WO1999014887A1 - Encryption method and apparatus with variable encryption strength - Google Patents
Encryption method and apparatus with variable encryption strength Download PDFInfo
- Publication number
- WO1999014887A1 WO1999014887A1 PCT/GB1998/002774 GB9802774W WO9914887A1 WO 1999014887 A1 WO1999014887 A1 WO 1999014887A1 GB 9802774 W GB9802774 W GB 9802774W WO 9914887 A1 WO9914887 A1 WO 9914887A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- encryption
- cryptographic
- check value
- derived
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Definitions
- the present invention relates to an encryption method and apparatus and in particular to such a method and apparatus which can be arranged to prevent unauthorised users of an encryption device from being able to obtain strong encryption with that device.
- end-to-end encryption in communication networks. This is particularly required by military and public safety users of radio and telephone communications, but high grade end-to-end encryption devices are also becoming increasingly available to the general public.
- Such encryption devices typically use a cryptographic key, for example in the form of a binary number, input by a user of the device to encrypt messages that the user sends with the communications apparatus in which the encryption device is incorporated, as is well known in the art. Examples of such encryption methods include secret key encryption and public key encryption.
- an encryption apparatus which can provide two or more levels of encryption strength, comprising: means for deriving from a cryptographic key input by a user of the apparatus a cryptographic encryption key for use to encrypt or decrypt communications; means for determining whether the input cryptographic key has a particular property; means for selecting one of said two or more levels of encryption strength on the basis of the determination; and means for encrypting or decrypting communications at the selected level of encryption strength using the derived encryption key.
- a method of encrypting or decrypting communications comprising: deriving from a first cryptographic key a cryptographic encryption key for use to encrypt or decrypt communications; determining whether the first cryptographic key has a particular property; selecting a level of encryption strength on the basis of the determination; and using the derived encryption key to encrypt or decrypt communications at the selected level of encryption strength.
- an encryption key is derived from the input (or first) cryptographic key, and the strength of the encryption effected using the derived encryption key is then selected in accordance with whether or not the input (or first) key has a particular property.
- the present invention thus switches between two or more levels of encryption strength (such as high and low strength encryption modes) on the basis of a particular property of the input (or first) cryptographic key.
- the present invention can therefore be arranged to provide strong encryption for an authorised user using an authorised key (which would normally be escrowed) , but only weaker or no encryption with an unauthorised key as might be input by an unauthorised user.
- the authorised input key would have the particular predetermined property which selects high strength encryption. However, unauthorised users wishing to use their own unauthorised keys, would not know the relevant property, and thus would be unable to obtain strong encryption.
- the encryption key can be derived from the input cryptographic key in a number of ways, as will be appreciated by those skilled in the art. It could, for example, comprise the entire input cryptographic key in the form that it is input. However, the encryption key preferably differs from the input cryptographic key. It could, for example, be derived by taking some or all of the bits of the input key in some predetermined manner. For example, a predetermined number of bits from a predetermined part of the input key (such as one end of the key) , or bits from more than one part of the input key (such as every other bit of the key) , could be used to form the encryption key. The bits could also be reordered in a predetermined manner before or after taking them from the input key, if desired.
- the particular property of the input cryptographic key should preferably be such that an authorised input cryptographic key can readily be arranged to have it, but it is unlikely that any unauthorised key could by chance possess it; otherwise, it can be selected as desired.
- the property could be whether the input key includes a particular sequence of bits, is exactly divisible by a particular number, or whether it belongs to a particular mathematical series (such as the Fibonacci series) .
- the particular property of the input cryptographic key is preferably a concealed property of the key which is not readily apparent from an authorised input key (unlike, for example, the length of the key) .
- the property is derived by taking or using bits of the input key in a predetermined manner. This makes the property much less apparent and more difficult to guess from the input key alone.
- the input key has a particular property can be determined in a number of ways and will depend on the property concerned.
- the input key could be compared with a stored sequence of bits, the particular number could be divided into the input key, or the input key could be compared with known members of the mathematical series (stored, for example, in a memory in the encryption device), respectively.
