`Barnesetal.
`
`[19]
`
`[11]
`[45]
`
`4,172,213
`Oct. 23, 1979
`
`[54] BYTE STREAM SELECTIVE
`ENCRYPTION/DECRYPTION DEVICE
`
`[75]
`
`Inventors: Vera L. Barnes, Wayne; Thomas J.
`Dodds, Jr., Drexel Hill; Harold F.
`Gibson, Downingtown; Carl M,
`Campbell, Jr., Newtown Square,all
`of Pa.
`
`[73] Assignee: Burroughs Corporation, Detroit,
`Mich.
`
`[21] Appl. No.: 852,444
`[22] Filed:
`Novy. 17, 1977
`[SU],
`Tents CU? siccsiccccccscsssssescvensasenssecssacansnreasy HO4L 9/00
`[52] US. CB, ssisssssssisssscciosesereness 178/22; 340/146.1 AL
`[58] Field of Search..............++ 178/22; 340/146.1 AL
`[56]
`References Cited
`U.S. PATENT DOCUMENTS
`
`Primary Examiner—S. C. Buczinski
`Attorney, Agent, or Firm—MarkT.Starr
`[57]
`ABSTRACT
`An apparatusfor insertion in a communicationsline for
`providing message secrecy within a significant portion
`of existing communications networks. At the transmit-
`ter end, the apparatus receives messages from the com-
`munications line, enciphers them and retransmits them
`onto the communications line. At the receiver end, the
`apparatus receives messages from the communications
`line, deciphers them and retransmits them onto the
`communications line. The apparatus contains both a
`transmitter and receiver and is capable of full duplex
`operation in a bidirectional communications line. Ac-
`cording to the invention, data is enciphered by combin-
`ing the data received with the output ofan algorithm,
`the algorithm output being dependent onthedata previ-
`ously enciphered and a unique key entered by the user.
`As data is received it is combined with the output of the
`4/1972
`3,657,699
`Rocheret all.
`......s:ssssssesessenenes 178/22
`algorithm, transmitted and using cipher feedback tech-
`
`3,740,475«G/ 1973) Efrat co.cc essseeeeeeeeesetessesesneres 178/22
`niques fed back as an input to the algorithm to be used
`«» 364/200
`3,798,605
`3/1974
` Feistel........
`to encipher subsequently received data. Data is deci-
`
` Ebrsam et al.
`.......ssssssssesseeese 178/22
`3,962,539
`6/1976
`
`phered using equivalent elements as used for encipher-
`Zetterberg etal. ....
`seeseeeee 178/22
`3,984,668
`10/1976
`ing,
`the basic difference in the apparatus operation
`OTHER PUBLICATIONS
`being the point from which data fed back into the algo-
`rithm is taken. The apparatusoperates on a byte-by-byte
`C. M. Campbell, Jr.; Conf. on Computer Security and
`basis, and contains provisions for responding to control
`the Data Encryption Standard; NBS (Preprint of Pa-
`characters and ignoring messages intended foradiffer-
`pers); Feb. 15, 1977.
`ent apparatus.
`B. Morgan; Conf. on Computer Security and the Data
`Encryption Standard; NBS (Preprint of Papers); Feb.
`15, 1977.
`
`49 Claims, 17 Drawing Figures
`
`
`
`7
`
`
`
`TWPUT & OUTPUT
`PERMUTE AUTOMATICALLY
`(IP)
`
`(8)
`
`8X8 BIT
`SERIES/PARALLEL
`\-2
`
`
`
`
`
`EXCLUSIVE 08
`
`(8-64 X4 ROMS)
`
`|
`
`
`PERMUTE (P)
`
`
`
`
`ma 2D
`EXCLUSIVE OR
`
`(32-EXGLUSIVE O83)
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 1
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 1
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 1 of 15
`
`4,172,213
`
`DATA
`N
`
`ToRn
`
`oT
`:
`
`Ke
`
`
`
`
`
`8X8 BIT
`INPUT & OUTPUT
`
`® @®_peRwuTe auTOMATIcALLYG2) ~_@ SERIES/PARALLEL
`(IP)
`-2
`
`DATA STORAGE
`
`Ln
`
`Rh
`
`refsge
`
`KEY STORAGE
`
`at
`
`@)
`
`Cae
`(PC
`!
`|
`|=@
`C=
`SS|
`|
`EXCLUSIVE OR
`|
`|
`(48-EXCLUSIVE OR'S) |
`Fina
`|
`|
`SUBSTITUTION
`I
`!
`
`|
`
`|
`
`82)
`
`PERMUTE(P)
`
`T
`
`EXCLUSIVE OR
`
`fig!
