`Boone et al.
`
`[11]
`
`[45)
`
`4,352,952
`Oct. 5, 1982
`
`[54] DATA SECURITY MODULE
`Inventors: Charles A. Boone, Mesa; Robert F.
`[75]
`Pfeifer, Phoenix, both of Ariz.
`[73] Assignej!: Motorola Inc., Schaumburg, Ill.
`[21) Appl. No.: 126,808
`Mar. 3, 1980
`[22) Filed:
`
`Related U.S. Application Data
`[63) Continuation of Ser. No. 914,832, Jun. 12, 1978, aban-
`doned.
`Int. CJ.J ............................................... H04L 9/00
`[51)
`[52) U.S. Cl •.................................. 178/22.09; 364/200
`[58) Field of Search ............................ .. 178/22, 22.09;
`340/149 A, 149 R, 152 R; 364/200
`References Cited
`U.S. PATENT DOCUMENTS
`3,3 02,18Z 1/1967 Lynch et al ...................... 178/22.09
`3,956,615 5/1976 Anderson et al ................ 178/22.09
`4,120,030 10/1978 Johnstone ........................ 178/22.09
`4,168,396 9/1979 Best .................................. 178/22.09
`4,203,166 5/1980 Ehrsam et al. ................... 178/22.09
`
`[56)
`
`OTHER PUBLICATIONS
`"Hard Node-Hardened Protection for Computational
`
`Cryptography", Computation Planning, Inc., Bethesda,
`Md. 20014; 3/28/77.
`"System Implications of Information Privacy'', Peter(cid:173)
`sen et al., Spring Joint Computer Conference 1967, pp.
`291-300.
`in a Multi-Programmed
`"Security Considerations
`Computer System", Peters, Spring Joint Computer Con(cid:173)
`ference 1967, pp. 283-286.
`"Some Cryptographic Techniques for Machine to Ma(cid:173)
`chine Data Communications", Feistel, Proceedings of the
`IEEE, vol. 63, No. 11, Nov. 1975, pp. 1545-1554.
`Primary Examiner-Howard A. Birmiel
`Attorney, Agent, or Firm-M. David Shapiro; Eugene A.
`Parsons
`
`ABSTRACT
`[57]
`A data security module for encrypting and decrypting
`computer data contains, in addition to the encryption
`logic, interface logic to allow direct memory access to
`a computer. The security module sits as a computer
`peripheral device and after being instructed as to the
`location and quantity of data by the computer, accesses
`the data directly from the computer memory without
`disturbing the processor to provide parallel encryption
`or decryption of computer memory data.
`
`1 Claim, 13 DrawinK FiKUres
`
`84l __ o_s_M_
`
`11
`
`UNIBUS
`
`1 M~~~y r 82
`
`11
`
`c76
`
`78
`
`CENTRAL
`PROCESSOR
`
`PROCESSOR
`MEMORY
`
`80
`
`IPR2017-00430
`UNIFIED EX1008
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 1 of 10
`
`4,352,952
`
`58.
`
`60
`
`62
`
`DES
`ALGORITHM
`
`RAM
`BUFFER
`
`7'2
`
`74
`
`RAM
`BUFFER
`
`DES
`ALGORITHM
`
`56
`
`PRIOR ART
`
`64
`
`Jf :zz::9.I B
`
`68
`
`PRIOR ARr
`
`84 1 DSM
`II
`
`....---- 82
`
`c76
`
`1.:~vr
`II
`
`UNIBUS
`
`Ji=::q.2
`
`CENTRAL
`PROCESSOR
`
`PROCESSOR 80
`MEMORY
`
`<E ... q.4
`
`FIG.4A
`
`FIG.48 FIG.4C
`
`FIG.40
`
`FIG.4E
`
`FIG.4F FIG.46
`
`FIG.4H
`
`
`
`v76
`
`86
`
`92
`
`\
`
`159--1" c~~~-K 102 ~ M~s:~o ~158
`
`01
`
`17
`
`88
`
`104
`
`t
`
`UN I BUS
`SELECT BAR
`ADDRESS
`ADDRESS
`SEL I OR
`17
`90 DECODER
`BUFFER
`96
`~-;-~:=::::-=-:-:-:~~~98~~~1~6'----/46
`/OO
`OMA ADDRESS LINES
`
`.,_......_.:-:=.J.:.......i DATA BUS
`BUFFER
`
`16
`
`106
`INTERNAL
`DATA BUS
`
`148
`Cl
`
`15
`
`BUS
`ADDRESS
`REG I STER
`(BAR)
`
`94
`
`162
`160
`
`DEV I CE
`SELECT
`
`148
`152
`ENCRYPT OR
`DECRYPT FINISH
`CLOCK BAR
`BAR DOWN
`,;3NTROL 166
`
`sr/37
`
`;
`
`154
`112
`
`L.--o
`
`.....
`"'"
`
`~
`
`-..
`
`INPUT/
`OUTPUT
`REG.
`(IOR)
`
`108
`
`VMA
`ADDRESS
`3
`164
`180
`
`I
`
`I
`
`I
`
`I
`l.../94
`Sj,
`11~l,
`
`178
`
`J
`
`128X8
`SCRATCH PAD
`RAM
`
`4J.-ai
`
`192
`
`176
`
`PROGRAM
`ROM
`2k X 8
`
`5
`
`11
`I
`
`,,
`7
`172
`
`i)68
`
`...
`
`DATA
`
`t s SECURITY
`
`DEVICE
`(OSD)
`
`c
`170
`
`~
`CD
`Cf)
`(/)
`
`ILi a:
`0
`0 ex
`
`c .
