United States Patent
`Rosenblum
`
`[19]
`
`[11]
`[45]
`
`4,182,933
`Jan. 8, 1980
`
`[54] SECURE COMMUNICATION SYSTEM WITH
`REMOTE KEY SETTING
`Inventor: Howard E. Rosenblum, Silver Spring,
`Md.
`
`[75]
`
`.
`.
`_
`.
`[73] Asslgnem The Umted Sums of menu”
`filmy‘ wt::figtt]:fnSe[§TC_ : of the
`’
`’
`{Z1} APPL N03 390371
`E22] Filed,
`pain 14' 1959
`
`[51]
`Int. CL3 .......................... HIMK 1/99: H041. 9/00
`""""""""""""" 179’1'5 R5 178/22
`[52] U_-5'0‘
`[58] Fleld of Search ........................... 179/1.5; 137235/'22;
`/32
`
`Primary E.mmi'ner—Howard A. Birrniel
`Attorney, Agent, or Fi'rm—John R. Utermohle
`
`ABSTRACT
`[57]
`An apparatus for maintaining secure communication
`between subscribers. A centrally located key distribu-
`tion center, which includes a data processor, is utilized
`as a source of remotely selected working variables
`which are utilized to enable secure communication
`between a plurality of selected subscribers. Each sub-
`scriber in the system has a unique variable which identi-
`fies him to the data processor. and enables a secure
`communication with the data processor, which will
`then provide him with the working variable of the sub-
`scrihel. that he wishes to can The key distribution Gem
`ter also reiteratively replaces the working variable of
`the caller’ and the called subscribm. if desired. each time
`contact is made with the key distribution center.
`
`10 Claims, 2 Drawing Figures
`
`0
`
`
`
`
`
`
`
`
`/2°
`"2
`F “““":;;.;;.'u"
`
`can‘
`u
`TLEPHDNE _
`
`‘$1
`I
`,’|,’cEuErm.
`“TELEPHONE :I
`233$:
`:',swI1'cHme Ill
`SWIYCHING
`"
`gjuerwonx I,
`Jr
`J!
`NE'iwORI(
`.
`.
`
`' sroeae
`L — _ — — H H _ - _
`..
`I (G
`I_____
`COMPUTER
`————— — _
`I
`svsreu
`E
`
`com Ron.
`I
`swI‘rcHING
`I
`I L———-f";Tp3,fiE“ ,
`uzrwomt
`:______L¢iE_NE_§£To§Ji:
`237
`25
`l
`.1
`
`F‘““““‘“fi
`Page 1
`
`
`
`KEY DISTRIBUTION CENTER
`
`SUBSCRIBER 2
`
`PMC Exhibit 2097
`
`Apple v. PMC
`|PR2016-00755
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 1
`
`

`
`U.'S. Patent
`
`Jan.8, 1930
`
`Sheet 1 of2
`
`4,182,933
`
`
`
`
`
`E._.zuozo:._._m_E.m_a.35.mm
`
`moéxmzuo
`
`mrsfimIzoozqm
`mmt.:n_s_oo
`
`.<mon_2m:_
`
`mwmmmHmJ
`
`
`1xmozfiuzx__oz_:o._._.sm___
`
`___m_zo:n_m._.nF___:4¢mmzmo:
`
`oz=._2.:sm
`
`xmoafiz
`
`._oE.z8
`
`_2m_._.m>m
`
`PMC Exhibit 2097
`
`Apple v. PMC
`|PR2016-00755
`
`Page 2
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 2
`
`
`
`
`
`
`
`

`
`
`
`.mobqmmzme
`
`1fia&uH_m&nm%%%_
` .mmlEx_I_|||_l|..|||.___1._mmmm.Eoooof_IIIIIIIIIIIIIIIIIIIIII|.1a-:I7fiI:LD.
`U.IIuI..|I.._n
`
`
`_Emacs._I>m§_on__2m»momnufi__._._o:>..mAw_x_:II_I_lIn_.ozazmzomm
`
`8WILLIIJ_amzzqzoomm
`.mm:_u__IIEImoéoz
`
`IIIII_U.9.