- the level of encryption strength is selected on the basis of whether or not the input key has the particular property. For example, stronger (or the maximum) level of encryption strength could be selected if the input key has the particular property, and a second level of encryption strength (e.g. weak or no encryption) selected if the input key does not have the particular property.
- stronger (or the maximum) level of encryption strength could be selected if the input key has the particular property, and a second level of encryption strength (e.g. weak or no encryption) selected if the input key does not have the particular property.
- the particular property according to which the encryption strength is selected is whether or not an appropriate cryptographic check value is derivable from the cryptographic input key.
- the present invention will therefore comprise means or a step of deriving a cryptographic check value from the input cryptographic key, and the level of encryption strength will be selected on the basis of the derived check value.
- This embodiment of the present invention is thought to be particularly advantageous, in that it will be more difficult for an unauthorised user to determine an input cryptographic key from which a check value which selects higher strength encryption can be derived.
- an encryption apparatus which can provide two or more levels of encryption strength, comprising: means for deriving from a cryptographic key input by a user of the apparatus a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value ; means for selecting one of said two or more levels of encryption strength on the basis of the derived check value ; and means for encrypting or decrypting communications at the selected level of encryption strength using the derived encryption key.
- a method of encrypting or decrypting communications comprising: deriving from a cryptographic key a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value; selecting a level of encryption strength on the basis of the derived check value; and using the derived encryption key to encrypt or decrypt communications at the selected level of encryption strength.
- an encryption key and a cryptographic check value (which can also be referred to a "certificate” or "signature", as is known in the art) are derived from the input key, and the strength of the encryption effected using the derived encryption key is then selected in accordance with the derived check value.
- the check value can be derived from the input cryptographic key in a number of ways, as will be appreciated by those skilled in the art. It could, for example, be derived by taking several or all of the bits of the input key in some predetermined manner . For example, a predetermined number of bits from a predetermined part of the input key (such as one end of the key) , or bits from one or more parts of the input key (such as every other bit of the key) , could be used to form the check value . In such an arrangement the remaining bits of the input key could be used to form the encryption key.
- the bits could also be reordered in a predetermined manner before or after taking them from the input key, if desired.
- the derived check value can be used to select the strength of the encryption in many ways.
- the derived check value could be used to calculate a number or other information which is then used to select the level of encryption strength.
- the derived check value is preferably compared with one or more other check values and the encryption strength selected on the basis of that comparison. For example, a first (e.g. stronger or the maximum) level of encryption could be selected if the derived check value matches one of the other comparison check values, and a second level of encryption (e.g. weaker or no encryption) selected if the derived check value does not match any of the other comparison check values.
- the other check values for comparison with the derived check value can be predetermined and stored in the encryption apparatus. However, in this arrangement it may be possible for someone to read the comparison check values in the encryption device.
- the other check value or values for comparison with the derived check value are therefore preferably derived from the input cryptographic key in a predetermined manner.
- the check value derived from the input key is compared with a further check value derived from the derived encryption key and the strength of the encryption is selected on the basis of the result of that comparison (for example whether or not a match is found) .
- This arrangement makes it particularly difficult for an unauthorised user to accidentally input, or to deduce, a key which will provide strong encryption, since not only must the input key provide the correct check value, it must also include an encryption key from which the correct further check value will be derived.
- the further check value could be derived by taking predetermined bits of the derived encryption key in a particular order. However, it is preferably derived from the derived encryption key by performing a predetermined cryptographic function on the derived encryption key, as this makes it more difficult still for an unauthorised user to produce their own input keys which will provide strong encryption. It is preferably derived by performing an irreversible cryptographic hash function on the derived encryption key.
- an encryption apparatus which can provide two or more levels of encryption strength, comprising: means for deriving from a cryptographic key input by a user of the apparatus a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value; means for deriving from the derived encryption key a further cryptographic check value; means for comparing the derived check value and the further check value; means for selecting one of said two or more levels of encryption strength on the basis of the comparison; and means for encrypting or decrypting communications at the selected level of encryption strength using the derived encryption key.
