Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Packet header designating cryptographically protected data
Reexamination Certificate
1999-03-05
2004-02-17
Peeso, Thomas R. (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Packet header designating cryptographically protected data
C713S164000, C713S168000
Reexamination Certificate
active
06694430
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates to data communications interface IC chips for personal computers. More specifically, the present invention relates to an IC chip that functions both as the interface circuit to a host computer and for encryption/decryption of datagrams to and from the host.
2. The Background Art
Data encryption systems fall into two general categories: systems based on public-key (or asymmetric) algorithms and systems using symmetric algorithms. Public-key algorithms use a public/private key pair with one key used for encryption and the other for decryption. In most symmetric algorithms, the encryption key and the decryption key are the same. Public-key and symmetric encryption systems are used to solve different types of data security problems. Symmetric-key encryption, for example, is generally faster and often used to encrypt large amounts of data while public-key encryption is more popular when key management is an issue.
Data encryption may be used to secure data before it is transmitted across an insecure communications link. An encryption device at one end of a communications link encrypts the data, and possibly routing and protocol information, before the data is transmitted across an insecure data link. In a symmetric key encryption system, users at the other end of the communication link must have a device that decrypts the data using the same encryption algorithm and a common key.
Data encryption devices may be in the form of software installed in a conventional processing system or specialized hardware such as, for example, encryption modules or chips, dedicated encryption boxes, or encryption boards that plug into personal computers. Specialized hardware is generally faster, more secure, and easier to install than software-based encryption. Encryption is a computation-intensive task which is generally more efficient when performed by a specially-designed chip. Additionally, encryption algorithms implemented in hardware may be securely encapsulated to be tamperproof. Furthermore, it is easier and often more cost-effective to design secure telephones, fax machines, and communications equipment with special purpose encryption hardware than with an added microprocessor and encryption software.
There exist a number of publicly available cryptographic algorithms suitable for use with special-purpose encryption hardware for data encryption. The Data Encryption Standard (DES), for example, is a symmetric block cipher that encrypts data in 64-bit blocks using the same 56-bit key that is used for decryption. Triple-DES, or 3DES, is simply encryption with DES and three different keys, thus making an effective key length of 168 bits. These algorithms are described in Schneier, Bruce, Applied Cryptography (2nd ed. 1996), pp. 265-85, 294-301.
International Data Encryption Algorithm (IDEA) is another symmetric block-cipher that also encrypts in 64-bit blocks, but it uses a 128-bit key. RC4 and RC5 are variable-key-size stream ciphers licensed by RSA Data Security Inc. Both RC4 and RC5 are symmetric block algorithm designed to serve as an alternative to DES and are reportedly immune to linear differential cryptanalysis and other mathematical methods of attacking encryption systems, which would make them more secure than DES. These and other suitable algorithms are described in Schneier, Bruce, Applied Cryptography (2nd ed. 1996), pp. 303-355.
Many of these encryption algorithms and others have been implemented as an application specific integrated circuit (ASIC) or “chip.” The MYK-78 Clipper Chip, for example, is a tamper-resistant chip manufactured by VLSI Technologies that is designed for encrypting voice communications. The Clipper Chip implements the SKIPJACK cryptographic algorithm using 1 micron CMOS technology. VLSI and RSA are reportedly creating other silicon chip-based implementations of RSA's encryption technologies, including the RC4 symmetric stream cipher, for use in high-volume, high-speed consumer applications such as home satellite services and TV set-top boxes.
Encryption chips may be combined with PC cards to create portable encryption modules for use in adding encryption capabilities to other “host” devices. A PC card is a small 68-pin removable card conforming to physical and electrical interface standards set forth in the PC Card Standard of the Personal Computer Memory Card International Association (PCMCIA) of Sunnyvale, Calif. PC cards may contain hardware and software customized to perform a specific application and may be used to expand the capabilities of a host device, such as a mobile or notebook computer. To use the functions of the PC card, the PC card is inserted into a slot on a host device. The host device powers the card, recognizes the capabilities of the card, and initializes certain interface processes accordingly.
To reduce compatibility problems between PC cards and host systems, many conventional PC cards use a standardized interface system such as a Card Information Structure (CIS) set forth by the PC Card Standard. Using CIS, a data structure is stored in a PC card's memory that identifies the physical attributes and logical configuration of the card. The physical attributes include such things as the card's type, manufacturer, and part number. The logical configuration includes such things as the card's file system and number of logical partitions.
Conventional PC cards containing an encryption algorithm may be utilized in a wireless communications network, for example, to increase the secrecy of the communications transmitted between source and destination. An example of a PC card containing an encryption algorithm this is a PC radio card, or PC radio peripheral module, which provides communication between a mobile host computer and stationary base stations or access points over a wireless LAN.
FIG. 1
is a block diagram illustrating an example of a wireless radio card known in the prior art. Such a card may be used to connect a mobile or notebook computer to a wireless data network, such as an RF LAN. Card
10
may be placed in an interface slot
12
in a computer. The interface slot acts communicatively couples the computer and the card, allowing for the free exchange of data, as well as power derived from a power source
14
. Card
10
includes an interface chip
16
, which is generally an Application Specific Integrated Circuit (ASIC). The interface chip
16
generally contains a power control circuit
18
, which controls the distribution of power to the card. There may be power conservation circuitry included which shuts off power to the rest of the card if the radio is not in use in order to reduce the amount of overall power utilization of the card.
The interface chip
16
also includes encryption circuitry
20
to perform the encryption and decryption processes. The preferred embodiment utilizes the RSA RC4 variable-key-size stream cipher, but any appropriate encryption algorithm can be used as well. The encryption process utilizes memory, generally in the form of a dedicated static random access memory (SRAM)
22
, located within the interface chip
16
to store the data while it is being encrypted. Encipherment may begin with a secret key that has been distributed to cooperating stations by an external key management service. The secret key is concatenated with an initialization vector (IV) and the resulting seed is input to a pseudo random number generator (PRNG). The PRNG outputs a key sequence k of pseudo-random bits equal in length to the largest possible Message Protocol Data Unit (MPDU), the unit of the file format utilized by wireless LANs. Two processes are applied to the plaintext MPDU. To protect against unauthorized data alterations, an integrity algorithm operates on the plaintext to produce an integrity check value (ICV). Then, encryption is performed.
Encryption takes place by first initializing a 256-byte S-box (S
0
. . . S
255
) linearly (i.e. S
0
=0, S
1
=1, etc.). Then another 256-byte array (K
0
. . . K
255
) is
Vesuna Sarosh
Zegelin Chris
Carter, Deluca, Farrell & Schmidt LLP
Peeso Thomas R.
Symbol Technologies Inc.
LandOfFree
Data encryption integrated circuit with on-board dual-use... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data encryption integrated circuit with on-board dual-use..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data encryption integrated circuit with on-board dual-use... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3283108