`
`2
`
`81
`
`_F|IIlL.m_Sm.//2//
`
`
`
`......_mw,,/nu/%_m_o_>m_oow//_motzoz
`
`__
`
`_//
`_w:m.m.m4mm_1..._m_.oJ_.IJ_mbansru,,
`
`
`
`9IIIIIIIII|I||III|l|!4fi1|II:|J
`
`3CAW3MI9.,P2NEu
`
`ED.2
`Xpo
`
`mmm
`WC%3
`WV.n_uP
`mmmm
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 3
`
`
`

`
`1
`
`4,182,933
`
`SECURE COMMUNICATION SYSTEM WITH
`'
`REMOTE ‘KEY SETTING
`
`30
`
`5
`
`1°
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`The present invention is a communication system,
`more particularly it is a secure communications system
`for maintaining secure communication between sub-
`scribers.
`2. Prior Art
`Prior art secure communication systems which utilize
`at least one working variable for enciphering and deci-
`phering secure messages transmitted therein, do not
`remotely select these working variables for purposes of 15
`retransmission of a secure message between subscribers
`in the system. These prior art systems utilize a working
`variable which must be known to all subscribers receiv-
`ing the secure message. This working variable, known
`by the subscribers, must be inserted into their enci- 19
`plrering/deciphering means in order to maintain secure
`communication. If each subscriber to the system has a
`different working variable, the one initiating the mes-
`sage in such a system must have at his disposal the
`working variable of the subscriber he wishes to call so 35
`that he may insert it in his enciphering/deciphering
`means in order to maintain a secure message between
`subscribers. This requires a substantial
`inventory of
`working variables at the place of message initiation, and
`reception, thus minimizing the security of the system.
`Another feature of prior art secure communication
`systems, which has limited desirability from a security
`viewpoint, is the -requirement that in order to change
`the working variables utilized in these systems these
`variables must be changed in accordance with a prede- 35
`termined schedule, known to all subscribers in the sys-
`tem; thus, there
`once again a minimization ofsecurity.
`In the-secure communication system of the present
`invention, the security liabilities of prior art systems are
`overcome by providing for an automatic reiterative 40
`replacement for the working variables of the system
`subscribers, and by providing a, means by which the
`working variable of the subscriber which is called is
`remotely selected for purposes of retransmission by the
`subscriber initiating the call. By reiteratively replacing 45
`the working variables automatically. there is no need
`for conforming to a rigid schedule known to all parties.
`By accomplishing remote selection and reiterative re-
`placement by some means external to the subscribers to
`the system, at some central location, an absolute maxi- 50
`miration of system security is provided. This is due to
`the singular remote location of the necessary infon1ra-
`tion, as opposed to the multiplicity of locations, one at
`each subscriber, necessary in prior art systems, as well
`as the fact that the actual working variable which is 55
`utilized, at any given time, is unknown to all subscribers
`in -the system, the setting of the enciphering/decipher
`ing means of the subscribers being accomplished auto-
`matically with information received from a remote
`selection means. Furthermore, the security of the sys- 60
`tem of the present invention is enhanced due to the ease
`of reiterative replacement, which may occur as often as
`once per message instead of once per day, or once per
`plurality of messages, as in prior art systems.
`Prior art subscription television systems employing 65
`remote selection of switch setting information in order
`to allow the subscriber to receive a scrambled subscrip-
`tion television picture cannot provide for remote selec-
`
`2
`tion of a working variable in the sense that theswitch
`setting information received is not utilized to transmit a
`secure message between the subscriber and another
`subscriber, but rather merely to receive information
`already existent.
`SUMMARY OF THE INVENTION
`
`An object of this invention is to provide a new and
`improved secure communication system which over-
`comes the disadvantages of the prior art.
`Another object of the present invention is to provide
`a new and improved secure communication system
`wherein the information necessary to enable secure
`communication is remotely selected.
`Another object of the present invention is to provide
`a new and improved secure communication system
`wherein the information necessary to enable secure
`communication is reiteratively varied.
`SUMMARY
`
`With these objects in view a secure communication
`system may include a remotely selectable means for
`selecting a key-setting variable and a unique variable
`and transmitting the remotely selected key-setting vari-
`able, the remotely selectable means including a means
`for reiteratively replacing the key-setting variable when
`the key-setting variable is remotely selected, the reitera-
`tive key-setting variable replacement replacing the key-
`setting variable necessary to maintain secure communi-
`cation the next successive time remote selection occurs;
`a first means for initiating remote selection, for receiv-
`ing the transmitted remotely selected key-setting vari-
`able, and for transmitting a secure communication enci-
`phered in accordance with key-setting variable, the first
`receiving means being unique to the unique variable;
`and a second means for receiving communications from
`the first receiving means using the most recently ob-
`tained key~setting variable to enable secure communica-
`tion between the first and second receiving means.
