CA1124812A - Cryptographic communication security for multiple domain networks - Google Patents

Abstract

CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS
ABSTRACT
A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed.
This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system.
The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipher-ment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems.

Ki977009

Description

112~12 1 CROSS REFERENCE TO RELATED PATENTS & APPLICATIONS:

2 This application is reIated to the following patents

3 and patent applications which are assigned to the same

4 assignee as the patent application:
1. "Cryptographic Communication and File Security 6 Using Terminals" Canadian Application 316,965, 7 filed November 28, 1978, by Ehrsam et al.
8 2. "Cryptographic Communication Security for Single 9 Domain Networks" U.S. Patent No, 4,238,853, issued December 9, 1980 by Ehrsam et al.
11 3. "Cryptographic File Security for Single Domain 12 Networks", U.S. Patent No, 4,238,854, issued 13 December 9, 1980, by Ehrsam et al.
14 4. "Cryptographic File Security for Multiple Domain Networks", U.S. Patent 4,203,166 issued 16 May 13, 1980, by Ehrsam et al.
17 5. "Cryptographic Verification of Operational Keys 18 Used in Communication Networks", U.S. Patent No.
19 4,193,131 issued March 11, 1980, by Lennon et al.
BACKGROUND OF THE INVENTION:
21 This invention relates to cryptographic communication 22 security techniques and, more particularly, to communication 23 security for data transmissions between different domains of 24 a multiple domain communication network where each domain includes a host system and associated communication terminals 26 each having a data security device which permits crypto-27 graphic operations to be performed.

~ r~,~

1 Wlth the increasing number of eomputer end user~, sharing 2 of eommon ~ystem resources ~uch a-~ file~, program~ and h~rd~are 3 and the inerea~ing u~e of d~tributed sy~tems and tele-4 eommunieation~, larger and more eomplex e~mputer ba~e S information systems are being created. In Queh ~y~tems, 6 an inerea~ing amount of sensitive data may be tran~mittea 7 aero~s unseeure communieation lines. Beea~se of the 8 in~eeurity of eommunication lines, there i8 an inereasing 9 eoneern over the intereeption or alteration of sensitive data whlch mu~t pa88 out~ide a controlled or protected 11 environmont or whlch may become aeee~sible if maintained 12 for too long a period of time. Cryptograp~y has been 13 reeognized as an effecti~e data seeurity measure in that 14 it proteets the data it~elf rather than the medium over whieh it i8 tran~mltted or the media on whic.n it i~ s~orea.
16 Cryptography de~ls with methoas by whleh me~sags ~ata 17 e~l~ed eleartext or plalntext is encrypted or eneiphered 18 lnto unintelligible data ealled eiphertext ~nd by which the 19 eiphertext is deerypted or deeiphered bae~ into the plainte~t.
The eneipherment/deeipherment tran~formation~ are c~rrie~ out 21 by a eipher function or al~orithm eontrolled in aecordanee 22 with a eryptographic or cipher key. The c~pher key seleets 23 one out of many po~sible relationships bet~een the plaintext 24 and the eiphertext. Various algorithms ha~e been developed in the prior ~rt for lmproving data securi~y in data proe~J-lng 26 -Qyst~m~. E*ample~ of sueh algorithms are descrlbed ~n U.S.
27 Patent Num~er 3,796,830 is~ued ~arch 12, 197~ and U. S. Pat~nt 28 Number 3,?98,359 i~sued Mareh 19, 1974. Another more reeent 29 algorithm prov~ding data security in data proces~ing ~y~tem~

-112~3i2 1 is described in U. S. Patent Number 3,358,~81 issued May 18, 2 1976. This algorithm was adopted Sy the National Bureau of 3 Standards as a data encryption standard (DES) algorithm and is 4 described in detail in the Federal Inform~tion Proce~sing St ndards publication, January 15, 1977, FI~S PUB 46.
6 A data communication network may include a complex of 7 communicatLon terminals connected via comm~nication lines 8 to a s~ngle host system and it~ a~ociated re~ources such g a~ the host program~ and locally ~ttached tenminals and data files. Within the data communication network, the 11 domain of the host system is con~idered to ~e the set of 12 resources known to and manaqed by the ho~t system. Various 13 single domain data communication network~ have been developed 14 ln the prior art using cryptographic tec~niques for lmproving the security of data communication within the network. In 16 such network~, a cryptographic facility is provided at the 17 host ~ystem and at ~arious ones of the remo_e termlnals.
18 In order for the ho~t system and a remote ~erminal to perform 19 a cryptographic communication, both must u~e the same crypto-graphic algor$thm and a common operational cryptographlc 21 key so that the data enciphered by the sendi~g stAtion can 22 be deciphered at the receiving station. In prior ~rt crypto-23 graphic communication arrangements, the operational key to be 24 used at the ~ending station is communicate~ by mail, teLephone or courier to the receiving station so that a common operational 26 key i~ installed at both stations to permit the cryptographic 27 communi~ations to be performed. Furthermore, the operational 28 key was kept for a relatively long period of time. In order to 29 pre~ent a "moving target" to an opponent, other prior art arrangements developed techniques which i~proved se~urity li2L~12 1 by changing operational keys dynamically wh~re the frequency 2 of changing keys is done automatically by the system. One 3 ~uch technique is provided in the IBM 3600 Finance Communication 4 System utilizing the IBl~l 3614 consumer transaction facility S as remote terminals and is exemplified by U.S. ~atent No.
6 3,956,615 issued May 11, 1976.
7 A~ the size of data communication netw~rk~ increases, 8 other host ~ystems may be brought into the network to provide 9 multiple domain networks with each host qystem having knowlodge of and managing its associated resources which make up a 11 portion or domain of ~he network. By provi~ing the propsr 12 cro~s domain data link between the domains of the network, 13 two or more domalns may be interconn~cted to provide a net-14 working facility. Accordingly, as the size of the network increases and the number of communi~ation lines interconn~ctlng 16 the domainQ of network increases, there i8 an incre~sing noed 1~ to provide communication security for data transmitted over 18 such communication lines connectlng the domains of a multipls 19 domain communication network.
Accordingly, it is an ob~ect of the invention to maintain 21 communication security of data transmission~ in a multiple 22 domain networ~.
23 Ano~her object of the invention is to establish crypto-24 graphic communication sessions between host systems in diffe~ent domain~ of a multiple domain network without revealing the 26 keys of each ho~t system to the other host system.
27 A further object o~ the invention is to maintain 28 communiaation security of data transmissions between a termi~al 29 as~ociated with a host system in one domain and an application program associated with a host system in arother domain of a 31 multiple domain networ~.

~I977009 -5-1~2 ~1Z

1 Still another object of the invention is to maintain 2 communication ~ecurity of data transmi~sions between an 3 applicatlon program a~sociated with a host ~ystem in one 4 domain and an application progra~ a~sociated with a ho~t ~ystem in another domain of a multiple domain network.
6 Still a further object of the invention is to provide 7 a cross-domain key which allows communication se 3ions to 8 be established between different domains o~ a multiple do~ain 9 notwork.
Still another object of the invention i8 to provide a 11 cross-domain key which i3 known by a sending and receiving 12 ho3t system in different domains of a multiple domain networ~.
13 Still a further object of the in~ention is to create 14 cro~s-do~ain keys ~or cro~s-domain data conlmunications b~tween a host sy~tem in one domain and ho~t systems in other domaln~
16 of a multiple domain network.
17 Still another o~ject of the invention i8 to create a 18 cro~-do~ain key for cro~3-domain data communications by 19 generating a pseudo-random number which is defined as the cro3~-domain key.
21 Still a further ob~ect of the invention i8 to maintain 22 the ~ecurity of cross domain keys by protecting them under 23 a host key encrypting key.
24 Still another object of the invention i~ to protect a cross domain key un~er a key encrypting key of a ~ending 26 host system in one domain and under a di~erent key encrypting 27 ~ey of a receiving host system in another domain of a multiple 2 a domain network.
29 Still a further object of the inventiQn ~8 to protect a cros~ domain key under a variant of the ma~ter key of a Xl97~009 --6-1~2~2 1 sending host sy~tem in one domain and under a different 2 variant of the master key of a receiving h~t system in 3 another domain of a multiple domain network.
4 Still another o~ect of the invent~en is to protect cro~s-aomsin keys u~ed for data transmissions from the ho~t system in one domain to the ho~t ~y~tem in another doma~n 7 by a first host key encrypting key and to p;otect cross 8 domain key~ used for data transmissions fr~m the host ~y6tem 9 in the other domain to the host ~ystem in the one domain by a second host key encrypting key.
11 Stlll a further ob~ect of the lnvention ~s to establish 12 a common operat~onal key between host ~yst2m~ in d$fferent 13 domain~ of a multiple domain network to per)~t cro~s domain 14 cryptographic operations to be performed.
Still another ob~ect of the invention is to establi~h 16 a common operat~ona} key for a terminal in one domain and 17 an ~pplication program ~n another domain to ?ermit cros~
18 doma~n cryptographic operation~ to be perf~rmed.
19 Still a further obiect of the invention ~R to provi~e ~n ~rreversi~le ~ransformation function which u~e9 a protected 21 ~ros~-domain key at a sending ho~t sy~tem ln one domaln to 22 enc~pher a ses~ion key for tran~mis~ion to ~ receiving ho~t 23 ~yst~m in another domain of a multiple doma~. network.
24 Still another ob~ect of the invent~on i8 to prov~de an irreversible transformation funct~on at a rece~vlng ho~t 26 sy~tem using a protected cros~-domain key to reQnciph~r a 27 rec~ive~ ~es~ion key from encipherment un~er a cro~s-doma~n 28 key to enciphenment under the ma~ter key of the reoeiv~ng 29 host ~ystem.
Still a further ob~e~t of the invention i8 to r~enc~p~e~

~I977009 -7-1 a session key created at a ho~t system in one domaln from 2 enclpherment under a host master key to encipherment under 3 a cros~-domain key for transmission to the host sy~tem in 4 another domain.
S Stil; another object of the invention ~ to reencipher 6 a se~sion key created at a host ~ystem in one domain from 7 encip~erment under a host master key to encipherment und r 8 a ~erminal key encrypting key of a termi~-~l as~ociated with 9 the ho~t system in the one domain with which a communication session is ~o be established.
11 Stil} a further object of the inventior. i8 to dynamically 12 create a session key by generating a pseu~o random number 13 def~ned as a session key enciphered under ~n application key.
14 Still another object of the invention i8 to create application keys for the application progr~ms associated 16 with a host system in a data communication network.
17 Still a further ob~ect of the inventlon i~ to protect 18 application key~ by enciphering them under A ho~t key encryptlng 19 key.
Still another ob~ect of the invention i8 to reencipher 21 a ~e~ion key created at a host 3ystem in one dom~in from i 22 enciphermen~ under an application key to enc~pherment under 23 the master key of the host sy~tem.
24 Still a further ob~ect of the invent~on i~ to dynam~c~
create a different operat~onal key for each new commu~icatlon 26 se~sion between the host ~ystems in di~ferent domain~ of 27 ~ ~ultiple domain network.
28 Still ~nother object of the invention i~ to provide 29 different operational keys for each new communication ~e~sion between a terminal associated with a host ~ystem in one XI97700g .~, li2~ 2 domain and an application program assoctatHd with a host 2 system in another domain of a multiple domaln network.
3 Stlll a further ob~ect of the lnvention is to provlde 4 host data security devices for host systQ~s in different S domalns of a multiple domain network to permit cross-domaln 6 cryptograph~c data communication.
7 In accordance with the invent~on, a multiple domaln data 8 communication network i~ provided ~n which each domain include~
~ 9 a host system with an ~ntegrated data security device and ; 10 assoclated host programs and communicatlon termlnals wlth 11 lntegrated data security devices. The data security device-12 of the host system~ and the communicatlon tarminals include ! 13 a memory for storing a master key and cryptographic apparstus 1 14 ~or ciphering input data under control of a cryptograph~c key to produce ciphered output data. rOr ~ross-domaln 16 communication between the host system ~n one domaln and the 17 ho~t ~y8tem in another domain, the host daca security ~evlce i 18 of each host system generates a random num~er which i8 19 def~ned as a cro~s domain key for cross doma~n communication be~ween th~ two host systems and is communl~ated in a secure 1 21 manner to the other host system. The cros~-doma~n key 22 generated at each ho~t system is protected at ~hat host 23 system by encipherment under a first key encrypt~ng key and 24 9tored in enciphered form as a sen~ng cro~-domatn key whlle the cross-~c>ma~n key received at that host system from the 26 other host sy~tem is protected by encipherment under a second 27 key encrypting key and ~tored in enciphere~ form as a recei~ing 2B cross-domain key. When a communlca~on s~ssion ~s to be 29 establ~9hed between the host system in ore domain and the host ~y~tem in another domain, the host data se~:urlty d~vice of RI977009 g_ llZ4~12 1 the originating host ~ystem generate6 a random number ~hlch 2 i8 defined as being a se~sion key enciphered under the ho~t 3 master key of the originating ho~t system. The originating 4 host data security device then performs a transformatlon function in accordance with the enciphered send~ng cross-6 domain ~ey and the enc~phered Qe~ion ~ey to reenclpher tho 7 session key from encipherment under the originating host 8 master key to enc~pherment under the ~ending cro~-domain g key for transmission to the host system of the othor dom~in.
At the receiving ho-qt system in the other do~aln, the 11 receiving ho~t data secur$ty device performs ~ transform~-12 tion function in accordance with the encipnered receiving 13 cro~s-domain key stored at the receiving ho3t ~y8tem and the 14 received enciphered session key to reencipher the se~ion key from encipherment under the sending cross-domain key to 16 enclpherment under the host master key of the recoiving host 17 ~y~tem. At this point, the common ses~ion kRy i8 av~$1abl~
18 in u~eable form at both host sy~tems witho~t revoaling the 19 ma~ter keys of each host syQtem to the other host sy~tem ~nd 20 80 as to permit ~ubsequent cryptographic operations to bo 21 performed between the two host systems.
2~ Other arrangement~ are al80 provided whlch permit a 23 varlety of communication security appl~cations in a multlp~e 24 domain network. In one ~uch arrangement, a communic~tion ~e~ion i8 established between a terminal ~3soc~ated with a 26 host system in one doma~n and an application pro~ram as~oclated 27 with a ho~t system in another domain. The host data ~ecurity 28 device of the sending host ~ystem, in addition to generatlng 29 the cros~-domain key, generates a series o~ ~andom number~
each of which iB defined as the terminal m~ster key for a Ki977009 -10-~2~Bi2 1 term~nal associated with the host 9ystem anc ts communicated 2 to each terminal user in a secure manner f~r loadin~ into 3 the data securlty device of the re~pective terminals. The 4 ho~t data security device then enciphers and stores each of the terminal master keys under the same ho~t key encrypting key which protects the cross-domain key t~ mainta~n the 7 terminal keys in a secure manner. When a ccmmunication 8 session iQ to be establ~Qhed between one of the ter~inals 9 and th~ host syQtem in the other domain, the host data sQcur~ty device generates a pseudo random ~u~ber whl~h i~
ll defined as bein~ a sesslon key ~nciphered ~nder the host 12 master key. The host data security device then perform~ ~
13 f~rs~ transformation function in accordance ~ith the enclphered 14 terminal master key of the terminal and the ~nciphered 8e8910n ~ey to reencipher the ses3ion key from encipherment 16 under the host master key to encipherment l:nder the term~nal 17 master key. The host data security device then performs a 18 second transformation function in accordancQ with the 19 enciphered sending cross-domain key and the enclphared ~e~s~on key to rcencipher the ses~on key fr~m encipherment 21 under the host master key to enclphermen~ Imder the sendlng 22 cross-doma~n key. The session key enclphered under the 23 term~na} master key and the ses~ion key en.-iphered under the 24 sending cross-domain ~ey are then transmitted to the host sy~tem in the other domain. At the receiving host system ln 26 the other domain, the recelving host data securl~y dev~ce 27 perfsrms a transformation function in acco~dance wlth the 28 enciphered receiving cross-domain key ~to~ed at the rece~vlng 29 host system and the receivad se3s~0n key e~clphered ~nder the senaing cros~-doma~n key to reencipher the sessiGn key XI97700~

li2-~12 1 from enciphe~ment under the 3ending cross-domaln ~ey to 2 encipherment under the host master key o~ the receiving host 3 sy~tem which i~ in useable form to carry out subsequent 4 cryptographic operations at the host ~ystem in the oth~r domain. The receiving host system then txansmlt~ the 6 received session key enciphered under the t rminal master 7 key to the terminal with which the sess~on i9 to ~e 8 e~tablishe~. At this point, the common se~ion key iB
9 available in useable form at both the termina! of the ho~t ~y~tem ~n the one domain and the host system ln the other Il domain without having revealed the master keys of each hoot 12 system to the other ho~t sygtem 90 as to pe~mit ~ub~equent 13 cryptographic data processing operations to be performed 14 between the two units in the different domalns.
In another arrangement, using similar architecture, a 16 communication ses~ion is established between an application 17 program associated w$th a host system in or.e domain and an 18 applic~tion program as30ciated wlth a host system ln another 19 domain. The host data security device of the ho~t sy~tem in the one doma~n, ln addition to gener~ting the sending cro-s~
21 domaln key, generate~ a series o~ random numb~r~ each of wh~ch 22 is defined as the application key for an application program 23 a~sociated with the host ~ystem. The hosl. data security 24 device then enc~phers and stores each of th ! appllcatlon key~ under a key encrypt~nq key which i8 different than the 26 one which protects the sending cross-domaln key to maint~n 27 the applicat~on keys $n a secure manner. ~en a communication 28 ~e~s~on ~ to be estàb~ished ~etween the application program~
29 in the different domains, the host data se~ur~ty dev~ce generates a p~eudo random number which is d~fined as a sess$on key enc~pher~d under the application ~ey o~ the applicatlon Xi9~70~g -12-1i2~ L2 1 program of the sending host system. mhe hr-~t data ~ecurlty 2 device then performs a flrst transformation functlon ln 3 accord~nce wlth the enciphered application key and the 4 enclphered sesslon key to reencipher the ses~lon key from S encipherment under the appllcat~on key to ~ncipherment under 6 the ~endlng host master key. ~,he host data ~ecur~ty devlce 7 then performs a second transformat~on function in accordanc~
8 with the enciphered sending cross-domaln key and the enciphered 9 session key to reencipher the session key fr~m encipherment under the sendinq ho~t master key to encipheJ.~ent under the ll 8ending cross-domain key. The ~ession key enclphered under 12 the application key and the ses~ion key enclphered under the 13 sending cross-domain key are then transmltned to the ho~t 14 syYtem in the other domain. At the receiving host system ~n the other domain, the receiv~ng host data se~,urity device 16 perform~ a transformation function in accordhnce wlth the 17 enciphered receiving cross-domaln key -~torad at the receiving 18 ho~t 3ystem and the received sesslon key en~lphered under l9 the sending cros~-domain key to reencipher th~ sesslon key from encipherment under the sendlng cross-~oma~n key to 21 enclpherment under the recel~ing host master key which iQ ~n 22 u~eable form to carry out subsequent cryptographic operatlon-23 by the appli~atlon program at the recelvin~ host ~ystem. Th~
24 receiving host system th~n tran~mits the re-eived se~slon key encipher~d under the application key to th. application 26 pxogrsm of the sending host system wtth whlch the se~ion ~
27 to be established. ~he application program ~t thQ ~ending ~08t 2 a ~y3tem request~ the ho~t data ~ecurity devic~ to perform 29 another transformation function in accordance with the enclpherea application key stored at the sendlng host system and the 3~2~i2 1 received enciphered session key to reencipher the session 2 key from encipherment under the applicatio~ key to encipher-3 ment under the sending host master key At this point, the 4 common Qession key is available in useable form at both host systems without having revealed the ma~;er keys of each 6 host sy~tem ~o the other host system ~o a~ to permit subsequent 7 cryptographic data processing operation~ to proceed between 8 the two application programs ~n the different domains g In addition, the above arrangements m4y include the use of pre-defined private terminal key~, private appllcatlon 11 keys or pr$vate session keys made known to b~th host ~ystem~
12 to permit private cryptographic operat~on~ to be performed 13 The foregoing and other objects, features and advantago~
14 of the invention will be apparent from the ~ollowing partlcul~r description of a preferred embodiment of tl,e in~ention, a~
16 illustrated in the accompanying draw~ng~
}7 2~

~8 K1977009 -14- '~

~i24812 BRlEF DESCRIPTION OF THE DRAWINGS:
2 Fig. 1 i~ a block diaqram illu~tratiny a multiple 3 domaln data communicatlon network.
4 Fiq. 2 is a block diagram of a representati~e multiple domain network illustrating, in block forn, the detalls of 6 a ho~t and terminal in such a network.
7 Ftg. 3 is a block diagram of a crypt~raphic engine 8 which performs cryptographic functions in ~ loq~cally and 9 physically ~ecure manner.
Fig. 4 illustrates in block diagram form a manual WMX
11 functlon.
12 Fig. S illustrates in block d~agram form a host controlled 13 W~IR function.
14 Fig. 6 lllustrates in block diagram f~rm a DECX function.
Fig. 7 illu~trates in block diaqram form a E~C functton.
16 Fig. 8 illustrate~ in block diagram for~ a DEC ~unctlon.
17 Flg. 9 illustrates in block diagram form a GRN functlon.
18 Pig. 10 illustrates in ~lock diagram ~orm an ~MK~ functlon.
19 Fig. 11 lllustrates in block diagram 40rm an EMRl functlon.
Fig. 12 illustrates in ~lock diagram rorm an ~K2 ~unctlon.
21 Fig. 13 illustrates in block diagram form an ECPH functlon.
22 Fig. 14 illustrates in block diagra~ form a DCPH functlon.
23 ~ig. 15 i}lustrates in block diagram form a ~F'~K funct~on.
24 Fig. 16 illu~trates in block diagram ~orm a RTk~K functlon.
Fig. 17 is a b~ock diagram illustrati~g the Sasic concopts 26 of cryptographic con~unication security in a multiple domaln 27 neSwork.
28 Flg. 18 i~ a block diagram illustrating detalls of 29 cryptographic communication security in a multip~e domain network involving a terminal and an application program ln gI977009 -15-~ - \
~12 ~

l different domalns of the network using system generated ~ey~.
2 Fig. l9 is a block dlagram illu~tratir~g detail3 of 3 cryptographlc communication security in a ,~ultlple domain 4 network involving application programs in different domains of the network using system generated keys.
6 F~g. 20 i~ a ~lock diagram illustrating details of 7 cryptographic communicat~on security in a multiple domain 8 network involvlng a terminal and an applicRt~on pro~ram in 9 different domains of the network u~ing a private termina} key.
Fig. 21 $8 a block diagram lllu~trating cryptographic 11 communlcat~on ~ecurity in a multiple domain network ~nvolvlng 12 applicat~on programs in differen~ domains of the network 13 u~ing a private application key.
14 F$g. 22 is a ~lock diagram illustrati~g detail~ of cryptogrsphic communication security ~n a .~ultiple dom~in 16 network involving a terminal and an applicntlon program in 17 different domains of the network using a private ~e6~ion key, 18 ~lg. 23 i~ a block diagram illustxating detAil~ of 19 cryptographlc communication security ln a multlple domain network ~nvolving application program~ in ~ifferent domalns 21 of the network using a private sesslon key.
22 Fig. 24 iLlustrates the details of a clock circuit u~ed 23 in the d~ta security de~ice of the pre~ent inv~tion.
24 Fig, 25 i8 a timinq dia~ram explaining the operatlon of 2~ the c~oc~ circuit illuQtrated in Fig~ 24.
26 Fig. 26 i~ a diagram of how Figs. 26al thro~gh 26~2 may 27 be plaeed to form a detailed schematic dialram.
2B Figs. 26al through 26i2, taken togethsr, co~pr~se a 29 deta~led ~chemat~c diagram of the da~a secur~ty device of the pre~ent invention.

~Ig77~0~ -16-112 ~12 1 ~ig. 27 is a tin~ing diagram of the manual WM~ operat$on.
2 Fig. 28 illustrates how Figs. 2~a and ~8b may be placed 3 to form a composite timing diagram.
4 Fig. 2~a and 28b, taken together, comE-rise a tlm$nq diagram of the host controlled W~K operation.
6 Fig. 29 illu~trates logic details of th~ cxypto engine 7 used in the data security device of the pre~ent ~nvention.
8 ~lg. 30 il~ustrates how Figs. 30a to 3~c msy be placed 9 to form a composite timlng diagram.
Fig~. 30a to 30c, taken together, com~rlse a timlng 11 diagram of the ~ECX operatlon.
12 Fig. 31 illustrate~ how Figs. 31a to 31~ may be placed 13 to form a compo~ite timing diagram.
14 ~lgs. 31a t~ 31d, taken together, comp.lse a timing diagram of the DEC/ENC operat~on, 16 Fig. 32 illustrates how Fiqs. 32a to :2c may be plaoed ~7 to form a composite tim~ng diagram.
18 Figs. 32a to 32c, taken together, compri~e a tlming 19 diagram of the GRN operation.
Flg. 33 illustrates how Figs. 33a to 3~c may be p~aced 21 to form a composite timing diagram.
22 Pig8. 33a to 33c, taken together, comlJrise a timing 23 diagram of ~he ~MK operation.
24 ~ig. 34 illustrates how Figs. 34a to 34g may be place~
25 to form a composite timing diagram.
26 Fig~. 34a to 34g, taken together, comFrise ~ timlng 2 7 d~agram of ~he ~F~R operation.
28 Fig. 3S illustrates how Figs. 35a to 35g may ~e placed 29 to form a c~mpo~ite timing diagram.
Figs. 35a to 35g, taken together, compri~e a tlmlng dlagram 31 of the RTMK operatlon.

..

1 GENERAL DESCRIPTION:
2 INTRODUCTION:
3 In a single domain data communication network, a 4 complex of communication terminal~ are con~ected via a S plurallty of communication lines to a ho~t data proces-ing 6 sy8tem and lts associated re~ource~ such as host proqramJ ~
7 and locally attached terminal~ and secondary ~tora~e file~.
8 Because of the complexity and increasing 8~ ze of such network~
9 other host ~ystems may ~e brought into t~.e networ~ by provlding the proper cross domain link bet1-Jeen the multiple 11 systems thereby providin~ a multiple domain ~etwork.
12 However, with this increaslng size of the net~ork, the 13 problem of transmittin~ data over unsecure communication 14 l~ne~ becomes more acute and it is necessary to protect the data to maintain the confidentiality and ~nte~rity of the 16 information represented by that data. Cryl~tography provld~
1~ an effectiv~ data security measure for communication ~ecurity 18 in that it protects the confident~allty and integrity of the 19 data itself rather than the medlum over which it i8 trans-mitted. Fig. 1 lllu~trates a cryptographic arrangement ~n 21 represQntativQ multiple domain data communication network.
22 Most practical cryptographlc ~ystems i-equ~re two ba~ic 23 e~ements, n~mely, (1) a cryptographic algorlthm which 1~ a 8et 24 of rules that specify the steps requ~red to transform or encipher plalntext into ciphertext or to transform or declpher 26 ciphertext back lnto plaintext and ~23 a cipher ~ey. The ciphor 27 ~ey 1~ u~ed to ~elect one out of many pos~lble rel~tionsh$ps 28 between the plaintext and the ciphertext. Various cryptograph~c 29 algorlthm~ have been developed in the pr~or art for improY~n~
data security in data proces~ing system~. Qn~ ~uch algorlthm ~, ; 312 1 i~ described in U.S. Patent ~Jo. 3,958,081 i~sued S-1ay 18, ;~
2 1976 and was xecently adopted as a United States Federal 3 Data Proces~ing Standard as set forth in the aforesaid 4 Federal Information Processing Standard p~b}~cation. A
hardware i~plementation of thi~ algorithm is incorporated in 6 the pre~ent invention. The cryptographic algorithm opcrat--7 to transform or encipher a 64 bit ~lock o~ plaintext ~nto a 8 unique 64 bit hloc~ of ciphertext under control of a 56 blt 9 cipher ~ey or to transform or decipher a ~4 bit block of c$phertext back into an original 64 bit bl~ck o~ plaintext 11 under control of the same 56 bit c~pher key with the deciphoring 12 process being the reverse of the encipherin~ process. The 13 effectiveness o~ thi~ cipher process depend~ on the techniqu~
14 used for tlle selection and management of t~e cipher key uJed in the cipher proce~s. The only ctpher ~ey actually used in 16 the cipher process to per~onalize the algo:~thm when encryptin~
17 or decryptlng data or other keys iB termed the working key nd 1-18 accessible only ~y the cryptograph~c apparatu~. All othar 19 key~ hereafter discu~sed are used at diff~rent tlme~ a~
20 worklnq key~ depending upon the cipher operatlon to be 21 performed.
22 There ar¢ basically two categories of clpher keys u~ed ln 23 the cryptographic ~y~tem, namely, operational key~ (XO) and 24 key encrypting keys (XEK) with operational keys ~e~ng ref-rr-d to and used as data encrypt~ng keys. ~ata encryptinq or 26 operational keys ar~ a category of keys u~d to enc~ypt~decrypt 27 data while key encrypting key~ are a catec~ory of ~eys u~ed - 2B to encrypt/decrypt other key~.
29 Within the two basic categorie~, there are Yariously deflnod classe~ an~ types of cipher keys. ~hus, in the data encryptln~

1 or operational class of cipher keys, the data encrypting or 2 operatlonal Xey which protects data during ~ata communicatlon 3 se~lons ~s a class of key called the primary communication 4 key. One type of this class of keys is on~ which is a system generated, time variant, dynamically creat~ key transmitted 6 in enciphered form under a ~ey encrypting ~ey from a host 7 system to a remote terminal. ~.he key i~ deciphered at the 8 terminal and then loaded into the worklng key register and 9 u~ed as the wor~ing key. The ~ey ex~sts ~nly for the durat~on of the communication session and will be raferred to a~
ll the 8y8tem session key (KS). In private c~yptographlc 12 systems which use a private protocol known to each end 13 user but unknown to the system, a private key may be used a~ -14 another type of primary co~unication key to provlde communication security. lhe private key 1~ loaded 16 into the terminal working key register and then used as the 17 wor~ing key. The key exists only for a time duration determlned 1~ by the private protocol which may require ~he key to be chang d 19 for each communication, once an hour, once a week, etc. and w~ll be refe~red to as the private ~e~ion key (KSP).
21 With~n the key encrypting category of cipher keys, 22 there are two sub-categories, namely, the primary key en¢ryptln~
23 key and the sacondary key encrypt~ng key. In the primary 24 key encrypt~ng key sub-category of cipher ~eys, the key encrypting key used in the host system to encipher other 26 ~ey~ is a class of key cal~ed the system ~ey. One type o~
27 thls class of keys i~ one which is u~ed to protect the 28 system sesslon keys actively usad at the h~st and w~l} b~
29 referred to as the host master key (K~ . In the secondary key encrypt~ ng ~ey sub-category of cipher ~eys, there i~
. ' 1~.

llZ~2 1 a class of key called a ~econdary communication key wh$ch 2 i8 used to protect other keys. ~YO type~ of th~ 8 cla~ of 3 key are used to protect system session keys ~ransm$tted to 4 a terminal and when sy~tem generated will be referred to as the terminal master key (~T) and when provided as a pre-6 defined private key will be referred to as a pr~vate terminal7 master ~ey ;KMTP). ~nother type of this class of key is 8 used to protect ~ystem ~ession keys tran~mitted from the 9 host system in one domain to a host sy~te~ in another doma$n of a multiple domain communication network and will 11 be referred to as a cross-domain ~ey (~C). Two add~tional 12 types of thi~ class of key are u~ed to pro~ect system 13 se~8$0n key.~ transmitted to an applica~ion pro~ram as~oc$ated 14 w$th a host system and when sy~tem generated will be refexred to a~ the application key ~KNA) and when provided 16 as a pre-defined private application key w$~1 be referred to 17 as a private appl~cation key ~KNAP). The variou~ crypto-18 graphlc keys defined above are ~u~marized :.n the follow$ng19 table by category, class, type and use:

2~

1~2~312 ~.
_ _ 2 Key Encrypting 3 Primary Sy~tem Key ~ost ;~-~ter 4 Key (XMH) ~ncipher Terminal Ma~ter Key ~MT) 6 Private Other . Second~ry Terminal Master 7 Key (KMTP) .
8 Secondary Communication Cros~-~omain Crypto~raph~C
9 Rey ~KNC) Keys Application Key (KNA) Keys 11 Private Applic~tlon 12 Rey (KNAP) 13 Data .
14 Encrypting System Se~s~on ~nciph~r Xey~ Xey (XS) Or Primary (Operatlonal Communlcation Private 8e~9ion Declpher 16 ~ey~) Key~ Key (KSP) Data 1~
19 `

~5 ~124~i2 1 GENERATION, DISTRIBVTION, INSTALLATION AN~ MANAGEME~T OF
2 CRYPTOGRAP~IC KEYS:
3 Key generation is the process which E;ovides for the 4 creation of the cipher keys re~uired by a cryptographic 8y~t~m.
~ey generation includes the specification of a sy~tem m~ster 6 key and primary and secondary communication keys.
7 The host master key is the primary k~y encrypting 8 key and 18 the only cipher key that needs ~o be present in 9 the host cryptographic facility in clear f~rm. Since th2 host master key does not generally change for long perioda 11 of time, great care must be taken to select thi~ key in a 12- random manner. Thi3 may be accomplished by uslng ~ome rando~
13 experiment such as coin tossin~ where bit value~ 0 and 1 aro 14 determined by the occurrence of heads and t~ail~ of the coin or by throwing dice where bit values 0 and 1 are determined 16 by the occurrence of even or odd roll~ of ~,he dice, with th~
17 occurrence of each group of coins or dice being con~erte~ in~o 18 corresponding parity adjusted digits. ~y enc~phering 811 othex 19 cipher keys stored in or pas~ed outside the hos~ system, oYerall ~ecurity i8 enhanced and secrecy for such other cipher keys 21 reduce~ to that of providing secrecy for t.le single host m~tsr 22 ~ey. Secrecy for the ho~t master key may he accompli~hed by 23 storing it in a non-volatile ma3ter key memary 80 th~t the ho t 24 master ~ey need only be Lnstall~d once. Once ~nstal}ed, the ma ter key is used only by the cryptographic apparatus for 26 L~ternally deciphering enciphered keys which may then be used 27 as the working ~ey in a s~bsequent encipher~decipher operatlon.
28 Installation of the host ma~ter key nay be accomplished 29 by ~ direct manual ~ntry process using m~ch~n~cal ~w~tches, dial~, or a hand-hel~ key entry device. Alternately, an KI977009 ~3~

~4~2 .
1 indirect entry method may be used in which ~ase the host 2 master key may be entered from a non-volatile media such as 3 a magnet~c card or tape which is maintained in a secure 4 locat~on (safe, vault, etc.) accessible onIy to the security S administrator. Another alternative indirect entry method 6 may be to use a keyboard entry device, ~lough this method 1 7 sub~ect to numan error. In any event, whichever indirect 8 met~od ~9 chosen, during initial~zation, th~ host ~astor key 9 may be resd into and temporarily stored in the host memory and ;'~
then tran~ferred to the ma~ter key memory ~ith the host memory 11 entry be$ng ~ubse~uently erased 80 that orly one copy is 12 present and accessible on}y ~y the cryptosraphic facility.
13 The term~nal master key is a secondary key encryptlng 14 key and like the system master ~ey, i8 the only key encrypt~n~
key that needs to be present in clear form in the termlnal 16 cryptogrsphic facility. Since there may be n~merous 17 terminals as~ociAted w~th a host system, i;: may not be 18 practlcal or prudent to have these keys generated by a hu~an 19 user using Qome type of random experiment. ~herefore, to rel~eve the system administrator from the bu~den of crea~ing 21 cryptographic keys, except for the single ~ystem ma~tcr key, 22 the cryptographic apparatus of the host system can be used 23 as a pseudo random generator for generatinj the required 24 terminal master ~ey~ used by the various terminals associated with the host system. The manner by which such 26 host ~yatem generated ranaom num~ers are produced i9 described 27 in detail hereafter. In addltion to the sy3tem generated 28 termlnal master keys, off ~ne mean~ ~ay b~ u~ed by end 29 user~ to establi3h a priYate termlnal mast~r ~ey. In either e~ent, the clear form of the system or private g~nerated KI977009 -~4-~124~

1 terminal master key is distributed in a s~cure manner to the 2 authorized individuals. This may be accomp'~ished by 3 transporting the key by courier, registered m~il, public 4 telephone, etc. The liklihood of an opponent obtaln~ng the key during trans~t can be lessened by tran3mitting different 6 port~on~ of the key over independent path~ and then comblning 7 them at the destination. Once having properly received ~
8 valid system or private generated terminal naster ~ey ~ -9 clear form, it becomes necessary to maintair. it~ ~ecrecy.
At the terminal, this is accompl~shed by ur~ting the term~n~l 11 ma~ter key into a non-volatile master ~ey memory, as in the 12 ca~e of the host ~ystem master key. Once installed, the 13 terminal master key is used only by the torminal cryptographlc 14 apparatus for internally deciphering enciph~red ~ystem generated primary communication keys which n~y then ~e u~ed ~6 as the working key in a subsequent encipher/decipher operation.
17 The croQs-domain key i~ a secondary key encryptin~
18 key which is used as a secondary communicc.ion key to allow 19 a se~sion key generated at the host system in one domain to be transmitted and recovered at the host sy~tem in 21 another domain of a multiple domain communication network.
22 The cryptographic apparatus of the sendin~ hoat system 23 used as a pseudo random generator, a~ iQ the ca~e of 24 generat~ng terminal master keys, can also be used to generate ~he cross-domain key. Because tl~ere may ~e 26 numerous host systems interconnected in the multiple domain 27 communication networ~, it is necessary to generate a 28 separate cross-domain key for each cro s-~omain communication 29 be ween each host system and the other host sy~tems of the network. As in the case of the terminal l~3ter keys, these Ki97~00~ -25-- 1124~i~2 `

1 cross-domain keys mu~t be distributed from each ho~t 2 system to ech of the other host systems in the network 3 in a secure manner. ~his may be accomplished in a similar 4 manner to that described for the distribution of ~ermin~l master keys. Once having properly received a valid 6 cross-domain key in clear form at the rece~v~ng host system, 7 it become~ neces~ary to maintain its secrecy. The manner 8 in wh~ch this is accompli~hed wil~ ~e described hereafter.
9 However, once installed at the receiving hos~ system in a ~ protected form, the cros~-~oma$n key i~ used only by the 11 receiving host system for internally transf~rming enclphered 12 session ~eys transmitted by a sending host sy~tem lnto a 13 form usable by the receiving host system t~ carry out 14 cryptographic operations.
~he appl$cation key is a secondary key ~ncrypting key 16 which is u~ed as a secondary communication key to protect 17 the session key generated at a sending host ~ystem of a 18 multiple domain networ~. The sess~on key ~rotected by the 19 application key is transformed into a form usable by the sendin~ host system to carry out cryptographic operatlcn~.
21 Since there may be numerous application prog ams a~soc~ated 22 with a host system, it is necessary to generate a ~eparate 23 application k~y for each appllcation progra.n. Therefore, 24 th~ cryp~ographic apparatus of a hos~ systqm may be used ~8 a p~eudo random generator, as ~n the case of generattng 26 terminal master keys and cross-domain ~eys, to generate 2 7 the appl$cat~o~ keys for each of the application proqrams 28 as~ciated with the host system. In addition to the ~yste~
29 ge~erated application keys, off l~ne me~ns .nay be used by end user~ to define a~d establi3h a privat? application key KIg77009 -26- v ~2 ~`~i2 1 for use in private communication arrangeme~ts. In sither 2 event, once having validly generated a system or private 3 application key, it ~ecomes necessary to maintain its 4 secrecy. The manner in which this is accomplished will be described hereafter.
6 Because the ciphering algorithm used i8 not secret, 7 the degrce of protection that can be deriv~d from a crypto-8 graphic ~ystem ultimately de~ends upon the security of the 9 cryptographic keys. Therefore, the ob~ectives of key mangement are: ~1) cryptographic keys should never occur 11 in clear form outside the cryptographic device, except under 12 secure conditions during the period when keys are originally 13 distr~buted and installed or when stored in a sec~re place 14 such a~ a safe, vault or similar location for backup or recovery and (2) no cryptographic operation, or combination 16 thereof, using any cryptographic ~uantities which are 17 routinely stored or routed through the system, or der~ved 18 therefrom, should permit clear keys to ~ recoverable outside 19 the crypto~raphic device. Therefore, if t'-e systsm g~neratsd terminal keys are to ~e stored at the host system they mu~t 21 be protected from beinq expo~ed in clear form. Thi~ can ~9 22 acco~plished ~y having the terminal keys enciphere~ under 23 another key. Accordingly, a dua~ master key approach i~ adapted, 24 ~y the present invention, in which a ~ariant (K~l) of the host ma~ter ~ey (KM~) is used to encipher the terminal 26 master keys ~y an ~ncipher ~5aster Key funct~on ~ K~, which 27 will ~e ~escri~ed in greater detail hereafter. ~n the 28 embodlment of the present in~ention, only the ho~t ma~ter 29 key res~des in clear form within the cryp~ograp~ic device.
Accordingly, when an E~Cl ~unction is to be performed, the XI~77009 -~7-~ f 1 host ma~ter key is read out of the master Key m~mory and by 2 selected ~nver~ion of certain bits of the ho~t master key 3 the variant ~1 i8 derived for use in enciphe~ring the 4 termlnal master key. By enciphering the terminal master S kQys under the variant of the host ma-~ter k~y, the enciphered 6 terminal key~ now in protected form may be stored ln a 7 cryptographic data ~et until required for u~e in a cryptogr~phl¢
8 operation.
9 In the ca~e of multiple domain network~, a cross-do~ain key generated at a host system in one domain for cros~ do~a~n 11 communlcatlon with a host ~ystem in another domain of the 12 network ~8 communicated in a secure manner to the host 13 sy~tem ln the other domain and vi8a versa ~o that a palr 14 of cros~-domaln keys is shared betwaen the two ho~t sy~t~ms.
~hu~, the cros~-domain key generated at the ho~t sy~tem 16 in the one domain is designated as the sendlng cro~s-dom~ln 17 key for the one domain and a~ the receiving cross-domaln key 18 ln the other domaln wherea~ the cro~-domain key generated 19 at the ho~t system in the other doma~n is de~ignated a8 the ~end~ng cro~-domatn key for the other dom~in and ~8 the 21 recelving cros~-domain key in the one doma~n. ~herefore, each 22 ho~t system must ~tore two cro~s-domain keya for cro~s 23 domaln communications between it~elf and ancther ho~t ~y~tem of 24 the network, one being the cross-domain key it gen~rat~d and de~lgnated as the ~ending cros~-domaln key and the other boing 26 a croR~-domain key ~t rece~ved from the o~er hs~t sy~te~ and 27 de91gnated as the receiving cro~s-domain key. S~nce, the~e 2B pa~r8 of key~ are to be ~tored at each ho~t system, they mu~t 29 al~o be protected from being exposed in cle~r form. Thi~ can bs accomplished, a~ in ~he cs~e of term~nal mastes keys, by ~I977009 -28-2 !~

1 having them enciphered under another key.
2 A sending cross-domain key in a sendins host system ls 3 used in a tran~formation process, termed an RFMK function 4 which will be described in greater deta~l hereafter, to reencipher a sess~on key from encipherment under th~ ho~t 6 master key to enciphenment under th~ ~ending cro~s-domaln koy 7 for tran~mis~ion, ~n this protected form, over a communication 8 line to tha r~ceivlng host system. ~t the receiving host 9 sy~tQm, the receivinq cros~-domain key ls u~ed in a d~fferent type of transformat~on process, termed an ~TMX function which 11 wlll be de~cribed in greater detail hereafter, to reencipher 12 the received session key from encipherment under the sen~ing 13 cro~s-domain key to encipherment under the receivinq ho~t 14 ma~ter key. In or~er to achieve cryptogra~hlca~ly st~ong k~y management, these tran~form proces~es shou}d be unidirectional 16 ~.e. ~he tran~form proce~s should be irrever~lble at the 17 sending host system and decipherable only ~t the rec~iving 18 host system. Unidirectionality is ach~eve~ in th~ present 19 in~ention by a multip~e master key technique in whlch a fir~t variant (KMHl) of the sending host master key (XMH~) i9 used 21 to encipher the sending cross-domain key by the Enc~pher Mastox 22 Xey function (E~Rl) and a second variant (XMH2) of he 23 sending host master key (~3 is used to tncipher the 24 the receivirg cros~-domain key by an Encipher Ms~ter ~ey function ~E~K2), which will ~e described in ~reater de~all 26 hereafter. ~he E~2 function is similar to the ~M~l 27 function in that the master key of the a~oc~ated host sy~tem 28 i~ read out and by ~elected inversion of c~rtain bits, 29 different from those inverted by the ~Kl ~unction, of th~
host master key, the varient ~H2 ~ der~ved for use ln -112~2 1 enciphering the receiving cross-domain key. By enc~ phering 2 the send~ng cross-domain key under the first variant of the 3 ho~t master key and by enciphering the receiving cross-4 domain key under tha second variant of th~ host master key, the enciphered cros~-domain keys, now in protected for~, 6 may be stored in a cryptographic data set until requlred 7 for use in the tranRform processes.
8 Unidirec~ionality i8 made po3sible because the output 9 of the ~ending RF~K tran~formation function, the ~ession key enciphered under the sending cross-domain key, i9 u~ablo only 11 by the receiving ~ ~ transformation functi~n. Thus, the 12 sending ho~t system can reencipher the ses&ion key from 13 encipherment under the sending host master key to encipher-14 ment under ~he sending cross-domain key ~eca~e the sendlng cro~s-~omain key enciphered under the first variant of the 16 sending host master key i9 available at t~,e sendlng host 17 system, bu~ it cannot reencipher the sessi~n key from 18 encipherment under the first variant of th~ ~ending cross-19 domain key to encipherment under the sendiil~ host ma~ter key because the sending cross-domain key enciphered under a 21 second variant of the sending host master key i8 not 22 available at the sending host system. In~erse~y, the 23 rece~v~ng host sy~tem can reencipher the s~ssion key from 24 encipherment under the sending cross-domain key ~o encipher- ' 25 ment under the receiving host ma~ter key becau~e the sendln~ -26 cros~-domain key enciphered under the second variant of the 27 receiving host master key is available at the receivln~ ho~t 28 ~y~tem, but it cannot reencipher the sess'on key from 29 encipher~ent under the receiving host master key to encipher-ment under the sending cros~-domain key becau~e the sand~ng ~12 ~81Z

l cross-aomaln k~y is not a~ailable at the r~eeivlng host 2 system.
3 In a multiple domain network where croJ~ do~aln 4 eom~unieation i8 to be e~tablished between an applieation program ln one domaln with an applieatlon progr~m in another 6 domaln, an RTMK tran~formation funet~on is requlred to 7 roeneipher the so-sion key from eneiphermont under th~
8 applleatlon key of the applleat~on program as~ociatod w$th 9 the ~endlng host system to encipherment und~r th- ~e~dlng ho t maJter key, as wlll be deserlbed ln g2~ater datall ll heraafter. To perform thl~ transform prooess the applleatlon 12 key enclphQred undsr the seeond variant of the ~en~lng ho t 13 ma~ter koy must be available at tho sendin7 host ~y~tem.
14 Aeeordingly, the applleatlon keys of the applieation program~
a~so¢lated wlth eaeh host system are eneiphered under the 16 seeond variant of the assoeiated host 8y8t~m ma~tor key to 17 pormit thl~ transfo~m proeess to be per~ormod. The EMX2 18 fun¢tlon may be used to eneipher the appllea~lon ~ey~ under 19 the seeond var~ant of the host master key and the eneiph-red applieatlon keys, now ln proteeted form, ma~ also be tor d 21 in th- eryptographle data set until required for u~ ln the 22 transformation proce~.
23 Sy~tem generated pr~mary communication ~eys, i..~ 8-1On 24 keya, are time variant keys wh~eh are dynamica~ly q~nara~ed for eaeh ~ommunication ~ession and arQ us~d to protec~
26 eommunieated dsta. Since there may be num~rous communication-27 ~e~sion3 it is ~mpract$cal to have these ~eys sen~rated by 28 a human u3er. Ther~fore, the cryptographic appar~tus of 29 the host system m~y be u~ed as a pseudo-random genexator for gen~ratlng, as each communication ~ession i~ requ~red, a 112~ 2 1 p~eudo-random number which, in keeping with the ob~ective 2 that cryptographic keys should never occur ln the clear, 3 may be defined a8 being a ~ession key enciFhered under th~
4 host Xey encrypting key. In a multiple do.Jtaln networ~
when cross domain commun$cation i8 to be entabli~hed 6 between a terminal as~ociat~d with a host syatem ln one 7 domain and an appllcation program ~ssociat~d with 8 a host system in another doma~n, the generated random g number i~ defined a8 being the session key enciphered undex a host master key. On the other han~, when cro~
11 domain commun~cation is to ~e established ~etwoen an 12 application program in one domain and an spplicat~on 13 program in another domain, the generated ran~om number 18 14 defined as being the session key enciphered under the applioatlon key associated with the applic~tion program 16 of the send~ng host system.
17 In ~ome priYate cryptographic ~y~tems $n~ol~ng 18 multiple domain networks, end users msy wlsh to u-o a 19 mutually agreed upon private secondary commu--icat$on key i.e. a private term$nal ma~ter key or a prlvnte appllcatlon 21 k~y. The~e keys must be protected by enci~nerment und~r 22 the appropr$ate variant of the as~oclated i~ost ma~ter k-y.
23 Where limited key management facilities arQ use~ with 24 pr~ate ond u~er protocol, it may ~e nece~2ary to wrlte the enc~phered pri~ate secondary communication key to an output 26 de~ce, such as a printer, and ~tore the printer output in ~
27 secure manner, e.g. ~n a physically protec~ed vau}t, untll ~u¢h 2B time ~# the communication 9e88ion t8 des~r~d. At that t~
29 th~ enc~phered private secondary communica~on ~ey i~ bro~g~t out and loaded ~nto the ho~t 8y8tem~ In the c~e of a :

3 12~12 .
private terminal master key the terminal u~er load~ the 2 pr$vate ~ey into the terminal master key memory and tho 3 communication ~es~ion may then be lnit$ated.
4 In other private cryptographic ~ystem~ involvlng S multiple domain networks, where the end u~ers UJe a privat~
6 protocol which i8 unknown to the ~y~tem, k~y selectlon, 7 management ~nd data transfer operatlon~ are p~rform~d wtthout 8 ~ystem knowledge that cryptography $s beinq ~erformed. ~n -9 such arrsngements, the end users may define a private proto~ol us$ng a mutually agreed upon private primary co~unicatlo~
11 key, i.e. a private session key. In order to m-et tho 12 ob~ective that no cryptographic key appear in cloar form, 13 tho prlvate see~ion key must also be protected. ~hls l~
14 accompli~hed, $n this ca~e, by enciphering the pr~vat~
se~s$on key under the host ma~ter key by ~n Enclpher M~t~r 16 Xey functlon (E~K~), which will be de~criboi in greator 17 detai~ herea~ter. With thi8 end-to-end encryp~lon appxoach, 18 enciphered mQJ~a~es can be ~ent vi~ networ~ of ~ny typ~, 19 pr$vate or ~u~ic, w$thout sy~tem knowledqe that cry~to-graphy i8 be$nq performed but provlding comm~nlcatlon 21 ~ecurity for such data transmi~ion~.
22 The following table ~ummar$zeJ the pro~ct~on provid d 23 for th~ various cryptographic keys used 8t a repre~entati~
i4 ho~t ~y~tem ln a multlple domRin communication n~twork by the multlple ma~ter key arrangement whlc~ uge~ var~ant~ of 26 the host m~ter key.

