1. Field of the Invention
The present invention relates to the security of communications, and more particularly to systems and methods of encrypting and decrypting information.
2. Background of the Invention
Communication signals are used widely in many different or interrelated fields, such as credit card authorization systems, cellular telephone and radio communications, satellite transmissions, telephone calls, computer networks and modem connections, automated teller machine transmissions, financial and banking transactions, direct broadcast television, garage door openers, automobile remote devices and the like. While each of these fields may have different communication protocols, performance objectives and technical constraints, each of the fields have at least some concern for the security of the communication. Specific security concerns may deal with the content of the communication itself (often protected by encryption methods), the integrity of the communication (often protected by error-checking and anti-virus software), and authorized access to the communication (often protected by account codes and passwords).
Unauthorized access to communications and communicating devices has become a problem in many of the fields mentioned. Computer networks have been broken into by determining authorized account codes and passwords, thereby gaining access to proprietary information or computing capabilities. Credit card transactions may be charged by an unauthorized person by merely possessing a lost or stolen card. Cellular telephones may be duplicated or cloned to produce a large number of fraudulent telephones having the same account codes and personal identification codes as a lost or stolen authentic cellular telephone. Efforts to combat these unauthorized communications have taken many forms.
One security measure implemented in typical various communication systems is the authentication of communicating devices at registration, initiation or reception of the communication. Authentication may be simply viewed as the process of confirming the identity of the communicating device, perhaps by transmitting an account or identification code and a password. In applications where the communicating device is mobile, authentication often requires communication between or through a plurality of communicating devices or networks in order to verify the identity of the communicating device and perhaps the user of the communicating device.
For example, a serious problem in existing cellular telephone systems may be referred to as the "false mobile station" syndrome. It is presently possible to copy the entire memory contents of a mobile station and to use that information to manufacture clones which can demand and receive service from the network. Cellular phones may be cloned by reading the entire memory contents of the phone, including its identification codes, secret keys, internally stored personal identification codes, signatures, etc., and writing the same codes into any number of similar "clone" phones. The cloning procedure can become quite sophisticated and may include software modifications which replace physically stored information with electronically stored information so that a number of stored mobile station identities may be cyclically rotated within one fraudulent mobile station and used to imitate several authentic mobile stations.
Similar breaches of communications have occurred in financial transactions involving credit cards. Typically, the information on a lost or stolen credit card can be electronically read and duplicated on any number of credit cards. The cards are then distributed and used until either the credit limit of the card is surpassed or the card is reported stolen or lost to the credit card company. Significant actual losses are experienced each year due to the use of such "cloned" credit cards.
Many communication systems, including cellular telephone networks and credit card authentication or authorization systems, comprise a vast number of distributed communicating devices (i.e., mobile cellular phones or credit cards and credit card readers) that transmit data to a central computer system in charge of determining whether or not to allow the communication to go through. The central computer system may execute an authorization algorithm to determine if the credit card has a valid account or identification number, if there is an available balance of credit and, perhaps, if a valid personal identification number has been given or entered. However, sophisticated thieves have been able to duplicate the credit card with valid identification numbers and determine even the personal identification number.
Similarly, computer network communications or computer-to-computer communications may include files that are locked, password protected, zipped and/or encrypted for various reasons, including the security of the content of the communication. Password protection provides a limited degree of security, primarily protecting a communication from being accessed by persons who casually encounter the file, but this security can still be violated. Encryption is perhaps the most secure means for preventing outsiders from obtaining the content of the communication and, therefore, is in widespread use by banks and other financial institutions throughout the world for many or all of their electronic transactions.
However, the security of even the most sophisticated encryption methods is jeopardized by the growing computing power available to individuals and groups. Complex encryption algorithms using 64 bit keys having 2.sup.64 (about 1.8.times.10.sup.19) possible keys could become marginal protection against outside access to the communication.
Therefore, there is a need for improved methods of securing communications between two or more communicating devices and/or users. More particularly, there is a need for methods of preventing unauthorized access to the content of the communication. It would be desirable to have simple systems or methods for encrypting, transmitting and decrypting information. Furthermore, it would also be desirable if the systems or methods were compatible with exiting and proven encryption techniques, algorithms and/or data transmission standards. Finally, it would be especially desirable if the security of the communication could be maintained despite interception of the communication and eventual deciphering of a single key.