`
`(32-EXCLUSIVE OR'S)
`
`IPR2016-00753aseeaePage 2
`
`
`PMC Exhibit 2096
`Apple v. PMC
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 2
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 2 of 15
`
`4,172,213
`
`
`
`
`
`b-2YAISIOIYWOVEGII4YIHdIO
`
`ifdino
`
`
`Neiawa
`
`IfdNI
`
`rTa|LAdLNO1JOYLNOD|
`4d1S1934LIWSNVUL
`
`WHLIYOD1
`
`(JGOWLdAYONA)
`
`2bry
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 3
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 3
`
`
`
`
`
`
`
`NOWdAYONSOrd LASVIVd
`
`
`TWNINYSLLISWLVGLASV1VG
`
`
`
`TWNINYALNOILGRIONSLasvivd
`
`301N30
`
`LaSvivd
`
`
`
`JOIAIC
`
`NOLdAYONS
`
`
`
`NOLWYNDIINODLNIOd-O1-LNIOd
`
`NOLLGAYONS
`
`JOIAII
`
`NOLdAYONS
`
`JAI
`
`
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 3 of 15
`
`4,172,213
`
` NOLWYNDIINOD
`
`
`
`
`
`L'9
`
`LNIOdLLTAW
`
`TWNIWSAL
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 4
`
`JOIAII67
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 4
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 4 of 15
`
`4,172,213
`
`
`
`
`
`
`
`WNIWUALFeyOW/9See}LSVIVG
`
`
`
`TWNIWYSLLASVIVO
`
`
`
`
`
`WNIWYSLLasvivdLASvivd
`
`WNIWYAL
`
`WNINYSL
`
`
`
`
`
`WNIWYSLLaSv1vdLaSvLVvd
`
`Lasvivd
`
`
`
`
`
`LASVIVGjee]OWSTWNIWYSL
`
`
`
`
`
`
`
`JOINIDNOULVOLNAHLAW/NOLLGAYONAJALOIT39S~QW/3S
`
`JOVSSAW
`
`HOLIMS
`
`00194
`
`LASvlvd
`
`JaSv1vd
`
`
`
`
`
`
`
`TWNINYALtee)0V/3Sjee}LASVIVO
`
`LaSW1Vd
`
`
`
`TYNINYSL-*
`
`Gud
`
`YOLWHINGONOD|”
`
`>)LASVIVd|
`
`
`
`
`
`>|LaSvIV0fe
`
`GOly
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 5
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 5 of 15
`
`4,172,213
`
`0-0&2-SU
`
`
`
`LIWSNVUL
`
`JOVHOLS
`
`IfdNl
`
`IndinoUaHdIdLINXWOUS/OL
`
`J-062-SU
`
`
`
`
`
`JOVANILN|YaISI9FYJOVIUSLNITNINUSL
`
`(lg
`
`saeJOVHOLS
`
`YIISI93Y
`
`(Lid1)
`
`iaIY6ae
`
`
`
`
`
`
`
`LMdNI3A13034INdNILIWSNVYL
`
`
`
`
`
`yOva03a4Y3HdIdyovgdaadWaHdl
`
`
`
`GNYTOMLNOO(NYTOULNOD
`
`
`
`Yalsi9ayNETISRE:g9bI4
`
`
`
`wllGAd.oLlGZY
`
`
`
`ANVYOLSJOVYOLS
`
`
`
`YALSIOSYHALSIOIY
`
`$30
`
`TOYLNODclWHLIYOOTY
`
`WHITHOOTV
`
`
`
`TWWIOS0VXSH
`
`ONIGVOTASY
`
`JOIAI0
`
`oO=oO
`
`coDOoN*2‘<xLu
`
` oOoSKaosfof
`oO8oO
`©oODoO
`
`oO
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 6
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`oct. 23, 1979
`
`Sheet 6 of 15
`
`4,172,213
`
`OE BTSHIT
`te
`8 BITS
`aa
`i
`
`
`edoevaeveetvaea apna
`
`
`
`
`
`
`
`TTT
`hw
`TRANSMIT|RECEIVE
`KEY BIT
`
`1-32
`
`Fig 7
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 7
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 7
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 7 of 15
`
`4,172,213
`
`1SOH
`
`NIVId
`
`vIVd
`
`YalyyVd
`
`194130
`
`WHLISOSTYC(Fysiwou
`NIVId/YSHd!9Vivd
`
`
`TOULNODLX3L
`SiuSLY
`
`
`NIVTd/Y3HdI9
`
`
`
`TOULNODLXAL
`
`uaHdld
`
`YSHdld
`
`NIVId
`
`LSOH
`
`SINO91
`
`YAINNOD
`
`YIAIIOIY
`
`USLUWSNVYL
`
`SINOec
`
`YSINNOD
`
`SANO91
`
`YSINNOD
`
`WwoPott=—a
`
`
`
` a=zofxaod
`
`
`
` oOoOBeeNOOO
`
`oO
`
`©oODoO
`
`W3d0W
`
`TOYLNOD
`
`WHIIODTV
`
`S30WOud
`
`TWNIWYAL
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 8
`
`
`
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 8 of 15
`
`4,172,213
`
`b-6
`
`
`
`190}SOVIYSLNIANSXIU
`J-2£2-SY"1YALOVYVHD
`
`A303LINSNVUL
`
`
`
`ONISS3I00UdONISSIV0Ud
`
`-¢&2-SY
`
`JOVIYSLN
`
`410
`
`
` 6514-W3H|ay||TOULNOD|mua|WHLIYOOTV|||nafF|
`
` J¥HOLS!nALUOOTYTARE—-yn|JIQVIdvA
`
`
`
`|
`
`||||
`
`wLl§ASM,
`
`JOVYOLS
`
`Y3lSI03u
`
`
`
`NOLLdO39VYOISAIMHLIMavaS—----
`
`ABMTTONISHIM9See
`
`|||(NOLLdO)|
`
`oO=oO
`
`coDOoN*2‘<xLu
`
` oOoSKaosfof
`oO8oO
`oODoO
`
`oO
`
`Oo
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 9
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`
`oct. 23, 1979
`
`Sheet9 of 15
`
`4,172,213
`
`Fig/3
`
`sat
`
`PARITY
`CHECK
`
`INPUT DATA FROM OTE
`
`DATA
`INPUT
`REGISTER
`
`——AF
`|
`GENERATION = DELAY
`
`
`
`SELECT
`
`7 OCLSNE
`
`TRANSFORMATION
`
`SELECT
`
`IF
`
`GENERATION
`ae
`
`3-10
`
`oo
`AUTHENTICATION
`DEVICE
`
`Br2
`
`;
`
`5-10
`
`aa
`
`KEY MEMORY
`STORAGE
`
`.