- ~2~312 `
'` ~
XEY TA:BLE

NAME R~l XMH2 EXP~NATt)RY
T~rm 1 EKMHlRMTl . Outbo~rd . . . :, 6Term ~ E~MHlXMT.l Terminal ReyJ

8 .
Term n EKNHll~MTn E~2RNAl 12 . . ~nboard 13Appl ~ ERMH2RNAi 14 ~ppl~catlo~ J~ay-15Appl n ERN~{2KNAn 17Ho~t ~ ERMHlgN~ EKMH
18 . E~Hl~NC EXMH21~NC S~nding an~ P~iV

Cro~
Ho~t ~c E}~lgNC EKMEI2RNC~k For S~ndlrlg An~l . .

2 2 E~ Ckl ERMH2~Clk Rsc~vlng 24~lo~t 1 EKMHl~C EKM~2~C To~From Oth~r 2 5 EXPS~}l~Cl~C E~MH2X2~~o~t syJte ~7 3~

R~ 977009 -34_ ilZ

1 While ~t ls efficient to use variants of a ho~t ma~ter 2 key to provide protection for the variou~ cryptographic 3 key~ used in the sy~tem, it i8 well with~n ~he ~kill of the 4 art to prov~de separate master key~ instead of Yariant~ o~ t''t` '~
S a ~ingle master key. This could be accomplished by pro~lo~
6 separate master ~ey memorie~ each belng loaded wlth a ma-ter 7 key which is different from each other and h~ing acce~-ed 8 wh-n needed. While thia is a viable alternatlv~, it ~ould -~
9 sub~tantlally increase the cost of the host data ~ecurlty devlce as opposed to using a s~ngle master ~ey me~ory an~
11 obtaining ~ariant~ as needed.

}4 lS
16 t~
17 l 21 i 24 ?

X19~700g -3s-~i~4~12 2 Modern day data communication networks may include a 3 complex of communication terminals connected via communication 4 lines to a single host and its associated resources such as the host programs and locally attached terminals and data 6 files. As the size of a data communication network increases 7 other host systems may be brought into the network to provide 8 multiple domain networks with each host system having know-9 ledge of and managing its associated resources which make up10 a portion or domain of the network. By providing the proper 11 cross domain link between the domains of the network, two or 12 more domains may be interconnected to provide a networking 13 facility. A representative multiple domain network is shown 14 in Fig. 1 with a representative one of the host systems and its associated resources shown in block form and a represent-16 ative one of the plurality of remote communication terminals 17 associated with a host system also shown in block form. The 18 terminal and its integrated data security device and the 19 manner in which the data security device performs crypto-graphic operations is described in detail in the co-pending 21 Canadian application Serial No. 316,965, filed November 28, 1978 22 entitled "Cryptographic Communication and File Security Using 23 Terminals" by Ehrsam et al. While the particular manner in 24 which the host is implemented is not critical to the present invention, the block diagram of the host in Fig. 2 shows the 26 data ~low and control relationships of a representative host 27 arrangement. The host includes a programmable processor 1 28 operationally connected to a memory 2 which provides storage 29 for data and the programs which are utilized to control the KIg-77-009 -36-11~48i2 1 sy~tem and a channel 3 which control~ the transfer of dat~
2 between input/output devices and the proces~or 1. Channel 3 3 1~ ¢onnected to the proce~sor 1 and memory 2 and via a 4 channel I/O Interface, with control units ~uch as control unlt 4 capable of controlling a cluster of input/output 6 device~ which ~ay be aisplay or printer t~e of device~, 7 control unit 5 capable of controlling a plurality of mag-8 netic tape units or control unit 6 capable of controlling a 9 plurality of disk flles. Commun~cation controller 7 is a two-direction control unit that link8 the h~st to co~mNn-11 $cation lines connected to remote terminal~ such as co o n-12 ication terminals &, 9 and 10 and host syatem~ ~ and Hi 13 each of which i8 s~ilar to Host ~ and also ~ave a plurality 14 o~ t~rminals associated therewith. One of tllo termlnals a~ oclated with ~o~t i is shown in block form and i8 16 representative of the type of terminal used in the network.
17 guch terminal~ and the manner in which they per~orm crypto-18 graphic operation~ i8 fully de~cribed in tne aforementioned 19 ~ppllcation Serial No. 3~ 5 . Wh~le not ~hown, communic~tion line~ require a modem at each end of the line 21 to convert binary ~ignal~ to analog signal~ ~modulation) 22 for tran~mission over the communication line and for roconvertlng 23 (do~odulation) analog 8ignals back to btnary s~qnal~ at the 24 other end of the line.
The collect~on of data and control ~ine4 connected bet~eon 2~ the channel and I/O control unit~ i8 commonl~ referred to a~
27 th~ channel I/O int~rface providing an inf~rmation formnt 28 and ~iqn~l ~equence common to all the I/O control unlt~.
29 The I/O interface lines generally ~nclude ~ dat~ bu~ out 30 which is use~ to transmit device addresse~, co~mands and 11f~ 2 1 data from the channel 3 to the I/0 control unit; a data bu~
2 in which i8 used to transmit device identiflcation, dat~ or 3 ~tatus information from the I/0 control uni: to the channel 3 4 and tag ~ignal lines which are used to prsvide signal~
identifying an I/O operation, the nature o~ information on 6 the data bus and parity condition. Sinc~ each I/O control 7 unit haq a unique electrical interface, de~ice adaptera 8 are generally provided to allow device connection to the 9 common I/0 interface. All I/O data transfe~s between the proce~or and the attached control units m~y be p~rformed in 11 a programmed input/output (PIO) mode on a 1 byte per I/O
12 in~truction basis.
13 Into this organization of a general purpose ho~t sy~tem 14 is integrated a data secur~ty dev~ce of the presen~ invsnt~on.
The data security device ~DS~) 11 $nc~ude~ L crypto devico q 16 12, a master ~ey (MK) memory 13, a DSD ada~ter 14 which 17 oonnects to the I/0 Lnterface and a manual entry device 15 18 for manually loading a t~rminal master key into the MK
19 memory 13. Either one of two method~ can ~e used for writing a host ma~ter key into the MK memory 13. Irhe fir~t method 21 for writing the host ma~ter key into the MK memory 1~ 18 22 achieved under program control. In this ~thod, an I~O
23 devlce having a keyboard, magnetic ~tripe card readex or the 24 }~ke, may u~e such elements to cause the ho~t master ~ey to 2~ be stored in the host memory 2 as in the c7se of conventlonal 26 data entry. Subse~uently, under program control, the ho~t 27 master ~ey may ~e read from the host memory 2 to the M~
28 memory 13 of the ~SD ln a manner which will be de~cribed in 29 greater detail hereafter. The oth~r method of wrltlng the host ma~ter ~ey into the ~K memory 13 consist~ of manua1ly 2~

1 writing the host ma~ter key into the ~-~X memory 13 by means 2 of individual toggle or rotary switches wlred to produce 3 binary coded hex diglts a~ w~ll be aescribed in greater 4 detail hereafter. To enable ma~ter key wrLting into the MK
S memory 13 by either method, an enable wr~.te key (EW) switch 6 i8 provided which i8 initially turned on when a write master 7 k~y operation is initiated and turned off at the end of 8 write master ~ey operation. To prevent th~ key from being 9 changed by unauthori~ed persons, the EW ~w~tch operation may be activated by a physical ~ey lock arrangement.
he DSD adapter 14 ser~e~ a dua} fur.ction namely, 12 providing Adapter functions for DSD connection to the I/O
13 interfase and control functions for the D~D.
14 The I/O interface provide~ the DS~ adapter 14 w~th overall direction, gives it cipher ~eys to be used, pr~sent-16 it with data to be proce~sed and accepts t~.e processed 17 re~ults. Overall direction is achieved ~y u8e of operation 18 commands which are decoded and ~ub~equently prov~de control 19 in properly timed ~equences of siqnals to earry out each i 20 com~and. These signals are synchronized with the transfor 21 of data ~n and out. The DSD adapter 14 ~l~o controls the 22 plac~n~ of c~pher ~ey~ in the crypto device 12 ana direct~
23 ~he crypto device in the enclpherlng and dec~pherin~ operat~ona.
24 The MK memory 13 $8 a non-volatile 16X4 b~t random acces~ memory (~AM3 whlch ~s battery powered to enable ~ey 26 retent~on when host power may not be pre~ent. The ho~t 27 ma~ter key consist~ of eiqht master key byte~ ~64 blts) each 28 of wh~ch consi~ts of seven key bit~ and one parity bit.
29 The cxypto device 12 ~8 the heart of the DS~ hardware for performlng enciphering and decip~erlng Qperations. The ~I9770Q9 -39-~, ~1~48~

1 crypto device 12 perform~ encipher/decipher operation~ on a 2 bloc~ cipher basis in which a message block of 8 data byteJ
3 (64 bits) is enciphered/deciphered under control of a 56 bit 4 cipher working key to produce an enciphered/decipherQd S mQs~age block of 8 data bytes. The block cipher i~ a 6 product cipher function which i~ accomplis~led through 7 ~ueeessive application~ of a combination of non-linear 8 ~ubstitution~ and transpositions under contr~l of the eiphor 9 worklng key. Sixteen operat~on defined rounds of the produet eipher are exeeuted in which the re~ult of one round ~erve~
11 ag the argument of the next round. This b,ock elpher funetlon 12 operatlon 1~ more fully described in the a~orementioned U.S.
13 Patent No. 3,9S8,081. A basic enclpher/dec~pher operation 14 of a message ~lock of data starts with the loading of the lS cipher ~ey from the ho~t memory 2. This key 1B genQra11Y
16 stored under ma~ter key encipherment to conceal lts true 17 value. Therefore, it 1~ received a~ a blo(k of data and 18 deeipherea under thQ ma~ter key to obtain ;he 19 enclphering/declphering key in the clear. "he clear key does not l¢a~e the crypto devlce 12 but i loadad back ln a~
21 the working key. The message block of dat~ to ba 22 eneiphered~deciphered is then tran~ferred ~o the crypto 23 deviee 12 and the cipher functton is perfs~ed, after whieh 24 th- resultant me~3age block of enciphered~leciphered d~ta i~
transferred from the crypto device 12 to th.J host memory 3.
26 ~f ~ub~equent encipher/dec~pher functtons are to bR per~ormed 27 u~ing the ~ame working key, there i~ no neRd to repeat the 28 inltial 3tep~ of loading and decipherinq the workinq key as 29 ~t will ~ill be stored in the working ~e~ register~
The cr~pto device 12 includes duplic~te crypto engines ~1977009 -40-l~Z~812 1 operating in synchronism ~o achieve checking by 100~ redundancy.
2 ~eferring now to Fig. 3, one of the crypto engine~ lg shown 3 in slmplified block form with a heavy lined border signifying 4 a secur~ area. The crypto engine 16 cont~ins a 64 bit S input/output buffer register 17 divided in~o upper and lower 6 buffer regi~ter~ 18 and 19 of 32 bit~ each. The buffer 7 regi~ter 17 is used in a mutually exclusive manner for 8 receiving input data on a serial by byte ba~is from the bu~
9 in, termed an $nput cycle, and for providino output data in a serial by byte ~asis to the bu~ out, te~med an output 11 cycle. ~hU8, during each input cycle a m~sage bloc~ of 12 eight data byteq is written into the buffe~ register 17 from 1 the host memory 2 while during each outpu~ cycle a mes~agQ
14 block of e~ght proces~ed data byte~ is read from the buffer reg~ster 17 to the host memory 2. Serial outputs of the 16 buffer reg~ster 17 are al40 applied as serial input~ to th~
17 working key register 20 and a parity check clrcuit 21, the 18 latter being controlled to be effect~ve on~y when a 64 blt 19 clear cipher kcy i~ to be loaded directly 1nto the worklng key reg~ster 20 from the host memory 2 via t~e buffer r~giater 21 17. Only 56 of the 64 bits are ~tored in the wor~lng key 22 regist~r 20, the 8 parity bits ~eing used only in ~he p~rity 23 cheok aircu~t 2~. The buffer register 17 i8 also pro~ided 24 with parallel lnput and output paths from ~nd to a 64 bit data re~ister 22 al~o divided into upper ~nd lower data 26 re~igters 23 and 24 of 32 b~t~ each. ~he ur~p~r ~nd lower 27 d~ta regi~ters 23 and 24 e~ch po~esses p~rallel output~ and 28 two ~ets of paraliel inputs. The parallei iRpUt~ ~Q the 29 ~ow~r data reg~ster 24 being from the lowo~ ~uffor regl~ter 19 ~nd the upper data regi~ter 23 while t~ parallol input~

K~977009 -41-1~248~2 1 to the upper data register being from the upper buffer 2 register 18 and from the lower data registex 24 after 3 mod$fication by the cipher function circui~s 25. The 64 bit 4 master key i8 inputted to the crypto engine 16 on a serial by byte ~asi~ with each byte being checked for correct 6 parity by the parity check circuit 26. As in the ca~e of s 7 the c~pher key transfer from the buffer re~ister 17 to th-8 working key register 20, only 56 of the 64 bits ~re storod 9 in the key register 20, the 8 parity bits being u~ed only in the parlty check circuit 26. Dur~ng the l~ad~ng proces~, 11 the key reg~ster 20 is configured as seven 8-bit ~hift r~ght 12 registers to accommodate the eight 7-bit bftes received from 13 the MK memory 13 (or the buffer register 1?).
14 When the working key i9 used for encip~.erlng, the hey register 20 is configured as two 28 bit recirculating shlft 16 left registers and the working key is ~hifted left, in 17 accordance with a predetermined shift ~chedule, after each 18 round of operation of the cipher function ~o that no set of 19 key ~its once used to perorm a c~pher ope.at$on is used again in the ~ame manner. Twenty-four parallel output~ from 21 each of the two shift registers (48 bits) aro used during 22 each round of the encipher operation. The shift schedule 23 provided is such that the working key is restored to itc 24 initial beginning posi~ion at the end of the complete encipher operation.
26 When the working key i8 used for deciphering, the key 27 register 20 is con~igured as two 28 bit recircu~ating 28 ~hift right registers and the working key ~ 8 sh~ fted right 29 in accordance with a predetermined ~h~f~ schedule, after each round of operation of the cipher func:~on 90 that again Ki977009 -42-~ lZ

1 no set of key bits is used again. As in the enciphering 2 operation, twenty-four parallel outputs fr~ each of the two 3 shift registers (48 bits) are used during ~ach round of the 4 decipher operation. The shift schedule pro~ded in this case i8 al80 such that the working key is restored to its ~nlt~al 6 beginning position at the end of the complete decipher 7 operation.
8 The cipher function circuit~ 25 perfo~m a product 9 cipher through successive applicat$on of a combinat$on of non-llnear ~ubstitutions and transposltion~ under con~rol of 11 the cipher working key. Sixteen rounds of the product 12 cipher are executed in which the results of ~ne round ~erve~
13 a~ the argument of the next round. Deciphering is accomplished 14 by using the same key as for encipher~ng bu~ w~th the ~h~ft schedule for shifting the ~ey being altered ~o that the 16 deciphering proces~ ~ 8 the reverse of the encipher~ng proces~, 17 thu~ undoing in reverse order every step th~t was carrlQd 18 out durlng the enciphering proce~s. During oach round of 19 ~he cipher functlon, the data content~ of the upper data regi~ter 23, designated ~, i8 enciphered un~er control of 21 the working key, designated K, with the re~ult being added 22 modulo-2 to the contents of the lower data egi~ter 24, 23 designated L, the operat$on being expressed a8 Lgf (R,K) . At 24 th~ end of the cipher round, the coDtents of the upper data reg~ter 23 i~ parallel transferred to the lower data regi~ter 26 24 while the output of the cipher function circuits 25 i8 27 parallel transferred to the upper data reqister 23 to form 28 the argument~ for the next round of the c$p~er funct~on.
29 After a total of qixteen rou~ds, wh$ch complete~ the total cipher function, the contents of the upper dlta register ~3 Xi97700g ~43 8~Z
.

parallel transferred to the upper buffer regi~ter 18 ; 2 while the output of the cipher function cir-uits 25 i8 3 parallel transferred to the lower buffer regi~ter 19. The 4 transformed data contents of ~e buffer r~gi~ter 1? ~ then 6 outputted ~ia the bus out to the ho~t memcry 2.

~2~81a~

DSD COr~qANDS AND ORDERS:
.
2 Input/output operations of an I/O device are generally 3 d~rected by the execution of I/O instruc~iors. In executinq 4 an I/O instruction, the channel generally provides an address field for addressing the ~/0 device, a command 6 fiold for designating the operation to ~e ~erformed and 7 another address field for addressing the d~ta field in memory 8 from which data is fetched or to which data $~ Qtored. The 9 da~a security device ll of the present invent~on 19 respon~lvo to seven types of command~ from the processor as shown in the 11 follow~ng table including the mnemonic and ~it pattern of the 12 command:
13 COt~UUND FO~ ~T
14 Command Field Name .~nemonic O l 2 3 4 5 6 7 1. ReRet Adapter ~ST - - - - O O 1 O
2. Set ~as~c Status SET ~S - - - - O l l O

3. Re~et Basic Statu~ RST ~S - - - - O l O O

4. Read ~aslc Status RD BS - - - - O
S. PIO Write Data PIOW - - - - 1 l O O

22 6. PIO ~ead Data PIO~ - l l O
7. Write DSD Order WR DSD w x y z 1 1 l O

24 The following ~s a brief description of the functlon of each of the con~lands, the operation of wh~ will be de~cribed 26 ~n greater detail hereaf~er.
27 l. ~eset ~apter (RST~ - ThiS command causes a re~et 28 ~ignal to be created to reset all counters, flip-flops and 29 latches in the adapter and control section~ of the DSD .

2. Set Basic Status (SET BS) - Thi~ command causes 1 those latches in a statu~ register of the DSD that correspond 2 to 1'~ in the data field to ~e set to 1.
3 3. ~eset ~a~ic Status (RST BS) - ~is command i~
4 similar to the SET BS command except that the status latche~
corre~ponding to l's in the data field are set to 0.
6 4. Read ~a~ic Status (RD ~S) - Tht~ command cau~es the 7 contentR of the ~tatus latches to be applied via the data ~u~
8 ~n to the proce~sor.
9 5. PIOW ~ata (PI~) - This command causes the data field to be loaded into the buffer register or the bits 0, 1, 2, and 3 11 of the data field to be stored in the ~R memory depending on the 12 operation to ~e performed.
13 6. PI~R Data (PIOR) - This co~mand cause~ the content~
14 of the buffer register, with correct parity, to be applied via the data ~u~ in to the proce~sor.
16 7. Write DSD Order (WR DSD) - ThiR command u~es the four 17 high order bits of the command field to designate cipher key 18 handling and data proce~ing orders a8 shown ln the following 19 table including the mne~onic and bit pattern of the order field:

2~

Kl977~09 -46-lZ

ORDER FORMAT
2 . OrderConunan~l 3 Eield Field Name Mnemonic W X Y Z . 4 5 6 7 Cipher Key Handling 1. Write Ma~ter Key WMX 0 0 0 0 1 1 1 0 2. Declpher Key DECX 0 1 1 1 1 } 1 0 3. Generate Random GR~ 1 1 1 1 1 1 1 0 8 ~Jumber 9 4, Encipher ~aster Key p EMK~ 1 1 0 0 1 1 1 ~
~. Encipher ~a~ter Key 1 EMXl 1 1 0 1 1 1 1 0 11 6. F,ncipher Ma~ter Key 2 E~2 1 1 0 1 1 1 1 0 12 7. ~eencipher From l~FMK U 1 0 1 1 1 1 0 13 Ma~ter Xey 9. Reencipher To RTMK 0 1 1 0 14 ~laster ~ey ~ata Processing 16 1. Enc~pher ENC 1 0 0 0 1 1 1 0 17 2. Declpher DEC 1 0 1 0 1 1 1 0 19 ?SD ~UNCTIONS
DSD cryptographic function~ may be performed by combin-21 atlon~ of the prev~ou~ly defined co~mands or by a combinatlon 22 of funct~on~. ~he~e functlons requ~re an ~nput to the 23 cryptographic apparatu~ consisting of a key parameter or a 24 data parameter. The notation used to descr~be thefie function~
will be expre~sed as follows:
6 PUNCTION ~ KEY PARA~,TERl ~OUTPUT
or 2 7 FlJNCTIO~i { ATA PARAMETEEt~ ~)UTPUT
28 and when functions are comb~ned, the no~ation used to describe 9 the combined functlons w~ll be ~xpressed a3 foll~ws:
~ FUNCTIONlKEY PARAMETER, ~ATA PAR~METER3 ~OUTPUT

~Z~8~:~

1 ~he ~a}ient characteristics of host cyrptograph~c 2 functlon~ are that (1) the ~ey parameter, i~ alway~ in 3 enciph~r~d ~orm and therefore must ~e internally deciphered ~ ~y the crypto engine ~efore the clear key is u~ed and that ~2) no ~unctlon a}low- ~eys to })ecome available in clear 6 fox~ The de~cription~ that follow describe what each 7 ~unction does and how it i~ performed The~e function~ w~ll 8 be de~ax~od in gre~tor det~l} horeaf~er but th~ general 9 dc~ription o~ the~e function~ or combination of ~unction~
ar~ ~lvon at thi~ point to provlde a better understanding of 11 h~w va~lou~ ~curlty ~pplications may be performed The 12 de~crip~lon~ m~y ~ollow along with roference to ~ig 3 at 13 tlme~. In the diagx~m- which are refersnced in the fo}lowing, 1~ th~ cxyptogxaphic ~acillty i~ shown in simplified bloc~ form ~o~ eaJo o~ under~tanding these operation~ and wll} be ~hown 16 and de-axlbed in qreater detail hereafter.
~7 ~a~oxe proc~edlng to the de~cr~ption~ of the funct~ons, 1~ a ~ri~ g-n~al de~cription w~ll be given of how th~ manua}
19 wrlto ~oy operation ~ performod. ~eferr~ng now ~o ~ig. 4, thor ia ahown a slmplifie~ block d~agr~m of a nlanua} WMK
21 operation. In the manual WMR operatlon, an EW ~witch i8 a~ set on to enablo wr~t~ng ~nto the MK memory 13 after which 23 a ~W ~witch i~ clo~ed to enable manual wrlting and cau~ing 24 tho current m~t~r ~ey to be overwritten with whatever happen~
to be set in the ~ta ~ey entry switches. ~o}lowlng thi~, 26 16 aeta of 4 blt~ (64 bit~) ~re manu~lly written {nto the 11 27 m~mory 13 to compl~t~ the manua~ ~ ~ operation.
28 ~errin~ now to F~g. 5, there i~ shown a simplified 29 ~lock d~aqr~m of a wri~ ma~ter key ~WMK) function. Th~
fun~lon ~ oarr~ ed out by the follow~nq ~equence of c~mands:

~)77n~)g -4~-~Z4~2 1 (1) W~ and (2) 16 PIOW's. In this operation, as in the 2 manual ~K operation, the ~.W ~witch iB previously set on to 3 enable writing into the ~IK memory 13. The execution of this 4 function cauQe~ the current master key in the master ~ey memory 13 to be over-written with whatever happen6 to be 6 present as bit~ 0, 1, 2 and 3 on the bu~ in. ~hereafter, 7 the crypto engine controls are set to allow a 64 bit ma~ter 8 key ~1 to ~e written as a key parameter into the `~K memory 9 13 by mean~ of 16 ~uccessive PIOW data commands with the ~its 0, 1, 2 and 3 in the data fields assoc~ated w~th the 16 11 rIOW ~ata commands constituting the new master key. The 12 notation W ~lK~]~RM i~ used to describe thi~ operation 13 whereby the term WMX indicates the function, the contents of 14 the brackets indicate the key parameter input to the ~IK
lS memory 13 and the arrow points to the re~ult.
16 ~eferrlng now to Fig. 6, there ~ shown a ~implified 17 ~lock diagram of a decipher key ~ECK function. ~rhi~ func~ion 18 is carried out by the following sequence of command~:
19 ~1) DECK and ~2) 8 PIOW's. ~he execution of thi~ function ~o sets the crypto engine control~ to first allow the master 21 key ~ in the .SK memory 13 to be tran~ferred to the crypto 22 en~ine 16 a~ the working key. After or during the master 23 key transfer, a 64 bit data block, deflned as an operational 24 key enciphered under the ma9ter key, is Loaded a~ a k~y parameter into the crypto engine 16 ~y means of B succe~ive 26 PI~W !~ata commands with the successive data fie~ds associated 27 with ~he B PIOW commands con~tituting the enciphered operational 28 key. After ~he key parameter loading i~ completed, the 2g crypto eng~ne 16 performs a ~ecipher operation tO ohtain the cipher key ~n clear form. The resultant clear cipher ~ey KI977009 -4"-lf2~8~2 1 does not leave the crypto engine 16 but is loaded back into 2 the key regi9ter of the crypto engine 16 replacing the 3 master key as the working key. The notation DECK~EKMXO]~KO
4 i~ used to describe this operation whereby the term DECK
indicates the function, the contents of the bracket indicate 6 the ~ey parameter which i8 inputted to the crypto engine 16 7 and the arrow points to the result.
8 Referring now to Fig. 7, there is shown a ~implified g block diagram of an encipher (ENC) function. Thi8 function 10 i8 carried out by the following ~equence o~ commands: ~1) ENC
11 ~2) 8 PIOW's and (3) 8 PIOR's. The executLon of this 12 function ~ets the crypto engine control~ to the encipher 13 mode of operation and allows a 64 bit me~age block of data 14 to be loaded as a data parameter into the crypto engine I6 by means of 8 6uccess t ve PIOW data commands wlth the 16 succe~sive data fields as~ociated with the 8 PI~W commands 17 con~tituting the message block of data to be enciphered.
18 After the data parameter loading i8 completed, the crypto 19 engine 16 performs an encipher operation to encipher the data parameter under the operationa~ key pre~ently ~tored 21 in the working key register of the crypto device 16. The 22 64 b~t enc~phered re~ult i~ transerred ~y a ~eries of 8 PIO~
23 commands from the crypto engine 16 for ~torage in designated 24 data fields of the ho t memory 2. The notation 2~ ENC~D~TA3~EKoDA~A is used to descr~be this operation whereby 26 the term ENC indicates the function, the contents of the 27 bracket indicate the data parameter input to the crypto 28 engine 16 and the arrow points to the result. Additionally, 29 ~ long as the crypto engine controls remain set in the encipher mode of operation, then a message which consLsts Ki977009 -50-~12~8~2 1 of multiple 8 byte ~locks of data may be enciphered by ~he 2 crypto enqine 16 by ~eans of an encipher comrtand followed 3 hy a 3eries of succe~ive 8 PI~W data command~ and successive 4 8 PIO~ data commandt for each block of data. This message S encipherment may be expres~ed by the notation:
6 i ~C ~ OATAl, r)ATA~ - - - - DATP~ 3 ' ~KO ~ OATAl, DATA2 - -- -~TAN ) -7 ~eferring now to Pig. 8, there i9 qhown a simplified 8 block diagram of a decipher (DEC) functlon. This function is 9 carried out by the followin~ sequence of commands: ~1) DEC
(2) 8 PIOW's an~ (3) 8 PIOR's. T~e executlon of this function 11 ~ets the crypto engine controls to a decipher mode of 12 operation and allows a 64 bit mc~saqe block of enciphered data 13 to be loaded as a data parameter into the crypto ~ngine 16 14 by means of 8 successive PIOw data commands with the csuccetslve data fields a9sociated with the 8 PIOW commands 16 co"stituting the message bloc~ of enciphered data to he 17 deciphered. ,'fter the data parameter loading is completea, 1~ the crypto engine 16 performs a dccipher operation to 19 decipher the ~ata parameter under control of the operational key pre~ently 5tored in the work$ng key reqister of the 21 crypto engine 16. The 64 blt deciphered result i8 transferred 22 hy a series of 8 PIOR commands from the crypto engine 16 for 23 storage in des~gnated data fields of the host memory 2.
24 ;l'he notation ~C~EKoDA'~A~ATA i~ used to describe thlQ
25 operation whereby the term ~FC indicates the Cunction, the 26 content~ of the bracket indlcate the dat~ para~eter input to 27 the crypto engine 16 and the arrow point~ to the re~ult~.
2B Additionally, so lon~ a~ the crypto eng~ne controls remaln 29 set ~n the decipher mode of operat~on, then a message which consist~ of multiple ~loc~ of encip~lered data may be XI977009 -5~-112~81S~

1 deciphered by the crypto eng$ne 16 by means of a decipher 2 command followed by a series of successive 8 PIOW data 3 commands and successive 8 PIOR data commands for each block 4 of enciphered data. This message decipherment may be S expressed by the notation:
DEC~EKo~DATAl, DATA2~ DATAN)3~DATAl~DATA2----~AT ~ -7 Referring now to Fig. 9, there is shown a simplified a block diagram of a generate random number (G~N) ~unction.
9 This function is carried out by t~e following ~e~uence of commands (1) GRN and (2) 8 PIO~'~. Accordingly, in 11 executing this function, the crypto engine controls are 12 set to the encipher mode of operat$on and a variant 13 KM3 of the master key RM in the MX memory 13 i8 transferred 14 to the crypto eng~ne~ 16 a~ the worklng key, the variant RM3 being obtained by inverting predefined bits of the 16 master ~ey. Dur$ng the transfer of the master key var$ant 17 KM3 to the crypto engine 16, a 64 bit count value CT from a 18 non-reaettable ~N counter i~ loaded as a data parameter into 19 the crypto engine 16. After the key and the data parameter loading i~ completed, the ~N counter i~ stepped by one and 21 the crypto engine 16 perform~ an encipher operation to 22 enc$pher the data par~meter CT under control of the variant 23 KM3 of the master key presently ~tored in the work$ng key 24 register of the crypto device 16. The 64 ~i~ enciphered result ~8 a pseudo random number ~N which i~ tran~ferred by 26 a series o$ B PIOR command~ from the crypto engine 16 for 27 storage in designate~ ~ata fields of the ho~t memory for u~e 28 a a cryptographic key in a manner which will be described 29 hereafter. The notat~on G~N {CT3 ~ EXM3~CT)~N is used to descri~e this operat~on whereby the term G~N lndicates the ~i~77009 -52-1`12~Z

1 function, the contents of the bracket indicates the data 2 para~e~er input to the crypto engine 16 and the arrow points 3 to t;~e result.
4 ~eferring now to Figs. 10, 11, and 1~, there are shown sirnplified ~1OCk diagrarns of the encipher ~laster key (E~
6 ~1 and ~2) function. This function is carried out by 7 the following se~uence of comman~s (1) ~MK~ (~) 8 PIOlY's and 8 (3) ~ P~O~'s; (1) E!;Kl ~2) 8 ~IOW's and (3) ~ PIOX's and ~1) 9 FM:~2 12) ~ PIOW's an~ (3) 8 PIO~'s. Accorclin~ly, in executing tllese functions, the crypto engine controls are set to the 11 encipher mo~e of operation causing, in the case of the E~X~
12 function, t~le unmodifie~ master key in ~e I~K mer~ory 13 to 13 I)e transferred to the crypto engine 16 as the working key, 14 in the case of the ~Kl function, a firs~ variant ~1 of the master ~ey Kt~1 in the ~K memory 13 to l~e transferred to 16 the crypto engine 16 as the working key and in the case of 17 tl~e ~J~R2 function, a second variant iC~2 of the master Xey KM
18 in the ~ memory 13 to be transferred to the crypto engine 19 ~ as the workiny key. Ti~e first variant X.~l and secon~
variant I'M2 are obtained ~y inverting different predefined 21 ~its of the master key which are ~ifferer~t from tho~e used 22 in the ~ function. J~fter or durin~ the master key transfer, 23 a 64 bit data ~lock, ~efined as an operational ~ey, in the 24 case of the ~K~ cor~an~, or as a secondary key encr~pting key, in the case of the E~Xl and ~ 2 commands, are loaded 26 aS a data parameter into the crypto engine 16 ~y r:leans of 8 27 successive ~I~t data com~.lands with successive clata f}elds 28 a~sociated with the 8 PIOÇi co~and~ consti~uting the operat~onal 29 key or the secondary key encrypting key. ~.fter the key and 30 data parameter loading is cornpleted, the crypto engine 16 ~;I977i)()'3 -- 53 -1 per~orms an encipher operation to encipher the data parameter 2 under the ma~tcr ~.ey or ~ariant of t~e master key stored in 3 the working key register of the crypto device 16. The 64 4 bit enciphered result is transferred ~y a series of 8 PIOR
commands from the crypto engine 16 for storage in designated 6 ~lata f~eld~ of the ho~t memory. mhe notation El~ KO] ~KMgO
7 i3 used to de~cribe the ~ operation while thP notatlon~
8 E~ l[KEK~ KEK and EMK2~.K]~EX~i2KEK are u~ed to describe 9 the ~`~1 an~ EL~2 operations where~y the terms ~ , EM~l an~ E~K2 indicate the function, the content~ of the bracket 11 indicate the data parameter input ~o the crypto engine 16 12 and the arrow points to the results.
13 ~ferring now to Fig. 13, there i~ ~hown a ~implified 14 ~loc~ ~iagram of an encipher data (ECP~13 function. Thi~
function i~ a comb~nation of the ~ECX function and the ~NC
16 Cunction and i~ carried out by the following ~equence of 17 commands: (1) DECK (2) 8 PIOW's (3) E~C (4) 8 PIOW's and (5) 18 8 PIOR's. ~ccordingly, in executing this function, the 19 cr-~pto engine control~ are first set to the decipher key mode of operat1on ~y the ~EC~ command cau~ing the ma~ter key 21 tC~I in tho master koy memory 13 to be transferred as the 22 working key to the work~ng key register of the crypto enqine 23 16. ~fter or during the master key loading, the key parsmeter 24 of the function, con~i~ting of an operational key enciphered under the ma~ter key, i~ loaded ~nto the crypto engine lS ~y 26 means of 8 success~ve PIOW data commands. The crypto engine 27 1~ then perfon~s a dec~pher key operation to obtain the 28 operational key in clear form which i~ then loaded back in 29 as the working key of the crypto engine 16 rep~acing the previou~ly loaded master ~ey. The crypto engine controls ~I3770~)9 l are then set to an encipher mode of operation by the ~C
2 -o~ an.l and th~ data paraneter of the function, consisting 3 of clcar data, is loade~ into the crypto engine 16 by ~eans 4 of 8 succe~sive PIOW data coli~a~ads. The cry~to engine 16 the-~ performs an encipller operat~on to encipher the data 6 parameter under the present operational key. The enciphered 7 result is then transferred by a series of 8 ~IOR commands 8 from the crypto engine 16 for storage in deslgnated fields 9 of the host me~orv 2. The notation FCPHlF~K~XO~;~ATAI~EKo~ATA
is used to descri~e this operation whereby the term ll ~CPH indicates the function, the contents of the bracket 12 indicate the succe~sive key parameter and data parameter inputs l3 to the crypto engine and the arrow point~ to the result.
14 D~eferring now to P'ig. 14, t~ere is shown a ~implified l,loc~ diagram of a decipher data ~DCP~) function. Tl~is 16 ~unction i~ a com~inat~on of the '.~CK functlon and the DEC
17 function and is carried out ~y the followin~ sequence of 18 command~ ECK ~2) 8 PIOW'~ (3) DF.C (4) ~ PIOW's and l9 (5) ~ PIOR's. The first part of thi~. f~nction is identical to that for the encipher data function insofar as loadin~ an 2l operational key in clear for,n as tne working key of the 22 crypto engine l~ .fter the operational key loading is 23 comp}eted, the crypto engine controls are then ~et to a 24 ~ecipher mode of operation by t~le s'~C cot~mand an~ the data parameter of the function, consisting of DATA enciphered 26 under tl~e operational key, is loaded into the crypto engine 27 16 ~y m~ans of 8 successi~e PlOW data comman~s. ~he crypto 2~ engine 16 then performH the decipher operation to dcc$pher 29 the data parameter und~r contro~ of the present operational ~ey. The deciphered reæult is then transferred by ~ series ~12~l812 1 of 3 PIOR co~ands fro~ t;le crypto engine 16 for storage in ~esiqnated fields of t~e '~03t memory 2. Tlle notation 3 -)CPI~K~KO,~KoDATA]~ATA i~ used to describe tnis operation 4 w'lere~y the term l)CPH indicates the function, t`~ae contents of the ~rack~t indicate the ~uccessive ~ey para~eter and the data 6 ~ara~eter ~nput~ to the crypto engine and the arrow points 7 to the result.
8 ;~eferring now to Pi~. lS, there is shown a si~plifi~d 9 hlock diagram of a reencipher fro~ master key ~ ) function.
l`his function is carried out by the following se~uence of 11 co~and~ F`5K, (~) ~q PIOW's, ~) 3 PlOt~'s an~ (4) 8 PIO~'s.
12 P.ccordingly, in executing tllis function, the crypto e~lgine 13 control~ are first set to the declpher mode of operation 14 b~ ti~e .~FI~K command and a variant Y~l of the master key Xil in the XM ~e~ory 13 is transferred to the crypto engine 16 16 as the working ke~, the variant K:sl bein~ obtained by 17 inverting the same predefined bits of the master key as in 1~ the ~?IKl function. ~urin~ or after the transfer of the 19 ~aster key variant K~l to the crypto en~ine 16, a 64 bit data block, defined as a ~ey encrypting key encip2~ered under 21 the same variant of the master ~.ey is loa~ed a~ a key 22 parameter to the crypto engine 16 by mcans of 8 ~uccessive 23 PIOW data command~ with t2-e succe~sive data fiel~s a~ociated 24 with the commands constituting the enciphQred key encrypting ~ey. ~fter tl~e key parameter loa~inq is co~pleted, t~e 2G crypto engine 16 performs a decipher operation to o~tain the 27 ~ey enc~ypting key in c~ear form. mhe resu~tant clear ~ey 28 encrypting ~ey does not leave the crypto engine 16 but i~
29 retained, with half the resultant clear ~ey available at the upper ~ata registers 23 of the crypto ensine l;I977009 ~5G-~lZ~8~2 1 16 and the other half available at the cipller function 2 circuits 25. With the crypto engine control still set ~or 3 the decipher ~ode of operation, a special key o?eration is 4 now performed in which a 64 bit data block, dafined as an S operational key enciphered under the master key, is loaded 6 a~ a data parameter into the buf fer reqister 17 of the crypto 7 engine 16 by means of 8 successive PIOW data co~ands with the ~uccessive data fields associated with the commands 9 constituting the enciphered operational key. ~'ter the data parameter loading is completed, the contents of the 11 buffer register 17 is transferred to the data register 22 12 of the crypto engine 16 while at the same time the content~
13 o the upper data register 23 and the output of the cipher 14 function circuit~ 25 are tran~ferred to the buffer register lS 17 of the crypto engine 16. ~y thl~ swapping action, the 16 key encrypting key resulting from the first decipher 17 operation now res~de~ in the buffer reqi~ter 17 of the 18 crypto en~ine 16 while the enciphered operational key no~
19 resides in the data register 22 of the crypto en~ine 16.
~ecau~e of the fact that a ~pecial key operation i~ bein~
21 performed, the crypto enqine control allows the master key 22 K!l in the ma~ter ~ey men~ory 13 to now be transferred to the 23 crypto engine 16 as ~-e working key. After the master key 24 loading i~ completed, the crypto engine 16 performs a second decipher operation to o~tain the operational ~ey in clear 26 form. The resultaslt clear operational ~ey does not leave 27 the crypto enqine 16 ~ut is retained, with ha~f of 28 the resultant clear ~ey available at t~ne ~pper data regi~ter ~g 23 of the crypto engine 16 an~ the other half available at the cipher ~unction circuits 25. At t}-is time, a special KI97700~

11248i2 1 encipher operation is initiated w~th the crypto engine control~
2 being set for an encipher mode of operation and the half of 3 the clear operational key at the cipher function circuits 25 4 is transferred to the lower data register 24 90 that the S clear operational key is now fully available in data register 6 22. The key encrypt~ng ~ey resulting from the first decipher 7 operation and presently residing in the buffer re~ister 1?
8 of the crypto engine 16 is now loaded as a working key 9 into the ~ey register 20 of the crypto engine 16. After key register loading operation is completed, the crypto 11 engine 16 performs an encipher operation to encipher the 12 operational key under the key encrypting key to complete 13 the reencipherment function by which the operational key 14 enciphered under the ma~ter key i8 now enciphered under the key encrypting key. The reenciphered result is 16 transferred by a ~er~es of ~ PIOR commands from the crypto 17 engine 16 for ~torage in des~gnated data fields of the 18 ho~t memory. The notstion RFMX[EKMlgE~XMKO]~KERKO
19 is u~ed to descri~e this operation whereby the term RFMK
indicates the function, the contents of the ~rac~ets indicates 21 the succes~ive key parameter and data parameter inputs to 22 the crypto engine and the arrow points to the results.
23 Referring now to Fi~. 16, there is shown a 9imp~ if~ed 24 block diagra~ of a reencipher to ma~ter key ~RTMK) function.
This functio~ i5 carried out ~y the following sequence of 26 commands~ RTMK, ~2) ~ PIO~ 3) 8 PIOW's and ~4) 8 27 PIOR's. Accordingly, in executing this function the crypto 28 engine controls are first set to the dectpher mode of 29 opexation by the RTMK command and a variant KM2 of the master key KM in the MX memory 13 is transferred to the ~i977~09 -5~-112~Z

1 crypto engine 16 as the wor~;ing key, the variant R''2 beins 2 obtained by inverting the same predefined bits of t:~e raster 3 key as in the EMX2 function. ~uring or after the tra~sfer 4 of the master ~cy v~riant ~;M2 to the crypto engine 16, a ~4 ~it data block, defined a~ a key encrypting key enciphered 6 under the sar!e variant of the ~,aster key, is loaded as a ~ey 7 parameter into t~e c~ pto engine }6 by ~eans of 8 successive 8 PIO~ data co~,lan~s with the s~ccessive data fields associated 9 ~ith the 8 PIOW comrands con~tituting the enciphered ~ey encrypting ~ey. After the ~ey parameter loat~ing is cosnpleted, 11 the crypto engine 16 perfor~s a dec~pher operation to obtain 12 the key encrypting key in clear form. The resultant clear 13 key encrypting ~ey ~oes not leave the crypto engine 16 but ~3 14 loade~ back into the key register 20 of the crypto engine 16 replacing the varlant K~2 of the master ~ey a~ the wor~ing 16 key. With the crypto en~ine control still set for tl~e decipher 17 modQ of operation, a second decip~ler operation is now perfor~ed 18 in which a 64 bit data ~lock, dcfine~ a~ an operational key 19 enciphered under the same key encrypting key as is in the key register 20 of the crypto engine 16, is loaded a~ a ~ata 21 para~eter into tlle crypto engine 16 by means of 8 successive 22 ~IOS~ data commands with the succes~ive data fields as~ociated 23 with the command con~titutiny the cnciphered operational 24 3.ey. ,'~ftex the data parameter loading is completed, the second decipher operation is per~ormed to o~tain the opera-26 tional key in c}ear for~. ~'he resu~tant clear operational 27 k~y does not leave the crypto engine lÇ but is retained ~n 28 t~e ~uff~r register 17 of the crypto en~ine li. .-t tai~
~9 tisne, a special key operation is initiated to a~low the master key YM in the ~1~ memory 13 to no-J be trans~erred to K:rs77cl0s 1 the crypto en~ine 16 a~ tl~e workin~ key. ~.fter tl~e master 2 ~ey loa~ing is completed, the clear operational ~ey, presently 3 ~tored in the buffer regi~ter 17 of the crypto engine 16, i~
4 tran~ferred to t.he (1ata register 22 of the crypto engine 16 and a ~pecial encipher operation is initiated to set the 6 crypto engine controls for an encipher mode of operation.
7 lhe crypto engine 16 now perform~ an encipher operation to 8 encipher the operational key under the host master key to 9 complete the reencipher~.ent function hy whic~ the operational key enciphered under the key encrypting key is reenciphered 11 to the operational key enciphered under the lloSt l~aster ~ey.
12 rhe reenciphered re~ult is transferred ~y a series of 8 PIOR
13 commands from the crypto engine 16 for storage i~ decignated 14 data f~elds of the host memory. ~rhe notation P~Ti~EKM2iCEK, ~K~KX~3~K ~ O i~ u~ed to de~cribe thi~ operation where~y 16 the term ~T'~R indicates the function, the contents of the 17 ~racket indicates tlle key parameter and data parameter input 18 to the crypto engine and the arrow point~ to the re~ult.

2g i~I977009 -G0-i~2~2 CO~ ICATION SECURIlqr APPLICATIONS
2 The previous seetion provides a description of the 3 varlou~ ba~ie funct~on, command and order capabilitles of 4 a ho~t having a data seeurity deviee eapable of performing ene$phering and decipherlng operations. Similarly, the 6 aforement~oned co-pending applicat~on serial number i?~ 9~, 7 provides a de~cription of the various basic function, 8 command and order capabilities of a terminal having a 9 data seeurity deviee capable of performing enc~phering and deeiphering operations. Aecordingly, the following 11 deseriptions wlll provide an explanatlon of how sueh a 12 terminal and host may be used in variou~ eommunication 13 seeurity applieation~ involving multiple doma$n network~.
14 While the diagrams used to illu~trate the~e applieations are simplified block diagrams, it ~hould be understood that the 16 network~ represented by the~e diagrams ar~ far more eomplex 17 than that hown. However, thi~ type of representation is 18 used merely to simpllfy and aid in the under~tanding of the 19 applleations to be deser~bed. It ~hould be further understood that eaeh host sy-tem eontains a full eomplement of known 21 progr~mm~ng support ihelud$ng an operatinq ~ystem, appllcation 22 programs, a teleeommunieatlon~ aeeo~s method whieh, in the 23 present ease of multiple domain n-~works, direct~ the transmis~lon 24 of data between host syst~ms ~nd ~heir assoclated applieation programs and terminals.
26 CoM~UNICATION SECURITY IN MULTIPLE DOMAlN NETWORKS
, 27 ~sferr~ng now to F$q. 17, thera i~ ~hown a ~implified 28 conceptual ~lock d~agr~m of a multiple dom~in data communication 2~ network c~mpr~ing a fix~t Host~ system, havlng a dat~ ~ecurity do~lce, connect~d v~a ~ communicat~on lin~ to ~ ~econd ~o~t~

` -11248~2 system also having a data security device contained therein.
At host system initialization time, primary key 3 encrypting keys XMHp~ and KMHpk are generated ~n ~ome random 4 manner, as by coin or dice throwing, and then wrltten into S the MX memory of the respectlve host DSD's. Following thls, 6 secondary communication key encrypting keys are generated in 7 clear form and designated as cro~s-domain k~ys KNC~k snd 8 XNCk~. The clear cross-doma$n keys are then distributed 9 in a ~ecure manner, a~ by courier, registered mail, public phone, etc. to authorized users at each host sy~tem. At tha 11 Host~, the Host~ cross-domain key is enciphered under the 12 first variant of the Host~ master key as ~ KNC~k by an KMHl 13 Encipher Master Key (EMXl) function and the Ho~t~ cros~-14 domain key i3 enciphered under the second varlant of the Host~ master key as E ~XNCk~ by an Encipher Master Key 16 ~EMX2) function. At the Hostk, the Hostk cro~s-domaln k~y 1 17 enclphered under the first ~ariant of the Ho~tk master key a~
18 E kKNCk~ ~y an Enclpher Master ~ey ~EMKl) function and KMHl 19 the Host~ cross-domain key is enclphered under the socond variant of the Hostk master key a~ E kKNC~k by an Enciphar 21 Ma8ter Key (EMK2) function. Following the encipherment of 22 the cro~s-domain keys, they are written out to a crypto-23 graphic data set for storage until they are needed for a 24 ~ryptographic operation.
To establ~sh a communication sesslon ~etween Ho~t~ ~y~tem 26 and ~ostk sy~tem, the next ~tep ~8 to generate a pr~mary 27 communication operational or data encrypting key a~ the 28 common se~sion key KS . This i8 in~tiated at one of the ho~t 29 ~ystem~, a~ for example ~o~ti, ~y a procè`dure whlch c~use~ a me~gage to be trànsmitted to the other host system, ~08t~, Ki977009 -62-n~4si~

1 identifying it~elf and the application program with which it 2 wi-hes to communicate and a request to inlt$ate a commu~ic~tlon 3 sQssion. Hostk, in re~pon~e thereto, co~nmunic~tes with the 4 identified application program to deter~lne whether it i8 av~ilable for a communication ses3ion with ~ost~. If 6 availab~e, the Hostk ~ystem causes a mess~ge ~o be tran~-7 mittQd back to Hosti indicating that tbe ~ppl$cation progx~m 8 i~ aYailable and Host~ causes ~ poeudo random number to b~
9 generated which is defined a~ being the q~tQm sas~lon key enciphered under the ~ost~ master key E XS. This i8 KM~0j ll in keeping with the rule that no key ~h~ll ever appear in 12 the clear. The enciphered ses~ion key i~ retained ~t the 13 Ho~t~ 8y8tem for encipher/decipher operations during the ~4 communication ses~ion. Additionally, ~n order to distribute the ses~ion key from the sending ~ost~ to the receiving 16 Ho~tk, ~08t~, using the enciphered cross-Gomain key EKMHlXNC~
17 and the snc~phered ~ession key E .KS, performs a prlvlleg~d KM~0~
18 ~PMK tr~n~orm~tion funct~on whlch reenciph~r~ the se~sion 19 key from enclpherment under the ~o~t~ ma~ter key to enciph~r-ment under the sendinq cross-doma~n ~ey l.e. from E ~KS
~,~
21 to E ~XS. Since ~he 8es8~0n key i3 now enciphered under ~Cj 22 the ~endlng cro3s-domain key i.e. E kK5. ~t m~y be ~C~
23 transmitted o~er t~e commun~cation line tc estab}ish a 24 ~ommunication se~on with the Application ?rogram ~n ~o~t~.
At ~he recei~ing Ho~t , the received enciphered ~ession 26 key i.e. ~ j~KS, mu~t be transformed $nto a form which i8 KNC ~ k 27 u~able ~y ~ost . Accordingly, Ho~t , acc~s~Q~ its cryptographic ~8 data ~et to obtain the sen~ing cross-~omai~ key, w~ich had ~oen 29 prev~ou~ly enciphexed under ~ second variant of ~h~ ~ostk master key i.e. E kKNCjk, and together w~th the enc~phered ~e88~0n X~9770~ -63-1~2~2 1 key received from Hosti, performs a privileged RTMX trans-2 formation function which reenciphers the session key from 3 encipherment under the sending cro~s-domain key to encipherment 4 under th~ Kostk master key.
Now, both ho~t systems have the common session key ~n 6 a form usable to perform encipher/decipher data processing 7 operstions and the communication session i~ estsblished.
8 Ho~t~ can now communicate with the Hostk to perform the 9 follow~ng encipher ECPH function: ECPH[E jKS,DA~Aj~-ERsDATA~.
In executin~ this function, a decipher key operation 11 DECX(E .KS)~XS is first performed to obtain the se~s~on 12 key in clear form as the workinq key after which an enaipher 13 data operation ENC(DATAj)~EKsDATAj i~ performed on the data 14 to be tran~mitted over the communication line to the appli-cation program ~n Host .
16 At Hostk, the enciphered Ho~ti data i8 deClpherea by 17 performing the following DCPH function:
18 DCPH(E kXS' ExsDATA~)~DA~A3 19 In executing this functlon, Host first performs a decipher key operation DECK~E kKS)~XS to obtain the ses~ion key in 21 clear form for use as the working key after which the 22 enciphered data rece~ved from Hostj ~8 deci~hered by a 23 dec~pher operat~on DEC~EXSDATAi)IDATAi to obtaln the 24 Host~ data in clear form. Alternat~ve}y, ~ostk data m~y b~
2~ enc~phered under the session key at t~e ~ostk by perform~ng 26 the ECPH funct~on ~CP~(E ~XS,DATAk)~Exs~ATAk for 27 tran~mission o~er the communication line to ~ost3. In th~ 8 ~ ..
28 ca~e, Ho~ti perform~ the (DCP~) function to obta~n the Ho~t~
29 data in clear form:
~C t KMH0~XS~EKSDATAk~ D~TA~

Ki977009 -64-1 It should be noted that when the communication sesslon 2 i8 terminated, either ho~t system must reinitiste a new s 3 reque~t for a new communication session and cause a new 4 session key to be generated and defined as being enclphered S undex the host ma~ter key for establishing a new communi-6 cation ~ession. This procedure provldes increased security 7 for the system since the primary communication keys ar- t$me B varlant and dynamically generated for each n~w communication 9 session. Thus, it should be apparent that ~here wlll be frequent operational key changes for subsequent communi-11 cation sessions thereby providing increase~ security for the 12 gystem.

