CA1149483A - Cryptographic communication and file security using terminals - Google Patents

Abstract

ABSTRACT OF THE DISCLOSURE
A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be per-formed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is trans-ferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.

Description

2 This application is related to the following U.S. patents

3 assigned to the same assignee as the present application:

4 1. "Cryptographic Communication Security for Single Domain Networks", U.S. Patent No. 4,238,853, issued December 9, 6 1980, by Ehrsam et al.
7 2. "Cryptographic File Security for Single Domain Networks", 8 U.S. Patent No. 4,238,854, issued December 9, 1980, by 9 Ehrsam et al.
3. "Cryptographic Communication Security for Multiple Domain 11 Networks", U.S. Patent No. 4,227,253, issued October 7, 12 1980, by Ehrsam et al.
13 4. "Cryptographic File Security for Multiple Domain Networks", 14 U.S. Patent No. 4,203,166, issued May 13, 1980, by Ehrsam et al.
16 5. "Cryptographic Verification of Operational Keys Used in 17 Communication Networks", U.S. Patent No~ 4,193,131, 18 issued March 11, 1980, by Lennon et al.

This invention relates to cryptographic communication and 21 file security techniques using terminals and, more particularly, 22 to a terminal having a data security device which performs 23 enciphering and deciphering operations using system or private 24 keys to permit cryptographic communications and file security in a data processing network.
26 With the increasing number of computer ena users, sharing 27 of common system resources such as files, programs and hardware 3~

`" ~9~E3 1 and ~he increasing use o. d~3tri~uted systems and tele-2 com~unications, larger and more complex computer base information 3 syttems are beina created. In ~uch systems, an increasing 4 amount of ~ensitive data may be transmitted across un~ecure

5 con~unication lines or be stored on portable media such as

6 magnetic tapes or disks for prolonged periods of time.

7 Because of the in~ecurity of communlcation lines, the portability

8 of storage media and the long period~ of time before data

9 files may be recovered, there is an increasing concern over

10 the interception or alteration of qensitive data which mu~t

11 pass outside a controlled or protected environment or which

12 may become acce~sible if mainta~ned for too long a period

13 of time. Cryptoqraphy has ~een recognized as an effective

14 data sec-~rlty measure in that it protects the data itself rather than the medium over which it is tran~mitted or the 16 media on which it i8 stored.
17 Cryptography deals with methods by which message data 18 called cleartext or plaintext is encrypted or enciphered 19 into unintelliglble dsta called clphertext and by which the ciphertext ~ 8 decrypted or declphered back lnto the plaintext.
21 The encipherment/dec~pherment transformations are carried out by 22 a cipher function or alqorithm controlled in accordance wlth a 23 cryptographic or cipher ~ey. The clpher ~ey ~elect~ one out of 24 many pos~ible relatlonships between the plaintext and the ciphertext. Various algorithms have been developed in the 26 prior ~rt for improvln~ data securlty ln data processing 27 sy~tems. Examples of such alqorit~ms are described ln U.S.
28 Patent Number 3,796,830 is~ued March 12, 1974, by J-L. Smith~
29 and U.S. Patent Number 3,798,359 issued March 19, 1974 by H.
Feistel. Another more recent algorithm providing data security 31 in data processing systems Ki9-77-006 -2-1 i~ described in U. S. Patent Number 3,958,0~ ued May 18, 2 1976. This algorithm was adopted by the Natlonal Bureau of 3 Standards as a aata encryption standard (DES) algorithm and is 4 de~cribed in detall in the Federal ~nformation Proee~ing S Standards publieation, January 15, ~9?7, FI~S PUB 46.
6 A data eommunicatlon network may inelude a eomplex of 7 eommunication torminals eonneeted via eommunieatlon lines 8 to a ~ingle ho~t system and its a~soelased resouree~ sueh 9 as the host programs and locally attached terminal~ and data file~. Within the data communleatlon net~ork, the 11 domain of the host system is eonsiderea to be tho set of 12 re~ources known to and managed by the host system. Various 13 single domain data eommunieation network~ have been developod 14 in the prlor art using cryptographic techniques for impro~ing the security of data communieat~on withln the network. Tn 16 sueh networks, a eryptographie faellity 1~ provided at the 17 ho~t system and at various ones of the remote terminals.
18 In order for the host ~ystem and a remote terminal to perform 19 a eryptographic eommunieation, both must u~e the same erypto-gr~phic algorithm ~nd a common operational eryptographle 21 key 80 that the data enciphered by the sending ~tation can 22 ~e declphered at the reeelving Qtation. In prlor art erypto-23 qraphic communieat~on arranqements, the operational key to be u~ed at the sending station i~ eommunic~te~ by mail, telephone or courier to the receiving station 80 that a common operatlonal 26 key i~ installed at both ~tation~ to permit the eryptographic 27 comm~nications to be performed. Furthermore, the operational 28 key was kept for a relatively long period of time. In order ~o 29 pre~ent a "moving target~ to an opponent, other prlor art arrangements developed teehniques whieh improved ~eeurity Ki9-~7-006 -3-1 by changing operational keyJ dynamically where the frequency ; 2 of changing keys is done automatically by the system. One 3 such technique is provided in the IBM 3600 Finance Communication 4 System utllizing the IBM 3614 con~umer transaction facility as remote terminals and i8 exemplified by U.S. Patent No.
6 3,956,615 i~sued May 11, 1976. In that system, an enciphered 7 operatlonal or data encrypting key i8 tranumitted over the 8 communication line from the hoJt ~ystem to the remote communication 9 terminal. The enc~phered data oncrypting key is declphered and then used as the current data encrypting koy for all 11 data transmissionu. However, with thls type of arrangement, 12 since the current data encryptlng key ~ust be readily available 13 for the data tran~missions it is ~tored in the clear at the 14 remote terminal thereby making the sy~tem somewhat unsecure by the clear keys being susceptlble to possible accessibility 16 by unauthorized porsonnel. Addit~onally, with thls type of 17 system, when the current data encrypting key 18 to be changed, 18 a new data encrypting key enciph~red under the old data 19 encrypting key i~ transmitted to the remote terminal where it is deciphered and then u~ed a~ the new current data 21 encrypting key. However, with this type of arrangement, 22 ~ince each new current data encryp~ing key iQ a function of 23 the preceeding current data encrypting key, the ~ystem 24 becomes unsecure if one current data encrypting k-y becomes accessible as it will permit the curront ciphertext to be 26 deciphered nnd will permit all succe-ding data encrypting 27 key~ to be obtained ther~by allowing all ~ucceeding ciphertext 2~ to be deciphered.
29 As the size of data communication notwork~ increases, other host systems may be brought into the network to provitle Ki9-77-006 -4-1~49~3 1 multiple domain networks with each host sy~tem having knowledge 2 of and managing its associated re~ource~ which make up a 3 portion or domain of the network. By providing the proper 4 cros~ domain data link between the domains of the network, 5 two or more domains may be interconnected to provide a net-6 working facility. Accordingly, as the ~ize of the network 7 increases and the number of communication llnes inter-8 connecting the network increases and the numker of data 9 file~ sharing sen~ltive data increases, there i8 an increa~ing 10 need to provide communication security for data transmitted over 11 ~uch communication lines and to provide f~le ~ecurity for data 12 stored in data file~.
13 Accordingly, it i~ an ob~ect of the invention to provide 14 a terminal capable of maintaining the security of data tran~-

15 missions in a data communication network.

16 Another ob~ect of the invention i8 to provide a terminal

17 having a data security device for encipherlng/deciphering

18 message blocks of data under control of a protected terminal

19 cryptographic key.
A further object of the invention i~ to provide a terminal 21 cryptographic facility in a dsta communication network without 22 having to provide terminal cryptograph$c key~ in the clear 23 out8ide of the facility.
24 Still another object of the invention i8 to establish 25 communication sessions between a terminal cryptographic 26 facility and a host system in a data communlcation network 27 in a ~ecure manner.
28 Still a further object of the invention is to e~tabli~h 29 secure cryptographic communication ses~ion~ between a ho~t and 30 a terminal in a data communication network by providing the ~i9-77-006 -5-1149~3 1 terminal with a data eneryptlng key ~nelphered under 2 a seeondary communleation key for each new communication 3 session.
4 Still another ob~ect of the invention i~ to provide a 5 terminal eryptographic facillty whlch 1- maintalned ln a 6 loglcally and physically protected area of the terminal.
7 Still a further ob~ect of tho invention is to provide 8 a terminal data security device which includes a hardware 9 implementation of the data eneryptlon standard algorithm lQ adopt-d as the Unlted States Federal Data Proeessing 11 Standard.
12 Still another ob~eet of the invention 1- to provide 13 a terminal data soeurity deviee having lnterface~ to which 14 plaintext/clphertext input data and operatlon requests are 15 presented and from whlch clph~rtext/plaintext output data 16 is pre-ented.
17 Still a furth r ob~ect of tho invontlon 1~ to provlde a 18 terminal eryptographie faeillty whleh includes eryptographie 19 apparatu~, a termlnal ma~ter eryptographie key memory and

20 a working key regi~ter wheroby the eontent~ of the terminal

21 master key memory, the worklng key rogl~ter and intermediate

22 result~ of the eryptographie operatlon are only aeeesslble

23 to the eryptographie apparatu~.

24 Still another ob~eet of the inventlon iB to provide

25 a terminal eryptographle facility for performing a write

26 master key function to seleetively ~tore a t-rminal erypto-

27 graphie key used for enerypting/deeryptlng other eryptographie

28 keys in a master key memory by manual or termlnal eontrol

29 means.
Stlll a further o~eet of the lnvention is to provide ~i9-77-006 -6-ll~g~S3 1 a terminal cryptographic facility having a battery powered 2 terminal ma~ter key memory to allow termlnal master key 3 retention when system power is not present.
4 Still another ob~ect of the lnvention is to provide 5 a terminal cryptographic facility for performing a terminal 6 master key overwrlte function whenever a new terminal master 7 key i8 to ~e used by the facllity.
8 Still ~ further ob~ect of the invention is to provide 9 a terminal cryptographic facility having a wor~ing key regi~ter 10 for storing a termlnal cryptographlc key used to personalize 11 the encrypting/d~cryptlng operAtion of the terminal crypto-12 ~raphic facllity.
13 Still another ob~ect of the invention i8 to provide a 14 terminal cryptographic facillty for performing a load key 15 direct f unction to dir~ctly store a torminal data encrypting 16 key in a working kcy register of the t-rminal cryptographic 17 facility.
18 Still a further ob~ect of the invention i~ to provide 19 a terminal cryptographic facility for performing a decipher 20 key function to dociphor a data encrypting key enclphered 21 under a terminal mastor key to obtain th~ data encrypt~ng 22 key for storage in a working key regiJter.
23 Still another ob~ect of the lnventlon i8 to provlde 24 a terminal cryptographic f~cility for performing an encipher 25 function for enciph ring input plaintext under control of a 26 dat~ encrypting key stored in a working key regi~ter to 27 produce output c~phert~xt.
28 Still a further ob~ect of the invontion i8 to provide 29 a terminal cryptogr~phic facility for perform~ng a decipher

30 function for deciph-ring input ciphertext under control of a X~9-77-006 -7-~3 l data encrypting key stored in a worklng key register to 2 produce output plaintext.
3 gtill another ob~oct of the inventlon i8 to provide a 4 terminal cryptographic facility for performing a decipher 5 functlon for deciphering a data encrypting key enciphered 6 under a terminal master key to obtain the data encrypting 7 key wlthin the facillty for use in encipher$ng input cleartext 8 into output ciphertext. -9 Still a further ob~ect of the lnvention is to provide 10 a terminal cryptographic facility for performing a docipher 11 function for deciphering a data encryptlng key enciphered 12 under a terminal ma~ter key to obtain ~he data encrypting 13 key within the facility for use in deciphering ciphertext 14 enciphered under the data encrypting key into cleartext.
Still another ob~ect of the invention i8 to provide a 16 terminal having a data ~ecurity devlce whlch deciphers an 17 enciphered data encrypting koy used for data enciphering/
18 decipb~ring operations under selectivQ control of a system 19 or prlvate key encrypting key to p~rmit cryptographic data 20 transmis~ions in a data communication network.
21 Still a further ob~ect of the inv ntion is to provide a 22 terminal having a data security ~evice which performs data 23 enciphering/deciphering operation- under control of a 24 private data encrypting key to permlt priv~te cryptographic 25 d~ta transmi~sions in a data communication network.
26 Stlll another ob~ect of the invention i8 to provide 27 terminals having dat~ ~ecurity devices associated with 28 different domain~ of a multiple domain communication network 29 with the terminal associ~ted with one domain perf~rming data 30 enciphering/decipherlng operation~ under control of a private Ki9-77-006 -8-1 data encrypting key and the terminal as~oclatQd wlth another 2 domain perform$ng enciphering/dociphering operations under 3 control of the same private data encrypting key to permit 4 cross domain cryptographic data transmission~ in the multiple 5 domain communication network.
6 Still a further ob~ect of the invention is to provide 7 a terminal capable of mslntaining the ~ecurity of data for 8 ~torage in a private file of a data processlng ~ystem.
9 Stlll another ob~ect of the inYention i8 to provide a 10 terminal having a data security device for enclphering message 11 blocks of data under control of a private data encrypting key 12 for ~ecure ~torage in a prlvate fil~ of a data processing 13 syst~m.
14 Still a further ob~ect of the invention is to provide a 15 terminal having a data security device for declphering message 16 ~locks of enciphered data recovered from a private file of 17 a data processing ~y~t~m under control of the same private 18 data encrypting key wh$ch was used to create the enciphered l9 data file.
! Still another ob~ect of the invention 18 to provide 21 terminals having da~a security devices a~sociated with different 22 data proce~sing systems with the termlnal associated with one 23 ~ygtem encipherlng data under control of a prlvate data encrypt-24 ing key for secure storage ln A private portable file w~ich is 25 transported to and installed in another sy~tem where the terminal 26 associated with that sy~tem can declpher the enciphered data 27' recovered from the private data file under control of the s~me 28 private data encrypting key which was used to create the 29 enciphered data flle.
In accordance with the $nven~10n, a termlnal is provided 1~49~

1 to perm~t cryptographie data tran~mis-ion~ in a data ¢ommunieatlon 2 network The terminal has an integrated data socurity deviee 3 which lneludes a m~mory for ~torlng a terminal ma~ter key 4 aeting as a key enerypt$ng key, cryptographie apparatus for 5 cipherlng input da_a under eontrol of a eryptographic key 6 ~tored in a working key reglJter to produee eiphered output 7 data and an interfaee adapter to which operation requests 8 are pre-ented and plalntext/eiphertext are pre~ented for g application as input data to the eryptographie apparatus and 10 from whlch ciphert-xt/plalntext data is pre-ented a~ appliod 11 from th- e~phered output data of the eryptographic apparatus 12 The terminal master key may bs loaded into the maJter key 13 memory by manual m an~ or under torminal control by a write 14 ma8ter key operatlon reque~t to the lnterfaee adapter 15 Additionally, the terminal i~ key ~ynchronized ~ith the hoJt 16 system by roception and deciphering of synehronlzing data 17 from the host ~y-tem eon~lsting of a data encrypting key 18 enciphered undor the terminal master koy This i8 accomplished 19 ~y aceessing the terminal master key memory for trAnsferring 2U the master ~ey to th- working key regl~ter and by applying 21 the ~ynchronlzing data as input data to the cryptographic 22 apparatu8. The cryptographic apparatu~ then deciphers the 23 synchronizing data under control of the torminal master key 24 to obtain the synehronizing data oneryptlng key which is 25 then loaded into the working key reglJter replaclng the 26 terminal ma~ter key previously stored therein Encipher/decipher 27 operation request~ m~y then proeeod to enelpher plaintext 28 under eontrol of tho data enerypting key in the working key 29 reglster to produce eiphertext for tran-mi--~on to the host 30 sy~tem or to decipher eiphortext reeelved from the host Ki9-77-006 -10-~83 1 system under control of the data enerypting key in the 2 working key register to produee plaintext.
3 The terminal data security d~viee also provides an 4 arrangement which permits a variety of applications using a 5 pre-defined private data enerypting key. With a load key 6 direet operation request to the interface adapter the private 7 data enerypting key may be direetly loaded into the working 8 key register as the work~n~ key. Thi~ allows subsequent g encipher/decipher operations to proeeed under eontrol of the 10 private data encrypting key. In a data proees~ing system 11 where portable dsta file~ are ereated, soeure storage and 12 later recovery of data file~ may b~ aceompli~hed by directly 13 loading a private data enerypting key into the working key 14 register and eneiphering the data to be stored under control 15 of the private data enerypting key when the data file i8 to 16 be ereated and u~ing the same private data enerypting key in 17 the working key reg$ster when the eneiphered data file i~
18 later reeovered and i8 to be deeiphered.
19 The foregoing and other ob~eet~, features and advantages 20 of the invention will be apparent from the following partieular 21 deseription of a preferred embodiment of the invention, as 22 illustrated in the aeeompanying drawings.
23 BRIEF DESCRIPTION O~ THE DRAWINGS:
24 ~ig. 1 is a bloe~ diagram $11ustrating a cryptographic 25 data eommunieation network.
26 Fig. 2 i8 a bloe~ d$agram of a terminal having a data 27 seeurity device of the present invention.
28 Fig. 3 i8 a bloe~ diagram of a eryptographie engine 29 which performs eryptogr~phie funetion~ in a logieally and 30 physieally ~ecure manner.
Ki9-77-006 -11-1 Fig. 4 illustr~tes in bl~c~ diagram form a manual 2 function-3 Fig. S illu3trateQ in ~loc~ d~agram form a terminal 4 controlled ~IX function.
S Fig. 6 illustrate~ in bloc~ diagram form a LXD fune~ion.
6 Fig. 7 illustrates in ~loc~ diagram form a DEC.~ functio~.
7 Fig. 8 illustrate~ in block diagram form a ENC function.
8 Fiq. 9 illustrates in blcck diagram form a DEC function.
9 Fig. 10 lllustrates in block dlagram ~orm a ECPH function.
Fig. 11 illustrate~ in bloc~ d~sgxam form a DCPH function.
11 Fig. 12 is a block diagram lllustr~ting c~yptographic 12 communication security in a single domain network using a 13 system or pr~vate key as a ~ey encrypting kcy.
14 Fis. 13 is a block diagram illustrating cryptographic 15 communication secur~ty ln a single domain network using a 16 private key as a data ~ncrypting ~ey.
17 ~ig. 14,~s a block diagr~m illustrating cryptographic 18 co~munication security in a multiple domain networ~ using a 19 private key as a d~ta enc.ypting ~ey,~appears with Fig. 16).
Fig. 15 is a blcck diag_am illustrating cryptographic 21 file security $n a single domain network uslng a private key 22 as a data file encrypting key.
23 Fig. 16 is a blocX diag,c~m illustrating cryptographic 24 file security in a mult~ple domain networ~ using a private 25 ~ey a~ a data ftle encrypting ~ey.
26 Fig. 17 illu~tra~e3 the detal~s of a clock circuit used 27 in the data security device of the present lnvention.
28 Fig. 18 i8 a timing diagram explalning the operation of 29 the clock circuit illu~trated ln Fig. 17.
~ig. 19 is ~ diagram of how Figs. l9al through l9i2 may Ki9-77-006 -12-~4g~3 1 be placed to form a detailed sch-matic diagram.
2 Flg~. l9al through l9i2, taken together, comprlse a 3 detailed schematlc dlagram of the data security device of the 4 pre~ent ln~entlon.
Fig. 20 i8 a tlmlng diagram of the manu~l WMR operation.
6 Flg. 21 illustrates how Flgs. 21a and 21b may be placed 7 to form a compo-ite timing diagram.
8 Figs. 21a and 21b, tak n together, comprise a t$m$ng dlagram 9 of the termlnal controlled WMX op-rat1on.
Fig. 22 ~llu~trates loglc details of the crypto englne 11 used in the data securlty device of the present lnvention.
12 Flg. 23 illu~trate- how Figs. 23a and 23~ may be placed 13 to form ~ compo~ite tlming dlagram.
14 Flgs. 23a and 23b, takon together, comprlse a timing 15 diagram of the LRD operatlon.
16 Fig. 24 lllustrate~ how Figs. 24a to 24c may be placed 17 to form a composite timing dlagram.
18 Figs 24a to 24c, taken together, comprl~e a timing dlagram 19 of the DECX operatlon.
Flg. 25 illustrates how ~lgs. 25a to 25d may bQ placed 21 to form a composlte tlmlng diagr~.
22 Figs. 25a to 25d, taken together, comprl~e a t~ming dlagram 23 of the DEC~ENC operatlon.
24 GENERAL DE8CRIPT~ON:
25 INTRODUCTION:
26 In a data com~unication network, a camplex of communication 27 term~nals are connectod via a plurallty of communicatlon lines 28 to a ho~t data proces~lnq system and it~ as~ocl~ted re~ource~
29 guch as hogt program~, and locally attach-d termlnals and 30 secondary storage file~. Because of the complexity and l increa~ing size of -~uch networks which m~y include single 2 or multiple do~ain networks, it has been recognized thst 3 when data i~ transmitted over unsecure communication line~
4 or stored in ~econdary storage files or in portable storage 5 media, it i8 nece~s~ry to protect the data to maintain the 6 confldentiality and integrity of the information represented 7 by that data. Cryptography providos an effective data security 8 mea~ure for communication and file socurity in that it protects 9 the eonfidentiality and integrity of the dat~ itself rather 10 than the medium over wh~ch it i8 trans~itted or the media in 11 whieh it is stored. Fig. l illustrate~ a cryptographic 12 arrangement $n a representative ~ingle domain data commun-13 ication network.
14 Mo~t practie~l eryptographic ~ystems requixe two basic 15 element~, namely, (1) a cryptographlc algorlthm which is a set 16 of rule~ that specify th~ steps required to transform or 17 encipber pla$ntext into ciphertext or to transform or decipher 18 ciphertext bac~ into plaintext an~ (2) a cipher key. The cipher l9 key i~ used to ~eleet one out of m~ny possible relationships 20 between the plaintext ~nd the ciphertext. Yarious cryptographic 21 algorithms have been developed ln the prior art for improving 22 data ~ecurity in data proeessing ~ystems. One ~uch algorithm 23 i~ described in U.S. Patent No. 3,958,081 issued May 18, 24 1976 and was recently ~dopted a~ a United States Federal 25 Data Processlng St~ndard as set forth in the ~foresaid 26 Federal Information Proces3ing Standard publicatian. A
27 hardware implement~tlon of this algorithm 18 lncorporated in 28 the pre~ent invention. The cryptogrnphlc algorithm operates 29 to transform or encipher a 64 bit bloc~ of plalntext into a 30 unique 64 bit block of ciphertext under control of a 56 bit Ki9-77-006 -14-i3 1 cipher key or to transform or docipher o 64 blt block of 2 ciphertoxt back into an orlginal 64 bit block of plaintext 3 under control of the same 56 bit cipher Xey with the deciphering 4 procesR being the reverse of the encipher~ng process. The 5 effectiveness of this cipher process dependg on the techniques 6 used for the sel~ction and management of the cipher key used 7 in the cipher procQ~s. The only cipher key actually used in 8 the cipher process to personalize the algorithm when encrypting g or decrypting data or other keys i~ termed the working key and 10 i8 acce~sible only by the cryptographic apparatus. All 11 other key~ hereafter discussed are used at different time~ as 12 worklng key~ dep~ndlng upon the clpher operatlon to bo perfoxmed.
13 There are baslcally two categories of cipher keys used in 14 the cryptographic ~y~tem, namely, operatlonal key~ (KO) and 15 key encryptlng ~eys ~XEX) with opexational key~ being referred 16 to and u~-d aJ data oncrypting Xey~. Dat~ oncrypting or 17 operatlonal keys are a category of keys used to encrypt/decrypt 18 data while key encryptlng Xey~ are a category of Xeys u~ed 19 to encrypt/decrypt othor keys.
Within the two ba~ic categories, there are variously defined 21 classes ~nd types of cipher keys. Thus, in the data encrypting 22 or operatlonal class of cipher keys, the data encrypting or 23 operation~l key whiah protects data during data communication 24 sessions i8 a cla~s of key called the primary communication 25 key. One type of this class of keys i8 one which 1~ a ~yqtem 26 generated, time variant, dynamically created key transmitted 27 in enciphered form under a key encrypting key from a host 28 ~y8tem to a remoto terminal. The ~ey ~8 dec~phered at the 29 terminal and then loaded lnto the working koy register and 30 u~ed a8 the worklng key. The key exlst~ only for the duration Ki9-77-006 -15-1 of the communicatlon se~sion and will ~e referred to ~8 2 the syst~m ses~lon key (KS). In pri~ate cryptographic 3 syst~m~ whlch u~ a prlvate protocol known to each end 4 user but unknown to the syst~m, a private key may be u~ed as 5 another type of primary communlcation key to provide 6 communication securlty. The private key i8 lOadea 7 into the terminal working key reglster and then used as the 8 worklng key. The k~y exl~ts only for a tlme duration determined 9 by the prlvate protocol which may requlre the key to be changed 10 for each commu~icatlon, once an hour, once a week, etc. and 11 will be reforred to as the private 80~810n key (KSP).
12 The data encr Q tlng or operatlonal key which i8 used to 13 protect a data flle ln a storage medla iB a class of key 14 called the primary flle key. ~hi~ key provldos file data 15 security for data flles which may be lnactive for long 16 period~ of tim~ or ln the casR of portable ~torage medla 17 durlng periods whon the data file 1B ln tran~lt ~rom point 18 to point. ThuQ, the primary fllo kcy generally exists for 19 long periods of tlme as contrasted with the prlmary communicatlon 20 key which generally ~xlsts for relatlvely short period~ of 21 tlme. In private cryptographlc system~ whlch use a pr~vate 22 protocol, ~ private key may be u~od as one type of primary 23 file key to provide a pr$vate flle security ~ystem. This 24 key exists for a~ long as the protected file exists and will 25 be referred to as the prlvat~ fll~ key ~KFP).
26 With~n the key encrypting category of cipher keys, 27 there are two ~ub-categories, namely, the primary key encryptlng 28 key and the secondary key encrypting key. In the primary 29 key encrypting key ~ub-category of clpher keys, the key 30 encrypting key used in the host system to encipher other Ki9-77-006 -16-~49~3 1 ~eys i8 a class of key called the system k~y One type of 2 thl~ elas~ of keys i~ one whlch i- u~ed to protect the 3 ~y~tom sQs~ion keys actively u~ed at the host and will be 4 reforred ~o as the host ma~ter key (XM~) In the secondary S key encrypting key ~ub-category of cipher ksys, the key 6 encrypting key u~ed in the terminal to protect other keys i8 7 a cl 88 of key called a secondary communicatlon koy Two 8 types of this cla~ of keys are us~d to protect sy~tem 9 se~lon keys transmitted to the t~rminal and when ~y~tem 10 generated will be referred to a~ the termlnal master key 11 ~XM~) and whon provided a~ a pre-deflnod prlvate key w~ll be 12 referred to a~ a private termln~l ma-ter key ~MTP) The 13 various clpher koys defined ~bovo are summarized in the 14 followlng table by category, clas~, type and use 15 CAT~ÇQ~Y SECURITY CLASS TYPE USE
16 Keys 17 Primary Sy~tom Xey ~o~t Master Key (RMH) 18 _ Encipher 19 Secon~ary Secondary T-rminal Ma~ter Other Co~munication~ Roy (RMT) Xeys Cryptographlc Prlvate 21 Termlnal Master Key~
X~y ~TP) 22 __ 23 Pri~ary Sy~tem Co~munication 5e~10n Rey 24 Dat Encrypting Xey~ ~XS~ Encipher Private Or Se~on Rey 26 , ~KSP? _ Dec~pher ~Operatlonal 27 Xeys~ Prim~ry Private Data Fil~ X~y FilQ Xey 2 8 _ (XFP) 1149$~

1 OENE~ATION, DISTRIBUTION AND INS~ LAT~ON OF C~YPTOGRAPHIC XEYS:
2 Rey gonQration i~ the proca-- ~hlch provide~ for the 3 craatlon of the ciphar keys r~qulr d by ~ cryptographic 4 ~y~tem Rey generat$on lnclude- th peclficatlon of a 5 y~tem master key, primary and ~econ~ary co~municatlon key~
6 ~nd the primary fllo key 7 Tho system ma-ter key 18 th prlm ry k~y encryptlng 8 key and 18 the only cipher kay th~t n~o~- to be prs-ent ln g th~ ho~t cryptographlc facillty in clear ~orm. Slnco the 10 system ma~ter k~y ~oo- not generally dhango for long perlods of tlme, great cara mu~t be t~ n to el ct thl~ key in a 12 random munner Thi~ may ~e acocrpl~-h~d ~y u~lng ~om~ random 13 experiment such ~ ooin to-~lng wher- bit ~alues 0 and 1 ~re 14 determin d by tho occurr~nc~ of h~adb un~ tall~ of th~ coln 15 or by thro~ing dlc- ~hcre blt value- 0 and 1 are det~rmlned 16 by th occurrena- o v n or od~ roll~ of the dlce, ~ith the 17 occurr~nce of each group of ooln~ or dlc~ b~lng conv-rted lnto 18 corre-pondlng parlty Ad~u~t d dlglt~ ~lnc- ~11 oth-r 19 clpher ~eys stor d ln the ho~t ~y~t~ are nalph~r ~ un~-r 20 the sy~tom ma~t~r ~-y then ~ecro¢y for ~uch oth~r clpher k~y~
21 reduc 8 to that of pr~vtding s~ar~cy for the ~ingle ~ystcm 22 mastor k y Thi~ mJy be acco~plldh ~ ~y toring the ~y-tem 23 m8~t r kay ln a non-volati}~ ma-ter ~ y m-mory o that it 24 ne~d only b~ ~n~tall~d on¢e On¢o in~tall-d, the ma~ter k~y ~5 18 u~ed only by th~ cryptographlc ~ppar~tus ~or ~nternally 26 doc$ph~r~ng ~nciphorad keys ~hlch may th~n be us-~ aJ the 27 wQrking ~ey ln a ~u~sequ*nt enciph r/d~¢lph r op~ration 28 ~he t~rminal ma-tcr key 1- a s-condary key encryptlng 29 key and lik~ the ~y-tom ma~ter key, $~ the only key ~ncryptlng 30 key that n~ed~ to b- pre~nt in cl~ar form in the terminal Xi9-77-~06 -18-~9~83 1 cryptographic facility. Since there may be numerous 2 terminals associated with the data communication network, 3 it may not be practical or prudent to have these keys 4 generated by a human user using some type of random experi-ment. Therefore, to relieve the system administrator from 6 the burden of creating cryptographic keys, except for the 7 single system master key, the cryptographic apparatus of 8 the host system can be used as a pseudo random generator for 9 generating the required terminal master keys used by the various terminals of the network. In addition to the system 11 generated terminal master keys, off line means may be used 12 by end users to establish a private terminal master key.
13 In either event, the terminal master key is retained in 14 enciphered form at the host and the clear form of the system or private generated terminal master key is distributed 16 in a secure manner to the authorized terminal users. This 17 may be accomplished by transporting the key by courier, 18 registered mail, public telephone, etc. The likelihood of 19 an opponent obtaining the key during transit can be lessened by transmitting different portions of the key over independent 21 paths and then combining them at the destination. Once 22 having properly received a valid system or private generated 23 terminal master key in clear form, it becomes necessary to 24 maintain its secrecy. In the terminal master key approach of the present invention, this is accomplished by il494~3 1 writing the terminal ma~ter k~y ln a non-volatile ma-ter key 2 memory, aa ~n the c-se of the Jy~t-m ma~ter key Once installod, 3 the ter~inal master key i8 u~ed only by th- torminal crypto-4 graphic apparatu~ for lnternally d~c$pherlng sy~tem generated 5 8-~lon keys which may then be us-d a~ the ~orking key in a 6 ~ub-oquRnt enc~pher~dec~pher op~ration 7 ~n-tallation of the system or prlvate g~nerated terminal 8 ma~tor key~ may be accomplidhed by a d~rect ~anual entry proc~
9 u~ing mochanical s~ltche~, d~al-, or a hand-hold key ntry 10 device Alt rn~l~oly, an ~ndlract ~ntry m~thod may be u~od 11 in which case the ms~t~r key may be entored from a non-volatil~
12 media such a8 a magn-tic cara or tapo whlch i8 maintalned ln a 13 securo location ~sa~, vault, et~.) a¢c~ blo only to tho 14 ~ecurlty admini~trator. Another alt r,natlve ln~irect entry 15 method may be to u~e a k-yboard ~ntry d~vlco though thi~
16 mothod $8 sub~ect to hum~n error. In any evont, whichever 17 indlrect mothod i~ cho~en, aurlng termlnal lnitialization, 18 the torminal ma-ter koy ~ay b~ r ad lnto an~ t~mporar$1y 19 stored in the terminal memory ana then tran-ferred to tho 20 mast~r ~ey memory with the t~rmlnal m~mory entry belng 21 sub~equently era~ea o that only one copy i~ pre~ent in the 22 torm~nal and acce~ble only by tho t-rmlnal cryptographic 23 fac~ lity.
24 Sy~tem generatod prlmary co~unlcatlon keys, ~uch a~
25 tho gy~em session k-y~, are tlme variant koys whlch are 26 dyn~cally generat-~a for each co~nunlcation s~wion and 27 ~re u~ed to protect communlcatod ~ata. Slnce there may 28 be nu~erous communlcatlon- ~e-810n~ lt 1~ l~practlcal 29 to have t~e~e key~ ~enorated by a hu~an user. Therefore, 30 a~ ln the case of tho termlnal maoter koy-, tho crypto-Ki9-77-006 -20-~49~3 1 graphic apparatus of the host system may be used as a 2 pseudo-random generator for generating, as each communica-3 tion session is required, a pseudo-random number which 4 may be defined as being an enciphered system session key.
The enciphered terminal master key and the enciphered 6 session key are processed by a function which produces the 7 session key enciphered under the terminal master key. This 8 quantity is then communicated to the terminal where it is g deciphered thereby allowing the host and terminal to communicate using the common session key. In addition to 11 system generated session keys, end users may wish to 12 communicate using a mutually agreed upon private session 13 key. This key is loaded into the host system and the 14 terminal as a common working key thereby allowing the host and terminal to communicate using the common private session 16 key.
17 In private cryptographic systems where the end users 18 use a private protocol which is unknown to the system, 19 communication and/or file security can be obtained by the use of private primary communication and/or private primary 21 file keys. In such arrangements, key selection, management, 22 and data transfer operations are performed without system 23 knowledge that cryptography is being performed. Thus, in 24 single domain data communication networks where end user terminals are remote from the host system or in multiple 26 domain data communication networks where the end user 27 terminals are local to or remote from their respective 28 host systems, the end users may define a private protocol 29 using a mutually agreed upon primary communication key, i .`

~ 3 1 i.e. a private ~e-~lon key. ~hi~ key may be loaded directly 2 into the respective end us~r terminal- a~ a working key 3 under control of a load key direct operation thereby allowing 4 the end user termina~s to cryptographlcally co~municate with 5 each other u~ing tha common private ~Q~-ion key. With this 6 end-to-end encryptlon approach, enciphered me~-ages can be 7 sent vla network- o~ any typ~, prlvats or publlc, without 8 sy~tem Xnowledge that cryptography i~ belng performed but 9 providing communiaation securlty for ~uch data transmi~sions.
In ~ingle dcma~n data proces~ing systems where ~ensitive 11 data is processed at an end user terminal for storage in a 12 data file for subsoquent recovery at a later time at the ... . _ 13 ~ame or a dlfferent terminal as~oclated with the host ~ystem 14 or where the sen~ltive data proce-sed at an end u~er terminal 5 i8 ~tored in a data file on a portablo torago media whlch ~6 is tran~ported to anothor data processlng ~stom for ~ubsequ nt 17 reoovery at a later time at a terminal a~sociated wlth the 18 other data proce~slng system, a private protocol may be 19 defined u~ing a prlmary fiie key l.e., a private file key.
20 At the tlme the f$1e i~ to be created, thi- key may be 21 loaded d~rectly into the terminAl u~ed for creating the data 22 file a~ a working koy under control of a load ~ey direct 23 operation. With thls approach, enciphered data may be 24 created and stored $n data files for prolonged periods of 25 time or in portable storage media u~ing normal ~y~tem data 26 proce~sing and 8y8te~ storase technlques wlthout ~yst~m 27 knowledge that cryptography i8 being perfor~ed but providing 28 file ~eGurity for data. At the tlme the fils 29 i8 to be recovered, the prlvate flle key may again be loaded 30 directly lnto the t~rminal used for ~he data file recovery ~19-77-006 -22-~9~83 1 as a ~or~lng key un~er control of a load key dlroct operation.
2 ~he data file may then be obtaln d u~ing normal ~y~t~m 3 acc-~- m- n- ~nd b tr-n-mltt ~ to th~ t-r~lnal ~or deciph r- nt.

