Cryptographic authentication of transmitted messages using pseudorandom numbers

US 5,377,270 A
Filed: 06/30/1993
Issued: 12/27/1994
Est. Priority Date: 06/30/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method of cryptographically authenticating a transmission from a transmitting unit at a receiving module, comprising:

providing a secret initial value in said transmitter and providing said secret initial value in said receiver;

in said transmitting unit;

generating a random number;

concatenating said random number with a key word derived from said secret initial value to provide a combined word;

performing an encryption operation on said combined word to provide an encrypted number; and

transmitting a command word derived at least in part from said encrypted number and indicative of a command;

comprising in said receiving module;

receiving said command word;

recovering said encrypted number from said received command word;

performing a decryption operation on said recovered encrypted number to recover said combined word;

comparing a second word derived from said secret initial value with the key word portion of said recovered combined word;

storing the random number portion of said recovered combined word for future use in subsequent authentication operations;

comparing the random number portion of said recovered combined word with a previously stored random number portion; and

performing the command indicated by said command word only if said second secret initial value is identical to the initial value portion of said recovered combined word and said random number portion of said recovered combined word is different from said previously stored random number portion.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automobile door lock receiver module (30) and a plurality of keychain fob transmitter units (16) contain identification numbers, secret initial values, and secret feedback masks so as to authenticate encrypted messages from any of the assigned fobs, indicative of commands registered by closing switches on the fob. Each fob is synchronized with the receiving module by means of a truly random number concatenated with a secret initial value and encrypted, through a linear feedback shift register or other operations. A second secret initial value is encrypted and command bits are exclusive ORed into the low order bit positions; the two encrypted numbers are concatenated and encrypted to form a key word which is transmitted with the fob ID. Synchronization includes decrypting to recover the truly random number and the secret initial value concatenated therewith; the truly random number is compared with previously received random numbers in order to avoid copying of recently transmitted synchronization commands. Successive lock-related commands utilize the number encrypted from the truly random number and the second secret initial value as starting values, employing a pseudorandom number of encryption iterations. A half-second delay between responses mitigates gaining access through numerical trials. An authenticated panic alarm command operates the headlights and horn of the vehicle but does not alter the synchronization.

223 Citations

40 Claims

1. A method of cryptographically authenticating a transmission from a transmitting unit at a receiving module, comprising:
- providing a secret initial value in said transmitter and providing said secret initial value in said receiver;
  
  in said transmitting unit;
  
  generating a random number;
  
  concatenating said random number with a key word derived from said secret initial value to provide a combined word;
  
  performing an encryption operation on said combined word to provide an encrypted number; and
  
  transmitting a command word derived at least in part from said encrypted number and indicative of a command;
  
  comprising in said receiving module;
  
  receiving said command word;
  
  recovering said encrypted number from said received command word;
  
  performing a decryption operation on said recovered encrypted number to recover said combined word;
  
  comparing a second word derived from said secret initial value with the key word portion of said recovered combined word;
  
  storing the random number portion of said recovered combined word for future use in subsequent authentication operations;
  
  comparing the random number portion of said recovered combined word with a previously stored random number portion; and
  
  performing the command indicated by said command word only if said second secret initial value is identical to the initial value portion of said recovered combined word and said random number portion of said recovered combined word is different from said previously stored random number portion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. A method according to claim 1 wherein said step of comparing the random number portion is performed only if said second secret initial value is identical to said initial value portion of said recovered combined word.
  - 3. A method according to claim 1 wherein said step of storing is performed after said step of comparing the random number portion, said random number is stored at the head of a queue in a first-in, first-out memory, the first recovered one of said previously stored random numbers being dropped only if said step of comparing indicates that said random number portion is different.
  - 4. A method according to claim 1 wherein said step of storing comprises storing the random number portion of said recovered combined word until at least four subsequent authentication operations have been performed;
    - andsaid step of comparing the random number portion comprises comparing with four of said previously stored random number portions.
  - 5. A method according to claim 1 wherein said secret number is zero.
  - 6. A method according to claim 1 wherein said secret number is a non-zero number.
  - 7. A method according to claim 1 wherein said command indicated by said command word is a synchronization command, performance of which provides cryptographic synchronization between said receiving module and said transmitting unit.
  - 8. A method according to claim 7 comprising:
    - in said transmitting unit, storing one of said numbers for future use in subsequent authentication; and
      