Ki977009 -65-`~;~81~

1 COMMUNICATION SECURI~Y I~ MULTIPLE DOMAIN NETWORRS USlNG
2 CROSS-DOM~IN XEYS (TERMINAL-APPLICATION P~OGRAM) . _ ..... ........ . _ _ . . _ 3 Referrlng now to Fig. 18, there i8 ~hown in block 4 diagram form, a logical v~ew of session level communicatlon security ~nvolving B terminal in one domain and an applica-6 tion program in another domain of a multiple domain network.
7 In order to properly control data transmissions throughout a 8 data communication network, it is necessary to define a 9 communicati~n archltecture for the network. The arch~tecture establishes the logical structure, formats, protocols, and 11 operational ~equences for the orderly move~ent of information 12 throughout the network. There are many pos~ible communicatlon 13 architectures which can be extended to include cryptography 14 ~upport. One such type of architecture 18 the ~ystem network architecture described ~n varying detail ln the following 16 publ$cations: "Systems Network Architecture ~eneral-Information~
17 No. CA27-310~ M Corporat~on, Armonk, Ne~ York, 1975~
18 nAdvanced Function for Communications System Summary" No. GA27-3099, 19 IBM Corporat~on, Armonk, New York, Second Ed$ton, 1975t H Sy~tem Network Architecture" IBM Systems Journal, Vol. 15, 21 No. 1, 1976, Page~ 4-80~ Further details of the formats and 22 protocols of su~h architecture are described in "System~
23 Network Architecture Format and Protocol ~eference Manuals 24 Archltecture Logic" ~o. SC30-3~12, IB~ Corporat~on, Armonk, New York, 1976. Also, one type of access mcthod lmplementatlon 26 of thiQ architecture for controlling the t ansm~saion o~
27 data ~etween elements in a data communica~ion network iB
2B de3cr$$ed $n detail in the publication, "Advanced Commun~cat~on 29 Function for VTAM (ACF/VTAM) - Concepts an~ Plann~ng~ No.

Ki977009 -66-4~12 1 GC38-0282-1, IBM Corporation, Armonk, New York, Second 2 Edltlon, Augu~t 1977. Another publication whlch provide~
3 an $ntroductory de w ription of data communlcat~on network 4 configuration~ involving multiple domain~ Introduction

5 to Advanced Com~unicatlons Functlon - Mul~.iple System Data

6 Communicat$on Networks~ No. GC30-3033-0, TBM Corporatlon,

7 Armonk, New York; F~rst ~dition, October 1976. A further

8 publlcation which describes the logic of the Multlsystem g Networ~ing Facility of the access method i8 provided in ~Advanced Communication Functlon for VTAM - ~ulti~y~tem 11 Networklng Facility Logic~ No. LY27-8022-~, IBM Corporation, 12 Armon~, N.Y., Fir~t Edition, September 1977. Wh~le t~e 13 detall~ of the architecture described in tho~e publlcation-14 are not critlcal to the pre~ent lnventlon, a brief discussion of the commands for ~ession initiation and the network 16 element~ between which they flow will be ~lven ln th¢
17 following to provide a better understanding of th~ environ-18 ment in whlch th~ lnvention may be applied.
19 In data commun~cation networ~s, application program~
and terminal-q are con~idered as loglcal ur.its. ~efore 21 data may be communicated between such loglcal units, a 22 10~1Ga1 relationship called a ses~ion mu~ be e~tabl~shQd 23 between t~e respecti~e log~cal unit~. In the communicatlon 24 se~Yion between an application pro~ra~ o~ ~ ho~t systQm in one d~main and a remote terminal of a ~o~t syatem in anothor 26 domain, the appllcatlon program acts a6 t~e prim~ry log$cal 27 unlt ~PLU) for e~tabllshtng an~ terminating the communicatlon 28 3es~0n and the terminal act~ as the ~eco.~ary loglcal u~it 2~ ~SLU). In the co~munication sesslon ~etween an applicat$on program of a host sy~tem ~n one domain and an application 1 program of a host ~ystem in another domain, one of the 2 application programs act~ as the primary lcgical unit 3 (PLU) for establishing an~ terminating the communication 4 session and the other application program acts as the secondary logical unit ~SLU). In order to allow a 6 session to proceed, it i~ necessary to estaklish a connection 7 between the two logical units. Typically the connect$on 8 may be initiated at the terminal or by the application progr~m

9 causing an Initiate (INIT) request to be pa~sed to the System Services Control Point (SSCPl) of :he a~sociated 11 host system in the one domain along with re~uest paramet~rs 12 identifying the SLU in the session. The SSCPl is re~ponslble 13 for managing the network and has availabl~ to it a completQ
14 descrlption of the network. ~nen the IN~T reque~t i acceptod, 7 5 a posit$ve r~sponBe is returned to the requesting LU.
16 SSCP~ then cau~es a Cross ~omain Initiate (CDI~IT) reque~t 17 to be passed to the System Service~ ContLol Point ~SSCP2) 18 a~sociated with the host system in the other domain. The 19 CDINIT request i~ used to notify SSCP2 that a LU in the sendlng doma~n wi~hes to establish a co~nunication session with a LV
21 in the receivin~ domain. Upon receipt of the CDINIT requo~t, 22 SSCP2 has the option to accept ~r reject the re~ue~t. If 23 accepted, a positive response i~ returned to SSCP} re~ultin~
24 i~ the creation of a cros~ Domain Control Initiate (C~CI~
request to be passed back to SSCP2. The ~DCINIT re~u~st i~ u~
26 to notify SSCP2 to initiate a request to tne LU in the receivng 27 doma~n with which the sending LU wishes ~o communicate. Ina~u~ed 28 with the CDCINIT r~quest i~ a Bind image which contains th~
29 ~e~ion parameter~ that esta~lish the charact~ri~tics of the session to be esta~lished. If the CDCINIT ~e~uest iB accept~d, X~977009 -6~-1~24812 1 po~itive response i~ returned to SSCPl and SSCP2 then cau~eJ
2 a Control Initiate ~CINIT) request to be passed to the 3 appl~cation program in that domain that ~t ~hould attempt to 4 establish (B~JD) a commùnication ~es~ion with the LU in t~
~ending domain. Included with the CINIT request is the Bind 6 ~age containing the session parameters establishing the 7 characteristics of the se~sion to be established. Upon 8 receipt of the CINIT request, the application program ha~
g the option to accept or re~ect the reques~ to go into session wlth the LU in the other domain. When the CINIT
11 request i8 accepted, a po~iti~e re~ponse ~ returned to 12 SSCP2. The application program then cau~s a BIND reque~t, 13 based on the Bind image, to be pasqed to th2 LU in the oth r 14 domain re~ue~ting that a communication ses~on be establlshed.
Tncluded with the BIND request is the ses~ion parameters 16 which define all of the protocols which mu~t be ob~erv d 17 during this session. Upon recelpt of the ~IND request, th~
18 LU in the other domain has the optlon to accept or re~ct 19 the request to go into sess~on with the appl~cation program.
When the BIND request is accepted, a positi~re ro~ponse i~
21 returned to the application program and the se~sion i~ now 22 established allowing data to be communicat~d ~etween the 23 appllcation program in the other domain ar~ the remote 24 terminal~application program in the one domain.
The descriptions which now ~ollow ~n connectlon w~th 26 Fig. 18 through Fig. 23 are keyed to num~ere~ notations in 27 the figuxe~ ~n order to aid in understand~ng the sequsnce of 28 operations performed in carry$ng out the application 6hown 29 ~n each figure.
Accordin~ly, referring now to ~ig. 1~, at host KI977~09 -69-1~2~1~t2 1 initialization time of each host ~ystem in the different 2 domains, (1) host master keys (KMH0i) and ~XMH~k) are 3 sQlected and loaded into the MK memory of ;he respective 4 hosts systems by a manual WMK function or ~y requesting the executlon of a WMX function under host control, ~2) each ho~t 6 sy6tem then requests a series of GRN functions to be executed 7 to define a series of terminal master keys (KMTl-KMTn) for 8 each of the terminal~ associ~ted with each host ~ystem and 9 cross-domain keys (KNC~k) and (KNCk~) for each host system respectively. (3) The terminal master keys ~re then dl~trlbuted 11 to author~zed individuals in a secure manner, as by 12 courier, registered mail, public telephone etc. and loaded 13 into the MK memory of the respective terminals by a manual 14 WMX function or by requesting the executio~ of a WMX function under terminal control. (4) Similarly, the cross-domain keyJ
16 are distributed in a secure manner to authorized ind~viduals in 17 the other domain for loading into the host s~stem of the other 18 domain. (5) Each host system next requests a series of ~MXl 19 functions to be performed to encipher each ~f the generated terminal master keys and the cro~s-domain ~.ey under the ~lrst 1 variant of the host master key (E jKMTl --- E jXMTn) k KM~ KM~l ~
22 and ~E KNCJ ) in ~ost~ and (E kXMTl ~~~ ~ ~XMT ) XMHl~ k k KM~l XMHl n 23 and (E kKNC j) in Host . Each host syste-n then reque~ts 24 an EMX2 function to be performed to encipher the rece~ve~
cross-doma~n key from the other ho~t system under the ~econd 26 variant of the host master key ~E .KNCk~) and (S ~N~
KMH2~ KM~
27 which are then written to a cryptographic k~y data set 28 ~CKDS) along wLth terminal and ho~ ID's for subsequent 9 retrieval when cryptographic operations are to be performed.
The Qession initiation process begins with either the Ki977009 -70-112~1~31Z

1 term~nal or an appl~cation program init~atlng (6) ~n INIT
2 requost. In the example ~hown, the terminal lnitiata~ ~n INIT
3 raquest to the SSCP of Hosti along with reque~t parameter~
4 ~dentlfying the terminal in the ses~ion for which connection i~ b-ing ~ought When the INIT reque~t is accepted, a 6 po~tive re~pon~e i~ returned to the requesting ~U and (7) 7 a CDINIT request i8 pa~sed to notify Ho&tk that a LU a~Joc~tad 8 with aost~ wishes to estab}ish a communication se~ion fflth 9 a W associated with Ho~t~ When the CDI~IT rQqu~st i~
aacepted, a positive re~ponse is returned ~o the reque~t~ng 11 ~o~ti. It whould be noted that if the INIT request had bQ~n ~2 i~sued by tha application program and accspt~d by ~o~tk, 13 then Ho~t~ would issue the CDINIT request to infoxm ~o~ti 14 that a W as~ociated with ~o~t~ wishe~ to e~tablish a communication ~ession with a LU a~sociated with Ho~tj ~n 16 either event, following the acceptance of _he CDINIT reque-t, 17 the SSCP as~ociated with Hostj must now obtain a se~ion ~y 1~ ~nd arrange for it~ distribution to the participating natwork 19 Qlements Accor~ingly, the SSCP r~que~t~ a ~) GRN functlon to be performed to generate a random number which i~ ~fl~ed 21 as the session key enciphered under the ho~t ma~ter key 2 i e RN~E iKS, in ~eeping with ~he objeccii~ that no ~9y ltMHS~
23 shall occur in clear for~, with the enciphered ~e~sion key 24 ~ng r~tained in the ho~t memory for ~u~equ~nt cryptoqraphlc transfosmation operations. ~n order to di~tri~ute th~
26 ses~ion key in a form u~able by the reque~tin~ c~ n~
27 SSCP n~xt reguests a ~9) pri~il~ged ~FMK ~ran~f~tio~
28 fUnCtiOII to ~e performe~ r~hi~ i~ a~o~ Sled ~y a~ce~a'ng 2g the CKDS for the enciphered termillal master k~y E
y~
as the key paxameter and acc~sing th~ hG~ m~m~ry ~r ~he llZ4~312 l enciphered session key E .RS as the data parameter to KMH0~
2 perform the RFMK function, whereby the enclphered ses~ion 3 key i8 reenciphered from encipherment under the Hostj master 4 XQY to encipherment under the terminal master key E ~RS.
KMT
In order to distribute the session key in a form usabl~ by 6 Host~, the SSCP at Hosti next requests another ~10) privileged 7 RFMK transformatlon function to be performe~. This i8 8 accompll~hed by access~ng the CKDS for the enciphered cro~s-9 domain key E ~KNCik as the key paramet~r and accessin~
KMHl the host memory for the enciphered session key as the data 11 paramcter to perform the second ~FMK functlon whereby the 12 enciphered session key is reenciphered fr~m enclpherment 13 under tho Bost~ master ~ey to enciphermerlt under the ~endi~g 14 cross-domain key E i~KS. At this point, the sesslon key KNC
enc~phered under the HostJ master key, E ~KS, i8 no KMH~
16 longor needed and m~y be erased or, alternatlvely, the 17 rs~ult of the second RFMK tran~formstion may be used to 18 overlay the enciphered session key E jKS so that it iB no 19 longer accessible. Having derived these quantitie~ i . e.
EXMTiKS and E jkKS, they are included in the ~e~lon para-21 meters of the CDCINIT request. ~ll) The SSCP a~ociated with 22 Hosti then causes the CDCINIT reque~t to be pas~ed to the SSCP
23 associated with ~ostk indicating that there is a request for a 24 ~ession to be established with the term~n&l. ~f the SSCP
~s~ociated with ~ostk accepts the CDCINIT request, a positlve 26 response i8 returned to the SSCP associated with ~ost3. In 27 order to obtain the received se~sion key in usable foxm at 28 the receiving ~ostk, the SSCP at ~ostk next requests a (12) 29 pr~vileged RTMK transformation function to ~e performed.

Ki977009 -72-~24812 1 This ts accomplished by acce-Rsing the CXDS assoclated with 2 Hostk for the sending cross-domain key enciphered under the 3 ~econd variant of the ~ostk master key E kXNC~k as the K.~H2 4 key parameter and the rece~ved enc$phered session key as the S data parameter to perform the RTMK function whereby the 6 received enciphered session key i8 reenciphered from encipher-7 ment under the sending cross-domain key E ~kKS to encipher-8 ment under the receiving Hostk master key E KS. The KMHpk 9 result of the RTMK trangformation function ~E kRS) replace~
XN~I0 the enciphered ~es~ion key ~E ~kKS) as a ~ession parametor.
KNC
11 ~13) The SSCP a~sociated with ~ost then prepares ~ CINlT
12 reque~t and passes it to the application prcgram indicating that 13 there i~ a request for a session to be established with the 14 terminal. If the application program accepts the CINlT
request, a positive response $8 returned to the SSCP assoclat~d 16 w~th Ho~t~ and the enciphered ~es~ion key ~ kKS is extract-d ~0 17 and savea for subsequent encipher/decipher data operations 18 during the session. (14) The application program then 19 generates a BIND request which contain~ amon~ other th~ngs the enciphered ~esslon Xey E jKS, which is pa~sed to the KMT~
21 ter~inal. If the terminal accep~s the BIND request, a 22 positive respon~e is returned to the application pxogram ~nd 23 the enciphered se~sion ~ey E .KS ~ 8 extracted and saved 24 for ~ubsequent encipher/deciphe~ data operations during th~
~ess$on. The net result of th~ 9 i8 to estab~$sh a communlcatlon 26 ~e~sion between two participating LU'~ of ~he different 27 domain~ of the networ~ with each ~eing provided with ~

~8 common operational key in a form suitable for u~e with thelr 29 respective cryptographic apparatus. Thus, the terminal can Ki977009 73 -1124~3~Z

1 now request that an ~l5) ECPH function be performed to 2 encipher terminal data, u~ing the session key enciphered u~der the terminal master key, to obtain enciphered termlnal 4 data EKSDATAj for transfer to the application program and the appl~cation program can request a 116) DCPH function be 6 performed to decipher the enciphered data received from the 87 terminal using the same session Xey but enciphered under tho ho~t master key to obtain the terminal data ~DATA~) in clear form. Alternatlvely, the application progxam can request an (17) ECPH function to be performed, using E RS, to 11 k KM~
encipher Host data and the terminal can request a (18) DCP~
12 function to be performed, using ~ iKS, to declpher 13 enclphered ho~t da~a received from t~e applicatlon progrum.
14 CQMMUNICATION SECURITY IN MULTIPLE DOMAIN NE~WORRS
USI~G CROSS-DOMAIN KEYS (APPLICATION PRGM - APP~ICATION PRGM) 16 Referring now to Fig. l9, there i8 shown in block 17 diagrsm form, a logical view of session leYel communlcation 18 security involving an application program in one domain and 19 another application program in another domain of a multiple domain network. At host initialization time of each host 21 sy~tem in the different domains, (}) host ~aster ~eys (KMH0~) 22 and (RMB0k1 are selected and losded into M~ memory of the 23 respective ho6t systems by a ~anual WMK function or by requ~tlng 24 the exe~ution of a WMK function under host control, ~2) each host system then requests a series of G~N f-~nction~ to ~e 26 executed to ~efine a ~eries of appl~cation keys ~XN~l-KN~n) 27 for esch of the app}ication program3 assoc~ated wlth each ho~t 28 ~y~tem an~ a cros~-domain key (KNC~k) and (KNCk~) for each 29 host system, re~pectlvely. ~3) The cros~-~omaln ~ey~ are then 3~ dis~ributed to an authorized individual in the other dom~in in Xig7700~ -74_ ~z~z a secure manner, as by courier, reg1stered mail, public telephone and so forth, for loading into ~he host system of 3 the other domain. (4) Each host system next requests a serie-of EMX2 functions to be performed to enclpher each of the generated applicat~on keys and the cross domain key received 6 from th~ other ho~t system under the second variant of the 7 host master key (E jRNA~ KNAn) and (E KNC
8 ~ XMH2 k KM~2 ~ KMH2 ~k in Host' and (E kXNAl ~~~ E KNA ~ and (E kXNC' ) in g ~ KMH2 KMH2k n KMK2 Host . Each ho~t system then requests an EMXl functlon to be performed to encipher the ~ending cross domain key under the r~t variant o~ the host master key (E KNC~k) and ~-' ~EI L
12 (E kKNC~J) which are then wr$tten to a cryptographic data 13 set ~CXDS) along with the application and ho~t ID' 9 for 14 subsequent retrieval when cryptographic opaxations are to be performed, 16 The ~ession initlalization process be~in8 wlth elther 17 app~lcat~on program initiating an INIT request. (5) In 18 the example request shown, the application program ~ssociate~
19 wlth Hosti initiates the INIT request to the SSCP of Host~ -along with request parameters $dentifying ~he application 21 program in the 6esslon for which connection is be$n~ ~ought.
22 When the INI~ reque~t is accepted, a positive rQ~ponsQ i~
23 returned to the requestlng LU and (6) a CD~IT r~quest 1 24 pa~sed to not$fy Hostk than an LU assoctated with Host~
wishe~ to establish a communication ~ess$on ~lth ~ ~U associ~te~
26 wlth ~o~tk. When the CD~NIT request i~ accepted, a positivo 27 respon~e i~ returned to the requesting Hostj. The SSCP
28 associated wtth Hosti must now o~tain a se~sion key ~nd 29 arrange ~or its di~tribution to the particpating networ~
element~. Accordingly, the SSCP requests a (7l GRN function Ki977009 _75_ ~124~312 l to be performed to generate a randon number which i9 deflned 2 as the session key enciphered under the application key 3 assoclated with the requesting application program ~.e.
4 RN-EXNAj KS, in keeping with the objective that no key shall S occur in clear form, with the enciphered session key belng 6 retained briefly in the host memory for a subsequent crypto-7 graphic transformation operation. In order to distribute 8 the ~es~ion key in a form usable by the receivin~ host 9 system, the SSCP must perform two transform~tion functions, the first of which is to obtaln the ~e~s$on key enciphered ll under the host master key of the sending Ho~t~ and the 12 second of which is to use the result of the first trans-13 formatlon function to obtain the se~slon key enciphered 14 under the sending cross domain key of the ~ost~ for trans-mi~ion over the cross domain llnk to the ~eceivin~ ~ostk.
16 ~herefore, the SSCP next requests a (8) privileged RIMX
17 transformation function to be performed. This is accompli~hed 1 a by acce~sing the CKDS for the enciphexed a~plication key 19 associated with the requestinq program EKMH j KNA~ a9 the key parameter and acces~ing the host memory for the ~nc~pher d 21 ~e~s~on key EXMA; KS as the data parameter to perform th~
22 RTMF function, whereby the enciphered sess$on key ~8 reenciphered 23 from encipherment under the application key to encipherment 24 under the Host~ master key E .XS. The ~SCP at ~ost~ next XMH~
requests ~9) privileged RFMK tra~3formation function 2~ to be performed. ~his is accomplished by accessing the CRDS
27 for the enciphered sending cross-domain key E KNCjk KM~l 28 t~e key parameter and accessing the host memory for the 29 enclphexed session key as the data paramett-r to perform the RTMX funct~on whereby the enciphered sessi~n key Ki9770~9 -76-1~24~i2 1 reenciphered from encipherment under the Ho~ti master ~ey 2 to encipherment under the sending cro~s-don~n key E ~kKS.
KNC I
3 At this poir.t, the ~ession key enciphered under the HostJ
4 master key, E XS is no longer needed and may be era~ed ~Pi or, alternatively, the result of the RFMK transformation 6 may be used to overlay the enciphered sessi~n key E ~KS
KMH~
7 so that lt is no longer accessible. Havin~ derived the 8 guantities ~.e. E XS and E .kKS they ~re included in ths KNAj KNC~
9 se~on parameters o~ the CDCINIT session p~rameter request.
~10) The SSCP as~ociated with Host~ then cau~e~ the CDCINIT
11 request to be passed to the SSCP as~ociate~ with Hostk indicat-12 ing that there is a reque~t for a se~sion to be e~tablished 13 wlth a ~U in do~ain ~. If the SSCP associated wlth Bostk 14 accepts the CDC~NIT request, a positive respon~e i~ returned to the SSCP associated with Host~.
16 ~n order to obtain the received session key in us~ble 17 form at the receiving Hostk, the SSCP at H~st~ next re~uo~t~
18 a ~11) privileged RTMK tran~formation functlon to be performoa.
19 Thi~ is accompli~hed by accessing the CKDS associated with ~o~tk for the sending cros~-domain key enciphered un~er the 21 second variant of the ~ostk ma~ter key E kKNC~k as the 22 key parameter and the recei~ed enc~phered se~on key a~ the 23 data parameter to perform the RTMK function whereby the 24 received enciphered session key is reenciphered from enclpher-ment under the sending cross-domain key ~ ~k~S to encipherm~t 26 under the receiving ~ost master key ~ KS.
KM~k 27 The result of the RTMK transformation functlon ~E kKS) 28 replace~ the encipherod session key (E ~kKS) ~8 ~ session p~ra-29 meter. ~12) The SSCP associated with H~st then prepare~ a Ki977009 -77-1'12L~12 1 CINIT request and passes it to t~e application program 2 ~nd$cating that there is a request for a session to be 3 establlshed wtth the LU in domain ~. If ~he appl~cation 4 program accepts the CINIT request, a positive r~spon~e $8 returned to the SSCP aQ~ociated with Ho~tk ~nd the encipher d 6 session key ~ KS is extracted and saved for subsequent KMH~k k 7 enc$pher~decipher data operations at ~ost durlng the 8 Qe~sion. ~13) The application program associated with Hostk 9 then qenerate~ a BI~D request wh`~ch conta~n~ among other thing~ the enciphered session key E jKS, which is pas~ed XN~, .~ ' il to the applicat~on program associated ~ith Ho~t'. If the 12 appllcat~on program accept~ the BIND reque~t, a positive 13 respon~e i~ returned to the application program a~sociat~d 14 wlth ~ostk and the enciphered seS~ton ~ey E ~KS i8 extract~d KNA, and saved for a subsequent transformation func~lon to prov$de 16 the se~ion ~ey in a usable form at Host~. Unlike the 17 terminal communlcation in the previou~ example, an applicat~on 18 pro~ram has no cryptographic facility of its own and therefore 19 must use the cryptographic facility of the ho~t with which it i8 associated. Therefore, the ~ession key u~ed by the 21 application program when enciphex~ng or deciphering d~ta 22 must be in a form in which it i8 enciphered under the as~ociatd 23 ho~t maater key. Accordingly, the se~sion ~ey presently 24 enclphered ~nder the applica~ion key of the as~oclatea app~ic~tion program m~t be reenc~phered under the 26 as~ociated host ma~ter ~ey. l~his is accomplt~hed by r~questing -~7 a (14) privileged RTMX transformation function to be perfor~ea 2 a at ~osti. This i~ accomplished by acces~lng the C~DS a~oc~at-d 29 wlth Hostj for the applicat10n key a~ociated with the requ~sting ~pplication program which i9 enciphered under the second var~nt 112~8~2 1 of the Host~ master key E ~KNA~ as the k~y par~meter ana KM~2 2 the reeeived eneiphered session key as the data para~eter to 3 perform the RTMX funetion, whereby ~he reeeived eneiphered 4 e~sion koy iQ reenciphered from eneipherment under the applieatlon key E ~S to encipherment under the sending KNAl 6 Nost master key E ~XS The net resulr of this ~ to ~MH~
7 establi~h a eommunieation session between the two partlelpating ;`
8 app~ieat~on programs of the different domair~s of the n twor~
g with eaeh being provided with a eommon operatlonal key in a fonm sultable for u~e with the eryptograph$e apparatus of th-11 re-peetive host sy~tems Thus, the applleation progr~m 12 aJ~oeiated with the Host~ can now request that an (15) ECPH
13 funetion bo performed to eneipher Host~ data using the session 14 key eneiphered undor the Host~ master key, to obt~in enelp~ered Host~ data EKSDATA~ for tranfer to the app}ieation program 16 a8soeiatod with Hostk and the appllcation proqram a~soeiated 17 with Host ean re~uest a (16) DCPH funetio~ to bo performed to 18 deelpher the enciphered data received from the applleat~on 19 program assoeiated with Ho~t~ using the ~me session key but onaiphered under the Hostk master key to obt~in the Ho~t~
21 data (DATA~) in clear form Alternatively, the application 22 program assoeiated with Hostk ean request an ~17) ECP~
23 funetion to be performed, using E ~S, ~o enelpher k KM~k 24 ~ost and the application program a~oeiated with ~o~t~
ean requeJt a (}8) DCPH function to be performea, usin~
26 E KS, to decipher enciphered Ho~tk data reee~ved from KMN~ k ~7 the ~pp~ication progr~m as~oc~ated w~th Host to obtain 28 Ho~t~ data (~AT~) in clear form K~977009 -79-112~t~i2 1 COMMUNICATION SECURITY IN MULTIPLE DOMUIN ~ETWORKS USING
2 A PRrVA~E ~EY (TERMINAL-APPLICATION PROGRAM) 3 ~eferrlng now to F$g. 20, there is shown ln bloek diagram 4 form, a logieal v~ew of eommunlcat$on security $nvolving a S terminal in one domain and an appllcation ~rogram ln another 6 domaln of a mult~ple domain network using a private koy.
7 Th-re ar~ many situations whore it is d~ ed to provid 8 data transmisslon~ through a data eommunication network 9 uJlng a pr$vate seeondary eommunlcation key l.e. a prlvate tormlnal ma~ter key ~KMTP) whieh $8 not system gen~ratod but ll 1~ mutually agreed upon by the end users. In thls case, 12 a prlvate level of eommun$eation soeurity ean bo e~tabli~h~d 13 by u-lng a protcol whereby key selection ar~d d$~tribution 14 ar tho u8er8 responsibility and req~ests ~or eryptographie sorvlee are explieitly expressed by tho ond usor. Thereforo, 16 $n thl~ ea~e, at Ho~tk inltlalization tim~ ~l) a Ho~tk 17 ma-ter key (XM~k) is again seleeted and loaded into or may 18 alroady reside in th~ Ho~tk MX m~mory. (2) The t~rminal user 19 d e$dos upon and defines a private terminai ma~tor key (KNTP~) to be u~d in a eommunieat~on ~e~ion with an 21 application program a~sociated wlth Hostk. ~3) Th~ deflned 22 prlv~te terminal ~a~ter key i~ then commurlcated ln a 23 securQ manner to an authorized user at Hostk. The ~rlvat~
24 term~nal ma~ter key is then loaded lnto the ~ostk msmory an4 tho host regue~t~ (4) an EMXl function to ~e performed to 26 encipher the private key under thç flrst variant of the 27 Ho~t master key E ~XMTPi. ~owev~r, in thi~ in~tance, 2R since cryptographic sarvice~ are explicitly expresJod by t~a 29 end user rather than the ~ystem, the prlvate koy ~nd i~
enolphered vers$on ar~ not written out to a CRDS but rath~r ~I977009 -80-liZ~12 "

1 ~s) to ~n output device e.g. a prlnter, where both a copy of 2 the def$ned private key and ltQ enciphered verslon $~ (6) 3 ~torod in a secure manner e.g. in a vault, until ~uch tl~
4 as a communlcation session 1~ to be establi~hed. At that tl~e, ~7) the t~rminal user who wishe~ to lnitiate a commun-6 lcatlon session ~oads the private termin31 master koy into 7 the terminal by a manual WMK functio~ or ~y r~quosting the 8 execut$on of a WMK function under terminal control and l8) 9 the enolphered ver~fon retrleved from the vault i~ lo dea ~ lnto tho Ho~tk memory for subsequent use ~hen cryptographia 11 servioe~ are requested. As in the previou~ly describod 12 terminal-appllcation example, the reque~t to e~tabllsh a 13 so~lon may be initiated, for example, by ~he terminal u~er 14 causing an (9) INIT re~ue~t to be pas~ed to the SSCP of the lS Host~ sy~tem. When the INIT r~quest 18 accepted, a po~tlvo 16 re~pon~o 1~ returned to the requestlng LU. In thi~ c~c, 17 slnce th- private end u~er protocol ha~ ss~abl~shed that 18 request~ for cryptographlc serv~ces Are to be expres-ed by 19 the spplication program, the SSCP makes no reque~t for .
s~J~ion key but mQrely cause~ a ~I0) CDINIT reque~t to be 21 passed to the SSCP of the Ho~tk ~y~tem to notlfy the SSCP
22 that a LU in the send~ng domain wi~he~ to Qst~blish a 2 3 commun~ catlon se~ion with a I,U in th~ rec~iving domain. If 24 thQ SSCP a~oaiated w~th the Hostk accept~ the C~INTT reque~t, 25 a posit~ve respo2~e ~ re~rned to the SSCP a~oci~ted wlth 26 the HOB~C~ re~ulting in the creation of a CDCINIT reguest to 27 be p~ss~d back to the SSCP of the ~ostk sy~em reguesting le 28 to initiate a reque~t to the LU recoiv~ng dom~in wlth whlch 29 the Ae~dlng LU wL~hes to communicate. If the S8CP a~soclat-d 30 with the Ho tk ~y3tem accepts the CDCINIT request, ~ pofflt~vo ICIg770~9 -81-il2~

1 response i~ returned to the SSCP of the Host~ and a ~12) 2 CINIT request is pa~sed to the appllcation program r~que-tlng 3 that it attempt to bind a communication se~slon between the 4 applicatlon program in domaink and the LU in domaln~. If S the appllcatlon program accepts the CINIT roquest, a positi~
6 re~ponso is returned to the SSCP of the ~ostk ~y~tom and the 7 applicat~on pro~ram then request~ a (13) GR~ function to b-8 p-rformed to obtain a random nu~ber defined as the onc~ph-r~
9 ~e~on key l.e. ~-E RS and a tl4) pr$vlleged RFMK
function to transform the session key enciphered under tbe 11 host mast~r key E KS to ths session ke~ enclph-red KMEl~k 12 under the private termlnal master key E ~KS for trans-gMTP
13 mittal to the terminal. Thi8 is accompll~h~d by ~cce~sing 14 the Ho~tk m~mory for the enciphered priv~te termlnal ma~ter key ~ kXMTP~ as the key parameter and th- onc$phered X~l 16 ~e~s~on key E ~S a~ the data parameter to perform the KM~ ' ' 17 RFMK function whereby the session key i8 r~senoiphered from 18 enc~pherment under tho Hostk master key E ~B to XMX ~
19 enclpherment under the private terminal ma~er key. me re8ult of the RF.~X transformation function is placed ln tho 21 Bind image and the application program generates ~ BIND
22 reque~, based on the ~ind image, which i~ (~5) pa-sed to the 23 ter~lnal as~ociated with ~ost~. If the teL%ln~l accepts ~h-24 B~ND reque~, a posl~ive respon~e i~ returned to the app}$c~t~on 2~ pro~ram s~ociated with Host and the enciphered session key 26 E XS i~ extracted and ~aved for ~ubse~uent cryp~ographic KMTP~
27 operatlons at the terminal. The ~alance of the opara~ion 1~
28 i~ntical to that de~cribed abo~e in connection w~th Fig. 18 29 and once the common ~e~ion key i~ establi~hed at bo~h end~, ~o tho applica~ion program will control all requests for enciphor 112~8 1;;~

1 ~ECPH) or decipher (DC~) data operations at the Host~ gy~t~
2 and the terminal a~sociated with the Host~ will control all 3 requ-~t~ ~or enclpher/declpher data operatlon~ 1A do~ln~.

~0 11 ' .

112~8~2 1 CCk~2UNICAT~ON SECU~ITY IN MULTIPLE DOMAIN NETWO~RS U8ING
2 A PRIYATE KEY (APPLICA$ION PRGM-APPLICATIO~ PRGM) 3 Referring now tO Fi~. 21, there i~ ~hown ln blo¢k diagram 4 form, a logical view of communlcation ~ecurity $nvolvlng an appllcation program in one domain ~nd an application program 6 in another domain of a mu}t~ple domain net~or~ u~lng a privato 7 k~y and a private end user protcol. Here again, as in tho 8 last example, a private levQl of communicat~on securlty ¢an 9 be established using a protcol whereby key ~election and dl~tribution are the end user~ re~ponslbllity and roque~ts ~or ~;
11 cryptograph~c ~erYlces are explicitly expressed by the end 12 u~ers. Therefore, in this case, at ho~t i~ltiallzatlon tl~o 13 (1) ho~t ma~ter kRys tKMH0~) and (M ~) are sele¢tea snd 14 loadea lnto or may already re~de ln the MK msmory of the re~pective host~. (2) An end user ln one domaln, ~or ex~mplo, 16 domaln ~ d~cides upon ~nd privately defin~ a private 17 appllcation ~ey (K~AP~) to be u~ed ln the communlcatlon 18 ~e8~ion whlch i~ communicated ln a ~ecure manner to an 19 authorized user at ~ostk. (3a) At ~08t~ the private application key is loaded into the host mem~ry and a requ~t 21 is made that an EMX2 function be performed to encipher the 22 pr~vate app}icatlon ~ey under the second varlant of the 23 Host~ ma5ter ~oy E ~XNAP~. (3b) Similarily, at No~t~

24 the private appllcat~on key i~ loaded into the HoJt~ m~mory and a re~ue3t i8 ma~e that an EMKl funct1on be porformod to 26 enc$ph~r the pr1vate appllcation key under ~he fir~t varlant 27 of th~ ~ostk ma~ter key E k~Apj S~nce cryptographic . ~CMHl 28 ~ervlces are explicitly expressed by the end users rather 29 than the ~y~tem, the re~ultant values at both tho~e sy~t~m~

~re not written out to a CK~S but r~ther (~) to output dov1ce-KI97700g -84-~2~ 2 1 e.g. a printer, where ~oth a copy of the d~fined private kay 2 and its enclphered version is (5) stored in a ~ecure ~anner 3 e.g. ~ n a vault, until such time as a communication se~aiQn 4 i~ to be e~tabltshed. At that t~me, the copie~ are t~ken out of tha re~pective vaults and the encipherea private 6 application keys are respectively (6) loaded into tho ho~t 7 memory of each ~o~t for subsequent u~e when crypto~raphlc 8 ~ervices are reque-~ted. ~s in the prevlously de~crlbed 9 example, a cross domaln sequence of reque~ts, lnvolving the ~7) INIT ~8) CDINIT (9) CDCINIT and (10) CINIT requests 11 pro¢eed from domain~ to domaink. If the appllcatlon progra~
12 a~oclated with the Ho~tk accepts the CINIT reque~t, a 13 reguest i~ made to perfonm a tll) GRN func~ion to obtain a 14 random numbar defined a~ the enciphered session key i.e.
R~ ~ kRS and a (12) privileged RFMR f~nction to trans~orm 16 the sesslon key enciphered under the Host master key E ~XS
~r 17 to tha se~ion key enciphered under the private application 18 key ~ ~RS for (13) tran~mittal in the BIND request to the 19 application pro~ram associated with the Ho~t~. If the application program associated with the ~ost~ accept~ th 21 BIND reque~t, then in order to obtain the recelYad se~ion 22 key ~n uaable form at the }~o~tk, ~ince the applicat~on p~o~r~
2 3 mu~t u~ the cryptographic app~ratus of ths ~ost3, the 24 app}ication program re~ue~ts a (14~ priv~ ~eqed RTMK trans-25 fosm;ltio~ function to be performed. m~s la accompliahed b~
26 access~ng the ~105t ~ memory fox the private application lc~y 2 7 enciphered under the second variant of the Hos'c~ ma~ter koy 28 E .}tNAP~ as th~ key parameter and the received enciphered KNB2~
2 9 s~sslon 1CQY E . RS a~ the data parameter to perform the 30 RTMK functlon, wh~reby the recelvQd enclphered ~e~on k~y 1 il2~i2 1 reenclphere~ from encipherment under the p-ivate application 2 ~ey E j~S to encipherment under the receiving ~08t~
3 ma~ter key E j~S. The net result of thi~ 1~ to establish 4 the communication session between the two participating application programs of the different dom.~ins of the network 6 with each ~eing provided with the common operational key in 7 a for~ suitable for use with their re~pective cryptographic 8 apparatus. Once the common session key is established in a ~, g usable form at both ends, the balance of ~he operation iB
identical to that described for the previous examples with 11 each applic~tion program controlling all 2 ?quests for either ~, 12 an enclpher (~CP~) or decipher (DCPIi) data operations at ~,`
13 the ho~t system, respectively.

1~ .

~I97700~ -86-CO~ ICATION SECURITY IN MULTIPLE DOMAIN NETWORKS USING
2 A PRIVATE ~EY A~D TOTALLY ~RI~rATE PROTOCOL (TERMINAL-3 APPLlCATION PROGllAN
4 Referr~nq now to F~g. 22, there i~ shown ln block dlagr~o S form, a logical view of communication secuLlty involvlng a 6 term~nal in one domain and an applicat~on program ln ~noth-r 7 domain of a multiple domain network using a private ~ey ~nd 8 a prlvate protcol which i~ totally private and therefore 9 unknown to the ~ystem. In totally prlvate sygtem~, key ~election, key mana~ement and data transfer ~ accompll~h d 11 without sy~tem knowledge that cryptography is belng pQr~or~d.
12 Therefore, in this case as~ume that a termlnal user 13 ss~ociated with Host~ w~he~ to have a pr';vate ~es~lon wlth 14 ~n appl1catlon program a~sociated w~th Host~. Accordlngly, at Hostk lnitial~zation tlme, (l) a Host~ mast~r ~ey ~KM~
16 is ~elected and loaded into or may already re~ide ~n the 17 ~ootk MK memory. The termlnal u~er then decldes upon and 18 prlvately define~, ln a secure manner, a prlvate communlc~tlon 19 key l.e. a private session key KSP~ to be used as ~hB co~mon operational key whlch is (2) communicated i~ n ~ecure manner to 21 an authorized user at Hogtk. (3) The private key i8 thon 22 ~oaded lnto the ~ostk memory and a request 1~ made (3) to p r~or~
23 an EMX~ funct~on in order to encipher the private session ~oy 24 under the Ro~tk master key E kKSP~. (4) The re~u}ting en~iphered value ~ wr~tten to an output ~rinter device 26 a~d ~oth a copy of the defined private s~8$0n key and its 27 enc~ph~red version are ~5) s~ored in a ~ecur~ manner 1.e. 1~ a 28 vault, until such time as a comm~nication ses~ion 1B to ~e 29 est~bl~shed. At that time, (6~) the terminal u~er write~
the private ~e sion ~ey into the key registers of the KI977~09 ~87-~1241~iZ

1 term~nal crypto engine as a working key by a ~oad Key 2 Direct function and (6B) the copy of the enciphered version 3 of the private session key i9 taken out of the vault and 4 loaded into the IIOStk memory for -~ubseguent- use when crypto-graphlc ~er~ices are requested. Since a totally prlvate 6 protocol iB being used ~n this application, the steps (7) 7 I~I~ request (8) CDIN}T request (9) C~CINIT request ~10) 8 CINIT request and (11) BI~D request proceed in a straight 9 forward manner to establi~h a communication ~ess~on between the termlnal and the application program without the system 11 being aware that any cryptographic operation is to be 12 performed. Following the establishment of ~he session, the 13 tenminal can perform an (12) ENC function to encipher 14 terminal data u-qing the private ~e~sion ~ey KSPi as the operational key to obtain enciphered terminal data E ~DATA~

16 for transfer to the application program as~ociated with Hostk.
17 At Host~, upon receipt of the en~iphered terminal data, the 18 application program re~uests a (13) deciphe~ (DCPH) function 19 to be performed to decipher the enciphered terminal data, using the enciphered private session key E XSP~, to obtain RMHp~C
21 the terminal data (DATA~) in clear form. Alternatlvely, the 22 applicat~on program associated with ~ostk man request ~n (1~) 23 encipher (ECPH~ funct~on to ~e performed on Hostk data, using 24 the enc~phered private ~e~sion key to obtain ~nciphered Hostk data E DATAk for communication to the termina~ associated KSP~
26 with the Kost~. At the terminal, upon receipt of the encipherd 27 ho~t data, the terminal reque~ts a ~15) decipher ~DEC) functlon 28 to be performed to decipher the enciphered Host~ data, using 29 ~he private se~sion ~ey as the working key, to obtain the ho~t data ~DAT ~ ) ~n clear form.

., ii2~8i2 COMMUNICATION SECURITY IN MULTIPLE ~OMAIN NETWOR~S
2 USlNG A P~IVATE XEY AND A TOTALLY PRIVATE P~OTOCOI.
3 ~APPI.l~ATION PRGM- APPLICAT~:ON PRGM) 4 Referring now to Fig. 23, there i8 shown in bloc~
d~agr~m form a logical view of commun$cat$on secur$ty 6 involv~ng an applicatlon program in one domain and ~n 7 application program in another domain oif a m~ltiple 8 domain network u~ng a private key and a private protocol 9 which is unknown to the ~y~tem. Therefore, in thi~ ca~e,

10 a8 in the previou~ ex~mple, key selection, key management

11 and data transfer is accompl~shed without ~y~tem knowledge

12 that cryptography i~ being performed. Therefore, assume ,

13 that an application program as~oclated with Host~ wi~he~ to

14 have a private ~eRsion with an application progrsm a~oc1~d w$th Ho~tk. Accordingly, at initialization time of each 16 host ~yst~m in the d~fferent domains, (1) host ma~ter koy~
17 (~MH~) and ~KMH~k) are ~elected and loaded lnto or may 18 already res~de ~n the MX memory of the resectlve ho~t 19 8y~tem~. ~2) The end ~er then decides u~on and privately defines, in a secure manner, a private communlcation ~oy 21 i.~. a pri~ate ~e~s~on ~ey XSP~ to be used ~s the common 22 operatlonal key which is (2) communlcated ~n a 8~CUre manner 23 to an authorized u~0r at ~ostk. ~3) The prlvate ~ey ls then 24 loaded lnto the re~pective host m~morie~ ~n~ a request i~
made to perform an EMK~ function, at each host ~y~tem, ln 26 order to encipher the prlvate session ~ey under the reRpect1vo 27 ho~t magter key~ E KSP~ and E kKSP~. ~4) The resultlng KMH~i gMH~
2 a enciphered values are wrltten to output printer device~ ana 29 ~oth a copy of the defined pr~vata session k~y and it~

enclphered verslons are (~) .gtored ln a s~cure m~nner l.e.

~I977009 -~9-ii2~8i2 ' 1 in a vault, unt~l ~uch time as a communicat$on ses~on i~
2 to be established. At that time, ~6) the ~op$e~ of the 3 enciphered versions of the pri~ate ~ess~on key are taken 4 out of the vaults and loaded lnto the respe~tive host memor~e~
for subsequent use when cryptographic services are requeste~.
6 Slnce a totally primate protocol is being u~ed in this appll-7 catlon, the steps (7) }WIT request (8) CDINIT request (9) 8 CDCINlT reque~t tlO) CTNIT request and tll,~ BIND request g proceed in a straight forward manner to es~ablish a communicat$on ~esslon between the applicat$on programff 11 wlthout the sy~tem being aware that any cryptographic oper-12 at$on 18 to be performed. Following the es~abl~shment of tbe 13 session, the application program as~oc~ated with Host~ can 14 perform an ~12t ECPH funct~on to encipher ~ata uslng the enciph~red private session key E ~SP~ as the operational KMH~
16 ~ey to obtaln enc$phered data ~ .~ATA. for transfer to the RSP~ ~
17 appl$cation program associated with Hostk. At }lostk, upon 18 receipt of the enciphered data, the applica~$on program 19 re~uests a ~13) decipher (DCP~) funct~on ~o be per~ormed to decipher the enclphered nost~ data, u~$ng rhe encipherQd 21 prlvate ses~on key, to obtain the data (D~TA~) $n clear form.
22 ~lternatively, the appl$cation program as~ociated with Hostk 23 can request an (14) enc~pher (ECP~) funct~on to be performed 24 on Hos~kdata, using the enc~phered private se~sion key ~o obta~n enciphered ~ost data ~ DAT~ for communicat~on to ~SPi 26 the spplicat~on program a~sociated with the ~ost~. ~pon 27 rece~pt of the enciphered Hostk data, the ~ppllcation progr~m 28 a~ociated with Host~ requests a ~15) ~ecipher (DCPH) functlon 29 to be performed to dec~pher the enciphered Ro~tk data, u~ing the private session key as the wor~ing key, to obt~n the 31 Bostk dAta (DA~ ~ ) in clear form.

1~2~8iZ

1 D~TAILED DESCRIPTION--HOST DATA SECURITY DEVICE
.
2 Data Security Device ClocX
3 ~eferring now to Fig. 24, there i8 sh~wn the logie dQtalls 4 of a eloek pulse generator 100 used in the ~SD of the pr~sent invention. The primary input is a ~quare wave 6 osc~llator whose nominal repetition rate 1~ 4MHz, hav$ng 7 approxlmately a 50~ duty cycle. ~he oselll~tor 102 effeetlvely 8 drlves a ring eounter made up of two D-ty~e flip-flop~ 108 g and 110 whieh Are used for eontroll~ng other log~e eircults wlthin ~he eloek 100. The elock 100 produ~es a eloe~ ~lgnal 11 -C derived from the flip-flop 110 and _ddit'onally produee~
12 four basle clock pulses from a ring counter ~nd the o~cillator 13 pul~es on the phase 1, -phase 1, -pha~e 1 late, phase 3 lat 14 and pha~e 4 lines, each being nominally 125ns ln d~rat~on aNd h_ving the relAtlonsh~ps shown in Fig. 25.
16 More specifieally, the illp-flops 108 ~nd 110 _re 17 initlally in n off state with the flip-flop 110 applylng a 18 posltLv~ signAl to one input of the AND cireuit 130 ~nd to 19 condition the flip-flop 108 for being turnsd on. The loading edqe of a pulse from the oscillator 102 iB appll~d v~a 21 lnverters 104 ~nd 106 to turn on the fl~p-~lop 108 whieh, ln 22 being turn~d on, applie~ a positive ~ignal to a ~ocond input 23 of the AND circuit 130 and to condition the flip-flop 11~ for 24 belng turned on. At the trailing edge of the ~r~t o~ei~lator pulse, a po~itive signal is ~pplied fro~ the inver~er 10~ to 26 r~nd~r the AND circuit 130 effective to apply a po~itive pu~e 27 on the ~3L line hav~ng a 125n8 duration. ~he ~eading ed~e of 28 the next oscill~tor pul~e i8 applied via tne inverter~ 104 and 29 106 to turn Qn the conditioned flip-flop 110 wh~ch, in b~l~g turned on, applie~ a po~itive ~i~nal to condition the AND invert KI977009 g ~12 1 circuit 134 and to turn on the ~4 l~tch 1~2. Tho latch 132, 2 in belng turned on, applies a positive ~ignal to rondor the 3 AND lnvert circult 134 effective to apply a negative pul-e 4 on the -~4 line and, via inverter 136, a p~sltive pul8e on the ~4 l$ne, both pulse~ be~ng of 125n~ duration. The 6 fllp-flop 110 in being turned on also applle~ a negatlve 7 ~lgnal to condition the fl$p-flop 108 for belng turned off 8 and to render the AND invert circuit 120 effective to apply 9 a positive ~lgnal to the -C llne. The leading edge of the next oscillator pul~e i~ effective via th~ inverter~ 104 and 11 106 to turn off the flip-flop 108 whlch, $n belng turned 12 off, applie~ a posltlve signal to condition the AND invert 13 circuit 124, to turn on the ~1 latch 122 ~nd to one input of 14 the AND invert circuit 128 and also applied a negative ~ignal to condition the flip-flop 110 for being turned off. The 16 lat¢h 122 ln being turnea on applle~ a po~tlve ~lgnal to 17 render the AND invert circu~t 124 effective to apply a 18 negatlve pul~e to the ~1 line and, via the lnverter 126, a 19 po~itive pulse to the ~1 line, both belng of 125n~ duratlon.
The flip-flop 110 ~till being on applie~ a posltlv~ slgn~l 21 to a ~econd lnput of the AND invert circui~. 128. Accordlngly, 22 ~t the trailing edge of the third oscillat~r pul~e, a 23 poslti~e ~iqnal i~ applied from inverter 104 to render the 24 AND invert ciruit 128 effect~e to apply B neg~ive pul~
on the ~}L line having ~ duration of 125n~. The tr~lllng odge 26 of ths third oscillator pulse i5 al~o effective via the inver~r 27 106 to apply a negative pulse to re~et the latch 122. ~he 28 le~dlng edge of the four~h o~cillator pul~e is effective, 29 vi~ the inverter3 104 and 106, to re~et the fllp-flop 110 30 which returns the rlng coun~er back to it~ initlal condltion.