.19 Ki9-77-006 -23-1 TE~INAL D~TA SECURITY DEVICE
2 Modern day co~municatlon termlnals ta~e many forms 3 wh$ch may include ctand-alono ter~inal~ having a variety 4 of data entry devices ~uch as ~eyboards, magnetic ~tripe 5 card readers, light pens t etc as ~ell as a variety of 6 output devices such as displays and printers In addition 7 to t~e stand-alone type of communlcatlon tor~inal there 8 are clu~ter type communicatlon term~nals having a control 9 unit capable of controlling a clu-ter of input/output 10 deviceg such as display stations and printors While the 11 partlcular manner in which a co~munication ter~inal is 12 implemented 1~ not critical to the pre~ent invention, Fig 2 13 i~ a bloc~ diagram of a representative ccmmunication terminal 14 1 sho~ing data flow and control rclatlon~hlp~ The terminal 15 1 ~8 generally modular in nature and lnclu~e~ a programmable 16 proceg-or 2 operatSonally connected to a memory 3 which 17 provld 8 ~torage for data and th programs which are utiltzod 1~ to control the ter~nal 1 The proce~or 2 contains the normal 19 facilities fox addre-~ing me~ory, for fetchSng and ~toring 20 data, for proces~ing data, for sequ nclng program instruction-21 and for providing operational and dat~ tran~fer control of a 22 single I/0 device 4 whlch may be a dl~play type of device 23 having a keyboard entry unit 5 and/or magnetic ~tripe card 24 reader entry unlt 6, a sln~le I/O de~lce 7 which may be a 25 printer type of devlce or a clu~tor of ~uch display and printer 26 type of devlce~ The collect~on of d~t~ ~nd control llnes 27 connected between the proces~or 2 and the I/O device or deviceJ
28 i8 commonly referr~d to a~ the I/0 interface provlding an 29 informatlon for~at and signal ~-quonae common to all the I/O
30 deviceJ T~e I/0 int~rface llnes generally lnclude a data bu~
~i9-77-006 -24-~w - 1 out which is u~ed to transmit devlce addre~se~, command~ and 2 data from the proc ssor 2 to tho $/0 devlce; a data bus in 3 whlch is u~ed to tran~mlt d-vlce identificat~on, data or 4 ~tatu~ information from the I~0 devioo to the proces~or 2 5 and tag signal lln-s whlch are u~ed to provide ~ignsls 6 id~ntlfylng an I/0 o~eration, the nature of lnformation on 7 the data ~u~ and parlty conditlon~ S$nce ~ach I/0 device ha-8 a unlgue electrical intQrface ~ de~i¢e ad~pter~ such a~ adapt-r~
9 8 and 9 are generally provlded to allo~ dev~ce connection to 10 the oommon I/0 interface. ~11 $/0 data tran~fers between 11 the processor and the attachea a~aptor~ m~y be performed 12 in a programm-~ input/output ~PI0) mode on a 1 byte per 13 I/0 in-truction ba-i~. In addltlon to the dovice adapters, 14 ~ communlcation adapter 10 i~ also gonQrally provid~d to 15 connect the communlcation terminal 1 via modems and a 16 communlcation llne to a ho~t ~y~to~.
17 $nto thl~ org~nization of a general purpose communication 18 termlnal 1 1~ integrated a data ~ocurity devlce of the present 19 inventlon. The data security devlce ~DSD) 11 include~ a 20 crypto device 12, a master ~ey ~MR) m~mory 13, a DSD adapter 21 14 which connect~ to the I/0 interface and optionally a manual 22 entry device 15 for manually loading ~ tormin~l master koy lnto 23 the M~ memory 13. ~lther one of two methods can be used for 24 wrltlng a termlnal ~a~ter key into the MR memory 13. The fir~t 25 method for writlng the termlnal mas~er key ln the M~ memory 13 26 1~ achie~ed under progr~m control. In thls method, an I/0 27 device havlng a key~onrd, ma~netlc ~trlpe card re~der or the 28 l$ke, may use such el-ment~ to cause the termlnal master key 29 to be 8tored in the terminal memory 3 a~ ln the case of 30 conventlonal data entry. Subsequently, under progr~m control, g~9-77-006 -25-~49~83 1 the term$nal maJter key may bo read from the termina~ memory 2 3 to the MX memory 13 of the DSD in a m~nner which will be 3 described in greater detail hereafter. The other method of 4 writing the terminal master key into the M~ memory 13 consi~ts 5 of manually writing the terminal mast-r key into the MX
6 memory 13 by means of individual togglo or rot~ry ~witches 7 wire~ to produce binary coded hex digit~ a~ wlll be descr$bed 8 in greater detall hereafter. To enable ma~ter key writing 9 into th~ MX memory 13 by eithQr method, an enable write ma~ter 10 key (EW) ~witch i~ provided which 18 initlally turnod on 11 when a write ma~ter key oporation is init$ated and turned 12 off at the end of wrlte ma~ter key operation. To prevent ..~n ~~
13 the key from being changed by unauthorized personq, the EW
14 gwitch operation may be activated by a phy~ical ~ey lock 15 arrangement.
16 The DSD adapter 14 serves a dual function namely, providing~
17 ad~pter functions ~or DSD connection to the I/O interface and 18 control function~ for the DSD.
19 ~he I/O interface provides the DSD adapter 14 with overall 20 direction, gives lt clpher keys to be us~d, pre~ents lt with 21 dsta to bo proces~e~ and accepts the proce~ed results. Over-all 22 d~rectlon is achiov~d by u e of operatlon commands which 23 are decoded and sub-~guently provlde control ln properly 24 timed oequence~ of ~ignals to carry out each command. These 2S 8~gnalg are synchronised with the tr~nsfer of data in and 26 out. The DSD adapt~r 14 al~o control~ the placing of cipher 27 keys in the crypto device 12 and dlrects the crypto device -28 in the enc~pherlng and decipher1ng opor~tion~.
29 The MR memory 13 i~ a non-volatlle 16X4 bit random acc~-30 memory (RAM) which i~ battery powere~ to en~ble key retention Ki9-77-006 -26-~9~33 1 when termlnal po~r may not b~ pre-ont The termlnal ma-ter 2 key consl-t~ of olght ~a-t~r key byte~ ~6~ bit-) oach of whlch 3 con~iJt~ of ~evon key blts and on~ parlty bit 4 Th- crypto dovlce 12 $~ the h art of th~ D4D hard~are for 5 perform~ng enclphsring and dociph~rlng op~raton~ The crypto 6 device 12 p~rforms ~nclpher/doclpher op ratlon~ on a block 7 clpher ba~l~ ln which a ~o~-age bl w k of 8 ~ata bytes 8 164 blt-) $- enc~ph-r d/declphor~ und oontrol of a 56 blt g clph r ~orklng ~-y bo produce an nolphor d/decipherod m~-age 10 block of 8 data byte~. Th~ block ciph r 1- a product ciph~r 11 functlon which 1~ acco~pllshed through uco~--lve applicatlon~
12 0~ a co~blnation of non-linear ub titutlon- and tran-po~ition-13 und~r control of th clpher ~or~lng k y 81xt en opcratlon 14 doflnod round- of th- product clpher are ~xecuted $n which the 15 result of one round -rve- a8 the argu~ent of the next round 16 Thl- block clpher fun¢tion op ratlon $J ~ore fully de~cr$bed ln 17 ths a~or _ ntlon d U S Patent No 3,954,031 A ba~lc 18 enclpher/dociph r oparatlon of a m--~a~e block of data start~
19 wlth tho loadlng of th- ciph-r k y fro~ th- ter~lnal m~mory 20 3 Thl- k~y ~ gen r~lly ~tored under ~a-t~r key cnc~pherment to 21 conceal lt~ true value Ihere~ore, lt 1- r celved a~ a block 22 Of data and dee~ph~r-d under the ma~ter k-y to obtaln th~
23 enclphorlng/deaiph r~ng key ln tho elear Th- eloar ~oy 24 do~ not l~ave th~ e~ypto devlc 12 but 1~ lo~d d bae~ in 25 a~ t~e worklng key The me~go ~loek of d-ta to be onciphorod~
26 dcelph-r~d 1~ th~n tran-~err d to the erypto d viee 12 27 and th~ e~phor fun¢tion 1~ perfor~e~, aft-r whieh tho r~sultant 28 mo~s~Q- blook of en¢lph0red/d~elph~red data 1~ tran~orrod 29 fro~ th~ erypto d~vl~ 12 to th t-r~ln~ ory 3 If 30 sub~qu-nt ~nciph r/dbalphor funot~on- ar~ to b performed X~9-77-006 -27-1149~E3 1 u~ing the ~ame worklng k~y, th re 1- no n~ d to repeat tho 2 initlal ~t ps o~ lo~ding and d clph~r~ng th working kcy a-3 it wlll tlll b- tor-d in the wor~ng k y r gi-ter 4 The crypto d vic- 12 includ - dupllcat~ crypto engl~e~
5 operatlng in synchronlsm to achicve ch cklng ~y 100~ rQdundancy 6 Referring now to Flg. 3, on~ of tho crypto onglne- 18 shown in 7 simplifled block for~ with a heavy lln d bord~r lqnifying 8 a ~ocure area The crypto engin~ 16 contaln~ a 6~ bit 9 $nput/output buff~r r-gi-ter 17 di~lded lnto uppor and lowor 10 buffer roglster~ 18 and 19 of 32 blt~ oach. Tha buffer 11 reglster 17 i~ u-od ln a mutually xclu ivc manner for 12 roc-lving input data on a serial by byt ba-$- from the 13 bu~ in, t~rmod an lnput cycle, and for provlding output 14 data ln a erial by byte ba-i- to th- bu- out, t rmod an 15 output cycle Thu~, durlng each lnput cycl- a me--a~
16 block of lght data byte- 1~ wrltt~n lnto tho buff~r regl-ter 17 17 from th~ termlnal mem~ry 3 ~hll- durlng each output cycl~ a 18 me~ag block of olght proco--od data byte~ i8 r-ad from the 19 buff~r reglJtcr 17 to the tormlnal m~mory 3 8~rlal output~
20 of tho buff r rogl-t-r 17 aro al-o appll~d a~ ~ r~al lnput~ to 21 the ~orklng koy r gl~t r 20 and a parlty ch~ck clrcult 21, tho 22 l~ttor b~lng controll-d to b~ ~ff ctlv- only ~h n a 64 blt 23 cl ar clph~r key 1~ ~o b loa~ d ~lr ctly lnto the ~orking kQy 24 rogl~t~r 20 from the torm~nal mo~ory 3 Yla th~ buffor rogl-tor 25 17 Only 56 of the 64 blt~ ~r tor~d ln ~ho ~orklng koy 26 regl~ter 20, th~ 8 p~rlty bltJ b~ng u d only ln th~ parlty 27 ch~ck circul~ 21. Th~ buffor r gl-tor 17 1~ al~o provld~d 28 with parall~l lnput and output path~ from and to a 64 blt 29 data rogi-t~r 22 al-o d$~ided lnto upp r and low-r data 30 regist r~ 23 and 24 of 32 blt~ ~ach Th~ uppor .na lo~or ~9~

1 data rogi~ters 23 and 24 each po--a~-~- parallel output- and 2 two ~ets of parallel input- Tne parallel inputs to the lower 3 data r~gi-tQr 24 bolng from the lo~ r buffer r gi~ter 19 and th uppor data r gi ter 23 ~hil- th p rallel input~ to the 5 upper d~ta r-gi~ter b-lng from th- uppor buffer regi-tor 18 6 and fro~ th~ low-r data rogl~tor 2~ aft r moa$fication by the 7 ciph~r funotion circuit~ 25. Thc 6~ blt ~a~ter k y i~ inputtc~
8 to tho crypto eng~n~ 16 on a s-rial by byto ba~i~ ~ith oach byte g being ch4ck d for oosr-ct parlty by tb- parlty ch~c~ clrcuit 26 10 A~ in the c~-e of tho clpher k y tran- r from th- buf~er 11 regi-t-r 1~ to tho ~orking ~y r ~l-t~r 20, only 56 of the 6~
12 bit- ~r tor d in t~ k-y r g$-t-~ 2~, th~ 8 p~rlty bit- b l~g 13 u-ed only ln the paslty check alrc~l~ 26~ During th lo~dlng 14 proo --, th k-y r ~lJt-r 20 1~ conflgur d ~ v-n 8-blt 15 ~h$ft rlght regl-t~r~ to ~coo~cod~t tho l~ht 7-bit byto-16 rece$v-d from the M~ m mory 13 (or th- buffer r gist r 16) 17 When the ~ork~ng ~ y i- u~-d for ~c$pher$ng, th key 18 regl~ter 20 is ¢onflgurod a- t~o 28 b$t r 4irculating ~hift 19 left r~gl-t r~ and t~ ~ork$ng k~y 1- hlft d left, $n 20 ~ocord~n¢~ ~ith a pr~doton~in d ~hl~t ob-dule, aft~r oach 21 round of op r~tion o~ the ciph~r functlon ~o th~t no ~t of 22 ~-y b~t- on¢~ u~od to p rform a ciphor op ratlon 1- u-ed 23 ag~ln in tho ~m ~J~n~r T~ty-~our par~ l o~tputr fro~
24 o~ch o~ tho t~o ~hift r gl-t-r~ ~48 blt~) ar- u-~d during 25 each round o~ tho ~nc$ph r op~ration Tho hift ~ch~dule 26 provid~d la uch th~t ~or~ing ~y ~o r-~tor~d to lt~ initial 27 beg$nnlnq po-itlon ~t ths end of th~ co~pl~t~ ~nclph~r 28 op~rat~on 29 ~ n t~ ~or~lng k~y 1~ u-~d ~or dbo~ph rlng, tho k-y 30 r~gi~t~r 20 1~ aonflgured ~8 t~o 28 bit r-¢lrcul~ting Ri9-77-006 -29-~49~3 l shift rlght r gl~ters and tho ~or~lng ~oy 1- hifted right 2 in aeeordanee ~$th a pr~determin d shlft chedule, after each 3 round of operatlon of the cipher funetion o that again no 4 ot of k~y bits i8 UJOd agaln A- in the onelphering operation, 5 t~enty-four parall-l outputs fro~ aeh of the t~o ~hift registers 6 (48 b$t~) are u-oa auring eaeh round of the docipher operation.
7 The ~hlft ehedule provlded in thl- ea-e 1~ also sueh that tho 8 wor~ing k-y i- restor~d to its lnitlal beglnning po~$t$on at 9 the end of the eo~plete aecipher operation The cipher funetion cireultJ 24 p rfor~ a produet elphor 11 through ueeos~ive a~pllcation of a comblnatlon of non-lin-ar 12 ~ub~titutlon~ and tran-positlon- undbr eontrol of the elpher 13 wor~lng koy. Sixte~n rounas of tho produet ciph~r are executed 14 $n whleh tho re~ultJ of one roun~ -rv-~ as the argument of the 15 next round. Dealph~ring $~ aeeo~pll-h~d by uslng the ~a~e k-y 16 as for neipherlng but with th hlft eh-dule for Jhlftlng th~
17 koy belng altered o that the deelpherlng proee~ 18 the reve ~e 18 of tho enc$pherlng proce~, thus undolng $n rev~rse order every 19 step that waa carrl~ out during th~ enclph~rlng proce~- Durlng 20 each round of the clph~r fun¢t$on, th- data ¢ont nt~ of th upper 21 data regl~t r 23, do~gnated R, 1- ~n¢lph-red undor control of the 22 worklng key, d~slgnated X, wlth t~ ro~ult be$ng added modulo-~
23 to the aontents of th~ lo~er data r~g$-ter 24, dos$gnated L, the 24 operation b~lng expre~-~d as ~f~R,X) At the end of the clp~er 25 round, the ¢ontont~ of the upper data rogl~ter 23 i~ parallel 26 tran~ferr~d to the lower data r gl~t~r 24 wh$1e the output of 27 the clphQr funct$on ¢~rcult~ 25 1B parallel tr~n~ferred to the 28 upper data r ~l-t~r 23 to form th~ argument~ for th~ noxt 29 round of th~ olph-r ~un¢tlon After a total of ~lxt~ n ro~n~, 30 which compl-t~ th- total clph0r fun¢tlon, the ¢ont~nts of the ~9~&3 1 uppar data regi~t r 23 i~ p~rallol tran-f~rred to tho uppor 2 buffer rogi~ter 18 ~hile t~ output of tho cipher functlon 3 circuit~ 2S i8 parallel tr~n~forrod to the lo~er buffer regi~ter ~ 19. The transfor~ed data content~ of th buffer registor 17 5 i8 then outputted Vi8 the bus out to tho tor~inal memory 3 lg 2~

~8 ~g-77-006 -31-11~3 1 DSD COMMANDS AND ORDæRS
2 Input~output operations of ~n I/O devi¢e are generally 3 directed by the executlon of I/O in~tructlon~ In executing 4 an I/O instru~tlon, the processor gen~rally provldes an addres~ field for addressinq the I/O dev$¢e, a co~mand 6 f~eld for designating th~ operatlon to bo performod and 7 another addro~s field for ~ddres~ing the data field in memory 8 from whlch data 18 fetched or to whlch d~ta 1~ ~tored The g data security devico 11 of the pre~nt lnvontlon 1~ re~ponslve to seven type~ of comm nd~ from the proces-or a~ shown in tho 11 following t~ble lncluding the mn~monlc ~nd blt pattern of the 12 command 14 Command ~leld N~me Mnemonlc O 1 2 3 45 6 7 16 1 Reset Adapter RST _ _ _ - O 0 1 0 17 2 Set Baslc Statu~ S~T BS - - - - O 1 1 0 18 3 Reset Ba~lc StatuQ RS~ BS _ _ - - O 1 0 0 4 Read Basic Status RD BS - - - - O
5 P~O Wrlte Data PIOw ~ 1 1 0 0 21 6 PIO Read Data PIOR - - - - 1 1 0 22 7 Write DSD Order WR DSD w x y z 1 1 1 0 24 The following i~ a br~ef de~cxlptlon of the function of each of th~ command~, the operation of which will be descrlb~d 26 in greatcr detail her~after 27 1 ~sset Adapter (RST) - Thls command cau~e- a re~et 28 signal to b~ created to reset all counters, flip-flop~ and 29 latches ln the adapter and control sectlon~ of the DSD
2 Set Basic Statu~ ~SET BS) - Th$~ command cause~

13 49~3 1 tho~ latcho- ln a tatu- r glJtor of th DSD that ¢orre-pond 2 to 1'8 ln th~ data fleld to bo -t to 1 3 3. R-sot aa-lc ~tatu- (R8T BS) - Thl- co~and i-4 ~l~llar to the SET ~S co~mand xc~pt that th tatus latche~
5 corr ~pondlng to 1'- ln tho ~-ta fl-ld are ~ot to 0 6 ~. R~ad Ba-lc Statu~ (~D B~) - Thl~ ¢ommand cau-~ tho 7 contont~ of tho ~taeu- latahe~ to b~ appll-d via th~ data bu-8 ln to th proc - or.
9 5. PIOW Data (P~a~ hl- ¢o~and cau-o~ the data f$-1d 10 to be load d lnto tho ~uff~r rogl-t r or th blt- 0, 1, 2, and 3 11 of t~ data fl~ld to b~ ~tor d ln t~ MR m4mory dop~nding on the 12 operat~on to be porfor~ed 13 6 P~OR Dat~ ~P~OR) - Thl- co and cau~e~ tha oont~nt~ _ 14 of th buff-r ragl-tor, ~lth ¢orr~ct parlty, to b~ applled ~la 15 the data bu- ln to th proc~-~or 16 7 ~rlte D8D Order ~WR D8D) - ~hi- co~mand u~ th four 17 hlgh ord~r blt~ of thc command ~leld to ~e~lgnate clpher key 18 handllng ~nd data proce~-lng ord~r- a~ hown ln the follo~lng 19 table lncludlng th~ ~n~onlc and blt patt~rn of the ord~r fl~ld O~DER FO~MA~
Ord~r Comn~nd 21 Flel~ Fleld N~ Mne nlc W X ~ Z 4 5 6 Clph~r ~ey Handling 1 Wrlt~ Mh~tor ~y WM~ 0 0 0 0 1 1 1 0 24 2 ~oad K~y Direct LKD 0 0 1 0 1 1 1 0 25 3 Declpher Key DECX 0 1 1 1 1 1 1 0 26 Data Proc~-~lns 27 1 ~nciph r ENC 1 0 0 0 1 1 1 0 28 2 Declph~r DEC 1 0 1 0 1 1 1 0 Ki9-77-006 -33-1149~3 1 DSD FUNCTIONS:
2 ~SD cyptographic function~ may be p rformed by combinations 3 of the prev$ously dsfin~d commands or by a combination of 4 functions. The~e functions roquire an lnput to the cryptographic apparatus consisting of a key param ter or a data parameter.
6 The notation ussd to de~cribe tho~e function~ will be expressed 7 as follows:
8 FUNCTION [~EY PA~AMETRR] ~ OUIPUT or 9 FUNCTION tDATA PARAMæT~R] ~ OUTPUT
and whon functions are comblned, the notation u~ed to de~cribe 11 the combined functions wlll be expreased ~8 follows:
12 FUNC~ION ~EY PARAMET~R, DATA PARAMETRRl ~ OUTPUT
13 m e ~allent ch~ractorlstlc~ of cryptographlc functlons 14 are that (1) the key parameter, exc~pt in the caJe of the Load Key Diro¢t functlon i~ always in en~lpher~d form and therefore 16 mu~t b~ internally declphored by the crypto engine before the 17 clear ~ey i~ u~od and that (2) no functlon allow~ keys to 18 become available in clear form. The de~crlptions that follow 19 describe wh~t each function does and ho~ lt is porformed.
The~e function~ will be described in greater detail hereafter 21 but the general descr~ption of these functlon~ or combination 22 of function~ are givon at thls point to provlde a better 23 under~tanding of how various security application~ may be 24 performed. The de~criptions may follow along with roference to Fig. 3 at time~. In tho dtagrams whlch are referenced in 26 the following, the cryptographic ~acllity 1~ ~hown in 27 simpl~f~ed block form for ease of und~r~tanding the~e operation~
28 and w~ll be shown and do~crlbed in greater detail hereafter.
29 Befor proceeding to the de~cription~ of the functions, a briof g-noral do~cription will be giv n on how the m4nual X~977006 -34-li4gg~3 1 write key operation i~ performed. Referring now to Fig. 4, 2 there is ~hown a ~i~plified block diagram of a manual WMX
3 operat~on. In the m~nual W~IK operation, a EW ~witch is set 4 on to en~ble writing ~nto the ,~K memory 13 after which a ~!~ switch i~ closed to enable manual writing and causing the 6 current master ~ey to be overwritten with whatever happens to 7 be set in the data key entry switches. Following this, 16 8 sets of 4 bits (64 bits) are manually written into the .lK
9 memory 13 to complete the manual WMX operntion.
Referring now to Fig. 5, there ~s shown a simplified 11 block diagr~m of a write master key ~WMX) function. This 12 function is carried out by the followlng sequence of commands:
13 (11 ~IK and (2) 16 PIOW' 3 . In this operation, as in the 14 manual WMK operation, the EW switch is prevlously set on to enable writing into the MX memory 13. The execution of this 16 function causes the current master key in the master ~ey 17 memory 13 to be overwritten with whatever happens to be present 18 as bits 0, 1, 2 and 3 on the bus in. Thereafter, the crypto l9 enqine controls are set to allow a 64 bit master key l~ to be written as a key parameter into the MK memory 13 by means of 21 16 successive PIOW d~ta commands with the bits 0, l, 2 and 3 22 in the data f~elds associated with the 16 PIOW data command~
23 con~tituting the new ma~ter key. The notation WMKtKM]~KM is 24 used to describe thi~ operation whereby the term WMX indicate~
the function, the contents of the brackets ~ndicate the key 26 parameter input to the MK memory 13 and the arrow points to 27 the result.
28 ~eferring now to Fig. 6, there is shown a ~implified ~9 block diagram of a load key direct ~LXD) function. This function is carried out by the following ~equence of command~:

~I977006 -3S-1 ~1) LKD and (2) 8 PIOW' 8 . The exeeutlon of this functlon 2 ~et~ the erypto engine eontrol~ to allow a 6~ bit operatlonal 3 key KO to b~ loaded direetly a~ a key parameter into the 4 crypto engine 16 by m~an~ of 8 uee~-~$v~ PIOW data com~ands w~th the sueeosslve data field~ a~oelat~d with the 8 PIOW
6 data commands confftituting the ne~ operation~l key. Within 7 the crypto engine 16, tho operatlonal or data eneryptlng key 8 i8 loadod into tho buffer regi-tor 17 and th~n transferred g to the worklng key register 20 a8 ~hown in Fig. 3. ~he notation L~DIXO]~XO i8 used to de-oribe this operation whereby 11 the torm L~D lndic-te~ the funetlon, tho eontents of the 12 braeket lndieate the k-y param-ter input to the crypto engine 13 16 and the arrow polnt~ to the ro-ult.
14 R-forring now to Flg. 7, thore 1- shown a simplified block d~agram of a deeiphor key D~CX function. This function 16 is carried out by the following sequencQ of eomm~nds: ~1) DECX
17 and (2) 8 PlQW's. The execution of ~hl~ functlon ~ets the 18 erypto engine controls to firat allo~ th- ~aster koy XM in the 19 MX memory 13 to be tran~ferred to th- erypto onglne 16 a~ the work~ng koy. After or durlng the ma~tor key tran~fer, a 64 21 blt data bloek, d-fin-d a~ an operatlonal k-y anelphored under 22 the ma~ter key, i8 loaded a8 a koy par~mot~r into the crypto 23 engine 16 ~y mean~ of 8 ~ucce~ive PXO~ data eommanas with the 24 ~ucce8~iVo data fleld~ a~soeiated wlth th~ 8 PIOW eommands con~titut~ng the eneiphored operational key. Aftor the koy 26 parameter loadin~ 1~ eompletea, tho erypto onglne 16 performs 27 a deeipher operatlon to obt~in th~ eipher koy in elear form.
28 The re~ultant elear elpher key doo~ not le~ve the crypto englne 29 16 but 1~ loaded baek into the koy rogi-t-r 20 o~ the erypto eng$ne 16 replac~ng the ma~ter koy a~ the working key. ~he ~9~3 l notation DECKl ~ O]~RO is u~ed to deseribe this operation 2 whereby the term DECR indicates the function, the contents 3 of the braeket indicate the key para~eter which i~ inputted 4 to the erypto engine 16 and the arrow points to the result.
Referring now to Fig. 8, there i~ shown a simplified 6 bloek d~agram of an eneipher (ENC) funetion. This function 7 is carried out by the following sequenee of eommands: (l) ENC, 8 (2) 8 PIO~'s and (3) 8 PIOR'~. The exe¢ution of thi~ function 9 sets the erypto englne controls to the encipber mode of operation and allow~ a 64 bit message bloek of data to be 11 loaded as a data parameter into the crypto ongine 16 by means 12 of 8 suecessive PTOW data commands with the succes~ive data 13 fields a~soeiated with the 8 PIOW eommands eonstituting the 14 me~sage bloek of data to be enciphered. After the data parameter lS loadin~ 1~ eompleted, the crypto engine 16 performs an eneiphor 16 operation to encipher the data par~meter under the operational 17 key presently ~tored in the work~ng key register of the crypto 18 deviee 16. The 64 blt eneiphered result i8 transferred by a 19 ~eries of 8 PIOR eomm~nds from the erypto engine 16 for Rtorage in deslgnated data fleld~ o~ the torminal memory 3.
21 The notation ENClDATA]~EKoDATA i~ used to deseribe thls operation 22 whereby the term ENC indieates the funetion, the content~ of 23 the braeket indicate the data parameter input tO the crypto 24 engine 16 and the arrow points to the result. Additionally, ~o long as the crypto engine eontrol~ remaln set in the eneipher 26 mode of operation, then a mes~age whieh eansl~ts of multiple 27 8 ~yte blooks of data ~ay be enciphered by the erypto engine 28 16 by means of an eneipher command followed by a series of 2S ~uccessiv~ 8 PIOW data eommand~ and suce~s1ve 8 PIOR data command~ for each bloek of data. This me~sage eneipherment RI977006 -37_ li~9Ç.~3 1 may be expres~ed by the notation:
2 ENClDATAl, DATA2~ T * ]~ERo(DATAl, DAT~ AT ~.
3 Referring now to Fig. 9, there is shown a simplified 4 bloc~ diagram of a decipher (DEC) functlon. Thi~ function i8 carried out by the following sequence of commands: (1) DEC, 6 t2) 8 PIOW's and (3) 8 PIOR's. The execution of this function 7 sets the crypto engine controls to a decipher mode of operation 8 and allows a 64 b~t message bloc~ of enclphered data to be 9 loaded as a data paramet~r into the crypto engine 16 by means of 8 succ~s~ive PIOW data command~ with the ~uccessive data 11 f$elds associated with the 8 PIOW commands constitutlng the 12 mes~age block of enclphered data to b~ declphered. After the 13 data parametor loadlng 19 completea, th~ crypto engine 16 14 perform~ a decipher operatlon to decipher the data parameter under control of the operational key pre~ently stored in the 16 working key register of the crypto engine 16. mhe 64 bit 17 deciphered re~ult i8 tran~ferred by a ~eries of 8 PIOR commands 18 from the crypto en~ine 16 for storage in designated data field~
19 of the terminal memory 3. The notat~on D~CrEKoDATA]~DATA is used to describe thi~ operation whoreby t~e term DEC indicates 21 the function, the cont~nt~ of the bracket ind~cate the data 22 parameter input to the crypto onglne 16 ~nd the arrow points 23 to the re~ults. Add$tlonally, ~o long ~8 the crypto enq$ne 24 controls remain set in the decipher mode of operation, then a me~age which con~l~ts of multiple block~ of enciphered data 26 may be deciphered by the crypto engine 16 ~y means of a deciph r 27 command followed by a ~erles of succ~8sive 8 PIOW data command~
28 and ~uccQs~lve 8 PlOR data commands for oach block of enciph-red 29 data. Thl~ meo-~ge d-clpherment may be expr-s~ed by the notatlon:
DEC[ERot~A~Al, ~ATA~ DAT~I)]~DATAl, DATA2----DAT ~ .