`Cl'.l .
`
`~
`~
`~
`
`(I) = ~
`
`0
`0
`~
`VI
`
`~ -\0
`
`00
`N
`
`en
`::T
`~
`~ ......
`N
`0 _,
`......
`0
`
`~ .. (>)
`..
`
`Vl
`N
`\C
`Vl
`N
`
`Cf)
`::::>
`CD -z
`::::>
`cl
`Cl.~·
`_
`1·
`Cl. 114
`
`I
`
`DSD KEY PARITY ERROR
`ENCRYPT OR 152
`DECRYPT Fl NISH
`
`CI
`
`SLAVE SYNC
`148 TIME OUT/18
`OMA DONE
`
`UN I BUS CONTROL
`LOGIC (OMA+ I/O)
`
`SET OMA
`
`SLAVE 126
`C~~R 128
`
`TO BUS
`BUSY
`
`.1.._
`
`ENABLE
`VECTOR
`
`4
`
`13,
`r /
`122
`
`lTERRUPT
`CONTROL
`LOGIC
`
`14
`14
`
`124
`
`.Jf" .:::zz::q.3
`
`CSR
`STATUS
`REG.
`
`SCL
`CSR
`,
`5,
`
`I
`
`152
`ENCRYPT OR
`~ CSR
`DECRYPT FINISH
`.,
`CONTROL
`~ ~,
`/26 144
`7
`. R~ •
`.,
`110
`- - - - - - ,
`rl38
`142
`INTERRUPT L-134
`VECTOR _..
`
`136
`vt4o
`156\
`
`LOGIC
`- - - - . / 130
`~ .....
`
`ADDRESS r j~
`
`132
`SET
`CIPt£R
`
`INTERRUPT
`FINISHED
`
`DECODER
`
`150
`c/52
`
`DSD KEY PARITY ERROR
`CLOCK BAR
`BAR DOWN CONTROL
`ENCRYPT OR DECRYPT FINISH
`
`
`
`U.S. Patent Oct. s, 1982
`
`Sheet 3 of 10
`
`4,352,952
`
`I
`I
`
`A ISL
`Al5L
`Al4L
`
`+svo 1 1 1 1 1 1 1 1
`T T T T T T T T
`"92
`"'\ '---- --'-·-----1
`:+:
`-
`L
`-
`
`I
`
`UNBUS ADDRESS- ~86 .If :::rr:q.4A
`/06r
`BUFFER
`1 >
`+sv-- 16
`13
`\
`Al7L
`15
`10 / I
`I :
`12
`6
`4 200A 3 1-.:.106 ~
`--,
`I -
`5 - - - - - - - - - - - - - - -11 - - - - - - - -++ -+ - .
`I
`:::~ - 9
`2 1 - - - - - - - - - - - -___ , f - - - - - - - -+++ i
`14 n
`... 7
`
`--- 8
`
`111
`=
`
`ADDRESS DECODER
`
`--
`
`+sv---1s
`15
`Al3L
`
`13
`10 - - - - .-----r--o_---z_196
`
`::~~--+-! ~ 2008 : ==~-=--:.. ~ ~==-=~/198
`l~ ~D
`;90 l~---=1
`14 1----/.--9-..,.0-6-4 L'_ -+-J
`1'...... I
`o--
`11 ____ ,__ _____ ...,..__
`200
`
`AIOL
`
`I - - 5
`-- - 9
`2
`--~
`.... 7
`._,_ 8
`
`88
`
`""-"'"
`
`+sv--- 1s
`A9L
`15
`12
`ASL
`
`LJ".,.
`
`I
`
`4 200C:
`
`A7L
`
`A6L
`
`:::~ - ~
`
`13 ...J . - - - - - - - - - - - - - - - - - - - - - .
`I
`r.;:---~202
`10 _JI
`--
`II
`0-:-J
`6
`I
`I "°V~== o3:: 204
`I ?90 ~ Ff==--=~ ~I
`I
`l v- I -
`~
`I
`I >90 1'- ~==--t'206 I
`I
`I
`____ ......
`
`2
`7
`4
`1
`'1
`.....
`,_._ 8
`--- ____ __....
`13 w[J
`+sv--+-1 1s
`-
`15
`10 ~ -
`·:i...210
`ASL
`-
`6 ..-.~ .... ~----,..-Q-
`o- __. 212
`A4L
`12
`--,
`.. ,...__~I ~:fn-
`A3L
`4
`3 t - - - - - '
`14 --r . ..____.
`I 200D 5 - - - - - ~
`~-- __ .J U
`1 MSY
`__..--.......-:-----1 I
`... 9
`2 ,_____,,~
`I
`)90
`o--
`I
`114:~
`...:..-1 _ _J =
`.... 1 ·
`I
`214 ---+-+--+-f~ +sv
`...... ~ 8
`..-
`IP...
`,
`6 - - - - - - - - - ~ f o.........j-~-'
` +s~~ .. ~ 16
`Y>~--+-~-
`A2L+i1/~ ..... 15
`= 98\.
`--
`13 1--------.
`1
`_["H- ><: 1 16 6 _
`I Al L-o...t--t-t 12
`10 11-----..
`I
`=
`CIL""T-+-+-1 4
`206A
`14 - - -
`2
`3 5 ~
`1 NI ...+-+--+-1 I
`00E 11 ------.
