CA2134974C - A method for loading encryption keys into secure transmission devices - Google Patents
A method for loading encryption keys into secure transmission devicesInfo
- Publication number
- CA2134974C CA2134974C CA002134974A CA2134974A CA2134974C CA 2134974 C CA2134974 C CA 2134974C CA 002134974 A CA002134974 A CA 002134974A CA 2134974 A CA2134974 A CA 2134974A CA 2134974 C CA2134974 C CA 2134974C
- Authority
- CA
- Canada
- Prior art keywords
- encryption
- key
- volatile memory
- code
- recaptured
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Abstract
An encryption code and at least one key are provided to a secure transmission device, via an external keying device (100) and stored in a first volatile memory (102). An encrypted representation of the at least one key, based on the encryption code and the at least one key, is generated and stored in a non-volatile memory (103). Upon power down of the secure transmission device, the encryption code is stored in a second volatile memory (106) and the at least one key and encryption code stored in the first volatile memory (102) are erased.
Description
WO 94/23513 213 ~ 9 7 ~ PCT~S94/01934 A Method For Loading Encryption Keys Into Secure Transmission Devices Field of the Invention The present invention relates generally to secure ~ nications systems and, in particular, to a method of loading encryption keys into secure transmission 15 devices. '-Background of the Invention Co~m~ln;cation systems are known to comprise mobile transmitters and receivers, such as in-car mobile or ~- hand-hel~ portable radios (mobiles)/ as well as fixed transmitters and fixed receivers, such as base stations or repeaters (fixed end). The mobiles and fixed end are operably coupled by separate transmit and receive communication paths. The commtln;cation paths between the mobiles and the fixed end are typically wireless links, such as radio frequency (RF) channels. The co~ml~nication paths between fixed transmitters and receivers are typically wireline links, such as land-based phone lines.
A typical message within such a communicationsystem may begin with a mobile unit con~erting an audio signal into a digital data stream suitable for transmission over an RF channel to either another mobile unit or the fixed end. Such systems are often used by WO94/~513 2 1 3 4 9 7 ~ PC~S94101934 --public safety institutions, such as local or federal law enforcement agencies. The existence of commercially available RF scanners make it possible for unauthorized parties to monitor the information transmitted within 5 such a communication system. In efforts ~o reduce unauthorized eavesdropping, communication systems use digital encryption methods that protect proprietary - -information transmitted therein.
Digital encryption methods use a known, reversible algorithm to introduce randomness into a digital data stream. To an unauthorized user, an encxypted digital data stream will appear random, and thus unintelligible.
Such an algorithm that randomizes digital data is called an encryptor. By necessity, the same algorithm which is 15 capable of encrypting the digital data stream must also ~-be capable of recovering the digital data stream, and hence, is called a decryptor. Often, an --encryptor/decryptor algorithm utilizes a dynamic parameter, hereafter referred to as a key, to uniquely specify the nature of the randomness introduced to the digital data stream. Thus, only encryptors and d~cryptors utilizing an identical algorithm and key are capable of reproducing intelligible messages.
Obviously, the security of keys in systems utilizing encryption is of the utmost importance in the prevention of unauthorized monitoring. If the keys of a known encryptor/decryptor algorithm are made available, the ability of unauthorized parties to monitor proprietary co~ nications is greatly enhanced.
Typically, the keys used by secuxe transmission devices, such as mobiles or fixed-ends, are stored in a volatile memory device such as RAM (Random Access Memory). This method of storage allows the transmission device to quickly access keys, as might be required for WO 94/~513 213 4 9 7 ~ PCT~S94/01934 a feature ~uch as encrypted mode channel sc~nn 1 ng .
Also, the use of a volatile memory allows the key information to be erased in the event that the transmission device is tampered with or powered down, thus maintaining securlty. For instance, if a transmission device is tampered with or the volatile memory is powered down (through the loss of battery backup, for instance), the information stored in volatile memory is passively erased. Passive erasure typically implies allowing the information stored in volatile memory to decay away with the loss of power.
When the transmission device is subsequently powered up, however, an external device is typically requi:red to reload the keys. This requirement can prove to be a nuisance in transmission devices in which powe:r is frequently cycled, such as hand-held portable radios.
Thus, a need exists for a method which allQws encryption keys to bé stored without risk of unauthorized acc~ss and without the need for external - 20 key reloading when the device is repowexed.
Brief Description of the Drawings FIG. 1 illustrates an external keying device coupled to a secure transmission device in accordance with the present invention.
FIG. 2 illustrates a logic diagram that a secure trAnsm;ssion device could implement to load a key in accordance with the present invention.
FIGs. 3A and 3B illustrate a logic diagram that a secure transmission device could implement to utilize a key in accordance with the present invention.
WO 941~513 213 4 :9 7 l~ PCT~Sg4/01934 Description of a Preferred Embodiment Generally, the present invention provides a method for loading and utilizing a key within a secure transmission S device. The key is initially loaded into the secure transmission device by connecting an external keying device and initiating a keyload. The keying device transfers one or more keys and a random number (encryption code) to the secure transmission device, which are stored in a first volatile memory, such as ~AM. An encryption device within the secure transmission device uses the encryption code to produce encrypted representations of the keys which are stored in EEPRON (Electrically Erasable Programmable Read Only Memory).
Once a key has been loaded, the secure transmission device uses the encryption code, via the encryption device, to decrypt and thus recapture the keys stored in EEPROM. The recaptured keys, which are stored in RAM, may thereafter be used for encrypting and decrypting data while the secure transmission device engages in secure co~lln;cations. Prior to powering down the secure transmission device, the encryption code, in the form of a master key, is stored in a second volatile memory and the encryption code and recaptured keys are erased from RAM.
The present invention can be more fully described with reference to FIGs. 1-3. FIG. 1 illustrates a secure ~ 30 tr~n~m;ssion device 101 coupled to an external keying device 100. It is important to note that the secure transmission device 101 may also be referred to as a secure com~nication unit and may comprise, for example, a Motorola ASTRO digital radio. The external keying device 100 may comprise a Motorola ASTRO and Advanced W094/~5~ 2 ~ ~ 4 9 7 ~ PCT~S94/01934 Securenet Key Variable Loaders (KVL). The secure transmission device 101 comprises a first volatile memory (RAM~ 102, a non-volatile memory (EEPRO~) 103, an expander 104 for expanding the encryption code into a key variable, and an encryption device 105 containing a second volatile memory (RAM) 106. The second volatile memory 106 may comprise a memory de~ice that can be written to by de~ices external to the encryption device 105 but that may only be read by the encryption device --105. Furthermore, the second volatile memory 106 may comprise a static RAM with reset logic, wherein the reset logic allows the second voIatile memory 106 to be ; m~e~i ately erased upon command via a signal external to the encryption de~ice 105. The encryption device 105 may comprise a Motorola Data Encryption Standard (DES~, Digital Voice International (DVI-XL), or Digital Voice Protection (DVP-XL) encryption device.
