Showing papers on "Encryption published in 1993"

Random oracles are practical: a paradigm for designing efficient protocols

Abstract: We argue that the random oracle model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice. In the paradigm we suggest, a practical protocol P is produced by first devising and proving correct a protocol PR for the random oracle model, and then replacing oracle accesses by the computation of an “appropriately chosen” function h. This paradigm yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. We illustrate these gains for problems including encryption, signatures, and zero-knowledge proofs.

Applied Cryptography: Protocols, Algorithms, and Source Code in C

Abstract: CRYPTOGRAPHIC PROTOCOLS. Protocol Building Blocks. Basic Protocols. Intermediate Protocols. Advanced Protocols. Esoteric Protocols. CRYPTOGRAPHIC TECHNIQUES. Key Length. Key Management. Algorithm Types and Modes. Using Algorithms. CRYPTOGRAPHIC ALGORITHMS. Data Encryption Standard (DES). Other Block Ciphers. Other Stream Ciphers and Real Random-Sequence Generators. Public-Key Algorithms. Special Algorithms for Protocols. THE REAL WORLD. Example Implementations. Politics. SOURCE CODE.source Code. References.

Broadcast encryption

Abstract: We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related transmissions. We present several schemes that allow a center to broadcast a secret to any subset of privileged users out of a universe of size n so that coalitions of k users not in the privileged set cannot learn the secret. The most interesting scheme requires every user to store O(klog klog n) keys and the center to broadcast O(k2 log2 k log n) messages regardless of the size of the privileged set. This scheme is resilient to any coalition of k users. We also present a scheme that is resilient with probability p against a random subset of k users. This scheme requires every user to store O(log k log(l/p)) keys and the center to broadcast O(klog2 fclog(l/p)) messages.

Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise

Abstract: The encrypted key exchange (EKE) protocol is augmented so that hosts do not store cleartext passwords. Consequently, adversaries who obtain the one-way encrypted password file may (i) successfully mimic (spoof) the host to the user, and (ii) mount dictionary attacks against the encrypted passwords, but cannot mimic the user to the host. Moreover, the important security properties of EKE are preserved—an active network attacker obtains insufficient information to mount dictionary attacks. Two ways to accomplish this are shown, one using digital signatures and one that relies on a family of commutative one-way functions.

A cryptographic file system for UNIX

Abstract: Although cryptographic techniques are playing an increasingly important role in modern computing system security, user-level tools for encrypting file data are cumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file system itself. CFS supports secure storage at the system level through a standard Unix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server. CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key.This paper describes the design and implementation of CFS under Unix. Encryption techniques for file system-level encryption are described, and general issues of cryptographic system interfaces to support routine secure computing are discussed.

Method and apparatus for privacy and authentication in wireless networks

Abstract: A method and apparatus is disclosed for providing a secure wireless communication link between a mobile nomadic device and a base computing unit. A mobile sends a host certificate (Cert -- Mobile) to the base along with a randomly chosen challenge value (CH1) and a list of supported shared key algorithms ("SKCS"). The base determines if the Cert -- Mobile is valid. If the Cert -- Mobile is not valid, then the base unit rejects the connection attempt. The base then sends a Cert -- Base, random number (RN1) encrypted in mobile's public key and an identifier for the chosen SKCS to the mobile. The base saves the RN1 value and adds the CH1 value and the chosen SKCS to messages sent to the base. The mobile unit then validates the Cert -- Base, and if the certificate is valid, the mobile verifies under the public key of the base (Pub -- Base) the signature on the message. The signature is verified by taking the base message and appending it to CH1 and the list of shared key algorithms that the mobile provided in the first message. If the base signature is not valid, then the communication attempt is aborted. In the event that the base signature is valid, the mobile determines the value of RN1 by decrypting Pub -- Mobile, RN1 under the private key of the mobile. The mobile then generates RN2 and the session key, and encrypts RN2 under the Pub -- Base. The mobile sends the encrypted RN2 and E(Pub -- Mobile, RN1) to the base. The base then verifies the mobile signature using the Pub -- Mobile obtained from the Cert -- Mobile. If the mobile signature is verified, the base decrypts E(Pub -- Base, RN2) using its private key. The base then determines the session key. The mobile and base may then enter a data transfer phase using encrypted data which is decrypted using the session key which is RN1 ⊕RN2.