`
`DATA FROM ALGORITHM
`
`DATA TO ALGORITHM
`CONTROL(CIPHER
`FEEDBACK REGISTER)
`
`PARITY
`GENERATION
`
`QUTPUT
`CHARACTER
`BUFFER
`
`56
`
`QUTPUT DATA 10 DCE
`
`"KEY BITS"(6 &7)
`"KEY BITS" (6&7)
`|
`I
`00
`o
`0
`|
`Wl
`0 Oo
`0
`00—CONTROLCHARACTER
`00
`00
`00
`OOOOL 10 |
`oo
`ol tt
`PUT 1] OOO1 WUT
`Tae
`AR
`0
`tw
`0
`O
`(6&7)
`10}
`lO
`I NUNOG
`|
`(6&7)
`i
`0
`OF
`oT
`II} 1 ONQON
`EXCLUSIVE-OR
`~\\
`QUTPUT
`(A)
`(B)
`
`fig /O
`
`N
`
`00}
`olf
`+('0'
`It}
`
`NON-CONTROL
`CHARACTER
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 10
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 10
`
`
`
`U.S. Patent
`
`oct. 23, 1979
`
`Sheet 10 of 15
`
`4,172,213
`
`One it SHIFT
`
`IK 3aBITS
`
`
`
`gi
`DES ALGORITHM
`sey
`|
`8 TRANSFERS/BYTE
`“> |
`VARIABLE
`[TTTTIT
`| |
`Gi)|| |
`ACTIVATE
`_|
`= |
`ONCEPER
`=
`(66)
`ENCRYPT MODE
`a
`| Lots
`|||
`(8)
`:
`
`|a
`
`||_
`
`|
`
`RECEIVE
`
`ey
`
`SRESUERE
`
`(snot
`KEY BITS
`?
`Poe |
`
`TTLLIETLE
`
`re
`
`:
`
`I-10
`
`” PLAIN TEXT
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 11
`
`Fig//
`
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 11
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 11 of 15
`
`4,172,213
`
`TRANSMITTING
`
`Figl2
`
`PLAIN
`
`E
`E
`
`PLAIN
`
`E
`T
`
`8B
`¢
`
`DTE
`5 hecey
`PLAN
`aa oe
`Hl
`2
`
`arm«a9
`Text TET yy
`
`
`
`nmo
`0D Des+T 1 DD Fee-F
`FRAN
`
`X
`
`TRANSMITTING
`IDENTIFICATION FIELD (IF)
`SELECTIVE ENCRYPTION/
`AUTHENTICATION DEVICE
`
`
`I2-4
`
`SAA
`
`
`
`S'ISAAY
`
`H 12 X63 41
`
`CIPHER
`TEXT
`
`Trlrm
`
`—mn
`
`coco
`
`PLAIN
`TEXT
`
`F —I2-2
`
`DCE
`
`SAA
`
`SSAAYV
`
`0D De++T | DD Feee
`
`H12 X63 41
`
`rk
`
`ELI
`
`CIPHER
`TEXT
`
`AUTHENTICATION DEVICE
`
`RECEIVING
`SELECTIVE ENCRYPTION/
`
`—amr
`
`PLAIN
`TEXT
`
`H
`
`co
`
`a=—irm
`
`c>coco
`
`SA
`0
`D
`H
`|
`
`yoo
`
`*
`
`“T,
`
`PLAIN
`
`eT
`
`a7:
`
`PLAIN
`TEXT
`
`mn
`
`PLAIN
`TEXT
`
`RECEIVING DTE
`
`ADI,AD2 INDICATE RECEIVING DTE
`SIC = SELECTIVE IDENTIFICATION CHARACTER= IIIII01
`AD3,AD4 INDICATE TRANSMITTING DTE
`VFI-VF8=VARIABLE FILL CHARACTERS