~I9770~g -92-1 The flip-flop 110 in being reset appl~e~ a posit$ve slgn~l to 2 one ~nput of the AND invert circuit 120 an~ after a delay 3 provlded by the ~nverters 112, 114, 116 an~ 118 to render the 4 AND lnvert clrcu~t 120 effectivQ to apply a nQgative Jlgnal on the -C line. At the end of the fourth osclllator cycle, th 6 clock 100 ~8 back at the init~al cond$tlon to repeat the generatlon 7 of the v~rious clock pulses in succes~ive phase tlm~ as ~ho~n 8 ln Flg. 25.
9 ~NUAL WF~TE MASTER K~Y (WMX) OPERATION
The write master key operatlon consls~s of manually 11 wrlting 16 half-bytes ~4 bits~ constltuting the master key lnto 12 the m~ter ~ey (MK) memory via 4 bit lines. Enable wrlte 13 (EW) and manual write (MM) swltches are providea to inltlall~e 14 and control the 16 cycles needed for loadlnq the l~dlvldual half-byte~ into the MK memory. Blt switchc~ are also 16 provlded for producing the binary coded nu~ber~ O through F ~lth 17 all output~ be~ng low for O and hlgh for F. ~he m~ster ~ey 18 is pr~-gon~rated, ~n a random manner, as 16 hexadeclmal numb r-19 to be wrltten ~nto the 16 locatlons of the MK memory. ~ho following is a generalized step-by-~tep pro~edure of manually 21 wrltlng the mastQr ~ey into the MK me~ory.
22 Step 1: Set the EW switch to the on or en~ble wrlt-23 maJter ~ey ~EWMX~ pos~tion.
24 S~ep 2: Press the MW switch once to reset the MK m~mory address counter to O an~ to overwr~te the master key 26 presently stored ln the MK memory.
27 Step 3: Set the bit swltches to the half-byte to bo 28 written into the `lK memory location 0.
29 Step 4: Pre~s the IW switch once.
St~p 5: Set the bit switches to the next half-byte to X~9770~9 -93-1~2~8~2 1 b~ writton into the next ~ucceeding locatien of tho i~ m~mory.
2 Step 6: Pres~ the MW push button once.
3 Steps 7-34: Repeat Step~ S and 6 in succesJ$on untll tho 4 la~t half-~yte has been written into the la~t location of th S M~ memory.
6 Step 35: Set the EW switch to the off position.
7 At any time during the execution of this procedure, ~ i 8 when thore is uncertainty that it has beon corr~ctly don~
9 ro~t~rt can be accomplished by doing Step 35 and ~eginning again with Step 1.
;11 Referring now to Pig. 26cl and the timing diagram of Flg.
12 27, a mor~ detailed description of the manual WMK operation 13 will be given in th~ following. To initiaue thi~ operatlon, -;~
14 th~ EnablQ Write ~EW) ~witch, which may bo a SPDT ~witch actlv~t~ ;
by a phy~ical key loc~ to prevent the key from belng changod by 16 unauthorized per~on9, 1~ ~et to the ON position. Followin~ thla, 17 the .~anual Write (MW) swltch, which may be a push-button 18 switch, may be pre~sed to the ~nwNo po~ition causlng a nogas1v~
19 pulse to be applied to turn on the MW latch 138. The latch 138 in being turned on applies a negativo ~ignal via th-21 -MW line to turn on the MK BUS SELECT latch 140 and the manual 22 writo half bytQ (MWHB) controi latch 154. The l~tch 140 ln 23 bolng turned on applies a positive signal t~ condltion the A~D
24 circuit~ 164 in Fig. 26dl for passing a half ~yt~ (4 ~t~) ~ro~ ~
tho ~it switches SWO-SWB. Whe~ the MW swlcch i~ released, ~t 26 return~ to the MMNC position causing a ne~ative signal to be 27 applied to reset the .~W latch 13B. ~he MW latch 138 in ~ing 28 re~et applle~ a positive signal on the -2nw line w~ich to~eth~r 29 with the positive s~gnal from the latch 140 ren~er~ the AN~
invert circuit 142 effective to apply a ~e~ative s~gnal to ~I977009 -94-112~31Z

1 turn on the ENABLE MAN RST latch 144. At ~1 timo of t~o 2 next clock cycle, a ~1 clock pulse toqetheJ with the positivo 3 slgnal now on the -~W line and a pos$tiva signal from the 4 latch 154 render the AND invert circuit 156 effective to apply a negatlve signal to the inverter 160 where it is 6 inverted to a positive ~ignal on the ~ ~ B llne. The poslt~ve 7 siqnal on the r~n~B llne is applied to condit$on the AN~
8 lnvert circuits 152 and 158. The AND inveIt circult 158 is 9 effective to maintain the positive signal on the MWBB llne untll the next ~1 time when a -~1 clock pul~e i~ applied to 11 decondition the AND invert circuit 158 causinq the posltlve 12 signal on the MWHB line to be terminated thereby provid$ng -13 1 m$crosecond po~itive signal on the MWHB line. The AND
14 invert circuit 152 i~ rendered effective b~ a p4 clock pul-e ln the present clock cycle for resett~ng the MWHB CT~$ latah 16 154.
17 Referring now to Fig. 26c2, the positive ~lgnal on thQ
18 t~W~B line ls inverted to a negatlve signal by lnverter 162 19 to decondition the AND circuit 380 causing a negatlvQ signal to be appl$ed to the -W EWABLE line and to decondition the 21 AND ~nverter 376 which, in turn, applies a posltiYQ slgnal 22 to the lnverter 378 where it is inverted to a negative 23 signal on the -t~ ENABLE line.
24 Si~nals on the -M E~tABLE and -W ENA8L~E lines ar~ u~ed 25 to enable the ~ memory for wr~ing and read~ng operatlons.
26 The rl~ memory 700 shown in block form in F:.gs. 26el ~nd 26e2 27 i~ a }S word by 4 b~t C~OS random acces~ m~mory (RAN) wh~ch 28 i~ used for storing the master key. The MK memory 7~0 i~
29 addres~ed by a 4-blt value on the addres~ l$nes -ADRl, -ADR2, -AD~3 and -ADR4 from the setting of the adæress counter Ki977009 9~

1 390 in ~ig. 26d2. When negative signals are applied to both 2 tho -W E.YABL~ and -M ENABLE linea, the information present on 3 the 4 blt input lines 0, 1, 2 and 3 i8 written into the Mg 4 memory 700 at the designated address. A t~an~istor switch 139 is provided in series with the -W ENABLE line to control 6 wPtinq into the ~IK me ry 700. The potential at the ba~e 7 of this switch i8 controlled by the ~etting of the EW ~witch.
8 According~y, when the EW switch is set on and a negative signal 9 i8 ~pplled to the -W E~A~LE line, the transistor 139 i~ turnod on to produce a negative signal on the -W ~NA~LB line to enabl~
11 writing into the MK memory 700 whereas when the EW switch 12 set OFF the transistor ~witch 139 i8 biased off cau~ing a 13 po~itive signal to be maintained on the -W ENABLE line to 14 prevent writing into the ?`~ memory 700. AddreQ~tnq of the

15 r~K memory 700 for reading is accomplished in the same manner

16 ~g that for writing. When a pos~t~e sign~l is applied to tho

17 -W ENABLE line and a negative ~ignal i5 applied to the -M

18 ENAB~E line, the 1nformation wh$ch was writ~en into the

19 de~ignated address of the ~.K memory 700 i~ read out in ~nverted form to the 4 bit output lines of the MK memory 700 21 an~ appl$ed to a ~uffer regi~ter consistin~ of the 4 ~hift 22 registers 702.
23 Referr~ng now to F~gs. 26c~ and 26c2, during ~3 time, a 24 po~itlve ~3L clock pulse together with posi~ive s$gnal~ fro~
th~ latches 144 and 146 render the AND invert c~rcu~t 148 26 effective to ~pply a negative signal to turn on the MU~Y ~ST
27 ~atch 150 whid2 remains set until the nex~ clock cycle when 28 a -~lL cloc~ pul~e i~ applied to reset lat~h 150 thereby providlng 29 a negatl~e ignal on the ~ Y ~S~ line from ~31 time ~o ~lL
time. m e ~AN ~ST latch 150 in being turne~ on applies a XI977009 -9~

1~2~812 1 negative signal via the -MU~I RST line to reset the latch l~C, 2 to decondition the ~ND circuit 382, and to turn on the ma~t r 3 key overwrite (~R OVW) latch 276 and the KEY INVA~ID latch 278 4 in Flg. 26c3. The AND circuit 382 in bein~ deconditlOnQd S effect$ve to apply a negative signal to the reset $nput~ of 6 the addres-~ counter 390 resetting the counter to an addres~
7 of 0. m e latch 276 in being set applies a negative signal 8 on the -M~ ovw line to decondit~on the AND circult 380 to 9 maintain a negative signal on the -W ENABL2 line durlng the entire period of the master key overwrite cperat~on. The 11 negative signal on the -MK ovw line i8 al8~ applied to 12 deconditlon the A~D invert circuit 368 wh~ch, in turn, appll--13 a positive signal to condition the AND invert circuits 370 14 and 374 durin~ the entire period of the ~tX overwrite lS oper~tion. Referring now to Pig. 26cl, at ~l time of the 16 next clock cycle, a -~l clock pulse is applied to 17 decondltion the AND invert circuit 158 and apply a posltive l8 signal to the inverter 160 where it i8 inverted to a 19 negative 8J gnal on the MWHB line which 19 maint~inea thereon for the balance of the overwrite operatton. The negati~e 21 5ignal i8 inverted to a positive signal and applied to one 22 input of the ~D invert circuit 376. Howe~ex, at this time, 23 namely, ~1 time, po~tive signals are main~ained at the lnput-24 to the AND invert circuit 374 which is therefore effectlve to apply a negati~e signal to the other input of the AND in~ert 26 c~r~uit 376 to maintain the AND invert circu~t 376 decondi-27 tioned despite the signal change on the MW~ ne.
28 As a result, the AND invert circuit 376 mainta~n~ a posltive 29 signal output therefrom until ~lL time whel. the -~lL clock pul3e i applied to decondition the AND invert c~rcu~t 374 RI97700g -97 112't~31Z

1 causing a po~itive signal to be applied to the AND invert 2 circult 376. Therefore, at this ~1 time, ~he AND invert 3 circuit 376 is rendered effective to apply a negative 4 signal to the STEP CTR line and to the inverter 2?8 where it 1~ inverted to a positive signal on the -M ~NABLE line.
6 ~t ~hould be apparent that from the time the aadress 7 counter 390 is reset to address 0, namely, at ~3L time, 8 until the present ~lL time negative signal~ are maintained 9 on both the -W ENA~LE and -M ENABLE lines ~o allow a 4 bit value to be written into the MK Memory 700 Lt address 0.
11 Referring now to Fig. 26dl, whatever the bit ~witches 12 SW0 to SW3 happen to be set at are applied a8 a hal~ byt~
13 value v~a the conditioned A~D circuits 16~ and OR lnvert 14 circuit~ 168 to the bit ~nputs of the ~K m~mory 700. For example, lf the bit swltch S~0 is set to the 1 po~ition, 16 a po~itlve s~gnal is applied to render the AN~ circuit 16~a 17 effective to apply a po~itive ~ignal to the OR invert 18 circuit 168a which, in turn, applies a negative signal a~ a 19 1 bit ~nput to the MR memory 700. If the bi~ switch SW0 18 ~et to the 0 position then a positive signal i8 applied a~ a 21 0 bit input to the ~K memory 700.
22 Returni~g now to Fig~. 26c2 and 26d2, tne negativo 23 ~ignal applied to the -STEP C~R line, at ~lL ttme~ iB
24 inverted by inverter 388 to a positive ~ignal and ~ppll~d vla the STEP CT~ line to step the addre~ counter to an 26 ad~re~3 count of 1 in preparation for writing the half 27 byte ~alue settin~ of ~witches SWO to SW~ into the next 28 locetion of the MK memory 700. AND invert cLrcuits 374 and 29 376 are connected in a latching arrangement ~uch that the negative ~ignal output of the AND invert circuit -~76 i~

KIg77009 -9B-112~1Z

1 effective tc maintain the .~N~ invert circuit 374 decondltlon¢d 2 after term1nation of t~e -~lL clock pul_e and thereby 3 maintain a po~itive signal input to the ~D invert circuit 4 376 whlch together with the positive signal from the invertor 162 ~due to the negative signal now maintained on the .~B
6 line) maint~in the ~D invert circuit 376 effactlve to 7 ~lainta~n a negative slgnal output thereof (~nd a positlve 8 signal on the -M ~ABLE line). ThiR cond~ tion will be 9 ma~ntained until ~3L time, when a ~3L clock pulse ~s applled to render the AND invert circuit 370 effect~ve to apply a 11 negative signal to now decondition the I~ND invert circuit 12 376. The ~ invert circuit 376 in being deconditioned 13 applies a pc~itive signal to the inverter 3'~8 where lt is 14 inverted to a negative signal on the -r~ ENABLE line. The positive signal output of the ~D invert cirou~t 376 will 16 be op~rative in the latching arrange~ent of A~D ~nvert 17 circuits 374 and 376 to maintain this siqnal output until 18 plL time of the next clock cycle when the -01L clock pul~e 19 i~ applied to dQcondition the r~D invert circuit 374.
Accordingly, a negative signal will be maintained on the 21 -1~ ENABLE line from ~3L time of the present clock cycle 22 which together with the negative signal m~lntained on the 2 3 -W ENABL~ l~ne, due to the AN~ circui~ 380 ~eing ma~ ntained 24 deconditioned by the i~K OVW latch 276, a}l~ws writing of the half ~y~e value -Rettin~ of the switches SWO to SW3 26 into the ;~K Memory 700 at address 1.
27 In a s~milar manner, each succeeding ~lL clock pulsa 28 will be effective to control stepping of t~e address counter 29 2gO to the next addre~s of the ~R memory 7~0 and each ~ucceeding ~3~ clock pulse will be effective to control KI977009 -g3_ 112~l~12 1 writing the half ~yte value ~etting of the swltches 2 SW0 to SW3 lnto the ;IK memory 700 at the next address. After 3 16 such operations, the master key previously stored ln the 4 MX memory 700 w~ll have been overwritten. Di~closure of the master key through unauthorized wrlting of trial 6 half byte~ in~o the ~ memory 700 is thwarted ~y this 7 overwriting operation of the previous}y stored master key 8 when the .MW sw~tch is first pressed.
9 Referring now to F1g. 26d2, when the address counter 390 steps to a count of 8 ~the 9th location ln MR ~emory 11 700) a negative signal from the -C8 output is applied to set 12 ths 16 STEP latch 404 which, in being set, applie~ a positive 13 signal to condition the A~D circuit 406. ~fter the 16th 14 half byte is written into the MK memory 700. the addresQ
counter 390 is a~ain stepped, at ~lL time, ~ack to an addres~
16 count of 0 and a pos~tive signal i5 applled via the -C8 17 output to render the A.~D circuit 406 effe-t~ve to apply a 18 positive signal to the inverter 408 where ~t is ln~erted to 19 a negative ~ignal on the -16 STEP line. T~e negative signal on the -16 S~EP line 1B applied to reset th~ ?~K OVW latch 21 276 in Flg. 26c2 which, in ~einq reQet, applles a positiv~
22 signal via the -~lK OVW line to ren~er the ~,~ circuit 380 23 efective to apply a positive signal to the -W ENABLE line 24 thereby inhibiting further wr~tlng into th~ MK memory 700.
The positiv~ slgnal on the -;~K o~W line ls also applied ~o 26 render the AND invert circuit 368 effective to apply a 27 negative signal to decondition the A~D invert circuits 370 28 ana 374 ~o that the -~lL and p3L clock pulse~ wlll have no 29 further effect. The ~ointly deconditioned AND invert circui~a 373 and 374 will jointly apply a positi~e conditionlng slgnal KI9770~9 -100-1124~i2 1 to ons input of the AND invert circuit 376 2 This completeQ the master key overwrl~e operatlon and tho 3 ho~t operator may now proceed to load the new m~ter k~y 4 into the MK memory 700 a half byte at a time, for 16 time~, S in order to completely load the 64 bit ma~ter key into the 6 MX me ry 700 Referring to Figs 26cl an~ 26dl the host 7 operator ~et~ the ~witches SW0 to SW3 ~ccording to the fir~t 8 half byte of the master key to be loaded Fo}lowing thi-, 9 th- MW switch ~et to the MWNO position causing a negative pulse to be applied to turn on the MW latch 138. The MW
11 lat~h 138 in being turned on applie~ a negative ~lgnal vla 12 the -MW l~ne to ~et the MWHB CTgL latch 154 which, i~ bsing 13 ~et, ~pplies a positive signal to one $nput of th~ AND
}4 invert clrcuit lS6 When the MW ~witch is released to the MMNC position, a negative ~lgnal i8 ~pplied to re~et the 16 MW latch 138 wh~ch, in being reset, applles a po~itive 17 ~gnal to a ~ecoDd input of the AND invert circult lS6 18 Th~refore, at ~1 time of ~he next clo~k cycle, a 19 ~1 clock pulse i~ applied to render the ANr~ invsrt clrcult 156 effectivQ to apply a negat~ve signal to th~ lnvert~r 160 21 where it i8 inverted to a positive signal ~n the MW~3 line 22 me poBitiVe signal on the MW~B line is applied to the 23 inverter 162 in Fig 26c2 where it is invert~d to a neg~tiv `
24 signal and applied to decondition the A~D circuit 380 wh~ch, in turn, applies a negat~ve ~gnal ~o the -W ENAB~E
26 llne The negative signal from the ~nverter 162 1~ al80 27 ~ppl~ed to decondttlon the A~D invert c$r~uit 376 wh~ch, ln 28 turn, applie~ a positive ~gnal to the ~nverter 378 where lt 29 i~ inverted to a negative s$gnal on the -M ENABLE l$ne Tho combination of negative ~gnals on the -W ~YABLE ~nd -M EN~BLE

Ki977009 -101-li24~3~Z

1 lines permi~s the first half byte of the new master key to ~e 2 pa~sed via the AND c$rcuits 164 in ~ig. 26dl and the OR
3 lnvert circuits 168 to be loaded into the MX memory 700 at 4 location 0. r~eferring now to ~ig. 26cl, at ~4 time, a ~4 clock S pulse in combination with the positive ~i~nal on the ~WHB
line renders the i~ND invert circuit 152 efiective to apply a 7 negative siona~ to reset the hlWHB CTRL latch 154 which, in 8 being re~et, applies a negative si~nal to decondition the 9 AND invert circuit 156. ~t ~1 timo of the next clock cycle, a -~1 clock pulse i8 applied to decondition the AND invert 11 circuit 158 which, in turn, appliefi a posi~ive si~nal to the 12 inverter 160 where it i5 inverted to a neg~tive signal on 13 the ~WHB line. The negative signal on the !~B liQe is 14 appl~ed to the inverter ~62 in Fig, 26c2 where it i8 inverted to a po~tive signal to render the AND cir~uit 380 effective 16 to apply a po~it~e signal to the -W ENABLE line to terminate 17 the wrlt$ng operatlon into t~e ~'K memory 7~0. ~he posit~ve 18 signal from the inverter 162 i8 al~o applied to render the 19 AND invert circuit 376, conditioned by the posit~ve ~ign~l output from the ~ND invert circuits 370 and 374, effective 21 to apply a negatlve signal via the -5TEP C~R line to the 22 inverter 378 where it is inverted to a pos$tive slgnal on 23 the -M E~A~LE line. The negative slgnal o~ the -STEP ~TR
24 ~ine i9 also in~erted by inverter 388 in ~ig. 26d2 to a posltive signal to step the addre~s counter 390 to 26 an address count of 1 in pFep~r~tion for writing 27 into the next location of the ~K memory 70~. Referring 28 now to Fig. 26dl, the ~it switche~ SW0 to ~W3 are 29 now set in accordance with the second half byte of the master key for loading into the ~IK memory 700. The .~IW

KI9770~9 -102-1 ~witch is again set and the circuitry operate~ in the same 2 manner a~ de~cribed above with respect to writ~ng the fir~t 3 half ~yte for wrlting the next half byte of the new mastor 4 key ana stepping the addre~s counter 390 to the next address. This operation ls repeated for a ~otal of 6 16 timRs in order to write the 16 half byte~ of thc ma~ter 7 key into the ~IK memory 7~0.
8 After the last half byte of the new master key i8 9 loaded into the MK memory 700, the EW ~wlt-h ln Fig. 26cl i~ switahed off to terminate the manual wr~te operation.
11 The EW switch in being turned off appl$es a negative signal 12 to reset the ~lK BUS SELECT latch 140 and to re~et the 13 ENABLE MAN RESE~ latch 144 which, ~n belng reset, applies 14 a negative ~lgnal to set the MAN RST CT~L latch 146 in preparat~on for the next time a manual wrii-e master key 16 operation is to be performed.

18 ~eferrlng now to Figs. 26al and 26a2, when an IO
19 operation i8 to be performed, a negative ~ignal i~ applied to the -IO taq line. The convention to be usQd in the 21 following de~cription~ are that all lines ~re down level 22 aative i.e. the active state i9 the presence of a negative 23 ~ignal and, in the case of data, a 1 bit i8 represented a~
24 a n~gative ~ignal and a 0 bit as a positive signal.
Information i~ received by the ~S~ on a -D~T~ ~US OUT and 26 may include addres~ informat~on, ccm0~nd ~nformation or 2 7 data to be proce~xed~ Taq signal~ are use~ a~ contro~
28 ~lgnal~ to ldentify the nature of the infoi~nation being 29 provided on the Data Bus. Thus, when an aa~ress is placea on the -DATA BUS OUT, a -~A signal ~s provided on the K ~ g ? ;7~l a ~ 3 ~

;., 1124~312 `

1 -TA tag line to identify the informat$on as being address 2 lnformation, when a co~mand is placed on the bu~, a -TC
3 signal is provided on the -~C tag line to ~dentify the 4 information as being a co~nand and when data is placed on the bus, a -TD ~ignal is provided on the -TD ta~ line to 6 identify the information as ~eing data. The -IO signal is 7 inverted to a positive signal by the invertsr 182 and appliQd 8 to one input of the ~ND invert circuit 190. At ~A time, 9 address information i~ received on the -DA~A ~US OUT and a -TA s~gnal i9 applied to the in~erter 184 where ~t 11 is inverted to a positive si~nal and applied as a second 12 input to the ~ND invert circuit 190.
13 The data security device can be person31ized to be 14 responsive to any one of 40 possible addresses. This ls accomplished by ~umperinq each of the 3 pis.s, J5, J6 ~nd J7 16 to either ~ound or +~v, and by ~umpering one pin JU to ~ny 17 one of five other~ J0, Jl, J2, J3 or J4. In the exa~ple 18 ~hown, the wiring is such that the DSD re~ponds to the 19 address lxxxx~10. ~he 8 bit address is pass2d viA the inYarter~
170 to the parity generator 178 which genexates a parity blt 21 which is compared with the parity bit rece~ved with the 22 address. If the generated parity bit is equal to the recel~od 23 parity bit a positive signal is applied via the PARITY GOOD
24 line to a third input of the ~D invert circuit lg0. Add~ionally, ~he per~onalized ~its from the jumper~ J5, J6 and J7 are 26 compared with the inverted ~ncom~ng bits o~ line~ 5, 6 and 7 27 by the exclusive OR and inverter combinationq 172 and 174 28 which produce positive signal inputs to the ~ND circult 176 29 if a match is found. The personalized bit on the JU ~umper ts applie~ as the remaining positive inpu~ to render the AND

KI97700~ -104-1~2g~8~2 1 circuit 176 effective for applying a positive signal to the 2 remaining intput of the AND $nvert circuit 190. Accordlngly, 3 if the personalized addre~s having gqod pa:ity has beQn 4 detected, then the AND invert circuit 190 is rendered effectlve to apply a negative signal to set the SEL l~tch 192 and to 6 decondition the AND circuit 216 in Fig. 26bl whlch, in turn, 7 produces a -'~ALID B signal indicating a valid addres~ byte 8 presentat$on. The SEL iatch 192 remains se~ throughout the 9 I/O operation unless reset ~ubsequently by the occasion of a command error which will be described hereafter. The SEL
11 latch 192, in being set, appl~es a positive ~ignal via the 12 SEL line to condition the AND invert circuits 204, 206 ~na 13 208. ~eferring now to Fig. 26a}, at the end of T~ tlme, a 14 positive signal i8 applied to the -TA tag l~ne wh~ch i8 invorted to a neqative signal by in~erter 184 to decondlt~on the 16 AND invert c~rcuit 190. Accordingly, ~ND lnvert clrcult 17 }90 applles a positiv~ Qignal to render .~ND C2' rcuit 216 18 effectlve to terminate the negative ~ignal on t~e -VALID B
19 line.
~
21 At TC time, command information is received on the 22 -D~TA BUS OIIT and a -TC signal is provided to ind~cate thiR
23 cond~tion. The low order command bit (bit ;) spec~fles 24 the direction of the data tran~fer, ~.e., whether the I/O
operat~on i8 a read ~bit 7~}) or ~ write ~bit 7~0) operatlon.
26 ~eferring now to F~g. 26a2, the I/O command byte is passed ~7 v$a the inverters 170 to the AND invert c12cuit8 222 and to 28 the par~ty generator 178 where a parity bit is generated and ~9 compared with the parity bit provided with the command byte by the exclu~ive ~r laO. If ~he parity bit gener~ted by the ~I977009 -105-1124t3i2 1 parlty generator 178 is equal to the parity bit associated 2 with the co~and ~yte then the exclusive OR 180 provides a 3 positive ~ignal on the PARI~Y GOOD line as a second 4 input to the A~D invert circuit 206. The -TC signal is inverted by the inverter 188 to a positive TC ~ignal and 6 appl~ed to the remainin~ inputs of the ~ND invert circults 7 206 and 209. T~e ~ND invert circuit 206 is rendered 8 effective tc apply a negative signal via -TC SEL line to 9 the inverter 214 and to decondition the A~D circuit 216. The ~ND c~rcu~t 216 in being deconditioned applies a -VALID B
11 ~ignal to ind~cate that a valid command byte hss been 12 received. The inverter 214 in~erts the ne~ative signal to 13 a positive signal on the TC S~L line which is appl~ed to 1~ procedural error circuitry, which will be described hereafter, and to the other inputs of the A~D ~nvert circuits 16 222 in Fig. 2Ga2 to allow the ~/O command b~te to be loaded 17 into the com~and register 224. The positive signal on the 18 TC line in combination witll the positive ~ignal on the SEL
19 line render the ~ND invert circult 208, ~n Fig. 26bl, effectlve to apply a negative ~ignal to set the TC END
21 latch 210 which in being set, applies a positive signal to 22 condition the ~D circu~t 218.
23 Referring now to Pigs. 26b2 and 26b3, the command 24 and order codes of the com~and ~yte stored in the command re~ister 224 during TC time are decoded by a series of AND
26 invert circuits. ~its 4, 5 6, and 7 are decoded to produce 27 one of the ~even defined comma~ds descri~e~ in the section 28 DSD COM,~ ~S A~D ORD~RS. Thus, the Al~D invert circuit 226 29 decodes the PIOW data command (PIOW), th~ h~D in~ert circuit 232 decodes the set basic status co~mand ~ET BS~, the ~ND

KI~77009 -10~

11~4~312 1 invert circuit 238 decodes the reset ba~ic statuR command 2 (RST BS), the ~D invert circuit 242 decodss the read ba~ic 3 status conmand (RD BS), the ~D invert circuit 250 decode~
4 the reset adapter command (RS~), the ~D $nvert circuit 262 j decodes the PIOR data command ~PIOR~ and the .~ND inYert 6 circuit 266 decodes the WR DSD order command (WR DSD).
7 Detailed description of the operation of tl~ese command~ will 8 ~e provided hereafter.
9 In addition to the command code prov~ded by bits 4, 5, 6 and 7 ~n order code WXYZ is provided by the other four 11 bits, namely, bit~ 0, 1, 2 and 3 if the com~and i8 a WR DSD
12 command. ~rhus, ~its 0, 1, 2 and 3 of the order code are 13 decoded to produce one of the five previou~ly defined 14 cipher handling orders or one of the two p~eviously defined data processing orders. Accordin~ly, the ~ND invert circuit~
16 280 and 302 decode a portion of the cipher key handling and 17 data processing orders for ~W~K) and (ENC or DEC), respectlvoly, 18 the A~l~ invert circuit~ 288, 314, 324, 332, 340, 341 and 3~9 19 decode the cipher key handling orders (DEC~), (GRN), ~RFMK), ~RTMK), (E~IKl) and (EMX2), respectively. ,)etalled de~cription of 21 ~he operation of ~he~e order3 will ~e prov~dsd hereafter.
22 Referring now to Fi~. 26al, ~t the end of TC time, 23 positive signal ig applied to the -TC ta~ line which is 24 inverted to a neg~tive signal ~y the invert~r 188 and appli-d via the ~C line to decondition the AND invert circuit~ 206 26 and 208. Accordingly, deconditioned AND i~vert circuit 206 27 applles a positive signal to render AN~ c r~ui~ 216 effective 28 to terminate the negative signal on the -VALID B line. ~he 29 positiYe signal from deconditioned AND invert circuit 206 1 z~z 1 also applied to inverter 214 where it is in7erted to a 2 negative signal on the TC SEL line and applied to the 3 procedural error circuitry and to decondition the AND inv~rt 4 circuits 222 associated with the co~mand register 224 in Fig. 26a2. 'he deconditioned ~D invert c~rcuit 208 applleJ
6 a positive signal to render the ~ND circuit 218, condition0d 7 by the positive signal ouput of the TC End latch 2}0, 8 effective to apply a positive signal on th~ TC END line. `
9 If bit 7 of the decoded command code is a ~, indicating a read operation, then positive signals on the b~t 7 line ~nd 11 the TC END line are applied to render the AND invert circuit 12 220 effective to produce a -P ~Jalid signal to ind$cate that 13 the parity of the data byte to be sr~bseque~ly presented to 14 the -D~TA BUS IN i~ valid. This is so bec~use the VS3 alway~
provides correct parity for data bytes it applies to the 16 -DATA BUS IM for read type co~nands~ The po~itive signal 17 on the TC ENr~ line is also applied, in Fig. 26b2, to the 18 inverter 244, AND circuit 254, inverter 25a to control the 19 operation of the ~EAD BS, RS~ and PIO~ commands, respectively, and to AND invert circuit 356 in Fig. 26c4 to control the 21 command error detec~ion, all of which will be described in 22 greater detail hereafter.
2 3 OM~AND ERROR DETECTIO~
24 Referring now to Figs. 26b3 and 26c4 i~ one of the legal co~,.ands has been decoded, then a neyative signal i8 26 ~pplied to decondition either A~D circuit 35Q or ~D invert 27 circuit 352 to apply a positive signal to the L~GAL C~
28 line. ~he po~itive signal on the I.~.GAL C~1D line is inverted 29 by inverter 354 to a negative signal which is applied via the ~IO LE~AL C:~ line to decondition the ANr~ invert circuit KI~77009 10~

1 356. The AND invert circuit 356 in being deconditloned 2 applies a positive signal which has no effect on the CMD E~R
3 latch 358. On the other hand, if none of the legal command-4 are decoded, then the A~D invert c~rcuit 3~2 is rendered effecti~e to apply a negative signal to the inverter 354 6 wh~re it is inverted to a positive ~ignal and applied v$a 7 the NO LEGAL C;-~ line to condition the AND invert circuit 8 356. At the end of TC time, the positive signal on the 9 TC E~D line i~ applied to render the A~ in~ert circu$t 356 effective to apply a negative signal to set the ~D ERR
11 latch 358 which in being set, appl$es a negative 12 signal via the -Cr~5D E M line to reset the S~L latch 192 ~n 13 ~i~. 26al thereby deselect~ng the ~SD due to t~e comman~
14 error. ~eferring now to Fig. 26i2, the negative signal on the -C~ ~RR l$ne is al~o applied to ~et t~e machine check 16 bit latch 954 E ~it S) of the status reg$;ter 952.
17 SY~C TD
18 At TD time, a -TD signal is provided to indicate that 19 a data byte is present on the -DATA BUS OUT or that a data byte is on the -nATA BUS IN depending upon ~hether a wrlte 21 or read operation i8 to be performed. Addi~ionally, because 22 the cloak l00 may run asynchronously with ~espect to the 23 processor, it is necessary to provide a special timing 24 s$gna} for use during certain operations, this ~ignal belng called ~he SY~C TD signal. This s$gnal be~i~s at ~1 timc 26 of a clock cyc}e coincid$ng with or fo~lowing the beginning 27 o~ a TD time and lasts until ~1 t~me of t'le next clock 28 cycle. It then remains inoperative until ~he next occurring 29 TD time.
Referring now to F~g. 26al, at TD time. the -TD signal ~T977009 -10~-~24812 1 is applied to the inverter 186 where it is inverted to a 2 po~itive Tn signal ana applied in combination with a posit~ve 3 sign21 from the SYNC}I latch 196 to condition the ~ND inYert 4 circuit 19~. At pl time, a ~1 clock pul~e ~ appl~ed to S render the A~.~D invert circuit 198 effective to apply a 6 negat~ ve ~ignal to the inverter 202 where ~.t is inverted 7 to a pos~tive signal on the SY~C~I TD line. At ~4 time, a 8 ~4 clock pulse in combination with the positive siqnal on 9 the SYNC~ TD line render the AND invert circuit 194 effective to apply a negative signal to reset the SYNCH latch 196.
11 At ~1 time of the next clock cycle, a -~} ~iqnal is applied 12 to aecondition ~he AND invert circuit 200 eausing a positive 13 signal to he applied to the inverter 202 to ter~inate the 14 positive signal on the SY.~C~I TD line, the positive ~ignal 15 having been presen~ for a 1 usec clock cycle period. The 16 po~itive signal on the SY~C~ TD line i~ used to synchronize 17 the PIOW data and ~"~ DSD commands as will be ~escribed in 18 greater detail hereafter.
19 ~eferring now to Figs. 26al and 26bl, if the SEL latch 192 has not been reset by a command error, ~hen po~it~ve 21 signals on tlle SEL and TD lines are applied to render the 22 A~D invert circuit 204 effective to apply a negative signal 23 via the -TD S~L line to the inverter 212 an~ to decond~tion 24 the A~D circ~it 216 causing a -~AlID ~ signal to be produced indicating ~hat t~e ~SD was selected and a leqal com~and was 26 decoded. ~le inverter 2~2 inverts the negative ~ignal to a 27 positive ~ignal o~ the TD SEL line which is used to detenmine 28 whe~her there was a crypto engine data error during the 29 execution of a PIOR ~ata co~mand which will be described in greater detail hereafter ana for controllilg write error ~lZ4~312 1 detection which will be described in the n~xt sectlon.
2 ~eferring now to Fig. 26al, at the end of TD time, a 3 positlve signal is applied to the -TD tag line which i9 4 inverted to a negative signal by the inverter 186 ànd applied S via the TD line to decondition the ~D in~ert circuit 204.
6 The PuND invert circuit 204 in being deconditioned cau~es a 7 positive signal to be applied to the -TD S~L line which, 8 in turn, is applied to the inverter 212 ar.d to render the 9 AND circuit effective to terminate the negative signal on the -V~LID B line. The inverter 212 inverts the positive 11 signal to a negative signal on the TD SEL l~ne which i8 12 applied to decondition t~le engine error circu~try in 13 Fig. 26h3, to control circuitry in Fig. 26~2 for terminating 14 the operat~on of the SET BS or RST BS comm~nd3 and to decondition the write error circuitry in Fig. 26b3.
16 Following the end of TD time, the I0 operation ends 17 and a positive signal ~s applied via the -IO tag line to 18 the inverter 182 where it is inverted to a negative signal 19 to reset the SEL latch 192 and the I~R ERR latch 364 in Fig. 26c4. The SEL latch 192 in being reset spplies a 21 negative stgnal to reset the command register 224 in Fig.
22 26a2 to reset the TC END latch 210 which, in be~ng reset, 23 ~pplieg a negative ~ignal to decondit~on the AND circ~it 24 218 there~y terminating the positive signal on the TC EN~
line. The deconditioned AND circuit 21~ causes a negative 26 signal to be applied v~a the TC E~D line t~ deconditi~n 27 the AN~ ~nvert circuit 220 thereby termina~ing the negative 28 si~nal on the -P V~lid line. The command register 224 in 23 being re~et deconditions all of the decoder circuitry tn ~lgs. 26b2 and 26b3.

KI97700~ -111-112~

1 WRITE ERROR DE~ECTION
2 Referring now to Flgs. 26b3 and 26c4, if a legal commana 3 has been decoded, indicated by a positive signal on the LEGAL
4 C'ID line, and the command i8 of the write type, indicated by a posltive ~ignal on the 7 line, and if ~.he dAta bytQ on 6 the BUS IN ha~ bad parity, ~ndicated by a po~ltive sign~l on 7 the PARITY ~D line, then, at TD time, the pos$tlve sign~l 8 on the TD SEL line i8 applied to render th~ ~ND lnvert 9 circuit 362 effectlve to apply a negati~e s$gnal to set the WR ERR latch 364. This latch wlll rema$n ~et for the duration 11 of the IO operation or unti} the end of T~ time for ~ RST
12 command. ~he WR E~ latch 364 in being Qet applies a positive 13 signal to set the status bit 3 latch 954D in the ~tatus 14 reg$ster 952 in ~ig. 26i2 to record the fact that ~ write error wa~ detected.

17 If the DS~ ha~ been properly addre~sed ana ~elected ~n~
18 if the command byte specifies an order code not r~cognized 19 by th~ DSD, then this condition will be detected and the status b$ts 0 and 2 of the statu~ register set to ln~icate 21 this $11egal order condition. ~ore specifically, referring 22 to F~g. 26b2, if a W~ DSD OR~EX command i~ decod~d by the AN~
23 invert circult 266, a negati~e signal ls ~pplied to tho 24 inverter 268 where lt is inverted to a positive ~i~nal and applied vla ~he WR DSD ORDE~ line to condi~.ion the AND
26 circuit 270. ~t TD time, the po~iti~e sigral on the 27 SYNC~ ~D line i9 ~pplied to render the ~N~ circuit 270 28 effective to apply a po~itive ~ignal via the WR ORD TI~E
29 line to one input of the ~D invert cixcuit 348 ln FiqO
26b3. The other input~ to the AND invert circuit 348 are K~77009 -112-1~2~i2 1 the le~al order codes recognized by the ~S~. ~f none of 2 these order co~es occur, then positive signal~ are applied 3 to the remaining inputs of the ~ND invert oircuit 348 renderlng 4 it effective to apply a negative signal v~a the minu~ ILG
OR~ line to set the status bit 0 and 2 latches 954a and 6 954c of th~ status register 952 in Fig. 26i2.

8 ~ ~en~ral description of th$s operation will fir~t be 9 given followed by a more detailed descrtptlon. Provided Shat the ~W switch ha~ been previously set to tlle on position, 11 three latches are set when this order is decoded, namely, the 12 ~lK latch 274 in Fig. 2~c3, the ~ey invalid latch 278 and the 13 master key overwrite latch (-~W OVW) 276 in ~ig. 26c2. The mastQr 14 key overwriting function, which is provided to destroy the previou~ly stored contents of the ~tK memory 700, $9 accompli~h~d 16 by activating the write enable line, puls~rg the memory enable 17 line and st~pping the address coun~er 390 in Fig. 26b2. Whatev~r 18 happens to be present as bits 0, 1, 2 and 3 on the BUS IN
19 wlll ~e written into the rsK memory in all location~. Th~ MR
OVW latch 276 remains set for }6 microsecon~s and i8 rcset 21 after the 16th MK memory location has been overwr~tten. Th~r~ft x, 22 the actual master key is written with bits Q, 1, 2 and 3 from 23 the data ~ields in a series of 1~ PIOW data comm~nd~ wlth one 24 micro~econd write enable and memory enable signals being provlda~
for each SY~CH T~ time. The address counter 3~0 is stepped 26 at the conc~usion of each pulse. T~nere i~ no automatic termlnatlon 27 of the write ma~ter key order. .~fter the 1~th half byte has b~n 28 written into the :~K ~emory 700, a RST command must be is~ued 29 to reset the ~K latch 274 and regardless of whether the operatlon is under te~inal control or manual control the ~W switch mu~t KI977009 -1l3-1~2~12 1 be set to the off pos~tion. The key inval~d latch 278 i8 loft 2 set and no data can be processed until after a valid key is 3 ln3talled in the crypto engines by a DECK order. ~f 4 the ~ ~ order i~ $ssued while the EW switch is set in the off position, there is no action other than recording a 6 procedural error. The W~K order is perfoxmed inrequently 7 and i8 done only under phy~ically secure c~nditions, as the 8 master key ~ppears in clear form in the machine at t~is tlm~.
9 A more detailed description of the wr~te ma~ter key order operation will now be given and should be followed in con~un~tion 11 w~th the timing diagram of Fig. 28. After address selection 12 at TA time and loading of the command register 224 13 at ~C time, the com~and code i8 decoded by the AND inverter 14 circuit 266 in Fig. 26b2 to produce a negative signal which is in~erted to a positive signal by the lnverter 268 16 on the W~ DSD O~DER line thereby indicating the presence of 17 a WR DSD order command. ~rhe positive signal on the WR DSD
18 ORDER line Is appl~ed to condition the AND circuit 270. At 19 the same time, ~ portion of the order code i~ deco~st by tho AND invert ~ircuit 280 to apply a negative signal via the 21 -~ ~ DEC line to the inverter 282 where it is $nverted 22 to a po~ t~ve ~ignal and applied via the WMK l~ne to 23 one input o~ the ~ND invert circuit 272. ,~ pos~tiv~ ~gnal 24 on ~he -Y }ine per~onalizes this order a3 ~ WMK order and app~ied to a second input of the AND inv~r1 circuit 272.
26 ~eferring n~w to ~ig. 26cl, the ~W switch w~ll have previou~ly 27 been ~et to the on position, thereby perm~ttin~ a po~it~ve 28 ~igna~ from the +5V sourc~ to be applied ~s a third input to 29 th~ A~ inv~rt circuit 272 in ~ig. 2Ç~ t TD time, a positive signal is applied via the SY~CH T~ line to render the ~i24B12 1 conditioned A~D circuit 270 eff~ctive to apply a positive 2 signal via the t~R ORD TIME line to the rem;llning input of 3 the A~D invert circuit 272. ~ccordingly, the AND invert 4 circu~t 272 is rendered ef~ective ~o apply a negative s~gnal S via the -SET ~g line to ~et the l^~K latch 274 in Fig. 26c3 6 and to set the ~R OVW 276 in Fig. 26c2. The i~R OVW latch 276 7 in being set applies a neaative siqnal via the -MK OVW line 8 to decondition t'ae ~D circuit 380 and the Al~D inve~t c~rcult 9 368. ~he deconditioned AND circuit 380 applies a negative signal to the -W E~ABLE line to prepare the ?SK memory 700 11 for a writing operation. Tlle P~D invert circuit 368 in 12 being deconditioned applies a positive signal to conditlon 13 the ~JD invert circuit 370 an~ 374, in a mai~ner as previou~ly 14 described in the manual WMX operation, for producing the successive ~ignals on the -1 EN~LE line during the memory 16 overwrite operation. The W~ latch 274 rem~ins ~et for the 17 remainder of thi~ operation and applies a positive signal to 18 the W~K line and a negative signal to the -~ line. The 19 positive ~ignal on the W~IK line ic applied ~o condition the AND invert cixcuit 36~ in ~ig. 26c2 in pre~aration for 21 writing the new master key into the ~5R ~emory 700. The 22 negative signal on the -~K line is applied to ~et the 23 KEY ~VALID latch 278 which remains set for the remainder 24 of this operation and will ~e reset only after a valid key is installed in the crypto engines hy eithe~ a LKD or DECK
26 order, either of which will c~use a reset ~f this latch.
27 The nega~ive signal on the -WMK ~ine is al~o applied to ~8 decondition the AND invert circuit 298 ln Fig. 26c4 causi~g 29 a positive s~gnal to be ap~lied to the .~ QR~ line and via inverter 300 a negative signal to the -K OR~ indicating ~t~ 9 1i2481Z