`I
`....____._ _______ ___,i--+ ___ 2 4 ~ I
`rL//
`114 - ~ ... s
`s
`I
`~ -11_-
`...... : ~
`-· ---~-------- --- ~
`.. _:- __ , *
`...:::::---=--=--=--=--=--=--=--=-__:t:-t~-=--=-_:::::::-~-'
`L
`
`I -
`0--
`~--J..!208
`
`-
`
`-
`
`I
`I
`L
`
`98-
`
`11
`
`(
`
`r\90
`
`I NL )
`
`1
`
`II
`
`1
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 4 of 10
`
`4,352,952
`
`r - - - - - - - - - ,
`DATA BUS BUFFERS
`I
`104
`
`_J~~----;_J_J~---~~_J--1
`_J _J _J _J
`- Pl iovro N
`I
`1ot~~§ __ 8.Jo2 10(888~102 10z88g§
`1
`-
`000 vo2
`-
`re-
`11'-'-
`
`.
`I
`I
`I
`.I
`I
`16 15 12 4 I 7 9 8
`2128
`~ - -
`13 14 10 II 6 5 3 2
`._ ._
`L-.
`L...
`
`"'
`
`16 15 12 4 I 7 9 8
`212A
`
`=
`
`T
`
`I
`
`-
`
`- - - -
`
`-
`
`- - - -
`
`-I
`
`-I
`
`I
`I
`
`I
`
`.
`I
`I
`I
`I
`16 15 12 4 I 7 9 8
`
`T
`
`T
`
`y
`I
`I
`I
`I
`1615124 1798
`~
`13 14 10 II 6 5 3 2
`._
`L-.
`L...
`L...
`
`I
`~ I
`13 1410 II 6 5 3 2 I
`._ L.. L-
`.__
`- - -- - - -
`i
`I
`I
`I
`
`':.'.4 '~" "._5 :._2
`210D I
`l -
`6
`2
`16 ....
`10 --
`3
`
`I
`5 --NC
`9 ~Ne
`-4 13 --NC
`
`5
`
`I NC- 7
`I -
`I ...-- II
`l -a 14
`I
`
`210C
`7
`13 i---
`16 i-NC
`6
`2
`3
`5
`II
`4
`8
`
`9 ----
`
`10
`I
`15
`
`'-NC
`
`14
`
`I
`
`I
`
`-NC
`
`9 -
`
`10
`I
`15
`
`2108
`13 ...
`7
`16 ----
`6
`2
`3
`5
`II
`4
`8
`
`~NC
`
`14
`
`I
`I
`t
`
`I
`I
`I
`l
`
`I
`I
`I
`
`I
`I
`I
`
`-
`
`-=.:-
`
`L 210A u
`~ 7
`13
`I
`9 -
`6 16-
`- 2
`I ~ L>--1>-
`- 3
`146
`I
`-
`- ~ f;4../
`L
`---. BUS ADDRESS REGISTER
`5
`r 4
`II
`.....
`L_ ________ ri
`14 ___ _J
`
`' - -
`
`10
`I
`15
`
`8
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 5 of 10
`
`4,352,952
`
`Jt' ::::zr:q. 4c
`
`I
`
`108
`
`--
`
`,---<l--1
`I
`!;;;PUT/OUTPUT REGISTER (I~
`I
`----4--,
`I
`~ A I\
`ln~lri
`----------+-~1!14~6 ~ CtC1
`I
`I
`_JI
`II 13-~--
`I
`------,i...:__ _______ _..-i--1: I!------~
`I
` _:_~_....-+.+-+-+--___...++++---~ ~ ~
`r__ ..... 1-1-&---_............._---a- Io
`I
`~12 I
`~1
`-I i...+-+--t--
`
`.__--a~ 11
`
`14 -
`
`16813 --t----'
`
`+5V
`
`' -
`-
`
`7
`15
`
`3 1---++ll---
`10 ---......
`
`-r
`
`214C
`--------------+-+---t 14
`16
`----------------H----111 13 ........... +++--
`- - - - - - - - - - - - - - -++ - - -15 12 !-+++-++---.
`- - - - - - - - - - - - - -+ -+ - - -12 4 - - -
`-1 3 1-1-++++.
`-15 10 -
`-
`
`--
`
`-
`
`f_:_~_=-
`
`1
`
`--
`
`- - - - - - - - - - - -14 16 -
`I
`--+-----------+-+-~II 13t---+--lf++-++++....++--------+++-++-
`I
`I
`--+-------------t-t---15 121---1-1 ......... 1-++~+---------....---
`--+-----'1'----------H-~ 2
`4 1---+--l+++~-+<i----~1 -+-l--+-+-+-
`I
`~ 7
`3 i---+--+++++-+----4-1,__ ___ --+-+-++-+-
`... ,__ 15 10-~
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 6 of IO
`
`4,352,952
`
`+5V ....... _
`--
`.......
`2
`""A 4
`6
`NNNC\I
`
`"v"v"T
`
`YVY-
`
`l CD,...CDcn~-C\lrt>IOvrt>C\I
`
`v51
`rt>rtlrt>NC\IC\INIOrt'>
`
`6800
`MICROPROCESSOR
`
`158
`
`39 I-
`21
`....
`
`I
`0
`Nrt">V !!! !e ~ 22 !!?
`,...CD
`rt>rt">rt">cn-=---
`L!::-~ _J
`,. - '="- -1-1- .,
`I ~I +5V<J L
`il
`I
`I
`j
`
`"""
`
`-;;:-
`
`I
`
`-
`
`"
`
`I
`
`.... 9 6 - I-<
`11-
`4 I
`
`...
`
`194
`~
`,,..·~::::.194
`'--,_.~
`
`- ,,..