Distributed cryptographic object method

Abstract: A system for increasing the security of a computer system, while giving an individual user a large amount of flexibility and power. To give users the most power and flexibility, a standard object that has the capability to embed objects is used. To allow users even more flexibility, a standard object tracking mechanism is used that allows users to distribute multiple encrypted embedded objects to other individuals in a single encrypted object. By effecting compartmentalization of every object by label attributes and algorithm attributes, multi-level multimedia security is achieved.

Electronic security system

Abstract: An electronic security system includes an electronic lock mechanism and an electronic key (104a) each of which is provided with a microprocessor controller (CPU) and a memory (502) storing data including an ID code and encryption key codes. The lock microprocessor may either change ID codes stored in its memory or encrypt a seed number to be used for determining access to the lock. The key can only be used to access the lock (301a) either once or for a limited number of successive times, and must thereafter be reprogrammed by a host computer (910) to be loaded with either the proper ID code or the appropriate encryption key code for that lock. The electronic lock operates a solenoid which retracts a bolt-blocking mechanism that prevents the unlocking of the bolt even when a key having the correct mechanical key cuts is inserted into the lock. Power for operating the electronic lock as well as the solenoid is provided by a power supply within the key. In a preferred embodiment the key unit is composed of a handheld computer and key module interface.

Secure toll collection system for moving vehicles

Abstract: A secure toll payment system is realized by transmitting a changeable encryption code from roadside equipment (1,2,310,320,330) at a toll plaza to a moving vehicle. Thereafter, the moving vehicle uses it to encrypt payment information according to the Data Encryption Standard algorithm. The moving vehicle transmits the encrypted payment information to the roadside equipment which performs a credit or debit transaction. Because the encryption code changes from time to time, so, too, does the nature of the signal which is transmitted by the vehicle; fraud, based on electronic eavesdropping, is substantially eliminated. The encryption code comprises an 8-bit random number and a time/date number. Vehicle-mounted apparatus includes a transponder unit and a portable smart card which inserts therein. The roadside equipment includes a pair of spaced-apart antennas (1,2) that are sequentially located along an express payment lane at a toll plaza, and a computer (310) which controls them.

Electronic information network user authentication and authorization system

Abstract: A system for authenticating and authorizing a user to access services on a heterogenous computer network. The system includes at least one workstation and one authorization server connected to each other through a network. A user couples a personally protectable coprocessor (smart card) to the workstation by means of a bidirectional communications channel. The coprocessor is adapted to receive signals including first encrypted authentication information and to decrypt the first encrypted authentication information using a preselected first key. The coprocessor is further adapted to assemble and encrypt second authentication information using a preselected second key and to transmit the encrypted second encrypted authentication information to the workstation. The workstation then communicates the information onto the network whereby the user is authenticated to access the networked computer or service.

Wireless digital personal communications system having voice/data/image two-way calling and intercell hand-off

Abstract: A wireless digital personal communications system (or PCS) having a plurality of radio cell base stations, fixed terminals, and portable handset terminals, each having a predetermined radio cell coverage area. The wireless PCS has a full digital network interface. The personal communications system facilitates the interconnection and switching of PCS call traffic through the digital network interface and the public switched telephone network, or any switched network. The personal communications system has voice/data/image (or any combination thereof) and incoming and outgoing calling capability. The PCS is fully operational and compatible with any and all modulation approaches selected for wireless communications. The intercell protocol hand-off being provided through distributed logic which is implemented in software that is resident in the intelligent portable handset terminals, in the intelligent fixed terminals, in the intelligent base stations, and in the public switched telephone network (or any switched network). Alternative embodiments of the present invention include a wireless digital personal communications system having authentication means for authenticating a remote device; a wireless digital personal communications system having a combination of authentication means for authenticating a remote device and security means for securing signal and message content between an intelligent base station and a remote device, the security means including a predetermined encryption and decryption technique; a wireless digital personal communications system having dynamic zone grouping of portable handset terminals or fixed terminals; and a wireless digital personal communications system having call forwarding for unanswered calls.