`SEF = START ENCRYPT FIELD
`EEF = END ENCRYPT FIELD
`
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 12
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 12
`
`
`
`U.S. Patent
`
`oct. 23, 1979
`
`Sheet 12 of 15
`
`4,172,213
`
`DATA FROM DCE
`
`DATA
`INPUT
`REGISTER
`
`4-2
`
`|
`
`|
`
`|
`
`|
`
`|
`rae
`
`
`PARITY |oyQlR |
`CHARACTER
`———
`——>
`1 DELAY Tt
`CHECK
`|
`rt
`|
`VERIFICATION
`|
`5
`‘-
`+
`AND
`KEYMEMO
`Bi
`|
`|
`STRIPPING
`ne|
`[ STRIPPING
`|
`|
`| ||
`
`
`
`DATA FROM
`ALGORITHN
`
`|
`|
`| |
`
`| |
`
`DATA T0
`~ ALGORITHM
`(CIPHER FEEDBACK
`REGISTER)
`
`CHARACTER
`MATRIX
`
`PARITY
`GENERATION
`
`
`
`CHARACTER
`STORAGE
`REGISTER
`
`4-4
`
`DATA 10 OTE
`
`Fig/4
`
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 13
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 13
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 13 of 15
`
`4,172,213
`
`PA BYTE SHIFT
`
`5-2
`
`BBS
`
`
`
`[ DESALGORITHM (‘(<i;#’é‘(<té;as;é‘SCtS
`
`STRANSFERS/BYTE
`TTTTT
`@
`
`ENCRYPT MODE
`
`(56)
`
`64)
`PITTIITILH®
`
`|
`i
`|
`
`| ||
`
`||
`
`(8)
`
`ACTIVATE
`ONCE PER
`
`©
`
`w VARIABLE
`
`KEY
`
`5-6
`
`‘
`
`PTTTTTTT
`5-12
`
`(8)
`
`AF
`
`=o
`
`o3mm=mi
`
`PLAIN.
`
`.
`
`TEXT
`GENERATOR , COMPARATOR
` INTERCHANGE
`
`XOR
`
`|
`
`TRANSFORMATION
`
`STATUS
`
`QUTPUT
`
`I-10
`
`_figls
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 14
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 14
`
`
`
`U.S. Patent
`
`Oct. 23, 1979
`
`Sheet 14 of 15
`
`4,172,213
`
`z
`
`TRANSMITTING
`
`=+m
`
`7?ooWw=
`
`8 0 H
`
`_-o>
`mew>
`PLAIN
`veep
`TEXT
`,
`
` TRANSMITTING
`
`
`
`
`SELECTIVE ENCRYPTION/
`AUTHENTICATION DEVICE
`
`
`
`IDENTIFICATION FIELD (IF)
`AUTHENTICATOR FIELD (AF)
`
`S
`H
`
`A
`|
`
`A
`2
`
`S'S A
`X
`6
`3
`
`A
`4
`
`Y
`I
`
`Vv pia
`8
`
`A ATE 8B
`A
`OA
`| 23 4
`X
`Q
`
`m 2
`
`oS
`A
`A
`5
`S$
`A
`A
`Y
`V
`A
`A
`A AJE B
`
`0.0 D---T 1D D Feeef TAIN|OF OF FIT ¢
`HI
`2 XC341.
`8
`1
`2
`3 4}X Cp
`
`
`
`RECEIVING
`SELECTIVE ENCRYPTION/
`AUTHENTICATION DEVICE
`
`SA A
`H 12.
