The prior art is replete with data encryption techniques and data communication systems that employ encrypted data transmission. Applications typically use a counter-based cryptographic mode with a symmetric encryption algorithm when operating in environments having high transmission error rates. The counter, which is usually linear in nature, is known as the state vector. In operation, the state vector increments with each unit of data traffic (e.g., a voice frame, a TDMA payload, or the like). In order to begin decrypting traffic, the receiver device must have knowledge of the encryption/decryption key, along with the current value of the state vector.
FIG. 1 is a schematic representation of a data communication system 100 that encrypts/decrypts data traffic using symmetric algorithms, a key, and a state vector. System 100 includes a transmitting device 102 and a receiving device 104. FIG. 1 assumes that transmitting device 102 and one or more receiving devices 104 have knowledge of a shared key 106 (such knowledge may be the result of an exchange or negotiation process, a key acquisition process, or any known technique). Transmitting device 102 maintains the current value of the state vector 108a, which must be acquired by receiving device 104 before receiving device 104 can decrypt the encrypted traffic (reference number 108b indicates the state vector acquired by receiving device 104). The value of state vector 108 is transmitted to receiving device 104 via cryptographic synchronization messages 110.
The number of bits in state vector 108 is selected to suit the needs of data communication system 100. The size of state vector 108 is related to the amount of traffic counted by state vector 108. For example, a 128-bit state vector will increment at least once for every 128 bits of transmitted clear traffic. System 100 encrypts and decrypts data in a known manner. The encrypt engine 112 of transmitting device 102 processes the current value of state vector 108a and the value of key 106a to generate a key stream 114. The number of bits in key stream 114 is equal to or less than the number of bits in state vector 108a, for example, 128 bits. An XOR operation is performed on the bits in key stream 114 and bits of clear traffic 116a. The encrypted traffic 117 is then transmitted to receiving device 104. Assuming that receiving device 104 has acquired state vector 108b, it can decrypt the incoming traffic to recreate clear traffic 116b. 
The decryption process relies upon knowledge of the current value of state vector 108b. When state vector 108b matches state vector 108a, they are in cryptographic synchronization. In this regard, there are two states of cryptographic synchronization: acquisition and maintenance. When receiver device 104 begins to receive traffic, it must acquire state vector 108b for the first time. Once receiver device 104 has acquired state vector 108b, it must update it and/or adjust it for traffic perturbations, which cause state vector 108b to be incorrect. Such updating and adjustment is known as “maintenance.” “Late entry” means that receiving device 104 has knowledge of key 106b, but has not yet acquired state vector 108b. In other words, receiving device 104 is still receiving and processing cryptographic synchronization messages from transmitting device 102. For short-burst transmission environments, a transmitter may consume 100% of the bandwidth at the beginning of each transmission to convey the entire state vector before sending the encrypted traffic. For transmissions longer than a few seconds and in poor environments, late entry becomes more common. In this context, late entry results when the initial frames that contained the entire state vector were missed. Moreover, in environments where traffic may be lost during transmission, the decrypt engine 118 may lose synchronization when the number of bits being decrypted does not equal the number of encrypted bits. In this situation, receiving device 104 performs state vector maintenance to resynchronize with transmitting device 102.
Broadcasting the entire state vector at regular intervals consumes too much bandwidth, and this can negatively impact the quality of data transmission (for example, voice communication). Consequently, conventional systems transmit state vectors as a series of subcomponents. FIG. 2 depicts a state vector 200 as a series of long components 202 and a short component 204. Short component 204 represents the least significant (and most rapidly changing) bits of state vector 200. Long components 202 represent the remainder of state vector 200 as a number of segments, which may or may not be the same length as short component 204. By reducing the size of long components 202 and increasing the number of long components 202, it becomes easier to insert them into traffic by consuming less important bits with the application stream, or by consuming unused bits in payloads. The difficulty then lies in acquiring state vector 200 from short component 204 and long components 202 while the components are changing between the broadcast of each component. The problem is exacerbated on impaired channels where some components will be lost or corrupted during transmission, resulting in disordered reception of state vector 200.
Conventional systems employ an ordered state vector acquisition technique that relies upon ordered transmission and receipt of the state vector components. Transmitting device 102 sends each component in a different message. Each long component message contains a segment ID that enables receiving device 104 to determine the relative position of each long component within state vector 200. FIG. 2 depicts a segment ID field 206 for the message corresponding to the long component labeled “L-2.” The value of a given long component 202 is the current state of the respective subset of bits in state vector 200 at the time when the corresponding encrypted traffic bits were transmitted. In this regard, FIG. 2 depicts a long component value field 208 for the message corresponding to the long component labeled “L-2.” Long component value field 208 contains the string of bits associated with long component L-2.
In accordance with the ordered acquisition method, long components 202 are transmitted in order from the least significant bits to the most significant bits. When capturing state vector 200, the received portion of state vector 200 is continually updated in step with received encrypted traffic, even though the traffic need not be decrypted. Changes in the least significant bits will roll over and update the more significant bits as appropriate. If one of the long components 202 is corrupted or lost during transmission, or if a component is otherwise not received in the correct order, then receiving device 104 will discard any previously received components and restart the process. Thus, acquisition of state vector 200 may take an undesirably long time in noisy environments or, in extreme environments, it may be impossible to fully acquire state vector 200. Moreover, a system using the ordered acquisition method may idle for an extended period of time while attempting to receive a specific long component. If the time period is too long, the receiving device may actually receive the next iteration of that long component, resulting in an incorrect state vector 200.
Accordingly, it is desirable to have a state vector acquisition technique that does not require ordered reception of state vector components. In addition, it is desirable to have a state vector acquisition technique that facilitates rapid cryptographic synchronization during late entry over impaired communication channels, and rapid resynchronization during traffic transmission, with less impact on application bandwidth. Furthermore, other desirable features and characteristics of the present invention will become apparent from the subsequent detailed description and the appended claims, taken in conjunction with the accompanying drawings and the foregoing technical field and background.