The external keying device 100 provides two pieces of information to the secure transmission device 101: an -encryption code and at least one key. The KVL transmits a random 64-bi' value, referred to as the encryption code, to the secure transmission device 101. The secure transmission device 101 further randomizes the encryption code by reading a 16-bit free-running counter upon xeception of the encryption code. This 16-bit value is exclusive-OR'd with 16 bits of the encryption code. The resulting value of this operation is loaded - into a m~im~l length linear feedback shift register (LFSR), as is well known in the art, and shifted 64 times to "spread out" the randomizing effect of the exclusive-OR operation. The resulting 64-bit value left in the LFSR is the encryption code stored in the first volatile memory 102.
In order to encrypt/decrypt any type of data, the encryption device 105 requires a key variable. As WO94/~513 213 4 9 7 ~ PCT~S94101934 discussed above, such a key may come directly from a KVL. In a preferred embodiment, the encryption code may also be used to derive a key suitable for use in the encryption device lO5. To this end, the expander 104 is used to expand the 64-bit, random encryption code into a key variable for use in the encryption device 105. Note that the secure transmission device lOl could contain more than one encryption device. Thus, when encrypting keys, it is recommended that the most secure encryption device available is used such that keys for a given algorithm are not encrypted by a less-secure encryption device. To this end, the expander 104 determines what encryption devices are available and chooses the most secure one based on a fixed ranking. In a preferred embodiment, DES is ranked as the most secure, followed by DVI-XL and DVP-XL, respectively.
After choosing the encryption device 105, the expander 104 formats the encryption code into a key for the chosen encryption device 105. In a preferred embodiment, the expansion process comprises modifying - the encryption code for correct parity (for DES
encryption devices), or concatenating the encryption code with a fixed value and appending a cyclical redundancy check (CRC), as are known in the art, calculated over the concatenated value, to the end of the con~atenated value (for DVI-XL and DVP-XL encryption devices).
In a preferred embodiment, the encryption device lQ5 is used for the encryption and decryption of multiple data types, including the encryption code, keys, and message information to be transmitted and received. In - all cases, the encryption or decryption is performed by using the encryption device lO5 to generate a pseudo-random bit string, referred to as a keystream. First, a 3 5 m~ length linear feedback shift register ~LFSR), as W094l~ 2 1 3 ~ 9 7 ~ P~T~S94/01934 is well known in the art, is used to ge~erate z pseudo- -~
random bit string which is placed on the cipher text input (CTI) of the encryption device 105. The encryption device 105 modifies the pseudo-random bit string received via the CTI based on the key stored in the second volatile memory 106. The modified or "decrypted" bit string is then placed on the plain text output (PTO) of the encryption device 105. The data recovered from the PTO is the keystream. The keystream is then exclusive-OR'd with unencrypted data to generate encrypted data or with encrypted data to generate decrypted data.
The n~n-volatile memory 103, which may comprise an EEPROM, is used to store encrypted representations of the encryption code and key (or keys). These encrypted representations can remain in the non-volatile memory 103 whether the secure transmission device 101 is powered up or down. The first volatile memory 102, which may comprise a RAM, is used to store the decrypted encryption code and decrypted keys only while the secure - trAnC~;~sion device 101 is powered up. The encryption code, in the form of a master key produced by the expander 104, is stored in the second volatile memory 106 of the encryption device 105 when the secure transmission device 101 is powered down. Since the second volatile memory 106 cannot be read by devices external to the encryption device 105, the encrypted representation of the encryption code is stored in the non-volatile memory 103 so that the encryption code may be recaptured by decrypting the encrypted representation of the encryption code at subsequent power ups. During the course of secure trAns~;ssions, keys are loaded into the second volatile memory 106 of the encryption device 105 for use in the encryption and decryption of message information being transmitted and received. Prior to wo 941~513 2 1 3 4 9 7 ~ PCT~S94/01934 power down, the decrypted encryption code stored in the first volatile memory 102 is expanded into a master key by the expander 104 and stored into the second volatile memory 106. Finally, the decrypted encryption code and keys stored in the first volatile memory 102 are erased.
To maintain security while the secure transmission device lOl is powered down, a constant voltage is supplied to the encryption de~ice 105, and consequently the second volatile memory 106. As stated previously~
the second volatile memory 106 has a reset line whi.ch, in a preferred embodiment, is connected to a tamper detection circuit in the secure transmission device lOl.
If the tamper detection circuit activates the reset line to the second volatile memory 106, the master key formed by expanding the encryption code will be erased, thereby preventing the encrypted representations of the encryption code and key variables from being decrypted at the next power up.
FIG. 2 illustrates a logic diagram that the secure transmission device lOl could use to load a key in accordance with the present invention. At step 200, the external keying device lO0 transmits an encryption code and key to the secure transmission device lOl. If the secure transmission device lOl is currently not stoxing any keys, the encryption code and key are stored in the first volatile memory 102. It is understood that more than one key can be loaded from the KVL. Upon storing the encryption code, a 16-bit CCITT (Consultative Committee on Telephony and Telegraphy) standard CRC, hereafter referred to as an encryption check code, is calculated o~er the encryption code and stored along with the encryption code in the first volatile memory 102.
W094/~5~ 213 4 9 7 ~1 PCT~S94/01934 At step 201, the encrypted representation of the encryption code is generated. This is done by expanding the encryption code with the expander 104 and loading the resulting key into the RAM 106 of the encryption S device 10S. A ~X~m~l length linear feedback shift ~ register (LFSR) is then loaded with a fixed, 64-bit value. While the precise pattern of the 64-bit value is ;
arbitrary, the same value must be used each time this process is repeated. The LFSR, starting from this value, produces a pseudo-random bit string as it is shifted. A fixed amount of data generated by the LFSR
is sent to the encryption device 105, causing the encryption device 105 to synchronize. With the encryption device 105 synchronized, more data generated 15 by the LFSR is sent to the encryption device 105 to -~
produce a keystream as previously discussed. The keystream is then exclusive-OR'd with the encryption code and the encryption check code stored in the first volatile memory 102 to produce encrypted representations of the encryption code and of the encryption check code, which are then stored 202 in the non-volatile memory 103.
In a preferred embodiment, the secure transmission device 101 is capahle of storing up to 18 key variables.
There exist 18 slots in non-volatile memory 103 and 18 slots in first volatile memory 102 for the storage of these keys. After receiving at least one key variable, the secure transmission device 101 generates a keystream and stores it in at least one of the 18 slots in first volatile memory 102. This keystream is generated based on the key formed from the expa~sion of the encryption code, which, at this point, is still loaded in the encryption device 105. As before, the LFSR is loaded with a fixed value, the encryption device 105 is synchronized, and enough keystream is generated to W094/~513 2 13 4 9 7 ~ PCT~S94tO1934 completely fill the at least one slots in first volatile memory 102. -Each byte of the received key is exclusive-OR'd with its respective byte of keystream to form the encrypted S representation of the key variable. The encrypted representation of the key is stored 202 in the appropriate slot in the non-volatile memory 103. In a preferred embo~im~nt, approprîate slots in the non -volatile memory 103 and the first volatile memory 102 are determined by slot indicators transmitted by the external Xeying device lOO along with the keys. The key is then stored in place of the keystream in the appropriate sl~t of first volatile memory 102. This process is repeated for each key sent to the secure transmission device lOl.