System for seamless processing of encrypted and non-encrypted data and instructions

Abstract: The data processing system herein seamlessly processes both encrypted and non-encrypted data and instructions. The system includes an internal cache memory in a secure physical region that is not accessible to a user of the system. An external memory is positioned outside of the secure physical region and stores encrypted and non-encrypted data and instructions. The system includes an instruction to access a private key contained within the secure physical region. That key is used to decrypt an encrypted master key that accompanies encrypted data and instructions. An interface circuit is positioned in the secure physical region and decrypts each encrypted master key through the use of the private key and also decrypts encrypted data and instructions associated with each decrypted master key. A plurality of segment registers in the secure physical region maintain a record of active memory segments in the external memory and associates therewith each decrypted master key. A central processor accesses segments of both non-encrypted and encrypted data and instructions from the external memory and causes the interface circuit to employ a decrypted master key to de-encrypt data and instructions from the external memory and to store the de-encrypted information in the internal memory cache. Non-encrypted data and instructions are directly stored in the internal memory cache.

SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm

Abstract: A new non-proprietary secret-key block-enciphering algorithm, SAFER K-64 (for Secure And Fast Encryption Routine with a Key of length 64 bits) is described. The blocklength is 64 bits (8 bytes) and only byte operations are used in the processes of encryption and decryption. New cryptographic features in SAFER K-64 include the use of an unorthodox linear transform, called the Pseudo-Hadamard Transform, to achieve the desired “diffusion” of small changes in the plaintext or the key over the resulting ciphertext and the use of additive key biases to eliminate the possibility of “weak keys”. The design principles of K-64 are explained and a program is given, together with examples, to define the encryption algorithm precisely.

Pseudorandom number generation and cryptographic authentication

Abstract: An automobile door lock receiver module (30) and a plurality of keychain fob transmitter units (16) contain identification numbers, secret initial values, and secret feedback masks so as to authenticate encrypted messages from any of the assigned fobs, indicative of commands registered by closing switches on the fob. Each fob is synchronized with the receiving module by means of a truly random number concatenated with a secret initial value and encrypted, through a linear feedback shift register or other operations. A second secret initial value is encrypted and command bits are exclusive ORed into the low order bit positions; the two encrypted numbers are concatenated and encrypted to form a key word which is transmitted with the fob ID. Synchronization includes decrypting to recover the truly random number and the secret initial value concatenated therewith; the truly random number is compared with previously received random numbers in order to avoid copying of recently transmitted synchronization commands. Successive lock-related commands utilize the number encrypted from the truly random number and the second secret initial value as starting values, employing a pseudorandom number of encryption iterations. A half-second delay between responses mitigates gaining access through numerical trials. An authenticated panic alarm command operates the headlights and horn of the vehicle but does not alter the synchronization.

A uniform-complexity treatment of encryption and zero-knowledge

Abstract: We provide a treatment of encryption and zero-knowledge in terms of uniform complexity measures. This treatment is appropriate for cryptographic settings modeled by probabilistic polynomial-time machines. Our uniform treatment allows the construction of secure encryption schemes and zero-knowledge proof systems (for allNP) using only uniform complexity assumptions. We show that uniform variants of the two definitions of security, presented in the pioneering work of Goldwasser and Micali, are in fact equivalent. Such a result was known before only for nonuniform formalization. Nonuniformity is implicit in all previous treatments of zero-knowledge in the sense that a zero-knowledge proof is required to "leak no knowledge" onall instances. For practical purposes, it suffices to require that it isinfeasible to find instances on which a zero-knowledge proof "leaks knowledge." We show how to construct such zero-knowledge proof systems for every language inNP, using only a uniform complexity assumption. Properties of uniformly zero-knowledge proofs are investigated and their utility is demonstrated.

