Data communication system
First Claim
1. A data communication system comprising a plurality of stations for the transmission and reception of message signals, each said station comprising:
- memory means storing a cryptographic function and a secret cryptographic key both of which are common to all of said stations, said memory means further storing a non-secret offset for said key which is individual to the respective said station;
input means for receiving a first message signal to be transmitted to one of the other said stations;
combining means for combining said stored cryptographic key with said stored individual offset to generate a first modified key;
processing means for encrypting said first message signal to be transmitted, using said stored cryptographic function with said first modified key, compute an authenticator signal for said first message signal to be transmitted; and
output means for outputting said authenticator signal;
said input means further being for receiving a received message signal and a received said authenticator signal transmitted from another said station and a received said offset individual to said another station;
said combining means further being for combining said stored cryptographic key with said received offset individual to said another station to generate a second modified key;
said processing means further being for encrypting said received message signal, using said stored cryptographic function with said second modified key, to compute a second authenticator signal for said received message signal;
comparing means for comparing said received authenticator signal and said second authenticator signal; and
said output means further being for providing an indication signal of verification or non-verification according to whether or not said received authenticator signal and said second authenticator signal are identical but without outputting said second authenticator signal.
3 Assignments
0 Petitions
Accused Products
Abstract
In a data communication system a plurality of users are equipped with respective devices for computation and authentication of message authenticators. Each device stores a common cryptographic function; a common secret key and a respective non-secret offset for the key. They are programmed to perform the functions of: (i) computing and outputting an authenticator for an entered message using the cryptographic function and key combined with the respective offset; and (ii) computing an authenticator for an entered message using the cryptographic function and key combined with any entered offset, comparing that authenticator with one received with the message and displaying a "pass" or "fail" decision. The devices are incapable of displaying or otherwise outputting any authenticator computed using any offset other than its respective stored offset, however. In this way it can be ensured that a transmitted authenticator can act as a verifiable "signature" to a message uniquely identifying the sender.
-
Citations
6 Claims
-
1. A data communication system comprising a plurality of stations for the transmission and reception of message signals, each said station comprising:
-
memory means storing a cryptographic function and a secret cryptographic key both of which are common to all of said stations, said memory means further storing a non-secret offset for said key which is individual to the respective said station; input means for receiving a first message signal to be transmitted to one of the other said stations;
combining means for combining said stored cryptographic key with said stored individual offset to generate a first modified key;
processing means for encrypting said first message signal to be transmitted, using said stored cryptographic function with said first modified key, compute an authenticator signal for said first message signal to be transmitted; and
output means for outputting said authenticator signal;said input means further being for receiving a received message signal and a received said authenticator signal transmitted from another said station and a received said offset individual to said another station;
said combining means further being for combining said stored cryptographic key with said received offset individual to said another station to generate a second modified key;
said processing means further being for encrypting said received message signal, using said stored cryptographic function with said second modified key, to compute a second authenticator signal for said received message signal;
comparing means for comparing said received authenticator signal and said second authenticator signal; and
said output means further being for providing an indication signal of verification or non-verification according to whether or not said received authenticator signal and said second authenticator signal are identical but without outputting said second authenticator signal.
-
-
2. A data communication system comprising a plurality of stations, operable for any said station to verify the authenticity of any other said station, each said station comprising:
-
memory means storing a cryptographic function and a secret cryptographic key both of which are common to all of said stations, said memory means further storing a non-secret offset for said key which is individual to the respective said station; generating means for generating a random challenge message signal to be issued to one of said stations; input means for receiving a received said random challenge message signal issued from another said station;
combining means for combining said stored cryptographic key with said stored individual offset to generate a first modified key;
processing means for encrypting said received random challenge message signal, using said stored cryptographic function with said first modified key, to compute a response signal to said received random challenge message signal; and
output means for outputting said response signal;said input means further being for receiving a received said response signal, transmitted from said one station, to said random challenge message signal, and a received said offset individual to said one station;
said combining means further being for combining said stored cryptographic key with said received offset individual to said one station to generate a second modified key;
said processing means further being for encrypting said random challenge message signal, using said stored cryptographic function with said second modified key, to compute a second response signal to said random challenge message signal;
comparing means for comparing said received response signal and said second response signal; and
said output means further being for providing an indication signal of verification or non-verification according to whether or not said received response signal and said second response signal are identical but without outputting said second response signal.
-
-
3. A data communication system including at least a first station and a second station, said first and second stations respectively including first and second memory means for storing a cryptographic function and a secret cryptographic key both of which are common to said first and second stations, wherein said improvement in said data communication system comprises:
said first station further including; said first memory means further including a non-secret first offset for said key which is individual to said first station; first input means for receiving a first message signal; first combining means for combining said cryptographic key with said first offset to generate a first modified key; first processing means for encrypting said first message signal with said first modified key to generate a first authenticator signal; and first transmission means for transmitting said first offset, said first message signal and said first authenticator signal to said second station; and said second station further including; said second memory means further including a non-secret second offset for said key which is individual to said second station; second input means for receiving said first offset, said first message signal and said first authenticator signal from said first station; second combining means for combining said cryptographic key stored in said second station with said first offset to generate a second modified key; second processing means for generating a second authenticator signal from said first message signal; first comparing means for comparing said first authenticator signal with said second authenticator signal to generate a first indication signal indicating whether said first and second authenticator signals are identical; and first output means for outputting said first indication signal but without outputting said second authenticator signal. - View Dependent Claims (4, 5, 6)
Specification