`Other objects and many of the intended advantages
`of this invention will be readily appreciated as the in-
`vention becomes better understood by reference to the
`following description when taken in conjunction with
`the following drawings wherein:
`FIG. 1 is a functional diagram of a system which is a
`preferred embodiment of the present invention, and
`FIG. 2 is a functional diagram of a portion of the
`system shown in FIG. 1.
`Referring now to FIG. 1, which is a functional dia-
`gram of the entire system of the present invention, a
`general
`telephone switching network is shown. al-
`though the basic theory underlining the system is func-
`tional with any type of communication media. A sub-
`scriber has a secure module 1|] comprising a standard
`telephone transceiver 11; a standard vocoder 12, or
`other speech-to-digit converter means such as a delta-
`rnodulation codes‘, or other digital communication de-
`vice, such as a teletypewriter; a key generator 15; a
`modem 16, which is a standard modulator-demodulator
`communication device for accomplishing conversion of
`a digital signal to an analog type signal, and vice versa,
`for direct delivery to and from a telephone network;
`and a system control switching network 17, shown in
`more detail in FIG. 2, which supervises the overall
`operation of the subscriber module ltl. Each subscriber
`to the system has an identical secure module with re-
`
`Apple v. PMC
`|PR2016-00755
` Page 4
`
`PMC Exhibit 2097
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 4
`
`

`
`3
`spect to structure, differing only in its associated secu-
`rity parameters, as will be explained herein below.
`The key distribution center 20 is the heart of the
`system in that it provides the remote selection capabil-
`ity, as well as the reiterative replacement capability, of 5
`the present invention. The key distribution center 20,
`which is centrally located with respect to the subscrib-
`ers to the system, comprises a standard computer 21,
`which has an associated storage means 22; a random
`state generator 24, for generating random variables to ID
`enable reiterative replacement, to be described later; a
`key generator 25; a modem 26; and a standard commu-
`nication line-finder device 27, which acts as a concen-
`trator and selects the open terminal pair of the modem
`26 when contacted by a subscriber,
`the modem 26 15
`shown as a singular modem having a plurality of termi-
`nal pairs, rather than a plurality of modems, for illustra-
`tive purposes. The key distribution center 20 may also
`contain an update generator 28, shown by hidden lines,
`when an alternate embodiment of the general system is 20
`utilized, to be explained later.
`Just as the key distribution center 20 is the heart of
`the entire system, the system control switching network
`17, shown in more detail in FIG. 2, is the heart of the
`subscriber module 10, as it controls the sequence of 25
`operations occurring in the subscriber module 10, from
`the initiation of a call to another subscriber in the sys-
`tem, until the cessation of contact with the called sub-
`scriber, and the going off line. The system control
`switching network 17 contains a storage device 29,
`which may be any type of standard storage device com-
`prising either a permanent storage (read only) and tem-
`porary storage (read-write) portion, or be completely of
`the read-write variety. The selection of storage device
`29 is merely a matter of choice, the system functioning
`equally well with other types of storage. For purposes
`of explanation, we will assume that a permanent stor-
`age-temporary storage type of storage device 29 is uti-
`lized.
`
`30
`
`35
`
`A subscriber module storage device 29 would have in
`its permanent storage a unique key-setting variable,
`designated U, this unique key-setting variable being of a
`predetermined bit length, and being used for purposes
`of secure communication with the key distribution cen-
`ter computer 21,
`to be explained subsequently;
`the
`unique telephone number of the subscriber, designated
`T,-, consisting of the predetermined number of digits
`which are necessary to uniquely identify the subscriber
`in the system, the number of digits being dependent on
`the number of subscribers in the system; and the number
`of digits necessary to contact any subscriber in a world-
`wide system, for example 12 digits-, and the unique tele-
`phone number of the key distribution center 20, desig-
`nated Txoc. consisting of the predeterrnined number of
`digits necessary to contact the key distribution center 20
`from any point in a world-wide system, for example 12
`digits. The temporary storage portion of the subscriber
`module storage device 29 would contain a key-setting
`variable, designated V, this key-setting variable being
`utilized to maintain a secure communication between
`any subscribers in the system having this key-setting
`variable; and, after a call has been initiated to another
`subscriber in the system,
`this operation to be subse-
`quently explained, the telephone number of the sub-
`scriber being called, designated Tx, consisting of the
`predetennined number of digits necessary for contact-
`ing the called subscriber anywhere in the secure com-
`munication network, for example, 12 digits.