System method and apparatus for authenticating an encrypted signal

Abstract: A cryptographic communications system includes a method and apparatus for exchanging messages between a user terminal, containing a secret key, and an operations center wherein each party authenticates signals received from the other party before any other information is exchanged. An initial identification message from the user terminal to the operations center contains an encrypted value of current time. The operations center checks the received message against local time to verify real time concurrent operation of the user terminal. Subsequently, the operations center and the user terminal mutually exchange encrypted challenge blocks, and each provide respective encrypted responses to the encrypted challenge blocks. The challenge and response exchanges demonstrate that each knows the secret key stored in the user terminal before other information, such as downloaded credit or uploaded data usage, is exchanged. In particular, the challenge and response messages exchange a first random number generated in the user terminal and a second random number generated in the operations center, which are variables used in conjunction with the user secret key to generate a new session key for encrypting the remainder of the messages exchanging data in the communication session.

A cryptographic communications method and system

Abstract: A method for loading secret data, such as an application key, on a smart card (6), which involves storing a random key on the card (6), encrypting the random key on the basis of a public key, and providing the encrypted random key to a central processing station (4). The encrypted random key is decrypted at the central station on the basis of a secret key, and the station (4) encrypts data on the basis of the random key and transmits it to the smart card (6). The smart card decrypts the encrypted data on the basis of the random key. The random key can be generated internally and stored on read protected memory (23) of the card (6). The public key encrypting and secret key decrypting steps may be based on the RSA algorithm, using a small encryption exponent.

Method and apparatus for placing data onto plain paper

Abstract: A method and apparatus for placing digital data on plain paper. One embodiment of the present invention allows for the digital data to undergo encryption before being placed on the plain paper. In one embodiment, a photocopier is used for transferring digital encrypted data to and from a plain piece of paper. The photocopier allows digital data to be stored onto plain paper after encryption, such that the digital data is secure. The photocopier also includes a device to recognize the encrypted digitized pixels on the page such that they may be decrypted and the original image reproduced.

Cryptographic key management method and apparatus

Abstract: A system for the secure communication of a message from a transmitting user to a receiving user using a split key scheme. Each user generates a key component using a cryptographic engine. The key component is a pseudorandom sequence of bits with an appended error detection field which is mathematically calculated based on the pseudorandom sequence. This key component is then sent out on a communications channel from the transmitting user to the receiving user. The receiving user also sends its key component to the transmitting user. Each location performs a mathematical check on the key component received from the other location. If the key component checks pass at both locations, the transmit key component and the receive key component, including the error detection fields, are combined at both locations, forming identical complete keys at both locations. The identical complete keys are then used to initiate the cryptographic engines at both locations for subsequent encryption and decryption of messages between the two locations.

A method for utilising medium nonuniformities to minimize unauthorized duplication of digital information

Abstract: The present invention is a method for preventing unauthorized copying and use of information which is stored on a storage medium and for restricting the use of such information to designated devices. Copy protection is achieved by generating a signature from a given storage medium. The signature is derived from an arbitrarily selected list of nonuniformities, uniformities and their attributes. The selected list may contain nonuniformities at any granularity level. As such, this signature is unique to a given storage medium in the same way finger prints are unique to a human being. This signature is used to derive a key for encrypting the information on the storage medium. Any copying of the distribution information from one storage medium to another results in the mutation of the signature required to decrypt the information. Therefore, the present invention obviates the need for introducing artificial indica or requiring a special hardware subsystem for achieving a copy protection scheme. Restricting the usage of information on a distribution medium to a designated device is achieved by verifying the device ID (DID-D) of the device with the device ID (DID-S) stored in the distribution medium before the decryption and transfer of information are undertaken. Decryption of the information is accomplished by generating a key from both the signature of the distribution medium and the DID-S.