      whereinsaid step of performing said command comprises storing said one of said numbers for future use in subsequent authentication.
  - 9. A method according to claim 8 wherein said one of said numbers is said encrypted number.
  - 10. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a linear encryption operation.
  - 11. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a feedback shift register operation.
  - 12. A method according to claim 11 wherein said step of performing an encryption operation comprises performing a linear feedback shift register operation employing the same secret initial value and the same secret feedback mask in said transmitting unit as in said receiving module.
  - 13. A method according to claim 12 wherein said linear feedback shift register operation comprises a number of iterations on the order of the degree of said combined word or more.
  - 14. A method according to claim 1 comprising:
    - encrypting the concatenation of said encrypted number with a third word to provide an encrypted word; and
      
      whereinsaid step of transmitting comprises transmitting said command word including said encrypted word; and
      
      said step of recovering said encrypted number comprises performing a decryption operation on said encrypted word, to also recover said third word.
  - 15. A method according to claim 14 wherein said third word provides said indication of a command.
  - 16. A method according to claim 14 wherein said third word is derived from a third secret initial value.
  - 17. A method according to claim 14 wherein said third word comprises a third secret initial value having command indicating bits exclusive ORed into a command portion thereof;
    - andcomprising in said receiving module;
      
      comparing the non-command portion of said recovered third word with a corresponding portion of a fourth secret initial value; and
      
      exclusive ORing said command portion of said recovered third word with a corresponding portion of said fourth secret initial value to recover said command indicating bits only if said second initial value is identical to the initial value portion of said recovered combined word, and said non-command portion of said recovered third word is identical to said corresponding portion of said fourth secret initial value.
  - 18. A method according to claim 14 wherein said steps of encrypting and of performing an encryption operation each comprise performing a linear encryption operation.
  - 19. A method according to claim 14 wherein said steps of encrypting and of performing an encryption operation each comprise performing a feedback shift register operation.
  - 20. A method according to claim 19 wherein said steps of encrypting and of performing an encryption operation each comprise performing a linear feedback shift register operation.
  - 21. A method according to claim 1 wherein said command indicated by said command word is a panic command, and performance of said panic command sets off an alarm.
  - 22. A method according to claim 21 wherein said alarm comprises the horn of a vehicle with which said receiving module is associated.
  - 23. A method according to claim 21 wherein said alarm comprises the headlights of a vehicle with which said receiving module is associated.
  - 24. A method according to claim 1 wherein the random number portion of said combined word is compared with a plurality of previously stored random number portions.
  - 25. A method according to claim 1 wherein said key word is said secret initial value.

26. A method of cryptographically synchronizing a command transmitting unit with a command performing receiving module for selective response thereto, comprising:
- providing, in both said transmitting unit and in said receiving module, a word including a key portion derived at least in part from a secret initial value;
  
  in said transmitting unit;
  
  performing an encryption operation on said word to provide an encrypted word; and
  
  transmitting a command word derived at least in part from said encrypted word and indicative of a synchronization command;
  
  comprising in said receiving module;
  
  receiving said command word;
  
  recovering said encrypted word from said received command word;
  
  performing a decryption operation on said recovered encrypted word to recover said word;
  
  comparing the key portion of said word with the key portion of said recovered word; and
  
  providing cryptographic synchronization between said receiving module and said transmitting unit only if the key portion of said word is identical to the key portion of said recovered word.
- View Dependent Claims (27, 28, 29, 30)
- - 27. A method according to claim 26 wherein said word comprises a random number concatenated with said key portion, said decryption operation recovers said random number, and said step of providing cryptographic synchronization is performed only if said recovered random number is different from a previous random number recovered from a received command word.
  - 28. A method according to claim 26 wherein said word comprises said key portion and a third secret initial value having bits indicative of a synchronization command exclusive ORed into a command portion thereof;
    - andsaid step of providing cryptographic synchronization comprises exclusive ORing a fourth secret initial value into the command portion of said recovered word to recover said synchronization command bits and providing cryptographic synchronization in response to said recovered synchronization command bits.
  - 29. A method according to claim 26 wherein said key portion is said secret initial value.
  - 30. A method according to claim 26 wherein said step of providing cryptographic synchronization comprises storing said recovered encrypted word for future use in subsequent authentication.