- a method of encrypting or decrypting communications comprising: deriving from a cryptographic key a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value; deriving from the derived encryption key a further cryptographic check value; comparing the derived check value and the further check value; selecting a level of encryption strength on the basis of the comparison; and using the derived encryption key to encrypt or decrypt communications at the selected level of encryption strength.
- the different levels of encryption strength could, for example, comprise full (or maximum) available strength encryption or no encryption (or preventing the device from working) at all.
- full (or maximum) available strength encryption or no encryption (or preventing the device from working) at all.
- (maximum) strength encryption could be provided if the input key has the particular property (e.g. if the derived check value matches an authorised check value (or matches the derived further check value) ) , but no encryption provided or the device refuse to operate at all (i.e. produce no cipher text or plain text output) if the input key does not have the particular property (e.g. if the derived check value does not match an authorised check value (or the derived and further check values do not match) ) .
- the encryption strength is varied between full (maximum) , or higher, strength encryption and weaker encryption (but still some level of encryption rather than no encryption at all) on the basis of the determination of whether the input key has the particular property (e.g. on the basis of the derived check value) .
- This can be advantageous because it makes it more difficult for an unauthorised user who uses a key which does not have the particular property (e.g. provide a check value) necessary for full strength encryption to realise that their communications are not being encrypted fully.
- three or more different levels of encryption strength are provided.
- each authorised level of encryption strength could have its own particular property, such as a number by which the input key must be exactly divisible, or a mathematical series to which the input key must belong.
- each authorised level of encryption strength could have its own individual authorised check value.
- the level of encryption strength could then be selected in accordance with which property the input key has. For example, it could be selected by comparing the derived check value with the relevant number of comparison check values and selecting the encryption strength permitted by whichever comparison check value the check value derived from the input key matches.
- multiple further check values could be derived from the derived encryption key (for example by performing a number of hash functions on the derived encryption key and/or by using a number of different hash keys) and the derived check value compared with each of those further comparison check values and the encryption strength selected on the basis of those comparisons.
- the strength of encryption can be changed in various ways, as is well known in the art.
- One way to do this would be by altering the derived encryption key, for example to reduce its effective length to a value which makes a key search feasible (e.g. by setting a number of bits to a fixed value, or by repeating sequences of bits) .
- the encryption algorithm could be altered to facilitate cryptanalysis .
- the number of "rounds” could be drastically reduced, or the DES "S Box” and permutations could be modified.
- One or more of these alterations could be put into effect whenever the input key does not have the relevant particular property (e.g. the derived check value does not indicate that full strength encryption is authorised) .
- the present invention also extends to the generation of authorised input keys including check values for use with the encryption apparatus and method of the present invention.
- the authorised input key should include an encryption key and a cryptographic check value combined in such a manner that they will be correctly derived by the encryption apparatus for which the input key is intended.
- the input key is basically generated by combining a cryptographic encryption key and a cryptographic check value in a manner complementary to the way in which the encryption key and check value are to be derived from the input key.
- the method of combination will therefore generally speaking be the reverse of the intended process for deriving the encryption key and check value from the input key (although conversely the method of deriving the encryption key and check value from the input key could be predetermined by the method of generating an authorised input key from a given encryption key and an authorised check value) .
- the encryption key and check value could be combined by appending the bits of the check value to, or interleaving them with, the bits of the encryption key, in the converse manner to the way the encryption key and check value are derived from the input key in the encryption apparatus or method.
- the encryption key itself can be any form of encryption key known in the art, such as keys suitable for use in symmetrical, secret key cryptography or in public key cryptography. It could, for example, comprise a randomly generated key of a desired length, or a user's secret, public or private key.
- the check value should be such that it readily identifies an authorised input key. It could for example comprise a predetermined binary word. However, this arrangement is not preferred, since if an unauthorised user manages to determine the binary word, he may then be able to combine it with his own unauthorised encryption keys to allow him to use strong encryption with the encryption device.
- the check value is derived in a predetermined manner from the encryption key. This helps to ensure that identifying the check value of one key does not automatically provide a check value that will work for all keys.
- This method of generating a check value is particularly suited for use with the above aspects of the present invention in which a further comparison check value is derived from the derived encryption key. In such cases, the ways of generating the check value and deriving the further comparison check value are preferably identical .