Secure network method and apparatus

Abstract: A method and apparatus for ensuring the security of messages communicated on a network. The system employs different levels of security to ensure that communication integrity is not breached. A user must first enter a valid password to clear the access control subsystem. The sending user must also possess valid cryptographic information and belong to a particular organization and/or be located at a particular device in order to encrypt a plain text message that is to be transmitted over the network. The device and organization information, along with receiving user information specified by the sending user, will then be grouped into a header which will be appended to the outgoing encrypted message. In order to receive a transmitted message, a receiving user must be the particular receiving user and be part of the particular group specified by the sending user, and must be attempting to receive the communication at the device specified in the message header. If these conditions are satisfied, cryptographic information must be entered into the system in order to decrypt the message, resulting in the original plain text message.

Encryption and authentication method and circuit for synchronous smart card

Abstract: Encryption circuits and methods, in particular for smart cards, are disclosed. Smart cards without microprocessors may be authenticated very simply by using encryption with a secret card data table on which recursive cycles are executed. During each cycle, a word is read out of the table, said word being at an address that is at least partially defined by the word read out in the previous cycle. The new address preferably consists of several bits from the previous word and a bit from internal card data, external data supplied by a card reader, or a register containing a partial encryption result.

Quantum key distribution using non-orthogonal macroscopic signals

Abstract: Quantum key distribution (QKD) uses non-orthogonal quantum states to distribute random information, suitable for use as a key for encryption and authentication, between two users who share secret information initially, with the assurance, based on the uncertainty principle, that it is unknown to anyone else The present invention, which can be used with a fiberoptic channel or an unguided light beam, differs from previous QKD schemes in using macroscopic signals instead of single photons The invention solves the problem of stray light and cost by using signals which are more efficient, and less noisy than photon-counting detectors at the wavelengths where optical fibers are most transparent

Method for updating encryption key information in communication units

Abstract: Within a communication system, an encryption controller receives unit identification information from a plurality of encrypting/decrypting communication units. For any individual communication unit, the encryption controller uses the unit identification associated with that transmitting communication unit to determine if it contains updated encryption key information. If the transmitting communication unit is not currently updated, a group call is used to send the current encryption key information to all communication units within the transmitting communication unit's group, thereby updating all active, non-current communication units. After a first predetermined period of time has elapsed, this process is allowed to repeat.

Electronic game-of-chance device

Abstract: A portable box comprises memory able to store at least one item of reference data, and a comparator able to compare the said reference data item with an item of game data input by the player via a communication interface, one of these two data items being a value generated in a random way. An item of win information dependent at least on the result of the said comparison is stored in the memory, and box encryption structure are able, in response to a predetermined item of payment request information (IDP) received, to establish a first encrypted win value from the said win information item. A station, external to the box, comprises a system input/output interface able to cooperate with the interface of the box, and system processing structure, able, in the presence of a payment request originating from the player, to read the said win information item contained in the memory of the box. System encryption structure, counterparts of the box encryption structure, establish a second encrypted win value from the said win information item read. The actual payment of the win to the player is conditioned by agreement of the two encrypted win values.

Secure identification card and method and apparatus for producing and authenticating same

Abstract: An identification card and method and apparatus for producing and authenticating such an identification card. An object or other entity for which the identification card will evidence identity, status or characteristics is scanned to produce a digital signal which is compressed, encrypted, and coded as a two dimensional barcode or as some other appropriate form of coding, which is incorporated into one portion of the identification card. The image is also printed or otherwise embodied onto another portion of the identification card. A text message maybe appended to the signal before it is encrypted and also printed as plain text on the identification card. In one embodiment the signal representing the image is encrypted using a public key encryption system and the key is downloaded from a center. This key maybe changed from time to time to increase security. To facilitate authentication the corresponding decryption key is encrypted with another key and incorporated on the card. To validate the card the coded message is scanned, decoded, decrypted, expanded and displayed. The card may then be authenticated by comparison of the displayed representation of the image and the displayed text message with the image and text message printed on the card.