l that a key order operation i8 being perfo~ned.
2 Referring now to ~ig. 26c2, at ~3L time, a ~3L clock 3 pulse i8 applied to render the ~D invert circuit 370 effective 4 to apply a negative signal to decondition the AND invert circult 376 which, in turn, applies a positive signal wh$ch 6 i8 inverted by the inverter ~78 to a nega~$ve ~ignal on 7 the -M ~NAaLE line. ~ccordingly, the presence of negative 8 signals on the -W E~ABLE and -~l ENABLE lines enables the MX
9 memory 700 for a write op~ration. Referring now to Flg. 26cl, since the l~ switch ha~ not operated, the .~W latch 138 11 remain~ re~et and likewise the !~lK BUS SELECT latch 140. The 12 ~K BUS SE~EC~ latch 140 in being in a reset state applie~ a 13 po~tive ~ignal to condition the ~ND circult~ lS6 and a 14 negative slgnal to decondition the AN~ c~rcuit~ 164 in Fig.
26dl. In thi~ ca~e, the half byte value 19 not takan from 16 the manual ~witche~ SW0 to SW3 but rather from whatever 17 happen~ to be present on the bit~ 0, 1, 2 ~nd 3 line of the 18 ~US IN which will now be written into locatlon 0 of tho M~
19 memory 700. ~eferring now to l~ig. 26c2, t~e po3itive ~ignal produeed by the AND invert circuit 376 i~ ~pplied to the AND
21 ~nvert circuit 374 the other inputs of whlch have pos$tive 22 ~ignal~ maintained thereon at this tlme causing a negative 23 ~ignal to be applied to the AND ~nvert circuit 376 to maintaln 24 the po~itive signal output thereof until ~lL time of the 2S nex~ clock cycle. At that time, a -pl~ cloc~ pulse 2~ ~ applied to decondition the ~ND ~nvert c~rcuit 374 whieh, 27 in turn; applies a po~itive ~ignal to render the AND circuit 28 37~ efective to apply a negative signal to the -STEP CTR
29 lina and to the inverter 378 where it i9 inverted into ~
pos~t~ve s~gnal on the -M E~ABL~ line. Tke negative slgnal RI9~7~0~ -116-- 112~12 1 on the -ST~P CTR line is inverted by the inverter 388 in 2 Fig. 26d2 to a positive signal which is applied via the 3 -STEP CT~ line to step the address counter 390 to an addres-4 count of 1 indicating the next location of the MK memory 700. In a si~ilar manner each ~uccessive ~3L clock pulso i~
6 effective to control the application of a n~gative signal on 7 the -M ENABL~ line to permit half byte value on the BUS IN to 8 be written into and overwrite the previous master key half byte 9 at that location and each succeeding -plL clock pulse i8 e~fective to contro~ the termination of th~ negative s$gnal 11 on the -M E2~ABLE line and to step the address counter 390 to 12 the next location as previously described in connection wl~h 13 the manual write master key operation. Similarly, when a 14 count of 16 is reached and ~le address counter 390 returns to an addr~ss count of 0, the negative siqnal on the -16 16 STEP line ls appl$ed to reset the M~ OVW latch 276 to 17 thereby terminate the .~tK overwrite operation.
18 ~ollow~ng the end of the IK overwrite operation, the 19 fir~t of 16 PIOW data commands-is provided to the DSD.
After address selection during the TA time and loading of 21 the con~and by~e in the co~nand register during TC time, ln 22 a manner pre~iously describe~, the AND invert circuit 226 in 23 F~g. 26b2 decodes this com~land and applie~ a negative slgnal 24 via the -PICW ~ATA DEC line to one input of t~e O~ invert circuit 230. At TD time, a positive signal on the SY~C~ TV
26 line is inverted by the in~erter 228 to a n~gative signsl to 27 ~he other input of the O~ invert circuit 23~ which, in turn, 2 a applies a positive si~nal to the PIOW DA~A line. The po~ltlve 29 signal on the PIO~ DATA line is applied to ~he AND in~ert~
circuit 366 in ~ig. 26c2 which in combination with the KI977009 ~117-1 positive signal on the MK line renders the AND ~nvert 2 circuit 366 effective to apply a negativ~ signal to de-3 condition the A~D circuit 380 and the AN~ i~vert 376 for the 4 period of the SYNC TD pulse. The AND cir~uit 380 in being S deconditioned applies a negat~ve signal to the -W ENA~LE
6 line. The AND invert circuit 376 in being deconditioned 7 applies a positive sign~l which ~ inverted by inverter 378 8 to a negative signal on the -M ENABLE line. ~he combinatlon 9 of negative Qignals on the -w E~AB~E and -M ENABLE lines permit the hits O, 1, 2 and 3 of the data field associated 11 with the PIOW command,.which is the first half byte of th~
12 new master key, to be written into location O of the MR
13 memory 700. At the end of SYNC TD time, ~ negatlve ~ignal 14 ~s applied to the SYNC TD line which is inverted by inverter 228 in Fig. 26b2 to a positive signal which renders the AND
16 ~nvert circuit 230 effective to apply a neg~tive signal via 17 the PIOW DATA line to decondition the A~ invert c~rcuit 366 18 in Fig. 26c2. Accordingly, ~ND invert circ~uit 366, in being 19 deconditioned, applie-Q a po~itive signal to condit~on ths AND circuit 380 and the ~ND invert circuit 376. ~he AND
21 circuit 380 in being conditioned applies a p~sitive signal 22 on the -W E~L~ line while the A~D invert ~ircuit 376 ln 23 being conditioned applies a negative signal to the -STEP CTR
24 line and is inverted by the inverter 378 t~, a posit~ve ~5 signal on the -r~ Et~ABLE ~ine. The po~itiv~ ~gnals on the 26 -W ~NABLE ~ND -M ENABLE lines inhib~t further writin~
27 operat~on~ into the ~IR memory 700, ~he negative signal 28 on the -STEP CTR line ~s inverted hy invertar 388 in 29 Fig. 2~d2 to a positive signal on the STE~ CTR Line to step the address counter 3~0 to an ~ddress coun~ of 1 representinq 1 ~ 2 -~8~2 1 the next address for the ~1K memory 700. In a sim~lar mann~r, 2 succeedlng negative signals on the -W ~NABL~ and -M ENABLE
3 l~nes are provided for succeed~ng SYNC TD times to wrlte 4 the succeeding half bytes of the new macter key into the MK
memory 700 with the address counter 390 be~ng ~topped at th~
6 conclusion of each succee~ing SY~C TD ~ignal.
7 After the sixteenth half-byte value has been written 8 ~nto t3~e ~IK memory 700, the W~K order operatlon ls completed 9 by setting the EW switch in .~ig. 2~cl to th~ off po~tion which, in turn, causes a negative signal to be applled 11 to decondition the AND invert circuit 272 i~ Fig. ~6b2 and 12 inhi~it the performance of any subsequent ~ K order operatlon I3 so long as the EW ~witch remains off. This concludes the 14 description of the W:~ order operation. ~o~ever, it should ~e noted that the ~tIC latch 274 in ~ig. 26c3 remains set 16 until such time as a RST command is is.qued to reBet thiB
17 latch and that thQ KEY INVALTD latch 278 al~o remain~ et 18 and no data can be processed until after a valid key i8 19 installed in the crypto engine by a DECK order as w~ll be de~cribsd in greater detail hereaftQr.
21 RESET ADA.PTER CO~ND OPERAq~I025 22 The execution of this command cause~ ~ RST signal to 23 be cr~ated ~rom the end of rc time until th3 end of I/O
24 operation. 1~his signal is used to reset a.'.l counter~, flip-flops and latches in the adapter and control section.
26 ~othing in the crypto engines are reset and the data field 2 7 a880ciated with tllis command is ignored. The same re~et 28 signal can also ba created by a discrete rP~et signal on 29 the -~ESET line fxom the I~O interface.
A more detailed descriptio~ of the re~et adaptex KI~77009 -119--1 command operation will now be given in con~unction with the 2 t~mlng diagram in Fig. 28. After the addre~s sQlection 1~
3 performed during TA time an~ the command byte is loadea into 4 the command reqister during the TC time, as previously de~crihed, the AND invert circuit 250 in F`ig. 26b2 decodes 6 tha RST command code an~ produces a negative s~gnal which 7 is applied to the inverter 252 where lt is inverted to a 8 positive ~ignal and spplied to one input of the AND circuit 9 254. At TC time, a po~itive signal on the TC END line is applied to render the AND circuit 254 effe-~tive to apply a 11 positive signal to the ~R invert circuit 256 w~ch, in turn, 12 applies a negative 9~ qnal on the ~ST line. A similar 13 operation may be initiated by a discrete negative ~ignal on 14 the -R~SE~ line from the I/O interface tn Fig. 26a2 whlch inverted by the inverter 248 to apply a po~$tive siqnal to 16 the OR invqrt circuit 256 which, in turn, appl~e~ a neg~tlve 17 signal to the -~S~ line. As mentioned ab~ve, this signal i~
18 used to reset all counters, flip-flops and latches in the 19 adapter and control sections that are not automatically reset by the cloc~ 100 or tag signals. If ~his command ~s 21 i~sued a~ter a ~K order command, then the neqatlve signal 22 on the -RST line i~ applied to re.set the ~IK latch 274 whlch, 23 in being re~et, appli~s a positive signa~ on the -WIR line 24 to render the AND invert circuit 298 in Pig. 26c~ effectivs to apply a negative signal on the K ORD line and via the 26 inverter 300 a positive si~nal on the -~ OR~ line.
27 INPUT/OUTPUT -I~NAGEM~NT AND CONTRO~S
28 ~efore proceeding to various order co~mand~ wht~h 29 involve the use of th~ crypto engine, a description will be given of thQ I~O management technique u~ed in the ~I977009 -120--3iZ
~., 1 .~S~ as well as some of t}le major control~ used $n such 2 management. ~eferring now to Figs. 26fl and 26gl, one of 3 the crypto engines is ~ own in block form and include~ a 64-4 bit $nput/outpu~ buffer re~i~ter divided into sn upper buffer register U~R 100 and a lowar ~uffer regi~ter LBR 150 6 of 32 bits each. The buffer register is used for both input 7 and output operations in a mutua~ly exclu21ve manner for 8 rec~iving an input bloc~ of data by a ~erie~ of 8 PIOW DATA
9 command~, ter~ed an input cycle or for producing an output ~lock o~ data ~y a series of B PIOR data c~mmands, termed an 11 output cyclc. During each input cycle, an 8 byte block of 12 input dat~ is ~r~tten into the ~uffer reqi~r on 4 ~r~
13 ~y-byte ba~1~ from the terminal memory and durlng each 14 output cycle an 8 byte block of output data is read from tho lS buffer reg~ster on a serial-~y-byte ba~is to the termlnal 16 memory. During the input cycle, each recei~ed byte is 17 parity chec~ed for odd parity over nine hit~ and during the 18 output cycle to each ~yte is appended a pa;:$ty bit to achleve 19 odd par$ty over nine ~its. Principal inpu~output control~
which are used for the I/O Management ~nclude~ an 21 input cycle latch 454 in ~iq. 26e3 whic~l is set by a PIOW
22 data command, except during the execution oA a WMK order 23 command, and remains set unti7 after 8 PIOW data com~ands 24 have ~een counted ~y a byte counter 448 in Fig. 26d4; ~2) an output cycle latch 464 in ~ig. 26e3 which ~s set by a 26 PIOR data co~and, hy the conc}usion of the input cycle 2 7 durin~ the LXD order operation or ~y ~e conclusion of the 28 deciphering process during the execution of the DEC~ order 29 operation, and remains set until after the 8 PI~R data co~-ilands have been counted or until after .3 ~uffer to key KI977~09 -121-112~812 1 register shifts have been counted by the by~e counter: (3) 2 a byte counter 448 which counts the number of shifts of the 3 buffer regi~ter as it is being loaded or u~loaded by PIOW or 4 PIOR data commands, respectively, or as a cipher key is S being tr~n~ferred from the buffer register to the ~ey reg~stert 6 and (4) a block counter 414 in Fi~. 26d3 which ls set at the 7 end of every input cycle and is reset at th~ end of every 8 output cycle.
9 CRYPTO ENGINE CONT~OTS
The crypto engine used in the present invention i8 11 si~ilar in detail to that shown and described in the ~fore-12 mentioned U.S. Patent No. 3,598,081. One dlfference between 13 the englne shown in the aforementioned pate~t and that in 14 the present invention is that in the aforem~ntioned patent the crypto engine is provided w$th ~eparate input and output 16 buffer reqisters whereas in the crypto englne of the pre~ent 17 inventlon a ~ingle input/output buffer register i8 provided 18 and u~ed, in a mutually exclusive manner, Eor input/output 19 operations. However, while there is a difference in de~ign deta~l between the prev~ous and the pre~ent crypto enqine, 21 the algorithm performed by both lg identical. Add~tionally, 22 ~he crypto engine of the aforementionsa patent d~sc~ose~ how 23 the bas~c encipher~decipher operations are performed with 24 the cipher key being loaded direc~ly into the key regist~r ag a working key whereas, in the present ir.vention, in 26 addi~ion ~o ~eing loaded directly ~nto the key reg~ster from 27 the MK memory 700, it i5 a}~o loaded a~ a workin~ key into 28 the key register via the ~nput/output buffer register when 29 th~ cipher key is provided from the host memory during ~
DECX operat~on. The detail~ of these modiftcations of the ~I977~09 -122-i2 1 prior crypto engine are shown in Fig. 29a to Fig. 29c 2 and correspond to Figs. 3a to 3d of the aftorement$oned 3 patent with the notations u~ed being identlcal for both 4 except for the lines labeled ER and LBR which correspond to line~ labeled LB and IBT in the aforeme~tloned patent.
6 ~he various control signal~ u~ed in the cr~pto engine 7 and their function will be generally described in the 8 following and the operation of the modified crypto engine 9 will be de~cr~bed in con~unction with the d~talled descrlption~ of the various command operat.ions which 11 will ~e de~cribed hereafter.
12 Load Input ~uffer (LIB) - This ~ignaJ. is u~od for 13 loading and unloading the buffer reg~sters U~ 100 and LBR
14 150. During an input cycle, this signal cau3es a data byte presently on the BUS IN to be latched in an~ simultaneou~ly 16 shlfted ~n the buffer registers. After elght such actlons, 17 the loadi~g opera~ion i8 complete. During hn output cycle, a 18 data ~yte i~ outputted, after wh~ch thi~ signal cau~e~ the 19 buffer registers UBR 100 and LBR 150 to be ~hifted in preparatlon for outputting the next data byte. After eigh~
21 ~uch action~, the unloading operat~on ~ con~plete.
22 Load Key Register From Buffer (~KB) - Thi~ ~ignal i8 23 es~antially $dentical to the LIB signal ~n;t t~ produced 2~ ~uring the output cycle of LKD or DECK ope:ation~ cau~ing the buffer regi~ter outputs to be latched $nto the ~ey 26 regi~ter3 UXR 350 and L~R 400.
27 Loaa Data Rsgister (~DR) and End of La~t ~ound (ELR~ -28 Th~e sign~ls are simultaneously produced from the same 29 source w~th LDR causing the content of the buffer regi~ter V~ 10~ and LBR 150 to be tran~ferred to the data regi3ter~

~2413~2 1 UDR 200 and LDR 250 and ELR causing the contents of the data 2 registers UDR 200 and LDR 250 (via the c~pher function 3 clrcu~t~) to be transferred to the buffer registers UBR 100 4 and LBR 150, the simultaneous action constituting a ~wap of the contents of the buffer and data regi~tQrs.
6 Engine Busy ~EB) - This control signa~ is produced 7 during actual data ciphering operations ana occurs from the 8 end of the $nput cycle to the end of the l~st of the 16 9 rounds of the c~pher function.
End of Round (ER) - This signal i~ used to l~tch up 11 the ~ntermediate results of each round in the data register~
12 UDR 200 and LDR 250.
13 End of Round 16 (ER}6) - This signal 19 used to latch 14 up the final result output of the cipher fvnction circuits to the lower data reglster LDR 250.
16 Lo~d M~ster Key (LDK) - Thi9 signal ca~ses th~ cont~t~
17 of the MK memory buffer 702 to be latched into th~ ~ey 18 reglster~ UKR 350 and LKR 400.
19 Shift Right (SR), Shift Right and Recixaulate ~SRR) and Sh~ft Left (SL) - The SR ~ignal is used to sh~ft the ~ey 21 regi~ters UX~ and LRR 400 to the right when a c~pher key 22 ~B belng loaded from either the MK ~emory 700 or the buffer 23 regi~ters UBR 100 and L~R 153. The S~R signa~ configure~
24 the key regls~er UKR 350 and ~ 400 into ~wo recircul~tin~
right ~hifting reglsters. vuring the declp~er proce~s, th~
2 6 SR and SRR control ~ignals cause the key r~gi~ters to ~e 2 7 shifted to the r~ght. During the encipher operat~on, the 28 SL control ~ignal conf~gures the key registers UKR 350 ~nd 29 LRR 400 ~nto two recirculating left sh~fting regi~t~rs wh$ch are ~hifted to the left.

1124~

1 DECIP~ER KEY O~DER OPERATION
2 The funct~on of this operation is to ~ecipher an enclpherod 3 operational key and then load the operational key in 4 clear form as the working key in the key regi~ters of the crypto Qngines for subsequent data processing oper~tions.
6 When the order code specifying thls order i~ decoded, a 7 decipher key ~DECK) latch ~s set, a load m~ster key ~LMR) 8 latch i8 set, the key invalid latch i8 reset (havlng been 9 ~et and rem~n 6et by ~ prev$ous WMX order command lf tha~
command preceded the present one) to permlt dat~ to be 11 sub~equently proce~sed since a new worklng key $8 to be 12 wrltten lnto the key registers of the crypto englnes by the 13 pre~ent operation and an encipher ~ENC) latch is reset ~o 14 that the process$ng mode is set for a decl~her operatlo~.
With the L~K latch set, the contents of the MK memory i~
16 cau~ed to be read out and transferred, a byte at a tlme, to 17 the crypto engines. The master key is par$ty checked, a 18 byte at a time, ~nd loaded as a working key directly lnto 19 the key registers of the crypto engines. Concurrently wlth ~or after) losding the ms~ter key into the key regi~tors, a 21 series of 8 PIOW commands are received wlth the data fl~ld~
22 a~sociated with the comm~nds, con~tituting the enciphexod 23 operationa~ key to be deciphered under contro} of the ~a~ter 24 key, belng ~oaded into the buffer register~ of the crypto engine8 . The first such comm~nd ~nlt~ate~ an input cycle 26 and a byte counter count~ each such command received. After 27 the 8 P~OW commands have been rece~ved and the 8th byte 28 wr$tten into the buffer registers, then, at the 8th count, 29 ~he $nput cycle end~, the enciphered oper~tion~l key i~

XIg77009 -1~5-112'~12 1 tran~ferred from the buffer registers to t~e data registers 2 of the crypto eng~nes, a block counter i8 ~et and the crypto 3 engine~ start a decipher operation which $8 indicated by 4 the generation of an engine busy signal. At the end of the s decipher operation, the operational ~ey, now in clear form, 6 i8 loaded into th~ buffer reglster~ of th~ ~rypto engino~ -7 and an output cycle is started. During the output cycle, 8 tho buffer register~ and the key registers are ~h~fted ln 9 ~ynchroni8m, once for each clock cycle, cau~ing the operatlonal key pre~ently in the buffer registers to be ~hifted into the 11 key regi~ters. During this transfer, the byte counter 12 count~ the clock cycles and after the ath count, the output 13 cycle end~, the block counter ls reset and the DECR latch 14 $9 re~et to end the operation. Any attemp~ to read the contents of the buffer registers whi~e the ~perational key 16 i8 pre~ent in clear form w$11 be detected and cAu~e a 17 procedural error a~ will be descr~be~ in g-eater detail 18 hereafter.
19 A more detailed description o the decipher key operation will now be g$ven in con~unction with the timing d$agram~ of 21 F$g~. 30a-30c. After addres~ selection at ~.~A tlm~ and loadlng th-22 command byte into the ~ommand register at TC time, the cammand 23 code i~ decoded by AND invert clrcuit 266 ~n Flg. 26b2 to 24 produce a negative signal which i8 ~nverted ~y inverter 268 to a po~tive s~gnaI on the W~ DSD ORDER ~ne thereby ind~cating 2~ the pre~encff of a WR ~SD order command~ At the same time, 27 th~ order ~ode i8 decodea by the AND ~nvert circuit 288 to 28 apply a negative signa~ via the -DECK DEC line to the inv~rter 29 290 where it i~ inverted to a positive 8ignal and applied to one input of the AND invert circuit 292. Pt TD time, a 1124~12 1 positive signal is applied via the SYNCH T~ line to render 2 the ~ND circuit 270, conditioned by the positive ~ignal on 3 the WR DSD ORDER line, effective to provide a positive 4 ~ignal on the W~ ORD TI~IE line which is applied to the remaining input of the AND invert circuit 292 to render ~t 6 effectlve to produce a negative signal on the -SET DECR
7 lin~. The negative signal on the -SET DEC~; line is applied 8 to ~et the DECK latch 296 in Fig. 26c3, to reset the key 9 invalid latch 278, to set the LMR lstch 566 in Fig. 26g4 and to decondition the AN~ invert circuit 368 in Fig. 26c2. Tha 11 AND invert circuit 368 in being decondition~d appl$e~ a 12 positive signal to condition the AND inve~ circuits 370 and 13 374 whlch wl~l be used for controll~ng a .~; memory readout 14 as will be de~cri~ed hereafter. The ~ tch 566 in being set applles a negAtive signal via the -L~X l~ne, in Pig. 26c2, 16 to maintain the AND invert circuit 368 decond~tioned and 17 ther~by maintain the AND invert circuits 370 and 374 condlt$oned 18 while the ~MX latch remains set i.e. during the MK memory 19 read out time. ~eferring now to Fig~. 26c~, 26c4 and 26dS, the ~ECX latch 296 in ~eing set applies a negative ~lgnal via 21 the -DECK line to decondition the AND inver~ circuit 298 22 which, in turn, appl~e~ a positive signal on the X O~D l~ns 23 and via inverter 300 a negative ~ignal on the -K O~D line 24 thereby providing indications that th~s is ~ key order operation. The negative ~ignal on the -~ 0~ line i~
26 applled to ~eset ~he ENC }atch 312. Since DEC~ latch 296 i~
27 ~et, a posi~i~e DECK signal i8 applied to 0~ inYert circu~t 28 492, re~et~ing SPEC ENC latch 494. The E~C latch 312, ~nd 29 SPEC ENC latch 494, be~ng reset, apply a negative signal v$a OR circuit 522 to the E~C line which, in ~ig. 26g3 is inverted KI9770~g -127-- \
t312 l to a positive signal by the inverter 546 to provlde a 2 posltive signal on the DEC line indicating a decipher mode 3 of operation.
4 Referring now to Pig. 26c2, negati~e ~tgnals are applled to the inputs of the AND invert circuit 36~ and a negAtive 6 ~ignal ~s applied to the inverter 162 both cf wh~ch c~u~e a 7 posltive Qignal to be applied to one input of the AND c~rcu~t 8 380 and to cond~tion the AlND invert circui~ 376. Addit~onally, 9 ~he M~ OVh' latch 276, presently in a rese~ state, causes a positive ~ignal to be applied via the -~K W W line to th-ll other input of the AND circuit 380 rendering it effectivo to 12 app~y and maintain a positive ~ignal on the -W ENABLE llne.
13 At ~3~ time, a ~3~ clock pulse is applied to render the AN~
14 lnvert circuit 370 effective to apply a ne~ative pul~e to decondition the AND invert circuit 376 which, in turn, 16 applie~ a positive signal to the ~nverter .'78 where it is }7 inverted to a negative signal on the -~I E~ABLE line. The 18 pos~tlve si~nal on the -W ENABLE }~ne toget}.er with the no~
19 negative signal on the -M ENABLE line are effect~ve to cau~e the f~rst half byte at location 0 of the MX MEMO~Y 700 to ~e 21 read out. At ~l t~me of the next clock cycle, a ~1 cloc~
22 pul~ is effective to shift the half byte .'nto the shift 23 registers 7U2 ~n F~g. 26el. Referring now to F~g. 26c2, at 24 ~lL time, ~ -~7L cloc~ pul~e i8 applied to ~econd$t~on the Z5 Al~D ~nver~ circuit ~74 which, in turn, applies a positive 26 signal to ren~er the AN~ ~nvert c~rcuit 376 effect$ve to 27 apply a negative signal to the -STEP C~ ne and to the 28 inverter 378 to apply a po~itive signa1 on the -M ENA~LE
29 line. The negative signal on the -STEP C~R line ~g appllod to the inve'ter 388 where it is inverted to a po~ltive XI9~7009 -l~8-~2~

1 signal to step the addre~ counter 390 to an addre~s count 2 of 1 and cause a pos~tive signal to be provided on the Cl 3 line. At ~3L time, a ~3L clock pulse is aga~n applied to 4 render the ~ND invert circuit 370 effective to initiate productlon of a negative ~ignal, via the AND invert circuit 6 376 and the inverter 378, on the -LVS E~A~LE line. The 7 positive ~ignal on the -W ~NABLE line in combinat~on with 8 the negative signal on the -M ENABLE line i~ again effec~ve g to cau~e the next half byte at location 1 of the MK momory 700 to be read out. At ~1 time of the next clock cycle, a 11 ~1 clock pulse i8 effective to shift the next half byto into 12 the first stages of the shift register 702 and to shift ~he 13 previous half byte read out of the ~.~Y~ memory 700 to the 14 second stages of the ~hift registers 702. A~ a xesult of this ~ction, the first full ~yte of the cipher key i8 now 16 ~tored ln the ~hift regi~ter~ 702.
17 Roforring now to the AND invert circuit 568 in Ftg.
18 26g4, a 01 D~L clock pulse in combination with po~itive 19 ~ignal3 on the C~, -STEP CT~ and L~ line~ ~re applied to render the AND invert circuit 568 effecti~e to ~pply a 21 neg~t~.ve signal to set the LDK latch 570 whlch~ in being 22 set, applie~ a negative signal via the -LD~ line to decondition 23 the AND circuit 572 and to one input of the OR ~nvart 24 cirouit 576. ~he deconditioned AN~ circuit ~72 cau~es a ~5 negsti~e sign31 ~o be applied via the -SR ~ine to one ~nput 26 of the O~ invert circuit 574.
27 ~eforr1ng to the ANV invert circuit 3~4 in Fig. 26c2, 28 at ~lL time, a -~lL clock pulse i~ applied to decondition 2~ the AND invert circuit 374 cau~ing a po~i~;ive signal to b~
3~ appli~d to render the AN~ invert circuit 376 effectivo to ~I977009 -~29-1 apply a negative signal to the -STEP C~R line and via the 2 inverter 378 to a positive signal on the -~ E~ABLE line.
3 The negative ~ignal on the -STEP CTR line ~ 5 inverted by the 4 inverter 388 to a positive s~gnal to step the addre~s counter to an addres~ count of 2 and causing a negative 6 signal to now be applied to the Cl line.
7 Referring now to the OR ~nvert circu~ts 574 and 576 in 8 Fig. 26g4, at ~2 time, a -C clock pulse is applied to the 9 other inputs of the OR clrcu~ts 574 and 576 causing them to apply pos~tive signals vla the SR and LDK l~nes re~pectively, 11 to the control signal cable connected to the crypto engines.
12 The positive signal on the S~ line is also applied to the O~
13 invert circuit 606 in Fig. 26h4 causing a r,egative Qignal, 14 delayed by delay circuit 608, to be applied via ~6~ line to lS the control signal cable.
16 Referring now to the crypto ~ngines in Fig. 26gl, the 17 po~ti~e signal on the LDK line is applled to conditlon the la AND circuit 807 to permit a par~ty check to be made of the 19 first byte of the cipher key stored ~n the shift regi~ters

20 702 to be checked for a parity error. The po~itive signal~ :

21 on the S~, LDR and LDX line~ are applied ~g control slgnal

22 input~ to the key register~ UKR 350 and ~XR 400 ~o ~hift tho

23 key reg~9ter and allow the f~r~t byte of the c~pher key,

24 pas~ed ViA the P box 300, to be latched into the key register-.
Referring now to F~g. 26c2, at ~3L t~me, a ~3~ clock 26 pu~8e ~ again appl~ ed to render the AND l~vert c~rcult 370 27 effective to in~t~ate product~on of a neg~tive ~ign~l on 2a the -M ENABL~ l~ne to permit the third half byte to be read 29 out of the MK memory 700 from location 2. Referring now to Fig. 26g4, at ~1 time of the next cloc~ cycle, a -~1 cloc~

XI977009 -13~-li2~8i2 1 pul~e i8 applied to reset the LDK latch 570 to inhi~it 2 product~on of the control signals for the crypto engine 3 during this clock cycle in order to permlt the next half 4 byte to be read out of the r~K memory 700 and ~hifted into the shift reg~ters 702 in Fig. 26el. Accordingly, referring 6 to F~g. 26el, at the same time that the L~K latch 570 is 7 reset, a ~1 clock pulse is applied to shift the next half 8 byte from the ilK memory 700 into the shift regi~tor~ 702.
9 In a ~m~lar manner, during each succ~eding clock cycle, a half byte of the cipher key is re~d out of the MX
11 m~mory 700 and shifted into the shift registers 720 and the 12 address counter 390 ~tepped to the next addr2s~ count.
13 After each second clock cycle, when a full ~yte of the 14 c~pher key i~ loaded into the shift regis~ors 720, control signals are prov~ded on the LDR, SR and LD.~ lines to parity 16 chock the cipher key byte and to simult~neou~ly shift the 17 previou~ly loaded byte one position to the r~ht and to 18 latch up the newly entered byte in the key reg$~ters in the 19 crypto engino.
Referring now to Fig. 2Sd2, when the ~ddross counter 21 3~0 ~teps to an address coun~ of 8 (the 9t1 ~ddres~ location), 22 a negative s~gnal i~ produced on the -C8 ~ine to set the 16 23 STEP latch 404 whioh, in being ~et, applies a positive slgnal to 24 one ~-npu~ of the A~D circuit 406. After the ~th byte i~ lo~ed into ~he key registers, the sddress counter 390 step~ from An 26 addre~ count of ~5 ~ac~ to an addres~ count of ~ (count of 16) 27 cauo~ng a positive signal to be produced on the -C8 line wh~ch 2~ pplied o condition the ~D invert cir~uit 402 and to tho 29 other ~nput of the AND c~rcuit 406. The AN~ ~ircuit 406 is rendered e~fective to produce a positive si~nal which is 112~

1 inv~rted by inverter 408 to a negative signal on 2 the -16 STBP line to re~et the LMg latch 5~6 in Fig.
3 26g4. The LMX latch 566 ~n being rQset ap~lies a negative 4 ~ignal vla the LM~ to ~econdition the AND 'nvert circuit 568 and inhlbit further ~etting of the LDK latch 570 and further 6 production of crypto engine control ~lgnals on the LD~, SR
7 and LDK }ines. Referring to Fiq. 26d2, at ~4 time of the 16th 8 clock cycle, a ~4 clock pul~e 19 applied to rese~ the 16 9 ST~P latch 404.
After loading the ma~ter key into the key req~ters of 11 the crypto engines the fir~t of a serles cf 8 PIOW data 12 commands iR now received by the DSD and after addre~ ~election 13 at TA time and command loaaing into the command register at 14 TC time, the AND lnvert circuit 226 in Flg. 26b2 decode~
thl~ command causing a negative signal to he applied to on~
16 input o~ the OR invert circuit 230. At TD ~.ime, a positive 17 ~ignal on the SYNCR TD line 18 inverted by inverter 228 to a 18 negative signal to the other lnput of the OR lnvert circuit 19 230 whlch, ln turn, applie~ a positlve signal to the PIOW
d4ta line. The po~itive slgnal on the PIOW data llne 1 21 applied to the AND ~nvert circuit 426 in Flg. 26d3 which i~
22 pre~ently conditioned by a po~ltive signal on the -WMR line.
23 Accordingly, the AND invert circuit 426 ~s rendered effective 24 to apply a negative signa} to one input o~ the OR invert circult 430. At thi~ time, po~ltive ~ignals are maintalned 26 at the input of the AN~ ~nvert circuit 428 causi~g a negative 27 ~lgna~ to be app~ied to the other input of the OR in~ert 2B circult ~30. The ne~ati~e sig~al inputs t~ the O~ lnvert 29 circuit 430 cau3es a positive signal to be applied via tho PIOW line to conditlon the AND invert circuit 431, to ~I977009 -132-1~2~Z

1 condition the A~D invert circuLt 444, in F~g. 26d4, and to 2 be applled to the inverter 596 in Fig. 26g3 where it is 3 inverted to a negative signal to deconditi~n the ~ND circuit 4 600 which, in turn, applies a negattve ~ignal on the -LIB
line to one input of the OR invert circuit 602. At -C t$m~, 6 a -C clock pulse is applied to the other input of the O~
7 ~nvert circuit 6~2. The negative signal inputs to the OR
8 invert circult 602 cau~es a positive signal to be appliad 9 via the LI8 line and the control line bus to the crypto engines and to the OR invert circult 648 ir. Fig. 26h4. The 11 OR invert circuit 648 i8 rendered effective to apply a 12 negatlve signal to the delAy circuit 650, wh~ch provideQ ~
13 250n~ time delay, and via the LIB line and the control line 14 ~u~ to the crypto engines. Re~errlng now to Fig~. 26fl and lS ~6~1 the combination of signal~ on the LrB and LI~ lines are 16 effect$ve to permit ~h~ data field associated w~h the f~rst 17 PIOW data command to be loaded from the BU~ IN via the P box 18 50 into the ~uffer registers UBR 100 and LBR 150 in each 19 crypto engine.
~eferring now to Fig. 26e3, at ~3L ti~e of the clock 21 cyclo, a ~3L clock pulse i~ appli~d to re~d~r the condltion~d 22 AND i~vert circuit 431 effective to apply a nega~ive ~igna}
23 to set the I~PUT CYCLE latch 454 to start -he ~nput cycle 24 operation. The I~PUT CYCLE latch 454 ~n be~ng set appl$es a ne~ative signal via the -IN CYCTE line ~o se~ the STA~T IN
2~ CYCLE END }~tch 530 which, in being set, appl~es ~ positive 27 ~ignal to one input of the I~ID ~nvert cir~uit 532. Referrin~
28 now to Fig. 26d4, at ~4 time, a ~4 cloc~ p~lse i8 applied to 29 render the conditioned AND invert circu~t 444 effective to apply a negative pulse to the STEP BYT~ C~ }ine, the po~itive lZ

1 trailing edge of which is effective to step the byte counter 2 4 4 8 to a count of one.
3 In a similar manner, succeeding ones of the dsta fiold~
4 associated with the series of 8 PI~W data c~mmands are loaded into the buffer registers ~1~R 1~0 and LBR 150 6 w~th the previous byte being simultaneousl~ shifted and 7 the byte counter 449 counting each such by~e received.
8 ~fter the 8th byte is written into the buffer registers, ~he 9 byte counter 448 steps from a count of 7 ~ack to a count of 0 causing a negative signal to be produced ~o set the COUNT
11 8 latch 450 which, in turn, applies a negative signal to 12 the -CT8 line. The negative signal on the -CT8 line is 13 applied to reset the INPUT CYCL~ latch 454 in Fig. 26e3 14 ~hereby ending the input cycle. The INPUT ~YCLE latch 454 ln being re~et applies a positive signal vi~ the -IN CYCLE
16 line to the Ai~D ~nvert circuit 41~ in ~i~. Z6d3. The comb~n~t~on 17 of po it~ve ~ignal~ on -I~ CYCLE and -OUT CYCL~ lines are 18 appl~ed to render the A~ID invert circuit 4~0 effective to 19 ~pply a negative signal to reset the COUNT 8 latch 450 in rig. 26d4 and i9 inverted by inverter 412 to a pO8~ tive 21 signal to set the BLOC~ COUNT flip flop 414 producing a 22 positlve signal on the -~hX0 line and a negative signal on 23 the -~LKl line.
24 Referring now to Figs. 26e3 and 26f3, positive signals on the -T~ ~YCL~ line and from the STA~T IN CYCLE ~ND ~atch 26 530 are applied to condition ~he A~D invert clrcuit 532. At 27 the nex~ ~1 time, the ~ invert circuit 524 is rendered 28 effective to apply a negative pul~e, from ~1 time to ~lL t~m~, 2g on the -~lfL line to inver~er ~26 where it is inver~ed to 8 po~itive pulse wh~ch ~9 applied via the ~1 DEL line to ~77009 -134-112~

1 render the now conditioned AND invert circuit 532 effectl~o 2 to apply a negative pul~e to qet the IN CYCLE END latch 534 3 which, in being set, applies a po~itive ~ignal to the IN
4 CYCLE END line.
~eferring now to ~ig. 26f4, the positi~e ~ignal on the 6 IN CYCLE END line is applied to the inver~r 622 where it i~
7 inverted to a negative signal and applied o decondit~on th~
8 AND circuit 626 causing a negative ~$gnal to be applied to sot 9 the START EB latch 628 and to the ~nverter 638 in Fig. 26g4 where $t ~s ~nverted to a positive signal and sppl~ed to tha 11 OR invert circu~t 640 wh$ch produces negati~e s~qnals on 12 the -ELR and -LDR lines. The negative signnl on the -ELR
13 line i8 applied to one input of the O~ invt,rt circult 642 14 and, $n pt~. 26c2 to decond~tion the ~ND c~rcu~t 3B2 csusing a negative signal to be applied to reset the counter 390 $n 16 Fig. 26d2 ~n preparation for th~s counter to operate BS a 17 round counter for the 16 roundR of operation of the cipher 18 engines. The negative signal on the -LDR l'ne i~ appl~ed to 19 one input of the OR invert circuit 644. A~ ~2 time, a -C
clock pulse is applied to the other inputs of the 0~ invert 21 circuit 642 and 644 causing positive signal~ to be applied 22 via the E~R and LDR lines, respectively, to the control 23 ~ignal cable connected to the crypto engin~s. The pos~ t~ve 24 s~gnal on the EL~ line is a~so applied to the OR ~nvert c~rcuit 648 causing a negative slgnal, del~yed ~y the 250ns 26 t~me delay circu$t 650, to be appl~ed via i_he LIB l$ne to 27 the control signal ca~le. The positive ~igral on the LDR
28 l$ne is applied to the OR invert circuit 652 causing ~
29 ~esative 8~ gnal, delayed by the 250n~ time delay clrc~t 654 to be appli~d via the LDR l~ne to the control slgnal cab~e.

g~977009 -13~-1 Referring now to the crypto engines in Fig. 26gl, tho 2 control s~gnals LDR and LDR are effective for parallel 3 tran~ferring the contentY of the buffer regis er~ UBR 100 4 and L~R lS0 to the data re~isters UDR 200 at~d LDR 250. The S control signal~ EL~ and LIB are effect~ve ~or causing the 6 content~ of the upper data reg1ster UDR 20ii and the lower 7 d~ta register LDR 250 ~via the cipher func~ion circuit~) to 8 be transferred to the upper buffer re~istar UBR 10~ and the 9 lower buffer register LBR lS0, the transfer to the buffer reglster~ being of no conse~uence at this t~me but will be 11 of consequence at ~he end of the 16th ro~n~ of operation of the 12 crypto engine~. At this time, with the enciphered operational 13 key pre~ently stored in the data reg~sters and the cipher 14 kay ~tored in the key regi~ters, the crypto engine~ sre now lS effective to perform a decipher function in a manner described 16 in detail in the aforementioned U.S. Patent NO. 3,958,081.
17 Refexence may be made to the aforementioned pstent for a 18 more det~iled de~crlption of the decipher unction.
19 A description of the mann~r in which ~he crypto ~ngine ~ontrol ~ignal~ are produced ~ill now be gl~en and can be 21 followed in conjunction with the timing diagram in Fig. 30.
22 ~eferring now to P$g. 26f3, at ~l/L time, a -pl/L clock 23 pulse i~ applied to reset the IN CYCLE EN~ latch 534 which, 24 in be~ng re~et, appl$e~ a negati~e signal ;.o in~erter 622 in Flg. 26f4, where it is ~nverted to a po~itive eigna} to be 26 app~ied to render the A~D circuit 626 effec~ive and together 27 with the po~t~ve signal from the set S~ART ~B ~atch 628 28 render3 the AND lnvert circui~ 630 effectiva to app~y a 29 negat~e ~ignal to ~et the ~B latch 632 indLcating the 8t8rt of the crypto operation. The EB latch 632 ~n b~ing ~et K~977004 -136-~l12~

1 applies a positive signal to the EB line and a negati~e 2 signal to the -EB line. The positive ~ignai on the EB llne 3 is applied to one input of t~e A~D ~nvert circuit 398 in 4 Fig. 26d2 and to condition the ~,R flip flop 384 in ~ig. 26c2 while the negati~e signal on the -~B line is applied to set 6 the START EB END }atch 612.
7 The cipher function is performed by repeating a product 8 cipher funct.ion 16 times, termed 16 rounds, wlth each round 9 being carried out in two clock cycles for ~ total of 32 clock cycles per cipher function. During each round, the 11 data contents of the upper data register U~R 200 ~s cipher~d 12 (in the present case deciphered) under con~rol of the contents 13 of the ~ey registers UX~ 350 and LKR 400 w~th the results 14 being added to ~le contents of the lower data reg~ter LD~
250 ~y modulo-2 adders 650-664. ~t the end of each round, 16 the outputs of the modulo-2 adders are parallel tran~ferred 17 to the upper data registers UDR 200 w~ile the contonts of 18 the upper dat~ r~gisters VDR 200 axe paraliel tranR~erred to 19 the lower data register LD~ 250 to form the argwments for the next round.
21 Xeferring now to Fig. 26d2, during t~e clpher functlon 22 operation the counter 390 functions as a r~und counter. The 23 round counter 390 is steppea every 2 cloc~ cycles from a 24 count ~alue of 0 to a count value of 15 providing a total count o~ 16 for the 16 rounds. Stepping of the round 26 counter 3~0 ~5 accompli~hed under control the ER flip flop 27 384 after ~eing ena~led by the positive si~nal on the ~
28 llne. Thu~, at ~1 time following the cond~.tioning of the ER
Z9 flip flop 384, a ~1 clock pulse i~ applied to set the flip flop 384 and at ~1 time of the succeeding clock cycle, a ~1 KI9770~9 -137--~2~312 1 clock pulse ~ again applied to reset the flip flop 384 2 whlch in being reset applies a negati~e sigr.al to invert~r 3 386 where ~t is inverted to a positive signal and applied to 4 8tQp tha round counter 390. Therefore, it should be apparent, S that the round counter 390 is stepped to th~ next count 6 every 2 cloc~ cycles. ~dd1tional}y, durinc the first cloc~
7 cycle of each round, E~ flip flop 3S4 being in a reset 8 state, appl~es a positive ~ignal via the -~k FF line to one 9 input of the AND invert circuit 400. The other input to the AND invert circu~t 400 is connected to a r~und CouDt decoder 11 con~isting of AND invert circuits 392, 394, 396 and 3g8 12 which i~ effective, while a positive signa~ i8 maintained on 13 the ~B llne, to produce a positive signal at the output of 14 the AND ~nvert circuit 398 when the round count is 0, 7, 14 or 15 and a negative signal at all other times. Thu~, 16 durinq the first clock cycle of rounds 0, 7, 14 and lS, the 17 comblnation of positive signals on the -ER ~'P l~ne and the 18 output of the ~ND invert circuit 398 will ~ender ~ND invert 19 c~rcuit 400 effective to apply a negative ~ignal on the C~
0, 7, 14, 15 line whexea~ during the first clock cycle of 21 all other rounds the negati~e signal ou~put of the ~N~
22 invert circuit 398 deconditions the .~ND invsrt circuit 400 23 causing a positive signa~ to be applied to the CT 0, 7, 14, 24 15 line. ~uring the second cloc~ cycle of eYery round, the ~ fl~p flop 384 is in a set state causing a negati~e signal 26 to be applied to decondition ~he ~ND invert circu~t 400, 27 which, in ~urn, applies a positive slgna~ to the CT 0, 7, 28 14, lS line. Thu~, it should be apparent, that a positive 29 signal ~s maintained on the CT 0, 7, 14, 15 l~ne during every round count except during the first lock cycle of ~I~7700~ -138--1~2~12 1 round count 0, 7, 14 and 15 with one exception, namely, 2 during the ~econd cycle of the round count i5 (16th round).
3 Thig i8 SO because of the fact that the ~ latch 632 ln Flg.
4 26f4 is re~et at the end of the first cloc~ cycle of the 16th round to terminate the positive signal on the EB line 6 and thereby inhi~it production of a positive ~ignal on the 7 CT 0, 7, 14, 15 line during the second clock cycle. Therefore, 8 a positive ~ignal is maintained on the CT n, 7, 14, 15 llne g from the beginning of the second clock cycle of round count 0 to the end of the second clock cycle of round count 6, 11 then from the beginning of the ~econd clock cycle of round 12 count 7 to the end of the second clock cycle o~ round count 13 13 and during the second cloc~ cycle of round count 14.
14 ~eferring now to the ~D invert circuit 548 in Fig.
~6g3, during the time that the positive signal i~ maintained 16 on the CT 0, 7, 14, 1~ line, that positive slgnal in combinat~on 17 with the poRitive si~nal on the ~EC line are applied to 18 render the AND invert circuit 548 effectlve for applying a 19 negative signal via the -S~ llne to one input of the OR
invert circuit 550 and to decondition the AND circuit 5~2 ln 21 Flg. 26g4. The AND circuit 572 in being decondltioned cause~
22 a negative signal to be applied via the -S~ line to one 23 lnput of the OR invert circuit 574. T~us, negative signals 24 are malntained on the -S~R and -SR line d~ring times corraspondl~g 'to the positive ~ignal ~aintained on the CT n, 7, }4, 15 26 line. Duriny each succeeding -C t~me, whlle such negst~ve 27 slgnals are mainta~ned on the -S.~ and -S~ lines, -C cloc~
28 pul~es are applied to the other input of the ~ lnvert 29 circu~ts 550 and 574 causlng pos~tlve signals to be app~led via the S~ and SR lines, respectively, to the control ~2~

1 s~gnal cable connected to the crypto engines. The positlve 2 8$gnal8 on the SR lines are al80 applied to the OR invert 3 c~rcuit 606 cau~ing negative signals delayed by delay circuit 4 608 ~o be applied via the ~DK line to the control signal S cabl~. Therefore, a total of 27 positive ~ignals are produa d 6 on the S~R, SR and LDK lines during 15 rounds of the cipher 7 function. ~eferring now to the crypto en~Jnes in ~ig. 26gl, 8 each combin~tion of positive signal3 on the SR, S~R and 9 ~g lines are effective for shiftlng the key register right one position. ~hus, with this key shifting schedule arrange-11 msnt the key registers are ~hifted twice each round except 12 during round count~ 0, 7 and 14 when the key reglsters are 13 shlfted once and during round count 15 whe~^e the key registars 14 sro not ~hl~ted at all as shown in the timing diagram of ~ig. 27.
16 Ref~rring now to the ~R flip flop 384 in Fig. 26c2, sinc~
17 tho ER fllp flop 384 is switched every clock cycle, a 18 negatlv~ signal is appl~ed to the -~R FF line durinq ~very 19 second clock cycle of each round except th~ last round.
~8 is so because of the fact that the ~B latch 632 in Flg.
21 26i'4 ls res~t at the end of the first clock cycle of th~
22 round count 15 (16th round) to terminate the pos~ t~ve signal 23 EB line and thereby inhibit ~ flip f}op 3~4 in Fig. 2~c2 24 from ~eing set during the second cloc~ cycle o~ the round count 15. ThQ succes~ve negative ~ignals on the -ER FF line 26 are applied to one input of the OR invert circuit 542.
27 Accordlngly, during every ~econd cloc~ cycl~ of a round, ~
28 -C clock pulse is applied to the other in~ut of the OR invert 29 circu~t 542 causing positive signal~ to be appl~ed on the ER
line to the control signal cable connected to the crypto K~9770~9 -140-11~4~Z

1 engines. Tlle positive signals on the ER li~e are al80 2 appl~ed to render the ~R invext circuit 652 in Fig. 26h4 3 effective to apply negative ~igna}s, delaye~ by a 250ns 4 delay circuit 6~4, via the LDR line to th~ c~ontrol signal S cable. ~eferring now to the crypto engine in Fig. 26gl, the 6 pos~tive signals on the ~R and LDR line are applied to the 7 upper and lower ~ata registers U~R 200 and IDR 250 at the 8 end of eac~ round and ar~ effective to cause the intermedi~te 9 result of the cipher function to be transferred from the output of the modulo-2 a~ders 650-664 to ~he upper data 11 register UDR 2nO while the output of the u~per data register 12 UDR 200 are transferred to the lower data register LDR 250 13 in preparation for the next round of the ci~her function.
14 Referring now to the ~D invert circui~ 624 in Fig.
15 26f4, at ~4 time of the first clock cycle of the round count 16 15, a ~4 clock pulse in co~ination with po~itive signals on 17 the Cl and 14, 15 line render the ~ND invert circuit effective 18 to apply a negative ~ignal to reset STAR~ ~B and ~ latches 19 628 and 632, respectively. The EB latch 63~ in heing re~et applies a negative ~ignal on the ~.B line to decondition the 21 ER flip flop 384 in Pig. 26c2 and a po~itive ~ignal on the 22 -EB line which together with a positive signal from the 23 S~AkT EB END latch 612 con~ition the A~D irvert circult 6i4.
24 At ~1 time of the ~econd cloc~ cycle o~ round count 15, a ~1 DEL clock pul~e is applied to render the AND invert 26 circuit 614 effecti~e to a~ply a negat~e signal to set the 27 EB END latch 616 producing a positive signal on ~he F.B END
28 line and a negative signal on th8 -E~ E~ }ine. The positiv~
29 signal o~ the EB E~ line i8 applied to cordition the AND
in~ert circ-lit 610 in Fig. ~6e4 and together with the positiv~

1 slgnal on the ~EC~ line to condition the ~lID invert circuit 2 618 and to render the AN~ circuit 636 in Fig. 26g4 effective 3 to apply a ~ositive ~ignal to the ~R invert circu$t 640 4 causing negative signals to be applied via the -ELR and -LDR
line to one input of the ~R invert circuits 642 and 644, 6 re~pectively. Tlle negative signal on the -EB END l~ne i9 7 applied to decondition the AND circuit 382 in Fig. 26c2, a causIng a negative signal to be app}ied to reset the round 9 counter 3~0 in Fig. 26d2 back to a count of ~.
~eferring now to Fig. 26g4, at ~2 time of the ~econd 11 clock cycle of round 16, a -C c}ock pul~e is applied to th~
12 other input of the OR invert circuit 642 and 644 causlng 13 positive signals to be applied via ELR and LDR l~nes to the 14 control signal cable connected to the crypto engines. The positive signals on the ~LR an~ ~DR line~ are al80 applied 16 to the OR invert circuits 648 and 652, resp~ctlve y, cau~ng 17 negatlve signals, delayed by delay circuits 650 and 654, to 18 be applied via the LIB and ~DR l~nes to the control signal 19 cable. ~ferring now to the crypto engine in ~ig. 26gl, th~
~ignal~ on the ELR and LIB lines and on the LDR ~nd L-6~
21 lines cause a swapping action between ~he data regi~ters and 22 the ~uffer registers as pre~iou~ly described. ~owever, the 23 ~ignificance at thi~ time is to transfer the contents of the 24 upper data register UD~ 20~ to the upper buffer regi~ter U~R
100 and to tran~fer tl~e output~ of the modulo-2 adder~ 650-26 664 to the lower buffer regi~er LB~ 150 so that the result 27 o~ the c~pner function, name~y, the operational key in clear 28 form is now stored in the buffer register~.
29 ~eferring now to Fig. 26e4, at ~4 time of the second c}ock cycle of the l~th round, a ~4 clock pul~e i5 appliQd -1~2~ 12 1 to render the A~D invert circuit 610 effective to apply a 2 negative signal to reset the START EB EN~ latch 612 in ~ig.
3 26f4. At the ~ame time, the 04 clock pulse is also applied 4 to render th~ AN~ invert circuit 618 in Fig. 26e4 effoctlve to apply a negative signal to the OR invert c~rcuit 62~ ~n 6 F~g. 26f4 where ~t i~ inverted to a positive ~ignal on E~
7 ~N~ L line. The positive signal on the r~B END L line is 8 app~ied to the AND invert circuit 619 the other inputs of 9 which have positive s~gnals maintained thereon so as to render the ~?.JD ~nvert circuit 619 effective to maintain a 11 negative signal input to the ~R lnvert 620 thereby latch~ng 12 the po5itive slgnal on the EB Er~D L line until a ~egative 13 ~gna~ is su~sequently applied to the -O~T CYCLE START ~in~.
14 ~he positive signal on tlle ~:B ~ D L line i~ al~o applied to lS condition the ~D invert circuit 45~ in Pia. 26e3. At ~1 16 time of the next clock cycle, a ~1 clock pulse is appliea to 17 render the ~JD invert circuit 458 effective to apply a 18 negative si~nal to ~et t~e ~UTPUT CYCL~ latch 464 producing 19 a po~itive signal on OUT CYCL~ line and a negative signal on the -OUT CYCL~ line thereby initiating an 3utput cycle wlth 21 the n~gative signal.on the -OUT CYCL~ line Deing applied to 22 set the START OUT CYCL~ ~ND latch 580. .~.eferring now to ~ Fig. 26g4, the positive ~ignal on the OUT CYC~E line to~eth~r 24 with a positive signal on the u O~D line render the ~D
invert circuit 5~8 effect~v~ to app}y a negative si~na} to 26 decondition the AND circuit fi00, to decon~tlon the AN~
27 circuit 572 an~ via the ~ B l~ne to one input of the O~
28 in~ert circuit 604. ~he deconditioned AND circuit 600 29 applies a negative signal via the -I,IB lir;e to one input of the OR invcrt circuit 602 whil~ the deconditioned ~ circu~t KI97700g -14~-il2~t~i2 1 572 applies a negative signal via the -SR line to one input 2 of the ~R invert circuit 574. ~eferring now to Fig. 26f4, 3 at ~l/L time, a ~l/T clock pulse is applie~ to reset the EB
4 END latch 616. ~efexring now to Fig. ~6g4, at ~2 time, a -C clock pulse is applied to the other in~ut of the OR
6 invert circuits 602, 604 and 574 causing them to be deconditlon~d 7 and apply pGSitiVe signals via the LIB, LKB and S~ lines, 8 respectively, to the control signal cable connected to the 9 crypto engines. The positive signals on the SR line is also applied to the OR invert circuit 606 in ~ig. 26h4 cau~ing a 11 negatlve signal, delayed by delay circuit 608, to be applied 12 vla the LDK ~ine to the control signal cable.
13 Referring now to the crypto engines in Fig. 26gl, the8 14 signals are effect~e to cause the buffer and ~ey regist~rs to sh~ft ~n synGhronis~ with a data byte being transferred 16 from the buffer regi.sters UBR 100 and LBR 150 to the key 17 regi~ters UKR 350 and LKX 4~0. P~eferrin~ now to ~ig. 26d4, 18 at ~4 tlme, a ~4 clock pulse in combinat~on with po~it~ve 19 sign~ls on the OUT CYCLE and ~; ORD lines are applied to render the AND invert circuit 442 effective to apply a 21 negative pul~e to the STEP BYTE CTR line, ~t the tra~llng 22 edge of which a posltlve signal is effective to step the 23 byte counter to a count of 1. In a s~milar manner to th~t 24 described abo~e, t~e buffer re~isters and the key registers of he crypto engine are sh~f~ed in synchroni~m, onca for 26 each d oc~ cycle, causing successive bytes of the oper~tlon~l 27 ~ey in clear form to ~e transferred from the buffer register8 28 to the key registers.
29 ~he byte counter 448 count~ the cloc}: cycles and when the count steps from ~ count of 7 back to a count of 0, a KIg77~09 -144--li2~8i2 1 negative signal is applied to set the COUNT ~ latch 450 2 which, in beinq set, applies a negative signal via the -CT~
3 line to reset the OUT~UT CYCLE latch 464 in Pig. 26e3. The 4 OUTPUT CYCL~ latch 464, in ~eing reset, ap~lie~ a positive signal on the -~UT CYCL~ line and a negatiYe signal on the 6 OUT CYCLE line. ~eferrin~ now to Fig. 26d3,- the c~mbination 7 of positive signals on the -OUT CYCL~ line and the -IN CYCLE
8 line render the .~D invert circuit 410 effe~tive to apply a 9 negative signal to reset the COU~ a latch 450 in Fig. 26d4, and i~ inverted ~y the inverter 412 to a p~sitive signal to 11 reset the BLOCK COUNT flip flop 414 producing a negative 12 signal on the -8LK0 line and a positive signal on the -BLXl 13 line. At the same time, the negative signal on the O~T
14 CYC~E line is applied to decondition the A.~ invert circuit 598 in Fig. 26q4 causing a positive signal to ~e applied 16 via -LKB line to the OR invert circuit 604 an~ to render the 17 ~D circults 600 an~ 572 effective to apply positive signals 18 via the -LIB and -SR line to the O~ invert circuits 602 and 19 574. A~ a re~ult, negative signals are now ~aintained on the LIB, L~B and S~ line to terminate further ~hifting of 21 the ~uffer and key registers in the crypto engines.
22 Referring now to Fig. 26f3, at ~1 tim~ of the next 23 clock cycle, a ~1 DEL clocX pulse in combination with the 24 positive signal on the OUT CYCLE line and the positive signal output of the STA~T O~-T CYCLE END latch 58~ are 26 applied to render the ~ND invert circuit ~82 effective to 27 produce a negative ~ign~l to set the OUT CYCLE END }atch 28 584. The O~T CYCLE END latch 584, in beir.<3 set, appl~es 29 a positive signal on the O~T CYCL~ ~ND line to condition th~
A~D invert cir~uit 57a in ~ig. 26e3 and a negative signal on KI9770~9 -14~-1 the -OU~ CYCLE E~D line to reset the D~CK latch 296 in ~$g.
2 26c3. The VECK latch 296 in ~eing reset al.plies a positive 3 ~ignal to r~nder the ~D invert circuit 298 in Fig. 26c4 4 effective to apply a negative signal on the g ORD line and via the inverter 300 a pos~tive signal on the -K O~ line 6 indicating the end of the key oraer operat~on. Referring now 7 to ~igs. 26e3 and 2hf3, at ~4 time, a ~4 clock pulse i8 8 applied to render the AND invert circuit 5''8 effective to 9 apply a negative signal to reRet the START OUT ~YCL~ END
latch 580. At ~1 time o~ the next clock cycle, a -~l/L
11 clock pulse is applied to reset the OUT CYCLE END latah 584 12 and thereby end the decipher key order operation with the 13 operational key presesltly stored in the key register~ in 14 preparation for a subsequent data processis,g operation.