`
`~
`
`...
`
`Or" '°18 51
`RAM-!.--... I c 190A 3 I
`
`~
`-
`
`192.\:::.
`~
`
`l'I
`
`j92
`~
`
`164~
`
`-
`
`I
`
`NC
`
`, +5V
`
`~BUFFER
`-=
`,...._
`v/62Ar
`
`5 4
`I 6 16
`3 2
`DEV ICE SELECT
`,7 6 10 II 12 13 14 15
`,
`
`(
`
`I r I
`160 NC
`174'-
`
`.-- 172--
`
`-==-
`180
`,__. 188
`...._ ~ 184
`
`I
`
`I
`I
`I
`I
`I
`I
`
`:::
`+5V
`
`"A
`v""
`
`r J
`--
`
`I
`I
`-f
`
`159
`
`vVv
`
`VY V
`
`a
`
`A
`
`I
`
`15
`13
`
`+5V
`
`r
`
`r - - - - -
`I
`CLOCK GEN.
`I
`~o: ......
`...
`I
`I
`vVv q I
`- )
`j 0 +5v
`I
`I '>
`'>
`'>
`2
`?
`~ .__ 6
`16 -~ I
`I
`10
`I
`IP 5
`12
`J
`159 ~ =! I
`1 ~
`L ___ ::....j
`I
`
`:E .::rr: ~· 4o
`
`2 I
`- -
`I I
`- .... 12
`11 I
`16 I
`13
`14 9 15 I
`I
`.J...
`, ..... 19~~--
`+5V
`
`II
`
`- t
`5 -
`6 -
`7 -
`
`18
`
`10
`8
`
`4
`1908
`-3
`2
`II
`I
`12 17
`13 16
`14915
`~
`190
`
`-
`+5V i
`-
`-
`10 18 5
`6 _,..
`- 8
`7 - ~
`
`4
`190C
`-3
`
`1-- -
`-
`
`I-
`
`2
`11
`I
`17
`12
`13 16
`14915
`~
`
`I
`
`
`
`U.S. Patent Oct. 5, 1982
`
`,-
`
`1
`
`Sheet 7 of 10
`
`4,352,952
`
`I
`I
`I
`I
`I +5V'"t++=====1===+==~~~--~~-r-tt-~~~-r-i--r---.
`I i
`
`16
`15
`12
`4
`I
`9
`
`200F
`
`14
`II
`5
`3
`2
`13
`6
`
`BB5YL
`SAC KL
`
`1
`
`1
`
`SSYNL
`
`8
`
`IN
`
`OUT
`
`I NPRL
`I ";
`I
`-
`I + 5V<>-----~-
`I NPG ____ ~
`i
`I NPG
`I
`I
`I INTR
`I
`fBR7---<>-i +5V
`BUSS BRS~
`REQ. BR5~
`I BR4~
`
`NC
`
`126
`
`127
`
`14
`16
`10
`15
`12
`5
`13
`4
`91 200G 161
`
`NC
`
`%~
`
`~
`
`13
`10
`5
`
`:
`
`16
`15
`12
`
`II
`4 200H
`I - - 14
`
`~
`
`=
`
`8
`
`3
`
`NC
`
`2020
`
`4
`2 5
`14
`3 6
`I
`
`+5V
`
`l-
`
`202F
`
`10
`12 9
`
`10
`12 9
`
`NC
`
`202£
`
`I
`-------ti--- I
`I
`I
`I
`I
`
`BG BG6----<>-i
`\ 1N BG5-4 I
`
`I ~BG7----<>-r
`
`I BG BGS~ .._ 22;
`INTERRUPT CONTROL LOGIC 124
`, - - - - - - - - - - _J
`I ~--o-1 _JI
`'1? .::rr=q. 4£
`
`IOUT BG54
`
`122 - - -
`
`
`
`U.S. Patent Oct. s, 1982
`
`Sheet 8 of 10
`
`4,352,952
`
`I
`I
`
`I
`
`-
`
`-
`
`16
`
`14
`
`6
`
`12 9
`2088
`
`7
`
`4
`
`5
`
`2
`
`1csR STATUS
`REGISTER llQ
`
`3
`
`II
`
`13
`
`10
`
`I
`
`15
`I
`
`I
`
`i_
`
`1202i1 ....
`10
`-,2 9~
`
`l
`4 5>-
`-
`-
`
`5
`
`-2
`
`4
`- 2 5- ~
`
`_ 3 s _
`I I
`' "202M
`
`1 : - - - - - - -
`-,
`I +5V ±
`~~I I
`I
`I
`I
`J I
`I
`n
`I
`I
`I __ ____.
`I
`
`I
`-
`I
`r -202L
`T
`L ______
`
`II 8
`13 ~
`
`- 3, s
`
`I-
`
`138)
`
`INTERRUPT VECTORS
`134
`
`208A
`)
`
`,/
`
`5 -(212C-12)
`
`15
`14
`
`)
`
`)
`
`2
`I
`-
`4
`I
`-
`6
`I
`) 0 - - - 10
`I
`12
`
`)
`
`-(212C- I)
`
`-(2120-15)
`
`9
`II
`
`16
`
`I - - - -----;;i
`... /44
`I
`I
`I
`137 I
`I
`- I
`,, )-C)-c2--
`' 3 -(212C-15) I
`I
`~ +5V
`7 -(212C- 4) I r
`I
`I
`I
`I
`I
`I I
`13 -(2120-12) I
`- 3 6 -
`l
`I )
`8 n___: ::: +5V I
`, I
`I L ~ _J t
`I
`I 202H
`...:.....