System and apparatus for controlled production of a secure identification card

Abstract: An identification card and system and apparatus for producing and authenticating such an identification card in a controlled manner. An object or other entity for which the identification card will evidence identity, status or characteristics is scanned to produce a digital signal a portion of which is compressed, encrypted, and coded and which is recorded on a magnetic strip on the identification card. The image is also printed or otherwise embodied onto another portion of the identification card. A text message may be appended to the signal before it is encrypted and also printed as plain text on the identification card. In one embodiment the signal representing the image is encrypted using a public key encryption system and the key is downloaded from a center. This key maybe changed from time to time to increase security. To facilitate authentication the corresponding decryption key is encrypted with another key and incorporated on the card. To validate the card the coded message is scanned, decoded, decrypted, expanded and displayed. The card may then be authenticated by comparison of the displayed representation stroboscopically superimposed on the image and the displayed text message with the image and text message printed on the card. A remote data processing center communicates with the apparatus to control and account for production of the cards. In one embodiment the key for encrypting the image is changed each time the data processing center communicates with the apparatus.

Apparatus and method for encrypting communications without exchanging an encryption key

Abstract: An encryption/decryption unit (EDU) and method for determining a data encryption key used in encrypting and decrypting data transmitted over a non-secure communication link Each EDU includes a central processing unit (CPU) that controls its operation, random access memory (RAM) in which one or more sets of seed keys are stored, and a data encryption standard (DES) coprocessor that implements a data encryption algorithm developed by the US National Bureau of Standards The CPU includes special circuitry enabling it to operate in an encrypted mode so that it cannot be interrogated to discover the program or data stored therein Each EDU randomly generates a pointer, bytes of which determine the number of times that a loop is repeated in which values (initially determined by two of the seed keys) are XORed together and encrypted using one of the seed keys to determine a portion of the data encryption key (DEK) The pointer is encrypted, along with other information, producing an encrypted key header that is transmitted to the other EDU establishing the link Upon receiving the encrypted key header, it is decrypted, and the decrypted pointer is used by the receiving EDU to determine the portion of the DEK developed by the other EDU The two portions of the DEK are then logically combined at each EDU to produce the final DEK, which is then used during the current communication session for encrypting data exchange between the two EDUs

Secure electronic funds transfer from telephone or unsecured terminal

Abstract: A secure electronics funds or other financial transaction system that provides substantially equivalent security to that obtained by the use of secure point of sale terminals such as automatic teller machines, yet is conducted from unsecure terminal devices such as telephones, is disclosed. A customer registers himself or herself personally, together with information on his or her bank account at a secure transaction processor. A secure terminal is used to generate an encrypted version of a personal identification number (PIN) and provides the encrypted PIN and to the secure transaction processor. The encryption key used during encryption of the PIN is also acquired from either a specific request to, or monitoring data passing from a conventional network security transaction processor. The encrypted PIN is parsed with one portion being stored in the customer record at the secure transaction processor and the other being partially masked and provided back to the customer as an access code. Upon conducting a transaction, the customer provides the access code, which is unmasked and concatenated with second portion to recreate the original full encrypted PIN. This, together with the encryption key used for the original encryption is provided to conventional security and transaction processing apparatus for regional banking networks to seek authorization for the transaction.

Software catalog encoding method and system

Abstract: A method and system for protecting computer program distribution within a broadcast medium involves encrypting at least a portion of the computer program Si using an encryption scheme keyed to both an encryption key SKi and a program identifier i. Each decryption device (PCDD) also has an associated identifier j. Two tables are generated and stored in a memory device: a first table, including correlations between the encryption key SKi and the program identifier i; and a second table, including correlations between the password key PKj and the hardware identifier j. A password Pij is generated based on both the encryption key SKi and a password key PKi is retrieved from these tables. The password Pij is transmitted to the user for subsequent use in decrypting the subject software program contained on the medium.