Method and apparatus for encryption/authentication of data in energy metering applications

US 5,239,584 A
Filed: 12/26/1991
Issued: 08/24/1993
Est. Priority Date: 12/26/1991
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising the steps of:

generating cipher text from message text utilizing an add and shift operation, the step of generating cipher text comprising the steps of;

(a) generating an initialization vector;

(b) forming a frame from the initialization vector;

(c) providing the frame as input for a round process;

(d) generating a key byte from the round process;

(e) generating cipher text from the key byte; and

(f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e); and

replacing the message text with cipher text.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention is an encryption/decryption and authentication algorithm. The algorithm has three major steps. The first step is generating cipher text. The second step is generating the authentication field. The third step is encrypting or deciphering the appropriate data in the message. One byte of cipher text is generated for every byte of plain text contained in the message. After all the cipher text is generated, a four byte authentication field is generated using the last four bytes of cipher text. The message is then scanned for data fields which have been encrypted or are to be encrypted and the corresponding byte of cipher text replaces the message bytes. The encryption is accomplished by sending the cipher text instead of message text. To decipher the message, the algorithm operates in a reverse mode to replace the cipher text with the message text, i.e., the algorithm is a self-reversing process.

92 Citations

View as Search Results

40 Claims

1. A method comprising the steps of:
- generating cipher text from message text utilizing an add and shift operation, the step of generating cipher text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte; and
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e); and
  
  replacing the message text with cipher text.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1 further comprising the step of generating an authentication field using checksum bytes derived from the cipher text.
  - 3. A method in accordance with claim 1 wherein one byte of cipher text is generated for each byte of message text.
  - 4. A method in accordance with claim 1 wherein cipher text is communicated between components of a utility communications network.
  - 5. A method in accordance with claim 1 wherein the round process comprises the steps of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.
  - 6. A method in accordance with claim 1 wherein the initialization vector is based on the message time and date.
  - 7. A method in accordance with claim 1 wherein the initialization vector is based on a four byte sequence.

8. A method comprising the steps of:
- generating an authentication field for message bytes using checksum bytes derived from cipher text of the message bytes, generating cipher text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte; and
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e); and
  
  transmitting the authentication field with the message bytes.
- View Dependent Claims (9, 10)
- - 9. A method in accordance with claim 8 wherein the cipher text is generated from the message text utilizing an add and shift operation.
  - 10. A method in accordance with claim 8, wherein the round process comprises the steps of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.

11. Apparatus, comprising:
- computing means;
  
  means for inputting information to said computing means;
  
  memory means coupled to said computing means; and
  
  wherein said computing means is controlled to perform the steps of;
  
  generating an authentication field for message bytes using checksum bytes derived from cipher text of the message bytes, generating cipher text from message text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for the round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte;
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e); and
  
  transmitting the authentication field with the message bytes.
- View Dependent Claims (12, 13)
- - 12. Apparatus in accordance with claim 11 wherein said computing means generates the cipher text from the message text utilizing an add and shift operation.
  - 13. Apparatus in accordance with claim 11 wherein said computing means, for the round process, is programmed to perform the steps of:
    - (a) setting a new Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.

14. A method comprising the steps of:
- generating an authentication field for message bytes using checksum bytes derived from cipher text of the message bytes, generating cipher text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte; and
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e);
  
  transmitting the authentication field and the message information as one message from a central location to a remote location.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. A method in accordance with claim 14 further comprising the steps of:
    - generating cipher text from message text utilizing an add and shift operation;
      
      replacing at least one bit of the message text with one bit of cipher text; and
      
      transmitting the cipher text and the authentication field.
  - 16. A method in accordance with claim 15 wherein the authentication field is generated using checksum bytes derived from the cipher text.
  - 17. A method in accordance with claim 15 wherein one byte of cipher text is generated for each byte of message text.
  - 18. A method in accordance with claim 15 wherein the message includes plain text and cipher text.
  - 19. A method in accordance with claim 15 wherein each bit of plain text is replaced with cipher text.

20. Energy meter means, comprising:
- metering means for measuring energy consumed by an end-user and supplied from a power delivery system;
  
  computing means;
  
  means for transmitting information to a device external said energy meter means, said transmitting means being coupled to said computing means;
  
  memory means coupled to said computing means; and
  
  wherein said computing means is controlled to perform the steps of;
  
  generating an authentication field for message bytes using checksum bytes derived from cipher text of the message bytes, generating cipher text from message text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte;
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e); and
  
  providing, to said transmitting means, the authentication field with the message bytes.
- View Dependent Claims (21, 22, 23, 24)
- - 21. Energy meter means in accordance with claim 20 wherein said computing means generates the cipher text from the message text utilizing an add and shift operation.
  - 22. Energy meter means in accordance with claim 20 wherein said computing means, for the round process, is programmed to perform the step of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.
  - 23. Energy meter means in accordance with claim 20 wherein said transmitting means is coupled to a power line of the power delivery system and wherein information is transmitted on the power line from said meter means to the external device.
  - 24. Energy meter means in accordance with claim 20 wherein said transmitting means comprises a radio transmitter.