`!
`I
`216 L 12
`I
`I
`I
`I
`111 8 --NC
`I
`I
`I
`L - - - - - - -
`
`142
`
`---
`
`4
`
`9
`~v202I
`
`13
`u
`LNC
`
`I
`I
`
`.ff .:::zc 9 4JF
`
`"
`
`14 4
`- 2 5 -
`
`4
`
`n
`- 2 5 -
`- 3 6
`
`, I
`
`20/Kl
`
`~
`
`....__
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 9 of 10
`
`4,352,952
`
`-~
`-
`
`I
`
`I
`
`I
`
`OE :zr:::: q.4 G
`
`I
`I
`
`I
`I
`
`t5V
`)
`
`-
`
`216A
`
`2168
`
`... 12 10 1--
`
`--- 13 15 ,_
`ri
`=
`Lf~K9114p- 9, 11
`-
`....,r-
`r
`
`2160
`
`- 4 2 .....
`
`216C
`- 5 7 -
`9 61)- r9 3~
`r T
`
`p-
`
`I
`
`I
`
`CSR CONTROL REG I STER
`110
`
`120)
`
`•
`!
`
`1 ~02N
`10'
`-12 9 -
`
`<l-
`
`,...-(
`-
`
`I
`
`152)
`
`±
`
`- II 8 ,_
`
`13
`~ ••
`'>
`
`+5V
`
`r
`
`,>
`,•
`,>
`
`>
`,>
`
`,>
`••
`>
`
`,>
`,>
`,>
`
`••
`l
`,>
`
`l...- ·-- - ( /56 - - - .._. -
`
`1541
`
`150")
`
`-
`
`I
`
`--->--
`---
`
`-----f I
`I
`
`'132
`
`I
`
`l[I
`,,...
`- 15
`-
`
`I
`13
`7
`II
`
`9
`
`5
`3
`
`+5V
`I
`
`I
`t 208C
`-- 15 16' II
`(I
`-- I
`
`2
`4
`
`6
`10
`12
`
`5
`
`7
`9
`3
`
`)
`
`16
`
`I
`-I
`I
`I
`I
`I
`I
`14 8~
`- -----i
`).._,
`-
`I
`_______,./ r---<J-
`.... -
`~
`ADDRESS
`DECODER
`I
`+5v
`1
`130 I
`,,_
`I
`
`14
`12
`10
`6
`4
`2
`
`8 -i
`I
`I L-----~
`
`
`
`U.S. Patent Oct. 5, 1982
`
`Sheet 10 of 10
`
`4,352,952
`
`~~+5~
`10 18 5 -
`-
`6 -
`- 8
`1 -
`-
`-
`-
`-
`
`4
`3
`2
`I
`II
`17
`12
`16
`13
`15
`14
`/ 9
`1900 ...
`
`+5V
`
`--- _J
`11
`- 9
`-
`
`24 16
`17
`- 13
`18
`19
`8
`7 20
`21 -
`6
`5 22 -
`4 23 -
`3
`12
`14
`2
`15
`II
`10
`)
`
`I
`I
`
`I
`l
`6 10 - I
`II - I
`I
`I
`I
`I
`L
`
`-
`+5Vii
`
`14
`9 -
`2
`24 1
`22 8
`16
`21
`20 12 -
`19 3 -
`4
`18
`17
`5
`oso.J '15 13
`170 . .
`RAM
`~+5V
`BUFFER
`
`ri
`I 1[4
`- 21
`20
`8 -
`-
`24 7
`~ 17 6
`
`16
`5
`4
`r 15
`3
`14
`2 -
`13
`I -
`II
`10 23 -
`9 22
`
`ROM
`
`191812
`~
`
`SCRATCH
`
`PAO 178 r
`
`I
`
`JI: :::rz::q. 4H
`
`
`
`1
`
`DATA SECURITY MODULE
`
`4,352,952
`
`This is a continuation of application Ser. No. 914,832,
`filed June 12, 1978, now abandoned.
`
`10
`
`BACKGROUND OF THE INVENTION
`This invention relates to data security systems, and
`more particularly, to data security systems interfacing
`with computers.
`The encryption of digital data has been widely recog(cid:173)
`nized as a need in the computer industry in order to
`protect data which is transmitted over unsecure data
`transmission paths. A standard data encryption algo-
`rithm has been proposed by the National Bureau of 1
`5
`Standards as described in the Federal Information Pro(cid:173)
`cessing Standard Publication 46 and available through
`the National Technical Information Service.
`Various systems have been used in the past to imple- 20
`ment this or similar algorithms. The principle methods
`being either software implementation of the algorithm
`which utilizes the central processor of the computer, or
`a serial encryption device which encrypts or decrypts
`data either just before it enters the computer or just 25
`after it exits from the computer. However these systems
`have several undesirable effects in that they reduce the
`data transfer time in the case of the serial devices and tie
`up the central processor in the case of the software
`implementation. Moreover the software implementa- 30
`tion is relatively time consuming.
`Therefore it can be appreciated that a data encryption
`system which does not interfere with the direct flow of
`data and does not tie up the central processor for an
`extended period of time is highly desirable.
