The invention described herein is generally related to methods and apparatus for the encryption and transmission of digital data. More particularly, this invention is related to data encryption and transmission systems which utilize the Data Encryption Standard promulgated by the United States Bureau of Standards. This invention is the result of a contract with the Department of Energy (Contract No. W-7405-ENG-36).
The widespread electronic transmission of digital data has created a need for increasingly efficient systems for the encryption and decryption of sensitive data. Previously known systems typically employ cryptoalgorithms which operate to encrypt digital data into an unintelligible form for transmission over non-secure communications channels, such as commercial telephone lines. In 1977 the U.S. National Bureau of Standards published a completely defined encryption algorithm, or cryptoalgorithm, which is known as the Data Encryption Standard (DES). This cryptoalgorithm is the U.S. standard for the encryption of sensitive unclassified data. The cryptoalgorithm is used by federal agencies for the transmission of sensitive unclassified data, and by private companies in applications such as electronic funds transfer. The DES is published in Federal Information Processing Standards Publication 46 (FIPS PUB 46) of the National Technical Information Service (1977), and in U.S. Pat. Nos. 3,796,830 to Smith and 3,798,359 to Feistel, which are hereby incorporated by reference.
The DES method of encryption utilizes a data encryption key which consists of a 64-bit binary word. The key is used as a variable element in a publicly known mathematical algorithm which convers digital data, typically in ASCII form, into an apparently random sequence of bits. Virtually any 64-bit binary word may be used as the data encryption key. However, the key must also be known to the receiver of the encrypted data, as it is required to decrypt the encrypted data by the standard DES decryption procedure. Thus, the same key must be known to both the sender and the receiver. Since both the encryption and decryption procedures are publicly known, the security of the key is crucial to the effective use of the DES. Effective key management is thus an important aspect of the use of the DES. Key management involves the secure generation, distribution, storage and destruction of cryptographic keys. In this regard, one source of randomly generated DES keys is the U.S. National Security Agency, which generates secure keys and distributes them to various federal agencies and U.S. government contractors which have a need for the encryption and transmission of sensitive unclassified data. However, keys may also be generated by private parties by any method considered suitably secure under the circumstances.
DES users typically change keys at frequent intervals. For example, federal agencies using the keys provided by the National Security Agency typically change keys on a daily basis. Keys have been stored in written form and kept secured in accordance with standard security procedures.
There are now available commercial devices which implement the DES encryption/decryption procedure. Such devices are in the form of integrated circuits which accept as a first input the data to be encrypted and as a second input a 64-bit key. Additionally, the commercially available DES devices typically have a capability for receiving the encrypted data as a third input in a feedback mode. This is known as cipher feedback, and operates to prevent the transmission of repetitive sequences of encrypted data when the data being encrypted contains repetitive sequences of identical characters. Cipher feedback encryption of data is generally regarded as superior to what is called "plain code book" encryption of data, in which text characters are converted on a one-to-one basis to code characters in accordance with a translation table. It will be recognized that, in plain code book encryption, repeating sequences of text characters are converted directly into repeating sequences of coded characters, thereby diminishing somewhat the integrity of the encrypted data.
One disadvantage of prior art systems is that the key must be manually loaded into the data encryption and decryption units. If the key is changed frequently, there is significant opportunity for error in the entry of the key.