25. A system, comprising:
- central communication means comprising first computing means and first transmitting/receiving means;
  
  metering means for measuring energy consumed by an end-user and supplied from a power delivery system, said metering means comprising second computing means and second transmitting/receiving means;
  
  said first computing means and said second computing means being controlled to perform the steps of;
  
  generating an authentication field for message bytes using checksum bytes derived from cipher text of the message bytes, generating cipher text from message text comprising the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating cipher text from the key byte;
  
  (f) if cipher text has not been generated for each byte of message text, forming a next frame for processing utilizing the cipher text generated in step (e) and returning to step (e).
- View Dependent Claims (26, 27, 28, 29)
- - 26. A system in accordance with claim 25 wherein said first and second computing means generate the cipher text from the message text utilizing an add and shift operation.
  - 27. A system in accordance with claim 25 wherein said computing means, for the round process, is programmed to perform the steps of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Bye 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.
  - 28. A system in accordance with claim 25 wherein said first and second receiving/transmitting means comprise first and second radio transceivers.
  - 29. A system in accordance with claim 25 further comprising intermediate control means for transforming radio transmitted information to a form compatible for communications on a power line and for transforming information transmitted on a power line to a form compatible for radio communications, and wherein said first receiving/transmitting means comprising a radio transceiver and said second receiving/transmitting means is coupled to a power line of the power delivery system.

30. Energy meter means, comprising:
- metering means for measuring energy consumed by an end-user and supplied from a power delivery system;
  
  computing means;
  
  means for receiving information from a device external said energy meter means, said receiving means being coupled to said computing means;
  
  memory means coupled to said computing means; and
  
  wherein said computing means is controlled to perform the step of generating message text from cipher text by performing the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating message text from the key byte;
  
  (f) if message text has not been generated for each byte of cipher text, forming a next frame for processing utilizing the message text generated in step (e) and returning to step (e).
- View Dependent Claims (31, 32, 33, 34)
- - 31. Energy meter means in accordance with claim 30 wherein said computing means, for the round process, is programmed to perform the steps of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.
  - 32. Energy meter means in accordance with claim 30 wherein said receiving means is coupled to a power line of the power delivery system and wherein information is received on the power line from the external device.
  - 33. Energy meter means in accordance with claim 30 wherein said receiving means comprises a radio receiver.
  - 34. Energy meter means in accordance with claim 30 wherein said receiving means is coupled to a telephone line and wherein information is received on the telephone line from the external device.

35. Receiver means, comprising:
- computing means;
  
  means for receiving information from a device external said energy meter means, said receiving means being coupled to said computing means;
  
  memory means coupled to said computing means; and
  
  wherein said computing means is controlled to perform the step of generating message text from cipher text by performing the steps of;
  
  (a) generating an initialization vector;
  
  (b) forming a frame from the initialization vector;
  
  (c) providing the frame as input for a round process;
  
  (d) generating a key byte from the round process;
  
  (e) generating message text from the key byte;
  
  (f) if message text has not been generated for each byte of cipher text, forming a next frame for processing utilizing the message text generated in step (e) and returning to step (e).
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. Receiver means in accordance with claim 35 wherein said computing means, for the round process, is programmed to perform the steps of:
    - (a) setting a new Frame Byte 1 to Frame Byte 3 EXCLUSIVE-ORed with the original value of Frame Byte 1, and setting the new Frame Byte 2 to Frame Byte 4 EXCLUSIVE-ORed with the original value of Frame Byte 2;
      
      (b) EXCLUSIVE-ORing Frame Byte 2 with the next byte of the security key, incrementing a security key index, EXCLUSIVE-ORing Frame Byte 1 with the next byte of security code, and incrementing the security key index;
      
      (c) setting Frame Byte 2 to a value determined using the value of Frame Byte 2 as an index, and setting Frame Byte 1 to the value resulting from using the value of Frame Byte 1 as an index;
      
      (d) EXCLUSIVE-ORing Frame Byte 2 with the most significant byte of the frame counter, and EXCLUSIVE-ORing Frame Byte 1 with the least significant byte of the frame counter;
      
      (e) EXCLUSIVE-ORing Frame Byte 2 with the original value of Frame Byte 4 and EXCLUSIVE-ORing Frame Byte 1 with the original value of Frame Byte 3; and
      
      (f) using Frame Bytes 2 and 1 as a single 16 bit value, with Frame Byte 2 being the most significant byte, the 16 bit value being shifted right once, with the least significant bit becoming the most significant bit, and the constant, 5EFC Hex, being added thereto, the new Frame Byte 4 being set to the most significant byte of resulting 16 bit value, and the new Frame Byte 3 being set to the least significant byte of the resulting 16 bit value, and incrementing the round number.
  - 37. Receiver means in accordance with claim 35 wherein said receiving means is coupled to a power line of the power delivery system and wherein information is received on the power line from the external device.
  - 38. Receiver means in accordance with claim 35 wherein said receiving means comprises a radio receiver.
  - 39. Receiver means in accordance with claim 35 wherein said receiving means is coupled to a telephone line and wherein information is received on the telephone line from the external device.
  - 40. Receiver means in accordance with claim 35 wherein said receiving means comprises optical communication means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
General Electric Company
Inventors
Hershey, John E., Schmidt, Larry A., Mancuso, Marjorie J.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US07/813,637
Time in Patent Office

607 Days
Field of Search

380/50, 380/28, 380/49, 380/42, 380/28, 380/23, 380/25, 380/4
US Class Current

380/28
CPC Class Codes

G06Q 50/06   Energy or water supply

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 2209/601   Broadcast encryption

H04L 2209/80   Wireless network architectu...

H04L 9/0618   Block ciphers, i.e. encrypt...

H04L 9/3236   using cryptographic hash fu...

Method and apparatus for encryption/authentication of data in energy metering applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for encryption/authentication of data in energy metering applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links