~977009 ~i2 1 NCIP~IER O~D~P~ OPER~TIOil 2 The function of this operation i~ to encipher a messag-, 3 which may consist of one or more 8 byte blocks of plaintext, 4 into a corr~sponding message of cipllertext. Aft~r a valid S operational key is installed in the crypto engines there i~
6 no need to issue any further key handling orders for succes8iYe 7 blocks of plaintext so long a.s that s~me operational key 8 is used. ~ valid operational key is loaded in the key 9 registers of the crypto enqine by performirlg a D~CK operstlon, as previously described.
11 ~len the order code specifying the encipher order i8 12 decoded, a E~C latch is set to signa} the encipher mode of 13 operation. ~ollowing the r~.~c order command, a first ~eries 14 of 8 PIOW data commands is is~ued, with the data fields associated with the co~nand.s, being loaded into the buffer 16 registers of t~e c~ypto en~ines as the first message block 17 of plaintext to be enciphered. The first such command 18 inittates an input cycle and a byte counter counts each such 19 comn~and received. After the 8 PIO~ comman~3 have been received and the 8th b~te of the message block written into 21 the buffer registers, then at the 8th count, the input cycl~
22 cnds, a block counter ~s set and ~he crypto en~ines s~ar~ an 23 encipher ~unction which s indicated by the generation o~ an 24 eng$ne busy signal. ~.t the end of the encipher operation, half of t7~e ciphertext ~lock of data is present ~n the upper 26 data register and the other half is present at the outputs 27 of the cipher function circuits. ~ollowins the encipher 28 operation, a series of 8 PIO~ data com~ands are issued for 29 reading the enciphered message ~lock of ciphertext. The first such col~mand initiates an output cyc}e and the byte KI~7700~ 1~7--1~2~312 1 counter counts each such com~.and received. ~uring the 2 execution of the first PIOR data com~.and, while the bloc~
3 count ~s at a count of 1, the message block of ciphertext ~g 4 parallel transferred from the upper data register and the output~ of the cipher function circuits to the buffer 6 reqister~ where it is now available for rea~ing, a ~yte at a 7 time. ~t the end of the execution of each PIOR command, the 8 buffer registers are shifted ona position to present the 9 next ~yte of the message block of ciphertext for read~ng.
At the 8th count of the byte counter, the output cycle ends, 11 the block counter is reset and the ~NC lat~h remains set to 12 end the encipher order operation. The ~NC latch in remaining 13 set permits one or ~ore succeeding message blocks of plaintext 14 to be enciphered in a similar manner as th~t descrl~ed above.
16 A more detaile~ description of the encipher order 17 operation will now be given in con~unction with the timing 18 diagrams of ~igs. 31a-31d. ~fter address selection at TA tlme ~nd 19 loadinq the command byte into the co~and reg~ster at TC
time, the command code is dec~ded by ~ID invert circuit 266 21 in Fig. 26b2 to produce a negative ~ignal wh~ch is inverted 22 by ~nverter 26~ to a positi~e ~ignal on the W~ DSD O~DE~
23 line there~y indicating the prese~ce of a W~ DS~ ORDER
24 command. At the same time, a aats proce~ing order code decoded ~y the AND invert circuit 302 to apply a negative 26 signal vi~ the -DP DEC line to the inverter 3~4 where ~t i8 27 ~nverted to a positive ~ignal and applied to one lnput of 28 the AN~ invert circuit 306. At TD time, a positive s~gnal 2g ~ appl~ed via the SY~CH T~ line to render the AND circ~t 270, conditioned by the po~itive signal on the WR DSD ORDER

7tQ~ 4fl-~z~z 1 line, effective to produce a positive signal on the WR O~D
2 TI~ line which is applied to the remaining input of the AND
3 inv~rt Circuit 306 to render it effective to produce a 4 negative signa} wh~ch is applied via the -~ST E~C line to reset t~e ~NC latch 312 in lig. 2~c4 an~ to the inverter 308 6 where it is inverte~ to a po~itive signal a~d app}ied to one 7 input of the ,~?ID invert circuit 310. 4 positi~e signal on 8 th- -Y line from th~ co~an~ register 224 personal~zes tha 9 present order as an ~C order and is appli~d to the other input of the ~ND invert circuit 310 to renler it effective 11 to apply a ne~ative ~i~nal via the -S~T E~ line to set the 12 ENC latdh 312. The ENC latch 312 in being set applies a 13 positive ~ignal via ti~e ~`L~C line to Fig. 26g3 where it i8 `.
14 effectl~e via OR gate 522 to condition the ~D circuit 536 and i~ inverted to a negati~e signal by the inverter 546 to 16 apply a ~eqative signal on the ~EC line to decondition the 17 AND inv~rt circ~its S48 and ~60.
18 The series of 8 PIOW data commands is row received and 19 processed in a similar manner to that described in the ~ECK
order operation i.e. an input cycle is init~ated, the byte 21 counter 448 is conditione~ to count each P~W data co~mand 22 r-celved an~ the message ~lock of pla~ntex: $s loaded, a 23 byte at a time, per PIO~i data co~and, int~ the buffer ?4 register~ ~B~ 100 and L~R lS~. ~fter the 8~.h byte has be~n

25 written into the buffer registers, then, at the 8th count,

26 tho input cyc}c ends, the ~lock count flip ~lop 414, in Fig.

27 26d3, is set an~ the }N CYCLE ~D latch 53~ in ~i~. 26f3 iJ

28 set. ~he II~ CYCL~ END latch 534 in ~ing ~et init~ates the

29 swapp~ng action ~etween the buffer re~isters and the data registers of the crypto engines WhLCn, in this case, cau~e3 KI~77009 -149-~z~

l the mes~age bloc~ of plain~ext to be transferred from the 2 buffer registers t7~R 1~0 and LBR 150 to the data register~
3 UDR 200 and ~DR 250 preparatory to performing the encipher 4 operation. At the same ti~e, referring to the AND circuit 538 in F~g. 26q3, pos$tive signals on the IU CYCLE EN~ and 6 ENC llne~ render the AND circuit 538 effective to apply a 7 positive signal to the OR invert c~rcuit 540 causing a 8 negatlve signal to be applied via t~e -SL line to one input 9 of the O~ invert circuit 544. At -C time, a -C clock pulse ~ applied to the other input of the OR invert circu~t 544 ll cau-ing it to apply a positive ~ignal via ~he SL line to the 12 control si~nal cable and to one input of the OR invert 13 circuit 606 $n Fig. 26h4. mh~e OR invert circu~t 606 ~s 14 rendered effective to apply a negative signal, delayed by the delay clrcuit 608, via the LDK line to the control 16 slgnal cable connected to the crypto engines. Referring now 17 to the crypto engine~ in ~i~. 26gl, the signals on the SL
18 and L~ ne are applied to the key registers causlng the l9 contents thereof to be shifted one position to the left as a pre-~hift operation prior to the encipher operation.
21 The encipher operation is ~imi~ar to t.ie decipher 22 operation previously described in connection with DECX order 23 operation except that in thi~ case the key regls~er is 24 shlfted to the left under control of S1 control signals rather than the SRR and SR control signals a~ can be better 26 seen by referring to the timing diagram of Fig. ~1, Reerrlng 27 to F~g. 26g3, this is so because the ~ignal~ on the ~T ~
28 14, 15 line are used with the ,'~D circuit 536 conditioned by 29 the positive siqnal on the ~C line and inhibi~ed from bein~
u~ed with the ~ND circuit 548 deconditioned by the negative KIg77009 -150-~i24lS12 1 signal on the ~EC line. ~.s a result of the single pre-shift 2 ~ignal on the SL line and the 27 additional signals on the 3 S~. lin~ during the encipher operation, the key re~isters 4 shift left exactly 28 times to return the o~erational key l~ack to the initial con~ition in the key registers in 6 preparation for encipllering t~e next b~oc~ of a multi-block 7 plaintext message. ~t the end of the cipher function, half 8 of ~e ciphertext ~lock of ~ata is available at the output 9 of the upper data register UD~ 200 and the other half i~
avallable at the output~ of the cipher function circuits.
11 ~eferring no~ to ~ig. 26~2, the first of a series of 8 12 PIO~ data cos~nands i5 now received and a~tr address selectlon 13 at ~ tirne and command loading into the comr;and register at 14 TC tlme, the AND invert circuit 262 decodes this command an~
applie~ a ne~ative signal to one input of the OR invert 16 circuit 260 and to t~l~ inverter 264 where it i~ inverted to 17 a positive signal on the ~O~ EA~LY line. Referring now to 18 Fig. 26d3, the positive signal on the PIOR E~RLY line is 19 applied to the inverter 422 where it i5 inverted to a negative signal and applie~ to one input of the OR invert 21 circuit 424. At thi~ tisie, ~ositiv~ signa}s are maintained 22 at the input of the ~D invert circuit 416 ~ausing a negativo 23 signal to ~e applie~ to the other input of the O~ invert 24 circuit 424 which therefore pro~uces a pos~tive signal OD
the PIOR line. The po~itive signal on the PIOR line is 26 applied to ~he O~ invert circuit 456 in rig. 26e3 where it 27 is inverted to a negative signal to set the OU~PUT CYCLE
28 ~atch 464 producin~ a positive signal on the OUT CYCLE }ine 29 and a negative signal on the -~UT CYCL line to initiate an output cycle. The positive signal on the ~IO~ line is hI~7700~

i2 1 al~o applie~ to the inverter 462 where it is inverted to a 2 negative signal and applied via the -PIOR line to set the 3 STA~T PlOR Ei~D latch 5n8 in Pi~. 26f3. Referring now to 4 Fig~. 26e3 and 2~f3, the negative signal on the -OUT CYCL~
line is applie~ to ~et the START OUT CYCL~ ~ND latch 580 6 while the positive signal on the OUT CYC~E line in combination 7 with the positive signal output of the STA~T OUT CYCLE STAR~
8 latch 554 in Pig. 26f3 are applie~ to condition the ~N~
9 invert circuit 556. ~t ~1 time of the next clock cycle, a ~1 DEL clock pulse is applied to r~nder the AND invert 11 circuit 556 effective to apply a negative ~ignal to set the 12 OUT CYCLE S~ART latch 558 which, in heing set, app1ies a 13 positive si~nal to the ~UT CYCLE S~A~T line and a neqative 14 signal to the -OUT CYCL~ START }ine. The positive signal on the OUT CYCLE STA~T line is applied to condition the AN~
16 invert circuit 552 in Fiy. 26e3 and is also appl~ ed to the 17 AND circuit 634 in Fig. 26g4. ~ince this i~ not a key orasr 18 operation and the block count is at a count of one, positive 19 signals are main~ained on the other input.s to the ~D
clrcuit 634 which, therefore, is rendered effective to apply 21 a pos~tive signa} to the OR in~ert circuit 640 which, in 22 turn, initiates production of the ELR and ~ control 23 s~gnal~, in a manner previously described, to the cryptO
24 engines where they are e~fective to cause the enciphered bloc~ of data to be transfe~red from the outputs of the 26 upper d~ta register UD~ 20~ and the outputs of the modulo-2 27 a~der 650-664 to the upper ~uffer register l~0 and the lower 28 huffer register 15~, respectively, ~n prep~ration for 29 reading the now enciphered b}oc~ of ciphertext. Referring now to Figs. 26e3 and 26f3, at ~4 time, a ~4 clock pulse i8 ~ - \

~1`~4~Z

1 applied to render the AND lnvert circuit 5;2 effective to 2 apply a neg~tive ~igna~ to re~et the STAR~ OUT CYCL~ START
3latch 554. At 01/L t~me, a -~l/L clock pulse i8 ~ppli~d to 4 reset the OUT CYCL~ S~ART latch 558.
5Referring now to Fig. 26b2, at TC E~D time, a po~itive 6 signal on the TC ~ND line ~8 applied to the inverter 258 7 where lt iB inverted to a negative signal :o deconditlon 8 the OR invert circuit 260 czusing a positive signal to be g applied to ~e PIOR DATA line. Referring now to the AND
10circuit 902 in Flg. 26h3, assuming there has been no proce~ural 11 error, the positive signal on the PIOR DAT~ line i~ appl~ed 12 to render the AND circuit 902 effective to apply a posi~ivo 13 gignal to condition an array of exclusive ~R circuit~ 906 in 14 Fig. 26il. The function of this array i8 to compare lS correspondin~ data bytes from ~he two crypto engines ~or 16 equallty. Exclusive OR circult 906A is repreRenta~lve of 17 th~ axr~y and will be described in detail. Byte output~
18 from the crypto engie are applied to the hND invert c~rcult~
19 908, 910 and 912 with a po~itive ~lgnal on the bit line representlng a bit 1 and a negative ~ignal on the bit llne 21 representin~ a bit 0. If the output bit~ are both e~ual to 22 1, then po~itive signals are applied to r~nder the AND
23 ~nvert circuit 908 effective to apply a ne~atlve sign~l to 24 decond~tion ~o~h the A~D invert circuits 9~V and 912 cau~n~
a positive ~ignal to ~e produced from the ~olnt output~
26 thereof. Similarly, lf the output bit~ are both equ~l ~o 0, 27 then negative signal~ are applied to decond~tion the AND
28 in~ert circuits 910 and 912 causing a positlve signal to 2g al~o be produced from the jo~nt outputs thereof. On the

30 other hand, if the output bit~ from ~he cr~pto eng~De~ are KI977009 -1~3-~i2~8i2 1 not equal, then the AND invert clrcuit 908 18 deconditioned 2 to apply a po~ittve signal to condition the AND lnvert 3 clrcuit~ 910 an~ 912, one of which will h~ve a positive 4 signal applied thereto from one of the crypto engine3 to render th~t AND invert circuit effective to apply a neg~tiv~
6 signal from the ~oint outputs thereof. Accordln~ly, ~t 7 should be apparent that if the ou~puts of ona crypto englne 8 equal the output~ of the other crypto en~lne, then po~itive 9 ~lgnals will be applied from the array of excluslve OR
cixcult 906 to render the AND invert circuit 916 effective 11 to produce a negative signal to decondition the engine error 12 detect AND invert circuit 918. On the oth2r hand, if any blt 13 of the cipher engine~ does not compare, the.n, a nega~ive signal 14 output from the exclusive OR circuit corre~ponding to the error bit wlll be applied to decondltion the AND invert 16 circult 916 cau~ing a positive ~gnal to be ~pplied to 17 condition the engine error detect AND invert circuit 91~.
18 During TC END time, while a positive 3ignal i8 ma~ntained 19 on the PIQR DATA line, and a~suming there ls no engine error, the byte output of the crypto engin~ iB taken fro~
21 the output of the AND invert circuits, such a~ AND invert 22 circult 908, of the array of exclu~ive OR ctrcult~ 906 and 23 applied to the -DATA ~US IN. At the same time, parity 24 generator circuit 914, which 18 respon~ive ~.o the d~tn byte output of the array of exclu~iYe OR circuit~ 9~6, gener~tea 26 a par~ty b~t for the data byte which is ap~lied to tbe 27 -P line of the -DATA BUS IN.
28 At TD time, a positive slgnal 1~ applied vl~ the ~D SEL
29 line to render the AND ~nvert circuit 918 effectlve or not depen~lng on whether an engine error ha~ becn detected. ~f ~I9770~9 -154-1~2~2 1 an engine error is detected~ the AND invert circuit 918 i~
2 rendered effective to apply a negative sign~l via the ENGINE
3 ERR line to ~et the bit 1 latch 954B of the status reg$ster 4 952 to lndicate the f~ct that an engine ersor wa8 detected.
At the end of this IO operation, the command regi~r 224 6 in Flg. 26a2 is reset to decondltion Ith~ command decoder AN~
7 invert circuit 262 thereby cauQing a positive slgnal to be 8 applied to the OR invert circuit 260 and the inverter 264 9 whlch, in turn, cau~e negative fiignal~ to n~w be appliQd to the PIOR DATA and PIOR EARLY lines, respectively. The 11 negative signal on the PIOR EA~LY line i8 applied to the 12 inverter 422 in Fig. 26d3 where it 1~ inverted to a po~itive 13 ~ignal to render the OR lnvert circuit 424 effective to 14 apply a negative signal on the PIOR line. ~.he nega~ive ~ign~l on th~ PIOR line i~ app}ied to the lnverter 446, in Fig. 26d4, 16 where it i8 inverted to a positive signal on the STEP BYTE
17 C~ line to step the Byte Counter 448 to a count of 1. The 18 negative signal on the PIOR line is also applied to the 19 lnverter 462 in Fig. 26e3 where it i~ inverted to a positive ~i~nal ~nd applied together with a po~itive sign~l from the 21 STAR~ PIO~ END latch 588 in Fig. 26f3 to condition the AND
22 in~ert clrcuit 590. At ~1 time of the next cloc~ cycle, a 23 ~1 DEL clock pul~e i~ applied to render the AND lnvert 24 circult ~9~ effective to produce a negative ~gnal to ~t the PIOR END latch 592 causing a po~itiv~ 3ignal to be 26 produced on the PIO~ END line to condit~on the AND in~ert 27 circuit 586 in Fig. 26e4 and a negative ~nal on the -PIOR
28 END lin~ which is applied to decondition the AND circuit 600 29 i~ Fig. 26g4. The AND circuit 600 in being deconditioned initiate~ the production of a L~B and LIB control signal~, i~za~

1 ln a manner as prev~ously de~cribed, vla th~ çontrol signal 2 c~bl~ to the crypto engine~ to shift the buffer registers 3 one posltion ln preparation for outputtlng the next byte of 4 ciphertQxt of the enciphered ~es~age bloc~ of data. Referring now to the AND invert circuit 586 ~n Fig. 26e4, at ~4 6 tlme, a ~4 clock pulse is applied to render the AND ~nvert 7 circuit 586 effective to re~et the START PIOR END latch 588.
8 At ~l/L time of the next clock cycle, a ~ clock pulse is 9 applied to reset the PIOR END latch 592.
In a similar manner, during each of the succeedlng ones 11 of the serie3 of 8 PIOR data commands, th~ next data byte of 12 cipher text ~s passed with an appended parity blt to the -13 DAT~ BUS IN, the data byte i8 checked for an engine error, 14 the byte counter i8 stepped to the next count and the buffer registers of the crypto engines are shifte~ one pos~tion to 16 .prov~d~ the next succeed~ng data byte of ciphertext for 17 processing.
18 Aft¢r the 8th byte is read ~o the -DATA B~S }N, the 19 byte counter 448 in Fig. 26d4 steps from a count of 7 back to a count of 0 causing a negative signal ~o be producod to 21 set the COUN~ 8 latch 450 which, in turn, ~pplies ~ neg~tive 22 signal to the -CT 8 line. The negative signal on the -CT 8 23 llne i8 applied to re~et the OUTPUT CYCLE latch 464 ln Flq.
24 26e3 thereby ending the output cycle. The OUTPUT CYCL~
~atch 464 in being re~et applies a positive ~iqnal on the 26 -OUT CYC~E l~ne and a negatiYe signal on the OUT CYCLE llne.
2 7~eferriDg now to Fig . 26d3, the ~om~ination of the 28 po~it~ve sl~nal.~ on the -OUT CYCLE line ~s~d ~he -I~ CYCLE
29 llne rendar the AND invert circu~t 410 effes:~tive to apply a ne~ativ~ signal to re~et the COUN~ 8 latch 450 in ~lg. 26d4 X~9770~9-156-11;2~8~2 1 and i~ $nverted by inverter 412 to a positive ~iqnal to 2 re~et the BLOCK COUNT fl~p flop 414. The nngstive ~gnal on 3 the OUT CYCLE line is applied to ~et the START OUT CYCLE
4 START latch 554 in Fig. 26f3. At the end of this IO operation, S the command register is reset to effective~y ca~e a posit$v 6 signal to be applied on the -PIOR line, as in a manner 7 prevlously described, which in combination with the positlve 8 signal output of the START PIOR END latch 5~8 are applied to 9 condition the AND $nvert circuit 590 in Fig. 26f3. Accor~ln~ly, at pl time of the next clock cycle, a ~1 DEL clock pul~e lg 11 applied to render the AND invert circuit 5~0 effective to 12 apply a negative ~ignal to set the PIOR ~) latch 592 whlch, 13 in being set, applies a po~itive ~lgnal to the PIOR END line 14 and a negative signal to the -PIO~ END line. The neg~tive sLgnal on th~ -PIOR END line i8 applled to decondition the 16 AND c$rcuit 600 in Fig. 26g4 which initiat~s product$on of 17 the L~B and LI-~ control signals, in a manne~ prevlously 18 de~cribed, via the control cable to the crypto engines.
19 Referrlng now to the crypto enqine ~n Fig. 26gl, the LIB ana L~B- control ~ignals are applied to shlft th~ buffer regl~er 21 one mor~ position to effectively clear the cont~nt thereof 22 in preparat~on for receiving the next block of plaintext of 23 a multi-bloc~ mes~age for enciphermsnt. Referr$ng now to 24 Flg. 26e4, a~ ~4 time, a ~4 clock pu~se in com~lnatlon wlth the po~ltive s~gnal on the PIOR E~D line are applied to 26 render the AN~ in~ert c~rcuit 586 effective to ~pply ~
27 naghtlve signal to reRet the START PIOR EN~ lstch 5~8 ~n 28 F~g. 26f4. At ~l~L time of the next cloc~ cycle, a -~l/L
29 cl~ck p~l~e is applied to reset the PIOR EN~ latch 592 to terminate the encipher order operation.

KI97700g -157-1 D~CIPHER ORD~R OPERATION
2 The function of this operation iq to ~ec~ph~r a me~sage, 3 which may con~ist of one or more 8 byte bl~cks of ciphertext, 4 into a corresponding message of plaintext. After a valid operat$onal key is installed in the crypto engine by a 6 DECK order operation there is no need to i~sue any further ~ key handling orders for successive blocks o' ciphertext 80 8 long a~ the s~me operational key ~8 used.
g When the order code specifying a deci?her order ~8 decoded, the ENC latch is reset to s~gnal the decipher mode 11 of operat~on. Following the DEC order command, A series of 8 12 PIOW data commands is issued, with the data fields associatod 13 with the command~, constituting the message block of ciphertext, 14 being loaded into the buffer registers of ~he cryp~o engine~. The first such co~m~nd initiates an lnput cvcle 16 and a byte counter counts each ~uch comman~ rece$ved. After 17 the 8 PIOW commands have been recelved and ~he 8th byte 18 wrltten into the ~uffer registers, then, at the 8th count, lg the input cycle ends, the block of ciphertext i8 tra~SferrOa from the buffer registers to the data regi~ers of the 21~ crypto engine9, a block counter is set ~nd the crypto 22 engine8 8t~rt a decipher function which i~ indicated by the 23 generation of an engîne busy signal. At the end of the 24 declpher operation, half of ~he cleartext b}ock of dat~ is pre~ent ~n the upper data register and the ~ther half 26 presen~ at the outputs of ~he cipher function c~rcuits.
27 Following the decipher operation, a ~eries of 8 PIO~ data 28 commands are issued for reading the deciphered me~age bloc~
29 of cleartext. The f~r~t such command initiete~ an output cycle and the byte counter counts each such command received.

XI97700g -158-112~l~12 1 Durlng the execution of the first P~OR data command, while 2 the block count is at a count of 1, the messagQ block of 3 cleartext i8 parallel transferred from the l~pper data 4 register and the output~ of the cipher function circuits to S the buffer register~ where it is now availa~le for readlng, 6 a byte at a time. At the end of thc exec~lon of each PIOR
7 data command, the buffer register~ are shieted one pos$tlon 8 to present the next byte of the mes~age bl~ck of cleartext for 9 reading. At the 8th count of the byte coun~er, the output cycle Qnds, the block counter i~ resèt and the ENC latch 11 remains re~et to end the decipher operat$on. The ENC latch 12 in rema$ning reset permits one or more ~u~c~eding me88ag~
13 b}oc~s of ciphertext to be deciphered ~n a similar manner as 14 that descrlbed above.
The decipher operation i~ simi~ar to the encipher 16 operation in that an order code is decoded, a ~ries of 8 17 PIOW data commands are issued to proceed lnto an lnput cycle 18 for loading a data parameter i~to the crypto engin~Q, a 19 cipher function i9 per~ormed on the da~a p~ramet~r under control of an operational key and a Reries of 8 PIOR data 21 commands are is3ued to proceed into an output cycl~ for 22 reading the results of the clpher function. The s$milarlty 23 between ~hese two operations can be seen from the 24 t~minq diagrams o~ Fiqs. 31a-31d. ~he bas~~ dlfference ~etween these two operation~ i8 ln the spe~ific~tion of the 26 ~ecipher order rather than an encipher order, whlch set~ the 27 dev~ce for the decipher mo~e of operat{on, .~nd the key 28 ~hifting ~chedule provided for the key registers durlng the 29 decipher funct{on performed by the crypto engines. It w~ll be remembered that for an encipher operation the key reg~sters KI97700g -159-112~

1 are shifted to the left by one pre-~hift SL control signal 2 followed by 27 add~t~onal SL control signals during the 16 3 round~ of the encipher operation for a total of 28 SL control 4 signals to re~tore the cipher key back to lts initial home position in preparat~on for enciphering the next block of 6 cleartext. In the decipher operation, the key registers, 7 in~tead of being shifted to the left, ~s in the encipher 8 operation, are sh~fted to the riqht by 27 S~R and SR contro~
9 signals dur~ng the 16 round3 of the dec~pher funatlon, a~
describ~d in detailed in the DECX order op~ration, followed 11 by one po~t-shift SRR and SR control signals at the beginnlng 12 of the output cycle for a total of 28 SRR and SR control 13 ~ignals to restore the cipher k~y back to it~ in~tial home 14 po~ition in preparation for deciphering the next block of ciphertext. It should be apparent that wlth this symmetry, 16 the dealpher round9 are performed in the r~verso order of 17 the enc~pher rounds i.e. the ~et of cipher key bytes used ~n 18 the la~t round of an encipher operation is the set of cipher 19 key byte~ used ~n the first round of the deeipher operatlon so that each round of the decipher operat~on undoes each 21 round of the encipher operation, in reverse order.
22 Since ~he bas~c cipher operat~on haa heen described in 23 detai} ln the previous section and the ~eneration of the 27 24 control ~ignals SR~ and SR for a declpher function has boen de~er~bed in connection with the detailed description of 26 DEC~ order operation, the following deta~le~ dascr~ption 27 wlll be restricted to a description of how ~he device is set 28 for the deciph~r mode of operation and how the 28th po~t-29 ~h~ft SR~ and SR control pulses are providsd at the ~eginnlng of the output cycle of the decipher order operation.

li2~8iZ

l After address selection at ~A time and load$ng the 2 command byte into the command register at TC time, the 3 command code is decoded by the ~ND invert circuit 266 in 4 Fig. 26b2 to produce a negative signal wh~ch is inverted by ~nverter 268 to a positive ~ignal on th~ WR DSD ORDER
6 line thereby indicating the presence of a WR DSD order 7 command. At the ~ame time, the order code ~or data processlng a operatlon i8 decoded by the A~D invert circuit 302 in Fig.
9 26b3 to produce a negative siqnal on the -DP DEC line where it i~ inverted to a positive signal by inverter 304 and 11 applied to one input of the A2~D invert circuit 306. At 12 TD ~ime, a positive Rignal is applied via the SYNCH TD llne 1~ to render the AN~ circuit 270, conditioned ~y the positive 14 signal on the WR DSD ORDER line, e~fective to produce a poslt$ve signal on the WR OR~ TIME l~ne which i8 applled 16 to the rema~ning input of the ~N~ invert circuit 306 to 17 render it effective to produce a negative ~ignal which i8 18 applied via the -~ST E~C line to reset the ~NC latch 312 ~n l9 Fi~. 26c4 and to the inverter 308 wh~re it ~ inverted to a positlve signal and applied to one input of the AND lnvert 21 circuit 310. A negative signal on the -Y l m e from the 22 command regi~ter 224 personalizes this dat~ procQssor order 23 ag a ~C order and is applied to decondition the AND invert 24 c~rcutt 310, whic~ in being deconditioned, ma~nt~ins a po~ti~e signal on the -SE~ E~ac line ~o that the EtSC latcb 26 3L2 rema~n~ in a reset condition. SPEC ENC latch 494 ls al~o 27 held re~t by the inverted WR OR~ TIME signal. The E~
28 ~atch 312, and SP~C ENC latch 494, being in a reset condltlcn, 29 apply a negative signal via O~ circuit 522 to the inverter 546 in Fig. 26g3 where i~ is inverted to a po~itive signal ~ 3i2 1 on the DEC line to cond~tion the AND inver~ circuit~ 548 and 2 560 each of which i~ effective for controliing the gener-3 ation of the SRR and SR control signals usec during the 4 declpher operation.
S After the decipher function has been completed ana the 6 key registers have been ~hifted 27 times under control of 7 the 27 SRR and S~ control ~ignals, the fir~t of a ~eries of 8 6 PIOR data commands is i~ued to inltlate an output cycle 9 causing the OUTPUT CYCLE latch 464 in Fi~. i6e3 to be ~et which, ln being ~et, applies a po31tive ~ignal to the OUT
11 CYCLE line. ~he positive signal on the OUT CYCLE llne in 12 combination with a po~itive signal from the START OUT CYCLE
13 START latch 554 in Fig. 26f3 are applied tc cond$tlon the 14 AND invert circuit ~56. At the next ~} time, a pl DEL clock pulse i~ applied to render the AN~ invert circuit 556 16 effective to apply a ne~ative ~ignal to set OVT CYCLE START
17 latch 558. The OUT CYCLE START latch 558, in bei~g set, 18 applies a positive signal to the ~ND invert circuit 560 in 19 Fig. 26g3 which, at this time, has positive slgn~ls maint~lno~
on the other input~ thereto thereby render~ng the AND inv~rt 21 circuit 560 effective to 8pply a negative ~ qnal on the 22 -SRR and via the AND circuit S72 in Fig. 26g4 a nega~ive 23 9ignal on the -SR line to initiate the generation of the 24 post-shift SRR and SR control signal~ whic~. are used to shift the key regi~ter the 28th time to re~;tore the cipher 26 ~8y back to its initial home positlon in preparat~on for 27 deciphering the next b~ock of cip~ertext. ',~he remainder - 28 of the DEC order operation, namely, to read the 8 bytes of 29 the ~lock of cleartext is performed in a sim~lar manner as 30 that de3cribed in detail for the encipher order operation.

112~81Z

GE~ERATE RANDO;l Nu~nER ORDE:R OPERATION
2 The function of this operation is to generate a random 3 number by enciphering a pseudo random num~er under a var~ant 4 of the host master key which, ~n the appl~cations previou~ly S de~cribed, is used as a secondary key (or multiple secondary 6 keys if multiple operations are performed) or is used a8 an 7 enciphered operational ~ey.
8 Durlng com~and time of this operation, when the order 9 code specifying a ~enerate random number (~RNJ order ~ 9 10 decoded, a load master key ~K) latch and a key var$ant 3 11 latch are set. With the L~K latch set, the contents of the 12 MK memory ls caused to be read out and w~th the k~y 13 variant 3 latch set, each ~yte of the master key read 14 out ~s modified to provide a ~ariant ther~f for tra~sfer to the crypto engines. The variant of the ma;ter key ~8 parlty 16 checked, a byte at a time, and loaded as a working key ~nto 17 the key reglsters of the crypto engines. Duiing ~ynch TD t~me 18 of thi~ operation, a ~RN latch and a special enc~pher lntch 19 are set, the latt~r causing the process~ng mode to be set for an encipher operation. After half of the varisnt of th~
21 master key is loaded into the key registers of the crypto 22 ~n~ine and while the remaining half is bci.~g loaded, an 23 lnput cycle is inltiated durinq which the c~Jntent~ of a non-2~ resettable 64 bit random counter is tran~ferred, a ~yte at a time each clock cycle, to the buffer regi~ters of th¢ crypto 26 engine. nuring thi5 transfer, a ~yte counter counts ~he 27 clock cycles and after the 8t. byte of the random number h~
2~ been loaded into the ~uffer register~, then, at the 8th 29 count, the input cycle ends, the LMK latch ~s reset to terminate fu~ther ~IK memory read out, the rsndom nuMber ls RIg770C9 -163--~24~312 1 transferred from the buffer re~i~ters to the dat~ registers of 2 the crypto engine and a ~lock counter is ~et. During this 3 transfer, the last ~yte of the variant of the master key 18 4 loaded into the ~ey registers, the crypto eng~nes initiate an encipher operat$on, indicated ~y an engine busy signal, the 6 Xey varlant latch 1~ reset and the random numbQr counter i~
7 8 t~pped to tlle next count value. During the encipher operatlon, 8 the random number count value in the data r~iQter~ of tho crypto 9 engines is enciphered under control of the vari~nt of the ma-tor key in the key regi~ters of the crypto engine~. At the end 11 of the encipher operation, half of the enc~phered random numbor 12 L8 present in the upper data register and the other half i8 13 present at the outputs of the cipher function circuits. Following 14 the encipJ~er operation, a series of 8 PIO~ data commands ~ 8 rece~ed for rcading the enciphered random number. The fir-t 16 such command inltiates an output cycle and ~ byce counter counts 17 each such command recelved. During the ex~cutlon of the first 18 PIOR data command, while the block count i8 at a count of 1, 19 the enciphered random number i~ parallel tr~nsferred from the upper d~ta register and the outputs of the clpher function 21 circuits to the buffer register~ where it is th~n available for 22 reading, a ~yte a a time, and the G~N lat~l i~ reset. At tho 23 end of the execution of each P~O~ command, the buffer reqi~eer-24 are ~hifted one po~tion to present the next byte of the enciphered random number for readtng. At the 8th count of th6 26 ~yte counter, the output cyc}e ends an~ the ~lock counter i8 27 re8et to end the operation.
2a A more detaL~ed description of the gensrate random 29 number order operation will now he given in con~unction wlth the timing diaqrams of Fiys. 32a-32c. t~fter address selection at

31 TA time and loading the command byte into tne ~omman~ reg~ster KI9770Qg -164--1 at TC time, the command code is decoded hy AND invert circult 2 266 in Fig. 26b2 to produce a negative signal which is 3 inverted by ~nverter 268 to a pos~tive -qignal on the WR DSD
4 ORDER line thereby indicating the presence of a WR DSD order S comm~n~. At the ~ame time, the order code i~ decoded by the 6 Pi~D invert circuit 314 to apply a negative s~gnal via th~
7 -G~ ~EC line to the inverter 316 where it is $nverted to a 8 positive signal and applied to one input of the ~iD invert 9 circuit 318. ~eferring now to the inverter 476 in Fig.
26d5, the negative signal on the -~7RN DEC line is inverted 11 to a posltive siqnal and passed via the OR circuit 484 to 12 the SET ~qX line. Referring now to the OR invert circuit 13 S64 in Fig. 26g4, the positive signal on the S~T LMX line i8 14 applied to render the OR invert circuit 564 effective to apply a negative ~ignaL to set the L~K latch 566 producing a 16 positive signal on the L.~X line and a negative signal on 17 the -LMK l$ne. ~eferring now to the AN~ inv~rt circuit 368 in 1~ Fig. 26c2, the negative signal on the -LMK line i~ appl~ea 19 to decondition the AND invert circuit 368 which, ~n turn, maintains a positive sign~l at one input of the AND invert 21 circuits 370 and 374 80 lonq as the L~ la~ch 566 remains 22 set i.e. while the M~ memory is bein~ read ~ut.
23 Referring now to the ~EY VAR 3 ~TRL lacch 515 in F$g.
24 26e5, the negative signal on the -~RN DEC iine i~ applie~
to set the KEY VAR 3 CTRL latch 515 which, in being s~t, 26 applies ~ positive si~nal to the VA~IA~T 3 llne and via the 27 OR circuit 518 to the V~RIA~T 1~3 line. ~eferring now to 28 Fig. 26el, the positive signals on the VAR~AuYT 1/3 and 29 VARIANT 3 line~ are applied to the exclusive OR c~rcuits 704A and 704D which are used to invert bits 0 and 6 of each ~I977009 -165-1 byte read out of the ~X memory 700 thereby prov$ding a 2 variant of the ma~ter key for tran~fer to the crypto 3 englnes.
4 P~eferring now to Pig. 26c2, negative ~lgnals are S ma~ntained at the lnputs of the AN~ invert circuit 366 anC
6 negative si~nal i8 ~aintained at the input to the lnverter 7 162 both of which cause a positive siqnal to be applied to 8 one input of tlle ~tD circuit 380 and to cond$tion the AN~ -9 invert circuit 376. A~ditiona}ly, the ~X OVW latch 276, prosently in a reset 3tate, causes a positi~e si~nal to be 11 applied via the -~tX O~W line to the other input of the A~D
12 clrcuit 380 theroby rendering it effective to apply and 13 mainta~n a positive signal on the -w ENAB~E llne. Thereafter, 14 and in ~ manner wh$ch is described in detall for the ~EC~
order operation, the A~D invert circuits 370 and 374 are 16 alternately rendered effectivQ by ~3L and -~lL clock pul~e~, 17 respectively; the AND invert circuit 3~0 c~ntrolling th~ AND
18 lnvert c~rcuit 376 and inverter 378 to produce successlv~
19 negative sisnals on the -M ENABL~ line which in co~bination with the positive signal on the -W ENABLE line allcw ~ucco~lve 21 reading of the MK memory 700 whi~e the AND invert circult 22 374 controllin~ the AN~ invert circuit 376 and ~nverter 388 23 in Fig. 2~d2 to produce successive positive signals on th~
24 STEP CT~ line for successively stepping the addre~s counter 390 to address successive location~ of the MK mem~ry 700.
26 Successive pair~ of half ~ytes read out o the ~l~ memory 700 27 ~n Fi~. 26e} are ~hifted into the shift re~sters 702 to 28 prov~e success~ve bytes of the macter ~ey for the 29 cry~to engines, with bits 0 and 6 of each byte beinq inv~rt~d ~y the exclusive OR circuits 704A and 704D to effectively ~Ig77009 -166--1~2~

1 provide a variant of the master key for transfer to the 2 crypto engine~.
3 Referring now to the AI~D invert circult 568 in F$g.
4 26g4, a~ter each byt~ of the master key are loaded into the hift rqgi~ter 702 in Fig. 26el, a ~1 DEL clock pulse in 6 combination with positive signal~ on the C~, -STEP CTR and 7 ~X line~ are applied to render the AND lnvert circuit 568 8 effect$ve to produce a negative signal to ~et the L~ lstch 9 570 wh~ch, ln being set, initiates productlon of po~itive signals on ~he SR, LDK and LDIC control line~ for the crypto 11 engine~, ln a manner as previously described in detail in 12 connectlon with vECX order operation. Ref~rring now to the 13 crypto engine in Flg. 26gl, the positive ~ignal on th~ LDX
14 line is applied to condition the ~N~ circuit 807 to perm~t a par~ty check to be made of each variant hyte of the master 16 key for parity errors. The successive posîtive signals on 17 the SR, LD~ and LDK lines are applied as control inputs to 18 the key registers URR 35~ and LKR 400 to shift the k~y 19 registers and allow successive variant bytes of the ma~ter 20 key to ~e loaded into th~ key regi~ters.
21 Referrin~ now to Fig 2fib2, at TD time, while the variant 22 of the ma~ter key is being loaded into the ~ey register~, a 23 po8itive signal is applied via the SYNCH T~ line to r~nder 24 the AND circuit 270, conditioned by the poRitive ~gna~ on the W~ DSD oRnER }ine, ef~ectlve to provide a poBitive 26 ~ignal on the WR O~D TI~E line. Referrins now to Fig.
27 26b2', the positive ~ignal on the wR ORDE~ TIME line i8 28 applie~ t~ the inverter 322 where it is inverted to a 29 negatlve ~ignal on the -~R ORD TI~E line to reset the GRN latch 320 in F~g. 26c3' and the SPEC ENC latch 494 KI977009 -167~

1~248iZ

l in Fig. 26d5. ~eferring now to Fig. 26b2, the positive 2 slgnal on ~he WR oRn ~ line is applied to the remaining 3 lnput of the ,~D invert circuit 318 to render it effect~ve 4 to pro~uce a signal on the -SET GR~I line wh1ch is applied to ~et the GRN latch 320 in Fig. 26c3' producing a po~itive 6 signal on the ;,~Y line and a negative signal on the -G~`J line.
7 ~eferring now to Fig. 26e4 the positive si~nal on the GRN
8 line i9 applied to one input of each of the ~D circuits in 9 un~t~ 472A-472T~ and to condition the AND circuit~ 475 in Fig. 26fl while the negative signal on the -~N line is 11 applied to decondition the AND circuits 473. Accordingly, 12 information on the BUS I.~ is inh~ited from pas~ing via the 13 deconditioned t~D circuits 473 while information from the 14 random number (RN) counter 470 in ~ig. 22e4 i~ passed via the conditioned A.~D circuits 475 and the OR circuit 476 to 16 the crypto engines. r~eferring now to Pig. 26d5, the positive 17 signal on the GRN line is also applied to the OR inv~rt 18 circuit 4~0 where it is inverted to a negat..ve signal to sot 19 the SPEC ENC latch 494 causing a positive signal to be applied to the SP ~C line and a negative signal to the -SP
21 ENC lin~. Referring now to Fig. 26e3, ths positive slgnal 22 on the SP E~C line i8 applied via the OR circu$t 522 to 23 condition the ~h'D circuit~ 536 and 538 in Fig. 26g3 and ~ia 24 the inverter 546 to apply a negative ~ignal to the ~EC line to decondition the AN~ invert circuits 548 and 560. Referr~nq 26 to ~ig. 26~4, the negative signal on the -SP ENC li~e iB
27 applied to decondition the AND invert circuit 621 causing a 2~ positive signal to be applied to one input of the AND circult 626.
29 ~eferring now to Pig. 26d4, while t~e variant of the master key is being loaded into the key regi~ters and wh~n KI97700g -16B-112~t312 1 the ~ddres~ counter 390 in Fig. 27d2 i9 ~tepped to a count 2 of 8 by a -~lL clock pulse, a negatlve s$gn~1 on the -C~
3 line is applied to ~e~ the 16 STEP latch 4~4 cau~lng a 4 positive ~ignal to be applied to condition the ~YD circu~t 406 and to set the CT OF 8 latch 441 in ~ig. 26d4 csu~ing a 6 positive signal to be applied to the CT 8 line. Th~ positiYo 7 signal on the CT 8 line in combination with the po~$tlv~
8 signal~ on the GRN and ~K line~ render the ~D invert 9 circuit 443 effective to apply a negative-~ignal on She -G~NW lin~. The negative signal on the -GRNW line i8 appliod 11 to decondition the AN~ circuit ~00 ~n Fig. 26g4 which, in 12 being deconditioned, applies a negative slgnal vla the -LI~
13 line to one input of the Ol~ invert circuit ~02. At ~2 14 time, a -C clock pulse is applied to the oth~r input of the OR invert circuit 602 thereby deconditioning it and cau~lng 16 a positive ~ignal to be applied via the LI~ ~in~ to the ~7 control signal cable connected to the crypto engines and to 18 the OR invert circuit 648 in Fig. 26h4 causing a negative 19 signal, delayed by delay circuit 650, to be appliad via the LIB line to the control signal cable connectlon to the 21 crypto engines.
22 Referring to ~igs. 26d4 and 26e4 the RN counter 470 1 23 a 64 stage nonresettable binary counter which is battery 24 powered so that it may retain its content~ independent of ~y~tem power. Each of the 8 output bytes of the K~ counter 26 470 i~ connected to a corre~ponding set of AND circuits 472A
27 ~o 472K conditioned ~y the po~itive signal on the G~ line 28 and controlled by the settings of the byte counter 448. At 29 thi~ time, the byte counter 448 is at a count of 0 which con~itlon is decoded by the decoder 466 producing a po~itive signal on KI977009 -16~---, ~2~i8i2 1 the BC 0 line to render effective the set of ~ND circuits 2 472A for pa~sin~ the first byte of the coun~ value in the RN
3 counter 470 via the OR circuits 474 to the AND c~rcuits 475.
4 The AND cireuitQ 475 being conditioned by the pos$tive signal on the G~ line passes t~e random n~nher byte via tho 6 OR circu~t 476 and the P bo~ 50 to the ~uffer registers UBR
7 100 and LBR 150. Accordingly, the now received combination 8 of ~ignals on the ~IB and LIB line are effe~tive to permit 9 the random numher byte to be loaded into t~e buffer register8 in each cry~to engine.
11 ~eferring now to Fig. 26e3. at ~3L time, a ~3L clock 12 pulse together with positive ~ignals on the GRNW and GRN
13 lines render the AND invert circuit 435 eff~ctive to apply a 14 negat~ve s$gnal to set ~le INPUT CYCLE latch 454 to ~tart an lnput cycle operation during which successive byte~ of 16 the random number count value of the X~ counter are load~d 17 into the buffer regi~ters. The INPUT CYCL~ latch 454 in 18 being set applie~ a negative signal via th~ CYCL~ line 19 to set the START I~ CYCLE ~ND latch 530 in .~ig. 26f3. Referrlng now to Fig. 27d4, at ~4 time, a ~4 clock puise in comb~nat~on 21 with pO8~ tive signals on the ~RN, L~K and CT ~ line~ are 22 applied to render the ~ND inv~rt circuit 440 effective to 23 apply a negative pulse to the STEP BYTE CTR line, the po~ltlv~
24 tra~ling ed~e of which is e~fective to step the byte counter 448 to a count of 1.
26 In a 3imi~ar manner, ~ucceeding one~ of the random 27 number count va~ue bytes ~re gated, under ~on~rol of the 2 R byte counter 448, and loaded into the buffer reglstess UB~
29 1~0 and LBR 150, with the previou~ byte being simultaneously .~hited and tlle byte ounter 44~ being st~pped at ~4 ~ime of ~977009 -170-1 each clock cycle.
2 ~fter the 8th random n~ber count value ~yte is 3 wr~tten into the buffer re~isters, then at ~4 time of 4 that clock cycle, the ~yte counter 448 steps from a count o 7 back to a count of O causing a negat.~ ve signal to ~e 6 produced to set the COUE~T 8 latch 45~ whic~, in being et 7 applie~ a negative signal to the -CT a line. The negative 8 J~gnal on the -CT ~ line is applied to rese the INPUT CYCLE
9 latch 454 in Pig. 26e3 thereby ending the input cycle.
Referring now to Fig. 26d3, the INP~T CYCLE latch 454, in 11 he~ng reset, applies a positive signal whi~h, in comblnation 12 wi~h the positive signal on the -OUT CYCLE line, render~ tho 13 AND invert circuit 4}0 effectiva to apply a negat~ve $~gnal 14 to reset the CO~.IT 8 latch 450 in Fig. 26d4 and i~ inverted by inverter 412 to a positive signal to set the BLOC~ COUNT
1~ flip flop 414 producing a positive signal on the -BLR C line 17 and a negat~ve signal on ti-e -BLK 1 line.
18 Referrlng now to Fl~. 27f3, at ~1 tim~ of the next cloo~
19 cycle, a ~1 DEL clock pulse in combination with positive ~ignal~
on the -I~ CYC~E line and from the ST~RT IN CYCLE END latch 530 21 render the AND invert circuit 532 effective to apply a neg~tl~e 22 slgnal to ~et the lN CYCLE ~D latch 534 wh~ch, Ln bein~ ~et, 23 applies a positive signal to the IM CYCLE ~ llne.
24 ~eferr~ng now to Fig. 26f4, ~he positiYe sLgnal on the IN
CYCL~ ~ND line is applied to the inverter 522 where lt ~g 26 inverted to a negative signaL and applied to decondition the 27 AND circu~t 626 causing a negative ~ignal to be app}ied to 28 set the STA~T Es latch 62~ and to the inver~er 633 in ~lg.
29 26g4 where it is inverted to a positive sig~al and applied to render the OR invert circuit 640 effectlve to apply 31 neg~tive ~ignals vi~ the -EL~ and -LDR lins~ to one U~4~3~2 1 input of the OR invert circuits 642 and 644. Referrin~ now 2 to Fig. 26c2, the negative signal on the -~LR line i~
3 applied to r~econdition the A~ circuit 382 which, in turn, 4 resets the address counter 39n in Pig. 26d2 from a count of 15 back to a count of 0 causing a positive signal to be 6 appl~ed to the -C 8 ~ine. The positive signal on the -C 8 7 line is applied to render the ~D circuit 4~6, conditioned 8 by the positive signal from the 16 STEP lai.ch 404, effective 9 to apply a positive signal to the lnverter 408 where it i8 inverted to a negative signal on the -16 ST~P line which 1 ll applied to reset the CT OF ~ latch 441 in Fig~ 26d4 and to 12 re~t. t~le l,~II; latc~ f,t, ln ~0~J~ ti latcll 5~ ln b~l~y 13 reset applies a negative signal to the L~IK ~ine and a 14 positive signal to the -L~ line. The negative signal on the L.~IK line decondition~ the AND invert circuit 568 to 16 inhibtt further production of the shifting control ~ignals 17 SR, LDK and LDK for the key registers of t:ne crypto englnos.
18 Referring now to Fig. 26c2, the positive si~nal on the 19 -LMK line is applied to render the ~D invert circuit 368 effective to apply a negative signal to de~ondition the AND
21 invert circuits ~70 and 374 to inhibit further reading of th-22 iIl~ memory 700 and stepping of the address cou~ter 390.
23 Referring now to Fig. 26g3, the posi~i~e signal on the 24 I~ CYCLE E~ line in con~ination with the p~si~ive si~nal on the E~C line are applied to render the ~ND circuit 538 26 effective to apply a positive signal to the OR invert 27 c~rcuit 540 which, in turn, applies a negative ~ignal via 28 the -SL line to one input of the OR ~nvert c~rcuit 544.
29 Referring now to Pigs~ 2~g3 and 26g4, at ~2 time, a -C
clock pulse is applied to tI~e other lnput of the OR invert 1 circuits 544, 642 and 644 to decondition them causing 2 positive signals to be applied via the SL, ELR and LDR
3 line~, respectively, to the control signal oable connoct d 4 ~o the crypto engines. ~eferring to Fig. ,.6h4, the po~$tive signal on the SL line is applied to the OR invert 6 606 causing a negative signal, delayed by d~lay circuit 608, 7 to be applied via the LDK ~ine to the control ~ignal cable.
8 ~he positive signal on the L~R line is applied to the OR
9 invert circuit 652 causin~ a negatlve signaL, delayed by delay circuit 654, to be applied via the L~R line to the 11 control signal cable. Referring now to the crypto engine in 12 Fig. 2Cgl, the control signals LD~ and L3R are effect~ve for 13 cau~ing the random number stoxed in the buf~er registers UBR
14 100 and L~ 150 to be transferred and loaded in~o the data registers l1D~ 200 and LDR 2~0 in preparatio;~ for the enclpher 16 function. The control signals on the ~L ana LDX lines are 17 applied to the key reglster~ cau~ing the contents thereof, 1~ namely, the variant of the master key, to be shifted one 19 position to the left as a pre-shift operation pr$or to the enc$pher operation.
21 ~eferring now to Figs. 26e3 and 26f3, at ~4 time, a ~4 22 clock pulse in combination with ~he positive ~ignal on the 23 IN CYCLE E~ line are applied to render the AND invert 24 circuit 528 effective to apply a negative slgnal to reset the START IN CYCLE RND latch 530. At ~l/I, time of the n~xt 26 cloc~ cycle, a -~l/E cloc~ pulse is applied to reset the IN
27 CYCLE ~N~ latch 534 causinq a negative si~nal to be produced 2~ on the I~ CYCLE END line. Referring now to Pig. 26f4, the 29 negative signal on the I~ CYC$E END llne is applied to ~nverter 622 where it ls inverted to a positive XI977~09 -1?3-1 signal to be applied to render the AND c~rcuit 626 effoct~ve 2 to apply a po~itive signal to render the AND invert clrcu~t 3 630, condltioned by the positive ~ignal fro~ the START EB
4 latch 628, effective to apply a negative slgnal to ~et the EB latch 632 indicating the start of the c~ypto op~ration.
6 The EB latch 632, ln being set, applies a positive ~ignal to 7 the ~B line and a negative signal to the -EB line. Referring ~ to Fig. 26d4, the po~itive signal on the EB line ln comblnat~on 9 wlth the positive signal on the GRN line are applied to render the AND circuit 468 effective to apply a positive 11 signal to step the RN COUNTER 47Q to the next count. ~eferrlng 12 to Figs. 26c2 and 26d2, the positive ~igna~ on the E9 line 13 i~ also ~pplled to condition the address de~oder AND invert 14 circu$t 398 and to condition the ER flip flop 384 to permit stepplng of the round counter 390. Referring to ~ig. 26f4, 16 the negative ~lgnal on the -EB ~ine is app~led to ~et the 17 START EB END latch 612 and referring to Fi7. 26eS, to reset 18 the KEY VAR 3 C~RL latch 51S.
19 The ~ncipher function operation i~ ~im~lar to that prevlously described in detail in connectlon with tho onc~ph~r 21 order operation and can generally be followed by r~ferr~ng 22 to the tlming diagram of Fig. 32. Generaliy, the enclphex 23 functio~ i3 performed by repeating a produ~t ciph~r functlon 24 for 16 rounds. During each round, the con~ents of the upper data regi~ter UDRI200 ~8 enc{phQred under c-)ntrol of tho 26 contents of the key registers UXR 350 ~nd LKR 400 w~th th~
27 re~ult~ being added to the contents of t~e lower data regi~t~r 28 ~R 250 by the modulo-2 adder~ 650-664. At the end of each 29 round, the outputs of the modulo-2 adder~ ~re para}lel er~n~farrQd tQ th~ upper dat~ register UDR 200 w~lle the 1 eontents of the upper data register UDR 20~ are parallel 2 tran~ferred to the lower data register LDR 250 to form the 3 argumento for the next round and the key registers are 4 ~hlfted by the eontrol signal on the SL line in aecord~nee S wlth key shift schQdule shown. A8 a result of the single 6 pr~-~hift signal on the SL line and the 27 addltlonal ~lgnal~
7 on the SL line during the encipher operatlon, the key 8 regi~ters ~hift left exactly 28 time~ to return the varlant 9 of the master key bae~ to the initial home ~o~it~on ln the key rogisters. At the end of eneipher funetion, half of the 11 eneiphered random number ls avallable at the output~ at ~h-12 upper data regi~ter UDR 200 and the other half l~ avallablo }3 at the output~ of the cipher funetion eire~its.
14 Follow~ng the encipher operation, a ser~e~ of 8 PIO~
data eommands are i~sued for readin~ the en~iphored random 16 number. The first ~ueh command lnitlates an output cyele 17 whieh is performed in a similar manner to that do~eribed ln 18 detall in eonneetion wlth the enclpher ordex operaticn. Sn 19 general term~, durin~ the exeeution of the PIOR data com~an~, whlle tho bloc~ eount i8 at a count of 1, the eneiphered 21 random numher ~8 parallel transferred from ~he upper dat~
22 regi~ter and the outputs of the eipher funetion eireuit~ to 23 the buffer registers where it i8 then available for readlnq, 24 a byte st a t~me. At the be~inning of the sxecution o~ th~
fir~t PIOR data eommsnd, a positive siqnal i~ applied on tho 26 OUT CYC~E S~A~ line to reset the GRN lateh 320 in Flg. 26e3' 27 and at the end of the execution of each PIO~ command, the 28 buffer re~i~ters ~re shlfted one position to present the 29 next byte of the enciphered random number for r~dlng. At the 8th count of the byte counter, the ou~put cycle end~ ~nd Z

1 the block counter 1~ reset to end the oper~t~on, with 2 the enc~phered random number now a~ailable ~or U~8 a~ a 3 ~econdary key or an enciphered operational ~ey. While 4 a 64 bit RN counter is used in this operation to provide S a p~eudo random number, it should be apparent that it i~
6 w~ll w$thin the ~kill of the art to u~e a truly random 7 number qenera~or for generating a random ~.~aluc e.g. a 8 noi~e generator.
9 .