`
`2
`DESCRIPTION OF THE PREFERRED
`EMBODIMENT
`Now referring to FIG. 1, the cipher feedback (CFB)
`5 encryption and decryption data flow is shown for refer(cid:173)
`ence to provide a better understanding of the function
`performed by the data security module. FIG. la shows
`a CFB encipher data flow wherein plain text data enters
`on line 50, and is combined with the key text appearing
`on line 52 at an exclusive OR gate 54. The output on line
`56 is a ciphered text data. The key on line 52 is gener-
`ated using the National Bureau of Standards Data En(cid:173)
`cryption Standard (DES) algorithm embodied in block
`58. The DES algorithm utilizes a key of64 bits of which
`56 are actually used, the other eight bits are used for
`parity, and 64 bits of input data are stored in a RAM
`buffer 62. The 64 bits of input data are transferred into
`the DES algorithm 58 on a data line 60 from RAM
`buffer 62.
`In FIG. lb the ciphered text is deciphered. The ci(cid:173)
`phered text appears at line 64 and is exclusive ORed
`with the key test on line 66 by exclusive OR gate 68 to
`produce a plain text output on line 70. The key used by
`the DES algorithm device 72 must be identical to the
`key used in DES algorithm device 58 of FIG. la. Also
`the RAM buffer 74 of FIG. lb is identical to RAM
`buffer 62 of FIG. la. Thus the encipher and decipher
`flow diagrams of FIG. la and FIG. lb are essentially
`mirror images of each other. Information on cipher
`feedback can be found in Federal Standard 1026, writ(cid:173)
`ten by the Federal Telecommunications Standards
`Committee and available from the General Services
`Administration, Building 197, Washington, D.C.
`A typical memory block diagram of a computer in-
`35 corporating the data security module is shown in FIG.
`2. In a preferred embodiment of the invention the data
`security module is used in conjunction with a PDP-11
`computer and connects directly to the Unibus of the
`PDP-11. PDP 11 and Unibus are trade marks of Digital
`Equipment Corporation. In FIG. 2 the Unibus 76 has
`the main computer elements connected to it. Among
`these elements is a central processor 78, a processor
`memory 80 generally used for holding instructions for
`the memory, and a data memory 82 for holding general
`computer data. Added to the Unibus is a data security
`module shown as block 84. As is well known by those
`skilled in the art the PDP- I I and the Unibus concept
`allows peripheral devices (under a priority structure) to
`operate in a direct memory access mode wherein a
`peripheral may take control of the Unibus and talk
`directly with any other device situated on the Unibus
`and thus allow direct contact between devices on the
`Unibus. Thus the Unibus is time shared allowing several
`parallel operations to occur in the peripheral element at
`the same time and each gaining control and use of the
`Unibus as necessary.
`FIG. 3 is a block diagram of the data security module
`84 of FIG. 2. The major interconnections between each
`of the blocks is shown in FIG. 4, but some connections
`60 considered to be less important and obvious are not
`included in order to simplify the drawing. Connected to
`the Unibus 76 is a Unibus address buffer 86 by seventeen
`address lines 88. Seventeen address lines out of the
`address buffer 86 are shown as line 90 and enter an
`address decoder 92 which provides three single output
`lines, a select BAR line 94, a select IOR line 96 and a
`select CSR line 98. Sixteen address lines, shown as line
`100, in turn enter the address buffer 86. Also connected
`
`40
`
`SUMMARY OF THE INVENTION
`Therefore it is an object of this invention to provide
`a data encryption module which encrypts data in a
`parallel rather than serial flow.
`It is also an object of this invention to provide a data
`encryption module which operates with minimum cen(cid:173)
`tral processor attention.
`it is still another object of this invention to provide a
`data security module which operates in a peripheral slot 45
`of a standard computer.
`It is an object of this invention to provide a data
`security module which is capable of direct access to the
`memory of a computer.
`An illustrated embodiment of the invention provides
`a data security module for use as a computer peripheral
`which comprises circuitry for encrypting and decrypt(cid:173)
`ing data words in response to a computer command,
`and computer interaction means for accessing directly 55
`memory words of a computer for encrypting and de(cid:173)
`crypting data in a memory of said computer while per(cid:173)
`mitting a central processor of said computer to perform
`other functions.
`
`50
`
`BRIEF DESCRIPTION OF THE ORA WINGS
`FIGS. la and b are a block diagram of cipher feed(cid:173)
`back (CFB) data flow.
`FIG. 2 is a block diagram of a computer with a data
`security module in place.
`FIG. 3 is a block diagram of a data security module.
`FIGS. 4 and 4a-4h are a detailed schematic of the
`data security module.
`
`65
`
`
`
`4,352,952
`
`10
`
`04 D3 02 D1 DO (Go Bit)
`0
`0
`0
`0
`I
`
`4
`into and out of the microprocessor from and to the
`scratch pad RAM I78, from and to the RAM buffer
`I90, from the program ROM I74, from and to the data
`security device 170, and from the CSR control register
`5 110. Sixteen address lines, shown as line I94, provide
`address data to the scratch pad RAM I78, the RAM
`buffer 190, the program ROM I74, the data security
`device 170, CSR control register 110, and the address
`decoder I30.
`In use and in operation of the data security module,
`the PDP-11 computer must be first modified slightly by
`cutting the non-processed grant (NPG) line near the
`peripheral slot where the DSM is to be inserted. The
`cuttings are then in turn connected to pins CAI and
`15 CBI of the peripheral connector. This allows the data
`security module to utilize the non-process grant feature
`of the PDP-11. After this modification the board is
`slipped into the small peripheral controller (SPU) slot
`and normal computer operations can commence. The
`DSM has three registers for use in communicating with
`the PDP-11. The bus address register I46 keeps track of
`the address location of the data in the PDP-11 memory
`to be encrypted or decrypted. The IOR register 108 is
`used to hold data which is transferred between the
`25 PDP-11 and the encryption circuitry of the DSM. The
`control status registers CSR comprise a set of registers
`112 and control register 110 and are used to signal con(cid:173)
`trol functions to the DSM by the PDP-11 and also to
`indicate the status of the DSM back to the PDP-11.
