The present application relates in general to the art of cryptography and more specifically to hardware and techniques for achieving data communications security.
As the electronic transfer of information becomes more and more common, the need to safeguard this information becomes increasingly important. Many large corporations have data-communications systems over which they transmit, or would like to transmit, information of a sensitive nature, whose disclosure could be very detrimental to the corporation. In addition, the Federal Government is becoming increasingly concerned about insuring the individual's right of privacy. For this reason, the Government is already planning security provisions for its own widespread non-military communications networks. Government regulations of the future may impose similar security requirements upon the many types of non-governmental communications.
Perhaps most important of all is the evolution towards the "cashless society" in which transmitted data represents money. Even today many savings banks send monetary transactions through electronic data communications networks and are thus vulnerable to "electronic counterfeiting". Although it has apparently not yet occurred, a highly sophisticated "counterfeiter", with the ability to both monitor and insert data into the communications link, could manipulate such transactions to his advantage.
From the preceding discussion it is apparent that there are two aspects to communications security: confidentiality assurance and integrity assurance. Confidentiality assurance protects the transmitted data against comprehension by anyone who should tap the communications line. In other words, it provides "read" protection. Integrity assurance, on the other hand, protects the transmitted data against being intercepted, modified, and then retransmitted in such a way that the final recipient of the message will receive an intelligible and apparently valid message but one which has in fact been modified. In other words, this aspect of security provides "write" protection.
Properly designed cryptographic equipment can provide for both of these aspects of security. Encryption by its very nature transforms data into an unintelligible form; hence, all well-designed cryptographic equipment provides confidentiality assurance. Although many encryption techniques do not assure integrity, there are cryptographic techniques known which assure both confidentiality and integrity. Typical of such techniques are those disclosed in U.S. Pat. No. 4,159,468, entitled Communications Line Authentication Device and U.S. Pat. No. 4,160,120, entitled Link Encryption Device, both of which are assigned to the same assignee as the present application and both of which are incorporated in the present application. Such encryption techniques have the characteristic that any change to any character of the cipher (encrypted traffic) causes subsequent characters of the plain-text (decrypted message) to become garbled (rendered unintelligible). This characteristic is called "garble extension". Therefore, it is possible to develop cryptographic equipment which provides for both of these aspects of security by basing this equipment on an encryption technique which is highly secure and which has the "garble extension" property.
An encryption algorithm is an algorithm for transforming a group of plain-text bits "A" into a group of cipher bits "B" under the control of a group of key variable bits, "C". There must also be an inverse or decryption algorithm for transforming the cipher bits "B" back into the plain-text bits "A" under control of these same key variable bits "C". In general "A" and "B" are equal in length and may be very long whereas "C" is relatively short, perhaps 64 bits. An encryption algorithm is secure if there is no way, given the cipher bits, "B", to determine the corresponding plain-text bits, "A", without knowing the key variable bits, "C". Therefore the key variable, "C", must be of sufficient length that no one can determine the key variable on a trial-and-error basis. To insure fraud prevention, an encryption algorithm must have a further characteristic. There must be no way to modify the cipher, "C", to produce a predictable change in the decrypted plain-text, "A", even though one knows this initial plain-text, unless the person attempting this modification also knows the key variable, "C".
The design of a truly secure encryption algorithm is a highly specialized and very difficult task. Outside of the Federal Government itself there are very few people who are truly qualified in this area. Therefore, when the Federal Government decided that encryption was necessary in its commercial type operations, it faced a problem. For these operations the Government has relied almost totally upon commercially available data processing equipment and technology. Were the Government similarly to rely upon commercially-developed encryption equipment, it would find much such equipment being developed by those who were not qualified to do so. It would then be faced with a costly evaluation procedure to determine which equipment provided adequate security and which did not. Furthermore, equipment which provided inadequate security would no doubt be applied to commercial communications outside the Government. Such equipment would not meet security requirements which the Government might impose in the future. Therefore, in order to avoid the difficulties which would be encountered if private industry were to develop encryption algorithms, the Government decided to promulgate a single encryption algorithm as a standard to be used by all manufacturers. This algorithm, known as the National Bureau of Standards (NBS) Data Encryption Standard, was released by the NBS in the Federal Information Processing Standards Publication (FIPS Pub) 46-Jan. 15, 1977, and is intended for use as an industry standard.
The Data Encryption Standard (DES) was designed for 64-bit block data operation. The key variable is 56 bits in length and is loaded into the algorithm before the encryption/decryption process is initiated. In the encrypt mode the algorithm produces 64 bits of cipher text for each 64 bits of input plain text. Conversely, in the decrypt mode, if the 64 bits of cipher text are provided as the input, the algorithm will produce the original 64 bits of input plain text. The Data Encryption Standard is incorporated by reference in this specification.
From the foregoing discussion, it is apparent that since the Data Encryption Standard is known to those skilled in the art, the security of data encrypted using the DES is heavily dependent on safeguarding the key variable which controls the encryption of data.
Therefore, it is a general object of the present invention to provide an apparatus and method for safeguarding the key variable used to control enciphering and deciphering of data using the DES.
It is a further object of the present invention to provide an apparatus and method for modifying the key variable used in the DES without the operator having knowledge of the key variable.
It is another object of the present invention to provide an apparatus and method which allows all cryptographic devices connected to the same system to be loaded with identical key variables which may be changed as often as deemed necessary.
It is still another object of the present invention to provide an apparatus and method by which a unique key variable can be provided for each period of time without the need for an elaborate key variable distribution system.
These and other objects, features and advantages of the present invention will become apparent from the description of the preferred embodiment of the invention when read in conjunction with the drawings contained herewith.