X~977006 -38-1 Referring now eo Fig. 10, there i8 shown a simplified 2 block diagram of an encipher data (ECP~) function. Thi~
3 function i~ a combination of the DECK function and the ~NC
4 function and 1~ carried out by the following sequsnce of commands: ~1) DEC~, (2) 8 PIOW'~, (3) ~NC, (4) 8 PIOW'~
6 and (S) 8 PIOR's. Accordlngly, ln executing this function, 7 the crypto engine controls are first ~et to the decipher key 8 mcde of operation by the DECK command cau~lng the ma~ter 9 key ~M in the master koy memory 13 to be transferred as the working key to the worklng key roqi~ter of the crypto engine 11 16. After or during the master key loading, the key parameter 12 of the funotlon, con~l-tlng of an operational key enciphered 13 under the ma-t~r key, i8 loaded into the crypto englne 16 by 14 mean~ of 8 ~uoce--lve PIOW data comm~nd~. The crypto engine 16 `then performs a d~c~pher koy operation to obtain the 16 operational key in cloar form which i~ then loaded back in 17 as the working key of the crypto engine 16 replacing the 18 prevlou~ly loaded mast~r key. The crypto eng~ne controls are 19 then ~et to an encipher mode of operation by the E~C command and the data param-ter of the function, oonsi~ting of clear 21 data, i~ loaded into tho crypto engine 16 by means of 8 22 successive PIOW data comm~nd~. The crypto engine 16 then 23 performs an encipher operation to enclphor the data parameter 24 und~r tho pre~ent operational k~y. ~hQ enclphered result is then transferred by a serie~ of 8 PIOR commands from the crypto 26 engine 16 for stor~g~ in designated field~ of th~ ~erminal 27 memory 3. The notation ECP~lEKMXO,DA~A]~o DATA 18 used to 28 describe thls opsration wher~by the term ~CP~ indicat~6 the 29 funct~on, th~ content~ of the bracke~ in~lcato the key paramster and data par~meter lnput~ to the cryp~o ongine and the arrow 1 points to the re~ult.
2 R~ferring now to Fig. 11, there i~ shown a ~implified 3 block diagram of a decipher dat~ ~DCPH) function. This 4 function $s a combination of the DECX function and the DEC
function and is carried out by the followlng sequence of 6 commands: ~1) DECK, (2) 8 PIOW's, (3) DEC, (4) 8 PIOW'~
7 and ~5) 8 PIOR's. The first part of thi~ function i~
8 identical to that for the encipher data function in~ofar as 9 loading an operational key ~n clear form as the worklng key 10 ` of the crypto engine 16. After the operational key loadinq 11 i~ completed, the crypto engine controls are then ~et to a 12 decipher mode of operation by the DEC command and the data 13 parameter of the function, con~isting of D~TA enciphered 14 under the operational key, is loaded into the crypto engine 16 by means of 8 ~uccessive PIOW data co~mands. The crypto 16 eng~ne 16 thon per~orm~ the decipher operation to decipher 17 the data parameter under control of the present operational 18 key. The declphered result is then transferred by a erie~
19 of 8 PIOR command~ from the crypto englne 16 for ~torage ln de~ignated fi~lds of the terminal memory 3. The notation 21 DCPHtE~ O,EKoDATAl~DATA is used to descr1be thi~ operation 22 where~y the term DCPH ind~cates the functlon, the contents 23 of the bra~ket indicate the key par~met~r and the data parameter 24 input~ to the crypto engine and the arro~ po~nt~ to the result.

~494~

1 CoMMUNICaTION AND FILE S~CURI~Y APPLICaTIoNS
2 The pr~vlous oction provld ~ a ~ -crlption of the 3 varlou- ba~lc function, command and order capab$11tie~ of 4 a ter~lnal having a data ~ecurity de~lce capable of 5 performing encipherlng and deciphorlng op~ration~ Accordlngly, 6 the followlng de w rlptlon~ will pr~vid~ an expl~nation of 7 ho~ Juch a terminal may be us~d in v~rious communicatlon 8 and file ecurity~applications Whilo the diagrams u~ed to g ~llu~trate the~e appllcation~ are l~pllfiod block dl~gr~ms, 10 lt shou~d bo und~rJtood that the networ~ r prQsentQd by 11 the~o dlagrams are far more complax th~n that sho~n.
12 ~owever, this type of repre~entatlon iJ usod moroly to 13 slmpllfy and aid ln tho und r~t-nding of the appllcatlons 14 to be d ~cribed It ~hould k~ furth r und~r-tood that the 15 ho~t sy~t m contaln- ~ full compl _ nt of knoun programmlng 16 support in¢lud~ng n oporating ~y-t~, ~ppllcation program~, 17 a telecom~unication- ac¢oos method whlch, Ln tbo case of ~inglo 18 doma n network~, dir~ct~ th- transmis~ion of dat~ bot~een ho~t 19 application progra~ and t~r~nals and, in the ca o of multlple 20 domaln n-tworks, ln¢lud~- a ~ultl ~y~t m n t~or~ing facillty 21 to p~rmlt cros~ domaln co~munication, net~ork oontrol program~
22 for routlng data through th- n~t~o~k(~) and a ~torago ~coe-s 23 method ~hlch directJ ~toraq nd r-trl v~l of ~ata flle~
24 SESSION ~EYEL ~ ICATION s~cuRln t~ ~NG~ Do~AIN N%T~ORRB
Roferrlng now eo Flg. 12, t~ere iJ ~ho~n a ~lmpl~fl~d 26 block diagram of a $ngl- domaln data commun~catlon net~ork 27 compri~lng a t~rmlnal 27 and a clu~t r typ~ t~nmlnal 28, both 28 of whlch contaln data s~curity device-, conn cted via co~munlcation 29 lln~ to a ho~t ~ysto~ 29, al~o havlng a data ~-curlty d~vlce 30 contalned therein The data ~ecurlty devlc- o~ the ho~t ~1494W

1 system 29.
2 At host system initialization time, a primary 3 key encrypting key KMH is generated in some random 4 manner, as by coin or dice throwing, and then written into the MK memory of the host DSD. Following this, secondary 6 communication key encrypting keys KEKl and KEK2 are generated 7 in clear form which, if system generated, are designated as 8 terminal master keys KMTl and KMT2 or, if privately generated, 9 are designated as private terminal master keys KMTPl and KMTP2. The clear system or private generated terminal master 11 keys KEKl and KEK2 are then distributed in a secure 12 manner, as by courier, registered mail, public phone, etc.
13 to the authorized terminal users and retained at the host 14 system in enciphered form. At the terminals 27 and 28, the first step of initializing the terminals for communication 16 sessions is to secure the terminal master keys. This 17 is accomplished by loading the KEK's into the MK memory 18 of the respective terminal DSD's by manual or terminal 19 control means as previously described. To establish a communication session between a terminal such as terminal 27 21 and the host system 29, the next step is to generate a 22 primary ~ommunication operational or data encrypting key as 23 the common session key KS. This is initiated at terminal 27 24 by the authorized terminal user LOGON or SIGNON procedure which causes a message to be transmitted to the host system 26 identifying itself and the application program with which it 27 wishes to communicate and a request to initiate a communication n4s~

1 session. The host system 29, in response thereto, communicates 2 with the identified application program to determine whether 3 it is available for a communication session with the requesting 4 terminal 27. If available, the host system 29 causes a pseudo random number to be generated which is defined as 6 being the system session key enciphered under the system 7 master key. This is in keeping with the rule that no key 8 shall ever appear in the clear. The enciphered session key 9 is retained at the host system for encipher/decipher operations during the communication session. Additionally, in order to 11 distribute the session key to the requesting terminal 27 the 12 host system 29, using the enciphered terminal master key 13 encrypting key and the enciphered session key, performs a 14 transformation function which reenciphers the session key from encipherment under the system master key (primary key 16 encrypting key) to encipherment under the terminal master key 17 i.e. from EKMHKS to EKEKKS where KEK may be a system generated 18 terminal master key KMT or a private generated terminal master 19 key KMTP. Since the session key is now enciphered under the terminal master key i.e. EKEKKS, it may be transmitted over 21 the communication line to bind the requesting terminal 27 22 to the requested application program in host system 29 for 23 a communication session. Now, having bound the session, whereby 24 the requesting terminal 27 can communicate with the application program in host system 29, the terminal 27 may perform the 26 following encipher data ECPH function: ECPH[EKEKKS, DATAT]~EKS

` ~494~

l In exeeuting thls function, a doeipher key operation i~
2 first performed to o,btain the se~sion key in elear form as 3 the working key, after which an encipher operation may be 4 performed on the data to be tran~mitted o~er the communication line to the applieation program ln ho~t systam 29. At the 6 ho~t ~y~tem 29, the enciphored common ~s~lon ~ey i~ deciphered 7 to obtain the session key ln clear form for uJe a~ the 8 working ~ey, after whieh the eneiphored data reeelved from 9 the terminal 27 may be deeiphored to obtain the terminal data in elear form. Altern~ti~ely, host data may be enciphered 11 under tho se~ion key at the host syst~m 29 for tran~mls~ion 12 over the communication llne to the terminal 27. In this 13 ease, the terminal 27 performs the following deeipher data 14 ~DCPH) funetion to obtain the ho~t data in elear form:
lS DCP~ tEXERxs~ EKS DAT~ ~
16 It should be noted that when the eommunlcatlon session 17 is terminated, the terminal 27 mu~t relnitiate a new request 18 to the host system 29 for a new eommunieation qe~sion and l9 eause the host sy~tem 29 to generate ~ new session key eneiphered under the terminal master key for establish-21 ing a new eommon operational key for the now eommunieation 22 session. ~his proeedure provides ineroasod ~eeurity for the 23 sy~tem sinee the prim~ry eommunieatlon keys are time variant 24 and dyn~mieally generated for each no~ communication session.
It should be f~rther noted that in the ease of cluster 26 type of terminal~ sueh as terminal 28 there may be multiple 2~ communieation se~sion~ eoneurrently in progre~ requiring 28 more ~requent operatlonal key ehanqes for the eoneurrent 29 multiple eommunieation ~ession~. Thu~, in thls arrangemQnt, a differ~nt termlnal ma~tor key XEX2 is 1 loaded into the control unlt C o~ tho t rminal 28 A
2 terminal user at devlco A of t~rm$nal 28 u e~ sion key 3 KS2 1 to encipher/deciph~r data, the ~e--ion key being 4 generated at th~ ho-t syatem 29 and communicated ln eneiphered 5 form as E~EX KS2 1 to torminal 28 A terminal uaer at 6 devlee B of terminal 28 uses a different ae~sion key RS2 2 7 to eneipher/deciph r data, thi- se~-ion koy ~lao belng 8 gen~rated at the host ~y-t~m 29 and co~municatod ln enciphered g form a~ ERE~ XS2 2 to torminal 28, ~ith the ~es~ion key 10 ~2,2 replacing the pr vlou- 8~a-ion k y R82 1 Thus, it 11 should b~ appar nt that ther~ will be fr~qu-nt operational 12 koy ehango- for ub--quont communication e~ions thereby 13 provlding lnarea-od ecurity for tho ayat m.
14 PRIVATE LEVEL CoMM~ICAT~ON 8ECU~ITY IN 8r~GLE DOMAIN NETNOR~8 Referrlng now ~o ~ig. 13, there i- ho~n a ~impllf~ed 16 block diagram of a ingle do~aln data communicatlon network 1~ comprlsing a terminal 30, contalnlng a data ~ecurlty devlce, 18 connected vla a com~unicatlon llne to a ho-t y~t~m 31 also 19 havlng a ~ata securlty device contalned therein There are 20 ~any situations whexe lt i~ d~lr-d to provlde data transmi--ion~
21 through a data communlcation n-twork u-ing a prlvate protocol 22 and a prl~ate prlmary communlcat~on operatlonal tdata encryptlng) 23 key XSP The privat se~sion key may be d fined by the 24 terminal u~er in a r~ndom manner, a- by coin or dice thro~lng, and 25 communicated in a s-cure mann~r to the authorized host u~er 26 The priva~e se~ion key may be loadcd a~ the wor~ing key lnto 27 the ho~t sy~tem 31 and the t~rm~nal 30 by load ~ey d~rect 28 operations A com~unication ~e-~lon may no~ be establi-hed 29 between the termlnal 30 ~nd the ho~t y-t~m 31 in th~ norm~l 30 mann~r After the ~ on i~ bound, the termlnal 30 may now R~g-77-006 -45-1 enclpher data to b~ tran-mltted to the ho~t sy~t~m 31 by m~ans 2 of the ENC funetlon ENClDA~ EXSpDATAT inee the prlvate 3 se~lon key KSP is already pr~ent a- the working key At the 4 ho~t sy~tem 31, the enelpher d termlnal data may be deciphered S uslng the XSP worklng key to obtaln tho ter~lnal data in clear 6 form Altornatively, ho-t data may be enclph~red under the 7 private ses~ion key RSP at the ho~t ~y-tem 31 for transmission 8 o~er the eommunleatlon l~ne to the t~rmlnal 30 Tn thls cas~, 9 the termlnal 30 per~orms ~ DEC functlon ~ECtEKspDATA~]~DAT
10 to obtaln the ho-t d-ta in clear for~
11 St hould be apparent that a ~imllar applleatlon may be 12 used wh~re dlreet oo~munieation 1~ do~lred bet~oen two erypto 13 termlnal~ eaeh oonneet~d at oppo-lt~ end- of a eommunleatlon 14 llne Sn thi- ca--, the pre-dofln-d prlvat- ~es~lon key RSP i-15 loaded a~ the worklng koy lnto both termlnal~ o that data 16 enclphered at one termlnal by the ENC funotlon and communlcate~
17 over the communicatlon line can be dlractly deciphered at the 18 other tor~inal by the DEC functlon or ViJa versa.
19 PRIVAIE LEVEL COMMUNICATION SECVRITY IN MU~TIPLE DOMAIN NETWOR~S
Re~errlng now to Fig. 14, ther i~ ~hown a simplified block 21 dlagram of a multlpl~ domain data oom~unlcatlon network. Domaln 22 ~ o~ th~ network lnclude~ terminal~ 32 and 33, each contalninq 23 a data ~ecurity d-vice, wlth the t rminal~ 32 an~ 33 being locally 24 attached or remotely, v~a communicat$on line~, to the host sy-tom 25 34. Domain k of the network lnclud~ a terminal 35 contalnlng a 26 data #ecurity device connected locally or remotely, vla a commun-27 ication line, to the ho~t ~y~tem 36. W$th a multi-system networklng 28 facll$ty in each of the ho~t ~ystem~ 3~ and 36, cro6s domain commun-29 ication- m~y ~e e~tabll~hed batween the two host systems 34 and 36 30 which allow data co~munlcatlon~ between elther of the tenminal~ 32 Xi9-77-006 -46-1 or 33 in domaln ~ and th- tormlnal 35 ln domaln k 2 In multiple domain data co~munlcatlon n~twork~, there are 3 many lnstances ~here it i~ de~lrable to e~tabll~h a prlvate 4 cryptrogr~phic ~y-te~ whlch i~ lndbpendent of the cryptographlc 5 capabilltles of the ho~t system~ ln tba notwork but whlch 6 usas the data communlcatlon facllltl~- of the networ~ In 7 such an arrangement, where the end users u~e a prlvate 8 protocol unknown to the host syst~ms, com~unlcation ~ecurity 9 1B obta~ned by tbo u-e of a prlvate ~e~sion koy RSP The lO privatQ session key ~8P may ba defln d by the termlnal u~or -11 at term$nal 32 ln a ran~om manner and communlcated ln a 12 secura m~nnor to the authorl~ed t~rm$nal u~or at terminal 13 35~ Th- prlvate s~--lon key RSP may then bo lo~ded as the 14 work$ng k~y ln tho respectlve term$nal~ 32 and 35 by a load lSkey direct operation. A cro~ domaln co0~unlcat$0n ~e~lon may then be e~tabl$~hea by the normal ~ult$-~ystem notwor~ln~
17 facilit$es of the re-pectlve host y~tems 34 and 36 to allow 18data communications between the re~pectlve termlnal~ 32 and 1935 Accordlngly, aftor the ~e~lon i8 bound, termlnal 32 20may then enclpher data to b~ tran~mltted to terminal 35 by 21mean~ o~ thc ENC function ENC tDATAJI ~EX8pDATA~ since the 22private s-~sion key ~SP i8 alroady pre~ent aJ the worklng 23~ey At the terminal 35, the enclph~red data rece~ved from 24termlnal 32 may be d~ciphered w ing th~ ~P as the worklng key 25to obtaln the enclphered data from t rmlnal 32 in clear form 26Altern~tlvely, data may be enclphered un~er the 27privat~ ~e88 ~on key ~8P at termlnal 35 and tr~n~mitt~d 28through the communlcation network to the terminal 32 ~n 29th~ ca~, terminal 32 per~orm~ a DE~ ~unctlon DEClE~SpDATAk]~AT
30to obt~ln th~ nclph-~ ~ dat~ from t~rmlnal 35 ln cl~ar fonm.

Xi9-77-006 -47-~9g~

1 It should be noeed that a similar type of private 2 cryptographic data co~munlcation arrangement may be establl-hed 3 betwoen t rminal~ 32 and 33 ~ithin the slngle domain ~, where 4 tho terminal~ are r~mote from the ho~t ~ystem 34 or at least 5 one 18 ro~ote and tbe terminal~ h to communlcate with one 6 another u~ing a private protocol and the private primary 7 communication key XSP By loading tho pre-defined private 8 ~e~ion key KSP a~ the worklng key ln the respective terminalc, 9 data ~nciphered at one terminal by the ENC ~unction and 10 communicated over the network can bo deciph~red at the other 11 termlnal by the DEC function or vi~a ver~a 12 PRIVAT~ LEVEL PILE 5ECURITY IN SING~E DOMAIN NETWOR~S
13 ~eferring now to ~ig 15, there is ~hown a simplified 14 block dlagr~m of a l~gle domaln data proc~-ing network 15 compr$~ing terminal- 37 and 38, each containlng a data 16 ~ecur~ty devlce, ~ith the terminals 37 and 38 belng locally 17 attached (or remotely~ to a ho~t ~y~tom 39 Al~o locally 18 attached to the host ~ystem 39 1~ a ~torage medla 40 such a~
19 a magnetlc tape or d$-c for toring data files Private 20 cryptographic sy~tems are findlng ln~re~slng u~e whero 21 ~engitive data genor~ted by data proc~sing ~ystem~ i8 ~tored 22 in data file~ on secondary ~torage modla for prolonged period~
23 of tim~ In ~uch *y8tem8, fil~ ecurity may be obtalned 24 by the uge of a private primary file key RFP ~hus, at the 25 time a data file ~a to be created, the private flle key XFP
26 may be deflnad by the terminal user at, for ex~mple, termln~l 27 37 ln a r~ndom m~nner The private flle key KFP may then be 28 loaded into the terminal 37 data ecurlty dQvice as a working 29 key by a loa~ key ~irect operatlon Followlng thl~, data ~hlch 30 i8 to b~ stored in the data flle may be enclphered by mean- of Ki9-77-006 -48-~o 1 the FNC operation ENClDAT~ ]~ERFpDAT ~ The enciphered data 2 may th~n be trans~ltted to tho ho~t ~y~tem 39 for storage a~
3 a private data file on the storage medla 40 Thus, by main-4 taining the d~ta file in enciphered fonm on the storage S media, file ~ecurlty 1~ provlded for ~nsltive data even ~ though the data flle i- not recovered for a prolonged perlod 7 of t~me. Subsequ~ntly, when the data flle 1~ to be recovered, 8 the u~er ~h$ch cre~tod the file may aga~n loaa the prlvate 9 file ~y KFP into th* same texminal 37 or the other termlnal 10 38 as a wor~lng key by means of a load key dlrect operation Il The ho-t y-tem 39 may then read the enclphered ~ata file 12 and tran~m~t it to th t rmlnal at ~hlch r covery i8 deslred 13 At the reque-ting t r~lnal, r-cov ry may be accompllshed by 14 pexfor~ing the doc~ph r operatlon DECIEXFpDaT ~]~DAT ~ to 15 obta~n the dat~ ~n th data flle ~n cl- r form 16 ~RrVATE LEVEL FILE SDCURITY IN ~U~TIPLE DOMAIN NETWORRS
17 Terminals are frequently u-~d to goner~te sen~tlve data 18 for storage ln a portable data flle ~hlch may ~ubsequently be 19 tran~port-d from one domaln through an unprotected envlronmont 20 for recovery at a terminal ln anoth~r domaln Because of the 21 fact that the ~enJltlv~ data fllo 1- tran~ported through an 22 unprotect-d en~lxonmont, it b co~e~ nece~sary to provlde filo 23 security for such a portable data filo By usinq terminals 24 having cipherlng cap~bilitie~, A private cryptographic system 25 can be provided, u~ing a pri~ate protocol ~hich is unknown to 26 the host systems in the multiple domain~, to obtain file 27 security ~y the use of a privat~ pri~ry file key KFP
2B Referring nou to Fiy 16, there i- shown a simplified block 29 diagram of a multipl- domain data proc-~ing network Domain 30 ~ Of the network inclua-~ 8 host ~y~t~m ql ha~lng a~ociated ~i9-77-0~6 -49-1 therewith a terminal 42 contalning a data security device 2 and a Jtorage media 43 for storing a data file. ~omain k of 3 the network al-o include~ a ho~t ~y~tem 44 having associated 4 ther-with a terminal 45 containing a data ~ecurlty device 5 and a storag~ de~ice 46 for a storage ~dia. Thu~, at the 6 time th~ data file i8 to be created, the pr~vate file key 7 KFP m~y be defined by the termlnal u-er at term~nal 42, in 8 a random manner, which may then be loadbd into the data g ~ecurity devico of the terminal as a ~orking key by a load ~0 key direct operation. Followlng thi~, the data which i~-to Il be ~tored in the data file may be onciphered by means of the 12 ENC op-rat~on ENC [DATAl~EKFpDATA. Th~ enciph~red data may 13 then bo tran~mittQd to the ho-t sy~tem 41 ~or storage as a 14 private data flle on the storage mea~a 43. Thus, by maintaining 15 the data file in enciphered form on the storage media, file 16 security i8 provided ~or ~en~itive data even though it may 17 be sub~equently transported ~rom doma~n ~ to domain k.
18 Subsequently, the portable storage media 43 in which the 19 data fil- is contalned i8 tran8port~a by an authorized p r~on 20 or by teleproces~ing means for inatallation in the ~torage 21 device as~ociated ~lth the hoat sy~tem 44 in the domain k.
22 When th~ data file ~8 to be recov~red, the user whlch created 23 the ~ile or one to ~hom he ha~ co~municated the private flle k y 24 KPP may load th~ kQy into the terminal 45 a~ a working key 25 by me ns of a load ~ey direct operatlon. The host sy~tem 44 26 may then read the enclphered d~ta flle from the storage medla 27 43 and tr~n~mlt lt to the tormlnal 45 for r~covery. At th-28 term~nal 45, recovery may be accompl$~hea by performlng th-29 dec~ph~r f~nctlon DEClEKFpDATA]~DA~A to obtain the data $n tho 30 data flle ln clear form.

1 DETAIL~D DESCRIPTION--TERMINA~ DATA S~CURlTY D~VlCE
2 Terminal Clock 3 Referring now to Fig. 17, thore i~ Jho~n the loglc det~$1s 4 of a clock pulse generator 100 u~ed in the terminal of the 5 present lnvention. The prlmary lnput i~ a square wave 6 o~cillator who~e nominal repetition rate is 4MHz, having 7 approximately a 50~ duty cycle. The oscillator 102 effectlvely 8 drive8 a ring counter made up o~ two D-type flip-flops 108 g and 110 whlch ar~ used for controlllng other logic circult~
10 within th~ clock 100. The clock 100 produces a clock Jignal 11 -C derived from the flip-flop 110 and addltlonally produce~
12 four basic cloc~ pulses from a ring counter and the osclll~tor 13 pulses on the phase 1, -phasQ 1, -pha-e 1 late, pha~e 3 late 14 and phase 4 lines, each being nominally 125ns in duration and 15 having the relationshlps ~hown in Fig. 18.
16 More speciflcally, the flip-flops 108 and 110 are 17 initially ln an off state wlth the flip-flop 110 applying a 1~ positive signal to one input of the AND clrcuit 130 and to 19 condition the fllp-flop 108 for being turned on. The leading 20 edge of a pulse from the oscillator 102 i8 applied via 21 inverters 104 and 106 to turn on th~ fllp-flop 108 which, in 22 being turned on, applies a positive ~lgnal to a ~econd input 23 of the AND clrcuit 130 and to condltion the fllp-flop 110 for 24 being turned on. At the tralllng edge of the first oscillator 25 pulse, a positive signal i8 applied from the inverter 104 to 26 render the AND circuit 130 effectlve to ~pply a positive pul--27 on th~ p3L line having ~ 125ns duration. The leading edgo of 28 the next oscillator pulse i8 appli~d vla tho ln~erter~ 104 and ~9 106 to turn on tho oonditioned fllp-flop 110 which, ln b lng 30 turned on, appllo~ a posltiv~ slgnal to cona~tlon the AND lnv-rt Xi9-77-006 -51-~94~

1 c~rcuit 134 and to turn on the ~ latch 132. The latch 132, 2 ln belng turnsd on, applles a po~ltlve ~lgnal to render tho 3 AND invert clrcult 134 effectlve to apply a negatlve pul~e 4 on the -~4 llne and, ~la inverter 136, a po~ltive pulse on 5 the ~4 line, both pulses being of 125ns durat$on. The 6 flip-flop 110 ln balng turned on al~o applies a negative 7 signAl to condltion the fllp-flop 108 for being turned off 8 and to render the ~ND lnvert clrcuit 120 effective to apply g a posltive slgnal to the -C line. The leadlng edge of the 10 next ogclllAtor pul8e 1~ effective vla the lnverters 104 and 11 106 to turn off the flip-flop 108 ~hich, ln being turned 12 off, applie~ a positive ~lgnal to conditlon the AND invert 13 circult 124, to turn on the pl latch 122 and to one input of 14 the AND invert clrcuit 128 and al~o applled a negatlve J~ gnal 15 to co~dltlon the fllp-flop 110 for betng turned off. The 16 latch 122 ln being turned on appllo~ a positive ~ignal to 17 render the AN~ lnv rt circult 12~ eff~ctlve to ~pply a 18 negatlve pul3e to the Fl line and, v~a tbe lnverter 126, a 19 po~ltive pulee to the ~1 line, both belng of 125n~ duration.
20 The fllp-flop 110 stlll being o~ applies a positive slgnal 21 to a ~acond input of the AND invert ctrcult 128. Accord~ngly, 22 at the tr~lllng edge of the third o~cillator pulse, a 23 po~itive ~ignal 1~ applisd from inverter 104 to render the 24 AND invert ciruit 128 effectlve to ~pply A negat~ve pulse 25 on the ~lL llne hav~ng a durat~on of 125ns. The tra~llng edge 26 Of the thlrd osclllator pul~e i~ al~o effectlve via the inverter 27 106 to apply a negative pul e to r~set the latch 122. The 28 leadlng edge Qf ~he fourth o~cillator pulse i8 effective, ~9 via the lnverter~ 104 and 106, to re~et the fllp-flop 110 30 which return~ the rin~ counter b~c~ to its initial condlt~on.
Ri9-77-006 -52-lThe flip-flop 110 ~n being reset applie~ a po~itlve ~ignal to 2one input of the AND lnv~rt c~rcuit 120 ~nd ~fter a delay 3provided by th~ inverter~ 112, 114, 116 and 118 to render the 4AND invert circuit 120 effective to apply a neqative signal on sthe -C line. At the end of the fourth oscillator cycle, the 6clock 100 i8 back at the initial condition to repeat the generation 7Of the various clock pul~es in succe~ive phase ~imes as shown 8in Fig. 18.
gMUhNUAL WRITE MASTER XEY ~WMK) OPERATION
The write ma~ter key operation consists of manually llwriting 16 half-byt~ ~4 bits) constltuting the master key into 12 the master key (MX) memory via 4 bit line~. Enable write 13 (EW) and msnual write ~MW) ~witche~ are provlded to lnitial~ 2e 14 and control the 16~cycles needed for loading the individual 15 half-byte~ into the MK memory. Bit switches are alYo 16 provided for producing the binary coded numbers 0 through F with 17 all outputs being low for 0 and hlgh for F. The master key 18 is pre-generated, in a ran~om manner, a~ 16 hexadecimal numbers 19 to be wxltten $nto the 16 locations of the MX memory. The 20 following i8 a generalized ~tep-by-~tep procedure of manually 21 writing the ma~ter key lnto the MX memory.
22 Step 1: Set the EW switch to the on or enable write 23 ~ster key (EWMK) position.
24 Step 2: Press the MW switch once to re~et the ~K memory 25 addre~s counter to 0 ~nd to overwrlte th~ mhster key 26 prese~tly stored in the MX mem~ry.
27 Step 3: Set the bit switche~ to the half-byte to be 28 written into the MK memory location 0.
29 Step 4: Pre~s t~e MW ~witch once.
Step 5: Set the b~t switches to the next half-byte to ~i9-77-006 -53-~i~

