WO1984004639A1 - Apparatus for transferring secret information from a central station to a terminal - Google Patents

Apparatus for transferring secret information from a central station to a terminal Download PDF

Info

Publication number
WO1984004639A1
WO1984004639A1 PCT/SE1984/000165 SE8400165W WO8404639A1 WO 1984004639 A1 WO1984004639 A1 WO 1984004639A1 SE 8400165 W SE8400165 W SE 8400165W WO 8404639 A1 WO8404639 A1 WO 8404639A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
word
central station
secret information
identity
Prior art date
Application number
PCT/SE1984/000165
Other languages
French (fr)
Inventor
Nils Herbert Edstroem
Freddie Sven Olof Ekberg
Original Assignee
Ericsson Telefon Ab L M
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ericsson Telefon Ab L M filed Critical Ericsson Telefon Ab L M
Publication of WO1984004639A1 publication Critical patent/WO1984004639A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Definitions

  • the invention relates to an apparatus for transferring secret information from a central station to a terminal at the request of a person entitled to receive the information.
  • the object of the invention is to provide a method of protecting the trans ⁇ mission of smaller quantities of information, e.g. cryptokeys, over customary 25 telecommunication media from a central station to a plurality of users, where the consequences of forcing a key will be limited and where it will be possible to discover any attempt, both in time and place, to break the key.
  • information e.g. cryptokeys
  • the key code for communication between the terminal and the central station consists of an open and a closed part, of which only the first is sent to the central station which, from the information obtained, determines the closed part and with the aid of it enciphers the transferred key word, deciphering in the terminal taking place with the aid of the closed, untransmitted part of the code.
  • the drawing illustrates a terminal T in accordance with the invention, in which, with the aid of a code a key word from a central station C, can be obtained without analysis by listening being possible.
  • the terminal contains four registers Al, Bl, A2, B2 for storing the code, which is divided into two parts. One part, called the open part in continuation, and which is to be transmitted to the central station is stored in the registers Al, Bl, while the registers A2, B2 are intended for storing the so-called closed part, which is not transmitted.
  • the central station C contains a data memory DM with memory fields Fl, F2, etc., each intended for one of the codes being used, the code being stored divided into four partial fields corresponding to the registers Al, Bl, A2, B2 in the terminals.
  • the memory DM also contains a memory field FR for storing the key word which is to be transmitted to a terminal from which an authorized user has sent the code.
  • a conventional electronic control circuit SK is used for reading from the memory DM and for remaining control functions in the central station.
  • the code may comprise a part registered on an information carrier such as a plastic card, and a memorized part known solely to the user. According to the embodiment, it is assumed that both the registered and the memorized part are included in both the open and the closed part of the code. If the part registered on the card consists of the binary words 11100110 and 1001, the first word is included in the closed part and is written into the register A2 and the second word is included in the open part and is written into the register Al. If the memorized part consists of the binary words 0111 and 00 the first word is included in the closed part and is written into the register B2, while the second word is included in the open part and is written into the register Bl.
  • the content of the register Al is sent at first through the telecommunication connection SMT-SMC to the central station, where it is written into a register RA and is compared in a comparator circuit JKA with the partial memory field Al in all fields Fl, F2 etc. under the control of the circuit SK. If there is agreement, e.g. in the memory field Fl, the scanning is stopped, and the comparator circuit JKA sends a signal to the terminal where the gate Gl is opened for transferring the content of the register Bl to the central station. A random number is simultaneously sent from a counter TGC in the central station to a memory TGT in the terminal and the counter is stopped.
  • the content of the register Bl is written into the central station register RB and is compared in a comparator circuit JKB with the content in the register Bl in the partial field Fl. If agreement is found, which is a sign that the user is authorized to receive information, the comparator circuit JKB activates the feed-out of the key word from the memory location FR and also feed-out of the partial fields A2 and B2 to an enciphering device KRC.
  • This device can use optional mathematical functions for enciphering and contains the necessary electronic circuits, e.g. multiplication circuits, for the functions, which may vary for different users. However, for the sake of simplicity there is described here an example of an enciphering device which contains adding circuits AD1, AD2, AD3.
  • the key word from the field FR and the code word from the partial field A2 corresponds to the content of the register A2 in the terminal, and this will enable decoding in the terminal deciphering device KRT by a corresponding addition carried out in the central station.
  • the content of the register A2 included in the closed part of the code thus does not need to be transferred from the terminal. In principle, this form of coding and decoding would already enable a secret transfer without risk of analysis, in accordance with the basic conception of the invention.
  • the adding circuit AD2 of the encipheirng device KRC there is a further addition in the adding circuit AD2 of the encipheirng device KRC between the word enciphered in the adding circuit ADl and the content of the partial field B2 corresponding to the content of the register B2 in the terminal.
  • the content of the register B2 is added in the adding circuit AD2 of the decryption device to the enciphered message obtained by two additions.
  • the random number 0001 in the counter TGC is added to the enciphered information obtained from the adding circuit AD2 in the central station adding circuit AD 3.
  • the random number stored in the terminal memory TGT is added in the corresponding adding circuit AD3 in the decryption device KRT to the information coming over the line.
  • the result of the processes is indicated on the drawing for the illustrated practical embodiment. It is obvious that by introducing further coding with a random number there is obtained further security against possible analysis of the code.
  • the basic principle of the invention is that the closed code associated with the calling code and comprising one or more parts is never transferred on the line but is read in the central station with guidance from the open part of the code for use in encoding.

