , videos, electronic mail messages;
  • said communication devices incorporating respective cryptographic devices are provided with a display interface for entering said messages.
  • FIG. 2 but illustrates a second example of embodiment of the system according to the invention, here globally designated by the number 20.
  • Said system 20 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 21, in which is incorporated a cryptographic device.
  • the incorporation of the cryptographic device in the Bluetooth headset 21 is achieved, in known and not illustrated fashion, by modifying the firmware or modifying the hardware of the headset to cipher the communications and to manage the cryptographic keys.
  • Said headset 21 is connected to a cellular telephone 23 (GSM, GPRS, UMTS, POTS, ISDN, satellite) through Bluetooth connecting means 22 and uses the telephone as a modem to activate protected data communications through a telephone network (GSM, GPRS, UMTS, satellite) 24.
  • the scheme is specular and comprises, at the other side available to another user who desires to be able to receive and decipher the protected communication, a cellular telephone 25 connected with respect to the telephone network 24 and connected, through Bluetooth connection means 26, to a Bluetooth headset 27 provided with cryptographic device (end-to-end) .
  • Fig. 3 illustrates a third example of embodiment of the system according to the invention, here globally designated by the number 30.
  • Said system 30 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth palm-top computer 31, incorporating a cryptographic device obtained, in known fashion not illustrated herein, by modifying the hardware and/or installing appropriate software realised to cipher communications and manage the cryptographic keys.
  • the palm-top computer 31 is connected, through Bluetooth connection means 32 (or via wire or through a wireless connection) , with a cellular telephone 33 (connected with respect to a (GSM/UMTS/GPRS/satellite telephone network 34) .
  • the palm-top computer 31 uses the cellular telephone 33 as a modem to perform protected transmissions on the data line.
  • the conversation is carried out using the speaker and the microphone of the palm-top 31 or by means of a wired headset 31.1 or else through a Bluetooth headset (not modified) .
  • the system 30 is mirror-like and it provides for another user to have available a cellular telephone 35 connected with respect to the telephone network 34 and with a ciphering palm-top computer 37, of the same type as the palm-top computer 31, and connected with respect to said cellular telephone 35 by means of Bluetooth connection means 36.
  • the reference number 37.1 designates a headset.
  • Fig. 4 illustrates a fourth example of embodiment of the system of the invention, in two different variants, according to Figures 4.1 and 4.2 respectively..
  • the according to the invention is designated herein by the reference 4.10 and it comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 4.11, in which is incorporated a cryptographic device (as in the Bluetooth headset 21 of Fig. 2) .
  • Said headset 4.11 is connected to a cellular telephone 4.13 (GSM/UMTS/GPRS/satellite) through Bluetooth connection means 4.12 and uses the telephone itself as a modem to activate protected transmissions of data and/or voice and/or fax and/or video through a GSM /GPRS/ UMTS / POTS / ISDN / satellite telephone network 4.14.
  • a fixed telephone 4.15 which is modified by incorporating a cryptographic device therein (or is connected to a ciphering device) , in order to synchronise with the mobile telephones, manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission.
  • Said fixed telephone 4.15 is connected, through Bluetooth connection means 4.16, with respect to a Bluetooth headset, an audio-receiving headset or a wire handset 4.17. If the cryptographic device is not incorporated in the fixed telephone 4.15, then it is incorporated in the Bluetooth headset, or in the audio-receiving headset or in the wire handset 4.17.
  • the according to the invention is designated herein by the reference 4.20 and it comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth palm-top computer 4.21, incorporating a cryptographic device as in the palm-top computer 31 of Fig. 3.
  • the palm-top computer 4.21 is connected, through Bluetooth connection means 4.22, with a cellular telephone 4.23 (connected with respect to a (GSM/GPRS/UMTS/POTS/ISDN/satellite telephone network 4.24) .
  • the palm-top computer 4.21 uses the cellular telephone 4.23 as a modem to perform protected transmissions on the data and/or voice and/or fax and/or video line.
  • the conversation is carried out using the speaker and the microphone of the palm-top 4.21 or by means of a wired headset 4.21.1 or else through a Bluetooth headset (not modified) .
  • a fixed telephone 4.25 which is modified by incorporating a cryptographic device therein (or is connected to a ciphering device) , in order to synchronise with the mobile telephones, manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission.
  • Said fixed telephone 4.25 is connected via wire 4.26 to a headset or a wire handset 4.27. If the cryptographic device is not incorporated in the fixed telephone 4.25, then it is incorporated in the headset or in the wire handset 4.27.
  • Fig. 5 illustrates a fifth example of embodiment of the system according to the invention, here designated by the number 50.
  • Said system 50 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 51, in which is incorporated a cryptographic device (as in the headset 21 of Fig. 2) .
  • the headset 51 is connected to a cellular telephone 53 (GSM/GPRS/UMTS) through Bluetooth connection means 52 and uses the telephone itself as a modem to activate protected transmissions of data and/or voice and/or fax and/or video through a GSM (or GPRS) or UMTS network 54.
  • GSM Global System for Mobile communications
  • UMTS Universal Mobile communications
  • a cellular telephone 55 connected both with respect to the telephone network 54 and with respect to a ciphering palm-top computer 57, of the same type as the palm-top computer 31, and connected with respect to said cellular telephone 55 by Bluetooth connection means 56.
  • a wire headset 57.1 is also connected to said palm-top computer 57.
  • Fig. 6 illustrates a sixth example of embodiment of the system according to the invention, here designated by the number 60.
  • Said system 60 comprises, at one side and available to a first user who desires to send a protected communication, an integrated palm-top computer 61, incorporating a cryptographic device obtained, in known fashion not illustrated herein, by modifying the hardware and/or installing appropriate software realised to cipher communications and manage the cryptographic keys .
  • Said integrated palm-top computer 61 includes within it an incorporated cellular telephone and communicates therewith through a direct wired connection, whilst said cellular telephone is connected with respect to a GSM/UMTS/ GPRS/ satellite telephone network 64.
  • the integrated palm-top computer 61 uses the incorporated cellular telephone as a modem to perform protected transmissions on the voice and/or on the data line.
  • the conversation is carried out using the speaker and the microphone of the palm-top 61 or by means of a wired headset or else through a Bluetooth headset (not modified) .
  • the system 60 is mirror-like and it provides for another user to have available another integrated palm-top computer 62 of the same type as the palm-top computer 61 and connected with respect to the telephone network 64.
  • Fig. 7 illustrates a seventh example of embodiment of the system according to the invention, here designated by the number 70.
  • a first user who wants to send a protected communication uses an integrated palm-top computer 71 of the same kind as the palm-top computer 61 according to the sixth embodiment and which is connected with respect to a GSM/UMTS/GPRS/satellite telephone network 74.
  • another user is connected to the same network by means of a Smartphone 75 with pocket PC operating system and connected, through Bluetooth connecting means 76, to a Bluetooth headset 77 provided with incorporated cryptographic device.
  • Fig. 8 illustrates an eighth example of embodiment of the system according to the invention, here designated by the number 80.
  • Said system 80 comprises, at one side and available to a first user who desires to send a protected communication, a Smartphone 81 with pocket PC operating system, in which is incorporated a cryptographic device obtained in known fashion and not illustrated herein.
  • Said Smartphone 81 is connected with respect to a GSM/GPRS/UMTS/POTS/ISDN/satellite telephone network 84 (the conversation is achieved, for example, using the speaker and the microphone of the Smartphone 81) .
  • a fixed telephone 85 which is connected by means of a wire 86 to a headset or to a wire handset 87.
  • Said headset or handset 87 is modified, . in known fashion, by incorporating a cryptographic device, in order to manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission.
  • Fig. 9 illustrates a ninth example of embodiment of the system according to the invention, here designated by the number 90.
  • a first user who wants to send a protected communication uses a Smartphone 91 of the same kind as the palm- Smartphone 81 according to the eighth embodiment and which is connected with respect to a GSM/UMTS/GPRS/satellite telephone network 94.
  • a fixed telephone 95 which is connected, Bluetooth connecting means 96, with respect to a Bluetooth headset 97, or to an audio-receiving headset or to a wire headset.
  • Said headset 97, or said headset or handset are modified, in known fashion, incorporating therein a cryptographic device, in order to manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission.
  • Fig. 10 shows the flow of audio data during a protected telephone conversation on a common telephone network, according to the system of the invention, between a first apparatus A, including a communication device, which incorporates a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus connected in said network, and a second apparatus B, including a communication device, incorporating a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus, in turn connected in said network.
  • a first apparatus A including a communication device, which incorporates a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus connected in said network
  • a second apparatus B including a communication device, incorporating a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus, in turn connected in said network.
  • the audio recorded by the microphone of the apparatus A is immediately subdivided into small blocks (of about 1-2 tenths each, depending on the set parameter values) . Each of these blocks is then drawn by an appropriate thread, which processes it (compresses it, ciphers, etc.) and lastly sends it over the GSM data line.
  • the other apparatus B receives the data from the modem of the telecommunication apparatus and immediately subdivides them into the compressed elementary audio blocks of the Audio codec in use; it then processes them to reconstruct audio blocks to be sent to the audio board for reproduction.
  • each apparatus manages both the audio captured by the microphone (to be sent) and the audio received by the GSM channel (to be reproduced) .
  • the overall flow is, obviously, two-directional.
  • Fig. 11 schematically shows the ciphering algorithm used in the system according to the present invention.
  • Said ciphering mechanism is composed by the union of two codes, a public one AES and a proprietary one, which use the hash of the key K reprocessed and subdivided (in similar fashion to the HMAC) into Kl and K2.
  • a public one AES and a proprietary one
  • Kl and K2 the hash of the key K reprocessed and subdivided (in similar fashion to the HMAC) into Kl and K2.
  • the IV2 vector is the same for all telephone calls and can vary only in reference to the context in which the application is used.
  • Fig. 11 refers to a single direction of the telephone conversation, so an IV1 is used to initialise both the proprietary and the public algorithm.
  • a logic XOR operation is then carried out on the KeyStreams KS1, KS2 produced by the two algorithms, and the result is in turn placed in XOR with the audio bit stream in the clear, thereby producing the ciphered audio bit stream.
  • Deciphering takes place in complementary fashion, exploiting the property of the XOR: the ciphered stream is placed in XOR with the result of the XOR between the two algorithms, the proprietary one and the public one, obtaining the bit stream in the clear again.

