This invention relates to computer communications.
Communications channels are commonly used to transfer data from one computer to another. These channels might use coaxial cable, telephone lines, or radio waves.
Frequently, the computers are secure in that they can be locked up and access can be limited to authorized persons. But the communications channels which connects them may not be secure. An eavesdropper with access to the wires or airwaves can monitor and record messages exchanged by the computers.
There are various methods in the prior art for establishing secure communications. One is to limit access to the communications channel. Another is to encrypt files that are sent on the channel.
A drawback to file encryption is that it usually requires the user to remember a password, or to transmit a key or password to another user.
U.S. Pat. No. 4,200,770 describes a method for exchanging keys for secure transmissions. The mathematical technicalities are as follows. Select a large prime P and a number G which generates the full group of units mod P or a sufficiently large subgroup thereof. When computers A and B wish to exchange data, they choose random numbers a and b, respectively. A sends G a mod P to B, and B sends G b mod P to A. Both can then compute G (ab) mod P and use it as a cryptographic key. This method is commonly referred to as Diffie-Hellman key exchange.
Ideally, such a system of generating keys would be built into a computer network so that all of the network traffic is secure. However, it is difficult to implement such security in an existing network because it has to implemented at a low level and networks tend to have diverse and complicated compatibility requirements.
Furthermore it is often the case that not all of the network traffic has to be secure from eavesdroppers, but only selected files which have to be transmitted. In that case, file encryption protocols are much more easily implemented, and meet the security requirements. But they have the disadvantage that the user has to deal with passwords. Usually the user sending the file has to take the extra step to enter the password, memorize it, and tell the user at the other end who must also take an extra step to enter the password and decrypt the file.
In the prior art, encryption methods can operate with or without feedback. The feedback idea is as follows. Encryption of a long message usually proceeds sequentially from the beginning of the message to the end, a few bits or bytes at a time. At each stage, it is possible to modify the cryptographic key or next plaintext block based on previous bits in the message. This modification is called cipher feedback. It is sometimes also called chaining.
In practice it is often convenient to distinguish between the original cryptographic key and the accumulation of feedback changes. The mechanism for doing this is to maintain an auxiliary vector in addition to the key. The cipher feedback affects the vector, but not the original key. Both the key and the vector are used to encrypt the message. The vector must be initialized somehow, but its initial value does not need to be secret.
Encryption methods with cipher feedback have the advantage that they are much more secure. For example, feedback prevents repeated plaintext blocks from showing up as repeated ciphertext blocks. Conceptually, it can be regarded as using the message itself to lengthen the password. The method works because decryption is also sequential, and portions of the message are decrypted before they are needed to modify the cryptographic vector.
An apparent drawback to cipher feedback is that decryption must process the ciphertext in correct sequence, and without errors. If the ciphertext is transmitted over a communications channel that is susceptible to errors, it is not at all obvious how to implement cipher feedback encryption. Bad data might have to be resent through the channel, but the bad data may have already caused a faulty modification of the cryptographic key. If the computer at the other end uses a faulty bit for feedback, then subsequent decryptions will fail.
One of the best file transfer protocols in the prior art is ZMODEM, a protocol developed and placed in the public domain by Omen Technologies. It works roughly as follows. If A wants to send a file to B, they communicate by sending frames to each other. A frame is a self-contained piece of information that is easily recognized and interpreted by another computer. To send the file, A and B send each other one or more frames as part of the initial handshaking, then A sends a sequence of data blocks containing the file contents, and finally A and B exchange frames to indicate completion of the transfer.
There are additional frames with special meanings, such as for cancelling the transfer or for requesting that a data block be resent. The frames have checksums to insure the accuracy of the frame commands and data blocks.
In ZMODEM jargon, a transmission starts when A sends a ZRQINIT frame to B. B responds by sending a ZRINIT frame. These frames include some bits for various options. A proceeds by sending a ZFILE frame with the file name and other file particulars. Unless A receives a frame from B requesting something different, A continues to send ZDATA frames with data blocks incorporating the file data, and finishes with a ZFIN frame.
Each frame includes a checksum used by the computer at the other end to check its validity. If a data block appears to have been corrupted, the receiver can send a ZRPOS frame requesting that the transmission be restarted at a particular point. Likewise, if a transfer was partially completed on an earlier connection, B can send a ZRPOS frame requesting that A skip to a later point in the file.