K~9~7009 -176--1~8~

2 The function of the encipher ma~ter key EMR~ operatlon 3 18 to encipher an operat~onal key under ti~s host mastQr key 4 while the functlons of the encipher ma~er key EMKl and EMK2 ~5 operations are to encipher a ~econdary key under a variant 6 of the ho~t master key.
7 When the order code specifylng any of ~he~e orders 8 i8 decoded, a load ma~ter key (LMK) latch 1~ set and, ~n th~
9 case of the EMKl order, a key var~ant 1 latch i~ add~tionally et and, in the case of the EMR2 order, a ~ey variant 2 latch 11 i8 additlonally sQt. With the LMX latch ~et, the contents 12 of the MK memory i8 caused to ~e read out and in the case of 13 the EMR~ order operat~on, ~s transferred, a byte at A time, to 14 the crypto enqlne~ while in the case of the EMgl and EMX2 order op-rations each byte of the ma~ter key read out of the MR
16 ~emory i8 modified to provide a variant of the ma~ter key to 17 the crypto engines. The master key or the varlant of the la ma~ter koy, dep~nding upon which order ~8 ~eing performed, l9 i8 parity checked in the crypto eng~ne~, a ~yte at a time, and loaded a~ a working key into the key register~ of the 21 crypto engines. During synch TD t~me of th~se operation~, 22 an EMK latch and a ~pecial encipher SPEC ~C latch are set, 23 the latter causlng the proce~ing mode to he set for an 24 encipher operation. After loading the ma3ter key or the varlant of the ma~ter key into the key regt~ers~ a serle~
26 of 8 P10W commands are received with the dat~ fi~ld associated 27 wi~h the ~ommands, cons~tuting the operational key or 2a ~econdary key, depending upon wh~ch order ~ being perfonm~, 29 to be ~nciphered, being loaded into the bu~fer regi~ters of ~he ~rypto engines. The first such command inltiates an -1124~12 1 input eyele and a byte counter counts each such eommand 2 reeelved. After the 8 PIOW commands have been reeelved and 3 the 8th byte written into ~he buffer register~, then, at the 4 8th eount, the input cycle ends, the operational or seeondary S koy is tran~ferred from the buffer regi~ter~ to the data 6 registers of the erypto engines, a bLock counter i~ set, th 7 crypto enginQs start an eneipher operation, indieated by th 8 generation of an engine busy signal, and ~h~ key variant 1 9 and key variant 2 latehes are reset. Durll~g the encipher op ration, the operation~l or secondary key, dependlng upon 11 which order operation is being performed, ir the dat~
12 registers of the crypto engine~ is eneipherad under control 13 of the master key or variant of the master key, respeetively, 14 ln the key register~ of the crypto engines. At the end of the enelpher operation, hal~ of the eneiph~red oper~tional 16 or seeonaary key i~ present in the upper data re~ister and 17 th~ other half i~ present at the outputs of the cipher 18 funetion eircuits. Fol~owing the encipher operation, a 19 erles of 8 PIOR data ~ommand~ is recei~ed for re~dlng the eneiphered operation~l or seconaary key. ~he flrst sueh 2 1 camm~na initiates an output eycle and the ~y~e eounter 22 count~ eaeh sueh eommand received. ~ur~ng the exeeution of 23 the first PIO~ data eomm~nd, wh~le the block count ~8 at a 24 count of ~, the enciphered operational or ~econd~ry ~ey 1J
paralle} transferred from the upper data re~i~ter ~nd the 26 output~ of ~he c~pher function circuit~ tc ~he buffer 27 regi~ters where it ~ then available for reading, a byte at 28 a time, and the EMK latch i8 reset. At the end of the 29 ex~cution of each PIOR command, the buffer regi~ter~ are shifted one po~ition to pre~ent the next hyte of the enclphered ~977009 -178-1~2 1 operational or ~econdary key for reading. At the 8th count 2 of the byte counter, the output cycle ends and the block 3 counter i8 roset to end the operation.
4 A more detailed description of the encipher master koy order operation will now be given in con~unction with the 6 timing diagrams of Figs. 33a-33c. After addre~s selection ~t 7 TA tlme and loading ~he command byte into the command 8 register at TC time, the command code i~ d~coded by the AN~
9 invert circuit 266 in Fig. 26b2 to pro~uce a negative signal which i~ lnvarted by inverter 268 to a positive signal on 11 the WR DSD O~DER line thereby indicating the pr~ence of a 12 WR DSD ORDER command. At the ~ame time, ~f the order code 13 specifie~ an EMX~ order, then that order co~e is decoded by 14 the AND invert c~rcu~t 340 to apply a negative slgnal via the -EMK~ DEC line to the inverter 342 where it 1B lnverted 16 to a po~itive signal and applied to one input of the AND
17 lnvert circuit 344 whereas, if the order code speclfie~
18 EMXl order, the order code i~ decoded by the AND lnvert 19 circult 341 to apply a negative ~ignai via ~he -ENRl DEC
llne to the inverter 343 where it is inverted to A positive 21 signal and applied to one input of the AND lnv~rt clrcult 22 345 and lf the order code specifie~ a ~K2 order, the ord~r 23 co~e 1~ decoded ~y AND invert circuit 349 to apply a negat$ve 24 si~n~l via the -EMK2 DEC l~ne to the lnvert~r 351 where lt i8 ~nverted to a po~itive ~ignal and appli~d to one input of 26 the A~ inver~ circuit 353. ~eferrlng now to the inver~er 27 circuit~ 4i9, 481 and 483 in Eig. 26d~, negat~ve ~igna~s on 28 either of the -E~O DEC, -~MKl ~EC or -EMX2 DEC line~ are 29 inverted, respectively, to po~itive ~iqnal~ ~nd pa~ed via the O~ circult 484 to the SET LMK line. ~eferr~nq now to the OR

1124~312 . , 1 lnYert circuit 564 in Fig. 26g4, the posit~ve signal on the 2 SET LMK line ~g applied to render the OR ~.n~ert clrcuit 564 3 effective to apply a ne~ative signal to se~ the L~K latch 4 566 producing a po~itlve ~ignal on the LMK line and a nogatlYe ~lgnal on the -hMK line. Referring now to the AND invert 6 circuit 368 in Fig. 26c2, the negative ~i~nal on th~ -LMK
7 line is applied to decondit~on the AN~ invert circuit 368 ~ whlch, ln turn, maintains ~ positive s~gnal at one input of 9 th- AND invert circuit~ 370 and 374 90 lon~ as the LM~ latch 566 remains set i.Q. while the MK memory i~ being read out.
11 Referr~ng now to the XEY VAR 1 CTR~ latch 513 in Fig.
12 26e5, if the order code is a EMRl order code, then the 13 negatlve signal on the -E.~Kl DEC line is appl~ed via the OR
14 clrcuits 51} to set th~ KEY vA~ 1 CT~L ~a~ch 513 which, in being ~et applies a po~itive signal to the VARIANT 1 line 16 and via the OR circult 518 to the VARIANT 1/3 line. Ref~rring 17 now to ~lg. 26~1, the positive ~ignals on the VARIANT lJ3 18 and VARIANT 1 lines are applted to the ex~lu~lve OR circuit-19 704A and 704B which are u~ed to invert b~tE 0 and 2 of each byte read out of MX memory 700 there~y providing 21 fir8t var~ant of the master key for tran~fer to the crypto 22 e~gines. On the other hand, if the order code i~ a EMK2 2~ order code, then the ne~ative signa~ on ths -EN~2 DEC line 24 ~ appl~d ~ia the 512 to set the K~Y YA~ 2 CT~L }atch 5~4 which, in be~Dg set, applie~ a positive signal to the VARIANT 2 26 ~ine and via the OR clrcuit 521 to the VA~lANT 2/3 l~ne.
27 ~eferring now to F~g. 26cl, the positive ~iqnal~ on the 28 V~R~A~T 2 and VARIANT 2/3 l$nes are applied ~o the exclus~v~
2~ OR c~rcu~t~ 704C ~nd 704D whlch are used to lnYert bits 4 30 and 6 of each byte read out of MK mernory 700 thereby providin~

~tI977009 -lB0-B~:

1 a second variant of the master key for tr~n~fer to the 2 crypto engines.
3 Referring now to Fig. 26c2, positive ~ignals are malntalned 4 at the input~ of the AND circuit 380 to the~eby render it S effective to apply and maintain a positive Qignal on the 6 -W ENA~LE line. The AND invert circuit 370 and 374 are 7 ~lternately rendered effective ~y ~3L and 01L clock pul~e~, 8 respectively; the AND invert circu~t 37~ controlling the 9 AN~ in~ert circuit 376 and inverter 378 to produce successlve neqatlve s~gnals on the -M ENABLE line which in combin~tlon 11 wlth the positive signal on the -W ENA~LE llne ~llows 12 ~ucces~ive reading of the ~K memory 700 whlie the ~ND inver~
13 circuit 374 controlling the AND invert circuit 376 and inverter 14 38B in Fig. 26d2 to produce succes-~$ve po~ tiYe ~ignals on the STEP CTR line for successively st~ppin~ the addres~
16 counter 390 to address succe3sive location~ on the '~X momory 17 700. Succe~ive pa~rR of half ~ytes read out of the ~X memory 18 700 in Fig. 26el are shifted into the shift register~ 702 19 to provide successive by~es of the master k~y for the crypto engines. If the encipher ma~ter key order belng 21 performed i9 E!~R~, ~he ~ucce~sive bytes of the ma~t~r key 22 are tran~ferred ln unmodified form to the c,~pto cngines 23 wh~reas ~f the encipher master key order bsing performod 1J
24 EMKl, then bits 0 and 2 of each byte are lnverted ~y ~he exc}usive O~ circuits 704A and 704~ to effeetively prov~de a 26 flr~t variant of the ma~ter ~ey for tran~f~r to the cry~to 27 onqine~ and ~f the encipher ma~tor ~ey order belng performod 28 i~ ~MK2, then bits 4 and 6 of each byte are ~nverted by the 29 exclu~iv~ OR circu~t~ 704C and 704D to effectively provido a ~ocond var~ant of the ma~ter key for transfer to the crypto ~1~

1 enqines.
2 Referring now to the AND invert circui~ 568 in F$g.
3 26g4 a ~1 D~L clock pulse in combination wi~h positlve 4 8~9n~1s on the Cl, -STEP CTR and L~K lines are applied to S render the AND invert circuit 568 effective to produce a 6 negative signal ~o set the r~Dx latch S70 whlch, in being 7 set, initiates production of the po8~ t~ve aiqnals on the SR, 8 LDK and LDK control lines for the crypto eng~nes, in a 9 manner previously descrlbed in detail in c02meation wLth the DEC~ or~er operation. Xeferring now to the crypto engine in 11 Pig. 26gl, the successive positive ~ignals on the LD~ line 12 are applied to succes~ively condition the AND circult 807 to 13 permit a parity check to be made of each ~te loaded lnto 14 the key registers for parity errors. The successlv~ posit~ve sign~ls on the SR, LD~ and LDK line~ are applled as control 16 lnputs to the key register~ UKR 350 and LXh 4~0 to shift th~
17 key registers and allow quccessive bytes to be loaded lnto 18 the ~ey xegisters.
19 Referrlng nGw to Fig. 26b2, at TD time, while the key regi~ters ~re being loaded, a positive slgnal i8 applled vla 21 the SYNCH TD line to render the AND c$rcuit 270, cond~t~oncd 22 by the po~itive signal on the WR DSD order l~ne, effectlve 23 to prov~de a po~itive ~ignal on the W~ ORD TI~ llne.
24 ~eferring now to Fig. 26b2', the po~itive s~qnaL on the WR ORD TT.~E line is appl~ed to the invert~r 322 where it 1 26 in~erted to a negative signal on the -W~ O~D ~IME line and 27 applied to reset the EMK latch 346 in F1g. ~6c3' and the 28 SPEC ENC latch 494 in Fig. 26dS. Referri~g now to Fig.
29 26b2', the posit~ve ~gnal on the WR ~D TIME line i~
applied to the remaining input of the ~N~ invert circ~its ~124~2 1 344, 345 and 353 to render one of them effect$ve, depending upon 2 whether the E~ Xl or ~IK2 order oper~tion is being performod, 3 to produce a signal on the -SET EMK~ line, the -SET EMRl 4 line or the -SE~ ~X2 line, respectively, ;o decondition th~
AND circuit 345 cau~ing a negative ~ignal to be appli~d to 6 set the EMK latch 346 which, in being 8et, applles a positl~e 7 signal to the E!~ line. Referring now to Fig. 26d5, the 8 posltive signal on the E.YX line i9 applied tO the OR invert 9 circuit 490 where it i~ inverted to a negatlve signal to s~t the SPEC ENC latch 494 which, in ~eing ~et. applle~ a po~ltlvo 11 ~ignal to the SP ENC line and a negative s1gnal to the -SP
12 ENC line. Referr~ng now to Fig. 26~3, the I~o~itive signal 13 on th~ SP ENC line is applied via the OR clrcuit 522 to 14 con~ltion the AND c~rcuit 536 and 53B ~n Plg. 26g3 and via the inverter 546 to apply ~ negative ~gnal to th~ DEC llne 16 to deconditlon the AND invert circuit~ 548 and 560.
17 Reforring now to Eig. 26d2, after the 8th ~yte i~
18 loaded into the key registers, the addres~ e:ounter 390 stsp~
19 from an ~ddress count of 15 back to an addsess count of 0 (count of 16) cau~ing a positive signal to be producea on 21 the -C8 line which i8 applied to cond~tion ths AND invsrt 22 circuit 402 and to render the AND circuit ~06, conditioned 23 by the posi~ive 3ignal output ~y the 16 STEP latch 404, 24 effectl~e tQ produce a positive signal whla~ nverted ~y inverter 408 to a negatlve ~lgnal on the -16 STEP llns.
26 Referring now to ~ig. 26g4, the negat~ve ~ignal on the -16 27 STEP line 1~ ~pplied to reset the LMK l~tch 566 which, in 28 ~elng r~et, applies a negati~e slgna~ to ~h~ LMR line and a 29 posi~ive siyna~ to the -L~IK line. The negstive slg~l on the L~K ~in~ decondition~ the Au~D in~ert circuit 568 to 1~2~

1 inhibit further production of the shifting con~rol sign~ls 2 SR, LDR and LDK for the key registers of the crypto englnes.
3 Referring now to ~ig. 26c2, the posit~ve ~ignal on the -LM~
4 line i8 applied to render the ~ND invert circult 368 effect~ve S to apply a negative signal to decond~tion the AND Lnvert 6 clrcuits 3?0 and 374 to ~nhibit further re~-~lng of th~ M~
7 m~mory 700 and stepping of the address counter 390.
8 A~ter loaatng the key register~ of the crypto eng~nas, 9 a Reries of 8 PIOW commands are received with the data fields associated with the commands consti:utinq the op~ratlonal 11 ~ey or the secondary key to be enciphered, being written into 12 tho buffer registers of the crypto eng~nes. The writing 13 operat~on of the operatlonal key or the secondary key into 14 the buffer registers of the crypto engine~ ~y a series of 8 PIOW commanas ~s sim$1ar to the writing ope~ation described 16 in detall in DEC order operation i.e. an i,lpUt cycle is 17 initiated, the byte counter 448 i8 conditioned to count each 18 PIOW data command received and the operational k~y or 19 secondary key is written, a byte at a time, per PIOW dnta commana, into the buffer register~ UBR 1~0 ~nd LBR 150.
21 After the 8th byte of the operational ~ey or the secondary 22 key has ~een written into the buffer regls~;ers, then, at ~4 23 t~me of tha~ clock cycle, the byte counter 44B 8tep8 ~rom a 24 count of 7 ~ack ~o a count of O causing a n~gative s~gn~l to ke produced to set the C~UNT 8 latch 45~ wh~ch, in belng set 26 applies a negati~e signal to the -CT~ line. The nega~ive 27 s~gnal on ~he -CT~ ~ine is applied to resat the ~PUT CYCLE
28 latch 4S4 in Fig. 26e3 thereby ending the .lnput cycle.
29 Referrlng now to Fig. 26d3, the INPUT CYCLE latch 454, in being reset, applies a positive slgnal on t~e -IN CYCLE

~I977~09 -~4-~12~2 1 line which, in combination with the po~tiv~ nal on the 2 -OUT CYCLE line, renders the AND invert clrcuit 410 effectiv~
3 to apply ~ nega~ive slgnal to reset the COUNT 8 latch 450 in 4 Fig. 26d4 ~nd is inverted by inverter 412 to a po~ltive signal to set the BLOCK COUNT fl~p flop 41i producing a 6 positive ~lgna~ on the -~LR0 line and a n~gative s~qnal on 7 the -BLKl line.
8 ~eferring now to Fig. 26f3, at ~1 time of the next g cloc~ cycle, a ~1 DE~ clock pu~e in comblnation wlth poJltive signals on the -~N CYCLE line and ~rom the START IN
11 CYCLE END latch 530 render the AND ~nvert c~rcuit 532 effectl~e 12 to apply a negative ~ignal to ~et the IN CYCLE END latch 13 534, whlch, in being set, applies a po~itive i~nal to the 14 IN CYCLE END l~ne. ~eferr~ng now to Fig. 26f4, th~ positlvo ~ignal on the IN CY~L~ END line i~ applied ~o the inverter 16 622 where it i8 ~nverted to a negative ~ignal to d~condltlon 17 the A~D c~rcuit 626 which, in turn, causes a n~gatlve signal 18 to be applied to set the START EB latch 628 and to the AND
19 inverter 638 in Fig. 26g4 wher~ it i~ inverted to a posltive signal and applied to render the OR lnvert ~ircuit 640 21 effective to apply negative signal~ via the -ELR and -LDR
22 llne~ to one input of the ~R invert circuit~ 642 and 644.
23 ~eerring now to Fi~. 26g3, the po~tlve ~lgnal on the 24 I~ CYCLE END line ~n ~om~nation w~th the pos$ti~e signal on the ~C line are applied to render the AND c~rcu~t 538 26 effective to apply a po~ltive signal to the OR $nvsrt circuit 27 540 whlch, in turn, appl~e~ a negative 8ign~1 via the -S~
28 line to one input of ~he OR invert circult 544. Referr~ng 29 now ~o Fi~s. 26g3 and 26g4, at ~2 time, a -C clock pulse la applied to ~he other inpu~s of the O~ ~n~ert circuits 544, 1~2-~12 1 642 and 644 to decondltion them causing pos~tive s~gnals to 2 be appl~ed via the SL, ELR and LDR line~, lespectively, to 3 the control signal cable connected to the crypto engines.
4 ~he positive signal on the SL line initiate~ production of the L~K control signal and the poYitive signal on the LD~
6 line is ~pplie~ to initiate production of the ~D~ control 7 8 tgnal both of which are applied via the control signal 8 cable to the crypto engine~. referring no~ to the crypto 9 engine in Fig. 26gl, the control signals LDR and LDR are effoctive fGr caus~ng the operational key or the secondary 11 key stored in the buffer registers U~R 1~0 ~nd LBR 150 to bo 12 trans~erred and loaded ~nto the data reqis~ers UDR 200 and 13 LDR 2S0 in preparation for the encipher function. The 14 control signals on the SL and ~K lines ar~ applled to the key registers causing the contents thereof to be shifted one 16 position to the left as a pre-shift operation pr1Or to the 17 enctpher operati~n.
18 Referring now to Figs. 26e3 and 26f3, at ~4 t~me, a ~4 19 cloc~ pul~e in combination with the positiv~ 5t gnal on the 20 IN CYCL~ END line are applied to render tho AND invert 21 circuit 528 effect~e to apply a negative signal to re~et 22 the S~ART I~ CYCLE END latch 530. At ~ time of tho n~xt 23 cloc~ cycle, a ~ clock pu~se is applie~ to re~et ~N
2~ CYCLE END latch 534 causing a nega~ive signal to be produced on the I~ CYCL~ ~ND line. Referring now to ~$g. 26f4, the 2Ç negattve signal on the IN CYC~E E~D line is applied t~
27 the inverter 622 where it is $n~erted to a postt1ve signal 28 and appl$ed to render the A~D circuit 626 effective to proauce 29 a positive s~gnal which, in turn, renders ~e ~D ln~rt circuit 630, conditic~ned ~y the positive s~gnal ~rom the KI977009 -~8~-~ 81~

1 START EB latch 628, effective to apply a negative ~ignal to 2 set the EB latch 632 indicating the start of the erypto 3 operat$on. The ~B latch 632, in be$ng set, applie~ a posltlve 4 signal to the EB line and a neqative signal to the -EB line.
S Referrlng to Flgs. 26d2 and 26c2, a po~itiv~ signal on the 6 EB l$ne is applied to condition the addres~ decoder AND
7 invert elreuit 398 and to condition the ER flip flop 384 to 8 permit stepping of the round counter 390. Referrin~ now to 9 Fig. 26f4, the negative signal on the -~B lJ~ne is applled to set the START ER END latch 612 and referr~ng to Fig. 26e5, 11 if the Et~Kl order operation i8 ~eing performed, to reset the 12 KEY VAR 1 CTRL latch 5~3 or if the EN~2 operation is b~ing 13 performed, to re~et the KEY VAR 2 C~L }at~h 514.
14 The eneipher funetion operation i~ s$~ilar to that pr~v$ously descri~ed ~n deta~l in connectiot with the ene~ph~r 16 order operation and ean generally he followed by referring to the tlming diagram of P$gs. 3~a-33c. ~s~lerally, the 18 ene$pher funetion is performed by repeat$ng a produet olpher 19 funetion for 16 rounds. During eaeh round, the eontents of the upper data register U~R 200 i9 eneiphered under aontrol 21 of the eontents of the key register UK~ 350 and LKR 400, 22 which may contain the master key or a vari~nt of the master 23 key, depend~ng upon whether the Ei~K~, E~ r EMK2 order operatlo~
24 is ~eing performed, w$th the re~ults being added to the contents of the lower data register LDR 25~ by the mod~o-2 26 adders 65~-664. At the end of each round, the outputs 27 of the modulo-2 adder~ are parallel tran~fe:..red to the upper 28 data register UDR 200 while the contents of the upper data 29 regi~ter UD~ 200 are parallel tran~ferred to the lower data 30 re~ister L~}~ 250 to form ~he arguments for the next round ~I977009 -187-81~

1 and the key regiQter~ axe shifted by the control signal on 2 the SL line ln accordance with the key shift schedule shown.
3 As a result of the single pre-shift signal ~n the SL lin-4 and the 27 additional signals on the SL line during the encipher operation, the key registers shift left exactly 28 6 times to return the ma~ter key or the variant of the mastQr 7 key back to the initial home position ln the key reg~stsr.
8 At the end of the encipher function, half of the enciphered 9 operational or seconaary key is a~ailable at the output of the upper data register UDR 200 and the otner half i~
11 avallable at the outputs of the cipher functlon circ~its.
12 Pollowing the encipher operation, a se~ies of 8 PIO~
13 data commands are received for reading the encipherea 14 operational or ~econdary key. ~he first such command initiates an output cycle which i8 performe~ in a similar 16 manner to that described in detail ~n conn~ctlon with the 17 encipher ordar operation. In general terms, dur~ng the 18 executlon of the PIOR data command, while t~e block oount ir 19 at a count of one, the enciphered operation~l or secondary ~ey is parallel tran~ferred from the upper data register and 21 the output~ of the cipher function circuit~ to the buffer 22 register~ where it i~ then a~a~lable for r~ading, a byte at 23 a time. At the beginning o~ the execution of the first PIOR
24 data command, a ne~ative ~ignal is applied on the O~T CYCLE
START ~ine to reset the EMK latch 346 ~n Pig. 26c3' and ~t 26 the end of the exec~tion of each PTOR command, the buffer 27 re~i~ters are shifted one position to present the next byte 28 of the enciphered operational or secondary key f~r read~n~.
29 At the 8th count of ~he byte counter, the output cycle e~d~
and the bloçk counter i9 reset to end the o~eration.

~2~
1, REENCIP~ FROM MAS~E~ KE:Y (~R) ORDER OPE~ATIO~
2 The function of this operation i~ to reenclpher ~n 3 oper~tional key enciphered under a host master key 4 to the operational key ~nciphered under a Yecondary key S which i~ itself enciphered under a variant of the ho~t 6 ma~ter key.
7 Dur~ng command time of this operation, when the ord~r 8 code specifying a RF~ order is decoded, a load master key 9 ~LMX) latch and a key variant l latch are set and a ~p~cial encipher (SP ~C) latch is reset. With th~ ~MX latch ~et, 11 the contents of the ~K memory i~ caused to be ro~d out for 12 tran~fer to the crypto engine~ and with the key variant 1 13 latch set esch byte of the master key trans~erred i~ modlfl-d 14 to provide a variant ~'~l) of the ma~ter ~ey (~H~).
lS The variant of the master key i9 parity che~ked, a byte at -16 time, and loaded a~ a working key into the k~y register~ o 17 th- crypto engine~ During ~ynch TD t~me of this oper~tion, 18 8 RF~K latch i8 ~et cau~ing a ~ey order (K ORD) signal to be 19 produced indicating that a ~ey order operation i~ ~o be performed and an enc~pher (ENC) latch i~ r~et causlng th~
21 processing mode to be set for a decipher (D~C) operat~on.
22 After ~he 8th byt~ i~ loaded into the key ~egi~ter~, the LMS
23 latch i8 reset to terminate further MK me~ory r ad out. A
24 series of a PIOW data com~ands is then rece~Yed wi~h the data fields assoc~ated with the commands, con~t~tutlng a 26 seco~dary key enciphered under the same variant of the host 27 ma~ter ~ey ~tored in the key regi~ter~ be~ng lo~ed ~nto 2a ~he buffer r~gisters of the crypto en~ines. Th~ first such 29 command ~nitiate~ a ~irst input cycle and a ~yte count~r 3~ count~ each ~uch command received. After the 8 PI~W comm~nd-1 have been received and the 8th byte written into the buffer 2 reglsters, then, at the 8th count, the input cycle ends, the 3 enciphered secondary key i~ transferred from the buffer 4 registers to the data registers of the cryFto enqines, a S block counter i8 set, the crypto engines start a decipher 6 operation, indicatè~ ~y the generat~on of an en~ine busy 7 signal, and the key variant 1 latch i~ reset. ~ur~ng tho 8 dec~pher operation the secondary key enc~phered under the 9 var~ant of the host master ~ey in ~he data registers of the crypto engines i8 deciphered under control of the ~ame 11 var~ant of the h~st master key in the key reg~sters of the 12 crypto engines to obtain the seconaary key in clear form.
13 At the end of the decipher operation, half of the sacondary 14 key, now in c~ear form, is available at the outputs of th~
upper data register UDR and the other half i8 a~ailable at 16 the output~ of the cipher function circuit~. Add~tional~y, 17 at the end of the decipher operat~on, a sp-cial key operstlon 18 ~SP KEY OP) latch ~s set.
19 A second series of 8 PIOW data command~ i~ then rocelv~d with the data fields associated w~th the commanda, con~titutlng 21 the operztion~l key enciphered under the host master key, 22 being loaded into the buffer register~ of ;~hQ crypto englne~.
23 The first such command received initiate~ ~ ~econd ~nput 24 cycle and the byte counter again counts each 3uch commana received. A~ter the 8 PIOW co~anas have been rQce~ved and 26 the 8th ~yte written into ~he buffer rey~ster~, then, at the 27 8th co~nt, the second input cyc1e ends, the block counter i~
28 re8et and the oper~tional key enciphered under the ho~t 29 master key is transferred from the buffer regls~ers to the data reqisters of the crypto engine~ while, at the same 11~2 , 1 t~me, the secondary key, in clear form, is transferred from 2 the output~ of the upper data regi~ter and the output~ of 3 the clpher ~unction circults to the buffer regist~rs.
4 Follow~ng the end of this ~econd input cycle, the L~ latch 5 ls again set and the host master key conten~Q of M~ memory 6 (~MH~) ls caused to be read out for tra~sfer to the crypto 7 engines. The host master key is parity checked, a byte at a 8 time, and loaded as the worklng key into tha key registers 9 of the crypto enqines. After the 8th byte is loaded into the key register~, the ~K latch is reset to terminate 11 further MR memory read out and the crypto engines then ~tart 12 a 8econd decipher operation, indicated by the EB ~ignal, to 13 decipher the operstional key enciphered un~er the host ma~ter 14 key in the data register4 of the crypto engines under control ~5 of the ho~t master key in the key registers of the crypto 16 englnes to obtain the operational key in clear for~. At the 17 end of ~he second dec$pher operation, half of th~ opsr~tlon~l 18 key, now in clear form, i~ avail~ble at the outputs of the 19 upper data reg$~ter UDR and the other half ~ a~ailable at the outputs of the c~pher function circuits. Additionally, 21 at the end of the second decipher operat$on, w$th the RFMX
22 and SP X OP latches set, a fir~t output cycle is lnitiated, 23 at the ~tart of wh$ch, the special enc~phQr ~SP E~C) }atch ls 24 set causing the processing mo~e to now be qet for an enciphor (ENC~ operat~on. Additionally, at the ~tart of the output 26 cycle, an end of round 16 (E~16) ~igna} i~ produced to causo 27 the ha}f of the operational key at the outputs of the c$pher 2B function circuits to ~e transferred to the lower data regi~t~r 29 ~R 30 that the full operational key in clear form ~8 now stor~d ~n the co~blned upper and lower data regis~er~ of the KI977nog -191--~2481~:

1 crypto engines. During the first output cy:le, the buffer 2 registers and the key registers are shifted in ~ynchronism, 3 once for each clock cycle, causing the secondary key, now 4 ~tor~d in the bu~fer registers, to be shifted into the key S reglsters, a ~yte at a time. ~ur~ng this ~ransfer, each 6 hyte is checked for a parity ~rror. The byte counter count~
7 clock cycles ana at the 8th count, the firs~ output cycle 8 end~, the block counter is again set and the ~IR latch i~
9 reset caus$n~ the ~ey order siqnal to be terminated.
Durlng the fir-~t clock cycle after the end of the ~rst 11 output cycle, the ~ey reqisters are pre-~h'fted one po6ition 12 in preparat~on ~or the encipher operat~on. At the end of 13 thls clock cycle, the crypto engine~ then s~art the ~pecial 14 enclpher operation, indicated by the generation of the EB
signaI, and the E~ signal togcther with the SP E~C latch stlll 16 bclng set cause the SP K OP latch to be res~ signalin~ the 17 ~nd of the special key operat~on. ~ur~ng the ~pec~al 18 enclpher operation, the operational key, presently in the 19 data register~, i8 enciphered under contr~l of the ~econdary key, presently in the key re~isters, to obt~in the operational 21 ~ey encipherea u~der the secondary key. At the ena of the 22 ~pecial encipher operation, half of the operational ~ey 23 enciphered under the secondary key is a~aiiable at the output~
24 of the upper data regi~ter and the other half is available at the outputs of the cipher function circults.
26 ~ series of 8 PIOR data co~nands is no^~ recei~ed for 27 reading the enciphered operat~onal key. T~e first ~uch 28 command initiates a second output cycle an~ the byte counter 29 counts each such command received. ~uring the execution of the first PIOP~ data command, while the bl~ck count is at a KIs7700s 9-112~812 1 count of 1, the enciphered operational key is parallel 2 tran~ferred from the outputs of the upper data regi~ter and 3 the outputs of the ciph~r function circuits to the b~ffer 4 register~ where it i~ then available for rsading, a ~yte at S a time. ~t the e~d of the execution of ea~h PIOR command, 6 the buffer regi~ters are shifted one po~ition to present the 7 next byte of the enciph~red operational key for reading. ~t 8 the 8th count of the byte counter, the ~e~ond output cycle 9 end~ and the block counter is reset to end the RF~ operation.
A more deta~led description of the RF.~K order operation 11 will now ~e given in conjunction with the timing dlagram~
12 of F~gs. 34a-34g. ~fter addres~ selection at TA time and 13 loading the command byte into the command register at TC
14 time, the c~land code is decoded ~y the ~ND invert circult 266 ~n Fig. 26b2 to produce a negat~ve signal which i-~
16 inverted ~y inverter 268 to a po~it~ve sig~lal on the WR DSD
17 O~D~R line thereby indicating the presence of a W~ DSD ORDER
18 com~and. At t~le same time, the order code is decoded by the 19 AND invert circuit 324 to apply a negative signal via the -~J~ DEC line to the inverter 326 where it is inverted to a 21 positive ~ignal and applied to one input of the AND invert 22 circuit 328. ~eferring now to the inverte~ 478 in ~ig.
23 26d5, the negative signal on the -XF~ DEC line is inverted 24 to a positive signal and pas~ed via the OR circuit 4~4 to the SET L.;~ line. P~eferring now to the o~ invert c~rcuit 26 564 in Fig. 26g4, the positive signal on the SET LMK line i8 27 applied to render the OP. invert circuit 564 effective to 2~ apply a negative ~ignal to ~et rhe L~IK latch 566 producing a 29 pos~tive ~ignal on the LffK linQ and a negat~ve ~ignal on t~e ~ K line. Referring now to the ~ND invert circuit 368 1~24~Z~

1 in Fi~. 26c2, the negative signal on the -LtI~ line is appli~d 2 to decondition the A~D invert circuit 368 ~hich, in turn, 3 maintain3 a positive signal at one input of the AN~ invert 4 circuits 370 and 374 so long as the L~ latch 566 remains S ~et l.e. while the !-IK memory is being read out. ~eferring 6 now to the KEY VAR 1 CTRL latch 513 in ~i~. 26e5, th~ negatlvo 7 signal on the -~F~X DEC line is applied to .~et the KEY VAR 1 8 CTRL latch 513 which, $n he~ng s~t, applie~ a posit~ve 9 signal to the VARIANT 1 line and via the OR circuit 518 to the VARI~T 1/3 line. r~eferring now to ~i~. 26el, the 11 positi~e signals on the ~ARIANT 1/3 and ~7ARIA~T 1 l~nes 12 are applied to the exclusi~e OR circuits ?04~ and 704~ which 13 are used to invert ~it~ ~ and 2 of each byte read out of th~
14 .~ memory 700 there~y providing a ~ariant of the master key for transfer to the crypto engine~. The h~lance of the 16 oper~tion for loading the variant of the m~ter key into 17 the key registers o~ the crypto engine can ~e follow~d from 18 the ti~ing diagrams of Fig~. 34a-34g and is slmilar to that 19 described in detail ln connection with the n~cK order operation which may be referred to for such deta~l.
21 Referring now to Fig. 26b2, at ~D time, while the 22 variant of the master ~ey i~ being ioaded ~nto the key 23 regi5ter5, a po~itive 5ignal is appl~ed via the ~Y~C~ ~D
24 line to render the A~.~D circ~it 270, conditioned by the po~itive signa} on the W~ DSD O~DER line, a~fecti~e to 26 provide a po~iti~e si~nal on the ',~R OP~D TIri~ line. Referrlng 27 now to Fi~. 26~2', the positive signal on _he ~R ORD TIME
28 line is applied to the inverter 322 where it ig inverted to 29 a negative signal on the -~7R ORD TI15E line to re3et I~F~
latch 33~ in F~g. 26c3' and the ~PEC ~NC la~c]~ 494 in Fig.

~I9770~9 194-1~2-~812 1 26d5. Re~erring now to rig. 2fib2', the positi~e si~nal on 2 the W~ O~D TI~ line is applied to the remaining lnput of 3 the ANn ~n~ert circult 328 to render it effective to produc~
4 a negative signal on the -SCT RF.~ line which is applled to ~et the RF~IK latch 330 which, in belng set, applies a 6 positive signal to the RF,'~R line and a neg~tive signal to 7 the -~F~ line. ~!eferring now to ri~. 2~c4, the negative 8 slgnal on the RF~ line is applied to decondition the AND
9 invert circ~it 298 causing a positive signal to be appl~ed to the K ~RD line and v~a the inverter 30~ to a negat~ve 11 ~ignal on the -K ORD line. The negative si~nal on the -~12 ORD line is applied to reset the ~C latch 312, which, in l3 ~elng reset, applies a negative signal to the E~C line.
14 ~eferring now to ~ig. 26g3, the negative signal on the ~NC
line is applied to decondition the AND circuit~ 536 and 538 16 and via the lnverter 546 appl~es a positite si~nal to the 17 DEC line to condition the AW~ invert circuits 548 and 560 18 for a dec~pher operation. J~ef~rring now t~ Fig. 26q4, after 19 the 8th byte of the variant of the master ~ey is loaded into the key regi.ster~, a ne~ative signal on the -16 STEP line i~
21 applied to reset the L~ latch 566 to termi~ate further MX
22 memory read ou~.
23 The next operation to be performed is to write the 24 secondary key enciphered under ~he same variant of the host ma~tex key into the buffer registers of t~e crypto engines.
26 This writing operation can be followed from the tim~ng 27 diagrams of Figs. 34a-34g and is similar to the writing 2B operation described in detail in the I~EC~ order operation.
29 In general tenns, a series of 8 PIOW data commands i~
rece~ved with the data fields associate~ wi~h the commands, ~r~77~na ~n~;

l~Z~81Z , 1 constituting the secondary key enciphered under the ~ame 2 varlant a~ the host ma~ter key stored in the key regi~ters, 3 being loaded into the buffer registers,of ~he crypto enqine-.
4 The f~r~t such command in~tiates a first input cycle and the byte counter 448, in F$g. 26d4, counts each 9UCh co~mand 6 received. After the 8 PIOW command3 have been received and 7 the 8th byte written into the buffer regi~ters, then, at tho 8 8th count, the input cycle ends, the BLOCK COUNT flip flop 9 414, in Fig. 26d3, is set, the enciphered secondary ~ey iB
transferred from the buffer registQrs to the data regi~t-rJ
11 of the crypto engine~ and the crypto engtne~ then start a 12 decipher operation, indicated by the generation of an engtn 13 bu~y ~B ~ignal, to decipher the secondary key enc~phered under 14 th- variant of th~ ho~t master key in the data re~ister~ of lS the crypto enqines under control of the va~~ant of the host 16 ma~ter key in the key register~ of the cry~to engine~ to 17 obtaln the secondary key in clear form. ~eferring to Fiq.
18 26eS, additionally, at the ~tart of the decipher operation 19 negative signal on the -~ line i~ applied to reset XEY YAa 1 C~R~ latch 513 which, in being reset, a~plieR a negative 21 slgnal to the VARIANT ~ ~ine and via the oa circu$t 518 to 22 negative ~i~nal on the vARIANT }/3 line, ~oth of wh~ch are 23 effective to decondition the exclusive OR c'.rcu~ts 704A and 24 704B ~n PLg. 26el, re~pecti~ely, so that a ~ubsequeRt tran~fer of the ma~ter ~ey from the ~K mem~ry to the crypto 26 engine~ will ~e in ~nmodif$ed form. At the end of the 27 decipher operati~n, half of the secondary key, now in clear 28 form, 1~ avails~le at the output~ of the upp~r data register 29 and th~ other half i~ aval}able at the OUtplt~ of the c~pher function c~rcu~ts. Referring now to ~ig. 26d5, at the end K~9770~9 -196-llZ~812 1 of the decipher operation, a positive signal is applied to 2 the EB END line which is applied, in com~inat~on with po~lt~ve 3 signals or. the .~F~K and -SP ENC lines, to render the AND
4 circuit 480 effective for one clock cycle, ~t the end of which, the po~itive signal on the ~B E~D l~ne i8 terminated 6 with a negative signal being applied to decondltion the AND
7 circuit 480 causing a negative s~gnal to be applied via OR
8 circuit 500 to turn on the SPEC KEY OP latch 504 in Pig. 26e5 9 to slgnal a special ~ey operation.
~he next operatlon to be performed is to wr~te the 11 operational key enciphered under the host m~ster key into 12 the buffer registers of the crypto engines. This operation 13 can also be followed from the timing d~agrams of ~lgs. 34a-34g 14 ana i8 ~imilar to the write operatlon de~c~ibed in detail ~n the DECK order operation. In general tsrms, a series of 16 8 PIOW data com~ands i8 received with the data flelds assoclated 17 with the co~mand, constltuting the operational key enciphered 18 under the host master key be~ng loaded into the buffer 19 regi~ters of the crypto en~ines. The fir~t ~uch command initiates a second input cycle and the ~yte counter 448 21 a~ain counts each such command received. After the 8 P~OW
22 commands have been received and the 8th ~yte wr~tten into 23 the buffer reglqter6, then, at the 8th coun~., the input 24 cycle ends, the B~O~K COUNT flip flop 414 ~n ~ig. 26d3 ~8 reset an~ th~ operational key enc~phered under the ho~t 26 master ~ey is transferred from the ~uffer ragisters to the 27 data registers of the crypto engine~ ~y th~ control signal~
28 LDR and ~D~ in ~ig. 26gl while at the same time, the seconaary 29 key in clear form is tran~ferred from the output~ of the upper data register UD~ 200 and the output~ of the modulo-2 ~I977009 -197-1 adders 650-664 to the buffer registers UBR 100 and LBR 150 2 ~y the control ~ignals EL~ and LIB a~ shown in Fig. 26gl.
3 Referring now to the ~D circuit 475 in Fig. 26d5, at 4 the end of the input cycle, a positive sigr.al is applied to S the I~ CYCLE ~N~ line which in combination with positive 6 ~ignals on the ~F~K and SP R OP lines render the AND circu$t 7 47S effective to apply a positive signal via the O~ circuit 8 484 to the S~T L~ l$ne. Referring now to Fig. 26g4, tho 9 positivQ slgnal on the SET ~ line i8 app~ied to render the OR invert circuit 564 effective to apply a negative signal 11 to set the ~K latch 566 which, in being set, initiaees the 12 operation fcr reading the contents of the ~K memory 700 for 13 tranafer in unmodified form to the crypto eng~nes. Referrlng 14 now to Fig. 2~gl, successive control signals LDK and LDK
permit the master key to be loaded, a byte at a time, as tho 16 work$ng ~ey into the ~ey registers of the ~ypto en~ines.
17 Add$tionally, the successive control slgnals LDK success$vely 18 condit$on the AND circuit 807, to perm$t a parity check to 19 be made of each byte loaded into the key ~egister~.
Referring now to Flg. 26g4, after the 8th byte i-~
21 loa~ed lnto the key registers, a negative 3ignal on the -16 Z2 STEP line is appl~ed to reset the LMR lat~h 566 which, in 23 being reset, terminates further MK mernory readout. Addit~onally, 24 referring to the Pu~D invert circuit 621 in Plg. 26f4, a positivo 25 ~gna} on the 16 S~P line together w~th po3itive signal~ on 26 the -SP ~ C, P~MK and SP K OP lines are applied to render 27 the 2~D invert circuit 621 effective to apply a negative ~ignal 28 to decondition the AND circuit 626 which, in turn, ~pplies a 29 negative signal to set the STA~T EB latch 628. At the end of the positive slqnal on the 16 STEP line, the AN~ invert XI~77009 -198-~12~8'12 1 circuit 621 is deconditionea causing a posi tive signal to 2 be applied to ren~er the A~ circuit 626 effective to apply 3 a positive ~ignal to one input of the .~ lnvert circuit 4 ~30. l~ccordingly, with the STA!?~r E~ latch now set, a S positive signal is applied to the other input of the P~lD
6 invert circuit 63~ to ren~er the i~N~ invert circuit 630 7 effective to apply a ne~ativ~ signal to set the E8 latch 632 8 producing a positive signal on the ~ line and a negati~e 9 signal on the ~F,B line indicating t~e start of the second decipher operation. ,~ second decipher opera.tion i8 then 11 perfonned to decipher the operational key enciphered under 12 the host master key in the data registers of the crypto 13 engines under control of the host master key in the key 14 regi~ter~ of the crypto engines to obtain ~.he operational key in clear for~. .'eferring now to ~ig. 2~gl, at ~he end 16 of ttle second decip~er operation, half of the operational 17 key, now in clear ~orm, is avail~ble at tl~e outputs of the 18 upper data re~3ister ~jDR 200 and the other half is available 19 at t'.le outputs of the modulo-2 adder~ 65~-664.
Referring now to Fig. 26f4, at ~4 tims, a ~4 clock 21 pulse i~ combination with positive signals on the Cl and 14, 22 15 line9 are applied to render the A~D invert circuit 624 2~ effective to ap~ly a negative signal to reset the STA~T ~B
24 latch 628 and the ~ latch 632 which, in bein~ reset, applL~s a negative siqnal on the ~B lin~ and a positive ~ignal on 26 -E~ line. At ~1 tirne ~ the nex~ cloc~ cyele, a ~1 D~L
2 7 clock pulse in combination with the posi~ive signal on 28 the -EB line and the positive signal ~rom the START EB END
29 latch 612 are applie~ to render the .~ND invert circuit 614 effective to ap~ly a negative signal to S2t the ~B ~ND latch 1~4812 1 616 which, in ,~eing set, applies a p~sitiv~ signal to EB END
2 line an~ a negative signal to the ~ D line. Referring 3 naw to the ~ t) circuit 382 in Fig. 26c2, the negative signal 4 on the -E,B ~ line is applied to decon~ition the A.~D circuit 382 causing a negative signal to be appli~d to reset the 6 round counter 3g0 in ~ig. 2~<~2.
7 Referriny ~ow to the AND c~rcuit 508 in ~ig. 26e~, the 8 positive signal on the ~B ~.'~JD line in co~bination with the 9 positive signals on the RFffK and SP K OP lines are applled to rend~r t~e AMD circuit 50~ effective to apply a positive 11 signal on the INIT OUT CYC line. rrhe pos~tive signal on the 12 I~IT OUT CYC ~ine is applie~ to the ~R invert circuit 490 in 13 Fig. 26d5 where it is inverted to a negati ~e signal to set 14 the SP~C ~NC ~atch 494 ~hich, in heing set, appl~es a pos~tlve signal to the SP ~i~C line and a negative signal to -SP Er~c 16 line. .~eferring now to Figs. 26e3 and 2~g3, the positive 17 signal on the SP EIIC line is p~ssed via t~le OR circuit 522 18 to the ENC line where it is applied to condition the AND
19 circuits 536 and 538 for an encipher operation and is inverted to a negative signal on the ~C line via the inverter 546 to 21 decondition t~ D invert circuits S48 and 560 used during 22 a decipher operation. Referring now to ~ig. 26e3, the 23 positive ~iqnal on the Il`~IT OUT CYC line i9 also applied to 24 ti~e O~ invert circuit 45~ causin~ a negative signal to be applied to set the VUl'PV~ CYCL~ latch 464 ~hich, in heing 26 setJ applies a positive signal on tile OUT CYCLL ~ine and a 27 negative signal on t11e -OUT CYCLÆ }ine. ~eferring now to 28 ~ig. 26f~, the positive signal on the OU~ CYCLE tine in 29 com~ination wit~ the ~ EL clock pulse and the positiv~
30 signal from the set STAP.T Q~T CYCLE START latch 5S4 are KI9770n9 - '>00-li24~12 1 applied to ren~er the ~ND invert circuit 556 effective to 2 apply a negative signal to set the OUT CY~'LE START latch 558 3 which, in being set, applies a positive sisnal to the OUT
4 CYCLE START line and a negative signal to ~he -OUT CYCLE
STA~ line. ~eferring now tO Pig. 26e5, the positive signal 6 on the OU1~ CYCLE START line in combination ~ith the positive 7 signal3 on t~e SP X OP and ~F~; lines are applied to render 8 the A~.~V invert circuit effective to apply a negative signal 9 via the -E'~ 16 line to one input of the OR invert circuit 646 in Fig. 26S4. ~le positive signals on the OUT CYCLE
11 and K ORD line~ are applied to render the ~ND invert circult 12 ~98 effective to apply a negative signal to decond~tion the 13 ~D circuit 600 and via the -LDX line to ~econdition the AND
14 cixcuit 572 an~ to one input of the O~ invart circuit 604.
~he ~D circuit 600 in being deconditione~ applies a negative 16 ~ignal ~ia the -LIB line to one input of the OR invert 17 circuit 602 while the ~i~D circuit 572 in being deconditioned 18 applies a negative signal via tne -SR line to one input of 19 the ~R invert circuit 574. ~eferring now to ~ig. 26f3, th~
negativQ signal on the -~UT CYCLE line i9 app}ied to set the 21 START OUT CYCL~ E~D latch 580. I~eferring now to ~g. 26g4, 22 at 02 time, a -C clock pulse is applied ta the other input~
23 of the Ol~ invert circuits 602, 604, ~74 ar.d 646, cau~inq 24 them to ~e deconditione~ to apply positive 3ignals via the LIB, I.RB, SR and F~ 1~ lines to the control si~nal cable 26 connected to the crypta engines. ~he positive sign~ on the 27 LIB line is also applied to the O~ invert circuit 648 28 causing a negative signal, delayed ~y del~y circuit 650, to 29 be applied via the LIB line to the control signal cable.
~he po3itive si~nal on the SR line is also ~pplied to the OR