Abstract

In the system according to the invention, a first user who wishes to send a protected communication has available a first communication device (11) incorporating a respective cryptographic device and wich is physically separated and connected, through wired or wireless local communication means (12), relative to a respective telecommunication apparatus (13), in turn connected in a telephone network (14), whislt another user, who desires to receive and decipher the communication sent by the first user, has available another telecommunication apparatus (15) connected to said telephone network and connected, through wired or wireless local connection means (16), with a respective second communication device (17), incorporating a cryptographic device and physically separate with respect to said other telecommunication apparatus.

Description

SYSTEM AND METHOD FOR CIPHER COMMUNICATION
The present invention relates to a system and method for encrypted communication of voice and/or data and/or fax and/or video, in particular between at least two cryptographic devices each connected to a respective telecommunication apparatus . Today, it is widely desired for secure information transfer to be possible not only between fixed telephone apparatuses, but also through cellular telephones and mobile computing and communication devices, whose widespread adoption and whose consequent extensive use expose users to sever problems linked with the possibility of being subjected to eavesdropping. The GSM standard uses an encryption algorithm (A5) that currently no longer appears to provide adequate security guarantees. Due to digital modulation, it is not possible to listen to the conversation through a normal scanner. The only possibility is to receive the bursts (data packets transmitted over the radio channel) and subsequently to analyse them and decode them. Various working groups are studying the algorithm A5 which is used to encrypt the data transmitted via radio. Additionally, use to this algorithm can be disabled by domestic or foreign telephone operators, making the radio communications easy to intercept. Additionally, the cellular telephony system does not perform an end-to-end communication encryption, but only from a telephone apparatus to a radio base station, transmitting the communication in the clear through the fixed line which could be subject to violations. The most recent technology developments have allowed the widespread adoption of so-called "Bluetooth" devices (ear sets, palmtop computers, telephones) , which can represent an additional element of vulnerability. This is because Bluetooth devices in the "Pairing" phase are particularly vulnerable from the authentication point of view. Moreover, the protections that certain profiles defined in the Bluetooth standard should adopt may not have been implemented by some manufacturer, for example disabling communication ciphering at the link layer (from Bluetooth device to telephone) .
To the aforesaid risk are more exposed the managers of the large companies that are subjected to industrial espionage activities. Sensitivity to this problem has significantly increased. However, use of cellular telephones continues to expose users to risks of eavesdropping, though they have other alternatives as communication instruments (ciphered electronic mail, or private networks) . Known devices for secure communication between cellular telephones or on fixed lines (ISDN, PSTN) are based on ciphering devices incorporated in telephone apparatuses . Ciphering systems for fixed lines (voice or fax) are an excellent solution for the protection of privacy or of classified information. The security level is very high due to the ciphering algorithms used (which are mostly proprietary) . Ciphering fixed telephony systems have limits linked to the limited flexibility of fixed telephone apparatuses. Some solutions, to enhance the operating flexibility of fixed telephony systems (voice and fax) , are integrated with ciphering cellular telephones (GSM, ETACS) , that are able to communicate with fixed devices, achieving a fixed and mobile private network. The most important limit linked to the widespread adoption of these technologies is the high purchase price of the apparatuses. Moreover, systems based on GSM ciphering limit users in the selection of the telephone apparatus (today there are only very few models, derived from series-produced models which are often obsolete) . The high costs of development and production of these solutions do not allow to make immediately available to users the more innovative models of cellular telephones.
The solution with ciphering device incorporated in the GSM telephone apparatus makes it traceable because it is linked, as are all telephones with this standards, with a serial number (IMEI) that identifies each apparatus accessing the operator's network.
A known approach of some interest, in terms of cost efficiency and flexibility, is the one in which the cryptographic device is physically coupled outside the cellular telephone. In this case, the cryptographic device is, for example, constructed in the form of a shell or battery cover and is connected to the telephone by means of an infrared port or data cable. While this solution is very secure in cryptographic terms (thanks to the high processing capacity of an external device) , is exposed to the risks of interception deriving from the necessary closeness of the cryptographic device to the cellular telephone whereto it is connected.
The present invention, starting from the notion of said drawbacks, aims to remedy it.
Therefore, one object of the present invention is to provide a system and method for the encrypted communication of voice and/or data and/or fax and/or video, as specified in the preamble of the description, which allow to make fully independent the evolution of the technology of the ciphering means from that of telecommunication apparatuses (telephones), which are subject to rapid obsolescence. Another object of the invention is to provide a system and method for the encrypted communication of voice and/or data and/or fax and/or video, in which the means for communication security through telecommunication apparatuses (in particular, cellular telephones) and mobile device for calculation and communication do not depend on the production decisions of the manufacturers of said apparatuses and devices .
Another object of the invention is to provide a system and method as indicated, that allow physically to separate from each other, at a safe distance, the ciphering means and the related telecommunication apparatuses, to protect the user against the possibility of tampering with said apparatuses.
Yet another object of the invention is to provide a system and method as indicated, that to improve the quality of the ciphering means, to personalise the ciphering algorithm and also to act on the data, on fax and/or video images, as well as on voice calls. A further object of the present invention is to provide a system and method as specified, which are structurally and functionally simple and economical, whilst maintaining very high levels of protection. In view of said objects, the present invention provides a system for the ciphered communication of voice and/or data and/or fax and/or video, as specified in the preamble to the description, whose essential characteristic is set out in claim 1. The invention further provides a method for the ciphered communication of voice and/or data and/or fax and/or video, as specified in the preamble to the description, whose essential characteristic is set out in claim 24.
Further advantageous characteristics are set out in the dependent claims . The aforesaid claims are understood to be reported herein.
The solution idea, as claimed in the appended claims, allows effectively to achieve the objects set out above. It essentially consists of providing a system for the ciphered communication of voice and/or data and/or fax and/or video, as specified in claim 1, wherein the cryptographic devices are physically independent and separate from the corresponding telecommunication apparatuses .