`
`5
`X
`
`PLAIN
`
`E
`X
`
`B
`63
`
`16-10
`
`RECEIVING DTE
`
`Fig/6
`
`ADI,AD2 INDICATE RECEIVING DTE
`SI = SELECTIVE IDENTIFICATION CHARACTER = {111101
`AD3,AD4 INDICATE TRANSMITTING DTE
`C] =OPTIONAL CHARACTER THAT INDICATES THE STATE OF AUTHENTICITY OF THE MESSAGE
`VFI-VF8 = VARIABLE FILL CHARACTERS
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 15
`
`
`
`U.S. Patent
`
`oct. 23, 1979
`
`Sheet 15 of 15
`
`4,172,213
`
`Fig I7
`
`
`TRAST
`SAADD Deeey
`PAN
`gf
`OE PN EE
`rex’ EteEtext
`H12
`Xx
`F
`po x O
`
`
`
`
`PAN
`
`=SMT
`SEOUTAHION|
`
`DEVICE
`
`ADENTIFICATION FIELD (i)
`
`ONAL
`AUTHENTICATOR FIELD (AF)
`
`
`
`ER tae ean Ncaaw 6
`
`PRN
`
`
`H12
`xXC341
`8
`F
`F
`|
`
`>
`
`opyeR
`
`£
`
`PLAN
`
`A
`
`NT
`
`wn
`
`7
`
`=mM
`
`Qow
`
`vet©text Ete
`
`Dce
`
`B OmR Eun [A
`DO Deel 10D FoeeF MAM
`Hi2
`xo3gar
`—g Vy
`F
`|
`
`
`REOELVING
`SELECTIVE ENCRYPTION/
`AUTHENTICATION
`DEVICE
`
`nmeOoT
`
`wT
`
`n>
`
`ee
`
`cooOcoMo
`
`DD dere? pun[|£8PUN Goan Eo
`
`vet©textEText
`Hi2
`x
`X
`63
`
`
`
`
`
`RECEIVING DTE
`
`ADI, AD2 INDICATE RECEIVING DTE
`SIC = SELECTIVE IDENIFICATION CHARACTER = IIII10I
`AD3, AD4 INDICATE TRANSMITTING OTE
`C1=OPTIONAL CHARACTER THAT INDICATES THE STATE OF AUTHENTICITY OF THE MESSAGE
`VFI-VF8 = VARIABLE FILL CHARACTERS
`SEF = START ENCRYPT FIELD
`EEF = END ENCRYPT FIELD
`
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 16
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 16
`
`
`
`4,172,213
`
`2
`not intended for, a first terminal to a second terminal
`whichis intended to receive the message. Second, the
`system enciphers all data and hence is not capable of
`selective encryption. Third, communications must be
`initiated by the terminal, and maynotbe initiated by the
`central processor. Fourth, the system is not designed for
`insertion in previously existing communications sys-
`tems.
`
`Another cryptographic technique to achieve data
`security is presented in U.S. Pat. No. 3,798,360, issued
`Mar. 19, 1974, which system provides multiple level
`enciphermentof a block of data by means of a stepped
`block cipher process. This system suffers from the same
`drawbacks as previously discussed for U.S. Pat. No.
`3,798,605. Further, this system is restricted to operation
`on blocks ofdata and is not capable ofbit-by-bit encryp-
`tion.
`
`OBJECTS OF THE INVENTION
`
`1
`
`BYTE STREAM SELECTIVE
`ENCRYPTION/DECRYPTION DEVICE
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`Reference is hereby made to twoutility applications
`entitled LINK ENCRYPTION DEVICE,Ser. No.
`452,443,
`and COMMUNICATIONS LINE AU-
`THENTICATION DEVICE,Ser. No. 852,446, by the
`same inventors as the instant inventionandfiled concur-
`rently with the instant application, and to a design appli-
`cation entitled DATA ENTRY KEYBOARD, by
`Jerry Joseph Sims etal., Ser. No. 835,840,filed Sept. 22,
`1977.
`
`BACKGROUNDOFTHE INVENTION
`
`5
`
`15
`
`20
`
`30
`
`35
`
`40
`
`60
`
`65
`
`The present invention relates generally to the art of
`cryptography and morespecifically to hardware and
`techniques for achieving data communicating security.
`With the growing use of remote communications
`It is the general object of this invention to provide a
`lines to transfer data between processing systems, be-
`cryptographic system to provide communications secu-
`tween terminals and remote data banks, and between
`rity for communications links in point-to-point or multi-
`terminals connected to the sameordifferent computers,
`point networks without changes to existing hardware or
`the need to safeguard the data being transferred has
`software configurations.
`grown. In the banking industry, there is a growing need
`It is another object of this invention to provide link
`to prevent the fraudulent modification of “electronic
`encryption on a byte-by-byte basis in commoncarrier or
`money”in electronic funds transfer. Similar needs exist
`direct connect circuit environments.
`in business to prevent the disclosure ofsensitive data. In
`It is a further object of this invention to provide a
`the government sector, present and/or future privacy
`cryptographic system, for insertion between a data set
`acts place restrictions on the ability to access sensitive
`and a terminal or central processing unit, which enci-
`information. This need to safeguard sensitive informa-
`phers and deciphers binary data on a byte-by-byte basis.
`tion is likely to grow as future privacy legislation will
`most probably impose data communications security
`It is a further object of this invention to provide a
`requirements on the private sector.
`;
`self-contained cryptographic system, for insertion be-
`Previous efforts to safeguard data communications
`tween a data set and a terminal or central processing
`have been made,
`for example,
`in U.S. Pat. No.
`unit, which enciphers and deciphers data on a byte-by-
`3,798,605, issued Mar. 19, 1974, which pertains to a
`byte basis without modifying control commands and
`multi-terminal data processing system having means
`communications protocols.
`and process for verifying the identiy of subscribers to
`It is another object of this invention to provide a
`the system. Validity of a terminal request for communi-
`cryptographic system, for insertion in communications
`cations with the data processing system are determined
`links, which can selectively encrypt binary data.
`on the basis of a centralized verification system. Each
`It is still another object of the present invention to
`subscriber to the system is identified by a unique key
`45
`provide a system which maintains message secrecy as a
`binary signal pattern. The central data processing unit
`messageis transmitted fromafirst terminal or processor
`containsalisting of all valid keys for subscribers to the
`until the message reachesits ultimate destination point
`system. Two embodiments of the centralized verifica-
`after passing through terminals or processors for which
`tion system are presented, a password system and a
`the message is not intended.