- the check value could be generated from the encryption key by, for example, taking predetermined bits of the encryption key in a particular order. However, it is preferred that the check value is generated cryptographically from the encryption key, as this makes it harder to determine how to generate a correct check value for any encryption key, for example by performing a cryptographic certification function on the encryption key.
- the check value is generated by performing an irreversible cryptographic hash function on the encryption key, as this makes it more difficult still to determine how to generate a correct check value for any encryption key.
- each check value can be generated from the encryption key in a different predetermined manner. For example, different hash functions could be performed on the encryption key to provide different check values and/or a different hash key could be employed for each level .
- the check value is preferably of sufficient length that it is extremely improbable that a correct check value can be created by accident. It should therefore generally speaking be as secure as the encryption key with which it is combined.
- the check value is preferably the same length as or a similar length to the encryption key.
- a method of generating a cryptographic key having a check value for authorising its validity comprising: generating an encryption key for use to encrypt or decrypt communications; generating a check value from the encryption key by performing one or more cryptographic functions on the encryption key; and combining the encryption key and check value to form a certificated cryptographic key.
- an apparatus for generating a cryptographic key having a check value for authorising its validity comprising: means for generating an encryption key for use to encrypt or decrypt communications; means for generating a check value from the encryption key by performing one or more cryptographic functions on the encryption key; and means for combining the encryption key and check value to form a certificated cryptographic key.
- a cryptographic key comprising the combination of an encryption key and a check value generated from the encryption key by performing one or more cryptographic functions on the encryption key.
- the generated input key is further encrypted before it is distributed to authorised users.
- the encryption apparatus and method of the first to sixth aspects of the present invention preferably therefore further include means for or a step of decrypting an input key before the encryption key and particular property (e.g. check value) are determined (or derived) therefrom.
- This additional encryption makes it harder still for an unauthorised user to generate their own key that will provide strong encryption, since in this arrangement the input key must provide a key which when decrypted will provide an encryption key and a correct property (e.g. check value) .
- a correct property e.g. check value
- an unauthorised user of an encryption device incorporating the present invention would be able to extract from the device sufficient information to be able to derive their own check value that would provide a strong encryption or may have obtained knowledge of the certification algorithm in some other way. However, even in that case they will still not know how to correctly encrypt their bogus key such that when decrypted by the encryption device, the device then derives from it an encryption key and a correct check value for strong encryption.
- a method of generating a cryptographic key for distribution to users of encryption devices comprising: combining a cryptographic encryption key with a cryptographic check value; and encrypting the combined key to provide the cryptographic key.
- an apparatus for generating a cryptographic key for distribution to users of encryption devices comprising: means for combining a cryptographic encryption key with a cryptographic check value; and means for encrypting the combined key to provide the cryptographic key.
- a cryptographic key comprising an encrypted version of the combination of a cryptographic encryption key and a cryptographic check value .
- an encryption apparatus which can provide two or more levels of encryption strength, comprising: means for decrypting a cryptographic key input by a user of the apparatus using a predetermined decryption key; means for deriving from the decrypted input key a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value; means for selecting one of said two or more levels of encryption strength on the basis of the derived check value; and means for encrypting or decrypting communications at the selected level of encryption strength using the derived encryption key.
- a fourteenth aspect of the present invention there is provided a method of encrypting or decrypting communications comprising: decrypting a cryptographic key using a predetermined decryption key; deriving from the decrypted key a cryptographic encryption key for use to encrypt or decrypt communications, and a cryptographic check value; selecting a level of encryption strength on the basis of the derived check value; and using the derived encryption key to encrypt or decrypt communications at the selected level of encryption strength.
- the encryption used for the input key can be any form of encryption known in the art.
- the secret key is preferably stored in an unreadable form in the encryption device, as is known in the art, as this stops an unauthorised user from being able to read the secret key from the encryption device and thus perhaps generate their own unauthorised key.
- the secret key could, for example, be stored inside a memory which can be wiped by a tamper detection circuit when it detects an attempt to read the memory.
- the input key is encrypted using a reverse form of public key cryptography.