31. A method of transferring a cryptographically authenticated command from a transmitting unit to a receiving module, comprising:
- providing, in both said transmitting unit and in said receiving module, a code word, derived from a secret initial value, including a key portion and a command portion;
  
  comprising, in said transmitting unit;
  
  providing a plurality of bits indicative of a command to be transmitted;
  
  exclusive ORing said plurality of bits into corresponding bits of said command portion to provide an altered word;
  
  performing an encryption operation on a word including said altered word to provide an encrypted word; and
  
  transmitting a command word derived at least in part from said encrypted word;
  
  comprising in said receiving module;
  
  receiving said command word;
  
  recovering said encrypted word from said received command word;
  
  performing a decryption operation on said recovered encrypted word to recover said altered word; and
  
  exclusive ORing the command portion of said code word with the command portion of said recovered altered word to recover said plurality of bits.
- View Dependent Claims (32)
- - 32. A method according to claim 31 comprising:
    - exclusive ORing the command portion of said code word with the command portion of said recovered altered word only if said key portion of said code word is identical to said key portion of said recovered altered word.

33. A cryptographically authenticated control system in which a command message from a transmitting unit causes a physical effect in a receiving module;
- said transmitting unit comprising;
  
  a source of signals for providing a seed signal indicative of a secret initial value, said initial value being essentially unique to said transmitting unit;
  
  command switches that indicate a physical effect to be caused by said receiving module; and
  
  first signal processing means responsive to selected operation of said switches indicative of a command for providing a random signal indicative of a variable random number, for providing a combined number including a key word derived from said secret initial value concatenated with the random number defined by said random signal, for encrypting said combined number, and for transmitting, to said receiving module, a command word signal having a key portion derived from the encrypted combined number and including an indication of said command;
  
  said receiving module comprising;
  
  a signal source for providing a seed signal indicative of said secret initial value; and
  
  second signal processing means for receiving said command word signal, for recovering said encrypted combined number from said key portion of said received command word signal, for decrypting said recovered encrypted combined number so as to recover said combined number, for providing a key word derived from said secret initial value, for comparing said key word with an equivalent portion of said recovered combined number, for storing, in response to said initial value being identical to said equivalent portion, the random number portion of said recovered combined word for subsequent use, and for comparing said random number portion, for which said equivalent portion is equal to said key word, with a similar random number portion, previously stored for subsequent use in response to a prior key word comparison, and for selectively performing the command indicated by said command word only if said compared random number portions are not equal.
- View Dependent Claims (34, 35, 36, 37)
- - 34. A system according to claim 33 wherein:
    - said command switches indicate a synchronization command;
      
      said first signal processing means comprises means responsive to said switches indicating said synchronization command for storing one of said numbers for future use in subsequent generation of encrypted messages; and
      
      said second signal processing means comprises means for performing said synchronization command by storing said one of said numbers recovered from said command word for future use in authenticating subsequently received messages.
  - 35. A system according to claim 34 wherein said first and second signal processing means each comprise means for storing said encrypted combined number for future use in authenticating subsequently received messages.
  - 36. A system according to claim 33 wherein said key word is said secret initial value.
  - 37. A system according to claim 33 wherein said second signal processing means compares said random number portion with a plurality of previously stored similar random number portions.

38. A method of causing an alarm at a receiving module in response to a command from a transmitting unit, comprising:
- providing, in both said transmitting unit and in said receiving module, a word including a key portion derived at least in part from a secret initial value;
  
  in said transmitting unit;
  
  performing an encryption operation on said word to provide an encrypted word; and
  
  transmitting a command word derived at least in part from said encrypted word and indicative of an alarm command;
  
  comprising in said receiving module;
  
  receiving said command word;
  
  recovering said encrypted word from said received command word;
  
  performing a decryption operation on said recovered encrypted word so as to recover said word;
  
  comparing the key portion of said word with the key portion of said recovered word; and
  
  setting off an alarm near said receiving module if the key portion of said word is identical to the key portion of said recovered word.
- View Dependent Claims (39, 40)
- - 39. A method according to claim 38 wherein said alarm comprises the horn of a vehicle with which said receiving module is associated.
  - 40. A method according to claim 38 wherein said alarm comprises the headlights of a vehicle with which said receiving module is associated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lear Corporation EEDS and Interiors Incorporated (Lear Corporation)
Original Assignee
United Technologies Automotive, Inc. (Lear Corporation)
Inventors
Finn, Alan M., Koopman, Philip J. Jr.
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/085,423
Time in Patent Office

545 Days
Field of Search

380/4, 380/21, 380/23, 380/24, 380/25, 380/30, 380/43, 380/46, 380/48, 380/49, 380/50, 340/825.31, 340/825.34
US Class Current

380/262
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 2209/12   Details relating to cryptog...

H04L 2209/20   Manipulating the length of ...

H04L 2209/84   Vehicles

H04L 9/12   Transmitting and receiving ...

H04L 9/3271   using challenge-response

Cryptographic authentication of transmitted messages using pseudorandom numbers

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

223 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic authentication of transmitted messages using pseudorandom numbers

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

223 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links