Abstract

The terminal (T) includes a register having two parts (A1, B1, and A2, B2) for writing a personal identity word consisting of a first and a second part, and transmission means for sending the first part of the identity word to the central station. The station has a memory (DM) containing both the first and second parts of all personal identity words used, and furthermore the secret information which is to be sent. On reception of the first part of the identity word, the second part associated with it is fed from the data memory (DM) to an enciphering device (KRC) together with the secret information for enciphering it and sending the enciphered information to the terminal. The terminal contains a deciphering device (KRT) which, sumultaneously with obtaining the enciphered information from the central station, obtains the second part of the personal identity word from the register of the terminal itself so that the message can be deciphered.

Description

APPARATUS FOR TRANSFERRING SECRET INFORMATION FROM A CENTRAL STATION TO A TERMINAL.
TECHNICAL FIELD
The invention relates to an apparatus for transferring secret information from a central station to a terminal at the request of a person entitled to receive the information.
BACKGROUND ART
In the use of cryptography in large telecommunication networks, the pertinent 5 cryptokey must be transferred before enciphering can begin. The system must be made sufficiently safe so that it will defy analysis even after a long period of listening and recording. At present, key codes are distributed manually and this is obviously a weak link within an organization. The transfer of the key word has so far been the greatest limiting factor in the practical application of
10 cryptography in large communication networks. In the diplomatic corps and military organizations, for example, different forms of code books are used today for enciphering, as well as a preciously arranged time schedule for changing between different codes. For more general civilian use in business, as well as more general use at lower levels in military organizations, more easily
15 available and safer methods must be applied, however. So-called bundle enciphering is used for larger bundles of communication channels between communication junction points in a telecommunication network, the junction points being able to process enciphering between themselves. However, this method leaves communication between the user and the nearest junction point
20 unprotected. No reliable method for individual enciphering can be achieved without flexible and unforcible cryptokey distribution, and this problem has not been solved so far.
,
DISCLOSURE OF INVENTION
The object of the invention is to provide a method of protecting the trans¬ mission of smaller quantities of information, e.g. cryptokeys, over customary 25 telecommunication media from a central station to a plurality of users, where the consequences of forcing a key will be limited and where it will be possible to discover any attempt, both in time and place, to break the key.
This is achieved in accordance with the invention in that the key code for communication between the terminal and the central station consists of an open and a closed part, of which only the first is sent to the central station which, from the information obtained, determines the closed part and with the aid of it enciphers the transferred key word, deciphering in the terminal taking place with the aid of the closed, untransmitted part of the code.
The invention is characterized by the disclosures in the claims.
BRIEF DESCRIPTION OF DRAWINGS
The invention will now be described in detail with the aid of an embodiment while referring to the appended drawing which schematically, in the form of a block diagram, illustrates a terminal and a central station for transmission of a key word to the terminal.
BEST MODE FOR CARRYING OUT THE INVENTION
In the form of a block diagram the drawing illustrates a terminal T in accordance with the invention, in which, with the aid of a code a key word from a central station C, can be obtained without analysis by listening being possible. The terminal contains four registers Al, Bl, A2, B2 for storing the code, which is divided into two parts. One part, called the open part in continuation, and which is to be transmitted to the central station is stored in the registers Al, Bl, while the registers A2, B2 are intended for storing the so-called closed part, which is not transmitted.
The central station C contains a data memory DM with memory fields Fl, F2, etc., each intended for one of the codes being used, the code being stored divided into four partial fields corresponding to the registers Al, Bl, A2, B2 in the terminals. The memory DM also contains a memory field FR for storing the key word which is to be transmitted to a terminal from which an authorized user has sent the code. A conventional electronic control circuit SK is used for reading from the memory DM and for remaining control functions in the central station.
When a user from a terminal requests a code word from the central station the code is written into the registers Al, Bl, A2, B2. The code may comprise a part registered on an information carrier such as a plastic card, and a memorized part known solely to the user. According to the embodiment, it is assumed that both the registered and the memorized part are included in both the open and the closed part of the code. If the part registered on the card consists of the binary words 11100110 and 1001, the first word is included in the closed part and is written into the register A2 and the second word is included in the open part and is written into the register Al. If the memorized part consists of the binary words 0111 and 00 the first word is included in the closed part and is written into the register B2, while the second word is included in the open part and is written into the register Bl.