This solution enables not only always to position at a safe distance the ciphering means and the related telecommunication apparatuses, but it also causes the evolution of the technology of the ciphering means no longer to be dependent on the evolution of telephones, which are subject to rapid obsolescence and to the industrial decisions of their manufacturers . This also allows to improve quality, to obtain structural and functional simplifications and to reduce the costs of cryptographic devices .
According to an advantageous embodiment of the invention, the connection technology used between cryptographic devices and respective telecommunication apparatuses and the Bluetooth standard using, for example, mobile communication devices, incorporating said cryptographic devices . Use of the Bluetooth technology allows to obtain a solution for ciphering communications (voice and/or data and/or fax and/or video) end- to-end. The selection of a mobile communication device allows the utmost operating flexibility, with the freedom to choose the telephone apparatus (GSM, GPRS, UMTS, POTS, ISDN, satellite) to be used with the sole constraint of Bluetooth compatibility. Example of mobile communication devices usable for the purposes of the invention are the palm-top computer version or the Bluetooth headset. In particular, in this example of embodiment of the system of the invention, the cryptographic device consists of ciphering equipment that, using the GSM data channel, ciphers the data stream bit by bit using public an proprietary algorithms . The GSM telephone is used as a modem, which through the Bluetooth connection is connected to the mobile communication device (e.g., palm-top computer, portable computer, Bluetooth headset) incorporating the cryptographic device. The software that ciphers the communication flow also manages one or more cryptographic keys which are used to communicate with the different groups of users. These characteristics (for the palmtop computer and for the portable computer) allow to dial the number (also from the list of telephone numbers stored in the cellular telephone) , independently of the telephone apparatus which can remain far from the user (in any case within 10 metres or 100 metres, depending on the Bluetooth version in use) .
The reception of a call can also be handled without using the telephone. When the call is received, the cryptographic device performs the negotiation (with asymmetric key) of the session key (with symmetric key) to cipher the communication, in a manner that is transparent to the user.
According to the invention, the method for the ciphered communication of data and voice between at least two cryptographic devices, connected with respective telecommunication apparatuses connected in a common telephone network, e.g. GSM /GPRS / UMTS / POTS / ISDN / satellite, essentially consists of the fact that at least a first user, who wishes to send a protected communication, operates with a first communication device incorporating a respective cryptographic device and which is physically separate and connected, through wired or wireless local connection means, with a respective telecommunication apparatus, in turn connected in said telephone network, so that said first communication device uses said respective telecommunication apparatus to effect transmissions on voice and/or data and/or fax and/or video line, whilst at least another user, who wishes to receive and decipher the communication sent by the first user, operates with at least another telecommunication apparatus connected to said telephone network and connected, through wired or wireless connection means, with a respective second communication device incorporating a cryptographic device and physically separate from said other telecommunication apparatus, which is used by said second communication device for the reception of transmissions on voice and/or data and/or fax and/or video line. Each mobile communication device is programmed or pre-configured with at least one of the following functions: audio acquisition, data acquisition, fax acquisition, video acquisition, audio reproduction, data display, image display, video display, management of cryptographic keys, ciphering functions, authentication functions, in order to incorporate a cryptographic device. Moreover, each cryptographic device is initialised with at least one cryptographic key and carries out the following operations : ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video, manages the corresponding cryptographic keys associating them to the appropriate group or user, sends the ciphered traffic to said telecommunication apparatuses, and receives the ciphered traffic from said telecommunication apparatuses, whilst said telecommunication apparatuses mutually transfer audio and/or data and/or fax and/or video traffic and communicate locally, each with the respective communication device incorporating the related cryptographic device. The method according to the invention comprises the steps consisting of: a) initialising the cryptographic means or devices, inserting at least one cryptographic key, b) associating at least one recipient user with at least one corresponding cryptographic key, c) negotiating at least one session key for the communication to be activated, and d) ciphered communication between two or more users provided with said communication devices incorporating respective cryptographic devices through respective telecommunication apparatuses .
Said association between cryptographic keys and users takes place through public key certificates, or said association between cryptographic keys and users takes place through the insertion of corresponding tables into the cryptographic device, or said association between cryptographic keys and users takes place by the user' s entering a code for each group of users with which it is necessary to communicate. The present invention shall become more readily apparent from the detailed description that follows, with reference to the accompanying drawings, provided purely by way of non limiting example, in which:
- fig. 1 is a general diagram showing the general configuration of the system for the ciphered communication of data, voice, fax, video in a first example of embodiment of the invention;
Figures 2 through 9 are diagrams illustrating additional examples of embodiment of the system according to the present invention; - fig. 10 is a block diagram illustrating the flow of the audio data during a protected telephone conversation on a common telephone network, according to the system of the invention; fig. 11 is a block diagram illustrating the ciphering algorithm used in the system according to the invention. With reference to Fig. 1, the system for ciphered communication according to the invention is globally designated with the number 10. It comprises, at one side and available to a first user who wishes to send a protected communication, a communication device 11 incorporating a cryptographic device and which is physically separated at a safe distance (against communication interception) and connected, through wired or wireless local communication means (e.g., Bluetooth or infrared) 12, with a telecommunication apparatus 13, in turn connected, in known fashion, in a telephone network, e.g. fixed network or GSM,
14. The communication device 11 uses the telecommunication apparatus 13 as modem to perform transmissions on voice and/or data and/or fax and/or video line. In mirror fashion, at the other side and available to another user who desires to receive and decipher the communication sent by the first user, the system 10 comprises a telecommunication apparatus 15 connected, in known fashion, the telephone network 14 and connected, through wired or wireless local communication means 16, with a communication device 17 incorporating a cryptographic device and physically separate relative to the telecommunication apparatus