- the key generator uses his private key to encrypt the input key and the encryption device then uses the key generator's public key to decrypt it. This is a more secure arrangement because even if an unauthorised user manages to read the public key in the encryption device, he will still not know the private key necessary to create the input key properly.
- the public key in the encryption device be stored in such a way that it is unalterable in the encryption device, as is known in the art, as this prevents an unauthorised user from putting their own public key in the encryption device.
- the public key could, for example, be hard coded in an unalterable way into the encryption device, or stored inside a memory which is disabled (such that it can't be rewritten to) if tampering is detected.
- the public key is preferably also unreadable in the encryption device, although as noted above, this is not essential .
- Further levels of encryption to the input key can be added, if desired. For example, as well as encrypting it with the key generator's key, that encrypted key could be further encrypted with an individual user's key (either by secret key encryption or public key encryption) such that the key can only be used by the individual for whom it is intended.
- Figure 1 shows a first embodiment of the generation of an authorised input key in accordance with the present invention
- FIG. 2 shows a first embodiment of an encryption device in accordance with the present invention
- Figure 3 shows a second embodiment of the generation of an authorised input key in accordance with the present invention.
- Figure 4 shows a second embodiment of an encryption device in accordance with the present invention.
- Figure 1 illustrates one method of generating an authorised input key in accordance with the present invention.
- the key generator or provider firstly generates a random encryption key K of length n a required by the encryption algorithm using a random key generator 1.
- a cryptographic check value (or key certificate or key signature) S of length n b is then generated by check value generator 2.
- the check value generator 2 carries out a cryptographic certification irreversible hash function h on the encryption key K under the control of a hash key K c , to provide the check value S. It is desirable to make the check value of sufficient length to make it extremely improbable that a correct check value can be created by accident. It is wise therefore to make the check value S of a similar length to the encryption key K.
- the check value S is then appended to the encryption key K (or may be inserted or interleaved into K at specific bit locations) by combining means 3 in accordance with a mixing function m to create a certificated key K s , of length n a + n b .
- the certificated key K s is then encrypted with the key generator's private encryption key, k gs , using the reverse public key encryption algorithm f, by encryption means 4 to generate a distribution key K d .
- This key K d is the key that is provided to authorised users by the key generator, and would also be provided to a trusted third party under key escrow. If it is required to restrict the use of a distribution key to individual encryption devices, key K d may be further encrypted with a key unique to the individual encryption unit (not shown) . This helps to protect key K d from being used by some other person who has an encryption device holding the key generator's public key, should key K d fall into the wrong hands.
- Figure 2 shows an embodiment of an encryption device in accordance with the present invention and in particular how an input key is authenticated inside the user's encryption device.
- the user would firstly input the distribution key K d into the encryption device. Key K d would then be decrypted using an individual encryption device's decryption key, if individual encryption has been applied (not shown) .
- the input key K d is then decrypted by decryption means 5 using the public key decryption algorithm f "1 (which is the inverse of f) and the key generator's public key k gp to derive the certificated key K s .
- the derived key K s is then fed to a dividing unit 6 which performs a dividing function m "1 (which is the inverse of m) on the certificated key K s to derive the encryption key K and check value S.
- a dividing unit 6 which performs a dividing function m "1 (which is the inverse of m) on the certificated key K s to derive the encryption key K and check value S.
- Check value generator 7 of the encryption device then creates a further comparison check value S' from the derived encryption key K using the same certification function h and key K c as were used to generate the check value S from the encryption key K by the check value generator 2.
- Comparator 8 compares the derived check value S and the further comparison check value S ' and outputs a signal b whose value depends on whether the two check values are equal.
- Signal b controls the level of encryption strength provided by encryption means 9. If the two check values agree, signal b selects a strong encryption mode; if not, it selects a weak encryption mode .
- Encryption means 9 encrypts plain text communications input to it using the derived encryption key K in accordance with a variable-strength encryption algorithm a, at the strength level determined by the signal b.
- the encryption algorithm a can be any such algorithm known in the art, such as the DES or IDEA algorithm.
- the strength of the encryption can be changed in various ways.