After writing the codes, the content of the register Al is sent at first through the telecommunication connection SMT-SMC to the central station, where it is written into a register RA and is compared in a comparator circuit JKA with the partial memory field Al in all fields Fl, F2 etc. under the control of the circuit SK. If there is agreement, e.g. in the memory field Fl, the scanning is stopped, and the comparator circuit JKA sends a signal to the terminal where the gate Gl is opened for transferring the content of the register Bl to the central station. A random number is simultaneously sent from a counter TGC in the central station to a memory TGT in the terminal and the counter is stopped. The content of the register Bl is written into the central station register RB and is compared in a comparator circuit JKB with the content in the register Bl in the partial field Fl. If agreement is found, which is a sign that the user is authorized to receive information, the comparator circuit JKB activates the feed-out of the key word from the memory location FR and also feed-out of the partial fields A2 and B2 to an enciphering device KRC. This device can use optional mathematical functions for enciphering and contains the necessary electronic circuits, e.g. multiplication circuits, for the functions, which may vary for different users. However, for the sake of simplicity there is described here an example of an enciphering device which contains adding circuits AD1, AD2, AD3. In the first there are added the key word from the field FR and the code word from the partial field A2. As previously mentioned, the content of the partial field A2 corresponds to the content of the register A2 in the terminal, and this will enable decoding in the terminal deciphering device KRT by a corresponding addition carried out in the central station. The content of the register A2 included in the closed part of the code thus does not need to be transferred from the terminal. In principle, this form of coding and decoding would already enable a secret transfer without risk of analysis, in accordance with the basic conception of the invention. In this example, however, there is a further addition in the adding circuit AD2 of the encipheirng device KRC between the word enciphered in the adding circuit ADl and the content of the partial field B2 corresponding to the content of the register B2 in the terminal. In a similar way, the content of the register B2 is added in the adding circuit AD2 of the decryption device to the enciphered message obtained by two additions. The random number 0001 in the counter TGC is added to the enciphered information obtained from the adding circuit AD2 in the central station adding circuit AD 3. In the same way, the random number stored in the terminal memory TGT is added in the corresponding adding circuit AD3 in the decryption device KRT to the information coming over the line.
The result of the processes is indicated on the drawing for the illustrated practical embodiment. It is obvious that by introducing further coding with a random number there is obtained further security against possible analysis of the code. However, the basic principle of the invention is that the closed code associated with the calling code and comprising one or more parts is never transferred on the line but is read in the central station with guidance from the open part of the code for use in encoding.
)tøPI

Claims

1 Apparatus for transferring secret information from a central station to a terminal at the request of a person entitled to receive the information, characterized in that the terminal (T) contains a register with two parts (Al, Bl, and A2, B2) for writing a personal identity word consisting of a first and a second part, and transmission means (SMT) for sending the first part of the identity word (Al, Bl) to the central station (C) and that the station has a memory (DM) containing both parts of all identity words (Al, Bl, A2, B2) used, and also the secret information (FR), the central station also being provided with receiving means (SMC) which, on reception of said first part of the identity word, feed the secret information (FR) to an enciphering device (KRC) and also feed the second part, associated with the received first part, of the identity word (A2, B2) from the data memory (DM) to the enciphering device for enciphering the secret information with said second part as a key and send the enciphered secret information to the terminal, the terminal containing a deciphering device (KRT) which receives the enciphered message word as well as the second part (A2, B2) of the identity word from the register of the terminal (T) for deciphering the message with the aid of said second part.
2 Apparatus as claimed in claim 1, characterized in that the first part of the personal identity word consists of two parts of which one (Al) is a code word learned by the user and the other (Bl) is a code word registered on a recording medium.
3 Apparatus as claimed in either of the preceding claims, characterized in that the second part of the identity word consists of two parts of which one (A2) is a code word learned by the user and the second (B2) is a code word registered on a recording medium.
4 Apparatus as claimed in any of the preceding claims, characterized in that it includes a random number generator (TGC), the generated random number of which is fed to the enciphering device of the central station for use as a key in deciphering, and to the deciphering device of the terminal for use as a key in deciphering.
PCT/SE1984/000165 1983-05-05 1984-05-03 Apparatus for transferring secret information from a central station to a terminal WO1984004639A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
SE8302627A SE8302627A0 (en) 1983-05-05 1983-05-05 crypto System