15, which is used by the communication device 17 as a modem for the reception of transmissions on voice and/or data and/or fax and/or video line.
It should be noted that each mobile communication device 11, 17 incorporates a cryptographic device programmed or configured with at least one of the following functions: audio acquisition, data acquisition, fax image acquisition, video acquisition, audio reproduction, data display, fax image display, video display, management of cryptographic keys, ciphering functions, authentication functions. Moreover, each cryptographic device is initialised with at least one cryptographic key and carries out the following operations : ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video, manages the corresponding cryptographic keys associating them to the appropriate group or user, sends the ciphered traffic to said telecommunication apparatuses, and receives the ciphered traffic from said telecommunication apparatuses. Said telecommunication apparatuses 13, 15 mutually transfer audio, data, fax, video traffic and locally communicate, each with the respective communication devices 11, 17 incorporating the related cryptographic device.
Said association between cryptographic keys and users takes place:
- through public key certificates,
- or through the insertion of corresponding tables into the cryptographic device,
- or by the user's entering a code for each group of user with which it is necessary to communicate.
Said telecommunication apparatuses 13, 15 are both cellular telephones, both suitably adapted fixed network telephones, or a cellular telephone and an adapted fixed network telephone. It should also be noted that said communication devices incorporating respective cryptographic devices communicate with said telecommunication apparatuses through local wireless connection:
- the ciphered traffic comprises a voice and/or data and/or fax and/or video telephone communication; - the ciphered traffic comprises messages which can be transmitted over the cellular telephone network, in particular said messages are SMS (Short Message Service) , or said messages are MMS (Multimedia Messaging Service) , videos, electronic mail messages; - said communication devices incorporating respective cryptographic devices are provided with a display interface for entering said messages.
Fig. 2 but illustrates a second example of embodiment of the system according to the invention, here globally designated by the number 20.
Said system 20 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 21, in which is incorporated a cryptographic device. The incorporation of the cryptographic device in the Bluetooth headset 21 is achieved, in known and not illustrated fashion, by modifying the firmware or modifying the hardware of the headset to cipher the communications and to manage the cryptographic keys. Said headset 21 is connected to a cellular telephone 23 (GSM, GPRS, UMTS, POTS, ISDN, satellite) through Bluetooth connecting means 22 and uses the telephone as a modem to activate protected data communications through a telephone network (GSM, GPRS, UMTS, satellite) 24. The scheme is specular and comprises, at the other side available to another user who desires to be able to receive and decipher the protected communication, a cellular telephone 25 connected with respect to the telephone network 24 and connected, through Bluetooth connection means 26, to a Bluetooth headset 27 provided with cryptographic device (end-to-end) .
Fig. 3 illustrates a third example of embodiment of the system according to the invention, here globally designated by the number 30.
Said system 30 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth palm-top computer 31, incorporating a cryptographic device obtained, in known fashion not illustrated herein, by modifying the hardware and/or installing appropriate software realised to cipher communications and manage the cryptographic keys. The palm-top computer 31 is connected, through Bluetooth connection means 32 (or via wire or through a wireless connection) , with a cellular telephone 33 (connected with respect to a (GSM/UMTS/GPRS/satellite telephone network 34) . The palm-top computer 31 uses the cellular telephone 33 as a modem to perform protected transmissions on the data line. The conversation is carried out using the speaker and the microphone of the palm-top 31 or by means of a wired headset 31.1 or else through a Bluetooth headset (not modified) . The system 30 is mirror-like and it provides for another user to have available a cellular telephone 35 connected with respect to the telephone network 34 and with a ciphering palm-top computer 37, of the same type as the palm-top computer 31, and connected with respect to said cellular telephone 35 by means of Bluetooth connection means 36. The reference number 37.1 designates a headset. Fig. 4 illustrates a fourth example of embodiment of the system of the invention, in two different variants, according to Figures 4.1 and 4.2 respectively..
In both illustrated variants, the system assures a protected conversation between a cellular telephone user and a user employing a telephone of a fixed line. Figure 4.1
The according to the invention is designated herein by the reference 4.10 and it comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 4.11, in which is incorporated a cryptographic device (as in the Bluetooth headset 21 of Fig. 2) . Said headset 4.11 is connected to a cellular telephone 4.13 (GSM/UMTS/GPRS/satellite) through Bluetooth connection means 4.12 and uses the telephone itself as a modem to activate protected transmissions of data and/or voice and/or fax and/or video through a GSM /GPRS/ UMTS / POTS / ISDN / satellite telephone network 4.14. At the other side of the network 4.14, and available to another user who wants to be able receive and decipher the protected communication, is connected a fixed telephone 4.15, which is modified by incorporating a cryptographic device therein (or is connected to a ciphering device) , in order to synchronise with the mobile telephones, manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission. Said fixed telephone 4.15 is connected, through Bluetooth connection means 4.16, with respect to a Bluetooth headset, an audio-receiving headset or a wire handset 4.17. If the cryptographic device is not incorporated in the fixed telephone 4.15, then it is incorporated in the Bluetooth headset, or in the audio-receiving headset or in the wire handset 4.17. Figure 4.2
The according to the invention is designated herein by the reference 4.20 and it comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth palm-top computer 4.21, incorporating a cryptographic device as in the palm-top computer 31 of Fig. 3. The palm-top computer 4.21 is connected, through Bluetooth connection means 4.22, with a cellular telephone 4.23 (connected with respect to a (GSM/GPRS/UMTS/POTS/ISDN/satellite telephone network 4.24) . The palm-top computer 4.21 uses the cellular telephone 4.23 as a modem to perform protected transmissions on the data and/or voice and/or fax and/or video line. The conversation is carried out using the speaker and the microphone of the palm-top 4.21 or by means of a wired headset 4.21.1 or else through a Bluetooth headset (not modified) .
At the other side of the network 4.24, and available to another user who wants to be able receive and decipher the protected communication, is connected a fixed telephone 4.25, which is modified by incorporating a cryptographic device therein (or is connected to a ciphering device) , in order to synchronise with the mobile telephones, manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission. Said fixed telephone 4.25 is connected via wire 4.26 to a headset or a wire handset 4.27. If the cryptographic device is not incorporated in the fixed telephone 4.25, then it is incorporated in the headset or in the wire handset 4.27.