- the encryption key K could be altered to reduce its effective length to a value which makes a key search feasible (for example by setting a number of bits to a fixed value, or repeating sequences of bits) .
- the encryption algorithm could be altered to facilitate cryptanalysis .
- the number of "rounds" could be drastically reduced, or the DES "S Box" and permutations could be modified. Either or both of these alterations can be put into effect whenever the signal b indicates that the key does not carry a valid check value from the key provider.
- the unauthorised user if unable to tamper with the encryption device, needs to furnish it with a key K d which contains within it a check value which will cause the encryption device to use strong encryption.
- the unauthorised user should not have a knowledge of certification function h and hash key K c , so will be unable to create a valid check value.
- the method of calculating the check value from the encryption key K is stored in every encryption device served by a particular authorised key generator, and it is possible therefore that an unauthorised user will find a means of extracting this information (e.g. by dissecting (and thereby destroying) an encryption device) and use it to produce forged check values S to correspond with his own invented key K.
- the key K gp can be made unalterable by any means known in the art .
- the key k gp could be hard coded in an unalterable way into the encryption device.
- algorithm f does not have to be a public key algorithm, but could be a private key, symmetric algorithm. However, in this case it is desirable to make the key not only unalterable, but also unreadable inside the encryption device, as otherwise an unauthorised user could use this key and the check value to generate a valid distribution key K d which has not been escrowed.
- the encryption device should be arranged such that it is not practical for a would-be user to modify, avoid or override the variable encryption strength control mechanism.
- the encryption device preferably should be tamper-proof in general . Tamper protection can be achieved by encapsulating all functions shown in Figure 2, and their interconnections, in an integrated circuit, so that access can only be obtained to signals K d , K s , K and a by breaking open the device .
- the surface layers of the active encapsulated device should be covered by an additional tamper detection layer (for example a conductive grid, or a conductive spiral of known inductance and capacitance) such that the device can detect an attempt to probe through to lower layers and refuse to operate.
- an additional tamper detection layer for example a conductive grid, or a conductive spiral of known inductance and capacitance
- the user's key and hash keys can be further protected by an anti-tamper switch in a box containing the device; if the box is opened, the keys are erased.
- Figures 3 and 4 show alternative embodiments of authorised input key generation and an encryption device in accordance with the present invention. These embodiments are similar to those shown in Figures 1 and 2, and thus the description above in relation to Figures 1 and 2 applies equally to the embodiments shown in Figures 3 and 4, where appropriate. Like reference numerals and symbols have been used in Figures 3 and 4 to denote the same features as appear in Figures 1 and
- Encryption key K u will typically be a key specific to an individual or particular group of users to help ensure that only that individual or group of users can use the distributed key. Key K u will therefore usually be a user's (or user group's) secret key or public key and function u will use secret or public key encryption, respectively.
- the encryption device shown in Figure 4 corresponds closely to that shown in Figure 2 , but is adapted to use a key K e as produced by the generation method of Figure 3.
- the encryption device firstly includes additional decryption means 11 which uses decryption function u "1 (the reverse of u) and the corresponding user's decryption key K u to decrypt the user encrypted distribution key K e to re-derive the distribution encryption key K d .
- the device shown in Figure 4 also includes the possibility of providing more than two levels of encryption or decryption depending upon the derived cryptographic check value.
- check value generator 7 creates a number of further comparison check values S' from the derived encryption key K using plural certification functions h.
- Comparator 8 compares the derived check value S and the further comparison check values S' and outputs as signal b a signal indicating true or false in response to each check value comparison to selection means 12. Simultaneously with the signal b, check value generator 7 sends a signal j to selection means 12 which indicates the hash function h to which the particular signal b corresponds.
- Selection means 12 uses function d to derive from signal b and signal j which hash function being tested has resulted in matching check values and outputs a signal i which indicates the encryption strength level corresponding to the matching check values.
- Encryption means 9 encrypts plain text communications using the derived encryption key K in accordance with the variable-strength encryption algorithm a, at the strength level indicated by the signal i.
- An alternative way of coding and testing for multiple levels would be use to multiple hash keys instead of multiple hash algorithms h.