`When the computer wishes to perform an encryption
`or decryption function, the processor first divides the
`data into 1 K by 16 bit blocks, and sets up memory
`locations for initial fill and major key. These locations
`may be used by the computer after the data has been
`35 loaded into the DSM. Note that the bus address register
`146 and the input/output register (IOR) I08 and the
`CSR status register 112 each have a unique address
`which is selectable on the DSM board by wired jumpers
`and which will be described in connection with the
`40 detailed schematic of FIG. 4. The PDP-11 then using
`standard master slave techniques loads the address of
`the major key into the bus address register 146. The
`computer then loads bits 0 through 4 into the CSR
`45 status register 112 which tells the DSM the function to
`be performed. The functions available to the computer
`are shown in the table below:
`
`3
`to the Unibus 76 are sixteen data lines 102 which are in
`turn connected to a data bus buffer 104. Sixteen bidirec(cid:173)
`tional lines shown as line 106 couple the data bus buffer
`to an input/output register 108. Five of the lines of bus
`106 are inputs to a CSR control register 110, four of the
`data lines carrying data to the data bus buffer 104 come
`from a CSR status register 112 and 15 of the lines 106
`are inputs to the BAR. Six lines, shown as line 114,
`connect the Unibus 76 to a Unibus control logic 116.
`The Unibus control logic 116, which performs DMA
`transfers, is in turn connected to the CSR status register
`112 by line 118 which is a slave sync time-out line. Line
`120 also connects the Unibus control logic 116 to the
`CSR control register 110. 13 lines, shown as line 122,
`couple the Unibus 76 to an interrupt control logic 124.
`The interrupt control logic 124 is connected to the
`Unibus control logic 116 by data lines 126 and 128. The
`interrupt control logic 124 is also connected to an ad(cid:173)
`dress decoder 130 by line 132, the set interrupt DMA
`finished or error line, and to an interrupt vector logic 20
`134 by an enable vector line 136. The interrupt vector
`logic 134 has four output lines shown as line 137 which
`connect directly with the Unibus data lines. The CSR
`control register 110 is also connected to the interrupt
`control logic 134 by line 138 and is also connected to
`the interrupt control logic 124 by line 140. The CSR
`status register 112 is connected to the interrupt vector
`logic 134 by line 142, and is connected to the interrupt
`control logic 124 by line 144. A bus address register 146
`is connected to the address decoder 92 through the JO
`select BAR line 94 and also to the Unibus address buffer
`86 by the DMA address lines 100. The bus address
`register 146 is also connected to the Unibus control
`logic 116 by the Dl line (broken for clarity and conve(cid:173)
`nience) 148. The bus address register 146 is connected
`to the address decoder 130 by the clock BAR line 149
`(broken for clarity) and a BAR down control line 150
`(broken for clarity), and the encrypt or decrypt finish
`line 152 (again broken for clarity). Encrypt or decrypt
`finish line 152 is also connected to the CSR status regis(cid:173)
`ter 112 and to the CSR control register 110. A DSD key
`parity error appears at line 154 and connects the address
`decoder 130 to the CSR status register 112. A set DMA
`line 156 connects address decoder 130 to the Unibus
`control logic 116.
`All of the logic circuits and interconnections de(cid:173)
`scribed so far with regard to FIG. 3 are involved essen(cid:173)
`tially with communicating with the PDP-I I Unibus.
`The rest of the circuits to be described below are pri(cid:173)
`CONTROL FUNCTIONS
`marily concerned with providing the data encryption 50 Transfer Major Key
`standard algorithm function.
`to Active Key Reg.
`The heart of the data security module is a Motorola
`Load Major Key
`6800 microprocessor 158 which is driven by clock gen-
`Load Secondary Key
`Load Initial Fill
`erator 159 and in turn provides control and data trans-
`•Encrypt w/Initial Fill
`fers, and the exclusive OR function 54 and 68 of FIG. 1. 55 Decrypt w/o Initial
`Connected to the 6800 microprocessor 158 is a device
`Fill
`selector 160 which is connected to the microprocessor
`0
`Decrypt w/lnitial Fill
`I
`by VMA line 162 and three address lines shown as line
`~?i~rypt w/o Initial
`o o
`o
`164. Six lines going out from the device select 160 con-
`Encrypt Secondary Key
`nect in turn to the CSR control register 110 via line 166, 60 :;:D::ec::'.;.,YP!:.:t...:S::e::co:::n=da::r.::..y..:K::e.::..y __ _..: _ _..:o __ o.;.._-::1-:--:--:----:--:
`to the address decoder 130 via line 168, to a data secu-
`•Will be used after the first block of data, if more than one block is to be encrypted
`rity device 170 via line 172, to a program ROM 174 via
`or decrypted.