The encryption code sent to the secure transmission device lOl by the external keying device lOO is only :~
used when the secure transmission device lOl currently contains no key variables in any of the 18 slots. If one or more keys already exist in any of the 18 slots, the encryption code is ignored. In this case, the . encryption code used when the existing keys were loaded : is used again. Furthermore, if the external keyin~
device lOO attempts to store a key in a slot already 25 occupied, the secure transmission de~ice lOl first :
recovers the keystream for that slot by exclusive-OR'ing the key already stored in that slot of first volatile memory 102 with its encrypted representation stored in the corresponding slot of non-volatile memory 103.
The recovered keystream is exclusive-OR'd with the new - key to produce the encrypted representation of the new key. The encrypted representation of the new key is then stored in its appropriate slot of non-volatile memory 103. Finally, the new key is stored in place of .,~,. . . .
,.... . . .. : . , . ~
W0941~s~ 21 3 ~ 9 7 4 PCT~S94101934 the recovered keystream in its appropriate slot of first volatile memory 102.
In the event of a power down, the encryption code currently stored in first volatile memory 102 is stored 203~ in the form of a master key after expansion by the - expander 104, in the second volatile memory 106 of the encryption device lO5. The encryptîon code, keys ~nd ~ keystream (in empty slots) are then erased 204 from the first volatile memory lO~. Thus, the only piece of sensiti~e information (the master key formed from the encryption code) within the secure transmission device lOl is stored in the second volatile memory 106 of the encryption device 105 which, as discussed previously, is protected by tamper detection hardware.
FIGs. 3A and 3B illustrates a logic diagram which can be implemented to utilize encrypted representations of keys stored within the secure transmission de~ice lOl.
It is assumed at this point that encrypted representations of the encryption code, encryption check - code, and at least one key are stored in the non-~olatile memory 103. Upon power up 300, the secure tr~nsm;ssion device lOl attempts to decrypt 30l the encrypted representation of the encryption code and the 2~ encrypted representation of the encryption check code stored in non-volatile memory 103. If no tampering or loss of power to the encryption device 105 has taken place, the master key derived from the encryption code is stored in the encryption device 105. The encrypted representations of the encryption code and encryption check code are obtained by using the encryption device 105 to generate keystream in the same manner as when the encrypted representations were originally formed. As before, the LFSR is loaded with a fixed value, the encryption device 105 is synchronized, and keystream is 2~3~37~
W094/~5~ PCT~S94/01934 generated. The'resultant keystream is then exclusive-OR'd with the encrypted representations of the encryption code and encryption check code to produce a recaptured encryption code and a recaptured encryption check code.
In order to verify the integrity of the master key stored in the second volatile memory 196, a cherk code is calculated 302, in the same manner as the original encryption check code, over the recaptured encryption code. The check code is compared 303 to the recaptured encryption check code. If the check code and the recaptured encryption check c~de match 304, the recaptured encryption code is assumed to have been decrypted correctly, and hence, the master key stored in the second volatile memory 106 is assumed to be valid.
If the secure transmission device l0l had been tampered with while the power was off, the tamper detect hardware ;~
would have caused the master key stored in the second volatile memory 106 to be erased. If the master key was 20 erased, the encrypted representation of the encryption ~;~
code cannot be decrypted correctly and the secure tr~n~m;ssion device l0l is assumed to have been tampered with. It is important to note that the master key stored in the second volatile memory 106 cannot be read by devices external to th~ encryption device 105.
Therefore, the recaptured encryption code is stored 306 in the first volatile memory 102 for later re-storage into the second volatile memory 106, in the form of a master key, at the next p~wer down. This is done because the second volatile memory 106 is loaded with other keys, hence destroying the master key, when the secure transmission device l0l engages in secure co~m-~n;cations.
If the check code and the recaptured encryption check code do not match 304, the encrypted representations of Wog4/~13 213 ~ ~ 7 l PCT~S94/01934 the encryption code and key variables are erased 305 from non-volatile memory 103. As discussed above, the check code and the recaptured encryption check code may not match as a result of a tamper attempt with the secure tr~n~q~;~sion device l0l. At this point, an - external keying device l00 must be connected to the secure trAn.~;ssion device l0l and new keys loaded, as described above, in order to use the secure transmission device l0l again.
If the check code matches the recaptured encryption check code 304, the encrypted representations of the keys, stored in non-volatile memory 103, are decrypted and stored 306 in the first volatile memory l02. The decrypti~n of the encrypted representations of the keys 15 is accomplished as described above. As before, the LFSR
is loaded with a fixed value, the encryption device 105 is synchronized, and keystream is generated. The :~
keystream is stored in all the first volatile memory 102 key slots and each key slot of non-volatile memory 103 is checked for the presence of an encrypted representation of a key. If no encrypted representation of a key is present in a given key slot of non-volatile memory 103, the keystream is left in the corresponding key slot of the first volatile memory 102. If an encrypted representation of a key is present in non-volatile memory 103, each byte of keystream stored in the corresponding key slot of first volatile memory 102 is exclusive-OR'd with the corresponding byte of the encrypted representation of the key variable stored in non-volatile memory 103, resulting in a re~aptured key.
The recaptured key variable is then stored in place of the keystream in its corresponding slot of first volatile memory 102. This process is repeated for all of the key slots.
213~971 W~94~513 PCT~S94/01934 Having stored all possible recaptured keys into their corresponding slots in first volatile memory 102, it is determined 307 if a secure com~llnication is to take place. If a secure transmission is to occur, a S recaptured key in one of the 18 key slots of first voiatile memory 102 is loaded into the second volatile memory 106 of the encryption device 105. The encryption device 105 is then used 309 for the encryption and decryption of transmitted and received information.
Upon detecting the end of the current secure communication 310, it is determined 307 that a secure communication is no longer taking place. If power has not been removed 308, the secure transmission device 101 continues to await a secure commlln;cation 307.
lS If, however, power has been removed 308, the encryption code stored in first volatile memory 102 is expanded into a master key by the expander 104 and loaded into the second volatile memory 106 of the encryption device 105, as shown at step 311. After loading the master key into the encryption device 105, the encryption code and all 18 key variables ~or ~' keystream if a key is not present in a given slot) are erased 311 from the first volatile memory 102. Thus, the only unencrypted information remaining within the secure transmission device 101 is the master key loaded in second volatile memory 106. Because the master key is protected by tamper detection hardware, all of the encrypted representations of keys stored in the non-volatile memory 103 are also protected with tamper detection. This results from the fact that the master key is required to recover any of the keys.
The present invention provides a way for encryption keys, actively erased from RAM at power down, to be recovered on subsequent power ups without compromising u"
W094/~513 2 13 ~ 9 7 ~ PCT~S94/Q1934 the security of the ~o~ml~nication unit in which they are contained and without requiring an external keying device to load the keys. By leaving only encrypted representations of the keys in EEPROM and the master key S necessary to decrypt them in a tamper-protected RAM
device, keys can be decrypted and recovered when necess~ry. If the communication unit is tampered with, the master key is actively erased immediately, thus :~
rendering the encrypted representations of the keys useless.