`
`45
`
`50
`
`55
`
`65
`
`4,182,933
`
`4
`key-distribution-center-computer-associated
`The
`storage device 22, which may be a drum storage, a tape
`storage, a disc storage, or any other acceptable comput-
`er-associated-storage means, would contain the unique
`variables and key-setting variables, associated with the
`telephone identification numbers of the subscribers, '1",-,
`Tx, for all the subscribers in the secure communication
`system.
`The function of the various key-setting variables in
`this system is to determine the key that is produced by
`the associated key generators, the key that is generated
`being generated from the key-setting variable, whether
`directly or indirectly, the generated key being utilized
`to encipher the communication in order to enable a
`secure message to be transmitted, and/or received. The
`key-setting variables associated with the key generators
`can be electrically changed so as to alter the key which
`is produced by the associated key generator, and thus
`vary the enciphering/deciphering of the message, en-
`abling a more secure system than possible in prior art
`devices. In one embodiment of the general system, the
`key-setting variable of the called subscriber is directly
`utilized as the dynamic working variable, which is the
`variable which is ultimately utilized by the associated
`subscriber key generators to enable secure communica-
`tion between associated subscribers whose key genera-
`tors are set in accordance with the dynamic working
`variable.
`In an alternate embodiment of the general
`system, the key-setting variable of the called subscriber
`is not directly utilized as the dynamic working variable,
`but
`instead is combined with an indicator variable,
`which is a variable which denotes the function to be
`performed on the key-setting variable to update it, to
`obtain the dynamic working variable which is utilized
`to set the associated subscriber key generators.
`The normal operating condition of all the subscriber
`modules 10 in the secure cornrnunication system of the
`present invention, when the telephone transceiver I1 is
`on-hook, in the particular embodiment where the key-
`setting variable is directly utilized as the dynamic work-
`ing variable, is to have the associated working key-set-
`ting variable, V, filled into its associated key generator
`15 while the subscriber is on-hook. so that he may re-
`ceive a
`secure communication immediately after
`contact is established without any further operation
`being necessary in order to place him in the secure
`mode, unless it is desired to override this automatic
`operation with a manual switch means, to be explained
`later. The normal operating condition of all the sub-
`scriber modules III in the secure communication system
`of the present invention, when the telephone trans-
`ceiver II is on-hook, in the alternate embodiment where
`the key-setting variable of the called subscriber is com-
`bined with an indicator variable to obtain the dynamic
`working variable, is to have the associated key genera-
`tor 15 blank while the subscriber is on-hook.
`
`OPERATION
`
`The operation of the secure communication system of
`the present invention, in order to enable a secure com-
`munication between subscribers for the system, differs
`slightly for each embodiment,
`the differences to be
`subsequently explained,
`the choice of embodiment
`being dependent on the degree of security desired.
`
`PREFERRED EMBODIMENT
`
`The operation of the system when the particular
`embodiment, wherein the key-setting variable is di-
`
`PMC Exhibit 2097
`
`Apple v. PMC
`IPR2016-00755
`
`Page 5
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 5
`
`

`
`5
`rectly utilized as the dynamic working variable, will be
`described first. In this embodiment, the subscriber‘ initi-
`ating the call, for the purposes of illustration to be
`known as subscriber 1, dials the telephone number of
`the subscriber he wishes to call, for purposes of illustra-
`tion to be known as subscriber 2, in any known manner.
`This operation inputs the called subscriber's telephone
`number, letting this number be represented by T1, into
`the temporary storage portion of the calling subscriber
`module storage device 29,
`through the programmed
`sequencing switch 30, the sequencing switch 30 control-
`ling the sequence of operations performed at the sub-
`scriber module Ill and being a standard sequencing
`means such asseries of cyclical counters, the input to
`the switch being via a terminal pair 31-31 to the stor-
`age device 29 via another terminal pair 32-32. Sirnulta-
`neously with the insertion of the called subscriber tele-
`phone number, Tx, into the storage device 29, the pro-
`grammed sequencing swilch 30 selects the unique vari-
`able, U1, of its associated subscriber, which is initiating
`the call, and routes it to its associated key generator 15,
`via another terminal pair 35-35 where it replaces the
`working key-setting variable, V1, of the caller by reset-
`ting the key generator 15 using the unique variable, U1,
`which is a key-setting variable.