Fig. 5 illustrates a fifth example of embodiment of the system according to the invention, here designated by the number 50. Said system 50 comprises, at one side and available to a first user who desires to send a protected communication, a Bluetooth headset 51, in which is incorporated a cryptographic device (as in the headset 21 of Fig. 2) . The headset 51 is connected to a cellular telephone 53 (GSM/GPRS/UMTS) through Bluetooth connection means 52 and uses the telephone itself as a modem to activate protected transmissions of data and/or voice and/or fax and/or video through a GSM (or GPRS) or UMTS network 54. At the other end of the network 54 and available to another user who wants to be able to receive and decipher the protected communication, is connected a cellular telephone 55 connected both with respect to the telephone network 54 and with respect to a ciphering palm-top computer 57, of the same type as the palm-top computer 31, and connected with respect to said cellular telephone 55 by Bluetooth connection means 56. A wire headset 57.1 is also connected to said palm-top computer 57. Fig. 6 illustrates a sixth example of embodiment of the system according to the invention, here designated by the number 60. Said system 60 comprises, at one side and available to a first user who desires to send a protected communication, an integrated palm-top computer 61, incorporating a cryptographic device obtained, in known fashion not illustrated herein, by modifying the hardware and/or installing appropriate software realised to cipher communications and manage the cryptographic keys . Said integrated palm-top computer 61 includes within it an incorporated cellular telephone and communicates therewith through a direct wired connection, whilst said cellular telephone is connected with respect to a GSM/UMTS/ GPRS/ satellite telephone network 64. The integrated palm-top computer 61 uses the incorporated cellular telephone as a modem to perform protected transmissions on the voice and/or on the data line. The conversation is carried out using the speaker and the microphone of the palm-top 61 or by means of a wired headset or else through a Bluetooth headset (not modified) . The system 60 is mirror-like and it provides for another user to have available another integrated palm-top computer 62 of the same type as the palm-top computer 61 and connected with respect to the telephone network 64.
Fig. 7 illustrates a seventh example of embodiment of the system according to the invention, here designated by the number 70. In this case, a first user who wants to send a protected communication uses an integrated palm-top computer 71 of the same kind as the palm-top computer 61 according to the sixth embodiment and which is connected with respect to a GSM/UMTS/GPRS/satellite telephone network 74. On the other side, another user is connected to the same network by means of a Smartphone 75 with pocket PC operating system and connected, through Bluetooth connecting means 76, to a Bluetooth headset 77 provided with incorporated cryptographic device.
Fig. 8 illustrates an eighth example of embodiment of the system according to the invention, here designated by the number 80. Said system 80 comprises, at one side and available to a first user who desires to send a protected communication, a Smartphone 81 with pocket PC operating system, in which is incorporated a cryptographic device obtained in known fashion and not illustrated herein. Said Smartphone 81 is connected with respect to a GSM/GPRS/UMTS/POTS/ISDN/satellite telephone network 84 (the conversation is achieved, for example, using the speaker and the microphone of the Smartphone 81) .
At the other side of the network 84, and available to another user who wants to be able receive and decipher the protected communication, is connected a fixed telephone 85, which is connected by means of a wire 86 to a headset or to a wire handset 87. Said headset or handset 87 is modified, . in known fashion, by incorporating a cryptographic device, in order to manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission. Fig. 9 illustrates a ninth example of embodiment of the system according to the invention, here designated by the number 90. In this case too, a first user who wants to send a protected communication uses a Smartphone 91 of the same kind as the palm- Smartphone 81 according to the eighth embodiment and which is connected with respect to a GSM/UMTS/GPRS/satellite telephone network 94. At the other end of the network 94, and available to another user who wants to be able to receive and decipher the protected communication, is connected a fixed telephone 95, which is connected, Bluetooth connecting means 96, with respect to a Bluetooth headset 97, or to an audio-receiving headset or to a wire headset. Said headset 97, or said headset or handset are modified, in known fashion, incorporating therein a cryptographic device, in order to manage cryptographic keys and cipher/decipher a data and/or voice and/or fax and/or video transmission.
Fig. 10 shows the flow of audio data during a protected telephone conversation on a common telephone network, according to the system of the invention, between a first apparatus A, including a communication device, which incorporates a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus connected in said network, and a second apparatus B, including a communication device, incorporating a cryptographic device and connected, through wired or wireless local connection means, with respect to a corresponding telecommunication apparatus, in turn connected in said network.
During the telephone call, the audio recorded by the microphone of the apparatus A is immediately subdivided into small blocks (of about 1-2 tenths each, depending on the set parameter values) . Each of these blocks is then drawn by an appropriate thread, which processes it (compresses it, ciphers, etc.) and lastly sends it over the GSM data line.
At the other end of the communication, the other apparatus B receives the data from the modem of the telecommunication apparatus and immediately subdivides them into the compressed elementary audio blocks of the Audio codec in use; it then processes them to reconstruct audio blocks to be sent to the audio board for reproduction. Obviously during the telephone call each apparatus manages both the audio captured by the microphone (to be sent) and the audio received by the GSM channel (to be reproduced) . The overall flow is, obviously, two-directional.
Fig. 11 schematically shows the ciphering algorithm used in the system according to the present invention. Said ciphering mechanism is composed by the union of two codes, a public one AES and a proprietary one, which use the hash of the key K reprocessed and subdivided (in similar fashion to the HMAC) into Kl and K2. At each telephone call, two distinct IV1 vectors are generated, whilst the IV2 vector is the same for all telephone calls and can vary only in reference to the context in which the application is used. Fig. 11 refers to a single direction of the telephone conversation, so an IV1 is used to initialise both the proprietary and the public algorithm. A logic XOR operation is then carried out on the KeyStreams KS1, KS2 produced by the two algorithms, and the result is in turn placed in XOR with the audio bit stream in the clear, thereby producing the ciphered audio bit stream. Deciphering takes place in complementary fashion, exploiting the property of the XOR: the ciphered stream is placed in XOR with the result of the XOR between the two algorithms, the proprietary one and the public one, obtaining the bit stream in the clear again.
It should be noted that in the above examples of embodiment of the system according to the invention, reference is made to a single user who sends a ciphered message and to a corresponding single user who receives it and deciphers it. However, the invention is obviously not limited to this application, as the protected communication and the related deciphering can take place between more than two users or groups of users . Moreover, the operation of the system described and illustrated herein is obviously reversible, since the receiver can, in turn, send a protected communication to the user.