`handshaking system. In the password system,all data or
`It is a further object of the present invention to pro-
`information originating at the terminal under use of the
`subscriberis enciphered in combination with the unique
`vide a system to maintain privacy between selected
`subscriber key. Upon proper deciphering of the key or
`terminals in a data communications network having a
`password at the central processing unit and arriving at
`plurality of terminals.
`a match with one ofthe keys in the processor’s listing,
`It is another object of the present invention to pro-
`the subscriber may communicate with the processing
`vide a cryptographic system which enciphers binary
`system. In the handshaking system embodimentthe user
`data into an enciphered data that is not susceptible to
`and the central processor exchange a plurality of mes-
`successful cryptoanalysis.
`sages each formed by a combination of new and prior
`It is still another object of the present invention to
`received data. Received data messages are also main-
`provide a cryptographic system that enciphers and
`tained within the registers at both the terminal and the
`deciphers data and which is dependent on a key stored
`central processor for further verification upon the re-
`in the cryptographic system and data previously re-
`turn of the portion of the message that was previously
`ceived by the cryptographic system.
`transmitted. The techniques described in the latter pa-
`These and other objects, features and advantages of
`tent have several drawbacks. First, the techniques are
`the present invention will become apparent from the
`restricted to communications between a central proces-
`description of the preferred embodimentsof the inven-
`sor and terminals attached to the central processor. No
`tion when read in conjunction with the drawiigs con-
`provision is available for communications between ter-
`tained herewith.
`minals or for transmitting a message received by, but
`
`
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 17
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 17
`
`
`
`3
`
`4,172,213
`
`20
`
`25
`
`30
`
`35
`
`Throughout this description and in the accompany-
`ing drawings, the following terms and expressionswill
`be utilized in accordance with the following definitions:
`
`4
`FIG. 8 illustrates the modem delay compensation
`SUMMARYOF THE INVENTION
`circuitry utilized in both the transmit and receive opera-
`tions.
`The foregoing objects of the present invention are
`FIG. 9 is a functional block diagram of the SE/AD in
`achieved by providing an apparatus for insertion in an
`the end-to-end selective encryption modeof operation.
`existing communications line for providing message
`FIG. 10 illustrates the translation performed on con-
`secrecy within a significant portion of existing commu-
`trol characters.
`nications lines.
`FIG.11 is a functional block diagram of the SE/AD
`The apparatus has both encryption and decryption
`capabilities and can function in a full duplex environ-
`as a byte stream encryption/decryption device operat-
`mentto encipher and transmit data received fromafirst
`ing in any end-to-end mode.
`direction, and decipher and transmit data received from
`FIG. 12 shows the message flow in a communication
`a second direction. Data received from the first direc-
`network that utilizes the SE/AD in the end-to-end
`tion is enciphered by combiningthe data received with
`selective encryption mode.
`the outputof an algorithm, the algorithm output being
`FIG.13 is a simplified block diagram of the transmit
`dependent on the data previously enciphered and a
`processing operation.
`unique key entered in the apparatus by the user. As data
`FIG.14 is a simplified block diagram of the receive
`is received from the first direction, it is combined with
`processing operation.
`the outputofthe algorithm andthe resulting enciphered
`FIG. 15 illustrates the SE/AD utilized as just an
`data is transmitted back onto the communicationsline in
`authentication device which serves as both a transmitter
`the first direction and fed back to a cipher feedback
`and a receiver.
`register which provides input data to the algorithm for
`FIG.16 shows the message flow in a communication
`use in enciphering data subsequently received by the
`network that utilizes end-to-end authentication mode
`devices.
`apparatus.
`Data received from the second direction is deci-
`FIG. 17 shows the message flow in a communication
`phered using equivalent elements and the same algo-
`network which combines theselective encryption mes-
`rithm as used for enciphering, the basic difference in the
`sage flow and the authentication message flow into a
`operation of the apparatus being the point from which
`system containing both modes of operation.
`data fed back to a cipher feedback register is taken.
`DETAILED DESCRIPTION OF THE
`The apparatus operates on a byte-by-byte basis andis
`PREFERRED EMBODIMENT
`sensitive to control character sequences. In response to
`the receiptofspecified control characters, the apparatus
`has provisionsfor selectively encrypting or decrypting
`data received, and provisions for transmitting the data
`received from thefirst direction without encipheringit.
`In an alternate embodiment, the apparatus contains
`provisions for storing a plurality of unique keys, each
`key having associated with it a unique address. When
`the apparatus receives a message from its second direc-
`tion it uses the address containedin the message to load
`the key, corresponding to the address received,into its
`algorithm. The apparatus then deciphers the data re-
`ceived based on the key that was loaded intoits algo-
`rithm. If the address contained in the messageis not one
`of the ones stored in the apparatus, the apparatuswill
`transmit the message received without alteration, as it
`was not intended for that apparatus.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 is a block diagram of the data encryption
`standard used in the preferred embodimentof this in-
`vention.