1 b~ written ~nto the next ~uceeedlng location of tho MX memory.
2 Step 6s Pros~ th~ MW push button once.
3 St~ps 7-34: R~peat Step~ S and 6 ln suece-~ion untll the 4 last half-byto has boen written lnto the la~t loeatlon of the MX memory.
6 Step 35: 8et the EW ~w$tch to the off po-lt$on.
7 ~t any t$mo dur$ng the ~xeeutlon of thls procedure, a8 8 whon thero $8 uncertainty that it ha~ boon corr ctly done, a 9 restart can b~ aceompli~hed by dolng Step 35 and b~glnnlng 10 agaln with St-p 1.
11 Referring now to Flg. l9el and tho tlming diagram of Fig.
12 20, a re dotalled d -cr$pt$on o~ th~ m~nual WMX operation 13 will b~ g$v n in the following. To lnlt$ate th$~ operation, 14 the Enable Writo ~E~) ~wlteh, wh$eh may bo a SPDT sw$tch activated 15 by a phy~ieal key lock to prevent th~ key from be$ng ehanged by 16 unauthoriz-d p-r-on~ ot to th~ ON po-lt$on. Following thls, 17 th~ ~anual Write (MM) ~lteh, whleh msy bo a pu-h-button 18 swlteh, ~ay be pre~ to the MWNO po-$t~on eau-ing a negatlve 19 pul~e to b- appllod to turn on tho MW lateh 138. The latch 20 138 in b-ing turn d on appl$a- a negatlY ~ignal vla the 21 -MW line to turn on tho ~R BUS 8ELECT latch 140 nd tho m~nual 22 wrlte half byte (MW~B) c~ntrol l~tob 154. Tho latch 140 in 23 being turned on applle~ ~ po0itiv~ ~ignal to condltion the AN~
24 c~r~ults 164 ln Fig. l9dl for pa~4ing ~ half byt~ (~ blts) from 25 th~ blt ~w~toh-- 5WC-SW3. When th~ M~ s~ltch i- reloa~ed, i~
26 return~ to tho MWNC po-ltlon cau-$ng a n~tlv- ~ignal to be 27 appl$ed to ro~ot tho MW latch 138. The MW latch 138 ln b~lng 28 re~et appll~s a po~itlve ~ignal on th~ -NW llne whlch toqeth~r 29 wlth the posltlve signal from the l~tch 140 rond-r- the AND
30 invort clroult 142 ~ff~ctlvo to apply ~ n-g~tlvo slgnal to 1 turn on the ENA~LE MAN RST latch 144. At ~1 time of the 2 next clock cycle, a ~1 clock pulse together with the positive 3 signal now on the -MW line and a posltlve ~ignal from the 4 latch 154 render the AND invert cireuit 156 effective to 5 apply a negative slgnal to the inverter 160 where it is 6 inverted to a positive sign~l on the MWHB llne. The positi~e 7 ~ignal on the MW~B line iS applied to condlt~on the AND
8 invert circuits 152 and 158. The AND invert circuit 158 i~
9 effective to maint~in the positive signal on the MMHB line 10 until the next ~1 time when a -~1 clock pulse is applied to 11 decondition the AND invert circutt 158 causlng the positive 12 signal on the MMHB llne to be termin~ted thersby providing a 13 1 mleroseeond po~itive ~ignal on the MWHB line. The AND
- invert circuit 152 is rendered e~fectlv~ by a ~4 clock pulse 15 in the pre~ent clo&k cycle for re~ettlng the ~MHB CTRL latch 16 154.
17 Referring now to Flg. l9c2, the posltive ignal on the 18 MW~B llne ig inverted to a nogative slgnal by ~nverter 162 19 to decondltion the AND c~rcuit 380 eau~lng a negative signal 20 to be applied to the -W ENABLE line ~nd to deconditlon the 21 AND inverter 376 which, in turn, applies a positive signal 22 to the inverter 378 where it i~ inverted to a negative 23 signal on the -M ENA~LE line.
24 Signals on the -M ENABLE and -W ENABLE lineQ are u~ed 25 to e~abl~ the M~ mamory for writing and reading operations.
26 The M~ memory 700 shown in block form in Figs. l9el and 19e2 27 is a 16 word by 4 bit CMOS random access memory (RAM) wh~ch 28 is u~ed for storing the master key~ The MR memory 700 i8 29 addre~sed by A ~-bit value on the addrea~ line~ -ADRl, -ADR2, 30 -ADR3 ~nd -ADR4 from the settlng of tho address counter Ki9-77-006 -55-1 390 ln Fig l9d2 Whon negatlve ~lgn~ls are appli~d to both 2 the -W ENABLE and -M ENABLE llne~, tho lnformatlon presen~ on 3 the 4 bit input linos 0, 1, 2 and 3 1~ wrltten into the MX
4 msmory 700 at the do~ignated addr~ss A transistor switch 139 is provided in sorios wlth the -W ENA~LE llne to control 6 writlng lnto the MK mæmory 700 The po~enti~l at the base 7 of thls swlt¢h i8 controlled by the setting of the EW switch 8 Accordingly, when the EW wit¢h i8 ~t on and a negative signal 9 is applied to the -W ENABLE llne, the tran~stor 139 i8 turned 10 on to produce ~ negatlvo ~ignal on the -W ENABLE llne to enable 11 writing into the ~X m~mory 700 wherea- wh~n tha EW switch is 12 set 0~ the transistor witch 139 ia ~la~ed off cAusing a 13 positive signal to bo maintained on the -W ENABLE llne to 14 prevent writing lnto th~ MX memory 700 Addrssslng of the 15 MK memory 700 for r~ading 1~ acco~pll-h-d in the 8ame mnnner 16 as that for wrltlng Wh n a po~ltivo slgna pplled to the 17 -W ENABLE lin~ and a negatlve fflgnal ~a applied to the -M
18 ENABLE llne, the ~nformatlon whlch ~a~ ~rltt~n lnto the 19 designat~d addre~s of t~e MX memory 700 i~ read out in 20 inv~rted fonm to the 4 blt output linos of th- MK m mory 700 21 and appl~ed to a buffer rogi~ter con~i~tlng of the 4 ~hift 22 r~gl-tQr~ ~02 23 ~fe~rlng now to ~lgs l9cl and l9c2, during 03 time, ~
24 positivo ~3L clock pulse together wlth po-itlve slgnals from 25 the latches 144 and 146 rond~r the AND $nYert clrcult 148 26 effectlve to apply ~ negatlv~ ~lgnal to tusn on the MAN RST
27 latch 150 which remain~ ~et untll the next clo¢k cycle when 28 a -01L cloc~ pulse 1~ applled to re-et latch 150 thereby prov~ding 29 a negatlv~ ~gnal on th MAN R~T l~n~ ~rom ~3L tlme ~o ~lL
30 time. The MAN RST l~t~h 150 ln being turned on applies a ~i9-77-006 -56-1 negative signal vla the -MAN RST line to re~et the latch 146, 2 to decondltion the AND circuit 382, and to turn on the master 3 k~y over~rite (MX OVW) latch 276 and the KEY INVA~ID latch 278 4 in Fig. l9c3. Th~ AND clrcult 382 ln b-ing d~co~dltloned is effectlve to apply a negatlve slgnal to t~e r~t lnputs of 6 the addresd count~r 390 resetting tho counter to an address 7 of 0 The latch 276 ln bolng set ~ppll-~ a nogatlve signal 8 on the -MX OVW lin~ to decondltion the AND c~rcult 380 to 9 malntaln a negatlve sign~l on the -W ENABLE llne during the 10 entire porlod of th~ master key ovQrwrlte operatlon. The 11 negatlve signal on the -MX OVW llne i~ al-o ~pplled to 12 decondition the AND ln~rt clrcult 368 whlch, in turn, applies 13 a positive signal to condltion the AND lnvert circuits 370 14 and 374 during the entire perlod of th~ MX overwrite 15 operation. ~eferring now to Fig. l9cl, at pl time o~ the 16 next clock ¢ycle, a ~1 clock pul~e i8 applled to 17 decondltlon the AND invert clrcult 158 and apply a positive 18 6ignal to the inverter 160 where it 18 inverted to a 19 n~gatlvo 81gnal on tho MWHB line whlch 1~ main~ained thereon 20 for the balance of the overwr$te operatlon. The negativ~
21 ~ignal i~ invorted to ~ po~itlve slgn~l and applied to one 22 input of tho AND invert clrcuit 376. ~ow~ver, at thl~ time, 23 namoly, ~1 tlmo, posltiv~ ~lgnals are maintalned at the inputs 24 to the AND i~v~rt clr¢uit 374 which i8 th~r-fore e~fective to 25 apply a negat~v~ ~ignal to the other lnput of the AND invert 26 c~rcuit 376 to maintain the AND invort circult 376 dccondi-27 tioned de~plte the slgnal change on the MW~B llne.
28 AJ a re~ult, th~ AND lnv~rt clrcult 376 malntains a po~ltive ~9 ~lgnal output therefrom untll ~lL tim~ when the -~lL cloc~
30 pul Be i~ ~ppllod to deconditlon tha AND lnv~rt clrcuit 374 Ki9-77-006 -57-1 cau~ing a po~itive ~ignal to be applled to the AND invert 2 circuit 376. Therefore, at thls ~1 tlme, the AND invert 3 circu~t 376 iR rend~red effective to apply 8 negative 4 signal to the S~EP CTR line and to the inverter 278 where it i8 inverted to a positive signal on the -M ENABLE line.
6 ~t should be apparent that frGm the time the address 7 counter 390 is reset to adaress 0, namely, at ~3L time, 8 untll the present ~lL time negative signals are maintained g on both the -W ENABLE and -M ENAB~E lines to allow a 4 bit 10 value to be written into the MK Memory 700 at address 0.
11 Referring now to Fig. l9dl, whatever the blt switches 12 SW0 to SW3 happen to be set at are applied A8 a half byte 13 value via the conditioned AND clrcuits 164 and OR invert 14 circuit~ 168 to the bit lnputs of the MR memory 700. For 15 example, if the bit switch SW0 i8 ~et to the 1 position, 16 a pos~tive signal i8 applied to render the AND circu~t 164a 17 effective to apply a po~itive signal to the OR invert 18 circuit 168a which, in turn, applies a nogative signal as a 19 1 bit input to the MR memory 700. ~f the b~t switch SW0 i8 set to the 0 po~ition then a positive ~lgnal i~ applied as a 21 bit input to the MK memory 700.
22 Returning now to F$gs. l9c2 and l9d2, the negative 23 signal applied to the -STEP CTR llne, at ~lI, time, is 24 inverted by inverter 388 to a positive ~ignal and applied 25 via the STEP CTR line to step the address counter to an 26 address count of 1 in preparation ~or writing the half 27 byte value ~ettlng of switche~ SW0 to SW3 into the next 28 location of the M~ memory 700. AND invert circuits 374 and 29 376 are connected in a latching arrangem~nt such that the 30 negatlve signal output of the AND invert circuit 376 is Ki9-77-006 -58-~w 1 effective to maintain the AND invert circuit 374 deconditioned 2 after termination of the ~ clock pulse and thereby 3 maintain a positive signal input ~o the AND lnvert circuit 4 376 whlch together with the positive ~ignal from the inverter 5 162 (due to the negative signal now maintained on the ,~MHB
6 line) maintain the AND invert circuit 376 effective to 7 maintain a neqative signal output thereof ~and a positive 3 signal on the -M ENABLE line). Thi~ condition will be 9 maintained until ~3L time, when a ~3L clock pulse is applied 10 to render the AND invert circuit 370 effective to apply a 11 negative signal to now decondition the AND invert circuit 12 376. The AND ~nvert circuit 376 in being decondltioned 13 applies a positive ~ignal to the inverter 378 where it i8 14 inverted to a negative ~ignal on the -M ENABLE line. T~e 15 positive s~gnal output of the AND invRrt circuit 376 will 16 be operative in the latching arrangement of AND invert 17 circuits 374 and 376 to maintain thi~ ~ignal output until 18 ~lL tL~e of the next clock cycle when the -~lL clock pulse 19 is applied to decondition the AND invert circuit 374.
20 Accordingly, a negative signal will be maintained on the 21 -M ENABLE line from ~3L ti~e of the present clock cycle 22 which together with the negative 3ignal maintained on the 23 -W ENA~LE line, due to the AND circu~t 380 being maintained 24 deconditioned by the MK oVW latch 276, allows writing of 25 the half byte valu~ ~e~ting of the switches SW0 to SW3 26 into the MK Memory 700 at addres~ 1.
27 In a similar manner, each succeeding ~lL clock pulse 28 will b~ effective to control ~tepping of the address counter 29 290 to the next ~ddre~s of the MK memory 700 and each 30 succeeding ~3L clock pulse will be effective to control Ki9-77-006 -S~-1 writlng the half byte v~lue settlng of the switehe~
2 SW0 to SW3 into the MK memory 700 at the next addre~s. After 3 16 oueh operations, the master key previously 3tored $n the 4 MK mQmory 700 will have been overwritten. Disclosure of the master key through unauthorized writing of trla 6 half byte~ into the MK memory 700 i8 thw~rted by this 7 overwriting operation of the previou~ly stored mastor key 8 when the MM switch i~ first pres~ed.
g Referring now to Fig. l9d2, when the addre-s counter 390 steps to a count of 15 (the 16th loeat~on in MX memory 11 700) a negative signal from the -C8 output is applied to set 12 the 16 STEP lateh 404 whieh, in beinq ~t, applies a positive 13 signal to eon dtlon the AND cireuit 406. Aftor th~ 16th 14 half byte i8 written into thQ MK memory 700, the addres~
counter 390 i~ again t~pped, at SlL time, back to ~n a~dress 16 count of 0 and a po~itiv~ signal i~ applled via the -C8 17 output to render the AND e$rcuie 406 ~ffeetive to apply a 18 positive ~ign~l to th~ invert~r 408 whero it i8 inverted to 19 a negative signal on the -16 ST~P llne. The negatlve signal on the -16 STEP line i~ applled to re-ot the MX OVW l~teh 21 276 in Fig. l9c2 which, in being re~ot, applies a po~iti~e 22 ~ignal via the -MX OVW line to rend~r th~ AND cireuit 380 23 effective to apply ~ po~itive ~gn~l to the -W ENABL~ line 24 thereby lnhibiting furth~r wrltlng into the MX memory 700.
Tbe po~ltive signal on th~ -MR OVW lln~ i~ al80 applied to 26 rend~r the AN~ invert eircuit 3~8 ef~etivR to a~ply a 27 negative ~ig~al to decondition the AND ~nvert circults 3?0 28 and 374 ~o that th~ -01L and ~3L clock pul~e~ ~111 have no 29 further eff-ct. The ~olntly decondit~on~ AND inv~rt circuit~
370 and 374 w~ ointly apply a po~itlve condltloning ~lgnal Xi9-77-006 -60-~948~

1 to one input of the AND invert circult 376.
This ccmplete~ the master key overwrlte operatlon and the terminal operator may now proceed to load the new ma ter key 4 into the MK memory 700 a half byte at a tlme, for 16 times, in order to completely load the 64 bit ma~ter key into the Mg memory 700. Ref-rrlng to Figs. l9cl and l9dl the terminal 7 operator sot~ the switchQs SW0 to SW3 accordlng to the first 8 half byte of the ma6ter ~ey to be loadQd. Followlng this, the MM switch set to the MMN0 posit$on causing a negatlve pulse to be applled to turn on the MM latch 138. The MW
ll latch 138 ln being turned on ~pplie~ a negatlve slgnal via 12 the -MW line to ~et the MWHB CTRL latch 154 which, ln being 13 set, applie~ ~ positive slgnal to one lnput of the AND
14 lnvert clrcuit 156. When the ~W switch 18 relea~ed to the MWNC position, a negatlve slgnal 1~ applled to reset the 16 MW latch 138 which, ln being reset, applles a poslt$ve 17 signal to a ~econd ~nput of the AND invert circuit 156.
18 Therefore, at ~l time of the noxt clock cycle, a 19 ~1 clock pul8e i~ applled to render the AND invort circuit 156 ef~-ctive to apply a negative siqnal to the inverter 160 21 where it i~ lnverted ~o a positlve slgnal on the MM~B llne.
22 ~he po~itive signal on the MW~B line 1- ~ppllod to the 23 inverter 162 in Fig. l9c2 where it i- lnvortsd to a negative 24 ~ignal and applied to deconditlon th- AND circuit 380 which, in turn, applies a negatlve signal to the -W ENABI~
26 line. Ths ne~atlve signal fr~m the lnverter 162 i~ also 27 ~pplied to d~condition the AND inv~rt clrcuit 376 which, in 28~ turn, applies a po~itlve slgnal to the inverter 378 where it 29 i8 inver~ed to a negatlvo signal on the -M ENABLE line. The combinat~on of negative ~ignal~ on th~ -W ENABLE and -M ENABLE

Xi9-~7-006 -61-~i~948:~

1 lines permits the flrst half byte of the new master key to be 2 passed via the AND circuits 164 in Fig. l9dl and the OR
3 invert circuit~ 168 to be loaded into the MK memory 700 at 4 locstlon 0. ~eferring now to Fig. l9cl, at ~4 time, a ~4 clock 5 pulse in combination w$th the po~ltive signal on the MWHB
6 line renders the AND invert clrcuit 152 effective to apply a 7 negative slgnal to reset the MWHB CTR$ latch 154 wh~ch, in 8 being re~et, applie~ a negative signal to decondition the 9 AND invert circuit 156. At ~1 time of the next clock cycle, 10 a -~l clock pulse is applied to decondition the AND invert ll circuit 158 which, in turn, applles a posltlve slgnal ~o the 12 inverter 160 where it 1~ inverted to a negative ~ignal on 13 the MMHB line. The negative ~ignal on the MWHB line i8 14 applled to the inverter 162 in Fig. l9c2 where it ~8 lnverted 15 to a po-itive ~ignal to render tha AND clrcuit 380 effective 16 to apply a positlve signal to the -~ ENABSE llne to terminate 17 the wrltlng operation into the MX ~emory 700. The pos~tive 18 signal from the lnvert~r 162 iA al~o applled to render the 19 AND invart clrcuit 376, conditioned by th~ positive ~ignal 20 output from the AND invert circuit~ 370 ~nd 374, effectlve 21 to apply a negative ~ignal via the -S~EP CTR line to the 22 inverter 378 where it 18 inv~rted to a posltive ~lgna~ on 23 the -M ENABLE lino. The negative ~lgnal on the -STEP CTR
24 line i~ al80 inverted by inverter 388 ln Fig. l9d2 25 to a positlve ~ignal to step the addre~ counter 390 to 26 an addr~ss count of 1 in prep~ration for writing 27 into the n~xt locatlon of the MX mRmory 700. Referring 28 now to Fiq. 19dl, the bit switches SW0 to ~W3 are 29 now ~t in accordance with tha second half byte of the ma~tar key for loadlng ~nto the MK memory 700. The MW
Ri9-77-006 -62-1 o~itch 1~ again ~t and th- circuitry op~rat~ in the same 2 manner a~ de~cribod abovo wlth ro~pect to ~ritlng the flr~t 3 half byto for wrtting the next half byte of the new master 4 key and ~tepp$ng the address counter 390 to the next address Thl~ operation i~ repeated for a total of 6 16 times in order to write tho 16 half ~ytes of the master 7 key into the MR memory 700 8 After the last half ~yte of the n~w ma~ter key i8 9 loaded into the M~ momory 700, tho E~ ~w~tch in ~ig l9cl is switched off to tor~lnate the manual ~rlt~ oper~tlon 11 Tho EW s~itch in being turnod of~ applio~ a negative signal 12 to re~et tho MX BUS ~E~ECT latch 140 and to r ~ot the 13 ENABLE MAN RESET latch 144 which, in being ro~et, applles 1~ a negativ~ J$gnal to ~et the MAN RgT CTR~ latch 146 in preparatlon for th next time a manual write master key 16 operat$on i- to be p-rformed 17 ADDRESS D~CODING AND 8~LECTION
18 Referr~ng now to Fig~ l9al ~nd l9a2, ~hen an IO
19 operation $~ to be performad, ~ n~gatlve ~ignal i8 opplied to the -IO t~g lino The convention to bo u~ed in the 21 followlng d-scription- are that all lines are down level 22 activo i e the activo ~tate 18 tho pr~ence of a n~gative 23 ~ignal and, in the ca-e of data, a 1 blt i- ropre~ented a~
24 a negative 61gnal and a 0 bit a~ ~ po~itlve lgnal Informatlon 18 rece~ved by the D~D on a -DATA BUS OUT ~nd 26 may include address lnformation, command lnformation or 27 data to bo proce~se~ Tag 819na1~ ~ro usod a~ control 28 algnal~ to ~dentify the nature of tho lnformatlon being 29 provid~d on the Data BUB. Thu~, when an addros~ i~ placed on the -DAT~ BUS OUT, a -TA ~gnal 1- provlded on the Xi9-77-006 -63-1 -TA tag line to identify the information a8 being addre-s 2 information, when a command i8 placed on tho bu8, a -TC
3 signal is provided on the -TC tag line to identify the 4 infor~ation a8 being a command and when data i8 place~d on s t~e bus, a -TD slgnal i8 provided on the -TD tag line to 6 identify the info~mation as being data. The -I0 ~ignal is 7 inverted to a positivo Jignal by the lnverter 182 and applied 8 to one input of the AND invert circuit 190. ~t TA time, g addres~ information i8 receivod on the -DATA BUS OUT and a 10 -TA signal is applied to the inverter 184 where it 11 $8 inverted to a positive signal and appli~d as a se~cond 12 lnput to the AND invert circuit 190.
13 ~he dsta ~ecurity device can be personalized to be 14 respon-lve to any one of 40 po~lble addresse~. This i~
15 accomplished by ~u~pering each of the 3 pins, J5, J6 and J7 16 to eith~r ground or l5v, and by ~ump~ring one pin JU to any 17 one of five~ other~ J0, Jl, J2, J3 or J4. In the example 18 shown, the w$ring i~ Juch that the D8D responds to the 19 address lxxxxO10. Th~ 8 bit addre~J i8 paB~ed via the inverters 20 170 to the parity generator 178 wh$ch generatee a parity bit 21 which i~ compared with the parity bit r-ceived with the 22 address. If the~ ge~ncrated parity blt i~ equal to the roceive~d 23 parity bit a po~it$ve ~ignal i~ applied vi~ the PARITY GOOD
24 line to a th~rd input of the AND invert clrcult 190. Addit~on~lly, 25 the personalized bits from tho ~u~p~rs J5, J6 and J7 are 26 compared with the inYerted incoming blts on lines 5, 6 and 7 27 by the exclu~ive OR and inverter combinatlon~ 172 and 174 28 which produce pO8~ tivo signal inputs to the AND circult 176 29 if a match i8 found. The personallzed ~lt on the JU ju~per 30 i8 applled a~ th~ r~malning posltive input to ronder the AND
Ki9-77-006 -64-~ ~s4~a 1 circult 176 effective for applying a pos~tive signal to the 2 remainlng input o~ the AND invert circuit 190~ Accordingly, 3 if the p~rsonalized addre~ having good parlty has been 4 detected, then the AND invert circuit 190 i8 rendered effective to apply a negative ~ignal to set the SEL l~tch 192 and to 6 decondition the AND circuit 216 in Fig. l9bl wh~ch, in turn, 7 producQs a -VALID B signal indicating a valid address byte 8 presentatlon. The S~L latch 192 remains set throughout the g I/O operation unless reset subsequently by the occasion of a command error which will be described hereafter. The SEL
11 latch 192, ln belng ~t, appli~ a po~ltlve signal via the 12 SEL lln~ to condltlon the AND invert circuits 204, 206 and 13 208. Ref~rring now to Flg. l9al, at the ~nd of TA time, ~
14 po~itive ~ignal i~ applied to the -TA tag line which 18 invertod to a negative signnl by inverter 184 to decondition the 16 AND invert circuit 190. Accordingly, AND invert cirauit 17 190 appli~s a po~$tive signal to rend~r AND c~rcuit 216 18 effective to terminate the negative signal on the -VAL~D B
19 line.
COMMA~ND DECODI~G
21 At TC time, aomm~nd information i8 r~ceived on the 22 -DATA BUS OUT and a -TC ~ignal 18 provided to indicate thi~
23 condition. The low ordor command bit (bit 7) 8pec~ fle~
24 the direction of the data transfer, i.e., whe~her the I/O
operation is a read (blt 7~1) or a write (bit 7-0) operation.
26 ~eferring now to Fig. l9a2, the I~O comm~nd byte i8 paSQed 27 via the invorters 170 to the AND i~vert circult~ 222 and to 28 the parity g~nerator 178 where a parity blt ia gener~ted and 29 comparod wlth the parlty bit pro~lded wlth the aommand byte 30 by the exclu~ive or 180. If th~ p~rity bit`generated by the 1 parity generator 178 i~ e~ual to the parity blt a~sociated 2 w$th th~ comm~nd byta then the exclu~ive OR 180 provides a 3 positlva slgnal on the PARITY GOOD llne a8 a second 4 input to the AND lnvert circult 206. The -TC ~lgnal i~
invsrted by the lnvorter 188 to a posltlve TC signal and 6 applied to the remalning inputs of the AND invert circuits 7 206 and 209. ~he AND invert circult 206 i~ ren~ered 8 effectlve to apply a negative lgnal via -TC S~ ne to g the inverter 214 and to decondltlon the AND circult 216. The AND circuit 216 in being decondltioned applle~ a -VALID B
11 ~ignal to lndicate that a valid comm~nd byte has been 12 rece$ved. The inverter 214 invert~ the negative ~ignal to 13 a po~itive signal on the TC SE~ llno which lg applled to 14 procedural error circuitry, whlch wlll ~e described hereafter, and to the other input~ o~ the AND invert circuits 16 222 in Fig. l9a2 to allow the I/O comm~nd byte to be loaded 17 into the comm~nd r~gister 224. Th~ po~ltiv~ slgnal on the 18 TC line in combination with the po~ltlvo ~ignal on the SEL
19 line render the AND lnv¢rt circuit 208, in Fig. 19bl, effective to apply a negative ~ignal to set the TC END
21 latch 210 which in belng ~et, applie~ a posltive signal to 22 condition the AND circuit 218.
23 Referring now to Fig~. l9b2 and l9b3, the command 24 and order codes of the command byto ~tored in the command 2~ regi~ter 224 during TC ~ime are dacoded by a sQries of ~l~D
26 invert circuit~. Bit~ 4, 5 6, and 7 are decodQd to produce 27 one of the seven defined commands de~crtbed ln the ~ectiQI-28 DSD COMMANDS AND ORDERS. Thus, the AND invert circuit 226 2g decode~ the PIOW data command ~PIOW), the AND invert circuit 232 decodes the set ~8iC statu~ comm nd ~SET BS), the ~D

Ki9-77-006 -66-11494~

1 invert eireult 238 deeodes the ro-ot ba-le tatu~ eommand 2 (RST B8), the AND invert cireuit 242 d-eode- the read basic 3 statu- ee~mand (R~ 88), the AND lnvort eireuit 250 deeode~
4 the reset adapter eommand (RST), tho AND tnvert elreuit 262 S decodes th~ PIOR data eommand (PIOR) and the AND invert 6 circult 266 deeode~ the ~rite DSD order eommand (WR DSD) 7 Detailed description of the operation of thes~ eommands will 8 be provided hereafter 9 In addition to the eomm~nd eode provided by bits 4, 5, 6 and 7 an order code WXYZ is provided by the other four 11 blts, num~ly, bits 0, 1, 2 and 3 lf the eomm~nd i8 a WR DSD
12 eommand. Thus, bit~ 0, 1, 2 and 3 of the orde~ code are 13 deeoded to produ¢e one of the thr~e proviously defined 14 cipher handllng orders or one of the t~o previously deflned data proee~sing order~ Accoraingly, the AND invert eiroult }6 280 aeeodes a portion of the eiph~r k~y handling orders fcr 17 write ma~ter key (WMX) and load k~y diroet ~KD), the AND
18 inver~ e~reu~t 288 deeodes the eiphor key h~ndling order 19 deeipher key (DECR) ~nd the AND invert eireuit 302 deeodes a portlon of the data proce~ing order~ for eneipher (ENC) 21 and declpber (DEC) Detailed ~eeriptlon of the operation o~
22 the~e ordorg will be provided heroafter 23 Referring now to Fig l9al, at thc end of TC tlme, 24 pogitive ~ignal i8 applied to the -TC tag line whieh i8 inverted to a negati w ~gnal by th~ inverter 188 and applied 26 via the TC line to deeondit~on the AND lnvort clrcuit~ 206 27 and 208 Accordingly, deconditionod AND inv~rt circuit 2C6 28 appli~ a po~itive ~ignal to r~nd~r AND circult 216 effective 29 to terminat~ ~he nogativc ~lgnal on the -VALID B line The po~lt~ve slgnal from d~conditioned AND lnvort circuit 206 i~

1 al~o applied to invert~r 214 where it 1- ln~erted to a 2 neqative ~ignal on the TC SEL llne and applied to the 3 procodural error circultry and to decondit10n the AND invert 4 circuit~ 222 associatod with the command register 224 ln Fig. l9a2. The deconditioned AND invert clrcult 208 applies 6 a positiv~ ~ignal to render the AND circult 218, conditioned by the po~ltive aignal ouput of the TC End latch 210, effective to apply a positive ~ignal on th~ TC END line.
9 If bit 7 of the decoded command code i8 a 1, lndlcating a read operation, then pO8~ t$ve ~ignal~ on the bit 7 line and 1 the TC END line are applied to render the AND invert circuit 12 220 effective to produce a -P Valid signal to lndicate that 13 th~ parity of the data byte to be subsoquently presented to 14 the -DATA BUS ~N 18 valid. Thl~ i8 80 because the DSD alway~
provides correct parity for data byte~ it applies ~o the 16 -DATA BUS IN for read type command-. The po~itive signal 17 on the TC END line i8 also applied, in Fig. l9b2, to the 18 ~nverter 244, AND circuit 254, lnverter 258 to control the 19 operation of the gEAD BS, RST and PIOR com~ands, respectively, and to AND invert circuit 356 in Flg. l9c4 to control the 21 command error detection, all of which will be de~cribed in 22 grester detail hereafter.

24 Referring now to Eigs. l9b3 and l9c4 if one of the legAl com~ands has b~en decoded, then a negative ~ignal i8 26 applied to decondition either AND c$rcuit 350 or AND invert 27 circuit 352 to apply a positive signal to th~ LEGAL CMD
28 line. Th~ positive ~ignal on th~ LEGAL CMD line i8 inverted 2~ by inv~rter 354 to a ne~ative signal which $~ applied via the NO ~EGAL CMD line to decondition the AND invert c$rcuit Ri9-77-006 -68-i~

1 356- The AND invert clrcult 356 in belng decondltioned 2 applles a po8i~ive slgnal whlch h~s no effect on the CMD ERR
3 latch 358. On th~ other hand, if none of the legal commands 4 are decodea, then the AND invert circuit 352 1~ rendered effective to apply a nogatlve signal to the inverter 354 6 where lt 1~ lnvertod to a po~ltlve ~lgnal and ~pplied via 7 the NO LEGAL CMD llne to condltlon the AND lnvert circuit 8 356. At the end of TC time, tho po~ltive slgnal on the g TC END line 1~ applled to rendor the AND invert clrcuit 356 effectlve to apply a negatlvo slgnal to et the CMD ERR
11 l~tch 358 which ln belng set, applles a negatlve 12 signal via the -CM~ ERR llne to reset th~ S~L latch 192 in 13 Flg. l9al thereby de-electing the D8D due to tho command 14 error. Referring now to Fig. 1912, the negatlve slgnal on the -CMD ERR llno 1~ al~o applled to set th~ machlne check 16 blt latch 954 E ~bit 5) of the tatu- reglster 952.