`line 176, to a scratch pad RAM 178 via line 180, and two
`lines 182 and 184 connect to the RAM storage 190. Line
`I82 addresses the upper section of RAM storage 190, 65
`and line 184 addresses the lower section of RAM stor(cid:173)
`age 190. Also connected to the microprocessor 180 are
`eight data lines, shown as line I92, which couple data
`
`0
`I
`I
`0
`0
`
`I
`0
`I
`0
`I
`
`0
`0
`0
`I
`I
`
`0
`0
`0
`0
`0
`
`0
`0
`
`The Do bit is a go bit which tells the DSM to perform
`the function set in the status register. At this point mi(cid:173)
`croprocessor 158 takes over and initiates a direct mem(cid:173)
`ory access (DMA) routine using the Non-Process Grant
`line to request control of the Unibus. This signal is fed
`
`
`
`4,352,952
`
`5
`to the Unibus control logic 116 from the microproces-
`sor 158 through the device select 160 via lines 168 and
`194 to the address decoder 130 which in turn impresses
`a DMA signal on the line 156 to initiate the DMA rou(cid:173)
`tine. The Ct bit of line 148 in the bus address register S
`146 is sent to the unibus control logic 116 to indicate
`that a data in function is to occur during the DMA
`cycle. Note that since the DSM operates only with full
`16 bit words, the Co line as defined in the PDP-11
`literature is not used by the DSM and so floats to high 10
`voltage or PDP-11 logic ''O" level. After the first two
`bytes addressed by the first DMA cycle and received in
`the input/output register 108, the DSM releases control
`of the Unibus, increments the bus address register 146
`using the clock BAR line 148, and again performs a IS
`DMA to bring in two more bytes of the major key.
`Since the major key requires four memory addresses to
`provide the 56 bits, the 6800 performs four DMA opera(cid:173)
`tions incrementing the bus address register 146 between
`each operation. Each of the two bytes that are brought 20
`into the input/output register 108 are transferred di(cid:173)
`rectly to the data security device 170, and the data
`security device 170 is programmed by the microproces(cid:173)
`sor to accept these bits as major key bits. The operation
`of the data security device 170 is described in copending 25
`application entitled "Data Security Device", filed on
`even date herewith and bearing Ser. No. 914,831. It
`should be understood that the keyed data entering into
`the DSM is placed directly into the data security device
`170 and is not accessable, after it is entered in the DSD 30
`170, to any outside intrusion other than physical prob(cid:173)
`ing of the die. The DSM retains the key for use in encry(cid:173)
`tion and is for all practical purposes inaccessible to
`anyone. After the last data of the major key has been
`loaded, the microprocessor sets bit 7 of the control 3S
`status register 112 to indicate to the computer that the
`DSM is ready for further commands.
`During the loading of the key into the data security
`device, the DSD 170 checks parity of the key. If a
`parity error is detected, a flag is set which the micro- 40
`processor detects and in turns transmitts through the
`device select 160 and the address decoder 130 onto the
`DSD key parity line 154 and into the CSR status regis-
`ter 112 where bits 13 and 15 are set to indicate a parity
`error in loading the key has occurred. Bit 13 of the CSR 4S
`indicates a parity error has occurred and bit 15 is a
`logical OR of bit 13 and bit 14. Bit 14 is used to indicate
`that a time-out error has occurred when the DSM has
`assumed master control of the Unibus. This slave sync
`time out error originates in the Unibus control logic 116 SO
`and is transferred via line 118 to the CSR status register
`112.
`Next the computer will load the initial fill buffer of
`the DSM by placing the address of the first word of the
`initial fill into the bus address register 146 and then 55
`commanding the CSR control register 110 to read in the
`initial fill. Again since the initial fill is 64 bits long, the
`6800 microprocessor 158 reads four memory addresses
`using the DAM format, places the initial fill on the
`scratch pad RAM 178 and sets the ready bit in the CSR 60
`status register 112 to a logical 1. Next the computer will
`load the bus address register 146 with the address of the
`first word of the block of data to be enciphered, place
`the word count of the block of data to be enciphered
`into the input/output register 108 and then write into 65
`the CSR control register 110 the code for encrypt with
`initial fill control word. At this point the MC6800 mi(cid:173)
`croprocessor 158 will take control. The microprocessor
`
`6
`will use a DMA operation to bring the first block of
`data the RAM storage 190, transfer the first 64 bits of
`the initial fill from the scratch pad RAM 178 into the
`data security device 170, and perform an encryption of
`the initial fill. Microprocessor 158 then performs an
`Exclusive-OR operation on the first 8 bits from the data
`security device with the first 8 bits from the first mem(cid:173)
`ory location using software techniques to provide the
`first 8 bits (1 byte) of ciphered text. These first byte of
`ciphered test is loaded into the RAM storage 190 and
`also into the bottom of the scratch pad RAM 178. The
`8 bits at the top (oldest byte) of the RAM storage 190 is
`discarded. The new initial fill in the scratch pad RAM
`178 is loaded into the data security device 170 for enci(cid:173)
`phering and the first 8 bits out of the DSD 170 are used
`to exclusive-OR with the next 8 bits from the data mem(cid:173)
`ory. The microprocessor 158 keeps track of the address
`in bus address register 146 as it is being incremented by
`referring to the word count which in turn has been
`stored along with the initial fill in the scratch pad RAM
`178. The microprocessor 158 continues encrypting until
`all the data block has been encrypted. After the last data
`byte has been encrypted, stored in the RAM storage
`150, and a read data command is received, the micro(cid:173)
`processor 158 then sets the BAR down control and
`proceeds to replace the data back into the computer
`memory by placing the bus address register contents
`onto the Unibus address line and using the IOR 108 to
`place the most recently enciphered data bytes onto the
`data bus line during a OMA cycle to place the last two
`encrypted data bytes into the upper most memory loca(cid:173)
`tion of the PDP-11. After each DMA cycle, the bus
`address register 146 is decremented using the clock
`BAR signal on line 148 to enter the next to last crypted
`data bytes into the PDP-11 memory. The PDP-11 mem(cid:173)
`ory now contains the exact contents prior to the encryp(c