`FIG.2 is a functional diagram of the cryptographic
`techniqueutilized in the selective encryption/authenti-
`cation device.
`FIG.3 is a functional diagram showing the transmit-
`ter cipher feedback register run as a shift code counter.
`FIG. 4 illustrates typical point-to-point and multi-
`point networksutilizing the SE/AD inlink encryption
`mode.
`FIG. 5 showsa typical end-to-end mode communica-
`tion network configuration with multiple nodes and a
`variety of links containing a mixture of terminals and
`processors.
`FIG.6 is a functional block diagram of an SE/ADin
`the link encryption modeof operation.
`FIG. 7 illustrates the SE/ADas a bit-stream encryp-
`tion/decryption device operating in the link encryption
`mode.
`
`Algorithm: A prescribed set of well-defined rules or
`processes for the solution of a problem in a finite num-
`ber of steps.
`Authentication: The process of appending crypto
`check digits to a plain text message by means of a
`Crypto System where the Crypto check digits are gen-
`erated by Encryption of the entire plain text message.
`Cipher Feedback: A technique in which the key gen-
`erated is a function of the preceding cipher.
`Cipher Text: The unintelligible form of information
`resulting from Encryption ofplain text by a Cryptosys-
`tem.
`Cryptographic System (Cryptosystem): The associ-
`ated items of documents, devices, or equipmentthat are
`used as a unit, and provide a single means ofencryption.
`(The term “Encryption” used in this specification im-
`plies the capability of the inverse function, ie. “De-
`cryption”.)
`Crypto Unit: That portion of a Cryptosystem where
`the actual Encryption and Decryption takes place.
`Decryption (Decipherment): The process of convert-
`ing encrypted text
`into its equivalent plain text by
`means of a Cryptosystem.
`Encryption (Encipherment): The process of convert-
`ing plain text into unintelligible form by means of a
`Cryptosystem.
`End-To-End Selective Encryption/Authentication:
`Encryption of authentication in point-to-point multi-
`point networks to provide protection of data on the data
`communication line and within interspersed message
`switches or concentrators.
`Garble: Unintelligible information caused by a modi-
`fication to a cipherbit(s).
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 18
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 18
`
`
`
`o
`Key: Bits generated by a crypto unit under control of
`the key variable which are logically combined with
`plain text to form unintelligible information i.e., cipher
`text, or inversely, logically combined with cipher text
`to producetheoriginal plain text.
`Key Variable: A symbol, or sequence of symbols (or
`electrical or mechanical correlates to symbols) which
`control the operations of encryption and decryption
`(e.g., a finite length bit pattern).
`Link Encryption: Encryption in point-to-point or
`multipoint networks to provide protection of data on
`the data communications line.
`Message Integrity: A message in which the data is
`received at the proper destination exactly as sent by the
`originator,i.e., without any changes or tampering.
`Message Secrecy: A message in which the data is
`incomprehensible to any viewer or listener from the
`time it leaves the source until it arrives at the proper
`destination.
`Plain Text: Intelligible text or signals which have
`meaning and which can beread or acted upon without
`the application of any decryption.
`Selective Encryption: The process of converting
`portions of plain text which are delineated by selected
`character(s) into unintelligible form by means of a
`Cryptosystem.
`Variable Fill: A random bit pattern provided as the
`input to the algorithms of both transmit and receive
`crypto units during initialization.
`Data Encryption Standard: The Data Encryption
`Standard (DES) is an algorithm released by the Na-
`tional Bureau of Standards in the Federal information
`Processing Standards Publication (FIPS Pub) 46-Jan.
`15, 1977, andis intended for use as an industry standard.
`It was designed for 64-bit block data operation. The key
`variable is 56 bits in length and-is loaded into the algo-
`rithm before the encryption/decryption processis initi-
`ated. In the encrypt mode the algorithm produces 64
`bits of cipher text for each 64 bits of input plain text.
`Conversely, in the decrypt modeif these 64 bits of ci-
`pher text are provided as the input, the algorithm will
`producetheoriginal 64 bits of input plain text. The Data
`Encryption Standard is incorporated by reference in
`this specification. Additional description of the Data
`Encryption Standardis also presented in U.S. Pat. Nos.
`3,796,830 and 3,798,359, issued Mar. 12, 1974 and Mar.
`19, 1974, respectively.
`
`FIG. 1 is a block diagram of the data encryption
`standard. As shown, the implementation of the data
`input and data outputis provided in 8-bit bytes. The key
`input is entered in 8-bit bytes: 7 bits plus parity. Parity is
`not stored in the key storage register.
`Twenty-four clock periods are required to load the
`data input. Data outputis simultaneously available dur-
`ing this period. Sixteen iterations of the algorithm at
`two clock periodsper iteration, require an additional 32
`clock periods, giving a total of 56 clock periods needed
`for a complete algorithm load and run cycle. At the
`system clock of 1.2288 MHz,the algorithm is cycled in
`45.6. seconds.