Claims

1. A system for the ciphered communication of voice and/or data and/or fax and/or video between at least two cryptographic devices, connected with respective telecommunication apparatuses connected in a common telephone network, for example GSM / UMTS / POTS / ISDN, satellite, characterised in that it comprises, available to at least one first user who desires to send a protected communication, a first communication device (11, 21, 31, 4.11, 4.21, 51, 61, 71, 81, 91) incorporating a respective cryptographic device and which is physically separate and connected, through local connecting means which may be wired (in 61, 71, 81, 91) or wireless (12, 22, 32, 4.12, 4.22, 52), relative to a respective telecommunication apparatus (13, 23, 33, 4.13, 4.23, 53, 61, 71, 81, 91), in turn connected in said telephone network (14, 24, 34, 4.14, 4.24, 54, 64, 74, 84, 94), so that said first communication device uses said respective telecommunication apparatus to make transmissions on voice and/or data and/or fax and/or video line, and which further comprises, available to at least another user who desires to receive and decipher the communication sent by the first user, at least another telecommunication apparatus (15, 25, 35, 4.15, 4.25, 55, 62, 75, 85, 95) connected to said telephone network and connected, through local connecting means which may be wired (in 62; 86) or wireless (16, 26, 36, 4.16, 4.26, 56, 76, 96), with a respective second communication device (17, 27, 37, 4.17, 4.27, 57, 62, 77, 87, 97) incorporating a cryptographic device and physically separate relative to said other telecommunication apparatus, which is used by said second communication device to receive transmissions on voice and/or data and/or fax and/or video line.
2. System as claimed in claim 1, characterised in that said communication device (11, 21, 31, 4.11, 4.21, 51, 61, 71, 81, 91; 17, 27, 37, 4.17, 4.27, 57, 62, 77, 87, 97) is programmed or pre-configured with at least one of the following functions : audio acquisition, data acquisition, image acquisition, video acquisition, audio reproduction, data display, image display, video display, management of cryptographic keys, ciphering functions, authentication functions, in order to incorporate said cryptographic device, in that said cryptographic device is initialised with at least one cryptographic key and performs the following operations : it ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video traffic, it manages the corresponding cryptographic keys associating them to the appropriate group or user, it sends the ciphered traffic to said telecommunication apparatuses, and it receives the ciphered traffic from said telecommunication apparatuses, and in that said telecommunication apparatuses (13, 23, 33, 4.13, 4.23, 53, 61, 71, 81, 91; 15, 25, 35, 4.15, 4.25, 55, 62, 75, 85, 95) mutually transfer audio and/or data and/or fax and/or video traffic and communicate locally, each with the respective communication device incorporating the related cryptographic device.
3. System as claimed in claim 1 and/or 2, wherein said telecommunication device is a cellular telephone (13, 15, 23, 25, 33, 35, 4.13, 4.23, 53, 55) .
4. System as claimed in claim 1 and/or 2, wherein said telecommunication device is incorporated in a palm-top computer (61, 62, 71) .
5. System as claimed in claim 1 and/or 2, wherein said telecommunication device is incorporated in a Smartphone pocket PC operating system (71, 81, 91) .
6. System as claimed in claim 1 and/or 2, wherein said telecommunication device is a fixed network telephone (13, 15, 4.15, 4.25) .
7. System as claimed in claim 1 and/or 2, wherein said telecommunication devices are in part cellular telephones (13,
15, 23, 25, 33, 35, 4.13, 4.23, 53, 55) and in part fixed network telephones (13, 15, 4.15, 4.25).
8. System as claimed in claim 1 and/or 2, wherein said telecommunication devices are in part incorporated in palm-top computers or Smartphones (61, 71, 81, 91) and in part fixed network telephones (85, 95) .
9. System as claimed in one or more of the previous claims, wherein said cryptographic device incorporated in said communication device (11, 21, 31, 4.11, 4.21, 51; 17, 27, 37, 4.17, 4.27, 57, 77, 97) communicates with said respective
5 telecommunication apparatus (13, 23, 33, 4.13, 4.23, 53; 15, 25, 35, 4.15, 55, 75, 95) through wireless local connecting means (12, 22, 32, 4.12, 4.22, 52; 16, 26, 36, 4.16, 56, 76, 96).
10. System as claimed in one or more of the claims from 1 through 8, wherein said cryptographic device incorporated in
10 said communication device (4.27, 87) communicates with said respective telecommunication apparatus (4.25, 85) through direct wired connection (4.26, 86).
11. System as claimed in one or more of the claims from 1 through 8, wherein said communication device (61, 62; 71; 81;
15 91) , incorporating a respective cryptographic device comprises within it said respective telecommunication apparatus, which communicates with said cryptographic device through a direct wired connection.
12. System as claimed in claim 9, wherein said wireless local 20 connecting means (12, 22, 32, 4.12, 4.22, 52; 16, 26, 36, 4.16,
56, 76, 96) achieve a Bluetooth connection.
13. System as claimed in claim 9, wherein said wireless local connection means (12, 16) achieve a connection with infrared radiation.
25 14. System as claimed in one or more of the previous claims, in which the ciphered traffic comprises messages which can be transmitted over the cellular telephone network.
15. System as claimed in claim 14, wherein said messages are SMS
(Short Message Service) . 30
16. System as claimed in claim 14, wherein said messages are MMS
(Multimedia Messaging Service) .
17. System as claimed in claim 14, in which said communication device incorporating said cryptographic device is provided with a display interface for entering said messages. 35
18. System as claimed in any of the previous claims, wherein said communication device (31, 37, 4.21, 57, 61, 62, 71) incorporating said cryptographic device is a palm-top computer.
19. System as claimed in one or more of the claims from 1 through 17, wherein said communication device (4.27, 77, 87, 97) incorporating said cryptographic device is an audio headset or
5 ear set.
