Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence

US 5,438,622 A
Filed: 01/21/1994
Issued: 08/01/1995
Est. Priority Date: 01/21/1994
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for the communication of encrypted data, the apparatus comprising a transmitter which further comprises:

a first Pseudorandom Number (PN) generator for generating a first sequence of pseudorandom numbers;

an offset generator which operates to select a subset of the first sequence of pseudorandom numbers; and

an encoder comprising a first input for receiving the subset of the first sequence of pseudorandom numbers and a second input for receiving an original sequence of plaintext data, in which the encoder combines the subset of the first sequence of pseudorandom numbers and the sequence of plaintext data to produce an encrypted data output.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for improving the security of an electronic codebook encryption scheme comprises a transmitter unit for encoding or encrypting data and a separate authorized receiver for decoding or decrypting the data. During the encryption of the plaintext data, a randomly generated offset is introduced into the PN sequence to vary the starting point of the PN sequence as it is applied to the plaintext data. The offset is encrypted with the secret key and the unencrypted IV, encrypted offset, and ciphertext are exported by the transmitter to the receiver for decrypting.

The encoded communication is imported by the receiver and the encrypted offset portion is extracted. The receiver combines the encrypted offset with the secret key to decipher the offset value. The offset and PN sequence are then combined with the ciphertext, using an XOR gate, to recover the original plain text from the ciphertext.

In an alternative embodiment, the encoding PN sequence is composed of multiple, non-contiguous random sequence segments comprising a two-dimensional array. An incremental IV ID is generated for each IV issued in the creation of a segment. Each random sequence segment is identifiable by its IV ID. The starting point at which the random sequence segments are applied to a string of plaintext data is deferred from the beginning of the first random sequence segment in accordance with a composite offset.

Citations

29 Claims

1. An apparatus for the communication of encrypted data, the apparatus comprising a transmitter which further comprises:
- a first Pseudorandom Number (PN) generator for generating a first sequence of pseudorandom numbers;
  
  an offset generator which operates to select a subset of the first sequence of pseudorandom numbers; and
  
  an encoder comprising a first input for receiving the subset of the first sequence of pseudorandom numbers and a second input for receiving an original sequence of plaintext data, in which the encoder combines the subset of the first sequence of pseudorandom numbers and the sequence of plaintext data to produce an encrypted data output.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus according to claim 1 further comprising a receiver, the receiver comprising:
    - a second PN generator for generating a second sequence of pseudorandom numbers; and
      
      a decoder comprising a first input for receiving the second sequence of pseudorandom numbers and a second input for receiving the output of the transmitter containing the encrypted data, in which the decoder combines the second sequence of pseudorandom numbers and the encrypted data to produce the original sequence of plaintext data as an output.
  - 3. The apparatus according to claim 2 wherein the first input of the decoder receives a subset of the second sequences of pseudorandom numbers which is identical to the subset of the first sequence of pseudorandom numbers.
  - 4. The apparatus according to claim 1, wherein the first PN generator and the second PN generator are both initialized using a secret key which is commonly utilized by both the transmitter and the receiver.
  - 5. The apparatus according to claim 4, wherein the first PN generator and the second PN generator are both further initialized using an initialization vector which is commonly utilized by both the transmitter and receiver.
  - 6. The apparatus according to claim 5, wherein the first PN generator and the second PN generator are both initialized by logically combining the secret key and the initialization vector.
  - 7. The apparatus according to claim 5, further comprising an initialization vector generator coupled to the PN generator for selectively generating initialization vectors.
  - 8. The apparatus according to claim 5, wherein the encrypted data is transferred from the transmitter to the receiver in a data stream, the data stream comprising the initialization vector, the encrypted offset and the encrypted data.
  - 9. The apparatus according to claim 1, wherein the offset generator selects a subset of the sequence of pseudorandom numbers for combining with the plaintext data sequence by initiating the combining of sequences at a deferred starting point along the sequence of pseudorandom numbers.
  - 10. The apparatus according to claim 1, wherein the first sequence of pseudorandom numbers is contiguous.
  - 11. The apparatus according to claim 1, wherein the first sequence of pseudorandom numbers is comprised of multiple, non-contiguous segments forming a multi-dimensional array.
  - 12. The apparatus according to claim 11, wherein:
    - the first PN generator is initialized using an initialization vector;
      
      a new initialization vector is generated from an initialization vector generator for each PN sequence segment;
      
      an initialization vector identifier is generated for each initialization vector generated; and
      
      the PN sequence segments are indexed by initialization vectors concatenated with their respective initialization vector identifiers.
  - 13. The apparatus according to claim 12, wherein the offset is a composite of at least two values which, when applied to the multidimensional array, defers the starting point of the array.
  - 14. The apparatus according to claim 1, wherein the transmitter and receiver are implemented using at least one general purpose computer.