A typical message within such a communicationsystem may begin with a mobile unit con~erting an audio signal into a digital data stream suitable for transmission over an RF channel to either another mobile unit or the fixed end. Such systems are often used by WO94/~513 2 1 3 4 9 7 ~ PC~S94101934 --public safety institutions, such as local or federal law enforcement agencies. The existence of commercially available RF scanners make it possible for unauthorized parties to monitor the information transmitted within 5 such a communication system. In efforts ~o reduce unauthorized eavesdropping, communication systems use digital encryption methods that protect proprietary - -information transmitted therein.
Digital encryption methods use a known, reversible algorithm to introduce randomness into a digital data stream. To an unauthorized user, an encxypted digital data stream will appear random, and thus unintelligible.
Such an algorithm that randomizes digital data is called an encryptor. By necessity, the same algorithm which is 15 capable of encrypting the digital data stream must also ~-be capable of recovering the digital data stream, and hence, is called a decryptor. Often, an --encryptor/decryptor algorithm utilizes a dynamic parameter, hereafter referred to as a key, to uniquely specify the nature of the randomness introduced to the digital data stream. Thus, only encryptors and d~cryptors utilizing an identical algorithm and key are capable of reproducing intelligible messages.
Obviously, the security of keys in systems utilizing encryption is of the utmost importance in the prevention of unauthorized monitoring. If the keys of a known encryptor/decryptor algorithm are made available, the ability of unauthorized parties to monitor proprietary co~ nications is greatly enhanced.
Typically, the keys used by secuxe transmission devices, such as mobiles or fixed-ends, are stored in a volatile memory device such as RAM (Random Access Memory). This method of storage allows the transmission device to quickly access keys, as might be required for WO 94/~513 213 4 9 7 ~ PCT~S94/01934 a feature ~uch as encrypted mode channel sc~nn 1 ng .
Also, the use of a volatile memory allows the key information to be erased in the event that the transmission device is tampered with or powered down, thus maintaining securlty. For instance, if a transmission device is tampered with or the volatile memory is powered down (through the loss of battery backup, for instance), the information stored in volatile memory is passively erased. Passive erasure typically implies allowing the information stored in volatile memory to decay away with the loss of power.
When the transmission device is subsequently powered up, however, an external device is typically requi:red to reload the keys. This requirement can prove to be a nuisance in transmission devices in which powe:r is frequently cycled, such as hand-held portable radios.
Thus, a need exists for a method which allQws encryption keys to bé stored without risk of unauthorized acc~ss and without the need for external - 20 key reloading when the device is repowexed.
Brief Description of the Drawings FIG. 1 illustrates an external keying device coupled to a secure transmission device in accordance with the present invention.
FIG. 2 illustrates a logic diagram that a secure trAnsm;ssion device could implement to load a key in accordance with the present invention.
FIGs. 3A and 3B illustrate a logic diagram that a secure transmission device could implement to utilize a key in accordance with the present invention.
WO 941~513 213 4 :9 7 l~ PCT~Sg4/01934 Description of a Preferred Embodiment Generally, the present invention provides a method for loading and utilizing a key within a secure transmission S device. The key is initially loaded into the secure transmission device by connecting an external keying device and initiating a keyload. The keying device transfers one or more keys and a random number (encryption code) to the secure transmission device, which are stored in a first volatile memory, such as ~AM. An encryption device within the secure transmission device uses the encryption code to produce encrypted representations of the keys which are stored in EEPRON (Electrically Erasable Programmable Read Only Memory).
Once a key has been loaded, the secure transmission device uses the encryption code, via the encryption device, to decrypt and thus recapture the keys stored in EEPROM. The recaptured keys, which are stored in RAM, may thereafter be used for encrypting and decrypting data while the secure transmission device engages in secure co~lln;cations. Prior to powering down the secure transmission device, the encryption code, in the form of a master key, is stored in a second volatile memory and the encryption code and recaptured keys are erased from RAM.
The present invention can be more fully described with reference to FIGs. 1-3. FIG. 1 illustrates a secure ~ 30 tr~n~m;ssion device 101 coupled to an external keying device 100. It is important to note that the secure transmission device 101 may also be referred to as a secure com~nication unit and may comprise, for example, a Motorola ASTRO digital radio. The external keying device 100 may comprise a Motorola ASTRO and Advanced W094/~5~ 2 ~ ~ 4 9 7 ~ PCT~S94/01934 Securenet Key Variable Loaders (KVL). The secure transmission device 101 comprises a first volatile memory (RAM~ 102, a non-volatile memory (EEPRO~) 103, an expander 104 for expanding the encryption code into a key variable, and an encryption device 105 containing a second volatile memory (RAM) 106. The second volatile memory 106 may comprise a memory de~ice that can be written to by de~ices external to the encryption device 105 but that may only be read by the encryption device --105. Furthermore, the second volatile memory 106 may comprise a static RAM with reset logic, wherein the reset logic allows the second voIatile memory 106 to be ; m~e~i ately erased upon command via a signal external to the encryption de~ice 105. The encryption device 105 may comprise a Motorola Data Encryption Standard (DES~, Digital Voice International (DVI-XL), or Digital Voice Protection (DVP-XL) encryption device.
The external keying device 100 provides two pieces of information to the secure transmission device 101: an -encryption code and at least one key. The KVL transmits a random 64-bi' value, referred to as the encryption code, to the secure transmission device 101. The secure transmission device 101 further randomizes the encryption code by reading a 16-bit free-running counter upon xeception of the encryption code. This 16-bit value is exclusive-OR'd with 16 bits of the encryption code. The resulting value of this operation is loaded - into a m~im~l length linear feedback shift register (LFSR), as is well known in the art, and shifted 64 times to "spread out" the randomizing effect of the exclusive-OR operation. The resulting 64-bit value left in the LFSR is the encryption code stored in the first volatile memory 102.
In order to encrypt/decrypt any type of data, the encryption device 105 requires a key variable. As WO94/~513 213 4 9 7 ~ PCT~S94101934 discussed above, such a key may come directly from a KVL. In a preferred embodiment, the encryption code may also be used to derive a key suitable for use in the encryption device lO5. To this end, the expander 104 is used to expand the 64-bit, random encryption code into a key variable for use in the encryption device 105. Note that the secure transmission device lOl could contain more than one encryption device. Thus, when encrypting keys, it is recommended that the most secure encryption device available is used such that keys for a given algorithm are not encrypted by a less-secure encryption device. To this end, the expander 104 determines what encryption devices are available and chooses the most secure one based on a fixed ranking. In a preferred embodiment, DES is ranked as the most secure, followed by DVI-XL and DVP-XL, respectively.
After choosing the encryption device 105, the expander 104 formats the encryption code into a key for the chosen encryption device 105. In a preferred embodiment, the expansion process comprises modifying - the encryption code for correct parity (for DES
encryption devices), or concatenating the encryption code with a fixed value and appending a cyclical redundancy check (CRC), as are known in the art, calculated over the concatenated value, to the end of the con~atenated value (for DVI-XL and DVP-XL encryption devices).