20. System as claimed in one or more of the claims from 1 through 17, in which said communication device (81, 91) incorporating said cryptographic device is a Smartphone with pocket PC operating system.
10 21. System as claimed in claims 1 and/or 2, wherein said association between cryptographic keys and users takes place through public key certificates.
22. System as claimed in claims 1 and/or 2, wherein said association between cryptographic keys and users takes place
15 through the insertion of corresponding tables into the cryptographic device.
23. System as claimed in claims 1 and/or 2, wherein said association between cryptographic keys and users takes place through the entering of a code by the user for each group of
20 users with which (s)he wants to communicate.
24. A method for the ciphered communication of voice and/or data and/or fax and/or video between at least two cryptographic devices, connected with respective telecommunication apparatuses connected in a common telephone network, for example GSM / UMTS
25 / POTS / ISDN, satellite, characterised in that at least a first user who desires to send a protected communication, operates with a first communication device (11, 21, 31, 4.11, 4.21, 51, 61, 71, 81, 91) incorporating a respective cryptographic device and which is physically separate and connected, through local
30 connecting means which may be wired (in 61, 71, 81, 91) or wireless (12, 22, 32, 4.12, 4.22, 52), relative to a respective telecommunication apparatus (13, 23, 33, 4.13, 4.23, 53, 61, 71, 81, 91), in turn connected in said telephone network (14, 24, 34, 4.14, 4.24, 54, 64, 74, 84, 94), so that said first
35 communication device uses said respective telecommunication apparatus to make transmissions on voice and/or data and/or fax and/or video line, whilst least another user, who desires to receive and decipher the communication sent by the first user, operates with at least another telecommunication apparatus (15, 25, 35, 4.15, 4.25, 55, 62, 75, 85, 95) connected to said 5 telephone network and connected, through local connecting means which may be wired (in 62; 86) or wireless (16, 26, 36, 4.16, 4.26, 56, 76, 96), with a respective second communication device (17, 27, 37, 4.17, 4.27, 57, 62, 77, 87, 97) incorporating a cryptographic device and physically separate relative to said
10 other telecommunication apparatus, which is used by said second communication device to receive transmissions on voice and/or data and/or fax and/or video line.
25. Method as claimed in claim 24, characterised in that each communication device (11, 21, 31, 4.11, 4.21, 51, 61, 71, 81,
15 91; 17, 27, 37, 4.17, 4.27, 57, 62, 77, 87, 97) is programmed or pre-configured with at least one of the following functions : audio acquisition, data acquisition, image acquisition, video acquisition, audio reproduction, data display, image display, video display, management of cryptographic keys, ciphering
20 functions, authentication functions, in order to incorporate said cryptographic device, in that each cryptographic device is initialised with at least one cryptographic key and performs the following operations: it ciphers and deciphers the incoming and outgoing audio and/or data and/or fax and/or video traffic, it
25 manages the corresponding cryptographic keys associating them to the appropriate group or user, it sends the ciphered traffic to said telecommunication apparatuses, and it receives the ciphered traffic from said telecommunication apparatuses, and in that said telecommunication apparatuses (13, 23, 33, 4.13, 4.23, 53,
30 61, 71, 81, 91; 15, 25, 35, 4.15, 4.25, 55, 62, 75, 85, 95) mutually transfer audio and/or data and/or fax and/or video traffic and communicate locally, each with the respective communication device incorporating the related cryptographic device.
35 26. Method as claimed in claim 25, characterised in that it comprises the steps consisting of: a) initialising the cryptographic devices, inserting at least one cryptographic key, b) associating at least one recipient user with at least one corresponding cryptographic key, c) negotiating at least one session key for the communication to be activated, and d) ciphered communication between two or more users provided with said communication devices incorporating respective cryptographic devices through respective telecommunication apparatuses .
27. Method as claimed in claim 25, wherein said association between cryptographic keys and users takes place through public key certificates.
28. Method as claimed in claim 25, wherein said association between cryptographic keys and users takes place through the direct insertion of corresponding tables.
29. Method as claimed in claim 25, wherein said association between cryptographic keys and users takes place through the entering of a code by the user for each group of users with which (s)he wants to communicate.
30. Method as claimed in one or more of the claims from 24 through 29, characterised in that the ciphering mechanism is composed by the union of two codes, a public one (AES) and a proprietary one, which use the hash of the cryptographic key K reprocessed and subdivided (into Kl and K2), in similar fashion to the HMAC, in that at each telephone call, two distinct first vectors (IV1) are generated, whilst another vector (IV2) is the same for all telephone calls and can vary only in reference to the context in which the application is used, in that, in a given direction of the telephone conversation, said two first vectors (IV1) are used to initialise respectively both the proprietary and the public algorithm, in that a logic XOR operation is executed on the KeyStreams (KS1, KS2) produced by the two algorithms, and the result is, in turn, placed in XOR with the audio bit stream in the clear, thereby producing the ciphered audio bit stream, and in that the deciphering takes place in complementary fashion, exploiting the properties of the
XOR: the ciphered stream is placed in XOR with the result of the
XOR between the two algorithms, the proprietary one and the public one, obtaining the bit stream in the clear again.
PCT/IB2004/001407 2003-05-09 2004-05-06 System and method for cipher communication WO2004100494A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITTO2003A000337 2003-05-09
ITTO20030337 ITTO20030337A1 (en) 2003-05-09 2003-05-09 SYSTEM AND METHOD FOR ENCRYPTED VOICE AND / OR DATA AND / OR FAX AND / OR VIDEO COMMUNICATION

