The present invention relates generally to the art of cryptography and more specifically to hardware and techniques for achieving data communications security.
With the growing use of remote communications lines to transfer data between data processing systems, between terminals and remote data banks, and between terminals connected to the same or different computers, the need to safeguard the data being transferred has grown. In the banking industry, there is a growing need to prevent the fraudulent modification of "electronic money" in electronic funds transfer. Similar needs exist in business to prevent the disclosure of sensitive data. In the government sector, present and/or future privacy acts place restrictions on the ability to access sensitive information. This need to safeguard sensitive information is likely to grow as future privacy legislation will most probably impose data communications security requirements on the private sector.
Previous efforts to safeguard data communications have been made, for example, in U.S. Pat. No. 3,798,605, issued Mar. 19, 1974, which pertains to a multi-terminal data processing system having means and process for verifying the identiy of subscribers to the system. Validity of a terminal request for communications with the data processing system are determined on the basis of a centralized verification system. Each subscriber to the system is identified by a unique key binary signal pattern. The central data processing unit contains a listing of all valid keys for subscribers to the system. Two embodiments of the centralized verification system are presented, a password system and a handshaking system. In the password system, all data or information originating at the terminal under use of the subscriber is enciphered in combination with the unique subscriber key. Upon proper deciphering of the key or password at the central processing unit and arriving at a match with one of the keys in the processor's listing, the subscriber may communicate with the processing system. In the handshaking system embodiment the user and the central processor exchange a plurality of messages each formed by a combination of new and prior received data. Received data messages are also maintained within the registers at both the terminal and the central processor for further verification upon the return of the portion of the message that was previously transmitted. The techniques described in the latter patent have several drawbacks. First, the techniques are restricted to communications between a central processor and terminals attached to the central processor. No provision is available for communications between terminals or for transmitting a message received by, but not intended for, a first terminal to a second terminal which is intended to receive the message. Second, the system enciphers all data and hence is not capable of selective encryption. Third, communications must be initiated by the terminal, and may not be initiated by the central processor. Fourth, the system is not designed for insertion in previously existing communications systems.
Another cryptographic technique to achieve data security is presented in U.S. Pat. No. 3,798,360, issued Mar. 19, 1974, which system provides multiple level encipherment of a block of data by means of a stepped block cipher process. This system suffers from the same drawbacks as previously discussed for U.S. Pat. No. 3,798,605. Further, this system is restricted to operation on blocks of data and is not capable of bit-by-bit encryption.