In a preferred embodiment, the encryption device lQ5 is used for the encryption and decryption of multiple data types, including the encryption code, keys, and message information to be transmitted and received. In - all cases, the encryption or decryption is performed by using the encryption device lO5 to generate a pseudo-random bit string, referred to as a keystream. First, a 3 5 m~ length linear feedback shift register ~LFSR), as W094l~ 2 1 3 ~ 9 7 ~ P~T~S94/01934 is well known in the art, is used to ge~erate z pseudo- -~
random bit string which is placed on the cipher text input (CTI) of the encryption device 105. The encryption device 105 modifies the pseudo-random bit string received via the CTI based on the key stored in the second volatile memory 106. The modified or "decrypted" bit string is then placed on the plain text output (PTO) of the encryption device 105. The data recovered from the PTO is the keystream. The keystream is then exclusive-OR'd with unencrypted data to generate encrypted data or with encrypted data to generate decrypted data.
The n~n-volatile memory 103, which may comprise an EEPROM, is used to store encrypted representations of the encryption code and key (or keys). These encrypted representations can remain in the non-volatile memory 103 whether the secure transmission device 101 is powered up or down. The first volatile memory 102, which may comprise a RAM, is used to store the decrypted encryption code and decrypted keys only while the secure - trAnC~;~sion device 101 is powered up. The encryption code, in the form of a master key produced by the expander 104, is stored in the second volatile memory 106 of the encryption device 105 when the secure transmission device 101 is powered down. Since the second volatile memory 106 cannot be read by devices external to the encryption device 105, the encrypted representation of the encryption code is stored in the non-volatile memory 103 so that the encryption code may be recaptured by decrypting the encrypted representation of the encryption code at subsequent power ups. During the course of secure trAns~;ssions, keys are loaded into the second volatile memory 106 of the encryption device 105 for use in the encryption and decryption of message information being transmitted and received. Prior to wo 941~513 2 1 3 4 9 7 ~ PCT~S94/01934 power down, the decrypted encryption code stored in the first volatile memory 102 is expanded into a master key by the expander 104 and stored into the second volatile memory 106. Finally, the decrypted encryption code and keys stored in the first volatile memory 102 are erased.
To maintain security while the secure transmission device lOl is powered down, a constant voltage is supplied to the encryption de~ice 105, and consequently the second volatile memory 106. As stated previously~
the second volatile memory 106 has a reset line whi.ch, in a preferred embodiment, is connected to a tamper detection circuit in the secure transmission device lOl.
If the tamper detection circuit activates the reset line to the second volatile memory 106, the master key formed by expanding the encryption code will be erased, thereby preventing the encrypted representations of the encryption code and key variables from being decrypted at the next power up.
FIG. 2 illustrates a logic diagram that the secure transmission device lOl could use to load a key in accordance with the present invention. At step 200, the external keying device lO0 transmits an encryption code and key to the secure transmission device lOl. If the secure transmission device lOl is currently not stoxing any keys, the encryption code and key are stored in the first volatile memory 102. It is understood that more than one key can be loaded from the KVL. Upon storing the encryption code, a 16-bit CCITT (Consultative Committee on Telephony and Telegraphy) standard CRC, hereafter referred to as an encryption check code, is calculated o~er the encryption code and stored along with the encryption code in the first volatile memory 102.
W094/~5~ 213 4 9 7 ~1 PCT~S94/01934 At step 201, the encrypted representation of the encryption code is generated. This is done by expanding the encryption code with the expander 104 and loading the resulting key into the RAM 106 of the encryption S device 10S. A ~X~m~l length linear feedback shift ~ register (LFSR) is then loaded with a fixed, 64-bit value. While the precise pattern of the 64-bit value is ;
arbitrary, the same value must be used each time this process is repeated. The LFSR, starting from this value, produces a pseudo-random bit string as it is shifted. A fixed amount of data generated by the LFSR
is sent to the encryption device 105, causing the encryption device 105 to synchronize. With the encryption device 105 synchronized, more data generated 15 by the LFSR is sent to the encryption device 105 to -~
produce a keystream as previously discussed. The keystream is then exclusive-OR'd with the encryption code and the encryption check code stored in the first volatile memory 102 to produce encrypted representations of the encryption code and of the encryption check code, which are then stored 202 in the non-volatile memory 103.
In a preferred embodiment, the secure transmission device 101 is capahle of storing up to 18 key variables.
There exist 18 slots in non-volatile memory 103 and 18 slots in first volatile memory 102 for the storage of these keys. After receiving at least one key variable, the secure transmission device 101 generates a keystream and stores it in at least one of the 18 slots in first volatile memory 102. This keystream is generated based on the key formed from the expa~sion of the encryption code, which, at this point, is still loaded in the encryption device 105. As before, the LFSR is loaded with a fixed value, the encryption device 105 is synchronized, and enough keystream is generated to W094/~513 2 13 4 9 7 ~ PCT~S94tO1934 completely fill the at least one slots in first volatile memory 102. -Each byte of the received key is exclusive-OR'd with its respective byte of keystream to form the encrypted S representation of the key variable. The encrypted representation of the key is stored 202 in the appropriate slot in the non-volatile memory 103. In a preferred embo~im~nt, approprîate slots in the non -volatile memory 103 and the first volatile memory 102 are determined by slot indicators transmitted by the external Xeying device lOO along with the keys. The key is then stored in place of the keystream in the appropriate sl~t of first volatile memory 102. This process is repeated for each key sent to the secure transmission device lOl.
The encryption code sent to the secure transmission device lOl by the external keying device lOO is only :~
used when the secure transmission device lOl currently contains no key variables in any of the 18 slots. If one or more keys already exist in any of the 18 slots, the encryption code is ignored. In this case, the . encryption code used when the existing keys were loaded : is used again. Furthermore, if the external keyin~
device lOO attempts to store a key in a slot already 25 occupied, the secure transmission de~ice lOl first :
recovers the keystream for that slot by exclusive-OR'ing the key already stored in that slot of first volatile memory 102 with its encrypted representation stored in the corresponding slot of non-volatile memory 103.
The recovered keystream is exclusive-OR'd with the new - key to produce the encrypted representation of the new key. The encrypted representation of the new key is then stored in its appropriate slot of non-volatile memory 103. Finally, the new key is stored in place of .,~,. . . .
,.... . . .. : . , . ~
W0941~s~ 21 3 ~ 9 7 4 PCT~S94101934 the recovered keystream in its appropriate slot of first volatile memory 102.
In the event of a power down, the encryption code currently stored in first volatile memory 102 is stored 203~ in the form of a master key after expansion by the - expander 104, in the second volatile memory 106 of the encryption device lO5. The encryptîon code, keys ~nd ~ keystream (in empty slots) are then erased 204 from the first volatile memory lO~. Thus, the only piece of sensiti~e information (the master key formed from the encryption code) within the secure transmission device lOl is stored in the second volatile memory 106 of the encryption device 105 which, as discussed previously, is protected by tamper detection hardware.
FIGs. 3A and 3B illustrates a logic diagram which can be implemented to utilize encrypted representations of keys stored within the secure transmission de~ice lOl.