Publications (2)

Publication Number Publication Date
WO2004100494A1 true WO2004100494A1 (en) 2004-11-18
WO2004100494B1 WO2004100494B1 (en) 2005-03-24

Family

ID=33428321

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2004/001407 WO2004100494A1 (en) 2003-05-09 2004-05-06 System and method for cipher communication

Country Status (2)

Country Link
IT (1) ITTO20030337A1 (en)
WO (1) WO2004100494A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3034939A1 (en) * 2015-04-09 2016-10-14 Jules Alfille DEVICE AND METHOD FOR PROTECTING EXCHANGES FOR MOBILE TELEPHONY
EP4109811A4 (en) * 2020-02-17 2024-03-13 Eyl Inc Secure device equipped with quantum-random-number-based quantum encryption chip and secure communication service provision method using same

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
CRYPTOPHONE: "GSMK CryptoPhone 20", GESELLSCHAFT FÜR SICHERE MOBILE KOMMUNIKATION, 2003, BERLIN, XP002295681, Retrieved from the Internet <URL:http://www.cryptophone.de/downloads/gsmk200.pdf> *
R. SCHOBLICK: "ISDN-Line-Encryption", FUNKSCHAU, no. 9/2000, September 2000 (2000-09-01), XP002295680, Retrieved from the Internet <URL:http://www.funkschau.de/heftarchiv/pdf/2000/fs09/f0009028.pdf> *
SCHNEIER B: "APPLIED CRYPTOGRAPHY. PROTOCOLS, ALGORITHMS, AND SOURCE CODE IN C", 1996, JOHN WILEY & SONS, US, XP002295682 *
T-TELESEC: "LineCryptA Verschlüsselungsgerät für analoge Verbindungen", DEUTSCHE TELECOM, July 2000 (2000-07-01), CEBIT, XP002295679 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3034939A1 (en) * 2015-04-09 2016-10-14 Jules Alfille DEVICE AND METHOD FOR PROTECTING EXCHANGES FOR MOBILE TELEPHONY
EP4109811A4 (en) * 2020-02-17 2024-03-13 Eyl Inc Secure device equipped with quantum-random-number-based quantum encryption chip and secure communication service provision method using same

Also Published As

Publication number Publication date
ITTO20030337A1 (en) 2004-11-10
WO2004100494B1 (en) 2005-03-24

Similar Documents

Publication Publication Date Title
US6266418B1 (en) Encryption and authentication methods and apparatus for securing telephone communications
US7113601B2 (en) Method and apparatus for performing secure communications
US7890051B2 (en) Secure transmission over satellite phone network
US5392355A (en) Secure communication system
US6052576A (en) Radiocommunications equipment with a security calls mode, and extension unit forming part of such equipment
KR100430358B1 (en) Radio communication device and radio communication method
WO2008129546A2 (en) Voice encryption device
US20100177899A1 (en) Encrypted communication system
KR20020089742A (en) Secure codeless phone having the bluetooth
US20050232422A1 (en) GSM (Global System for Mobile communication) handset with carrier independent personal encryption
CN1707993A (en) Universal microphone for secure radio communication
JP2006191385A (en) Mobile phone device and communication system
EP2809045B1 (en) Information security attachment device for voice communication and information security method for voice communication using the same
JP3459074B2 (en) Method and apparatus for enhanced security enhancement of a private key to a lookup table to improve security of wireless telephone messages
CN203537408U (en) End-to-end voice communication privacy device with assignable secret key
WO2004100494A1 (en) System and method for cipher communication
KR100572463B1 (en) Encrypted communication method in communication between wireless communication terminals using shared encryption key
JP2000508441A (en) Method and apparatus for enhanced CMEA using enhanced transformation
RU2132597C1 (en) Method for encryption and transmission of encrypted voice data in gsm-900 and dcs-1800 cellular mobile communication networks
EP0818937A1 (en) Radiocommunication equipment having a secure communication mode, and an extension unit forming part of the equipment
Rekha et al. End-to-end security for GSM users [speech coding method]
KR100634495B1 (en) Wireless communication terminal having information secure function and method therefor
KR100408516B1 (en) Terminal for secure communication in CDMA system and methods for transmitting information using encryption and receiving information using decryption
KR100519783B1 (en) Wireless communication terminal having information secure function and method therefor
JP2001203688A (en) Voice communication terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
B Later publication of amended claims

Effective date: 20041223

DPEN Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed from 20040101)
122 Ep: pct application non-entry in european phase