18 At TD time, a -TD slgnal i~ provld~d to indlcate that 19 a data ffl te 18 pre~ nt on tho -DATA BU8 OUT or that a data byte i8 on the -DATA BUS IN dependlng upon whether a wrlte 21 or road operation is to be performed. Additlonally, becau~e 22 the clock 100 may run a~ynchronou~ly with respect to the 23 proce~sor, it 18 necessary to provlde ~ spoclal timing 24 slqnal for u~e during certain operatlon~, thi~ signal be~ng called the SYNC TD S~ gnal. Thi~ slgn~l beain~ at ~1 time 26 of a clock cycle colnciding with or followlng the beginning 27 of a TD time and l~ts untll ~1 time of the next clock 28 cycle. It then remain~ inoper~tive until the next occurrlng 29 TD time.
Reorrlng now to Fig. l9al, at TD time, the -TD signal Ki9-77-006 -69-~i494a:~

1 is applied to the invorter 186 where it ls lnverted to a 2 po~itlve TD slgnal and applied in combinatlon with a po~itive 3 ~ignal from the SYNCH latch 196 to condit~on the AND invert 4 circuit 198. At ~1 time, a ~1 cloc~ pul8e 18 applied to render the AND invert clrcuit 198 effective to apply a 6 negative ~ignal to the inverter 202 where ~t i8 inverted 7 to a positive signal on the SYNCH TD line. At ~4 time, a 8 ~4 clock pul~e in combination with the po~itive ~ignal on g the SYNCH TD line render the AND invort circuit 194 effective to apply a negative signal to r~set the SYNCH latch 196.
11 At ~1 time of the next clock cycle, a -~1 signal i8 applied 12 to decondition the ~ND inv~rt circuit 200 causing a po~itive 13 signal to be applied to the inverter 202 to terminate the 14 positive signal on th~ SYNCH TD line~ tho po~ltive ~ignal havlng been pre~ent for a 1 usec clock cycle period. The 16 positive ~gnal on the SYNCH TD lina $~ u~d to ~ynchronize 17 the PIOW data and WR DSD commands as will be descrlbed in 18 greater detail hereaft~r.
19 Referring now to Figs. l9al and l9bl, 1~ the SEL latch 192 has not been re~et by a command error, th-n pos~tive 21 ~ignal~ on the SEL and TD lines are appli~d to render the 22 AND lnvert circuit 204 effective to apply a negatlve signal 23 via the -TD SEL line to the inverter 212 and to decondltion 24 the AND circuit 2}6 cau~lng a -VALID B ~lgnal to be produced indicating that the DSD wa~ selected ~d a legal command wa~
26 decoded. The inverter 212 lnverts tha nogative ~lgnal to a 27 positivQ ~ignal on the TD SEL line which is used to determine 28 whether there wa~ a crypto engine dats error during the 29 execut~on of a PIOR Dnta command whi~h will be descrlbed ~n grea~er detail heresfter and for controlllng write error ~i~g4~
1 detectlon ~hich ~111 b de~crlbed ln the next section 2 Xeferring no~ to Fig l9al, at th~ end of TD tlme, a 3 posltlve signal i8 appli~d to the -TD tag line which 1~
4 inverted to a negatlv~ signal by the invert~r 186 and applled S via the TD line to d condition the AND inver~ circuit 204 6 The AND inv~rt clrcuit 204 ln being d~condltion~d cau~e~ a 7 po~ltive ~lgnal to be applied to the -TD SE~ line whlch, 8 in turn, 18 applled to the invertcr 212 and to render the 9 AND clrcult eff-ctive to termlnate th negative signal on the -VALID B lln- Th~ lnv rt~r 212 inv~rt~ th~ po~itive 11 ~lgnal to a negatlve lgnal on th~ TD 8EL line which 18 12 applied to decondition the engine error clrcuitry in 13 F~g 19h3, to control clrcultry in Flg l9b2 for terminatlng 14 the operatlon of th- 8ET BS or RST ~S com~ands and to decondltlon the ~rlt rror clrcultry in Flg l9b3 16 Follo~ing the nd o~ TD t~o, th ~O operation end~
17 and a po-ltlve lgnal i~ applied vla tbe -IO tag llne to 18 the inverter 182 ~here lt 1~ lnvert~d to a n-gatl~e lgnal 19 to roJ~t thc SEL latch 192 and th WR EM latch 364 ln Fig l9c4 Th- SEL latch 192 ln b ~ng re-ot appll-- a 21 nogativ~ ~lgnal to r ~et the corm~nd rsgist~r 224 in F~g 22 l9a2 to re-ct thc TC END latch 210 ~hlch, ln b~lng re~et, 23 appll~ a nogativ~ lgnal to decondltlon th- AND circult 24 218 th~raby tormlnatlng the po~ltlve ~lgnal on tho TC END
ltno The d~co~dlt~on~d AND circult 218 c~u-o- ~ n-g~tlve 26 slgnal to be applied vla th~ TC END lino to decondition 27 the AoD invort circult 220 thoroby t-rmlnatlng the n~gative 28 ~lgnal on the -P Valid line ~he co~mand reglster 224 in 29 belng re~ot decondltlo~ all of the deoodor circuitry in 30 Fig~. l9b2 ana l9b3 Xi9-77-~06 -71-1 WRITE 8RROR DET~CTION
2 Ref~rring no~ to Fig~ l9b3 and l9c4, $f a legal command 3 ha~ be~n docoded, lndlcat~d by a po~ltl~e ~ignal on the LEGAL
4 CMD line, and the eo~and i~ of tho ~rlte type, indicated by a po~$tive signal on the -7 l$no, and if the data byt~ on 6 the BUS IN has bad parlty, lndleat-d by a posltlve slgnal on 7 the PARITY ~AD llne, th~n, at TD tim~, the po~ltlve slgnal 8 on the TD SEL llno 1- appl$od to rend r th~ ~ND invert 9 clreuit 362 effe¢tlve to apply a negativ- lgnal to set the WR ERR lateh 36~ ThlJ lateh wlll r~aln et for the duratlon 11 of the IO operatlon or unt$1 th- nd of TD tlme for a RST
12 command The WR ERR lateh 364 ln belng set applies a po~$tlve 13 slgnal to et the statu~ bit 3 latch 954D $n the status 14 regl~t~r 952 in Flg l9i2 to reeord the faet that a wrlte error ~a~ deteeted 16 ILLEGA~ ORDPR
17 If th~ DSD ha- b~en properly addre--~d and ~eleeted and 18 if the command byt- peelfle- an ordbr eod~ not recogn$zed 19 by the DSD, then thl- eondlt$on will ba detect-d and tho statu- blts 0 and 2 of the ~tatu- r g~ter et to lndieate 21 thi~ llleqal ord r oondlt$on Mor~ p~elfleally, ref~rring 22 to P~g l9b2, if a WR DSD command 1~ deeoded by the AND
23 invert clrcu$t 266, a negative 8~ gnal 1- ~pplled to the 24 $nverter 268 where it i~ invort d to a po~ltlve slgnal ~nd applled vla the WR DSD ORDER line to condltlon the AND
26 c$rcult 270 At TD tlme, the po~ltlv~ olgnal on the 27 SYNCH TD line i~ app~led to render the AN~ clrcuit 270 28 effective to apply a po~ltlve slgnal vla the WR ORD TIME
29 line to one input of the AND lnvert alrcult 348 ln Flg l9b3 The other lnput~ to the AND lnvert clrcult 348 are Ri9-77-006 -72-1~94~

1 the legal ord~r codes recognized by the DSD. If none of 2 thesQ order code~ occur, then positive ~ignal~ ar~ applled 3 to the rem~ining ~nputs of the AND $nvert circuit 3~8 rendering 4 it effectlve to apply a negative s~gnal v~a the mlnu~ ILG
ORD line to set the status bit 0 and 2 latches 954a and 6 954c of the ~tatu~ register 952 in Fig. 1912.
7 WR~TE MASTER REY ORDER OPERATION
~ A goneral description of thls operation wlll fir~t be g glven followed by a more dotalled de~cription. Provlded that the EW switch ha- been prevlously set to th~ on position, 11 three latches are set when this order i3 d~codod, namely, the 12 WMK latch 274 in Fig. l9c3, the key in~alld latch 278 and the 13 ma~ter key overwrlte latch ~MW OVW) 276 in Fig. l9c2. The ma~tor key 14 overwriting functlon, whlch 1~ provid~d to destroy the previously ~tored content~ of the MR memory 700, ~ 8 accomplished 16 by activating the write enable lino, pulsing the memory enable 17 line and stepplng the addres~ counter 390 in Flg. l9b2. Whatever 18 happen~ to be present as bits 0, 1, 2 an~ 3 on the BUS IN
19 will be written into the MR msmory in all locatlons. The MK
OVW latch 276 remains Jet for 16 micro~econd- and i~ reJet 21 after the 16th MX m~mory location ha~ boen ov~r~rltten. Thereafter, 22 the actual msster key i~ wrltten wlth bl~ 0, 1, 2 and 3 from 23 the data fields in a ~erie~ of 16 PIOW data commands wlth one 24 micro~econd wr~te enable an~ memory enable signal~ belng provided for each SYNCH TD time. The ~ddreYs counter 390 i~ st~pped 26 at the conclu~ion of each pul~ her~ 1~ no ~utomatlc tenmination ~7 of the write m~tar ~ey or~er. After the 16th half bit has 28 written into the MX memory 700, a RST command mu~t be l~ued 29 to res~t th~ WMX latch 274 and regardle~s of whether the operation i~ under terminal eontrol or m~nual control th- M ~wltch mu~t ~19-t7-006 -73-1 be ~ot to the off po~ition. The key invalld latch 278 1R left 2 8et and no data can bo proc~sed untll after a v~lid key i~
3 ln~talled ln ~e crypto englne~ by elther a LXD or DECR ord~r.
4 If th~ WMX ordor 18 lssued while the EW s~itch 1~ set ln the off po~ition, there 1B no aetlon ot~r than recording a 6 proeedural error. The WMK order is p~rformed lnfrequ~ntly 7 and 1~ done only under physlcally s~eure eonaltions, as the 8 master key appoar- in clear form ln the maehine at thl~ t~me.
g A more detall~d descr$ptlon of the write master key order op~rat1on will now be glven and hould be follo~ed ~n con~unction ll wlth the timlng diagram of Fig. 21. Aft~r addro~ ~elsctlon 12 at TA time and loadlng of the WR DS~ command reglster 224 13 at TC tlme, the comm~nd code i8 ~eoded by the AND inverter 14 eireuit 266 in Fig. l9b2 to produee a negatlve slgnal which i~ inverted to a po~ltlve ~ignal by the inverter 268 16 on tho WR DSD ORDER line thQreby lndleating the presence of 17 a WR DSD order eommand. The positive ~ignal on the WR DSD
18 ORDSR lin~ 1B appll-d to conditlon the AND clrcu~t 270. At 19 the 8ame t$me, a portion of the order code i8 decode~ by the AND invert clreuit 280 to apply a negatlve signal vla the 21 -(WMR I LXD) DEC line to the inverter 282 where it i8 lnverted 22 to ~ po~itive ~ign81 ~na applied vla the WMX + LKn llne to 23 one input of the AND invert c$rcuit 272. A po~itive signal 24 on the -Y llne per~onallzes this order ~ a WMR order and i8 appliad to n ~econd input of the AND invert circuit 272.
26 Referrlng now to Fig. l9cl, the EW ~w~tch will hsv~ previously 27 be~n set to the on po~lt1on, thereby permltting a posltive 28^ 8ignal from the +5V source to be applied ~8 a th~rd lnput to 29 the AND invert circuit 272 ln Fig. l9b2. At TD tlme, a po~ltive ~ignal 1~ ~pplled via the SYNC~ TD line to render th-X~9-77-006 -74-il494~

1 conditioned AND c~rcuit 270 effective to apply a posltlve slgnal vla the WR ~D TIME line to the remalnlng lnput of the AND lnvert elreult 272. Accordlngly, the AND invert clrcuit 272 1~ rend~red effectlve to apply a negative signal via the -SET WMX line to ~et the MMX latch 274 in Fig. l9c3 and to set the MX OVW 276 in Fig. l9e2. The M~ OVW latch 276 in being ~et appl$es a negative lgnal via the -M~ OVW llne to decondition the AND circult 380 and the AND invert ei~euit 368. The decondit$oned AND circult 380 applios a negatlve signal to the -W ENABLE line to prepare the MX memory 700 for a writlng oporation. The AND lnvert clrcuit 368 in being decondltionea applie~ a pos$tive ~ignal to conditlon the AND invert circuit 370 and 374, in a manner a~ previously described in the manual WMR operation, for producing the ~uceessive signals on the -M ENABLE line during the memory overwrite operat~on. The WMK latch 274 remains set for the remalnder of thls opæration and ~pplie~ a posltive signal to the WMK line and a negative signal to the -WMX llne. ~he positive slgnal on the WMK llne ls applied to condition the AND invert circult 366 in Fig. l9c2 in preparation for writ~ng the new master key ~nto the MX memory 700. The negative signal on the ~WMR line i~ applied to ~et the 23 KEY INVALID latch 278 whlch rem~lns s~t for the rem~lnder 24 of thi~ opera~ion ~nd will be re~t only after a valld key i5 install~d in the erypto englnes by either a LXD or DEC~
26 ord~r, either of whlch will cause 8 re~et of th~s latch.
27 The negatlve slgnal on the -MMX llne i~ also applied to 28 decondition the AND invert clrcult 298 in Fig. l9c4 causing 29 a po~ltive signal to be appl~ed to the R O~D llne and via invarter 300 a negative signal to the -~ ORD lndicatlng gW

1 that a key order operation i~ ~eing psrformed.
2 ~eferring now to Fig. l~c2, at ~3L time, a ~3L cloc~
3 pulse 18 applied to render the AND invert circuit 370 effective 4 to apply a negativ~ signal to decondition the AND invert circult 376 which, in turn, applies a po~itive ~ignal which 6 is inverted by the inverter 378 to a negatlve signal on 7 the -M ENABLE lln~. Accordingly, the presence of negative 8 signals on the -W ENABLE and -M ENAB~E line~ enables the ~K
9 memory 700 for a write operation. Referrlng now to Fig. l9cl, since the MW ~witch has not operated, the MW latch 138 11 remains re~et and likewise the MK BUS SELECT latch 140. The 12 MK BUS SELECT latch 140 in being ln a re~et state applles a 13 po~itive ~ignsl to condition the AND clrcuit~ 166 and a 14 negative signal to decondition the AND circults 164 in Fig.
l9dl. In thl~ case, the hal~ byte value i~ not taken from 16 the manual switches SW0 to SW3 but rather from whatever 17 happen~ to be pre~ent on the bits 0, 1, 2 and 3 line of the 18 BUS IN which will now be written into location 0 of the ~
19 memory ?00. Referring now to Fig. l9c2, the po~ltive ~ignal produced by the AND invert circuit 376 i~ applied to the AND
21 invert circult 374 the other input~ of which h~ve posit$ve 22 signals malntain~d thereon at thls tlme causlng a negative 23 9ignal to be app~ied to the AND invert c~rcuit 376 to maintain 24 the po~$tive ~ignal o~tput thereof untll ~lL t~me of the next clock cycle. At ~hat time, a -plL clock pulse 26 is applied to decondit~on the AND invert circuit 374 which, 27 in turn, applies a po~itive signal to render the AND circuit 28 376 effective to apply a negative s$gnal to the -STEP CTR
29 ~ine and to the lnvexter 378 where it i~ invsrted into a positive slgnal on the -M ENABLE l~ne. The negative slgnal 1 on tho -STEP CTR line 1~ inv~rted by th~ inverter 388 ln 2 Fig. l9d2 to a po-leive slgnal which i- applled v$a the 3 -STEP CTR lin~ to step the addre~ counter 390 to an address 4 count of 1 indlcating the next location of the M~ memory s 700. ~n ~ similar manner e~ch succ~ive ~3L clock pulse i~
6 effective to control the appllcatlon of a negative signal on 7 the -M ENABLE llne to permit h~lf byte value on the BUS IN to 8 be written into and overwrite the previous master key half byte g ~t that location and each succeeaing -~lL clock pulse is effective to control the terminatlon of the negative ~lgnal 11 on the -M ENAB~E line and to step the address counter 39Q to 12 the next location ~ previously doscrlbed ln connection w$th 13 tho manu~l write ma-ter ~ey operation. S~llarly, when ~
14 count o~ 16 is reachod ~nd the a~dros~ counter 390 returns to an addres~ count of O, the negativa signal on the -16 16 STEP line i8 ~ppliod to re~et th~ M~ OVW l~tch 276 to 17 thereby t~rmlnate the M~ overwrit~ operation.
18 Following the ~nd of the MX ovorwrite oper~tlon, the 19 first of 16 PIOW data co~mands i~ provid~d to the DSD.
After ~dare~s ~election during the TA tlme and loading of 21 the command byte in the comm~nd regi~ter during TC time, in 22 a manner previou~ly described, the AND lnvart circuit 226 in 23 Fig. l9b2 dscode- this command and ~pplio~ a negative ~ignal 24 via the -PIOW DATA DEC llno to on- lnput o the 0~ lnvert circult 230. At TD time, a po~ltiv~ ~lgnal on the SYNC~ TD
26 line i8 $nverted by the inverter 228 to a negative ~ignal to 27 the oth~r tnput of the OR inv~xt c$rcult 230 which, in turn, 28 applies a posit$ve ~ignal to the PIOW DATA line. The posltive 29 sign~l on the PIOW DATA line 18 appliod to th~ AND $nvert circuit 366 in Flg. l9c2 whlch in comblnatlon wlth the Ri9-77-006 -77-li~9~

l positiv~ signal on the ~X line renders the AND invert 2 eircuit 3~6 effective to apply a negative signal to de-3 con,lition the AND circuit 380 and tlle .~ invert 37~ for the 4 ~erio~ of the SYNC TD pulse. The A.iD circuit 380 in being S d~conditioned applies a negative signal to the -W ~ABLE
6 line. The Ai~ invert circuit 376 in bein~ deconditioned 7 applies a positive signal which is inverted by inverter 378 8 to a negative signal on the -' ENABLE line. The combination 9 of negative signals on the -~ Ei~ABLE and -,1 ENABLE lines permit the bits 0, 1, 2 an-l ~ of the data field associated 11 with the PIOW command, which is the first half byte of the 12 new ~a~ter key, to he written into location 0 of the ~
13 Inemory 700. ~t the en~ of SY~C Tr) time, a negative signal 14 is applied to the SY~C TD line wilich is inverted by inverter 22S in Fig. l~b2 to a positive signal which rend~rs the ~N~
16 invort circuit 230 effective to apply a negative signal via 17 the PIOW ~ATA line to decondition the A~D invert circuit 366 18 in Fig. l9c2. Accordingly, AND invert circuit 36fi, in ~eing 19 deconditioned, applies a positive si~nal to condition the A~i~D circuit 3~0 an~ the AND invert circuit 376. The A~D
21 circuit 380 in heing con~.litioned applies a positive si~nal 22 on the -W ENABLE line whlle the A:~3 invert circuit 37~ in 23 heing conditioned applies a negative ~ignal to the -ST~P CTR
24 line and is inverted by the inverter 378 to a po~itive siqnal on the -M E~ABLE line. Tlle positive signals on the 26 -S~ EN~BI,~ AND -M E~ABI.E lines inhibit further writing 27 operation~ into the ~SK .ne~nory 700. The negative signal 28 on the -STEP CTR line is inverted by inverter 388 in 29 Fig. l9d2 to a yositive sigllal on the STEP CTR line to step t.he addres~ counter 3q0 to an address count of 1 re~resenting T~T~77~0f; ~7'~^

~1~

l the next addre~s for the ;~K memory 700. In a similar manner, 2 succeeding negative ~ignal-~ on the -W E~ABL~ and -~ ENABLE
3 lines are provided for -~ucceeding SYNC ~D times to write 4 the succeeding half byte~ of the new master key into the l~K
memory 700 with the address counter 390 being stepped at the 6 concluslon of each succeeding SYNC TD slgnal.
7 After the sixteenth half-byte value has been written 8 into the MK memory 700, the WMX order operat$on is completed 9 ~y ~etting the EW switch in Flg. l9cl to the off position which, in turn, causes a negative ~ignal to be applled 11 to decondition the AND invert circuit 272 in Fig. l9b2 and 12 inhibit the performance of any -Rubsequent WMX order operation 13 -~o long as the EW switch remains off. Th~-~ conclude~ the 14 descriptlon of the WMK order operation. However, it should be noted that the WMK latch 274 in Fig. 19c3 remalns ~et 16 until such time as a RST command is issued to reset this 17 latch and that the KEY INVALID latch 278 also remains set 18 and no data can be processed until after a valid key i8 l9 installed in the crypto engine by either a LKD or ~CR order a~ will be described in greater detail hereafter.
21 RESET ADAPTER CO~MAND OPERATION
22 The execution of thi~ command causes a RST signal to 23 be created from the end of TC time until the end of I~O
24 operation. ~hiQ qignal is uQed to reset all counter~, flip-flops and latches in the adapter and control ~ection.
26 Nothing in the c~ypto engines are reset and the data field 27 associated with thi~ command is lgnored. The same re~et 28 signal can also be created by a di~crete reset Qignal on 29 the -~SET line from the I/O interface.
~ more detailed de~cription of the reset adapter KI977006 -7~-ii494~

1 command operation wlll now be given in con~unctlon wlth the 2 timing diagram ~n Fig. 21. After the address selection i8 3 performed durlng TA time and the command byte is loaded lnto 4 the command reglster during the TC time, as previou~ly S descr~bed, the AND invert clrcuit 250 ln Fig. l9b2 decodes 6 the RST command code and produce~ a negative slgnal which 7 i8 applied to the inverter 252 wh ro it i8 inverted to a 8 positive ~ignal and applled to ono input of the AND circuit 9 254. At TC time, a positive signal on the TC END line is applied to render the AND circuit 254 effoctive to apply a 11 po~itive signal to the OR invert circult 256 whlch, ln turn, 12 applies a negative ignal on the RST line. A similar 13 operation may be ln~tiated by a dl-crete nogatlve signal on 14 the -RESET line fro~ the I/O intorface ln Fig. l9a2 which is inverted by the inverter 248 to apply ~ po~ltlve signal to 16 the OR invert circuit 256 whlch, in turn, applies a neqative 17 signal to the -RST line. A~ mentioned above, thi~ ~ignal i~
18 used to re~et all counters, flip-flop~ and latches in the }9 adapter and control section~ that are not automatlcally resot by the clock 100 or tag ~ignal~. If thls command 1~
21 issued after a WMX order command, thon tho negative signal 22 on the -RST line 1~ ~pplled to reset the WMK latch 274 which, 23 in being re~et, applies a positive slgnal on the -WMR line 24 to render the AND invort circuit 298 ln Flb. l9c5 effective to apply a negative signal on the ~ ORD line ~nd vi~ the 26 inverter 300 a po~$tive signal on the -R ORD line.

28 Before proceedlng to var$ou~ order commands which 29 involve the u~e of the crypto engine, a de-cription will be given of the I/O management t-chnigue u~ed in the Ki9-77-006 -80-~494~

1 DSD as well as ~ome of the ma~or control~ used ln such 2 manag~ment. Referrlng now to ~ig~. l9fl and l9gl, one of 3 the crypto engines i8 shown in block form and include~ a 64-4 bit input~output buffsr register divided into an upper buffer register UBR 100 and a lower buffer regi~ter LBR 150 6 of 32 bit~ each. The buffer regl~ter i8 used for both input 7 and output operations In a mutually excluslve manner for 8 receiving an input block of data by a series of 8 PIOW DATA
g commands, termed an input cycle or for producing an output block of data by a ser~es of 8 PIOR data commands, termed an 11 output cycle. During each input cycle, an 8 byte block of 12 input data i8 written ~nto the buffer regi~ter on a serial-13 by-byte ba~i~ from the terminal memory and durlng each 14 output cycle an 8 byte block of output data is read from the buffer register on a serlal-by-byte ba~i~ to the terminal 16 memory. During the input cycle, each recelved byte i8 17 parity checked for odd parity over nins ~lt~ and during the 18 output cycle to each byte is appended a parity b~t to achieve 19 odd parity over nine bits. Principal input/output controls wh~ch are used for thQ I/O management include: (1) an 21 input cycle latch 454 in P~g. l~e3 whlch 1~ set by a PIOW
22 data command, except during the exscutlon of a WMX order 23 command, and remain- ~et until after 8 PIaW data commands 24 have been counted by a byte counter 448 ln Fig. l9d47 (2) an output cycle latch 464 in Fig. l9e3 whlch 1~ set by a 26 PIOR ~ata command, by the conclusion of the input cycle 27 during the ~XD order operation or by the conclu~ion of the 28 deciphering proces~ during the executlon of the DECR order 29 operation, and remains set until after the 8 PIOR data command~ have been counted or until after 8 buffer to key ~i9-77-006 -81-1 register shlft~ have been countod by the byte counter; (3) 2 a byte countor 4~8 whlch count- tho number of hlfts of the 3 buffor regi~tor as it is bolng loaded or unloaded by PIOW or ~ PIOR data commands, re~poc~ively, or as a cipher key i~
belng transferred from the buffor register to the key reg$~ter;
6 and (4) a bloek eounter 414 ln Fig. l9d3 whlch i8 set at the 7 ond of every input eycle and i~ re~et at the ond of every 8 output cycle.
g C~YP~o ENGINE CONT~OLS
Tho crypto engine used in the pro~ent invention 1~
11 similar in detall to that ~hown and d -erlbod ln the afore-12 mentioned U.S. Patent No. 3,598,081. One dlfferonce botween 13 the nglne ~hown ln the aforementionod patent and that in 14 the present lnvontion 1~ that ln the aforementloned patont the crypto engino is provided wlth eparate input and output 16 buffer registers whereas in the crypto englne of the present 17 invention 8 single lnput/output buffer regi~ter i9 provided 18 and u~ed, ln ~ mutually excluslve manner, for lnput/output 19 operatlon~. Howevor, whlle thore 18 a dlfference ln do~ign detall botwoen the prevlous and the pr-sont crypto engine, 21 the algorithm p rfo~med by both is ldentical. Addltlonally, 22 tho erypto onglne of the aforementioned patent discloses ho~
23 the ba~ie oncipher~d~eipher op-ratlon~ ar~ performed wlth 24 the clphor key be~ng loaded dlrectly into the key reglster a~ a worklng key wherea~, in the pre-ent inventlon, ~n 26 addltion to be$ng loaaed dlroctly into th- key regl~ter from 27 the MX memory 700, it i~ al~o loaded a~ a working Xey lnto 28 the key regl~ter via the input/output buffer reg~ster when 29 the clpher ~ey 18 provlded from the tormlnal memory during an LRD operatlon or as the re~ult of the D~C~ operatlon. The Ki9-77-006 -82-li~9g~

1 details of these modifications of the prior cr~pto engine 2 are shown in Fig. 22a to Fi~. 22c and correspond to Figs. 3a 3 to 3d of the aforementioned patent with the notations used 4 being identical for both except for the lines labeled ER and LDR which corre~pond to lines labeled LB and IBT in the 6 aforementioned patent. The various control signals u~ed in 7 the crypto engine and their function will be generally 8 described in the following and the operation of the modified 9 crypto engine will be de~cribed in con~unction with the detailed descriptions of the variou~ comm~nd operation~
11 which will be described hereafter.
12 Load Input Buffer ~LIB) - Thi~ ~ignal is used for 13 loading and unloading the buffer regi~ters UBR 100 and LBR
14 150. During an input cycle, this signal cau~es a data byte pre~ently on the BUS IN to be latched in and simultaneously 16 shifted in the buffer registers. After eight such actions, 17 the loading operation is complete. During an output cycle, a 18 data byte is outputted, after which thi~ signal causes the 19 buffer registers UBR 100 and LBR 150 to be shifted in preparation for outputting the next data byte. After eight 21 such actlon~, the unloading operation i~ complete.
22 Load Key Register From Buffer (LXB) - This signal is 23 essentially identical to the LIB signal and is produced 24 during the output cycle of LKD or DECK operations causing the buffer register outputs to be latched into the key 26 register~ UKR 350 and LKR 400.
27 Load Data l~egister (LDR) and End of Last Round (ELR) -28 ~rhese signals are ~imultaneou~ly produced from the ~ame 29 source with LDR causing the content of the buffer regi~ter UBR 100 and LBR 150 to be tran~ferred to the data regi~ters ~I977006 -83-~9~

1 ~DR 200 and LDR 250 and ELR cau~ing the eontent~ of the data 2 registerg UDR 200 and LDR 250 (v~a the eipher funetion 3 circults) to be transferred to the buffer register~ UBR 100 4 and LBR 150, the simultaneous aetion constituting a sw~p of the eontents of the buffer and data register~
6 Engine ~usy (EB) - This eontrol ~lgnal is produced 7 durlng actu~l data eiphering operat~ons and oeeurs from the 8 end of the input eyele to the end of the la~t of the 16 9 rounds of the eipher function End of Round (ER) - This signal is u~ed to lateh up 11 the intenmediate results of each round in the d~ta registers 12 UDR 200 and LDR 250 13 Load M~ster Rey (LDX) - Th~s slgnal eau~eJ the contents 14 of the MK ~emory buffer 702 to be latehod into the key registers UXR 350 and LKR 400 16 Shift Right (SR), Shift Right and Reeireulate (SRR) and 17 Shift Left (SL) - The SR signal is used to ~hift the key 18 register~ UXR and LXR 400 to the right when ~ eipher key I9 i8 belng loaded from either the MX memory 700 or the buffer registers UBR 100 and LBR 150 ~he SRR slgnal configures 21 the key register UXR 350 and LXR 400 into two reclreulatlng 22 right sh$fting register~ During the doelpher proee~s, the 23 SR and SRR control ~ignal~ eau~e the k~y registers to be 24 shifted to the right During the enelpher operatlon, the S~ control ~ignal eonflgure~ ths key reglsters URR 350 and 26 LXR 400 into two reeirculatlng left shlfting reqi~t~r~
27 whleh ~re shifted to thc left 28 ~OAD Æ Y DIRECT ORDER OPERATION
29 The function of thls op~ration is to load ~ new cipher key in clear form v~a the bufer rsgi-ter~ of the crypto Ki9-77-006 - ~-l engine~ direetly into the key regist-rs When the order 2 code specifying this order is deeoded, a LRD latch i8 set 3 and the ~ey invalid latch i8 reset to permit data to be 4 sub~eguently proce~sed eince a new working key i~ to be writton into the crypto engines by the present operat~on 6 The ~etting of the LXD latch enables p~rity eheeker~ in ~he 7 crypto engines for permitting odd parity ehecks to be made 8 for eaeh elpher key byte to bo loaded into the key registers g from the buffer r~gisters Following the LKD order eommand, the ter~inal proee~-or lssues a aerles of 8 PIOW data oommands, 11 with the data fiela8 assoeiated with the oomm~nds being 12 loaaed lnto the buffer rsgisters of erypto engines The 13 fir-t Jueh eo~mand ~nitiate- an input eyele and a byte 14 count-r-eounts oaeh 8ueh eommand reeoived After the 8 PIOW
command- hav- been reeelved and the 8th ~yto ~ritten into 16 the buffer rogl-t rs, then, at the 8th eount, the input cyele 17 end~, a bloek eount r i8 set and an output eyele is started 18 During the output eyele, the buff~r registers and key registers l9 are sh~fted ln synehronism, onee for eaeh eloek eycle, c~using the cipher key pro-ently stored in the buffer registers 21 to be shifted into the ~ey registoro Durlng thl~ tran~fer, 22 a parity eheck is mad6 of each byte ~ lt i 8 tran~ferred to 23 the key regi~ter- The byte eounter eount- eloek cycle~ and 24 at the 8th eount, the output eycle ends, the block eounter re~et and the LKD lateh i~ reset to ond the oper~t~on 2~ A more det~ilod de~cription of the Load Key Direet 27 operat$on will now be given ~n con~unetlon ~ith the timlng 28 dlagram of Fig 23 After addre~- seleetion at TA tlme ~nd 29 load~ng the command byte into the comm~nd register at TC
time, the co0~and cod- i~ decod~d by AND invert circult 266 K{9-77-006 -85-~948;~