15. An encryption system comprising:
- transmitter means for encrypting plaintext data into ciphertext, the transmitter means further comprising;
  
  first pseudorandom number generating means for generating a first pseudorandom number sequence;
  
  offset generating means for generating a random offset; and
  
  encoding means for combining the first pseudorandom number sequence with the offset and plaintext data to produce the ciphertext; and
  
  receiver means for receiving the ciphertext from the transmitter means and decrypting the ciphertext to the original plaintext data.
- View Dependent Claims (16, 17)
- - 16. The encryption system according to claim 15, the receiver means further comprising second pseudorandom number generating means for generating a second pseudorandom number sequence identical to the first pseudorandom number sequence generated in the transmitter.
  - 17. The encryption system according to claim 16, the receiver means further comprising decoding means for combining the ciphertext with the second pseudorandom number sequence and the random offset of the transmitter means to produce the original plaintext data.

18. A method for encrypting a sequence of plaintext data comprising the steps:
- generating a first pseudorandom number sequence;
  
  generating a random offset;
  
  encrypting the plaintext data to produce ciphertext by logically combining the plaintext data with the first pseudorandom number sequence, deferring the starting point of the first pseudorandom number sequence in accordance with the offset; and
  
  exporting the ciphertext in combination with the initialization vector and the offset.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The method according to claim 18 further including decrypting of the ciphertext in a receiver, the decrypting comprising the steps:
    - importing the ciphertext combination;
      
      separating the ciphertext from the initialization vector and the offset in the ciphertext combination;
      
      generating a second pseudorandom number sequence identical to the first pseudorandom number sequence utilizing the imported initialization vector and the secret key; and
      
      decrypting the imported ciphertext by combining the ciphertext with the offset and the second pseudorandom number sequence.
  - 20. The method according to claim 18 wherein the step of generating a first pseudorandom number sequence includes the step of generating the sequence from an initialization vector and a secret key, where the length of the pseudorandom number sequence exceeds the length of the plaintext data sequence.
  - 21. The method according to claim 18, wherein the step of generating a first pseudorandom number sequence further comprises the step of storing the generated first pseudorandom number sequence and its corresponding initialization vector for future use in decrypting.
  - 22. The method according to claim 18 wherein the method of encrypting a sequence of plaintext data further comprises the step of encrypting the offset with the first pseudorandom number sequence.
  - 23. The method according to claim 22 wherein the step of exporting the ciphertext further includes combining the ciphertext with the initialization vector and the encrypted offset.
  - 24. The method according to claim 19 wherein the step of separating the ciphertext further includes separating the ciphertext from the initialization vector and an encrypted offset in the ciphertext combination.
  - 25. The method according to claim 19, wherein the step of generating a second pseudorandom number from the imported initialization vector further comprises the step of storing the generated second pseudorandom number and its corresponding initialization vector for future use in decrypting.
  - 26. The method according to claim 19 wherein the method of decrypting further includes the step of decrypting the offset by combining the offset with the second pseudorandom sequence.
  - 27. The method according to claim 26 wherein the step of decrypting the imported ciphertext further includes the step of combining the ciphertext with a decrypted offset and the second pseudorandom number sequence.
  - 28. The method according to claim 18 wherein the step of generating a first pseudorandom number sequence further includes the step of generating a plurality of non-contiguous pseudorandom number sequence segments.
  - 29. The method according to claim 28 further including the step of forming a multi-dimensional array from the plurality of pseudorandom number sequence segments.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Computer Incorporated (Apple Inc.)
Original Assignee
Apple Computer Incorporated (Apple Inc.)
Inventors
Chu, Ke-Chiang, Normile, James O.
Primary Examiner(s)
Cain, David C.

Application Number

US08/184,978
Time in Patent Office

557 Days
Field of Search

380/46, 364/224.21, 364/717, 331/78
US Class Current

380/46
CPC Class Codes

H04L 2209/12   Details relating to cryptog...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/0662   with particular pseudorando...

H04L 9/12   Transmitting and receiving ...

Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links