`the pro-
`After this operation has been performed,
`grammed sequencing switch 30 selects the telephone
`number of the key distribution center, Tgpc, from the
`permanent storage portion of the storage device 29, and
`routes it to the line 37-37 via a variable rate clock 40.
`which determines the proper readout rate, along the
`associated terminal pair 41-41 at the proper network
`rate determined by the clock 40, which for the Bell
`Telephone System would be 16 pulses per second, to
`the modem 16, where it is output over the telephone line
`37-37 to connect the subscriber to the key distribution
`center 20 through the general telephone switching net-
`work 42 via the path shown, for purposes of illustration,
`by hidden lines 43-43. There is a monitor device 45
`associated with the subscriber modem 16 which senses
`when the key distribution center 20 is on-line, due to a
`supervisory signal being received from the key distribu-
`tion center 20, such as a sudden cessation of the com-
`pleted ringing circuit.
`When the key distribution center 20 is called, the line
`finder 27 locates an open terminal pair to its associated
`modem 26, and a supervisory signal. as was just previ-
`ously described, is sent to the subscriber who has trans-
`mitted the telephone number of the key distribution
`center, Time, enabling contact to be established.
`When the subscriber receives the supervisory signal,
`from the key distribution center 20, the programmed
`sequencing switch 30 selects the predetermined number
`of digits necessary to uniquely identify the caller, T3,
`for purposes of illustration we will assume five digits.
`from the permanent storage portion of the storage de-
`vice 29, and the same predetermined number of unique
`identifying digits from the telephone number of the
`called subscriber, T3, in the example being given five
`digits are selected, and routes these to the phone line
`37-37 via the clock 40, and through the modem 16 at
`a rate higher than the telephone switching network rate,
`this rate once again determined by the clock 40, via the
`established path 43-43 to the key distribution center 20
`where it is routed to the computer 21. A higher infor-
`mation transfer rate is utilized due to the fact that the
`computer 21 information acceptance rate is faster than
`that of the telephone switching network 42, and this
`
`5
`
`10
`
`20
`
`25
`
`30
`
`35
`
`45
`
`55
`
`65
`
`4,182,933
`
`6
`will minimize the time necessary to obtain the security
`parameters, which are the key-setting variables.
`The computer 21 looks up in its associated storage 22
`the unique key-setting variable of the caller, Us, and the
`working key-setting variable, of the party being called,
`for purposes of illustration designated Vx, from the
`identification contact variables it has received, Tu, and
`Tx. The computer 21 then feeds the caller’s unique
`key-setting variable, U1,
`into a high speed dynamic
`logic key generator 25, as the enciphering variable
`which will determine the key generated by the key
`generator 25. The computer 21 then draws a new work-
`ing key-setting variable for the caller, V13. from the
`random state generator 24, which may be any random
`source, and puts this quantity in its temporary storage
`47.
`
`At this point, the computer 21 will generate a parity
`word so that error correction, or parity checking, may
`be accomplished in order to maintain the integrity of the
`transmission. If there is sufficit faith in the integrity of
`the transmission with the equipment that is utilized, the
`error correction procedure may be eliminated.
`Several schemes may be utilized in order to accom-
`plish parity checking. In one such scheme the computer
`21 generates a parity word from the bit stream com-
`posed of the working key-setting variables of the called
`subscriber, Vx, and the reiteratively-replaced, working-
`key-setting variable, V13, of the caller, in order to pro-
`vide a subscriber check of the accuracy of the transmis-
`sion. This parity word is transmitted along with the
`information.
`
`The computer 21 then inserts the working key-setting
`variable of the called subscriber, Vx, the reiteratively—
`replaced. working-key-setting variable of the caller,
`V1.,, and the parity word into its associated key genera-
`tor 25 where it is enciphered in accordance with the
`unique key-setting variable of the caller subscriber, U1.
`The computer 21 then transmits this information from
`the key generator 25 at the high computer 21 informa-
`tion rate to the caller subscriber via the established path
`43-43.
`.