1 in Fig. l9b2 to produce a negatlve ~ignal whlch i9 inverted 2 to a po~itive signal on WR DSD ORDER line thereby lndicating 3 the presence of a WR DSD order command. At the same time, 4 a portion of the order code i~ decodea by the AND invert circuit 280 to apply a neg~tive ~ignal via the -(WMR+LXD) 6 DEC line to the inverter 282 where it is inverted to a 7 po~itive ~lgnal and applied via the WMKILKD l$ne to one 8 input of the AND invert circuit 284. A posltive ~ignal on g the Y line per~onalizes thi~ order a~ a LKD order and i~
applied a~ a second input to the AND invert circuit 284.
11 At TD time, a positive signal i8 applied via the SYNCH TD
12 line to render the AND circuit 270, conditioned by the 13 positive ~ignal on the WR DSD ORDER line, effective to 14 provide a positive signal on the WR ORDER TIME llne which is applied to the r~maining input of the AND invert circuit 284 16 to render it effective to produce a negat~ve ~ignal on the 17 -SE~ LKD line. The negative ~gnal on the -S~T LKD line is 18 sppliod to set the LXD latch 286 in Fig. l9c3 and to reset 19 the KEY INVALID latch 278. The LKD latch ln being ~et applies a po~itive signal to the LKD line and a negative 21 signal to the -LKD line while the KEY INVALID latch in being 22 reset applie~ a positive ~ignal to the -KEY INVALID line.
23 The negativ~ ~ignal on the -LXD line is inverted by the inverter 24 601 in Fig. l9g3 to a po~itive slgnal on the EEC line which is applies via the control line bus to the crypto angines 26 which, in Fig. 19gl, i~ shown as being applied to one input 27 of the AND circuit 806 in prspar~tion for allowing a parity 28 check operation. The negative signal on the -L~D line i~
29 also applied to decondition th~ AND invert circuit 298 in Fig. l9c4 which, in turn, applies a po~itive signal to the .,,~,,, ~i4948;~

1 K O~D line and via inverter 300 a nog~tlve signal on the -~2 ORD line thersby provldlng lndicatlon~ that thls i8 a key 3 order operatlon.
4 The flrst of a ~erles of 8 PIOW data command~ i~ now recelved by the DSD and after addre~s ~election at TA tlme 6 and command load$ng into the command regi~ter at TC time, 7 the AND lnvert clrcuit 226 decodos thls command causlng a 8 negative ~ignal to be applled to one lnput of the OR invert 9 circuit 230. At TD time, a po~ltive signal on the SYNCH TD
llne i8 lnvertea by lnverter 228 to a negative signal to the ll other input of the OR invert circuit 230 which, ln turn, 12 applies a po~$tivo signal to the PIOW data llne. The 13 positive signal on the PIOW data l~no i~ applled to the AND
14 invert circult 426 ln Fig. l9d3 which is pre~ently conditioned by a pos~tive ~lgnal on the -WM~ line. Accordlngly, the AND
16 lnvert circuit 426 i8 rendered e~fective to apply a negative 17 signal to one input of the OR invert circuit 430. At this 18 time, positive s$gnals are maintained ~t the lnput of the 19 AND invert circult 428 causing a negative ~ignal to be applied to the other input of the OR invert circuit 430.
2~ The negative si~na~ inputs to th~ OR lnvert circuit 430 cau-e~
22 a posltlve ~ign~l to be applied vla the PI0W llne to condltlon 23 the AND invert cixcult 431, to condltlon the ~ND invert circuit 444, ln F$g. 19d4, and to be applie~ to the lnvertor 596 in Fig. l9g3 ~h~re it i8 lnverted ~o a negatlve ~lgnal 26 to deconditlon the AND clrcult 600 whlch, in turn, applle~ a 27 negative ~ignal on the -LIB ~ne to one input of the OR
28 ~nvert c~rcu~t 602. At -C time, a -C cloc~ pul8e i8 applied 29 to th~ other input of the OR lnvert clrcuit 602. The nogativ~
~ign~l input8 to tho 0~ in~ert clrcuit 602 cau-es a X19-77-006 -8~-~g~

1 positive signal to be applied via the LIB line and the 2 control line bus to the crypto engine~ and to the OR invert 3 circuit 648 in Fig. l9h4. The OR invert circuit 648 i8 4 rendered effective to apply a negative signal ~o ~he delay circuit 650, which provides a 250ns t$me delay, and via the 6 LIB line and the control line bus to the crypto engine~.
7 Referring now to Figs. l9fl and l9gl the combinatlon of 3 signal~ on the LIB and LIB lines are effective to permit S the data field as~ociated with the first PIOW data command to be loaded from the BUS IN via the P box 50 into 11 the buffer regi~ters UBR 100 and LBR 150 in each crypto L2 engine~
13 Referring now to Fig. l9e3, at ~3L t~me of the clock 14 cycle, a ~3L clock pulse i8 applied to render the conditionQd AND invert circult 431 effective to apply a negative s$gnal 16 to ~et the INPUT CYCLE latch 454 to start the input cycle 17 operation. The INPUT CYCLE latch 454 in be~ng ~et applie~ a 18 negative ~ignal via the -IN CYCLE line to set the START IN
19 CYCLE END latch 530 which, in being set, appli~8 a positive gignal to one input of the AND invert circuit 532. Referr~ng 21 now to Fig. l9d4, at ~4 time, a ~4 clock pul-e i8 applied to ~22 render ~he conditioned AND invert clrcuit 444 effective to 23 apply a negative pulse to the STEP BYT~ CTR line, the po~itivo 24 trailing edge of which i~ ef~ective to step the byte count-r 448 to a count of one~
26 In a ~imilar m~nner, succeeding ones of the data fields 27 as~ociated with the ~erie~ of 8 PIOW data commands 28 are loaded into the buffer registers UBR 100 ~nd LBR 150 29 with the previous byte be~ng simultaneously ~hifted ~nd the byte counter 448 co~nting each ~uch byte r~ceived.

Ki9-77-006 -88-i~g998~

1 After the 8th byte ie written lnto the buffer reglsters, the 2 byte counter 448 steps from a count of 7 back to a count of 3 0 cau~ing a negative slgnal to be produced to ~et the COUNT
4 8 latch 450 which, ln turn, applles a negatlve signal to S the -CT8 llne. The nogative ~lgnal on the -CT8 line is ~ applled to re~et the INPUT CYCLE latch 454 in Flg. l9e3 7 theroby endlng the lnput cycle. The INPUT CYCLE latch 454 8 in belng re~et applies a po~itlv~ ~lgnal vla the -IN CYCLE
9 llne to tho AND inv-rt clrcult 410 in Fig. l9d3. The combinatlon of po~ltive slgnal~ on -IN CYCLE and -OUT CYCLE llno~ are 11 applled to rena-r the AND invert circuit 410 effective to 12 apply a nogative lgnal to reset tho COUNT 8 latch 450 in 13~ Fig. l9d4 and 1~ inverted by lnverter 412 to a po~itive 14 ~lgnal to set the ~LOC~ COUNT fllp flop 414 produclng a positive ~lgnal on the -BL~O lln~ snd a negatlve ~lgnal on 16 the -BLXl line.
17 Referring now to Fig~. 1903 and l9f3, po-ltive ~ignals 18 on the -IN CYCLE line ~nd from tho START IN CYCLE END latch 19 530 are applied to conditlon the AND invert circult 532. At the next ~1 time, tho AND invort clrcuit 524 1~ render~d 21 ef~ect~ve to apply a negativo pul~o, from ~1 tim~ to ~lL time, 22 on thQ -~l/L lln- to inverter S26 ~her~ lt i- invorted to 23 po~itive pulse wh~ch 1~ applled vla th~ EL llne to 24 rendsr the now conditioned AND lnvert clrcult 532 effective to ~pply a negativ~ pul~e to sot the rN CYC~E END latch 534 26 wh~ch, in being ~et, ~pplie~ a po~itiv~ lgnal to the IN
27 CYCLE END llne~ Th~ 8 latch ~ill r~ma~n ~et until the next 28 pl t$me when a negatlve pul-e $~ ~pplled to the -pl/L line 29 to reeet the latch whlch th refore r-main- et for approximately ~ one clock cycls.

1 Referring now to Fig~ l9e3, the po~itive ~ig~al on the 2 IN CYC END line in combination wlth the positive ~ignal on 3 the LRD line are applied to render the AND invert circuit 4 460 effective to apply a negative signal to ~et the OUTPUT
S CYCLE latch 464 producing a poqitive slgnal on the OUT CYCLE
6 line and a negative ~lgnal on the -OUT CYCLE line thereby 7 initiatlng the output cycle. The negative signal on the 8 -OUT CYCLE line i8 applied to set the START OUT CYCLE END
9 latch 580 which, in being set, applies a positive signal to one input of the AND invert circuit 582. ~eferring now to 11 Fig. l9g4, since thi~ is a key order operation, a negative 12 signal on the -K ORD line i~ inverted by inverter 594 and 13 applied a~ a positive signal to one input of the AND invert 14 circuit 590. The po~ltive ~iqnal on the OUT CYCLE llne i8 applied to the other input of the AND invert circult 590 to 16 render it effective to apply a negatlve ~ignal to decondition 17 the AND circuit 600, to decondition the AND circuit 572 and 18 to one input of the OR invert circuit 604. The decondltioned 19 AND circuit 600 applie~ a negative signal vla the -LIB line to one input of the OR invert circuit 602 while the deconditloned 21 AND circuit 572 applies a negative slgnal vla the -SR line 22 to one input of the OR invert circuit 574. A -C clock pulse 23 is applied to the other inputs of the OR invert circuits 602, 24 604 and 574 to deconditlon them causing positive ~ignals to be applied via the L~, LRB ~nd SR line~, respectively, to 26 the control signal cable connected to the crypto engine~.
27 The positive signal on the SR line is al~o applied to the OR
28 invert circuit 606 in Fig. l9h4 causing a negative signal, 29 delayed by a 250ns tlme delay circuit 608, to be applied via the ~DK llne to the control slgnal cable.

gl9-77-006 -go-~94~

1 Referring now to the crypto ongines $n Flg. l9gl, these 2 signals are effectlve to cau~e the buffer and koy registers 3 to shift ln synchronism with a data byte belng tr_n~ferred 4 from the buffer registers UBR 100 and LBR 150 to the key register~ UKR 350 and LgR 400. A parity check of the byte i~
6 made by the parlty check circuit 802 with the reJult being 7 applied to the AND circuit 806 conditioned by po~itive 8 signals on the LKB and EEC line~. If a parity error is g detected, a positive signal i8 applied to render the AND
circuit 806 effectlve to cau~e a positive signal to be applied 11 via the OR circult 808 to the KEY BVS A E M line. A similar 12 parlty check is made in the crypto ~ngine B and if a~n error 13 is detected in this engine _ po~itive ~lgnal i~ applied to `~
14 KEY BUS B ERR llne. Referring now to Flg. l9h4 _nd l9i2 posit$ve signals on either or both of tho XEY BUS ERR lines 16 are applied to condition the AND invert circuit~ 936 and 17 938. At ~3L time, a ~3L clock pul~e 1~ applied to render 18 either or both of the AND invort circuit ~ffective to apply 19 a negative ~ignal to set the bit 1 _nd 2 latches 954b _nd 954c of the status roglster 952 to record the occur~ence of 21 a parity error in the byte transferred to the key registers 22 in oither or both of the crypto ongines.
23 Referring now to Figs. l9e3 and l9f3, _t ~4 tim~, _ 24 ~4 clock pulse in combination with a po-itlvo signal on the IN CYCLE END line are applied to render the 26 AND invert circult 528 effective to apply a n~gat~ve signal 27 to reoet the START IN CYCLE END latch 530. ~t the same time, 28 referring to Fig. l9d4, the ~4 clock puls- in co~bination 29 with positive ~ignals on the OUT CYCLE and X ORD line are applied to rendor the AND lnvort clrcuit ~2 effectlve to Ki9-77-006 -91-i~94~

1 apply a negative pulse to the STEP BYTE CTR line, at the 2 trailing edge of which a positive ~ignal i~ effective to 3 step the byte counter to a count of one. At ~1 time of the 4 next clock cycle, the combination of positive ~ignals on the 01L lines are applied to render the AND invert circuit S24 6 effective to apply a negative s1gnal via the ~ 2 line to 7 reset the IN CYCLE END latch 534.
8 In a similar manner to that de~cribed above, the buffer g regi~ters and the key register~ of the crypto engines are shifted in synchroni~m, once for each clock cycle, causing 11 succes~ive bytes of the cipher key to be transferred from 12 the buffer regi~ter~ to the key registers ~lth a parity 13 check made of each byte transferred. The byte counter 448 14 count- the cloc~ cycles and when the count ~teps from a count of 7 back to a count of 0, a negative s~gnal 1~ applied 16 to set the COUNT 8 latch 450 which, in being ~et, applies a 17 negative ~ignal via the -CT8 line to reset the OUTPUT CYCLE
18 latch 464 in Fig. l9e3. The OUTPUT CYCLE latch 464 in being 19 reset applie~ a positlve s1gnal on the -OUT CYCLE line and a negative signal on the OUT CYCLE line. Referring now to 21 Fig. l9d3, the combination of po~itive signal~ on the -OUT
22 CYCLE line and the -IN CYCLE line render the AND invert 23 circuit 410 effective to apply a negative signal to reset 24 the COUN~ 8 latch 450 in Fig. l9d4 and is inverted ~y the in~erter 412 to ~ po~itive signal to reset the BLOCX COUN~
26 flip flop 414 producing a negative signal on the -BLR O line 27 and a positive signal on the -B~K 1 line. At the same time, 28 the negative signal on the OUT CYCLE 1~ ne i8 applied to 29 decondltion the AND invert circuit 590 in Fig. l9g4 causing a positive ~ignal to be applied via the -LKB line to the OR

Ki9-77-006 -92-i~494a:~

1 invert clrcuit 604 and to renaer the ~ND circuits 600 and 2 S72 effective to apply positive slgnals via the -~IB and -SR
3 lines to the OR invort circults 602 and 574. As a result, 4 negat$ve ~ignals are now malntalnod on the LIB, LK8 and SR
lines to terminate further shift$ng of the buffer and key 6 regiRter~ ln the crypto engines.
7 ~eferring to Fig. l9f3, at ~1 tim~ of the next clock 8 cycle, a 01 DEL clock pulse in combination with the po~itive g signal on the -OUT CYCLE line and the positive signal output of the START OUT CYCLE END latch 520 are ~pplied to render 11 the AND invert circuit 582 effective to produce a negative 12 signal to set the O~T CYCLE END latch 584 whlch, in being 13 set, applies a positive signal on the OUT CYCLE END line to 14 conditlon the AND invert circuit 578 in Fig. l9e3. The OUT
CYCLE END latch 584 al80 applie~ a negative signal on the 16 -OUT CYCLE END line to reset the LKD l~tch 286 in Fig. l9c3.
17 The LRD latch 286 in being re~et Applle~ a po~itive ~gnal 18 to render the AND invert circuit 298 in Fig. l9c4 effective 19 to ~pply a negative signal on the X ORD line and via the inverter 300 a positive slgnal on the -K oRn line indicating 21 the end of the key order operation. The positive signal on 22 the -LXD line is also inverted by the inverter 601 in Fig.
23 l9g3 to a negative signal on the EEC line which i8 applied 24 via the control line bus to to docondition the par~ty check circuits of the crypto engines. Referrlng now to Figs. l9e3 26 and l9f3, at ~4 time, a ~4 clock pul~e i~ applied to render 27 the AND invert circuit 578 effectlvo to apply a negative 28 s~gnal to reset the START OUT CYCLE END latch 580. At pl 29 timo of the next clock cycle, a -~lL clock pulse i~ applied to rQset the OUT CYCL~ END latch 584 and theroby end the Xi9-77-006 -93-l load key direct order operat$on.
2 DECIP~ER XEY ORDER OPERATION
3 The funct$on of this operat$on i~ to decipher an enciphered 4 operational key and then load the operational key in S clear form a~ the working Xey in the key registers of the 6 crypto engine~ for subsequent data processing operation~.
7 When the order code specifying this order i8 decoded, a 8 decipher key ~DECX) latch i8 set, a load master key (LMX) 9 latch i~ set, the key invalid latch is reset (having been set and remain set by a previous HMR order command if that 11 co~mand preceded the present one) to permit data to be l2 subsequently proces-ed slnce a new wor~lng key i~ to be 13 written lnto the key regi~ters of the crypto engine~ by the 14 present operation and an encipher ~ENC) latch iB reset so lS that the proces~ing mode i~ set for a dec~pher operation.
16 With the~ LMK latch set, tha content~ of the MK memory is 17 caused to be read out and transferred, a byte at a time, to 18 the crypto engines. The ma~ter key is parity checked, a l9 byte at a time, and loaded as a working key directly into the key registers of the crypto engines. Concurrently with 21 (or after) loading the master key into the key register~, a 22 seriQs of 8 PIOW commands are received with the data field~
23 as~ociated with the commands, con~titut$ng the enciphered 24 operational key to b~ deciphered under control of the master key, being loaded i~to the buffer registers of the crypto 26 engines. The fir~t such command initiates an input cycle 27 and a byte counter counts each such command received. After 28 the 8 PIOW commands have been received and the 8th byte 29 written into the buffer register~, then, at the 8th count, the input cycle end~, the enclphered operation~l key is Ki9-77-006 -94-1 transferred from t~e buffer registors to the data regiQters 2 of the crypto engines, a block counter i8 set and the crypto 3 engine~ start a decipher operation which is indicated by 4 the generation of an engine busy ~ignal. At the end of the decipher operation, the operational ~ey, now in clear form, 6 is loaded into the buffer regi~ters of the crypto engines 7 and an output cycle i8 started. During the output cycle, 8 the buffer registers and the key register~ are shifted in 9 synchroni~m, once for each clock cycle, cau~ing the operational key pre~ently in the buffer registers to be ~hifted into the 11 key registers. During this transfer, the byte counter 12 count~ the clock cycles and after the 8th count, the output 13 cycle ends, the block counter is re~et and the DECK latch re~et to end the operation. Any attompt to read the contents of the buf~er regi~ter~ whilo the operational key 6 is present in clear form will be detected and cause a 17 procedural error as will be de~cribed in greater detail 18 hereafter.
19 A more detailed description of the decipher key operation will now be given in con~unction with the timing diagram of 21 Fig. 24. After ~ddress selection at TA time and loading the 22 command byte into the command register at TC time, the comm~nd 23 code i~ decoded by AND invert circuit 266 in Fig. l9b2 to 24 produce a negative signal which i8 inverted by inverter 268 to a positive sign~l on the WR DSD O~DER llne thereby indicatlng 26 the presence of a WR DSD order command. At the same time, 27 the order code i~ decoded by the AND invert circuit 288 to 28 apply a negative ~ignal via the -DECR DEC line to the inVertQr 29 290 where lt iY inverted to a positive signal and applied to one lnput of the AND invert circuit 292. At TD time, a Xi9-77-006 -95-ii49~

1 pos~tive signal is applied via the SYNCH TD line to render 2 the AND circuit 270, conditioned by the positive signal on 3 the WR DSD ORDER line, effective to provide a positive 4 signal on the WR ORD TIME line which is applied to the S remaining input of the AND invert circuit 292 to render it 6 effective to produce a negative signal on the -SET D~CK
7 line. The negative signal on the -SET DECK line is applied 8 to set the DECR latch 296 in Fig. l9c3, to reset the key 9 invalid latch 278, to set the LMK latch 566 in Fig. l9g4 ~nd to decondition the AND invert circuit 368 in Fig. l9c2. The 11 AND invert circuit 368 in being deconditioned applies a 12 positive signal to condition the AND invert circuits 370 and 13 374 which will be u~ed for controlling a MK memory readout 14 as will be described hereafter. The LMK latch 566 in being set applies a negatlve signal via the -LMK line, in Fig. l9c2, 16 to maintain the AND invert circuit 368 deconditioned and 17 thereby maintain the AND invert circult~ 370 and 374 conditioned 18 while the LMR latch remains set i.e. during the MK memory 19 read oùt time. Referring now to Figs. 19c3 and l9c4, the DECK latch 296 in being ~et applies a negative signal via 21 the -DECK line to decondition the AND invert circuit 298 22 which, in turn, applies a po~itive signal on the K ORD line 23 and via inverter 300 a negative si~nal on the -K ORD line 24 thereby providing indications that this i~ a ~ey order operation. The negative signal on the -K ORD line i~
26 applied to re~et the ENC latch 312 which, in being reset, 27 applie~ a negative signal to the ENC line which, in Fig.
28 l9g3 is inverted to a positive signal by ~he inverter 546 to 29 provide a po~itive signal on the DEC line indicating a decipher mode of operation.

Ki9-77-006 -96-~1~94~

1 Referring now to Fig. l9e2, nogative slgnal~ are appliod 2 to the inputs of the AND invert e$reuit 366 and a negatlve 3 ~ignal i8 appliod to the inverter 162 both of whieh eau~e a 4 po~itive signal to be applied to ono input of the AND circuit 380 and to condition the AND invert eircuit 376. Additionally, 6 the MK OVW lateh 276, presently in a reJet state, cause~ a 7 po~itive ~ignal to be appli-d via the -MR OVW line to the 8 other input of the A~D alreuit 380 render$ng it effective to 9 apply and maintain a positive ignal on the -W ENABLE line.
At ~3L time, a ~3L cloek pulse i- applied to render the AND
ll invort eircuit 370 offective to apply a nogative pulse to 12 deeondition the AND invert circuit 376 which, in turn, 13 applies a positive signal to the $nverter 378 where it is 14 inverted to a negat$ve signal on th~ -M ENABLE llne. The posit$ve signal on the -w ENABLE line togother with tho now 16 negativ~ signal on the -M ENABLE line are effoctive to causQ
17 the first half byte at locat$on 0 of the MX MEMORY 700 to bo 18 read out. At 01 tim~ of the next elock cyele, a ~1 elock 19 pulse 18 effective to shift the half byte into the shift register~ 702 in Fig. l9el. Referrlng now to Fig. l9c2, at 21 ~lL time, a -01L elock pulse 18 applied to deconditlon the 22 AND lnvert cireuit 374 which, ln turn, applles a positive 23 signal to render the AND invert elrcuit 376 effoctive to 24 apply a negati~e ~ignal to the -STEP CTR llne and to the inverter 378 to ~pply a po~itive slgnal on the -M ENABLE
26 line. The negative 8ignal on the -STEP CTR line i8 appliQd 27 to the inverter 388 where it 18 inverted to a positlv~
28 signal to step the addr-s~ countor 390 to an addres~ count 29 of 1 ~nd eause a po~itive signal to b~ provlded on th~ Cl line. At 03L tlme, a ~3L clock pulsQ i8 agaln applled to Ki9-77-006 -97-1 render the ~NI) invert circuit 370 effective to initiate 2 production of a negative signal, via the AN~ invert circuit 3 376 and the inverter 378, on the -M ENABLE line. The 4 positive signal on the -W ENABLE line in combination with S the negative signal on the -M ENABLE line is again effective 6 to cau6e the next half byte at location 1 of the ~K ~emory 7 700 to be read out. At ~1 time of the next clock cycle, a 8 01 cloc~ pulse i~ effective to shift the next half byte into g the first ~tages of the shift register 702 and to shift the previous half byte read out of the ~ memory 700 to the 11 ~econd stages of the shift regi~ters 70~. As a result of 12 this action, the first full byte of the cipher key i~ now 13 ~tored in the shift register~ 702.
14 Referring now to the ~ND invert circuit 568 in Fig.
l9g4, a 01 ~EL clock pulse in combination with po~itive 16 signals on the Cl, -STEP CTR and LMX line~ are applied to 17 render the A~D invert circuit 568 effective to apply a 18 negative signal to set the LDK latch 570 which, in being 19 set, applies a negative ~ignal via the -LDK line to decondition the ~D circuit 572 and to one input of the OR invert 21 circuit 576. T}-e deconditioned AND circuit 572 cau~es a 22 negative signal to be applied via the -SR line to one input 23 of the OR invert circuit 574.
24 Referring to the AND invert circuit 374 in Fig. l9c2, at 01L time, a -01L clock pulse is applied to decondition 26 the AND invert circuit 374 cau~ing a po~itive signal to be 27 applied to render the AND invert circuit 376 effective to 28 a~ply a negative ~ignal to the -STEP CT~ line and ViA the 29 inverter 378 to a positive ~ignal on the -M ENABLE line.
Tlle neqative slgnal on the -STEP CTR llne 18 i~verted by the ~`
Ki9-77-006 -98-~494a;~

1 inverter 388 to a positive signal to step the address 2 counter to an addreQs count of 2 and causing a negative 3 signal to now be applied to the Cl line.
4 Referring now to the ~R invert circuits 574 and 576 in Fig. l9g4, at ~2 time, a -C clock pulse i~ applied to the 6 other inputs of the ~R circuits 574 and 576 causing them to 7 apply positive signals via the SR and l,DX lines respectively, 8 to the control signal cable connected to the crypto engines.
g The positive signal on the SR line is also applied to the OR
invert circuit 606 in F~g. l9h4 causing a negative signal, 11 delayed by delay circuit 60&, to be applied via LDX line to 12 the control signal ca~le.
13 Referring now to the crypto engines in Fig. l9gl, the 14 positive signal on the LDK line i~ applied to condition the A~-D circuit 807 to permit a parity check to be made of the 16 first byte of the cipher key ~tored in the shift registers 17 702 to be checked for a parity error. The positive signals 18 on the SR, ~DX and LDK lines are applied as control signal 19 inputs to the key registers ~KR 350 and LKR 400 to shift the key register and allow the first byte of the cipher key, 21 passed via the P box 300, to be latched into the key registers.
22 Referring now to ~is. l9c2, at p3L time, a 03L clock 23 pulse is again applied to render the AMD invert circuit 370 24 effective to initiate production of a neqative signal on the -M ENABLE line to permit the third half byte to be read 26 out of the MK memory 700 from location 2. ~eferring now to 27 Fig. l9g4, at ~1 time of the next clock cycle, a -pl clock 28 pulse is applied to reset the ~DK latch 570 to inhibit 29 production of the control signals for the crypto engine durlng this clock cycle in order to permit the next half Xi9-77-006 -99-~4g4W

1 byte to be read out of the MK memory 700 and shifted into 2 the shift registers 702 in Fig. 19el. .~ccordingly, referring 3 to Fig. 19el, at the same time that the l.DK latch 570 is 4 reset, a ~1 clock pulse is applied to shift the next half byte from the MK memory 700 into the shift registers 702.
6 In a similar manner, during each succeeding clock 7 cycle, a half byte of the cipher key is read out of the MK
8 memory 700 and ~hifted into the shift registers 720 and the 9 address counter 390 stepped to the next address count.
After each second clock cycle, when a full byte of the 11 cipher key is loaded into the shift registers 720, control 12 signals are provided on the LDK, SR and LDR lines to parity 13 clleck the cipher key byte and to simultaneously ~hift the 14 previou~ly loaded byte one po~ition to the right and to latch up the newly enter~d byte in the key registers in the 16 crypto engine.
17 Referring now to Fig. l9d2, when the address counter 18 390 steps to an address count of 7 tthe 8th addres~ location), 19 a negative signal is produced on the -C8 line to set the 16 STEP latch 404 which, in being set, applies a positive signal to 21 one input of the AND circuit 406. A~ter the 8th byte is loaded 22 into the key registers, the addre~ counter 390 ~tep~ from an 23 address count of 15 back to an addre~s count of 0 (count of 16) 24 cau~ing a positive signal to be produced on the -C8 line which is applied to condition the AND invert circuit 402 and to the 26 other input of the AN~ circuit 406. The AND circuit 406 is 27 rendered effective to produce a positive ~ignal which is 28 inv~rted by inverter 408 to a negative signal on 29 the -16 STEP line to reset the ~K latch S66 in Fig.
l9g4. The L~IK latch 566 in being reset applies a negative KI977006 -lOn-~49~

1 signal via the LMX to decondition the AND invert circuit 568 2 and inhibit further setting of the IDK latch 570 ~nd further 3 production of crypto engine control signals on the LDX, SR
4 and LD~ lines. Referring to Fiq. l9d2, at ~4 t~me of the 16 clock cycle, a ~4 clock pul~e i8 applied to reset the 16 6 STEP latch 404.
7 After loading the master key into the key registers ~f 8 the crypto engines a series of 8 PIOW commands are issued g with the data field~ associated w~th the commands, con~tituting the enciphered operational key to be deciphered under 11 control of the master key, being loaded into the buffer 12 register~ of the crypto ongines. The loading operation of 13 the snciphered operational key into the buffer registers of 14 the crypto engines by a serie~ of 8 PIOW command~ is identical 1~ to the loading operation described in connection with the 16 input cycle of the LRD order operation and reference may be 17 made to that section for a detailed description. Generally, 18 the first of such commands initiates the input cycle and the 19 byte counter counts each such command received. After the 8 PIOW commands have been received and the 8th byte written 21 into the buffer reglsters, then, at the 8th count, the input 22 cycle ends with the block count flip flop 414 being set to 23 produce a positive ~ignal on the -BLX0 line and to set t~e 24 IN CYCLE END latch 534 causing a positive ~ignal to be produced on the IN CYCLE END line to ~ndicate the end of the 26 input cycle.
27 Referring now to ~ig. l9f4, the po~itive signal on the 28 IN CYCLE END line together with the po~itive signal on the 29 -LKD line is applied to render the AND invert circuit 622 effective to apply a negative signal to turn on Xi~-77-006 -101-94K~

1 the STARI EB latch 628 and to the A~D invert circuit 638 2 where it is inverted to a positive signal and applied to the 3 OR invert circuit 640 which produces negative signals on 4 the -ELR anc -IDR lines. The negative signal on the -rLR
line is applied to one input of the OR invert circuit 642 6 and, in Fig. 19c2 to decondition the ~D circuit 3~2 causinq 7 a negative signal to be applied to reset the counter 390 in 8 Fig. l9d2 in preparation for this counter to operate as a g round counter for the 16 rounds of operation of the cipher engines. The negative signal on the -LDR line is applied to 11 one input of the OR invert circuit 644. ~t 02 time, a -C
12 clock pulse is applied to the other inputs of the OR invert 13 circuit 642 and 644 causins positive signals to be applied 14 via the ELR and LDR l~nes, re~pectively, to the control sinal cable connected to the crypto engines. The positive 16 signal on the ELR line is also applied to the ~R invert 17 circuit 648 causing a negative signal, delayed by the 250ns 18 time delay circuit 650, to be applied via the ~;IB line to 19 the control signal cable. ~he positive ~ignal on the LDR
line is applied to the CR invert circuit 652 causing a 21 negative signal, delayed by the 250ns time delay circuit 654 22 to be applied via the LDR line to the control signal cable.
23 Referring now to the crypto engines in ~ig. l9gl, the 24 control signals IDR and LDR are effective for parallel transferring the contents of the buffer registers ~BR 100 26 and LBR 150 to the data registers UDR 200 and I,~R 250. The 27 control signals ELR and LIB are effective for causing the 28 contents of the upper data register ~DR ~00 and the lower 29 data register I.DR 250 ~via ~he cipher funct~on circuits) to be transferred to the upper bu fer register UBR 100 and the Ki9-77-006 -102-~1~94~33 1 lower buffer register LBR 150, the transfer to the buffer 2 register~ ~eing of no con~equence at this time but will be 3 of conse~uence at the end of the 16th round of operation of the 4 crypto engine~. At this time, with the enciphered operational key presently stored in the data registers and the cipher 6 key ~tored in the key registers, the crypto engines are now 7 effective to perform a decipher function in a manner described 8 in detail in the aforementioned U.S. Patent No. 3,958,081 9 and generally described in the prevlous ~ection entitled, TERMINAL. Reference may be made to the aforementioned 11 patent for a more detailed description of the decipher 12 function.
13 A de~cription of the manner in which the crypto engine 14 control slgnals are produced will now be given and can be followed in con~unction with the timing diagram in Fig. 24.
16 Referring now to Fig. l9f3, at ~l/L time, a -~l/L clock 17 pulse is applied to re~et the IN CYCLE END latch 534 which, 18 in being reset, applies a negative ~ignal to decondition the 19 AND invert circuit 622 in Fig. l9f4. The AND invert circuit 622 in being deconditioned applie~ a poYitive signal which 21 together with the positive ~ignal from the set START EB
22 latch 628 render~ the AND invert circuit 630 effective to 23 apply a negative signal to set the EB latch 632 indicating 24 the start of the crypto operation. The E~ latch 632 in being set applies a positive ~ignal to the EB line and a 26 negative signal to the -EB line. Th~ positive signal on the 27 EB line is applied to one input of the AND invert circuit 28 398 in Fig. l9d2 and to condition the ER flip flop 384 in 29 Fig. l9c2 while the negative Qignal on the -EB line is applied to ~et the START EB END latch 612.