- a key or level number n could be passed from function h to a hash key store to request the hash key appropriate to the encryption strength level to be tested.
- Check value generator 7 would also pass the level information to selection means 12 by means of signal j .
- Selection means 12 could then record the value of the signal j for which signal b is true using function d and indicate this value to encryption means 9 by means of signal i.
- Encryption means 9 would then modify the strength of the encryption algorithm a to the level indicated by the signal i .
- the above embodiments of the present invention have been described in relation to providing an input key with a check value and selecting the encryption strength on the basis of whether or not the input key derives the correct check value, as noted above, properties other than whether or not the input key derives a particular check value can be used to select the encryption strength.
- the derived key K s could instead be divided by a particular number, and if the result of that division is an integer (i.e. the input key is divisible exactly by the particular number) , then the encryption means controlled to provide strong encryption, but not otherwise.
- the derived key K s could be compared with stored or calculated members of a particular mathematical series, and if a match is found strong encryption selected, but not otherwise.
- decryption device would operate in the corresponding manner to the encryption device described above.
- the decryption device would derive a decryption key and check value from an input cryptographic key and then use the derived decryption key to decrypt communications at a strength level selected in accordance with the derived check value.
- This arrangement would be particularly applicable in cases where the encryption device provides three or more levels of encryption strength.
- the particular property e.g. cryptographic check value
- the encryption key and the decryption key could be set to be identical, or could be set to be different (for example such that the encryption key has one check value and the decryption key a different check value) .
- the encryption and decryption keys could be treated in an identical manner, or could be considered completely separately, as desired. This applies equally whether the encryption and decryption keys are identical (such as might be the case in secret key cryptography) , or differ (such as for public key cryptography) .
- the same cryptographic hash function could be used to derive check values (which would differ) for the public and private keys.
- the check values or particular properties differ for the distributed encryption and decryption keys, then, as will be appreciated, the check values or properties should derive the same levels of encryption/decryption strength.
- the encryption apparatus of the present invention could be incorporated, inter alia , in any communication device which can provide encrypted communication, such as radios, telephones, etc.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP98942910A EP1016239A1 (en) | 1997-09-16 | 1998-09-14 | Encryption method and apparatus with variable encryption strength |
AU90875/98A AU9087598A (en) | 1997-09-16 | 1998-09-14 | Encryption method and apparatus with variable encryption strength |
IL13508098A IL135080A0 (en) | 1997-09-16 | 1998-09-14 | Encryption method and apparatus with variable encryption strength |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB9719726.3A GB9719726D0 (en) | 1997-09-16 | 1997-09-16 | Encryption method and apparatus |
GB9719726.3 | 1997-09-16 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1999014887A1 true WO1999014887A1 (en) | 1999-03-25 |
Family
ID=10819178
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB1998/002774 WO1999014887A1 (en) | 1997-09-16 | 1998-09-14 | Encryption method and apparatus with variable encryption strength |
Country Status (7)
Country | Link |
---|---|
EP (1) | EP1016239A1 (en) |
CN (1) | CN1277769A (en) |
AU (1) | AU9087598A (en) |
GB (2) | GB9719726D0 (en) |
IL (1) | IL135080A0 (en) |
WO (1) | WO1999014887A1 (en) |
ZA (1) | ZA988391B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7660986B1 (en) | 1999-06-08 | 2010-02-09 | General Instrument Corporation | Secure control of security mode |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7873166B2 (en) * | 2005-09-13 | 2011-01-18 | Avaya Inc. | Method for undetectably impeding key strength of encryption usage for products exported outside the U.S |
US20080037775A1 (en) | 2006-03-31 | 2008-02-14 | Avaya Technology Llc | Verifiable generation of weak symmetric keys for strong algorithms |