It is assumed at this point that encrypted representations of the encryption code, encryption check - code, and at least one key are stored in the non-~olatile memory 103. Upon power up 300, the secure tr~nsm;ssion device lOl attempts to decrypt 30l the encrypted representation of the encryption code and the 2~ encrypted representation of the encryption check code stored in non-volatile memory 103. If no tampering or loss of power to the encryption device 105 has taken place, the master key derived from the encryption code is stored in the encryption device 105. The encrypted representations of the encryption code and encryption check code are obtained by using the encryption device 105 to generate keystream in the same manner as when the encrypted representations were originally formed. As before, the LFSR is loaded with a fixed value, the encryption device 105 is synchronized, and keystream is 2~3~37~
W094/~5~ PCT~S94/01934 generated. The'resultant keystream is then exclusive-OR'd with the encrypted representations of the encryption code and encryption check code to produce a recaptured encryption code and a recaptured encryption check code.
In order to verify the integrity of the master key stored in the second volatile memory 196, a cherk code is calculated 302, in the same manner as the original encryption check code, over the recaptured encryption code. The check code is compared 303 to the recaptured encryption check code. If the check code and the recaptured encryption check c~de match 304, the recaptured encryption code is assumed to have been decrypted correctly, and hence, the master key stored in the second volatile memory 106 is assumed to be valid.
If the secure transmission device l0l had been tampered with while the power was off, the tamper detect hardware ;~
would have caused the master key stored in the second volatile memory 106 to be erased. If the master key was 20 erased, the encrypted representation of the encryption ~;~
code cannot be decrypted correctly and the secure tr~n~m;ssion device l0l is assumed to have been tampered with. It is important to note that the master key stored in the second volatile memory 106 cannot be read by devices external to th~ encryption device 105.
Therefore, the recaptured encryption code is stored 306 in the first volatile memory 102 for later re-storage into the second volatile memory 106, in the form of a master key, at the next p~wer down. This is done because the second volatile memory 106 is loaded with other keys, hence destroying the master key, when the secure transmission device l0l engages in secure co~m-~n;cations.
If the check code and the recaptured encryption check code do not match 304, the encrypted representations of Wog4/~13 213 ~ ~ 7 l PCT~S94/01934 the encryption code and key variables are erased 305 from non-volatile memory 103. As discussed above, the check code and the recaptured encryption check code may not match as a result of a tamper attempt with the secure tr~n~q~;~sion device l0l. At this point, an - external keying device l00 must be connected to the secure trAn.~;ssion device l0l and new keys loaded, as described above, in order to use the secure transmission device l0l again.
If the check code matches the recaptured encryption check code 304, the encrypted representations of the keys, stored in non-volatile memory 103, are decrypted and stored 306 in the first volatile memory l02. The decrypti~n of the encrypted representations of the keys 15 is accomplished as described above. As before, the LFSR
is loaded with a fixed value, the encryption device 105 is synchronized, and keystream is generated. The :~
keystream is stored in all the first volatile memory 102 key slots and each key slot of non-volatile memory 103 is checked for the presence of an encrypted representation of a key. If no encrypted representation of a key is present in a given key slot of non-volatile memory 103, the keystream is left in the corresponding key slot of the first volatile memory 102. If an encrypted representation of a key is present in non-volatile memory 103, each byte of keystream stored in the corresponding key slot of first volatile memory 102 is exclusive-OR'd with the corresponding byte of the encrypted representation of the key variable stored in non-volatile memory 103, resulting in a re~aptured key.
The recaptured key variable is then stored in place of the keystream in its corresponding slot of first volatile memory 102. This process is repeated for all of the key slots.
213~971 W~94~513 PCT~S94/01934 Having stored all possible recaptured keys into their corresponding slots in first volatile memory 102, it is determined 307 if a secure com~llnication is to take place. If a secure transmission is to occur, a S recaptured key in one of the 18 key slots of first voiatile memory 102 is loaded into the second volatile memory 106 of the encryption device 105. The encryption device 105 is then used 309 for the encryption and decryption of transmitted and received information.
Upon detecting the end of the current secure communication 310, it is determined 307 that a secure communication is no longer taking place. If power has not been removed 308, the secure transmission device 101 continues to await a secure commlln;cation 307.
lS If, however, power has been removed 308, the encryption code stored in first volatile memory 102 is expanded into a master key by the expander 104 and loaded into the second volatile memory 106 of the encryption device 105, as shown at step 311. After loading the master key into the encryption device 105, the encryption code and all 18 key variables ~or ~' keystream if a key is not present in a given slot) are erased 311 from the first volatile memory 102. Thus, the only unencrypted information remaining within the secure transmission device 101 is the master key loaded in second volatile memory 106. Because the master key is protected by tamper detection hardware, all of the encrypted representations of keys stored in the non-volatile memory 103 are also protected with tamper detection. This results from the fact that the master key is required to recover any of the keys.
The present invention provides a way for encryption keys, actively erased from RAM at power down, to be recovered on subsequent power ups without compromising u"
W094/~513 2 13 ~ 9 7 ~ PCT~S94/Q1934 the security of the ~o~ml~nication unit in which they are contained and without requiring an external keying device to load the keys. By leaving only encrypted representations of the keys in EEPROM and the master key S necessary to decrypt them in a tamper-protected RAM
device, keys can be decrypted and recovered when necess~ry. If the communication unit is tampered with, the master key is actively erased immediately, thus :~
rendering the encrypted representations of the keys useless.
Claims (16)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A method for loading a key into a secure transmission device, the method comprises the steps of:
a) storing the key and an encryption code in a first volatile memory, wherein the key and the encryption code are sourced by an external keying device;
b) generating, by an encryption device, an encrypted representation of the key based on the key and the encryption code;
c) storing the encrypted representation of the key in non-volatile memory;
d) storing the encryption code in a second volatile memory; and e) erasing the key and the encryption code from the first volatile memory.
a) storing the key and an encryption code in a first volatile memory, wherein the key and the encryption code are sourced by an external keying device;
b) generating, by an encryption device, an encrypted representation of the key based on the key and the encryption code;
c) storing the encrypted representation of the key in non-volatile memory;
d) storing the encryption code in a second volatile memory; and e) erasing the key and the encryption code from the first volatile memory.
2. In the method of claim 1, step (a) further comprises storing multiple keys inthe first volatile memory.
3. In the method of claim 1, the second volatile memory is a portion of the encryption device.
4. In the method of claim 1, step (e) further comprises removing power from the first volatile memory.
5. The method of claim 1 further comprises storing an encrypted representation of the encryption code in the non-volatile memory.
6. In the method of claim 2, step (a) further comprises storing multiple encryption codes in the first volatile memory.
7. A method for loading a key into a secure transmission device, the method comprises the steps of:
a) storing the key and an encryption code in a first volatile memory, wherein the key and the encryption code are sourced by an external keying device;
b) generating an encryption check code based on the encryption code;
c) storing the encryption check code in the first volatile memory;
d) generating a master key based on the encryption code;
e) generating, by an encryption device, an encrypted representation of the key based on the key and the master key;
f) storing the encrypted representation of the key in non-volatile memory;
g) storing the master key in a second volatile memory; and h) erasing the key, the encryption code, and the encryption check code from the first volatile memory.
a) storing the key and an encryption code in a first volatile memory, wherein the key and the encryption code are sourced by an external keying device;
b) generating an encryption check code based on the encryption code;
c) storing the encryption check code in the first volatile memory;
d) generating a master key based on the encryption code;
e) generating, by an encryption device, an encrypted representation of the key based on the key and the master key;
f) storing the encrypted representation of the key in non-volatile memory;
g) storing the master key in a second volatile memory; and h) erasing the key, the encryption code, and the encryption check code from the first volatile memory.