~494~

1 The cip~ler function is performed ~y repeating a product 2 cip~er function 16 times, termed 16 rounds, with each round 3 Deing carried OUt in two clock cycles for a total of 32 4 clock cycles per cipher function. During each round, the data contents of the upper data register UDR 200 is ciphered 6 (in the present case decip~ered) under control of the contents 7 of the key regi~ter~ U~R 350 and LKR 400 with the results 8 heing added to the contents of the lower data register ~R
9 250 by modulo-2 adders GS0-~64. .~t the end of each round, the output~ of the modulo-2 adders are parallel transferred 11 to the upper data registers ~R 200 while the contents of 12 the upper data registers ~DR 200 are parallel transferred to 13 the lower data register LDR 250 to fo m the arguments for 14 the next round.
.~ferring now to Fig. l9d2, during the cipher function 16 operation the counter 390 functions as a round counter. ihe 17 round counter 390 is stepped every 2 clock cycles from a 18 count value of ~ to a count value of 15 providing a total 19 count of 16 for the 16 rounds. Stepping of the round counter 390 is accomplished under control the ER flip flop 21 384 after being enabled ~y the positive signal on the ~B
22 line. Thus, at ~1 time following the conditioning of the ;?R
23 flip flop 384, a ~1 clock pulse is applied to set the flip 24 flop 384 and at ~1 tirne of the succeeding clock cycle, a ~1 clock pul e is again applied to reset the flip flop 384 26 which in heing reset applies a negative signal to inverter 27 386 where it is inverted to a positive signal and applied to 28 step the round counter 390. Ther~fore, it should ~e apparent, 29 that the round counter 390 is stepped to the next count cvery 2 clock cycles. ~dditionally, during the first clock KI~77~0~ -l'J4-~4941~

1 cycle of each round, ER flip flop 384 being in a re~et 2 state, applies a positive ~ignal via the -~R FF line to one 3 input of the AND invert circuit 400. The other input to the 4 AND invert circuit 400 is connected to a round count decoder consisting of P~D invert circuit~ 392, 394, 396 and 398 6 which is effective, while a po~itive signal i9 maintained on 7 the E~ line, to produce a positive signal at the output of 8 the AND invert circuit 39~ when the round count is 0, 7, 14 9 or 15 and a negative ~ignal at all other times. Thus, during the fir~t clock cycle of rounds 0, 7, 14 and lS, the 11 combination of positive signals on the -~R FF line and the 12 output of the AND invert circuit 398 will render AND invert 13 circuit 400 effective to apply a negative ~ignal on the C~
14 0, 7, 14, 15 line whereas during the fir~t clock cycle of all other rounds the negative signal output of the AN~
16 invert circuit 398 deconditions the AND invert circuit 400 17 cau~ing a positive signal to be applied to the CT 0, 7, 14, 18 15 line. During the second clock cycle of every round, the 19 ER flip flop 384 i9 in a set fitate cau~ing a negative signal to be applied to decondition the AND invert circuit 400, 21 which, in turn, applie~ a positive signal to the CT 0, 7, 22 14, 15 line. Thus, it should be apparent, that a positive 23 signal is maintained on the CT 0, 7, 14, 15 line during 24 every round count except during the first clock cycle of round count 0, 7, 14 and 15 with one exception, namely, 26 during the second cycle of the round count 15 (16th round).
27 This i3 co because of the fact that the EB latch 632 in Fig.
28 13f4 i~ reset at the end o the first clock cycle of the 29 16th round to terminate the positive signal on the ~B line and thereby inhibit production of ~ positive si~nal on the Ki9-77-006 -105-ii~94~

1 CT 0, 7, 14, 15 line during the second clock cycle. Therefore, 2 a positive signal is maintained on the ~ p, 7, 14, 15 line 3 from the beginning of the second clock cycle of round count 4 0 to the end of the second clock cycle of round count 6, then fro~ the beginning of the second clock cycle of round 6 count 7 to the end of the second clock cycle of round count 7 13 and during the second clock cycle of round count 14.
8 Referring now to the AN~ invert circuit 548 in Fig.
9 l9g3, during the time that the positive sianal is ma$ntained on the CT 0, 7, 14, 15 line, that positive signal in combination 11 with the posltive signal on the ~EC line are applied to 12 render the ~D invert circuit 548 effective for applyin~ a 13 negative signal via the -SRR line to one input of the OR
14 invert circuit 550 and to decondition the A~D circuit 572 in Fig. l9g4. The ~D circuit 572 in being deconditioned causes 16 a negative signal to be applied via the -~R line to one 17 input of the OR invert circuit S74. Thus, negative signals 18 are maintained on the -SRR and -~R line during times corresponding 19 to the positive signal maintained on the CT 0, 7, 14, 15 line. During each succeeding -C time, while such negative 21 signals are maintained on the -SRR and -SR lines, -C clock 22 pulses are applied to the other input of the ~R invert 23 circuits 550 and 574 causing positive signals to be applied 24 via the S~R and SR lines, respectively, to the control signal cable connected to the crypto engines. The positive 26 ~ignals on the SR lines are also applied to the OR invert 27 circuit 606 causing negative signals delayed by delay circuit 28 608 to be applied via the LDK line to the control ~ignal 29 cable. Therefore, a total of 27 po~itive signal~ are produced on the S~R, SR and LDX lines durtng 15 rounds of the cipher Ki9-77-006 -106-ii~9~`

1 function. Referring now to the crypto enaines ln Fig. l9gl, 2 each combinatlon of positive signal~ on the SR, SRR and 3 ~b~ lines are effective for shlfting the key regi~ter right 4 one position. Thus, with this key shifting ~chedule arrange-ment the key registers are shifted twice each round except 6 during round counts O, 7 and 14 when the key registers are 7 shifted once and during round count 15 where the key regi~ters 8 are not shifted at all as shown in the tim~ng diagram of 9 Fig. 23.
Referring now to the ER flip flop 384 in Fig. l9c2, since 11 the ER flip flop 384 i8 switched every cloc~ cycle, a 12 negative signal i~ applied to the -ER FF line during every 13 second clock cycle of each round except the last round.
14 This is 80 because of the fact that the ~B latch 632 in Fig.
l9f4 is reset at the end of the fir~t clock cycle of the 16 round count 15 (16th round) to terminate the positive ~ignal 17 EB line and thereby inhibit ER flip flop 3B4 in Fig. l9c2 18 from being set during the ~econd clock cycle of the round 19 count 15. The succes~ive negative ~ignal~ on the -~R FF line are applied to one input of the OR invert circuit 542.
21 Accordingly, during every second clock cycle of a round, a 22 -C clock pul~e is applied to the other lnput of the OR invert 23 circuit 542 causing positive signals to be applied on the ER
24 'ine to the control signal cable connected to the crypto engines. The positive signals on the ~R line are also 26 applied to render the OR invert circuit 652 in Fig. l9h4 27 effective to apply negative signal~, delayed by a 250ns 28 delay circuit 654, via the L~R line to the control signal 29 cable. Referring now to the crypto engine in Fig. l9gl, the positive signals on the ER and LDR line are applied to the Ki9-77-006 -107-~94~

1 upper and lower data registers UDR 200 and LDR 250 at the 2 end of each round and are effective to cause the intermediate 3 result of the cipher function to be tran~ferred from the 4 output of the modulo-2 adder~ 650-664 to the upper data S register UDR 200 while the output of the upper data regi~ter 6 UDR 200 are transferred to the lower data register LDR 250 7 in preparation for the next round of the cipher function.
8 Referring now to the AND invert circuit 624 in Fig.
9 l9f4, at 04 time of the first clock cycle of the round count 15, a p4 cloc~ pul~e in combination with positive signals on 11 the Cl and 14, 15 line render the AND invert circuit effective 12 to apply a negative signal to reset START EB and ~B latches 13 628 and 632, respectively. The EB latch 632 in being reset 14 applies a negative signal on the EB line to decondition the ER flip flop 384 in Fig. 19c2 and a positive signal on the 16 -E~ line which together with a positive signal from the 17 START EB END latch 612 condition the AND invert circuit 614.
18 At pl time of the second clock cycle of round count 15, a 19 ~1 DFL clock pulse is applied to render the AND invert circuit 614 effective to app~y a negative signal to set the 21 EB END latch 616 producing a positive ~ignal on the F~ E~D
22 line and a negative signal on the -EB END line. The positive 23 signal on the EB END line is applied ts condition the AND
24 invert circuit 610 in ~ig. l9e4 and together with the positive signal on the DECK line to condition the AND invert circuit 26 618 and to render the AND circuit 636 in Fig. l9g4 effective 27 to apply a positive signal to the OR invert circuit 640 28 causing negative signals to be applied via the -~LR and -LDR
29 line to one input of the O~ invert circult~ 642 and 644, respectively. ~he neg~tive ~ignal on the -EB END line is Ki9-77-006 -108 1 applied to decondition the AND circuit 382 in Fig. l9c2, 2 causing a negative signal to be applied to reset the round 3 counter 390 in Fiq. l9d2 back to a count of 0.
4 Referring now to Fig. l9g4, at ~2 time of the ~econd clock cycle of round 16, a -C clock pul~e i8 applied to the 6 other lnput of the OR invert circuit 642 and 644 causing 7 po~itive signal~ to be applied via FLR and IDR llnes to the 8 ccntrol ~ignal cable connected to the crypto engines. The 9 positive signals on the ELR and LDR lines are al80 applled to the OR invert circuits 648 and 652, respectively, cau~ing 11 negative signals, delayed by delay clrcuitq 650 and 654, to 12 be applied via the LlB and LDR lines to the control signal 13 cable. Referring now to the crypto engine in Fig. l9gl, the 14 signals on the ELR and ~ line~ and on the LDR and LDR
I5 lines cause a swapping action between the data registers and 16 the buffer registers as previously described. However, the 17 significance at this time is to transfer the contents of the 18 upper data regi~ter VDR 200 to the upper buffer register UBR
19 100 and to transfer the outputs of the modulo-2 adders 650-664 to the lower buffer regi~ter LBR 150 ~o that the result 21 of the cipher function, namely, the operational key in clear 22 form is now stored in the buffer regi~ter~.
23 Referring now to Fig. l9e4, at ~4 time of the ~econd 24 clock cycle of the 16th round, a ~4 clock pul~e 18 applied to render the AND invert circuit 610 effective to apply a 26 negative signal to reset the START EB END latch 612 in Pigt 27 l9f4. At the same time, the ~4 clock pulse is al~o applied 28 to render the AND invert circult 618 in Fig. l9e4 effective 29 to apply a negative 8ignal to the OR invert circuit 620 in Fig. l9f4 where it is inverted to a positive signal on E9 Xi9-77-006 -109-1~494W

1 EN~ L line. The positive sianal on the ~B END L line is 2 applied to the ~ND invert circuit 619 the other inputs of 3 which have positi~e ~ignals maintained thereon so as to 4 render the AND invert circuit 619 effective to maintain a negative signal input to the OR invert 620 thereby latching 6 the positive signal on the FB ~ND B line until a negat~ve 7 sisnal is subse~uently applied to the -OU~ CYCLE S~ART line.
8 The positive signal on the ~B END L line i~ also applied to 9 condition the ~ND invert circuit 458 in Fig. l9e3. At ~1 tim~e of the next clock cycle, a ~1 clock pulse is appl~ed to 11 render the ~ND invert circuit 458 effectlve to apply a 12 negative signal to set the ~TPUT C~CL~ latch 464 producing 13 a positive signal on OUT CYCI.E line and a negative signal on 14 the -~UT CYCL~ line thereby initiating an output cycle with the negative signal on the -~UT CYCL~ line being applied to 16 set the START OUT CYCLE END latch 580. Referrinq now to 17 Fig. l9g4, the positive signal on the ~VT CYCL~ line together 18 with a positive siqnal on the Y ORD llne render the AND
19 invert circuit 598 effective to apply a negative ~ignal to decondition the ~ND circuit 600, to decondition the AND
21 circuit 572 and via the -LXB line to one input of the ~R
22 invert circuit ~04. ~he deconditioned A~ID circuit 600 23 applies a negative signal vi~ the -BIB line to one input of 24 the OR invert circuit 602 while the deconditioned AND circuit 572 applies a negative signal via the -~R line to one input 26 of the OR invert circuit 574. Peferrina now to Flg. l9f4, 27 at 01/L time, a -~l/L clock pulse i8 applied to reset the FB
28 END latch 616. Referring now to ~lg. l9g4, at ~2 tlme, a 29 -C clock pulse ~8 appl~ed to the other lnput of the OR
invert clrcults 602, 604 and 574 cau~lng them to be decondlt~oned Ki9-77-006 -110-1~494~

1 and apply positive signals via the LIB, LKB and SR line~, 2 re~pectively, to the control signal cable connected to the 3 crypto engines. The positive s~gnals on the SR line i8 also 4 applied to the OR invert circuit 6Q6 in Fig. l9h4 causing a negative signal, delayed by delay circult 608, to be applied 6 via the ~DK line to the control signal cable.
7 Referring now to the crypto engines in Fig. l9gl, these 8 signals are effective to cause the buffer and key registers 9 to shift in synchroni~m with a data byte being transferred from the buffer registers UBR 100 and LBR 150 to the key 11 registers UKR 350 and LXR 400. Referrlng now to Fig. l9d4, 12 at 04 time, a p4 clock pul~e in combination with positive 13 signals on the OUT CYCLE and X ORD lines are applied to 14 render the AND invert circuit 442 effective to apply a negative pulse to the STEP 8YTE CTR line, at the trailing 16 ; edge of which a positive signal is effective to step the 17 byte counter to a count of 1. In a similar manner to that 18 described above, the buffer registers and the key registers 19 of the crypto engine are shifted in synchronism, once for each clock cycle, causing succes~ive bytes of the operational 21 key in clear form to ~e tran~ferred from the buffer registers 22 ~o the key registers.
23 The byte counter 448 count~ the clock cycles and when 24 the count steps from a count of 7 back to a count of 0, a negative signal is applied to set the COUNT 8 latch 450 26 which, in being set, applie~ a negative signal via the -CT8 27 line to reset the OUTPUT CYCLE latch 464 in Fig. l9e3. The 28 OUTPUT CYCLE latch 464, in being re~et, applie~ a positive 29 signal on the -OUT CYCLE line and a negative ~ignal on the OUT CYCLE line. Referring now to Fig. l9d3, the combination Ki9-77-006 ~9~83 1 of positive signals on the -OUT CYC~E line and the -IN CYCLE
2 line render the ~7D invert circ~it 410 effective to apply a 3 nesative si~nal to reset the COUNI ~ latch 450 in rig. l9d4, 4 an~ i~ inverted by the inverter 412 to a positive signal to reset the 3LOCK CO~NT flip flGp 414 producinq a negative 6 si~nal on the ~ 0 line and a po~itive signal on the -ELKl 7 line. At the same time, the negative signal on the OUT
8 CYCI.~ line is applied to decondition the A~D invert circuit 9 598 in Fig. l9g4 causing a positive signal to be applied via -L~ line to the OR invert circuit 604 and to render the 11 A~D circuits 600 and 572 effective to apply positive signal~
12 via th~ -LIB and -CR line to the OR invert circuits 602 and 13 574. As a result, negative signals are now maintained on 14 the IIB, L~B and SR line to terminate further shifting of lS the buffer and key registers in the crypto engines.
16 Referring now to Fig. l9f3, at ~1 time of the next 17 clock cycle, a ~1 D~L clock ~ulse in combination with the 18 positive signal on the -OUT CYCLE line and the positive 19 signal output of the STA~T OUT CYCLE END latch 580 are applied to render the AND invert circuit 582 effective to 21 produce a ne~ative signal to set the OUT CYCLE END latch 22 584. ~he OU~ CYCLE END latch 584, in being set, applies 23 a positive signal on the DUT CYCL~ ENC line to condition the 24 A~'D invert circuit 578 in Fi~3. l9e3 and a negative signal on the -OUT CYC~E ~ND line to reset the DECK latch 296 in Fig.
26 l9c3. The DECK latch 296 in being reset applies a positive 27 signal to render the AND invert circuit ~98 in Fig. ~9c~
28 effective to apply a negative signal on the 1~ ORD line and 29 via the inverter 300 a positive signal on the -K ORD line indicating the end of the key order operation. neferring now ~4g~

1 to F~gs. l9e3 and l9f3, at ~4 time, a ~4 clock pulse is 2 ap~lied to render the AND invert circuit 578 effective to 3 apply a negative signal to reset the START OUT CYCLE END
4 latch 580. At 01 time of the next clock cycle, a -~l/I, S clock pulse i~ applied to re-~et the OUT CYCLE END latch 584 6 and thereby end the decipher key order operation with the 7 operational key presently stored in the key registers in 8 preparation for a subsequent data proce~s~ng operation.

The function of this operation is to encipher a me~sage, 11 which may consist of one or more 8 byte bloc~s of plaintext, 12 into a corre~ponding message of ciphertext. After a valid 13 operational key is installed in the crypto engine~ there is 14 no need to i88ue any further key handling orders for successive blocks of plaintext so long as that same operational key is 16 u~ed. A valid operational key i-~ loaded in the key registers 17 of the crypto engine by one of two ways, either by performing 18 a LXD operation or a DECK operation, a8 previously described.
19 When the order code specifying the encipher order i~
decoded, a ENC latch is set to signal the encipher mode of 21 operation. Following the ENC order command, a first ~eries 22 ~f 8 PIOW data commands i~ issued, w~th the data fields 23 associated with the commands, being loaded into the buffer 24 registers of the crypto engines as the first message block of plaintext to be enciphered. The first such command 26 initiates an input cycle and a byte counter counts each ~uch 27 command received. After the 8 PIOW commands have been 28 received and the 8th byte of the message block written into 29 the buffer registers, then, at the 8th count the input cycle end~, a block counter i~ set and the crypto engines start an ~i9-77-006 -113-1 encipher function which is indicated by the generation of an 2 engine busy signal. At the end of the encipher operation, 3 half of the ciphextext block of data is present in the upper 4 data register and the other half is present at the outputs of the cipher function circuits. Following the encipher 6 operation, a serie~ of 8 PIOR data commands are issued for 7 reading the enciphered me~sage block of ciphertext. The 8 first such command initiates an output cycle and the byte 9 counter counts each Ruch command received. During the execution of the first ~IOR data command, while the block 11 count is at a count of 1, the message block of ciphertext is 12 parallel transferred from the upper data reglster and the 13 outputs of the cipher function circuit~ to the buffer 14 register~ where it i8 now available for reading, a byte at a time. At the end of the execution of each PIOR command, the 16 buffer registers are ~hifted one position to present the 17 next byte of the me~age block of ciphertext for reading.
18 At the 8th count of the byte counter, the output cycle ends, 19 the block counter 18 reset and the ENC latch remains set to end the encipher order operation. The ENC latch in remaining 21 ~et p~rmits one or more succeeding message block of plaintext 22 to be enciphered in a simllar manner a~ that described 23 above.
24 A more detailed description of the encipher order operation will now be given in con~unction with the timing 26 diagram of Fig. 25. After address ~electisn at TA time and 27 loading the command byte into the command regi~ter at TC
28 time, the command code is decoded by AN~ invert circuit 266 29 in Fig. l9b2 to produce a negative signal which i8 inverted by inverter 268 to a positive signal on the WR DSD ORDER

Ki9-77-006 -114-~49~

1 line thereby indica~ing the presence of a WR DSD OR~ER
2 command. At the same time, a data processing order code is 3 decoded by the AND invert circuit 302 to apply a negative 4 signal via the -DP DEC line to the inverter 304 where it i8 inverted to a positive s$gnal and applied to one input of 6 the AND invert circuit 306. At TD time, a positive signal 7 is applied via the SYNC~ TD line to render the AND circuit 8 270, conditioned by the positive signal on the WR DSD ORDER
9 line, effective to produce a positive signal on the WR ORD
TIME line which is applied to the remaining input of the AND
11 invert circuit 306 to render lt effective to produce a 12 negative signal which i8 applied via the -~ST ENC line to 13 reset the E~C latch 312 in Fig. l9c4 snd to the inverter 308 14 where it is inverted to a positive signal and applied to one input of the AND invert circuit 310. A positive ~ignal on 16 the -Y line from the command regi~ter 224 personalizes the 17 pre~ent order as an ~NC order and is applied to the ot~er 18 input of the AND invert circuit 310 to render it effective 19 to apply a negative signal via the -SET ENC line to ~et the ENC latch 312. The ENC latch 312 in being set applies a 21 positive signal via the ENC line to Fig. l9g3 where it is 22 effective to condition the AND circuit 536 and is inverted 23 to a negative signal by the inverter 546 to apply a negative 24 signal on the DEC line to decondition the AND invert circuits 548 and 560.
26 The series of 8 PIOW data commands is now received and 27 processed in a similar manner to that described in the DECK
28 order operation i.e. an input cycle i~ initiated, the byte 29 counter 448 is conditioned to count each PIOW data command received and the message block of plaintext is loaded, a Ki9-77-006 -115-i~4g~

1 byte at a time, per PIOW data command, lnto the buffer 2 registers U~R 100 and LBR 150. After the 8th byte has been 3 written into the buffer registers, then, at the 8th count, 4 the input cycle ends, the block count flip flop 414, in Fig.
l9d3, is set and the IN CYCLE END latch S34 in Fig. l9f3 is 6 set. The IN CYCLE END latch 534 in being set initiates the 7 swapping action between the buffer registers and the data 8 registers of the crypto engines which, in this case, cau~es 9 the message block of plaintext to be tranfiferred from the buffer registers UBR 100 and LBR 150 to the data registers 11 V~R 200 and LDR 250 preparatory to performing the encipher 12 operation. At the -~ame time, referring to the AND circuit 13 538 in Fig. l9g3, po~itive signals on the IN CYCLE END and 14 ENC lines render the AND circuit 538 effective to apply a positive signal to the OR invert circuit 540 causing a 16 negative signal to be applied via the -SL line to one input 17 of the OR invert circuit 544. At -C time, a -C clock pul~e 18 is applied to the other input of the OR invert circuit 544 19 causing it to apply a positive sîgnal via the S~ line to the control s~gnal cable and to one input of the OR invert 21 circuit 606 in Flq. l9h4. The OR invert circuit 606 is 22 rendered effective to apply a negative si~nal, delayed by 23 the delay circuit 6~8, via the LD~ line to the control ~4 signal cable connected to the crypto engines. ~eferrinq now to the crypto engines in Fig. l9gl, the signal~ on the SL
26 and LDK line are applied to the key registers causing the 27 contents thereof to be shifted one position to the left as a 28 pre-~hift operation prior to the encipher operation.
29 The enclpher operation is similar to the decipher operatlon prevlousl~ described ln connectlon with ~CK order Ri9-77-006 -llfi-~14~4W

1 operation except that in this case the key register is 2 shif~ed to the left under control of S~ control signalq 3 rather than the SRR and SR control signals as can be better 4 seen by referring to the timing diagram of Fig. 25. ~eferring to ~ig. l9g3, this is so because the signals on the CT 0, 7, 6 14, 15 line are used with the AND circuit 536 conditioned by 7 the positive signal on the ~NC line and inhibited from being 8 used with the AND circuit 548 deconditioned by the negative 9 signal on the DEC line. As a result of the single pre-~hift signal on the SL line and the 27 additional signals on the 11 SL line during the encipher operatlon, the key register~
12 shi~t left exactly 28 times to return the operational key 13 back to the initial condition in the key registers in 14 preparation for enciphering the next block of a multi-block plaintext message. At the end of the cipher function, half 16 of the ciphertext block of data i9 available at the output 17 of the upper data register UDR 200 and the other half is 18 available at the outputs of the cipher function circuits.
19 Referring now to Fig. 19b2, the first of a series of 8 ~IOR data commands i~ now received and after address selection 21 at TA time and command loading into the command register at 22 ~C time, the AND invert circuit 262 decodes this command and 23 applies a negative signal to one input of the ~R invert 24 circuit 260 and to the inver~er 264 where it i8 inverted to a positive signal on the PIOR EARLY line. Referring now to 26 Fig. l9d3, the positive signal on the PIOR EARLY line is 27 applied to the inverter 422 where it is inverted to a 28 negative signal and applied to one input of the OR invert 29 circuit 424. At this time, positive signals are maintained at the input of the ~ND invert clrcuit 416 causing a negative ~i9-77-006 -117-i~4~4W

1 si~nal to be applied to the other input of the QR invert 2 circuit 424 which therefore produces a positive signal on 3 the PIOR line. The positive signal on the PIOR line is 4 applied to the OR invert circuit 456 in Fis. l9e3 where it is inverted to a neaative signal to set the OUTPUT CYCLF
6 latch 464 producing a positive signal on the OIJT CYCLE line 7 and a negative signal on the -~UT CYCLE line to initiate an 8 output cycle. The positive siqnal on the PIOR line is 9 also applied to the inverter 462 where it is inverted to a negative signal and applied via the -PIOR line to 4et the 11 ST~RT ~IOR ~ND latch 588 in Fig. l9f3. Referring now to 12 Figs. l9e3 and l9f3, the negative signal on the -OUT CYCLE
13 line is applied to set the START OUT CYCLE END latch 580 14 while the positive signal on the OUT CYCLE line in combination with the positive signal output of the START OUT CYCLE START
16 latch 554 in Fig. l9f3 are applied to condition the A~D
17 invert circuit 556. At ~1 time of the next clock cycle, 18 a pl DEL clock pulse is applied to render the ~D invert 19 circuit 556 effect$ve to apply a negative signal to ~et the OUT CYCLE START latch 558 which, in being ~et, applies ~
21 positive signal to the OUT CYCL~ START line and a negative 22 signal to the -~VT CYCLE START line. ~he positive ~ignal on 23 the OVT CYCL~ START line is applied to condition the ~ND
24 invert circuit 552 in Fig. l9e3 and ~s al~o applied to the AND circuit 634 in Pig. l9g4. Since this is not a key order 26 operation and the block count is at a count of one, positive 27 signals are maintained on the other tnputs to the ~ND
28 circuit 634 which, therefore, is rendered effective to apply 29 ~ positive ~ign~l ~o the ~R invert circuit 640 whlch, in turn, initlates pro~uctlon of the ELR and LIB control Ki9-77-006 -118-~49~W

1 signals, in a manner previously descrlbed, to the crypto 2 en~ines where they are effective to cause the enciphered 3 block of data to be transferred from the outputs of the 4 upper data register UDP 200 and the outputs of the modulo-2 adder 65~-664 to the upper buffer reglster 100 and the lower 6 buffer register 150, respectively, in preparation for 7 reading the now enciphered block of ciphertext. Referring 8 now to Figs. l9e3 and l9f3, at ~4 time, a ~4 clock pulse i9 g applied to render the A~D invert circuit 552 effective to apply a negative ~ignal to reset the STAPT OU~ CYC~E START
11 latch 554. At ~1/1 time, a -~l/L clock pulse is applied to 12 reset the OUT CYCLE START latch 558.
13 Referrinc now to ~ig. l9b2, at TC END time, a positive 14 sicnal on the TC E~D line is applied to the inverter 258 where it is inverted to a neaative signal to decondition 1~ the OR invert circuit 260 causing a positive signal to be 17 applied to the ~IOR DATA line. ~eferrinq now to the ~ND
18 circuit ~02 in Fig. l9h3, assuming there has been no procedural 19 error, the positive signal on the PIOR DATA line is applied to render the ~ND circuit 902 effective to apply a positive 21 signal to condition an arrav of exclusive ~R circuits 906 in 22 Fig. l9il. The function of this array is to compare 23 corresponding data bytes from the two crypto engines for 24 equallty. Exclusive OR circuit 906A is representative of this array and will be described in detail. ~yte outputs 26 from the crypto engine are applied to the AND invert circuits 27 90~, gl0 and 912 with a positive signal on the bit line 28 representlng a bit 1 and a negative ~lgnal on the hit line 29 representing a bit 0. If the output bits are both equal to 1, then positive ~ignal~ are applied to render the AND

Ki9-77-006 ^119-i~49~W

1 i~vert circuit 908 effective to apply a negative signal to 2 ~econdition hoth the ;~D invert circuits gl0 and 912 causing 3 a positive signal to ~e produced from the joint outputs 4 thereof. Similarly, if the output bit~ are both equal to 0, then negat$ve signal~ are applied to decondition the A~ID
6 invert circuits 910 and 912 causing a positive signal to 7 also be produced from the joint outputs thereof. ~n the 8 other hand, if the output bits from the crypto engines are 9 not e~ual, then the ~ND invert circuit 908 is deconditioned to apply a positive signal to condition the AND invert 11 circuits 910 and 912, one of which will have a positive 12 signal applied thereto from one of the crypto engines to 13 ren~er that AN~ invert circuit effective to apply a negative 14 signal from the joint outputs thereof. ~ccordingly, it should be apparent that if the outputs of one crypto engine 16 equal the outputs of the other crypto engine, then positive 17 signals will be applied from the array of exclusive OR
18 circuit 906 to render the AND invert circuit 916 effective 19 to produce a negative signal to decondition the engine error detect .~ND invert circuit 918. On the other hana, if any bit 21 of the cipher engine~ does not compare, then, a negative signal 22 output from the exclusive OR circuit correspondin~ to the 23 error bit will be applied to decondition the ~ND invert 24 circuit 916 causing a positive ~i~nal to be applied to condition the engine error detect AND invert circuit 918.
26 During TC EN~ time, while a positive signal is maintained 27 on the PIOR DAT~ line, and assuming there i8 no engine 28 errors, the byte output of the crypto engine~ i8 taken from 29 the output of the A~D invert circuits, such as A~D invort circult 908, of the array of exclusive O~ circuit9 906 and ~494~3 1 applied to the -DATA BUS IN. At the same time, parity 2 generator circuit 914, which is responsive to the data byte 3 output of the array of exclusive OR circuits 906, generates 4 a parity bit for the data byte which i~ applied to the -P line of the -DATA BUS IN.
6 At TD time, a positive signal is applied via the TD SEL
7 line to render the AND invert circuit 918 effective or not 8 depending on whether an engine error ha-~ been detected. If 9 an engine error is detected, the AND invert circuit 918 is rendered effective to apply a negative ~ignal via the ENGINE
11 ERR line to set the b~t 1 latch 954B of the statu~ register 12 952 to indicate the fact that an engine error wa~ detected.
13 At the end of this IO operation, the command regiater 224 14 in Fig, l9a2 is reset to decondition the command decoder AND
invert circuit 262 thereby cau~ing a po~itive signal to be 16 applied to the OR invert circuit 260 and the inverter 264 17 which, in turn, cause negative ~ignal~ to now be applied to 18 the PIOR DATA and PIOR EARLY lines, respectively. The 19 negative signal on the PIOR EARLY line is applied to the inverter 422 in Fig. l9d3 where it i8 inverted to a positive 21 ~ signal to render the OR invert circuit 424 effective to 22 apply a negative signal on the PIOR line. The negative signal 23 on the PIO~ line i~ applied to the inverter 446, in Fig. l9d4, 24 where it i~ inverted to a positive ~ignal on the STEP BYTE
CTR line to ~tep the Byte Counter 448 to a count of 1. The . .
26 negative signal on the PIOR line i~ also applied to the 27 inverter 462 in Fig. l9e3 where it is inverted to a positive '~ 28 signal and applied together with a positive ~ignal from the ;~ 29 START PIOR END latch 588 in Pig. l9f3 to condition the A~D
invert circuit 590. At ~1 time of the next clock cycle, a ~977006 -121-il49AW