`After this information is sent from the computer 21,
`the enciphered stream is received by the caller sub-
`scriber through its modem 16, where this enciphered
`stream is immediately routed to the key generator 15
`and deciphered. In this instance, it is not necessary to
`first go through the programmed sequencing switch 3|],
`this being the only such instance in which programmed
`sequencing switch 30 is bypassed. After this information
`is deciphered, the key generator 15 sends this informa-
`tion to the programmed sequencing switch 3rlJ,.which
`then commences parity checking by routing the infor-
`mation to the parity check device 48, which could be
`any standard parity checking device.
`If the parity check results in a lack of parity condi-
`tion, then a signal is sent to the caller, indicating parity
`does not exist and he must initiate the call again; a signal
`is also sent to the key distribution center 20. Upon re-
`ceipt of the lack-of-parity signal by the key distribution
`center 20, the computer 21 clears the reiterative-work-
`ing-key-setting-variable replacement of the caller, V1,,
`from its temporary storage 4‘! location and goes off-line.
`The caller must then reinitiate the operation if he still
`desires to contact the called subscriber. Since parity did
`not exist, the working key-setting variable of the caller
`was not reiteratively replaced, as it was not-inserted into
`the computer associated storage device 22.
`
`
`
`PMC Exhibit 2097
`
`Apple v. PMC
`|PR2016-00755
`
`Page 6
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 6
`
`

`
`4,182,933
`
`7
`If the parity check results in an existence of parity
`condition, then a parity check signal indicating this is
`sent to the key distribution center 2|], and the reitera-
`tively-replaced, working-key-setting variable of the
`caller, V1::. is entered in the subscriber's storage device
`29 in place of the previous subscriber working key-sen
`ting variable V1; and the working key-setting variable
`of the called subscriber, Vx. is routed to the key genera-
`tor 15 in order to reset the key generator 15 to a new
`key in accordance with the working key-setting vari-
`able of the called subscriber, V,,, in place of the unique
`key-setting variable of the caller subscriber, U1.
`The parity check signal indicating an existence of
`parity condition that is transmitted to the key distribu-
`tion center 29, is routed to the computer 21, the com-
`puter 21 then entering the caller subscriber reiterative-
`working-itey-setting-variable-replacement, V1,,-,
`in its
`associated storage device 22 in place of the previous
`working key-setting variable of the caller subscriber,
`Vi, clears its temporary storage 47, and causes the key
`distribution center 20 to go off-line.
`After the caller subscriber enters the working key-
`setting variable of the called subscriber, V1. in its key
`generator 15, the programmed sequencing switch 30
`removes the telephone number of the called subscriber,
`T,,, from the temporary storage portion of its storage
`device 29, and routes this phone number, T3, to the
`phone line 37-37, via the clock 40, at the proper tele-
`phone switching network rate through its modem 16.
`If the called subscriber telephone is off-hook and a
`busy signal is received, or if no answer is received, or at
`any time when the caller subscriber hangs up by placing
`his telephone 11 on-hook, the working key-setting vari-
`able of the called subscriber, V5, is cleared from the key
`generator 15; the called subscriber's telephone number,
`T,,, is cleared from the storage device 29; and the sub-
`scriber module 10 reverts to the normal condition, in
`this case resetting the key generator 15 in accordance
`with the most recently obtained working key-setting
`variable associated with it, V1,.
`If the called subscriber answers, then a connection is
`established via a. path 51—5l, shown for illustrative
`purposes in FIG. 1 by hidden lines, and the secure com-
`munication enciphered by the key, generated in accor-
`dance with the called subscriber key-setting working
`variable, V,,, is received through the called subscriber’s
`modem 53, which is identical with the caller subscrib-
`er's modem 16, and routed to a digital-signal-rate detec-
`tor 54, which is a device which merely recognizes the
`transmission of a digital signal as opposed to an audio
`signal indicating the presence of cipher, the digital rate
`detector 54 being any standard bit rate detection means,
`such as a narrow filter at the frequency of the desired bit
`rate. The caller subscriber also transmits a cipher syn-
`chronizing stream in order to synchronize the key gen-
`erators 15, 55, which are identical structurally, although
`this structural identity is not necessary for the operation
`of this system.
`When the digital-signal-rate detector 54 of the called
`subscriber recognizes that it is cipher which is being
`transmitted, it passes this signal and routes it to the key
`generator 55 where it is deciphered and then, in turn,
`routed to the vocoder 56, and then to the associated
`telephone transceiver 57, whereby a secure commI.mica-
`tion is received.