8. A method for a secure transmission device to utilize a key to transmit securedata, wherein an encrypted representation of the key, an encrypted representation of an encryption code and an encrypted representation of an encryption check code are stored in a non-volatile memory, the method comprises the steps of:
a) decrypting, by an encryption device, the encrypted representation of the encryption code and the encrypted representation of the encryption check code based on a master key, to produce a recaptured encryption code and a recaptured encryption check code, wherein the master key is stored in a second volatile memory;
b) calculating a check code based on the recaptured encryption code;
c) comparing the recaptured encryption check code and the check code;
d) when the recaptured encryption check code and the check code substantially match, decrypting, by the encryption device, the encrypted representation of the key based on the master key to produce a recaptured key;
e) storing the recaptured key in a first volatile memory;
f) when the secure transmission device engages in secure communications, utilizing the recaptured key to encrypt and decrypt transmitted data; and g) when the secure transmission device is disabled, erasing the recaptured key from the first volatile memory.
a) decrypting, by an encryption device, the encrypted representation of the encryption code and the encrypted representation of the encryption check code based on a master key, to produce a recaptured encryption code and a recaptured encryption check code, wherein the master key is stored in a second volatile memory;
b) calculating a check code based on the recaptured encryption code;
c) comparing the recaptured encryption check code and the check code;
d) when the recaptured encryption check code and the check code substantially match, decrypting, by the encryption device, the encrypted representation of the key based on the master key to produce a recaptured key;
e) storing the recaptured key in a first volatile memory;
f) when the secure transmission device engages in secure communications, utilizing the recaptured key to encrypt and decrypt transmitted data; and g) when the secure transmission device is disabled, erasing the recaptured key from the first volatile memory.
9. In the method of claim 8, step (e) further comprises storing the recaptured encryption code and the recaptured encryption check code in the first volatile memory.
10. In the method of claim 8, wherein the second volatile memory is a portion ofthe encryption device, step (f) further comprises utilizing the second volatile memory to encrypt and decrypt transmitted data such that the master key is lost.
11. In the method of claim 10, step (g) further comprises storing the master key, based on the recaptured encryption code, in the second volatile memory.
12. In the method of claim 8, when the recaptured encryption check code and the check code do not match, step (d) further comprises erasing the encrypted representation of the key and the encrypted representation of the encryption code from the non-volatile memory.
13. A method for a secure transmission device to utilize a key to transmit secure data, wherein an encrypted representation of the key, an encrypted representation of an encryption code and an encrypted representation of an encryption check code are stored in a non-volatile memory, the method comprises the steps of:
a) decrypting, by an encryption device, the encrypted representation of the encryption code and the encrypted representation of the encryption check code based on a master key to produce a recaptured encryption code and a recaptured encryption check code, wherein the master key is stored in a second volatile memory;
b) calculating an encryption check code based on the recaptured encryption code;c) comparing the encryption check code and the recaptured encryption check code;
d) when the encryption check code and the recaptured encryption check code substantially match, decrypting, by the encryption device, the encrypted representation of the key based on the master key to produce a recaptured key;
e) storing the recaptured key in a first volatile memory;
f) when the secure transmission device engages in secure communications, utilizing the recaptured key to encrypt and decrypt transmitted data; and g) when the secure transmission device is disabled, erasing the recaptured key from the first volatile memory.
a) decrypting, by an encryption device, the encrypted representation of the encryption code and the encrypted representation of the encryption check code based on a master key to produce a recaptured encryption code and a recaptured encryption check code, wherein the master key is stored in a second volatile memory;
b) calculating an encryption check code based on the recaptured encryption code;c) comparing the encryption check code and the recaptured encryption check code;
d) when the encryption check code and the recaptured encryption check code substantially match, decrypting, by the encryption device, the encrypted representation of the key based on the master key to produce a recaptured key;
e) storing the recaptured key in a first volatile memory;
f) when the secure transmission device engages in secure communications, utilizing the recaptured key to encrypt and decrypt transmitted data; and g) when the secure transmission device is disabled, erasing the recaptured key from the first volatile memory.
14. In the method of claim 13, step (e) further comprises storing the recapturedencryption code and the recaptured encryption check code in the first volatile memory.
15. In the method of claim 13, wherein the second volatile memory is a portion of the encryption device, step (f) further comprises utilizing the second volatile memory to encrypt and decrypt transmitted data such that the master key is lost.
16. The method of claim 15 further comprises storing the recaptured encryption code in the second volatile memory.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US037,950 | 1993-03-26 | ||
| US08/037,950 US5363447A (en) | 1993-03-26 | 1993-03-26 | Method for loading encryption keys into secure transmission devices |
| PCT/US1994/001934 WO1994023513A1 (en) | 1993-03-26 | 1994-02-23 | A method for loading encryption keys into secure transmission devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2134974A1 CA2134974A1 (en) | 1994-10-13 |
| CA2134974C true CA2134974C (en) | 1999-01-26 |
Family
ID=21897235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002134974A Expired - Fee Related CA2134974C (en) | 1993-03-26 | 1994-02-23 | A method for loading encryption keys into secure transmission devices |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US5363447A (en) |
| AU (1) | AU663027B2 (en) |
| CA (1) | CA2134974C (en) |
| GB (1) | GB2282305B (en) |
| WO (1) | WO1994023513A1 (en) |
Families Citing this family (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5457748A (en) * | 1992-11-30 | 1995-10-10 | Motorola, Inc. | Method and apparatus for improved security within encrypted communication devices |
| EP0762337A3 (en) * | 1995-09-08 | 2000-01-19 | Francotyp-Postalia Aktiengesellschaft & Co. | Method and device for enhancing manipulation-proof of critical data |
| US6577734B1 (en) * | 1995-10-31 | 2003-06-10 | Lucent Technologies Inc. | Data encryption key management system |
| US5781438A (en) | 1995-12-19 | 1998-07-14 | Pitney Bowes Inc. | Token generation process in an open metering system |
| US6285990B1 (en) | 1995-12-19 | 2001-09-04 | Pitney Bowes Inc. | Method for reissuing digital tokens in an open metering system |