`FIG.2 is a functional diagram of the cryptographic
`technique utilized in the Selective Encryption/Authen-
`tication Device (SE/AD). Operation of the algorithm
`unit (DES)2-2 is described, supra, and is shown only to
`indicate the required interconnections. In this discus-
`sion, the algorithm is only operated in the encrypt mode
`andis being utilized as a key generator. This technique
`
`30
`
`40
`
`60
`
`4,172,213
`
`6
`operates on the principle that “plain text” exclusive-
`ORed with “key” produces cipher, and conversely that
`“cipher” exclusive-ORed with “key” produces theorig-
`inal plain text.
`The algorithm was designed to operate on 64-bit
`blocks of input data; however,it can be operated(i.e.,
`cycled through the required 16 iterations) on any num-
`ber of input bits up to this maximum of 64 bits. As
`shownin FIG.2, the algorithm 2-2 is being cycled once
`for each data input bit. Each time a data input bit is
`transferred into the 64-bit input register 2-4, the entire
`contents of this register 2-2 are transferred into the
`algorithm 2-2. Although 64 key bits are produced each
`cycle and are available at the output, only a single key
`bit is utilized and the other 63 keybits are ignored. Also
`shown in FIG. 2 within the dotted lines is an 8-bit out-
`putregister 2-6. If the input to the algorithm is provided
`as a single character, or 8-bit byte, and then cycled, and
`8-bit byte of key bits can be providedas the output.Itis
`important to note that with a fixed key variable, for a
`given pattern of 64 algorithm inputbits, a given pattern
`of 64 output, or key bits is always generated.
`Shownat the top of FIG. 2 is a 64-bit shift register
`called the cipher feedback register 2-4. In the transmit
`modeas each inputplain text bit is exclusive-ORed with
`a key bit by exclusive-OR 2-8, the resultant cipherbit is
`sent as the output bit and simultaneously entered into
`the cipher feedback register 2-4. Thus the input to the
`algorithm unit 2-2 which produces keybits is the last 64
`bits of the output cipher bit stream.
`In the receive mode, the system operates in a similar
`manner.In this instance the inputto the unit is the same
`cipher bit stream produced at the transmitter output.
`Since this information must be decrypted, the cipherbit
`stream is entered directly into the cipher feedbackregis-
`ter 2-4 as shown. Hence,the input to the algorithm 2-2
`is the last 64 input cipher bits. By performing the in-
`verse operation of exclusive-ORing the cipher bits with
`the identical key bits as were generated in the transmit-
`ter, the original plain text is provided as the receiver
`output.
`In order for the encryption/decryption process to
`proceed withouterror, or garble, the bit patterns in the
`cipher feedback registers 2-4 of both transmitter and
`receiver must be identical when generating the keybit
`to
`
`produce the cipher bit from the incoming plain text
`bit in the transmitter, and
`to produce the original plain text bit from the incom-
`ing cipher text in the receiver.
`The method of ensuring that the transmitter and re-
`ceiver are in synchronization is to randomly preset the
`cipher feedback register 2-4 in the transmitter to some
`bit pattern and precede the output cipher text message
`with these 64 preset bits. The receiver would place the
`first 64 bits received into its cipher feedback register 2-4
`as the initial preset before running the algorithm to
`produce the same key bits which are then processed
`with the incoming data. This initialization technique is
`called variablefill.
`Variablefill refers to the bit pattern, or fill, to which
`both the transmitter and receiver cipher feedback regis-
`ters 2-4 are set before processing input plain text in the
`transmitter and cipher text in the receiver.
`Whennotin the transmit mode,the transmitter cipher
`feedbackregister 2-4 is run as a 49-bit shift code counter
`driven by the recursion X¥g=X4)56 showniri FIG.3.
`Thepresetto the shift code counteris the cipher residue
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 19
`
`PMC Exhibit 2096
`Apple v. PMC
`IPR2016-00753
`Page 19
`
`
`
`4,172,213
`
`7
`remaining from the last transmission. This assures that
`the preset to the counter is also random in nature.
`Whenevera variable fill is required, the transmitter
`cipher feedback register 2-4 is returned to its normal
`operation:the shift code countingis inhibited; the algo-
`rithm unit 2-2 is re-enabled; and the register 2-4 is oper-
`ated at the selected input data rate. The inputplain text
`data line is held in the mark condition and is exclusive-
`ORed with the key bits which are being generated as a
`result of the random bit pattern contained in the cipher
`storage register 2-4. A spaceis placed on the output data
`line and the operation proceedsas described, supra, for
`a predetermined numberofbit times, i.c., cipher text is
`generated and sent as a variable fill as the transmitter
`output and simultaneously fed back as the input to the
`cipher feedback register 2-4. After the selected number
`of bits have been transmitted, the remainder of thebit
`positions in the cipher feedback register 2-4 are reset to
`zero, and the unit starts to process incoming plain text
`data as described previously.
`Operation of the receive unit is triggered by the de-
`tection of a mark-to-space transition. Following this
`transition, the incoming data is processed as described
`previously. However, the output data is inhibited. The
`incoming variablefill is e