`A secure conversation may then be carried on be-
`tween the subscribers, enciphered by the key derived in
`accordance with the working key-setting variable of the
`
`5
`
`25
`
`30
`
`35
`
`45
`
`50
`
`S5
`
`65
`
`called subscriber, V,,, a message proceeding from the
`telephone transceiver; through the vocoder; to the key
`generator, where it is enciphered; through the modem;
`through the general telephone switching network into
`the other party's modem; through his key generator,
`where it is deciphered; through this vocoder; to his
`telephone transceiver. After the call is completed, and
`the caller hangs up, as was previously stated, his module
`10 reverts to the normal condition, his key generator 15
`being reset in accordance with his most recently ob-
`tained working key-setting variable, V1,. There is no
`need for the key generator 55 of the called subscriber to
`be reset as it is already in its normal state, V3, when the
`called subscriber hangs up.
`If it is desired, reiterative replacement can be applied
`to the working key-setting variable of the called sub-
`scriber, as well as the caller subscriber, so that it would
`not be necessary for the called subscriber to initiate a
`telephone call to another subscriber in order to have his
`working key-setting variable, Vx, reiteratively replaced.
`A possible procedure for accomplishing this, when the
`above-described embodiment is utilized, is to have the
`programmed sequencing switch of the called sub-
`scriber, after he goes off-line, select the telephone num-
`ber of the key distribution center, Tgpc, from his stor-
`age device and route it to the telephone line, then to the
`key distribution center 20 thus establishing a connection
`path 6lJ—6lJ, shown for illustrative purposes in FIG. 1
`by hidden lines, and the same reiterative replacement
`operation as was previously described for the caller
`subscriber would occur, with the exception that, since
`another subscriber is not being called, the computer 21
`will not receive any called subscriber telephone num-
`ber, T,,, but rather will recve a stream of zeros in its
`place, since this position has been cleared from the
`storage device of the subscriber.
`Upon receipt of this stream of zeros in place of Tx,
`the computer 21 will know that it is reiteratively replac-
`ing the called subscriber’s working key-setting variable
`Vx. When parity exists and the key distribution center
`20 goes off-line,
`the reiterative replacement of the
`working key setting variable, V,,, will be completed; the
`new reiterative replacement working key-setting vari-
`able, V,,,,, will have been inserted in the computer asso-
`ciated storage device 22 in place of the previous work-
`ing key-setting variable, V,,; and the key generator 55 of
`the called subscriber will have been reset in accordance
`with the new reiterat.ive-replacement-working-key-seb
`ting-variable, V”. The called subscriber will then also
`go off-line.
`ALTERNATE EMBODIMENT
`
`The operation of the system when the particular
`embodiment wherein the key-setting variable of the
`called subscriber is combined with an indicator variable
`to obtain the dynamic working variable is utilized will
`now be described. In this embodiment, the subscriber
`key generators 15, 55 are blank in the normal state, as
`was previously mentioned.
`The subscriber initiating the call, subscriber 1, does so
`in the same manner as in the previously described em-
`bodiment. The subsequent procedure for contacting the
`key distribution center 20, including selecting U: from
`the subscriber associated storage device 29 and routing
`it to the associated key generator 15, where it resets the
`key generator 15, is also accomplished in the same man-
`ner as for the previously described embodiment, with
`the exception that the key generator 15 is reset from its
`
`-
`
`-
`
`PMC Exhibit 209
`
`Apple v. PMC
`|PR2016-00755
`
`Page 7
`
`PMC Exhibit 2097
`Apple v. PMC
`IPR2016-00755
`Page 7
`
`

`
`4, 182,933
`
`10
`
`9
`normal blank state rather than the normal V1 state of the
`previous embodiment.
`The operation of the key distribution center 20 in this
`instance is similar to the operation previously described,
`with the exception of the selection of an indicator vari-
`able for the called subscriber and the derivation of the
`dynamic working variable of the called subscriber from
`the indicator variable and key-setting variable, this op-
`eration to be subsequently described.
`After the caller subscriber, subscriber L has transmit-
`ted the caller and called subscriber contact variables.
`T, and Tn‘, necessary to uniquely identify the subscrib-
`ers in the system, to the key distribution center 20, the
`computer 21 looks up in its associated storage 22 the
`unique key-setting variable of the caller, U1, and the
`key-setting variable of the party being called. V,., from
`the identification contact variables it has received, as in
`the previously described embodiment.
`The computer 21 then draws a new key-setting vari-
`able for the caller, V1,-,, and an indicator variable for the
`called subscriber, 1,