| DE19549014C1 (en) * | 1995-12-28 | 1997-02-20 | Siemens Ag | Protected function activation method for communication system |
| US5802175A (en) * | 1996-09-18 | 1998-09-01 | Kara; Salim G. | Computer file backup encryption system and method |
| US7028014B1 (en) * | 1998-03-18 | 2006-04-11 | Ascom Hasler Mailing Systems | Tamper resistant postal security device with long battery life |
| US6480096B1 (en) * | 1998-07-08 | 2002-11-12 | Motorola, Inc. | Method and apparatus for theft deterrence and secure data retrieval in a communication device |
| US7430668B1 (en) * | 1999-02-15 | 2008-09-30 | Hewlett-Packard Development Company, L.P. | Protection of the configuration of modules in computing apparatus |
| JP2001350864A (en) * | 2000-04-04 | 2001-12-21 | Canon Inc | Communication system, output device, information processor, method for controlling the same, storage medium with its program stored and the same program |
| US20030005323A1 (en) * | 2001-06-29 | 2003-01-02 | Hanley David C. | Management of sensitive data |
| US7853803B2 (en) * | 2001-09-28 | 2010-12-14 | Verizon Corporate Services Group Inc. | System and method for thwarting buffer overflow attacks using encrypted process pointers |
| US7660421B2 (en) * | 2002-06-28 | 2010-02-09 | Hewlett-Packard Development Company, L.P. | Method and system for secure storage, transmission and control of cryptographic keys |
| US7849305B2 (en) * | 2002-08-26 | 2010-12-07 | Axxian Technologies, Inc. | Method and apparatus for sharing data between a server and a plurality of clients |
| US7587600B2 (en) * | 2002-09-16 | 2009-09-08 | Telefonaktiebolaget L M Ericsson (Publ.) | Loading data onto an electronic device |
| US20040225881A1 (en) | 2002-12-02 | 2004-11-11 | Walmsley Simon Robert | Variant keys |
| WO2005004382A1 (en) * | 2003-07-08 | 2005-01-13 | Fujitsu Limited | Encryption/decryption device |
| US7421589B2 (en) * | 2004-07-21 | 2008-09-02 | Beachhead Solutions, Inc. | System and method for lost data destruction of electronic data stored on a portable electronic device using a security interval |
| US8656185B2 (en) * | 2004-07-30 | 2014-02-18 | Safenet, Inc. | High-assurance processor active memory content protection |
| US8005223B2 (en) | 2006-05-12 | 2011-08-23 | Research In Motion Limited | System and method for exchanging encryption keys between a mobile device and a peripheral device |
| US8670566B2 (en) * | 2006-05-12 | 2014-03-11 | Blackberry Limited | System and method for exchanging encryption keys between a mobile device and a peripheral output device |
| US8670564B1 (en) | 2006-08-14 | 2014-03-11 | Key Holdings, LLC | Data encryption system and method |
| IL183024A0 (en) * | 2007-05-06 | 2008-03-20 | Gita Technologies Ltd | Safe self-destruction of data |
| US20100005317A1 (en) * | 2007-07-11 | 2010-01-07 | Memory Experts International Inc. | Securing temporary data stored in non-volatile memory using volatile memory |
| US8006101B2 (en) * | 2008-06-20 | 2011-08-23 | General Instrument Corporation | Radio transceiver or other encryption device having secure tamper-detection module |
| US8630418B2 (en) * | 2011-01-05 | 2014-01-14 | International Business Machines Corporation | Secure management of keys in a key repository |
| JP5922419B2 (en) * | 2012-01-31 | 2016-05-24 | 株式会社東海理化電機製作所 | Wireless communication system |
| US9755831B2 (en) * | 2014-01-22 | 2017-09-05 | Qualcomm Incorporated | Key extraction during secure boot |
| WO2018231765A1 (en) * | 2017-06-12 | 2018-12-20 | Daniel Maurice Lerner | Executable coded cipher keys |
| EP3746901A4 (en) * | 2018-01-31 | 2021-11-17 | Cryptography Research, Inc. | Protecting cryptographic keys stored in non-volatile memory |
| US11244078B2 (en) | 2018-12-07 | 2022-02-08 | Nxp Usa, Inc. | Side channel attack protection |
| CN111654731A (en) * | 2020-07-07 | 2020-09-11 | 成都卫士通信息产业股份有限公司 | Key information transmission method and device, electronic equipment and computer storage medium |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4369332A (en) * | 1979-09-26 | 1983-01-18 | Burroughs Corporation | Key variable generator for an encryption/decryption device |
| US5093860A (en) * | 1990-09-27 | 1992-03-03 | Motorola, Inc. | Key management system |
| US5241597A (en) * | 1991-02-01 | 1993-08-31 | Motorola, Inc. | Method for recovering from encryption key variable loss |
| US5164986A (en) * | 1991-02-27 | 1992-11-17 | Motorola, Inc. | Formation of rekey messages in a communication system |
| US5146497A (en) * | 1991-02-27 | 1992-09-08 | Motorola, Inc. | Group rekey in a communication system |
| US5247576A (en) * | 1991-02-27 | 1993-09-21 | Motorola, Inc. | Key variable identification method |
| US5161189A (en) * | 1991-03-11 | 1992-11-03 | Motorola, Inc. | Encryption and decryption of chained messages |
| US5249227A (en) * | 1992-11-30 | 1993-09-28 | Motorola, Inc. | Method and apparatus of controlling processing devices during power transition |
-
1993
- 1993-03-26 US US08/037,950 patent/US5363447A/en not_active Expired - Lifetime
-
1994
- 1994-02-23 GB GB9422851A patent/GB2282305B/en not_active Expired - Fee Related
- 1994-02-23 AU AU62710/94A patent/AU663027B2/en not_active Ceased
- 1994-02-23 WO PCT/US1994/001934 patent/WO1994023513A1/en active Application Filing
- 1994-02-23 CA CA002134974A patent/CA2134974C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| GB2282305A (en) | 1995-03-29 |
| AU6271094A (en) | 1994-10-24 |
| AU663027B2 (en) | 1995-09-21 |
| GB2282305B (en) | 1997-01-29 |
| WO1994023513A1 (en) | 1994-10-13 |
| CA2134974A1 (en) | 1994-10-13 |
| GB9422851D0 (en) | 1995-01-11 |
| US5363447A (en) | 1994-11-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2134974C (en) | A method for loading encryption keys into secure transmission devices | |
| CA2135631C (en) | A method for loading and utilizing a key in a secure transmission device | |
| EP0227318B1 (en) | Encryption/decryption system | |
| US4731840A (en) | Method for encryption and transmission of digital keying data | |
| US5193115A (en) | Pseudo-random choice cipher and method | |
| US5241597A (en) | Method for recovering from encryption key variable loss | |
| US5517567A (en) | Key distribution system | |
| EP0840477B1 (en) | Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded | |
| US8687800B2 (en) | Encryption method for message authentication | |
| AU663258B2 (en) | A method for point-to-point communications within secure communication systems | |
| CA2441392A1 (en) | Encrypting apparatus | |
| WO1996002992A1 (en) | Signal transmitting method and communication system | |
| KR20000057584A (en) | Process for securing the privacy of data transmission | |
| WO2012140144A1 (en) | Method and system for improving the synchronization of stream ciphers | |
| EP0843439B1 (en) | Data encryption technique | |
| US4856063A (en) | No-overhead synchronization for cryptographic systems | |
| JP3009878B1 (en) | Cryptographic communication device | |
| EP0100106B1 (en) | Communications systems and transmitters and receivers including scrambling devices | |
| CN102474413B (en) | Private key compression | |
| JPH04335730A (en) | Random ciphering communication system | |
| JP4570381B2 (en) | Electronic data transmission system and electronic data transmission method | |
| US20080034206A1 (en) | Encryption Method | |
| CN116502250A (en) | Encryption and decryption method and device for computer | |
| KR20090056466A (en) | Security method of communication data for radio network communication in av system for vehicles | |
| US20040243830A1 (en) | Method and system of secret communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| MKLA | Lapsed |