DE102010011657A1 (en) * | 2010-03-17 | 2011-09-22 | Siemens Aktiengesellschaft | Method and apparatus for providing at least one secure cryptographic key |
CN103761486A (en) * | 2013-12-02 | 2014-04-30 | 苗立地 | Electronic file encryption method and device |
NL2019735B1 (en) * | 2017-10-16 | 2019-04-23 | Abn Amro Bank N V | Secure communication system and method for transmission of messages |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5073934A (en) * | 1990-10-24 | 1991-12-17 | International Business Machines Corporation | Method and apparatus for controlling the use of a public key, based on the level of import integrity for the key |
EP0729252A2 (en) * | 1995-02-24 | 1996-08-28 | International Computers Limited | Cryptographic key management |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2274229A (en) * | 1992-12-19 | 1994-07-13 | Ibm | Cryptography system. |
-
1997
- 1997-09-16 GB GBGB9719726.3A patent/GB9719726D0/en active Pending
-
1998
- 1998-09-14 WO PCT/GB1998/002774 patent/WO1999014887A1/en not_active Application Discontinuation
- 1998-09-14 AU AU90875/98A patent/AU9087598A/en not_active Abandoned
- 1998-09-14 GB GB9819988A patent/GB2329308B/en not_active Expired - Fee Related
- 1998-09-14 CN CN98810547A patent/CN1277769A/en active Pending
- 1998-09-14 ZA ZA9808391A patent/ZA988391B/en unknown
- 1998-09-14 EP EP98942910A patent/EP1016239A1/en not_active Withdrawn
- 1998-09-14 IL IL13508098A patent/IL135080A0/en unknown
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5073934A (en) * | 1990-10-24 | 1991-12-17 | International Business Machines Corporation | Method and apparatus for controlling the use of a public key, based on the level of import integrity for the key |
EP0729252A2 (en) * | 1995-02-24 | 1996-08-28 | International Computers Limited | Cryptographic key management |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7660986B1 (en) | 1999-06-08 | 2010-02-09 | General Instrument Corporation | Secure control of security mode |
Also Published As
Publication number | Publication date |
---|---|
GB2329308A (en) | 1999-03-17 |
GB2329308B (en) | 2000-02-09 |
CN1277769A (en) | 2000-12-20 |
EP1016239A1 (en) | 2000-07-05 |
GB9719726D0 (en) | 1998-03-18 |
AU9087598A (en) | 1999-04-05 |
GB9819988D0 (en) | 1998-11-04 |
IL135080A0 (en) | 2001-05-20 |
ZA988391B (en) | 2000-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Clulow | On the security of PKCS# 11 | |
Diffie et al. | Privacy and authentication: An introduction to cryptography | |
US5956403A (en) | System and method for access field verification | |
US6160891A (en) | Methods and apparatus for recovering keys | |
US6549626B1 (en) | Method and apparatus for encoding keys | |
US5517567A (en) | Key distribution system | |
US7111173B1 (en) | Encryption process including a biometric unit | |
US7974410B2 (en) | Cryptographic key split combiner | |
US7502467B2 (en) | System and method for authentication seed distribution | |
Turan et al. | Recommendation for password-based key derivation | |
US6885747B1 (en) | Cryptographic key split combiner | |
US5748782A (en) | Device for implementing a message signature system and chip card comprising such a device | |
CA2187923C (en) | A method for providing blind access to an encryption key | |
US5647000A (en) | Failsafe key escrow system | |
US20070014399A1 (en) | High assurance key management overlay | |
WO2005062919A2 (en) | Public key encryption for groups | |
KR20000057584A (en) | Process for securing the privacy of data transmission | |
EP0912011A2 (en) | Method and apparatus for encoding and recovering keys | |
US6272225B1 (en) | Key recovery condition encryption and decryption apparatuses | |
Turan et al. | Sp 800-132. recommendation for password-based key derivation: Part 1: Storage applications | |
WO1999014887A1 (en) | Encryption method and apparatus with variable encryption strength | |
Peyravian et al. | Generating user-based cryptographic keys and random numbers | |
Piper | Basic principles of cryptography | |
WO2011025361A1 (en) | Method for enhancing cryptography operation | |
WO2001033768A9 (en) | Apparatus and method for secure field upgradability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 135080 Country of ref document: IL Ref document number: 98810547.0 Country of ref document: CN |
|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
NENP | Non-entry into the national phase |
Ref country code: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 09526776 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1998942910 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1998942910 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: CA |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 1998942910 Country of ref document: EP |