Publications (1)

Publication Number Publication Date
WO1984004639A1 true WO1984004639A1 (en) 1984-11-22

Family

ID=20351126

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE1984/000165 WO1984004639A1 (en) 1983-05-05 1984-05-03 Apparatus for transferring secret information from a central station to a terminal

Country Status (5)

Country Link
EP (1) EP0145737A1 (en)
ES (1) ES8507302A1 (en)
IT (1) IT8420819A0 (en)
SE (1) SE8302627A0 (en)
WO (1) WO1984004639A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0018129A1 (en) * 1979-04-02 1980-10-29 Motorola, Inc. Method of providing security of data on a communication path
US4283599A (en) * 1979-01-16 1981-08-11 Atalla Technovations Method and apparatus for securing data transmissions
US4288659A (en) * 1979-05-21 1981-09-08 Atalla Technovations Method and means for securing the distribution of encoding keys

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4283599A (en) * 1979-01-16 1981-08-11 Atalla Technovations Method and apparatus for securing data transmissions
EP0018129A1 (en) * 1979-04-02 1980-10-29 Motorola, Inc. Method of providing security of data on a communication path
US4288659A (en) * 1979-05-21 1981-09-08 Atalla Technovations Method and means for securing the distribution of encoding keys

Also Published As

Publication number Publication date
ES532199A0 (en) 1985-02-01
EP0145737A1 (en) 1985-06-26
SE8302627A0 (en) 1984-11-07
IT8420819A0 (en) 1984-05-04
SE8302627L (en)
ES8507302A1 (en) 1985-02-01
SE8302627D0 (en) 1983-05-05

Similar Documents

Publication Publication Date Title
US3798360A (en) Step code ciphering system
US4484025A (en) System for enciphering and deciphering data
US5402490A (en) Process for improving public key authentication
US5960086A (en) Unified end-to-end security methods and systems for operating on insecure networks
AU681822B2 (en) A method for providing blind access to an encryption key
EP0123360B1 (en) Method of distributing and utilizing enciphering keys
CZ9700881A3 (en) Method and apparatus for secure identification of a mobile user in a communication system and portable input means for making the same
JPH05227152A (en) Method and device for establishing privacy communication link
KR19990045057A (en) Encryption information access method, decryption module and communication system
GB2047506A (en) Method and apparatus for securing data transmissions
EP1040630A1 (en) Data communications
CH656761A5 (en) DATA TRANSMISSION SYSTEM THAT HAS AN ENCRYPTION / DECRYLING DEVICE AT EACH END OF AT LEAST ONE DATA CONNECTION.
EP0781427B1 (en) Secure computer network
CA2695019A1 (en) Method and system for encryption of data
CZ283178B6 (en) Method of point-to-point connection within a safe communication system
US20010014156A1 (en) Common key generating method, common key generator, cryptographic communication method and cryptographic communication system
CN109190404A (en) A kind of data desensitization system
WO2018186543A1 (en) Data encryption method and system using device authentication key
US6081703A (en) Communication system including debiting provisions for communicating with a subsystem that charges a fee
EP0018129B1 (en) Method of providing security of data on a communication path
JPS61228745A (en) Data diffusion method and system
EP0959584A2 (en) Method for secure data transmission
JPH11122238A (en) Network system
MXPA03009823A (en) Secure group secret distribution.
WO1984004639A1 (en) Apparatus for transferring secret information from a central station to a terminal

Legal Events

Date Code Title Description
AK Designated states

Designated state(s): DK FI JP NO US

AL Designated countries for regional patents

Designated state(s): BE CH DE FR GB NL