Digital radio transceiver with encrypted key storage
First Claim
Patent Images
1. A digital radio comprising:
- a RF transmitter for transmitting digital signals over a radio frequency link;
a RF receiver for receiving digital signals transmitted over said radio frequency link;
a non-volatile memory device;
an encryptor/decryptor coupled to said memory device for cryptographically transforming said transmitted and/or received digital signals based on at least one cryptographic key stored within said memory device; and
a further arrangement coupled to said memory device, said further arrangement writing, into said memory device, said cryptographic key within a field of randomized data, said further arrangement hiding said stored cryptographic key within said stored randomized data field, said further arrangement ensuring that said cryptographic key is transformed before said cryptographic key is stored within said memory device and for ensuring that said stored cryptographic key is inversely transformed before it is used by said encryptor/decryptor to cryptographically transform said transmitted and/or received digital signals,wherein said farther arrangement repetitively applies different transformations to said cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital radio has standardized "key" storage for several different cryptosystems (DES, VGE, VGS, etc.). Cryptographic keys are stored in a table in non-volatile memory such as EEPROM. The "keys" are stored in an "encrypted" form such that their identities are not readily revealed by a "dump" of memory contents. Additional security is provided in accordance with the present invention by extracting the "keys" from the stored table and re-"encrypting" the entire table each time a key loader device is attached to the radio. Multiple key banks are used to provide enhanced voice security by increasing the number of encryption keys available for use by a radio.
179 Citations
43 Claims
-
1. A digital radio comprising:
-
a RF transmitter for transmitting digital signals over a radio frequency link; a RF receiver for receiving digital signals transmitted over said radio frequency link; a non-volatile memory device; an encryptor/decryptor coupled to said memory device for cryptographically transforming said transmitted and/or received digital signals based on at least one cryptographic key stored within said memory device; and a further arrangement coupled to said memory device, said further arrangement writing, into said memory device, said cryptographic key within a field of randomized data, said further arrangement hiding said stored cryptographic key within said stored randomized data field, said further arrangement ensuring that said cryptographic key is transformed before said cryptographic key is stored within said memory device and for ensuring that said stored cryptographic key is inversely transformed before it is used by said encryptor/decryptor to cryptographically transform said transmitted and/or received digital signals, wherein said farther arrangement repetitively applies different transformations to said cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of communicating securely between first and second radio frequency transceivers over an insecure radio frequency channel, said method including the following steps performed by each of said first and second transceivers:
-
(a) storing cryptographic key information in first and second key banks; (b) selecting one of said first key bank and said second key bank, and also selecting personality data defining at least one further operating characteristic of said transceiver; and (c) using cryptographic key information from said selected key bank to encrypt and/or decrypt radio frequency transmissions communicated at least in part in accordance with said further operating characteristic, wherein; said step (c) includes selecting a discrete cryptographic key based on a key bank selector and a key selector; and said method further includes changing said key bank selector without changing said key selector in order to select any of plural cryptographic keys associated with the same communicating first and second radio frequency transceivers. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of operating a digital two-way radio frequency transceiver of the type having an non-volatile memory comprising the following steps:
-
(a) defining first and second key banks; (b) defining a variable value; (c) storing a first plurality of cryptographic keys into said first key bank at a variable location within said non-volatile memory, including the step of selecting said variable location based on said defined variable value; (d) storing a second plurality of cryptographic keys into said second key bank at a variable location within said non-volatile memory, including the step of selecting said variable location based on said defined variable value; (e) selecting between said first key bank and said second key bank; (f) selecting a cryptographic key stored within said selected key bank; (g) converting analog speech signals into digitized data; (h) encrypting said digitized data using said selected cryptographic key to provide encrypted digitized data; (i) generating a radio frequency carrier signal; (j) modulating said radio frequency carrier signal with said encrypted digitized data; (k) transmitting said modulated radio frequency carrier signal over the air; (l) repeating said step (b) to define a further variable value; and (m) repeating said steps (c) and (d) to store said first and second key banks at variable locations different from said first-mentioned variable locations based on said defined further variable value. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A method of protecting cryptographic keys retained by a radio transceiver comprising:
-
(a) connecting a keyloader to a radio transceiver; and (b) performing the following steps in response to said connecting step (a); (1) reading, from said radio, stored cryptographic key information encrypted using a first encryption transformation; (2) decrypting said read cryptographic key information; (3) encrypting said decrypted cryptographic key information using a second encryption transformation different from said first encryption transformation, (4) storing a field of randomized data within said radio, and (5) storing and hiding within said stored randomized data field said key information encrypted by said step (3). - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A secure method for storing cryptographic keys within the non-volatile memory of a radio device, said method comprising:
-
(a) storing shrouding data within said radio device non-volatile memory, said shrouding data occupying a block of memory addresses; (b) providing a variable value; (c) generating a memory address within said block based at least in part on said variable value; and (d) hiding said cryptographic keys within said stored randomized data by storing said cryptographic keys within said shrouding data beginning at said generated memory address. - View Dependent Claims (32, 33, 34, 35, 36)
-
-
37. A method of programming encryption key information into a digital radio communications device non-volatile memory comprising:
-
(a) writing a block of pseudo-random characters into a portion of said nonvolatile memory; (b) selecting, based at least in part on a pseudo-random process, a location within said block; and (c) writing at least one cryptographic key into said memory portion at a place corresponding to said selected location, said pseudo-random characters shrouding said written key. - View Dependent Claims (38, 39, 40, 41)
-
-
42. A radio communications device comprising:
-
a non-volatile memory; means for providing variable data; address selecting means coupled to receive said variable data for selecting a memory address based at least in part on said variable data; and shrouding means coupled to said non-volatile memory and also coupled to said address selecting means, for storing shrouding data within said non-volatile memory and for storing at least one cryptographic key within said stored shrouding data beginning at said generated memory address.
-
-
43. An arrangement for programming encryption key information into a digital radio communications device non-volatile memory comprising:
-
means for writing shrouding characters into a portion of said memory; means for pseudo-randomly selecting a location within said memory portion; key encrypting means for encrypting a cryptographic key; and means coupled to said selecting means and to said key encrypting means for writing said encrypted cryptographic key into said memory portion at a place corresponding to said selected location and surrounded by said shrouding characters, said shrouding characters hiding said encrypted cryptographic key.
-
Specification