1 ~1 DEL clock pulse is applied to render the AN~ invert 2 circuit 590 effective to produce a negative signal to set 3 the PIOR END latch 592 causing a positive signal to ~e 4 produced on the PIOR END line to conditlon the AND invert circuit 586 in Fig. l9e4 and a negative signal on the -PIOR
6 END line which is applied to decondition the AND circuit 600 7 in Fig. l9g4. The AND circuit 600 in being deconditioned 8 initiates the production of a LIB and ~b control signals, 9 in a manner as previously described, via the control signal cable tn the crypto engines to shift the buffer registers 11 one position in preparation for outputting the next byte of 12 ciphertext of the enciphered message block of data. Referring 13 now to the AND invert circuit 586 in Fig. l9e4, at ~4 14 time, a 04 clock pulse is applied to render the AND invert circuit 586 effective to reset the START PIOR END latch 588.
16 At pl/L time of the next clock cycle, a -pl/L clock pulse is 17 applied to reset the PIOR END latch 592.
18 In a similar manner, during each of the succeeding ones 19 of the series of 8 ~IOR data commandQ, the next data byte of cipher text is pas~ed with an appended parity bit to the -21 DATA BUS IN, the data byte is checked for an engine error, 22 the byte counter i8 stepped to the next count and the buffer 23 registers of the crypto engines are shifted one position to 24 provide the next succeeding data byte of ciphertext for processing.
26 After the 8th byte is read to the -DATA BUS IN, the 27 byte counter 448 in Fig. l9d4 steps from a count of 7 bac~
28 to a count of 0 causing a negative signal to be produced to 29 set the COUNT 8 latch 450 which, in turn, applies a negative signal to the -CT 8 llne. The negat~ve signal on the -CT 8 KTq77006 -122-~49~W

1 line is applied to re~et the OUTPUT CYCLE latch ~64 in Fig.
2 l9e3 thereby ending the output cycle. The OUTPUT CYCLE
3 latch 464 in being re~et applies a positive signal on the 4 -OUT CYCLE line and a negative signal on the OUT CYCLE line.
S ~eferring now to Fig. 19d3, the combination of the 6 positive signal3 on the -OUT CYCLE line and the -TN CYC~E
7 line render the AND invert circuit 410 effective to apply a 8 negative signal to reset the COUNT 8 latch 450 in ~ig. l9d4 9 and is inverted by inverter 412 to a positive signal to reset the BLOCX CO~NT flip flop 414. The negative signal on 11 the OUT CYCLE line is applied to set the START OUT CYCLE
12 START latch 554 in Fig. l9f3. At the end of thi~ IO operation, 13 the command register i~ reset to effectively cau~e a po~itive 14 signal to be applied on the -PIQR line, as in a manner previously described, which in comb$nation with the positive 16 signal output of the START PIOR END latch 588 are applied to 17 condition the AND invert circuit 590 in Fig. l9f3. Accordingly, 18 at ~1 time of the next clock cycle, a pl DEL clock pulse i8 19 applied to render the AND invert circuit 590 effective to apply a negative ~ignal to set the PIOR END latch 592 which, 21 in being set, applies a positive signal to the PIOR END line 22 and a negative signal to the -PIOR END line. The negative 23 signal on the -PIOR END line i~ applied to decondition the 24 AND circuit 600 in Pig. lgg4 which initiates production of the LIB and LIB control signals, in a m~nner previou~ly 26 described, via the control cable to the crypto engines.
27 Referring now to the crypto engine in Fig. l9gl, the LIB and 28 LIB control signals are applied to ~hift the buffer register 29 one more position to effectively clear the content thereof in preparation for receiving the next ~lock of plaintext of yI977006 -123-~494~

1 a mulei-block message for encipherment. Referring now to 2 Fig. l9e4, at ~4 time, a ~4 clock pulse in combination with 3 the positive signal on ~he PIOR END line are applied to 4 render the AND invert circuit 586 effective to apply a S negative signal to reaet the START PIOR END latch 588 in 6 Fig. l9f4. At ~l/L time of the next clock cycle, a -~l/L
7 clock pulse is applied to reset the PIOR END latch 592 to 8 terminate the encipher order operation.
9 DECIP~ER ORDER OPERATION
The function of this operation is to decipher a me~sage, 11 which may consist of one or more 8 byte block~ of ciphertext, 12 into a corresponding message of plaintext. ~fter a valid 13 operational key is installed in the crypto engine by either 14 a LDK or D~CK order operation there is no need to iasue any further key handling orders for successive blocks of 16 ciphertext so long as the ~ame operational key is used.
17 ~7hen the order code specifying a decipher order is decoded, 18 the ENC latch is reset to signal the decipher mode of operation.
19 Following the DEC order com~and, a series of 8 PIOW data commands is issued, with the data fields associated 21 with the commands, constituting the message block of ciphertext, 22 being loaded into the buffer registers of the crypto 23 engines. The first such command initiates an input cycle 24 and a byte counter counts each such command received. After the 8 PIOW commands have been received and the 8th byte 26 written into the buffer registers, then, at the 8th count, 27 the input cycle ends, the block of ciphertext is transferred 28 from the buffer reglsters to the data registers of the 29 crypto engines, a block counter is ~et and the crypto engines start a decipher function which is ~ndicated ~y the ~94~

l generation of an engine bu~y ~ignal. At the end of the 2 deeipher operation, half of the cleartext bloek of data is 3 pre~ent in the upper data regi~ter and the other half is 4 present at the outputs of the eipher function eireuits.
S Following the deeipher operation, a serieQ of 8 PIOR data 6 commands are issued for reading the deeiphered me~sage block 7 of cleartext. The first such eommand initiates an output 8 eyele and the byte eounter counts eaeh sueh eommand reeeived.
9 During the exeeut~on of the fir~t PIOR data command, while the block eount is at a count of l, the message block of ll cleartext is parallel transferred from the upper data 12 register and the output~ of the cipher function circuits to 13 the buffer registers where it is now available for reading, 14 a byte at a time. At the end of the execution of each PIOR
data command, the buffer registers are shifted one position 16 to present the next byte of the message bloek of cleartext for 17 reading. At the 8th count of the byte eounter, the output 18 eyele ends, the bloe~ eounter is reset and the ENC lateh 19 remains reset to end the decipher operat~on. The ENC latch in remaining reset permits one or more suceeeding message 21 blocks of ciphertext to be deciphered in a similar manner as 22 that de~cribed above.
23 The deeipher operation is similar to the encipher 24 operation in that an order code is deeoded, a series of 8 PIOW data eommand~ are is~ued to proceed into an input cycle 26 for loading a data parameter into the crypto engines, a 27 cipher funetion is performed on the data parameter under 28 eontrol of an operatlonal key and a Jeries of 8 PlOR data 29 command~ are i~ued to proeeed into an output eycle for reading the results of the cipher function. The similarity KIq77006 -125-~494W

1 between the~e two operations can be seen from the 2 timing diagram of Fig. 25. The basic difference between 3 these two operations is in the ~pecification of the decipher 4 order rather than an encipher order, which sets the device for the decipher mode of operation, and the key shifting 6 schedule provided for the key registers during the decipher 7 function performed by the crypto engines. It will be 8 remembered that for an encipher operation the key regi~ters 9 are -Qhifted to the left by one pre-shift SL control signal followed by 27 additional SL control signals during the 16 11 rounds of the encipher operation for a total of 28 SL control 12 signal~ to restore the cipher key back to its initial home 13 position in preparation for encipher~ng the next block of 14 cleartext. In the decipher operation, the key registers, instead of being shifted to the left, as in the encipher 16 operation, are shifted to the right by 27 SRR and SR control 17 signals during the 16 rounds of the decipher function, as 18 described in detailed in the DECK order operation, followed 19 by one po~t-~hift SRR and SR control ~ignals at the beginning of the output cycle for a total of 28 SRR and SR control 21 signals to restore the cipher key back to its initial home 22 position in preparation for deciphering the nex~ block of 23 c1phertext. It should be apparent that with this symmetry, 24 the decipher rounds are performed in the reverqe order of the encipher rounds i.e. the set of cipher key bytes used in 26 the last round of an encipher operation is the set of cipher 27 key byte~ used in the first round of the decipher operation 28 so that each round of the decipher operation undoes each 29 round of the encipher operation, in reverse order.
30- Since the basic cipher operation has been described in ~'97700h -126-1~494W

1 detail in the previou~ section and the generation of the 27 2 control signal~ SRR and SR for a decipher function has been 3 de~cribed in connection with the detailed description of 4 DECK order operation, the following detailed description will be restricted to a de~cription of how the device is set 6 for the decipher mode of operation and how the 28th po~t-7 shift SRR and SR control pulse~ are provided at the beginning 8 of the output cycle of the decipher order operation.
9 After address selection at TA time and loading the command byte into the command register at TC time, the 11 command code is decoded by the AND invert circuit 266 in 12 Fig. l9b2 to produce a negative signal which is inverted 13 by inverter 268 to a posit$ve signal on the WR ~SD ORDER
14 line thereby indicating the presence of a W~ DSD order command. At the same time, the order code for data processing 16 operation 1~ decoded by the AND invert circuit 302 in Fig.
17 l9b3 to produce a negative signal on the -DP DEC line where 18 it is invorted to a positive ~ignal by inverter 304 and 19 applied to one input of the AND invert circuit 306. At TD time, a positive signal is applied via the SYNCH TD line to 21 render the AND circuit 270, conditioned by the positive 22 signal on the WR DSD ORDER line, effective to produce a 23 positive signal on the WR ORD TIME line which is applied 24 to the remaining input of the AND invert circuit 306 to render it effective to produce a negative signal which is 26 applied via the -RST ENC line to reset the ENC latch 312 in 27 Fig. l9c4 and to the inverter 308 where it i~ inverted to a 28 positive ~ignal and ~pplied to one input of the AND invert 29 circuit 310. A negatlve signal on the -Y line from the command register 224 personalize~ this data processor order ~Is7~nn6 -127-~494~3 1 as a DEC order and is applied to decondition the AND invert 2 circuit 310, which in being deconditioned, maintains a 3 positive signal on the -SET ENC line so that the ENC latch 4 312 remains in a reset condition. The ENC latch 312, in being in a reset condition, applies a negative signal via 6 the ENC line to the inverter 546 in Fig. l9g3 where it iq 7 inverted to a positive signal on the DEC line to condition 8 the AND invert circuits 548 and 560 each of which is effective 9 for controlling the generation of the SRR and SR control `signals used during the decipher operation.
11 After the decipher function has been completed and the 12 key regiqters have been shifted 27 tlmes under control of 13 the 27 SRR and SR control ~ignals, the first of a series of 14 8 PIOR data commands is issued to initiate an output cycle lS causing the OUTPUT CYCLE latch 464 in Fig. l9e3 to be -qet 16 which, in being qet, applies a positive signal to the OUT
17 CYCLE line. The positive signal on the OUT CYCLE line in 18 combination with a positive signal from the START OUT CYCLE
19 START latch 554 in Fig. l9f3 are applied to condition the AND invert circuit 556. At the next 01 time, a ~1 DEL clock 21 pulse is applied to render the AND invert circuit 556 22 effective to apply a negative signal to set OUT CYCLE STA,~T
23 latch 558. The OUT CYCLE START latch 558, in being set, 24 applies a positive signal to the AND invert circuit 560 in Fig. l9g3 which, at this time, has positive signals maintained 26 on the other input thereto thereby rendering the AND invert 27 circuit 560 effective to apply a negative signal on the 28 -SRR and via the AND circuit 572 in Fig. 19g4 a negative 29 signal on the -SR line to initiate the generation of the post-shift SRR and SR control signals which are used to ~1494W

1 shift the key register the 28th time to restore the cipher 2 key back to its initial home position in preparation for 3 deciphering the next block of ciphertext. The remainder 4 of the D~C order operation, namely, to read the 8 bytes of S the block of cleartext is performed in a similar manner as 6 that described in detail for the encipher order operation.

8 A procedural error is one in which the DSD receives a 9 command out of sequence or at the wrong time, such that it~
execution would cause the destruction or loss of good data 11 in the crypto engines or the providing of useless data from 12 the crypto engines. There are three commands that may cause 13 a procedural error, namely, the PIOW data command, the PIOR
14 ~ata command and the WR DSD order command. The various error conditions which may occur for these three commands are 16 described in the following.
17 1. Procedural errors for a PIOW data command 18 a. If a PIOW data command is issued while a read 19 operation is being performed ~an output cycle is in progress), this causes a procedural 21 error since the buffer registers cannot be 22 used concurrently for both reading and writing.
23 Accordingly, referring to Fig. l9d3, while the 24 output cycle is in progre~s, a negative signal is applied to decondition the AND invert circuit 428 26 causing a po~itive signal to be applied to one 27 input of the AND invert circuit 432. Since a 28 WMK order operation i~ not in progress, a positive 29 signal iq applied via the -WMK line to a second input of the AND invert circuit 432. Now, if an ~I977006 -129-~494W

1 attempt is made to execute a PIOW data command 2 before the end of the output cycle, a positive 3 signal is applied via the PIOW DATA line to a third 4 input of the AND invert circuit 432 thereby S conditioning this circuit. At p3L time of the 6 same clock cycle in which the positive signal is 7 applied to the PIOW DATA line, a ~3L clock pulse 8 is applied to render the AND invert circuit 432 9 effective to apply a negative signal to decondition the ~ND circuit 438 which, in turn, applies a 11 negative signal to the -PROC ERR line indicating 12 a procedural error.
13 b. If a PIOW data command is issued while a block 14 of data is contained in the ~uffer registerQ, this cause~ a procedural error since the 16 buffer reg~ster~ can only contain one block of data 17 at a time. Accordingly, referring to Pig. l9d3, 18 while a block of data i8 contained in the buffer 19 registers, a negative ~ignal is applied via the -BLK
1 line to decondition the AND invert circuit 428 21 causing a positive signal to be applied to one input 22 of the A~D invert circuit 432 and since a WMK order 23 operation i8 not in progress and a PIOW data 24 command is being attempted, positive signals are again applied via the -~K and PIOW DATA lines to 26 condition the ~D invert circuit 432. At 27 ~3~ time, the ~3L clock pulse ic again applied to 28 render the AND invert circuit 432 effective to 29 apply a negative signal to decondition the AND
circuit 438 which then applies a negative signal -'1977006 -130-11494a~

1 to the -P~OC ERR line indicnting a procedural 2 error.
3 c. After a resot or after a WMK order operation, the 4 cipher key in the key registers i8 invalid and a new clpher key must be load~d into the key regi~ters 6 by either a LXD or DECK order command. If a 7 P~OW data command i8 issued while an in~alid key 8 is present in the key regi~ters, this 9 causes a procedural error since a valid key i9 not present in the key reglster~. Accordlngly, referring 11 to Fig. l9d3, while an invalid key i8 present in 12 the key registers, a nega~ive signal iG applied via 13 the -key invalid line to decondltlon the AND invert 14 clrcuit 428 cau~lng a positive signal to be applied to one input of the AND invert clrcuit 432 and ~ince 16 a WMR order operation is not in progress and a PIOW
17 data command 18 being attempted, positive ~ignals 18 are again applied vla the -WMK and PIOW DATA lines 19 to conditlon tho AMD invert circuit 432 to produce a procedural error slgnal at 03L tlme on the -PROC
21 ERR line.
22 d. If a PIOW data command is issued to write a new 23 maQter key into the MK memory leas then 16 micro-24 seconds after lssuing a WMK order command, a procedural error will occur since a WMR overwrite operat$on i8 26 in progre~s for overwritlng the old ma~ter key in 27 the MX memory. Therefore, re~erring to Fig. l9d3 28 a posit$ve slgnal on the M~ OVW llne ln combination 29 with a po~tlve ~lgnal on tho PIOW DATA llne render~
the AND inv~rt circult ~27 o~fectlve to apply a Ki9-77-006 -131-1~494a3 negative signal to decondition the AND circuit 438 to produce a negative signal on the -PROC ERR line 3 indicating a procedural error.
4 2. Procedural error~ for a PIOR data command a. If a PIOR data command is issued while a write 6 operation is presently ~eing performed (an 7 input cycle is in progress), this cau~es 8 a procedural error since the buffer registers cannot 9 be used concurrently for both reading and writing.
- 10 Accordingly, referring to Fig. l9d3, while an input 11 cycle is in progress, a negative signal is applied 12 to decondition the AND invert circuit 416 causing a 13 positive signal to be applied to condition the AND
14 invert circuit 436. r~ow, if an attempt is made to execute a PIOR data command, a po~itive signal on 16 the PIOR EARLY line is applied to render the conditioned 17 AND invert circuit 436 effective to apply a negative 18 signal to decondition the AND circuit 438 causing a 19 negative signal to be applied to the -PROC ERR line indicating a procedural error.
21 b. If a PIOR data command is issued at a time when there 22 is no data contained in the buffer registers of the 23 crypto engines, this cau~es a procedural error since 24 there is no data to be read. Accordingly, referring 25~ to Fig. l9d3, at a time when there is no data contained 26 in the buffer registers of the crypto englnes, the 27 BLOCR COUNT flip flop 414 i8 in a reset condition 28 causing a negative ~ignal to be applied via the 29 -BLK 0 line to decondition the AND invert circuit 416 causing a positive signal to be applied to ~49483 1 condition the AND invert circuit 436. Consequently, 2 if an attempt is made to execute a PIOR data command, 3 a positive signal on the PIOR EARLY line is again 4 applied to render the conditioned AND invert circuit 436 effective to apply a negative signal to 6 decondition the AND circuit 438 causing a negative 7 signal to be applied to the -PROC ERR line 8 indicating a procedural error.
c. If a PIOR data command i~ issued at a time when any of the cipher key handling orders are in progress, 11 this causes a procedural error since no data is to 12 be read during theqe cipher key hand}ing operations.
13 Accordingly, referring to Fig. '9d3, whenever a key 14 order operation is in progress a negative signal is applied via the -K ORD line to decondition the 16 AND in~ert circuit 416 causing a positive signal 17 to be applied to condition the AND invert circuit 18 436. Now, if an attempt i~ made to execute a PIOR
19 data command, a po~itive ~ignal on the PIOR EARLY
line i9 applied to render the conditioned 21 AND invert circuit 436 effective to apply a negative 22 signal to decondition the AND circuit 438 causing a 23 negative signal to be applied to the -PROC ERR line 24 indicating a procedural error.
d. If a PIOR data command is issued at a time when a 26 ~ block of data is loaded in the buffer registers and 27 fewer than 32 usec have elapsed since the la~t PIOW
28 data command was issued, a procedural error w~ll 29~ result since the engine is still busy processing the 30` block of data. Therefore, referring to ~ig. l9d3, 1~494W

1 while the engine is busy, a negative ~ignal is applied 2 via the -EB line to decondition the AND invert 3 circuit 416 causing a po~itive signal to be applied 4 to condition the AND invert circuit 436. Now, if an a~tempt is made to execute a PIOR data command, 6 a positive signal on the PIOR EARLY i5 applied to 7 render the conditioned AND invert circuit 436 8 effective to apply a negative signal to decondition 9 the AND circuit 438 causing a negative signal to be applied to the -PROC ERR line indicating a 11 procedural error.
12 3. Procedural errors for a WR DSD order command 13 a. If a WR DSD order command iQ issued at a time when 14 any of the c~pher key handling order~ are in progress, this causes a procedural error ~ince 16 a cipher key handling operation once begun 17 mu~t be completed. Accordingly, referring to 18 ~ig. l9d3, whenever a key handling order command i~
19 being performed a negative signal is applied via the -R ORD line to decondition the AND invert circuit 21 433 causing a positive signal to be applied to one 22 input of the AND invert circuit 434. Now, if a WR
23' DSD order command i~ given while a previous cipher 24 ` key handling order i8 in progre~s, then, positive ~5 8ignals on the WR DSD ORDER and TC SEL lines are 26 applied to render the AND invert circu~t 434 effective 27 to apply a negative signal to decondition the AND
28 circuit 438 cau~ing a negative signal to be applied 29 to the -PROC ERR line indicating a procedural error.

~i4948;~

b. If a W~ DSD order command is issued at a time when data from the buffer registers of the crypto engines 3 are being read, this causes a procedural error since 4 unread data still remains in the crypto engines.
Referring now to Fig. l9d3, while data is being read 6 from the buffer registers of the crypto engines, the block count flip flop 414 is in a set state causing a positive signal to be applied via the -BLX 0 line to the inverter 418 where it i~ inverted to a negative ~ignal to decondition the AND invert circuit 433 11 which, in being deconditioned, applies a positive 12 signal to one input of the AND invert circuit 434.
13 Now, when a WR DSD order command iQ issued, positive 14 signals are applied via the WR DSD ORDER and TC SEL
lines to render the AND invert circuit 434 effective 16 to apply a negative signal to decondition the AND
17 circuit 438 causing a negative signal to be applied 18 to the -PROC ERR line indicating a procedural error.
19 c. If a WR DSD order command ~s issued at a time when a write operation is being performed (an input cycle 21 is in progress), this causes a procedural error ~ince 22 a proces~ once begun mu~t be completed. Accordingly, 23 referring to Fig. l9d3, while an input cycle is in 24 progress, a negative signal is applied via the -IN
CYCLE line to decondition the AND invert circuit 433 26 which, in turn, applies a po~itive signal to one input 27 of the AND ihvert circuit 434, a~ described above, so 28 that when a WR DSD order command is is~ued the AND
29 invert circuit 434 i~ rendered effective to initiate generation of a negative signal on the -PR~C ERR

l~I977006 -135-~.494~

1 line indicating a procedural error.
2 d. If a ~K order command is issued at a time when the 3 ~W switch is off, this causes a procedural error 4 ~ince the command cannot be executed unless the EW switch is switched on. Referring now to Fig.
6 l9c3, if the enable write ~witch i~ off, a negative 7 signal on the E~K line i~ applied to the inverter 8 423 where it is inverted to a positive signal and 9 applied to one input of the AND invert circuit 425.
Now, when a cipher key handling order command is 11 decoded and further particularized as a W~K order 12 command by a positive signal on the -Y line then, 13 positive signals are applied via the (WMK +LKD) 14 and -Y lines to condition the AND invert circuit 425. At SYNCH TD time of the WMK order operation, 16 a positive signal is applied via the WR ORD TIME
17 line to render the AND invert circuit 425 effective 18 to apply a negative signal to decondition the AND
19 circuit 438 in Fig. l9e3 causing a negative signal to be applied to the -PROC ERR line indicating 21 a procedural error.
22 Referring now to Fig. l9i2, whenever a procedural error 23 occurs because of any of the above conditions, the negative 24 signal on the -PROC ERR line is applied to set the bit 0 and bit l latches 954A and 954B of the status register 952 26 to provide an indication of the procedural error.

28 Six different kinds of errors are detected in the data 29 security device. Each kind, when it is detected, results in the setting of a unique combination of bits in the status ~494W

1 register thereby providing information u~e~ble by the terminal 2 processor in carrying out error recovery procedure~. The 3 combination of bit~ in the status register for the different 4 kind~ of error~ is shown in the following table.
EKROR CONDITIONS INDICATED IN STATUS REGISTER
.

7 Error Condition 0 l 2 3 5 _ 8 Command Error 9 lllegal Order Procedural Order l l - - -ll Write Error 12 Key Bus Error 13 Engine Error 14 The content~ of the statu~ register, indicating error condition~, if any, are read back to the terminal proce~sor 16 under control of a READ BS command which will now be described.
17 READ BASIC STATUS COM~ND OPERATION
18- The function of this operation i8 to read the contents l9 of the ~tatus regi~ter with correct parity, to provide information as to the occurrence of any of the 5ix different 21 ~ind~ of errors indicated above. Therefore, this operation 22 i~ performed periodically to check for error conditions.
23 Referring now to Fig. l9b2, after addre~s selection is 2i performing during TA time and the command byte 18 loaded into the command register during ~C time, the AND invert circuit 26 242 decode~ the READ BS command code and produces a negative 27 signal which is applied to one input of the OR invert circuit 28 246. At TC END time, a po~itive ~ignal on the TC END line i~
29 applied to the inverter 244 where it 18 inverted to a negative ~ignal and applied to the other input of the OR lnvert circuit i~4948;~

1 246 which there~y causes the OR invert circuit 246 to apply 2 a positive signal to the READ BS line. The positive signal 3 on the READ ~S line is applied to one input of the AND
4 invert circuits 956 in Fig. l9i2, the other inputs of which are connected to the bi~ latches 954 of the status regi~ter 6 952. Accordingly, a pattern of bit signals, corresponding to 7 the ~etting of the latches 954 of the status register, are 8 applied to the -DATA BUS IN and to the parity generator 914.
9 It should be noted that the status bits 4, 6 and 7 are not implemented and, therefore, are treated as 0 bits in the 11 parity generator 914 to produce the correct parity bit on 12 the -P line of the -~ATA BUS IN. The setting of the status 13 regi~ter 952, now pre~ent on the -DATA BUS IN, remain~
14 stable until the end of this IO operation when the command register is reset and the positive signal on the READ BS
16 line is terminated.
17 SET/RESET ~ASIC STATUS COlY~ ~ D OPERATION
18 These commands are used for diagnostic purposes for 19 testing the operation of the status regi~ter 952. Thus, in the case of the SET ~S command, if the data fields associated 21 with the command has good parity, then the status latches 954 22 that correspond tO 1'8 in the data fi~ld associated with the 23 command are set to 119 whereas in the case of the RESET BS
24 command, if the data field associated with the command has good parity, then the status latches 954 that correspond to 26 1's in the data fields associated with the command are set 27 to 0's. If a parity error is detected during the execution 28 of either of these commands a write error signal will be 29 produced, in a manner previously described, to set the bit 3 status latch 954D of the statuq register 952 to indicate the ~494~

1 occurrence of this error. After execution of either of 2 these commands, a READ BS command may be i~sued to read the 3 content of the status register 952 in a manner described 4 above, for subsequent determination as to whether a previously S defined value written by either the SET BS or RESET BS
6 commands is identical to that read by the READ BS command.
7 Referring now to Fig. l9a2 and l9b2, after the address 8 selection is performed during TA time and the command bit i~
9 loaded into the command register during the TC time, the AND
invert circuit 232 decodes the SET BS command while the AND
11 invert circuit 238 decodes the RST BS command. The ~D invert 12 circuit 232 causes a negatlve ~ignal to be applied to one 13 input of the OR invert circuit 236 while the AND invert 14 circuit 238 causes the negative signal to be applied to one input of the O~ invert circuit 240. At TD time, the data 16 field to be loaded into the status register i~ received via 17 the -DATA BUS OUT and applied via the inverters 170 to the 18 parity generator 178 to generate a parity bit which i~
19 compared with the parity bit received from the -D~TA B~S
OUT. If the pari~y bitQ do not compare then, at TD SEL time 21 the AND invert circuit 362 in Fig. l9b3 will detect the bad 22 parity to apply a negative signal to turn on the WR ERR
23 latch 364 which, in being turned on, applies a positive 24 signal to the AND invert circuit 944 in Fig. l9i2 which is conditioned by positive signal on the -RST line to cause a 26 negative signal to be applied to se~ the bit 3 latch 27 954D of the status regi~ter 952 indicating the occurrence of 28 the write error. Referring back to Fig. l9b2, $f the parity is bad 29 then a negative signal is maintained on the parity good line to decondition the AND invert circuit 234 cau~ing a po-~itive ~49~33 l siqnal to be applied to the OR invert circuits 236 and 240 2 which, in turn, maintain negative ~ignals on the SET BS or 3 RST 8S lines to inhibit execution of either of these commands.
4 On the other hand if good parity is detected, then a positive S signal is applied to the AND invert circuit 234 causing a 6 negative signal to be applied to the other inputs of the OR
7 invert circuits 236 and 240. Accordingly, depending on 8 which command is being called for, a positive signal ls 9 applied to either the SET BS or RST BS lines. Referring now to Figs. l9h4 and l9i2, if the command being executed is the ll SET BS command, then a po~itive sign~l is applied to condition 12 the AND invert circuits 924, 328, 934, 942 and 948. Therefore, 13 those bits of the data field which correspond to l's render 14 these AN~ invert circuits effective to apply negative signals to ~et corresponding ones of the latches of the status 16 register 952. On the other hand, if the command being l? executed is the RESET BS command, then a positive signal on 18 the RESET BS line is applied to condition the AND invert l9 circuits 926, 932, 940, 946 and 950. Therefore, those bits of the data field which correspond to l's render these AND
21 invert circuits effective to apply negative signal~ to reset 22 corresponding ones of the latches of the status re~ister 23 952.
24 While the invention has been particularly shown and described with reference to the perferred embodLment thereof, 26 it will be understood by those skilled in the art that 27 several changes in form and detail may be made without 28 departing from the spirit and ~cope of the Lnvention.
29 What is claimed is:

KI9,~006 -140-

Claims (14)

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:

1. A data processing system including a data security device for performing cryptographic operations using cipher keys, the security device being characterised by a master cipher key storage means, a working cipher key storage means, means for transferring a master key in the master key storage means to the working key storage means, means for receiving data representing an operational cipher key en-ciphered under the master key, cipher means for deciphering the en-ciphered operational key under control of the master key stored in the working key storage means to obtain the operational key in clear form, and means for directly transferring the operational key in clear form to the working key storage means as a working cipher key for sub-sequent cryptographic operations by the cipher means.

2. A system as claimed in claim 1, wherein the master key storage means is battery powered to permit retention of the master key if the data security device loses mains power.

3. A system as claimed in claim 1 comprising means for replacing an existing master key stored in the master key storage means by a fresh master key.

4. A system as claimed in claim 3, wherein the fresh master key may be entered manually in the master key storage means.

5. A system as claimed in claims 3 or 4 wherein before the fresh master key is entered into the master key storage means, the existing master key is overwritten with an arbitrary value.

6. A system as claimed in claim 3, comprising means enabling writing into the master key storage means, input means providing successive portions of a fresh master key for writing into the master key stor-age means, means coupling the input means to the master key storage means, and control means causing a cipher key overwrite operation to be performed to overwrite the existing master key in the master key storage means by writing a value present at the input means into successive locations of the master key storage means, the control means being effective thereafter for each succeeding portion of the fresh master key provided by the input means to write that portion into a succeeding location of the master key storage means to there-by write the fresh master key into the master key storage means.

7. A system as claimed in claim 4, comprising manual enable write means enabling writing into the master key storage means, manual entry means for entering successive portions of a fresh master key into the master key storage means, manual write means, and control means responsive to the first operation of the manual write means for coup-ling the manual entry means to the master key storage means and causing a cipher key over-write operation to be performed to over-write the existing master key stored in the master key storage means by writing a value set by the manual entry means into successive locations of the master key storage means, the control means being effective thereafter for each successive operation of the manual write means to write a succeeding value set by the manual entry means into a succeeding loca-tion of the master key storage means to thereby write the fresh master key into the master key storage means.

8. A system as claimed in claim 1, further comprising means for entering an operational key in clear form directly into the working key storage means without requiring deciphering by the master key.

9. A system as claimed in claim 6, further comprising means for entering an operational key in clear form directly into the working key storage means without requiring deciphering by the master key.

10. A system as claimed in claim 7, further comprising means for entering an operational key in clear form directly into the working key storage means without requiring deciphering by the master key.

11. A data processing system as claimed in claims 1, 6, or 7 wherein the data security device is associated with a communication terminal coupled via a communication line to a remote host system the host system comprising means to transmit key synchronizing data representing an operational cipher key enciphered under a key en-crypting cipher key over the communication line to the terminal, the key encrypting key being the same as a master cipher key stored in the data security device of the terminal whereby the enciphered op-erational key can be deciphered and transferred to the working key storage means by the data security device, and the data security de-vice comprising means for subsequently using the deciphered opera-tional key transferred to the working key storage means for encipher-ing plaintext to be sent to the host system or for deciphering cipher-text received from the host system.

12. A data processing system as claimed in claims 8, 9, or 10, where-in the data security device is associated with a communication terminal, coupled via a communication line to a remote host system, comprising means for using an operational key entered directly into the working key storage means for enciphering plaintext to be sent to the host or for deciphering ciphertext received from the host.

13. A data processing system as claimed in claims 8, 9, or 10, where-in the data security device is associated with a data processing ter-minal operatively coupled to a data file, the data security device com-prising means for using an operational key entered directly into the working key storage means for enciphering plaintext for storage in the data file or for deciphering ciphertext received from the data file.

14. A process for performing a cryptographic function in a data pro-cessing system characterised by the steps of storing a key encrypting key, providing the key encrypting key as a working key, receiving an operational key enciphered under the key encrypting key, deciphering the enciphered operational key under control of the working key to obtain the operational key in clear form, and directly replacing the key encrypting key with the operational key as a working key for subsequent cryptographic operations on data handled by the system.