X~377009 -~31-i12~

1 inv~rt circuit 606 causin~ a ne~ative sign~l, delayed ~y the 2 delay circuit 60~, to be applied via the Lr~-~ line and the 3 positive signal on the ,;~ 16 line is appliea to the ~R
4 invert clrcuit 652 causing a negative sig~al, delayed by the dela~i~ circuit 554, to be applied via the LD~ line to the 6 control ~ignal cabl~ ferring now to the crypto engines 7 in Fig. 26gl, the control signal ~ 16 and ~ are applied 8 to the lower data re~ister L~ 25~ causins ~he half of the 9 operational key at the outputs of the modu o-2 adder~
I0 650-664 to ~e transferred to the lower d~ta rcgister hDR 250 11 so that the full operational key is now storea in the data 12 registers. Tl~e L~B and LDR control signa'~ are effective 13 for allow~ng a byte of data from the outputs of the buffer 14 registers U~R 100 and LB~ 1~0 to be latchel into the key regist~rs It~ 350 and ~RR 400 ~Jh~le at the same time the LIB
16 and Ll~ control signals and the S~ and LDR control signals 17 are effect~ve for shift~ng the bu~fer regi~ters and the 18 key reglstqrs, respecti~ely, one position in synchronis~.
19 ~eferring now to ~igs. 2Ge3 and 26f3, at ~4 ti~e, a ~4 clock pulse is applied to render the .~JD i~ert circuit 552, 21 conditioned hy the posit~ve ~ignal on the ()UT CYCT~ START
22 line, effective to apply a negative slgnal to reset the 23 START OUT C~CLE START latch SS4. Referr~ng now to ~ig.
24 26d4, at ~4 time, the ~4 clo~k pulse is a~so effective in combination with the positive signals on the OUT CYCLR and 26 K O~D l~nes to render the At~D invert circuit 442 effective to 27 apply a negative pulse to the STEP ~YTE CT~ line, the 28 ~o~tive trailing e~ge of which is effcctive to ~tep the 29 ~YT~ COU~TER 448 to a count of 1. ~eferring now to ~igs.
26f3 and 26f4, at ~1 time of th.e ~cxt clo~k cycle a -~l/L

RI977~09 -202-~12~i2 1 clock pulse is applie~ to reset the OUT CYC.L~ START latch 2 558 and the ~ latch 61~. n~e~erring now to Fig. 2fieS, 3 the neyati~e si~nal on the OUT CYCLE STAr:'r line is applied 4 to decondit~on the RN~ invert circuit 5~ hich, in turn, applies a positive siqnal to t~le -FR 16 line to effectively 6 term~nat~ any furt~er ~R 16 control signals to the crypto 7 engine.
8 ~eferring now to ~igs. ~g4 and 2fih4, at 02 time, a -C
9 clock pulse is effective to again decon~ition the O~ invert circuits 602, 604 and 574 to initiate prod-~ction of the 11 control si~nals on the I,I.~, LKB, 5R, LI~ and LDK. .~.eferring 12 now to the crypto engines in ~ig. 26gl, th~ I.KB and LVK
13 control signals are effective to load the n~xt byte of the 14 operational key from the ~uffer registers to the key regist~r~, the LIB and LI~ and ~ and 'DK control ~ign~ls are effectlve 16 to simultaneously shift th~ huffer registers and the key 17 registers ln synchronism so that the next ~yte of the 18 operational key is availa~le at the outputs of the buffer 19 registers and the previously loaded byte ~f the operational key in the key registers is shifted one po~ition. In a 21 s~milar manner, the buffer registers and th~ key registers 22 of the c~pto engine are shifte~ in synchronism, once for 23 each clock cycle, causing succes~ive hytes of the operat~onal 24 k~y, in cle~r for~, to ~e transferred from ~-he buffer regist~r~
to the key re~ist~rs.
26 The byte counter 448 counts the clock cycles and, at 27 the 8th count, a negative signal is applied to set the COU~T
28 8 latch 450, which, in ~ein~ set, applies a negat~ve signal 29 via the -CT~ line to reset the ~UTPUT CYCL~ ~atch 454 in Fig. 26e3. Tne ~UTPUT CYCi,E latch 454, in ~eing reset, . .
KI97700~ -203~

11~4~12 1 applies a positive signal to the -OUT CYCLE line and a 2 negative signal on the OUT CYCLE line. Referring now to 3 Fig. 26d3, the combination of positive signals on the -OUT
4 CYCLE line and the -IN CYCLE line render the AND invert circuit 410 effective to apply a negative signal to reset 6 the COUNT 8 latch 450 in Fig. 26d4, and is inverted by 7 inverter 412 to a positive signal to reset BLOCK COUNT flip 8 flop 414 producing a negative signal on the -BLK0 line and a 9 positive signal on the -BLKl line. The negative signal on the OUT CYCLE line is also applied to decondition the AND
11 invert circuit 598 in Fig. 26g4 to initiate termination of 12 the positive signals on the LIB, LKB and SR control lines to 13 inhibit further shifting of the buffer key registers in the 14 crypto engines. Referring now to Fig. 26f3, the negative signal on the OUT CYCLE line is applied to set the START OUT
16 CYCLE START latch 554. Referring now to Fig. 26f3, at ~1 17 time of the next clock cycle, a 01 DEL clock pulse in combi-18 nation with the positive signal on the -OUT CYCLE line and 19 the positive signal output of the START OUT CYCLE END latch 580 are applied to render the AND invert circuit 582 effec-21 tive to produce a negative signal to set the OUT CYCLE EN~
22 latch 584 which, in being set, applies a positive signal to 23 the OUT CYCLE END line.
24 ~eferring now to Eig. 26e5, the positive signal on the OUT CYCLE END line in combination with the positive signal 26 on the SP ~ OP line render the AND invert circuit 505 27 effective to apply a negative signal to the -SET EB line.
28 Referring now to Fig. 26c3' the negative signal on the -SET
29 EB line is applied to reset the RFMK latch 330, which, in being reset, applies a positive signal via the -~FMK line to ,-, ~

l render the A~JD invert circuit 2~8 in Eig. 26c4 effective to 2 apply a negative signal to the R ~RD line and via the 3 inverter 330 a positive signal on the ~ O~D line indicat~ng 4 the end of the key or~er operation. ~eferring ~ow to ~igO
26f3, the negative signal on tl~e -SET EB line i5 inverted-to 6 a positive si~nal on the SLT ~B line and applied via the 7 SET EB line to the O~ invert circuit 540 causing a negative 8 signal to be applied to one input of the ~R invert circuit 9 544 to initiate production of the SL control ~ignal to pre-shift the ~ey registers of the crypto engines in ll preparation for the encipher operation. Referring now to 12 Fig. 26f4, the negative signal on the -SET EB line is appli~d 13 to decondition the ~tD circuit 626, which, in being de-14 con~itione~, applies a negative si~nal to set the START EB
lS latch 628. `~eferring now to Pig.s. 26e3 and 2fif3, at ~4 16 time, a ~4 clock pul5e iS applie~ to render the ~ invert 17 circuit 578 effective to apply a negative signal to reset 18 the START OUT CYCLE E:ND latch ~80. .~t ~l time of the next 19 clock cycle, a -~l/L clock pulse is applie~1 to reset the OUT
CYCLE ElID latch 584 which, in heing reset, applies a negat~ve 2l signa} v~a the ~UT CYCL~ D line to desond.i.tion the ~ID
22 invert circuit 505 in Fig. 26e5 causin~ a positive si~nal to ~3 now be appl~ed to the -SET i'B line. P~eferr.ing now to Pig.
24 26f4, the positive signal on the -~ET EB l~ne i5 applied to render the A'ID circuit 62~ effective to ap~ly a positive 26 signal toqether with the po~itive signal ~utput of the STAR~
27 EB latch 628 to render th~ D invert circuit 630 effective 28 to a~ply a negative signal to s~t the ~B latch 632. ~he EB
29 latch 632 in hein~ ~et applies a positive signal to the EB
line and a ne~ative si~nal to the -~B line indicating th~

KI977009 (~5 1 start of the enci~her operation. Referring now to Figs.
2 2fid5 and 26e5, the positive signal on the ~R line in 3 comb~nation with the positive signal on the SP E~C line is 4 applied to render the ~D invert circuit 5~2 effective to apply a negati~e signal to reset the SP~C ~ OP latch 504 6 which, in being reset, applies a negative signal to the SP R
7 OP line indicating the end of the special ke~ operation.
8 ~uring the encipher operation, the operational key~ stored 9 in the data registers of the crypto engine are enciphered under control of ~he secondary communicati~n key ~tored in 11 the key regi~ter~ of the cr~pto engine to vbtain, at the end 12 of tne encipher operation, the operational ~ey enciphered 13 under the secondary communication key~ ~eferring now to 14 Fi~. 26gl, at the end of the encipher operation half of the enciphered operational key is available at ~he output of th~
16 upper data register UDR 200 and the other ralf i8 ava~lable 17 at tAe outputs of the modulo-2 adders 650-~54.
18 The ba3.ance of the ~rlK order operatio~ can be followed 19 from the timing diagram of Figs. 34a-34g an~ i8 ~imilar to that de5cribed in detail in connection with the encipher 21 order operation which may be referred to for such details.
22 In general term~, a series of 8 PIOR data commands is receiv~d 23 for reading the enciphersd operational key~ ~he first such 24 com~nd ini~.iate3 a secon~ output cycle and the ~yte counter counts each such command received. tjurin~ ~he execution of 26 the first PIOP~ data co~uan~, while the blork count is at a 27 c~unt of one, the e~ciphered operational key i~ paral}el 28 transferred from the outputs of the upper data reglster and 29 the ouputs of the cipher function circuits to the ~uffer regi9ter~ where it ~5 then avai~a~le for reading, a byte at ~I977009 -~6-~2~8:1~

1 a ti~e. ~t the end of the execution of each PIOR command, 2 the buffer re~isters are ~hift~d one position to present the 3 next byte of the enciphercd operational key for reading. ~t 4 the 8th count of the ~yte counter, the second output cycle -ends and the ~lock counter is reset to er.d the I~F~ order 6 operation.

RI97700~ -?07-1 REENCIP~ER TO MASTER XEY ORDER OPERATION
2The function of thi~ operation i8 to reencipher an 3 operatlonal key enciphered under a secondary koy, which i~
4ltself enciphered under a variant of the host master key, to S the operational key enciphered under the host mastQr k~y.
6Dur~n~ command time of this operat~n, when the order 7 code specifying a RTMX order is decoded, a load maffter ~ey 8(LMX) latch and a key variant 2 latch are set and a ~poctal 9 encipher (SP ENC) latch is reset. With tbe LN~ latch set, the contents of the MK memory is caused to be read out for 11 transfer to the crypto engine~ and with the key ~arl~nt 2 12 latch sot, each byte of the master key transferred i~
13 modifiod to provide a variant (KMH2) of th8 master key 14 ~XMH0). The variant of the master key i~ parlty ch~cked, a byte at a time, and loaded as a working key into the k~y 16 reg~sters of th~ crypto engines. During sync~ TD tlme of 17 thls oporation, a RTMR latch and a DECX latch are set cauJln~
18 a key order IK O~D) signal to be produced indicating that a 19 k~y order operat~on iB to be performed and an ~nc~pher IENC) latch is re~at cau~ing the processing mod~ to b~ ~et for a 21 decipher (DEC) op~ration. Aft~r the 8th ~yte is load d in~o 22 th~ key register~, the ~MK latch i~ re~e~ to termlnata 23 further MK memory readout. A serles of P~W data co~mand-24 1J then rQceived w~th the data fields a~ociatea ~i~h the command~, con~tituting a ~econdary key enciphered under t~-26 8ame variant of the ho~t master key stored in the key r~gi~er, 27 b~lng loaded lnto the ~uffer regi~ter~ of the crypto englnaJ.
28 Th~ fir~t ~uch command initiate~ a fir~t input cycle and th 29 byta counter counts each ~uch command rece~ved. Aft~r the 8 PIOW commands have b~en received and the Bth byte wr~t~n ~I977009 -208-1~2~

1 into the buffer registers, then, at the 8th count, the $nput 2 cycle ends, the enciphered secondary key i~ transferred from 3 the buffer registers to the data registers of the crypto 4 engine, a block counter i8 set, the cryp~o engine~ start a declpher operatlon, and the key variant 2 latch i8 reset.
6 Durlng the decipher operation the second~ry ~ey enciphored 7 under the variant of the host master key in the d~ta regl~t-r-8 of the crypto engines is deciphered under control of thc g a~e varlant of the host ma~ter key in k~y regl~ters of the crypto engines to obtain the secondary key in clear form.
11 At the end of the dec~pher operatlon, the seconaary key, no~
12 in clear form, is transferred from the o~tputs of the upp r 13 dats register UDR and the outputs of the clpher function 14 circuit~ to the buffer registers of the crypto englne and an output cycle i8 started. During the output cycle, the 16 buffer regi~ters and the key reglsters are shi~ted ln 17 synchron~sm, once for each clock cycle, cau~lng the second~ry 18 key presently ~n the buffer registers to b~ shlfted into the 19 key registers. During this transfer, the byte counter counts the clock cycles and after the 8th count, the output 21 cycle ends, the block counter i~ reset and the DECK l~tch 22 i8 reset causing the key order Qlgnal ~K ORD) to be termlnat~d.
23 A second series of 8 PIOW data commands is then r~celved 24 wlth the data field3 a~oc~ated with the command~, con~titutln~
the operational key enciphered under ~he secondary ~ey, 26 ba~ng loaded into the buffer registers of the crypto eng~n~s.
27 The flr~t s~ch command received in~tlnte~ ~ second ~nput 2~ cycle and the byte counter again counts each such co~mand 29 reoelved. After the 8 P}oW commands have ~en received and i~
the 8th byte wr~tten into th~ buffer register, then, at th ~2~8iz 1 8th count, the second input cycle ends, ~e block counter i-2 reset and the operational key enciphered under the secondary 3 key is tran~ferred from the buffer registers to the data 4 reg~sters of the crypto eng~neg and the crypto engine~ ~tart S a decipher operation, indicated by the EB sign~l, to decipher 6 the operational key enciphered under the second~ry key in 7 the data register~ of the crypto engines under contro~ of 8 the ~econdary key in the key regi~ters of the crypto engino-9 to obta~n the operational key in clear f~rm. At the end of the decipher operation, half of the opera4~onal key, now in 11 cloar form, ~ B available at the output~ of the uppor d~ta 12 rogi~ter UDR and the other half i8 available at the output~
13 of the cipher functlon c~rcult. Additionally, at tho end of 14 the dec$pher operation, w~th the RTMK latch st~ll set, the operational key i~ transferred fro~ tho outputs of tho uppor 16 data reqister UDR and from the outputs of the cipher functlon 17 c~rcuits to the buffer registers in the crypto englne~, a 18 Jpecial ~ey operation (SP K OP) latch i~ ~et ~ignaling 19 that a ~pecial key operation is to be performod and the LM~
latch i8 again set to cause the ho~t ma~ter koy contont~ of 21 the MK memory ~KMH~) to be read out for transfer to the 22 crypto engine. The ho~t ma~ter ~ey i~ p~rlty checkod, a 23 byte at a timæ, and loaded a~ the working key lnto the koy 24 regl~ter~ of the crypto engines. After th~ 8th byte ~
loadad into the key regi~ter~, the LMK l~tch 1~ resot to 26 termlnAte furth~r MX ~emory read out.
27 At the end of wr~ting the ho~t ma~ex key into the key 2~ register~ of the crypto engines and w~th the SP REY OP and 29 R~M~ latche~ being set, the operationa} ~ey iJ tran~ferred from the buffer regi~ters to the data regi~ter of the crypto KI977009 -21~-1~2~2 1 en~ines, a special encipher (SP ENC) latch iB set, the 2 proces~ing mode i8 now ~et for an encipher ~ENC) operAt~on 3 and the RTMX latch is reset. Following this, the key regi~ter~
4 of the crypto engine are pre-shifted one position to the left in preparation for the encipher operation, the cryp~o 6 engine then initiate~ the ~pecial encipher operation, ~ndicated 7 by the generation of the EB signal, which together with th-8 SP ENC latch being set cause~ the SP K OP latch to be reset g ~ignaling the end of the ~pecial key operation. During the ~pecial encipher opexation, the operational key, pre~ently 11 stored in the data registers of the crypto engines, ls 12 enciphered under control of the host master key in the key 13 registQr~ of the crypto engines to obtain the operat~onal 14 key enciphered under the host ma~ter key. At the end of the ~pecial encipher operation, half of the op~rational key 16 enciphere~ under the host ma~ter key i8 a~ailable at the 17 ou~put of the upper data register VDR and the other ha}f i~
18 available at the outputs of the cipher function circuit~.
19 A series of 8 PIOR data commands i8 n~w received for reading the enciphered operational key. nhe first such 21 command initiates a ~econd output cycle an~ the byte countor 22 counts each such c~mman~ received. Dur~n~ the execution of 23 the PIOR data command, while the block count i9 at ~ coun~
24 of one, the enciphered operational key is paral~el tran~f~rred from the outputs ~f the upper data reg~ster UDR and the 2~ outputs of the cipher function circuit to the buffer regi~ters 27 where lt ~s then available for reading, a byte at a t~m0.
28 At the end of the execution of each ~IOR ~ommaDd, the buffer 29 registers are ~h~fted ~ne po~ition to present the next byte of the enc phered operational key for read~ng. At the 8th 1 count of the byte counter, the second output cycle ends and 2 the block counter i~ re~et to end the RTM~ operation.
3 A more detalled description of the RTMX order opQration 4 will now be given in conjunction with the ~iming dlagrams of Figs. 35a-35g. After addre~ qelection a~. TA t-me and 6 loading the command byte ~nto the command register at ~C
7 time, the command code i9 decoded by the ~ID in~ert circuit 8 266 in Fig. 26b2 to produce a negative ~iqnal which i~
g inverted by inverter 268 to a po~itive ~i~nal on the WR DSD
ORDER l~ne thereby indicating the presence of a W~ DSD O~DER
11 command. At the same time, the order cod~ for the RTMK order 12 i8 decoded by the AND invert c~rcuit 332 to apply a negat~ve 13 signal via the -RTMX DEC line to the inver~er 334 where it 14 i8 inverted to a positive signal and applied to one input o~
the AND lnvert circuit 336. ~eferr~nq no~ to ~he Inverter 16 468 in Fig. 26d5, the negative signal on the -RTMK DEC llne 17 i8 in~erted to a po~tive s~gna} and applted to the O~
18 invert circuit 492 causing a negative s~gnal to be npplied 19 to re~et the SPEC ENC latch 494. ~eferring now to F$g. 26e5, the negatlve ~ignal on the -RTMR DEC line i~ applied via the 21 OR circuit 512 to ~et the KEY VAR 2 CTRL latch 514 which, in 22 being set, appl$es a positive ~ignal to the VARIANT 2 line 23 and via the OR circuit 521 to the VARIAN~ 2~3 line. Referring 24 now to F~g~ 26el, the po~it~e ~qnal~ on the VA~ANT 2 an~
VAR~ANT 2/3 line are applied to condltion the exclu~e O~
26 circuits 7~4c and 704d wh~ ch are u~ed to 'nvert bit~ 4 and 6 27 of e~ch byte to be read out of the MX n~mory 700 thereby 28 provld~ng a ~ariant of the master key fcr transfer to the 29 crypto engine. Referring n~w to Fig. 26~2, at T~ time, a po~iti~e signal is applled ~ia the SYNC~ ~D line to render ~I977009 -212-1 the AND circuit 270, conditioned by the positive signal on 2 the WR DSD ORDER line, effective to provide a positive 3 signal on the WR O~D TI~ line. Referring now to Fig. 26b2', 4 the positive signal on the ~R ORD T~ME~line is applied to the inverter 322 where it i~ inverted to a negative ~ignal 6 on the -WR O~D TIME line to reset the ~T~K latch 338 in 7 F~g. 26c3'. Referring now to Fig. ~6b2', the positive ~gnal 8 on the WR ORD TI~E line is applied to th~ remaining input 9 of the AI~D invert circuit 336 to render it effective to produce a nega~ive signal on the -SET RTMK line where it i~
11 applied to ~et the RTMK latch which, in being set, applie~
12 a positive ~ignal to the RT~K line. The negative signal on 13 the -SET R~MX line i8 also applied to ~econdition the AND
14 circu~t 294 in Fig. 26c3 which, il~ turn, appl~e~ a negative signal to ~et the DEC latch 296 producing a positive signal 16 on the DECK line and a negative signal o~ the -DECK line.
17 The neqative ~gnal from the -SET DEC output of the AND
18 circuit 294 i8 applied to re3et the key invalid latch 278 19 and, in Fig. 26~4 is inverted to a positive ~ignal by inverter 562 and applied to the OR invert 564 causi~g a negative 21 ~lgnal to be applied to ~et the LMK latch 566 producing a 22 po~itive ~igna~ on the LMK line and a negative signal on 23 the -LMK line. ~ferring now the AND inv~rt circuit 368 24 in Fig. 26c2, the ne~ative si~na} on the -LMK line i~ appliod to decondition the A~D invert circuit 368 which, in turn, 26 main~ains a positive signa~ at one tnput cf the A~D invert 27 circuit~ 370 and 374 so long as the LMK latch 566 remain~
28 ~e~ ~.e. while the MK memory is bei~g read out.
29 ~xcept for the modification of the host ms~ter key as it 18 bein~ tran~fexred from the ~ n~emo ~ 700 to the key XIg77009 -213-1 registers of the crypto engine, the next series of operationr 2 $s similar to that describe~ in connection with the DECX
3 order operation which may be referred to f~r such details 4 and can also be followed from the t~ming diagram of Figs.
35a-35g. In general terms, with the DECR latch 296 ~et, a 6 -X ORD s~qnal ~in Fig. 26c4) causes the encipher ~ENC) latch 7 312 to ~e reset so that the processing mcde i8 set for a 8 decipher operation. Now, with the LMK latch 566 (in Fig.
9 26g4) set, ~he hoat master key contents of the MX memory 700 $8 caused to be rea~ out for transfer to the crypto engine 11 and with the key variant 2 latch 514 (in Fig. 26e5) set, 12 each transferred byte of the host master key has bit~ 4 and 13 6 inverted ~o provide a variant (XM~2) of the host mast~r 14 key (~M~0). At the crypto engine ~in ~ig. ~6gl), the ~ariant of the host master key is parity chec~ed, ~ byte at a time, 16 and loaded as a workin~ key into the key reqisterJ of the 17 crypto engincs. After the &th byte i8 lo~ded into the koy 18 regi~ters, a -16 STEP signal, indicating the end of the 19 loading operation, i8 applied to reset LM~ latch 566 to terminate further ~K memory read out. Following along the 21 general DECK operation, after- ~or concurrently w$th) loadlng 22 the variant of the host master key into the key regi~ter~ of 23 the crypto engines, a series of ~ PIOW tlata command~ ar~
recei~¢~ with the data fiel~s as~ociated with the command~, 2 5 iA this ca~e consisting of a secondary key enciphered under 26 the 8ame variant of the host master key as is stored ~n the 27 ~ey register~ of the crypto engine, ~e~ng ~o~ded into the 28 buffer registers of the crypto engines. The ~irst such 29 command sets the INPU~ CYCLE latch 464 ~in Fig. 26e3) to initiate a first input cycle and the byte counter 448 (in 1 Fig. 26d4) counts each such command recei~ed. After the 8th 2 PIOW commands have been received and the 8th byte written 3 into the buffer registers, then, a -CT8 s$gnal, indicating 4 the 8th count, is applied to reset the INPUT CYCLE latch 464 s to end the input cycle. The end of the input cycle causos a 6 BL ~ COUNT flip flop 414 (in Fig. 26G3) to be set and an 7 I~PUT CYCL~ END signal to be produced during the clock cycl~
8 follow~ng the end of the input cycle. The INPUT CYCLE FND
9 signal is effective to initiate production of the control s$gnal~ LDR and LDR ~in Figs. 26f4, 26g4 and 26h4) for 11 causing the enciphered secondary key, presently in the 12 buffer register, to be transferred to the data regi~ters of 13 the crypto engines tin Fig. 26~1). The INPUT CYCLE END
14 s$gnal is al~o effective to set the START EB latch 628 (in lS Fig. 26f4) which conditions the EB latch 532 to be set at 16 the end of the clock cycle and the dec$pher operat~on to be 17 initiated.
18 During the decipher operation, the secondary key enciphered 19 under the ~ariant of the host master key in the d~ta regl~ter8 of the crypto engines is deciphered under control of the 21 same variant of the host master key ln the key registers of 22 the crypto engines to obtain the s~condary key $n clear 23~ form. At the end of the decipher operation the S~AR~ B and 24 EB latches 628 and 632, respectively, (in F$g. 26f4) are reset and the E~ E~ latch 616 is set to cau~e an ~R END
26 s$gnal to ~e produced during the cloc~ cycle fol~owing the 27 end of the ~ecipher operation. The EB E~V slgnal ~ effsctive 28 to initiate production of the control signa~s ELD and 29 LIB (in Figs. 26f4, 26g4 and 26h4~ for c~us~ng the secondary key, now in clear form, to be transferred from the outputs 197700g ~ 15_ 8~2 1 of the upper data registers U~R and the output~ of the 2 modulo-2 aders 650-664 of the crypto engine (in Fig. 26gl) 3 to the buffer registers of the crypto engine. At the end of 4 the clock cycle, the EB E~D signal is al~o effective to S initiate a EE END L signal to Qet the OU~PJT CYCLE latch 464 6 ~in ~ig. 26e~) to in~tiate a first output cycle. The OUTPUT
7 CYCLE latch 464, in ~eing set, produces sn OUTPU~ cycle 8 signal which initiates production of the control signal~
9 LIB, LXB, SR and LI~ and LD~ ~in Figs. 2Gg4 and 26h4~ for causing the buffer registers and the key regi~ters to 8h~ ft 11 in ~ynchronism, once for each succeeding clock cycls, whereby 12 the secondary key presently in the buffer regi~ters i~
13 shifted into the key registers of the cry~to engine ~in Fig.
14 26gl). During the ~hifting operation, the byte counter 448 ~in ~ig. ~d4) count~ ~he clock cycles an~ after the secondary 16 key has been completely shifted into the key re~isters, 17 the, a -CT~ signal, indicating the 8th co~t, i8 applied to 18 reset the OUTPUT CYCLE latch 4~4 to end the first output 19 cycle. The OVTPUT CYCLE latch 464, in being reset, cau~e~
the BLOCK COU~T flip flop 414 (in Fig. ~6y3) to be reset and 21 an OUTPUT CYCLE ~ND latch 584 (in Fig. 26~3) to be set for 22 producing an OUTPUT CYCLE END ~ignal during the clock cyclo 23 following ~he en~ of the output cycle. The OUTPUT CYCLE END
24 signal is effective to reset ~ECK latch 296 (in r~g. 26c3) which, in turn, terminates the ~ ORD signal and ends the 26 operation.
27 The next series of the operations tG ~e performed in 28 executing a RTMR function is to decipher a data parameter 29 under control of the key parameter of the key regiRters of the crypto engines, the ~ata parameter, in the present Ca8 1~24~

1 being an operational key enciphered under a secondary key 2 and the key parameter ~eing the same ~econdary key stored in 3 the key register~ of the crypto engine. Except for the 4 significance of the data and key parameters, the ~erie~ of operations is ~lmilar to that prev~ously ~e~cri~ed in 6 connectlon with DEC order operation and can also be follo~d 7 from the tlming alagram of Figs. 35a-3~q. In general terms, 8 with the encipher (ENC) latch still being in a reset state, g at the end of the prev~ous operation, the proces~ing mode 1 st$11 ~et for a decipher operation. Ac~ordingly, a second 11 ~erles of 8 PIOW data commands are now received with th~
12 data field~ associated wlth the command~, constitutln~ the 13 operational key enciphered under the same 3econdary key as 14 is storea in the key registers of the crypto engin~s, being loaded ~nto the buffer registers of'th~ c~ypto eng~nes. $he 16 f~rst such command received initiate~ A 9~COna input cyc~e, 17 a~ previously de~cribed, and the byte co~nter 448 count~
18 each com~and received. ~fter the 8 PIOW commands have ~een 19 received and the 8th byte written ~nto the buff~r register, then, at the 8th count, the second input cycle end~, the 21 9~0CX COUNT fllp flop 414 i9 reset and during the cloc~
22 cycle following the end of the input cy~le, the INPUT CYCL~
23 END ~ignal aga~ns initiate~ product~on of the control ~ignal~
24 LD~ and LDR for caus~ng the enc~phered operationa~ key, pre~ently tn the buffer registers, to ~e ~ran~ferrea to th~
26 data register~ of the crypto engine. ~he ~NPUT CYCLE END
27 ~ignal is a~ain al~o effect~e to initia~e the ~e~uential 28 sett~ng of the BTA~T EB and EB latches fi2B and 632, respQctiv ly, 29 and the dectpher operatlon ~ ~nit~ated.
Dur~ng the decipher operation, the operatlon~1 key K~97700~ -217-1~2~812 1 enciphered under the secondary key in the data registers 2 of the crypto engines is ceciphered under control of the 3 same ~econdary kcy in the ~ey registers of the crypto engine~
4 to obtain the operational key in clear form.
S At the end of the decipher operation, the START EB and 6 EB latches 62~ and 632, respecti~ely, (in Fig. 26f4) are 7 again reset and the ~B E~D latch 616 is ~et to cause an EL
8 END signal to be produced during the cloc~ cycle following 9 the end of the decipher operation.
Refer,ing now to ~ig. 26dS, the positive EB E~D ~$gnal 11 in combination with positive signals on the -DECK, RTMK ana 12 -SP ENC line are applie~ to render the ~N~ clrcuit 482 13 effective to apply a positive ~$gnal via the O~ circuit 484 14 to the S~ LMK line. Referring now to th~ OR invert circuit lS ~Ç4 $n Fig. 26g4, the positive ~ignal on the SET LMX line 18 16 applied to rendor the OR invert circuit 564 effectlve to 17 apply a nega~ive signal to set the ~MK latch 566 produclng a 18 positive signal on the L~ line and a negative si~nal on 19 the -LMK line. Referring now to the ~ND invert circuit 368 in ~ig. 26c2, the negative signal on the -LMX line i~
21 applied to ~econdition the AND invert c~rcuit 368 which, $n 22 turn, maintains a positive signal at one input of the AND
23 invert circuit 370 and 374 so long as t~e LMK latch 566 24 remains et i.e, while the MK memory is being read out.
~e~erring row to Fig. 26d~, at the end of the EB END signal, 26 the A~D circuit 482 is deconditioned cau~ing a neqative 27 si~nal ~o be applied to set the SPEC XEY OP latch 504 in 2~8 Fig. 26e5 to produce a positive signal on the SP K OP lin-2g signalin~ a special key operation is to be performed. Th~
AND invert circuits 370 and 374 are alternately rendered ~1977009 -21~-~8~Z

1 effective by ~3L and -0L ~lock pulses, re~pectively; the 2 Al~D invert circuit 370 controlling the ~ invert circuit 3 376 and inverter 37~ to produce successive negative signal~
4 on the -M E~BL~ line which in combination with a positive S signal on the -~ CNA~LE line allows successive reading of 6 the ~ meuory 700 while the AND invert c~rcuit 374 controls 7 th~ A~V invert circuit 376 and inverter 3~ in Fig. 26d2 to 8 produce successive positive signals on the S~EP CT~ line for 9 successively stepping the a~ress counter 390 to address successi~e locations on the MK r.~ ory 700. Successive pair~
11 of half bytes of the master key reaa out of the MX ~mory 12 700 in ~ig~ 26el are shiftea into ~ha shi~t registers 702 to 13 provi~e succes~ive bytes of the ~aster key for tran~fer to 14 the crypto engines. ~eferring now to Yi~. ~6g4, the AN~
inv~rt circuit 56~ con~itioned by the posit.ive signal on the 16 LMK line is su~cessively rendered effective to ~ucce~ively 17 set the LDK latch 570 to initiate production of succe~ive 18 control signal~ on the 5R, LD~ an~ LDK line~ for controlling 19 the key registers in the crypto enyines to shift the 8ucce~8~v~
bytes of the r.~ster key for loading ints the key register~
21 of the cry~to engine~.
22 At the en~ of the special key operation, the addres~
23 counter 39~ i~ Fig. 26~ is stepped a 16th time to return to 24 a count of 0 to initiate prouction of a positive ~ignal on the 16 ~TEP line. Xe~erring I~OW t o Fi5. ~6e~, the po~itive 26 sis~nal on the 1~ ST~P line in con~ination with po~itive 27 8i~nals on the ~P ~ OP an~ ~T~K line ~re a;~plied to render the 28 ~ invert circuit 510 effective to a~ply a neg~ive ~ignal 29 to the -L~R & S~T lB line. ~he negative ~ignal on the -LDR
& SET ~B 1ine is applie~ ~o the invert r 4~6 in Fig. 26d5 ~T97700g -219-1 where it is inverte~ to a positive signal and applied to the 2 OR invert circuit 490 caU~ino a nega~ive signal to be applled 3 to set the S~EC EiiC latch 494 to ~ignal a special encipher 4 operation causing a positive signal to be ~pplied on the SP
ENC line an~ a negative siqnal on the -SP ENC line. Referring 6 now to Fiqs. ~6e3 and ~6~3, the positive slqnal on the SP
7 ENC line is applie~ via the OR circuit ~22 to condition the 8 AND circuitA 536 and 53~ for an encipher operation and to 9 the inverter 546 where it i~ inverted to a negative signal on the D~C line to decondition the AND invert circuit 548 11 and 560 associated with the decipher operation. The negatl~e 12 si4nal on the -SP ~NC line is applied to decondit~on the AND
13 invert circuit 621 causing a positive signal to be applied 14 to one input of the A~ circuit 626. Since a negative signal is presently on the IN CYCLE E2~D line, the inverter 16 622 inverts this to a positive signal to a second input of 17 the AND eircuit 626. ~eferring now to Fi~. 26c3', the neg~tivo 18 signal on ~he -LD~ & SET EB line is appl~ed to reset RTMK
19 latch 338.
R~ferrinq now to Fi~. 26~j3 the negat~ve signal on th8 21 -LDR h SET EB line is applied to the inverter 539 where it 22 is inverted to a positive signal and applied to the OR
23 invert circuit 540 causing a negat~ve signal to be applied 24 to one input of the OR invert circuit ~44. ~eferring now to Fig. 2~g~, the negative signal on the -LD~ & SET EB l~ne ~-2~ applied to ùecon~ition the A~D invert circuit 638 causing a .~
27 positive ~ignal to be app}~ ed to the O~ in~ert circuit 640 28 w~tich, in turn, applies a negative signal via the -LDR l~ne 29 to one input of the O~ invert circuit 64~. A~ ~2 time of the clock cycle, a -C Glock pulse is applie~ to the other 1 input of the oX invert circuits 54~ and 644 initiating the 2 production of positive signals on the SL an~ LDR line to the 3 control signal cable connecte~ to the crypto engines. The 4 ~ositive si~nal on the LDR Iine is also applied to the OR
invert circuit 652 in ~ig. 2~114 causing a negative signal, 6 celayed by the ~elay circuit 654, to be applied via the 7 LDR line to the control cab~e. i~ditionally, the pos~tive 8 signal o~ the ~L line is applied to the OR invert circuit 9 606 causing a neyative signal, delayed by the delay circuit 608, to be applie~ via LD~ line to th~ cGntrol si~nal cable.
11 RRferring llOW ~0 the orypto engine in Fiy~ 26g2 the control 12 signals SL an~ LD~ are effective for causing a pre-shift of 13 the ~ey registers of thc crypto engine in ~reparation for 14 the encipher operation while the control signals LDR and LD~ are effective for causing the operational key in ~he 16 buffer regist~r~ to be transferred to th~ ~ata registers of 17 the crypto engine.
18 Referring now to Fig. 26~5 at the en~ of this clock 19 cycle the po~itive signal on the 16 ST~P line i8 termlnated to decondition the ~V invert circuit 510 causing a positiv~
21 signal to now ~e applied to the -LDR & SE~ll EB line. Referring 22 now to Fis. ~Gr4, the positive signal now on the -LDR ~ SET
23 ~B line is a~plied to ren~er the AND circ!~it 626 effective 24 to ~pply a positive ~iynal which, in co~nation w~th the positive s.ignal frol~ the ST~XT E~ latch 62~, renders the AND
26 invert circuit 630 offective to apply a negative si~nal to 27 set the ~ latch 632 which, in being set, applies a posittve 2B ~i~nal to the ~B line an~ a negati~e siynal to the -EB line.
29 ~efe~ri~lg now l~o Fig. 26~5 the positive s~gna~ on the ~B
~ ine in co~inatior~ with t~e positi~e signal on t~e SP EI~C

~;I977009 -2~1--112~812 l line are applied to render the ~ invert circuit 502 2 effective to a~ply a ne~ative signal to reset the SP~C KEY
3 OP latch ~04 in ~ig. 2~e~ signalin~ the end of the special 4 key operation.
S ^he balance of the I~ or~er operation can be followed 6 from the tiil;ing ~iagram~ cf ~igs. 3~a-354 an~ is similar to 7 that describe~ in detail in connection with the encipher 8 order operation which may ~e referred to for such detail. ~n 9 general terms, during the encipher operation the operation~l key ~n the data registers of the crypto engines is enciphered 11 under control of the host master key in the ~ey register~ of 12 the crypto engines. At the en~ of the special encipher 13 operation, half of the operational key enciphered under th 14 host master key is available at the outpu~s of the upper ata register and the other half is available at the outputs 16 of the cip~.er function circuits. ~ series of 8 PIOR data 17 c~ ~ n~ now received for eadins the enciphered operational 18 ~ey. 'lhe first such co~nand initiates a second output cycle 19 and the byte counter 44~ counts each ~ucb command received.
Durin~ the execution of the first PIOR ~ata command, while 21 the block count is at a count of 1, the enciphered operat~on~l 22 key is parallel tran~ferred from the output~ of the upper 23 ata registers and the outputs of the ci~her function circuit0 24 to the buffer registers wAere it i~ then available for readlng, a byte at a ~ir.1e. ~t the en~ of the execution of each PIOR
26 co~mand, the buffer regis~ers are shifte~ one positio~ to 27 pre~ent the ne~t ~yte o the encipherea operational key for 28 rea~ing. i~t the 8th count of the byt~ counter, the second 29 output cycle en~ and the bloc~ counter i8 re4et to end the ~ $K operation.

llZ4812 1 ~ROCEDURAL r~Rp~oRs 2 IA procedural error is one in which the ~SD receives a 3 commanâ out of sequence or at ~he wrong time, such that itQ
4 c~ecution ~ould cause the destruction or lcss of good data in the crypto engines or tne provicling of ~seless data from 6 the crypto engines. ~ihere are three con~lands that ~ay cause ? a proceàural error, n~ely, the rIOW ata comman~, the PIOa 8 ~ata com~lan~ and the WR D~D order con~and. The various 9 error conditions which laay occur for these three c~mands are ~escribe~ in the following.
11 1. Procedural errors for a PIOW ~ata co~mand 12 a. If a PIOh ~ata col~mand is issued while a read 13 operation is being performed (an output cycle 14 is in proyress), this causes a p~ocedural error since the ~uffer registers cannot be 16 use~ concurrently for ~Otll reading and writing.
17 A~cordin~ly, referring to Fig. 26u3, while the 18 output cycle is in progress, a negative signal i8 19 applie~ to ~econdition the PlJD invert circuit 42a causing a positive signal to be applied to one 21 input of the l~ND invert circuit 432. Since a 22 h~ order operation is not in p~ogress, a pos~tive 23 siynal is appliea via the -~MX ine to a second 24 input of ~he i~D invert circuit 432. Now, if an ~ttempt is made to cxecute a ~)IOW ~ata con~and 26 before the en~ of the output cycle, a positive 27 sigllal is applied via the PIOW D~T~ line to a third 2~ input of the ~ND invert circuit 432 thereby 29 conditioniny this circuit. ~t ~3L ti~e of the same clock cycle in which the positive ~ignal is ~I~7700g -~23-l appli~_ to th~fe~ EIOW DATA 7 ine, a ~3L clock puLse 2 is a~plie~f~ to ren~er ~he A~ invert circuit 432 3 effe~ctiv~f-~ to a~ply a negative signal to decondition 4 thc .~ND circuit 43& which, in t~rn, applies a S n~Sativ sisnal to the -PRO~ line indicating 6 a proce~ural error.
7 ~. If a PIOW ~data conu~and is issue~ while a block 8 of ~ata is containe~ in the buffer registers, 9 1his causes a proce~ral error since the buffer rcyisters can only contain one ~lock of data ll at a ~-inle. Accordingly, referrinq to Fig. 2Gd3, 12 while a ~lock of data is contain~ ~ in the buffer 13 registers, a ne4ative signal is a~pliea via the -14 -~L~ 1 line to econdition the ~ invert circuit ~28 causin~ a positive signal to be applied to 16 one input of the All~ invert cireuit 432 and slnce 17 a W.~ order operation is not in pro~resfi and a PIOW
18 ~ata com~and is bein~ attel,~pted, positive signals 19 are again applie via the -h~K ænd PIOW D~rA line~
to con~ition the A~ invert circuit 432. At ~3L
21 t-ime, the ~3L clock puls¢ is aga~n applied to 22 apply a negative signal to decor,~ition the A~D
23 ~-ircuit 43~ W~liCh then appiies a negative signal 24 to the -~OC E~ ine indicating a procedural error, 26 ~ fter a reset or after a w~ order operation, the 27 ~ipher key in tl~e k~ey register~ is invali~ an~ a 28 new cip~er key Ii~US~ be loaed into ~ e key regis~ers 29 by a ~C~ oru~r comr;~-an~ If a ~IOW ~ata command is issue~' while an invali~fi key i~ present ~n the ~;I97700~

~1~`81~Z I

1 key registers, this causes a procedural error 2 since a vali~ key is not p~eser.t in the key 3 recJisters. ~ccordingly, refbrring to Flg. 26d3, 4 while an invaliQ key is present in the key regi~ter~, S a negative siynal is applie~ via the -key invalid 6 line to decondition the ~ invert circuit 428 7 causin~ a positive signal to ~e applied 8 to one input of t~e A~iD invert circuit 432 and since 9 a ~ or~er o~eration is not in proyress and a PIOW
aat~ co~ and i5 ~eing attem~ted, positive signals 11 are again applie~ via the -h'.~ and PIOW DATA l~nes 12 to condition the ~D invert circuit 432 to produce 13 a procedural error siqnal at ~3L ~ime on the -PROC
14 ERR line.
d. If a PIOW data co~and is isquc~ to write a new 16 master key into the i~ menlory 1e8S then 16 micr~-17 seconds after issuing a WMK order co~mand, a procedural 18 ~rror will occ~r since ~ ~n~ overwrite operation 19 in progress for ovcrwriting the old master key in the I~ memory. ~herefore, referring to Fiq. 26d3 21 a positive signal on the ;~ OVW line in combinat~on 22 with a positive signal on the r~ow DATA line rend~rs 23 the l~D ~nvert circuit 427 effec~ive to apply a 24 negative signal to deco~dition ~he AND circuit 438 to produce a neyative signal on the -PROC ERR l~ne 26 indicating a procedural error.
27 2. Procedural errors for a ~IOR data cor~and 28 a. If a PIOR ~ata co~ and is issued wh~le a wr~te 29 cperation is pxesently ~eing perrormed (a~
input cycle is in progress), this cauæes ~I977009 -225-1~248iZ

1 a procedural error since the buffer registers cannot 2 be used concurrently for both reading and writing.
3 Accordingly, referring to Fig. 26d3, while an input 4 cycle is in progress, a negative signal is applied to decondition the AND invert circuit 416 causing a 6 positive signal to be applied to condition the AND
7 invert circuit 436. Now, if an attempt is made to 8 execute a PIOR data command, a positive signal on 9 the PIOR EARLY line is applied to render the conditioned AND invert circuit 436 effective to apply a negative 11 signal to decondition the AND circuit 438 causing a 12 negative signal to be applied to the -PROC ERR line 13 indicating a procedural error.
14 b. If a PIOR data command is issued at a time when there is no data contained in the buffer registers of the 16 crypto engines, this causes a procedural error since 17 there is no data to be read. Accordingly, referring 1~ to Fig. 26d3, at a time when there is no data contained 19 in the buffer registers of the crypto engines, the BLOCK COUNT flip flop 414 is in a reset condition 21 causing a negative signal to be applied via the 22 -BLK 0 line to decondition the AND invert circuit 23 416 causing a positive signal to be applied to 24 condition the AND invert circuit 436. Consequently, if an attempt is made to execute a PIOR data command, 26 a positive signal on the PIOR EARLY line is again 27 applied to render the conditioned AND invert circuit 28 436 effective to apply a negative signal to 29 deGondition the AND circuit 438 causing a negative signal to be applied to the -PROC ERR line KI~-77-009 -Z26-.~
, .~

~ - llZ~

1 indicating a procedural error.
2 c. If a PIOR data command is issued at a time when any 3 of the cipher key handling orders are in progress, 4 this causes a procedural error since no data is to S be read during these cipher key handling operations.
6 Accordingly, referring to Fig. 26d3, whenever a key 7 order operation is in progress a negative signal 8 is applied via the -K ORD line to decondition the 9 AND invert circuit 416 causing a positive signal to be applied to condition the AND invert circuit 11 436. Now, if an attempt is made to execute a PIOR
12 data command, a positive signal on the PIOR EARLY
13 line is applied to render the conditioned 14 AND invert circuit 436 effective to apply a negative signal to decondition the AND circuit 438 16 causing a negative signal to be applied to the 17 -PROC ERR line indicating a procedural error.
18 d. If a PIOR data command is issued at a time when a 19 block of data is loaded in the buffer registers and fewer than 32 usec have elapsed since the last PIOW
21 data command was issued, a procedural error will 22 result since the engine is still busy processing the 23 bloc~ of data. Therefore, referring to Fig. 26d3, 24 while the engine is busy, a negative signal is applied via the -EB line to decondition the AND
26 invert circuit 416 causing a positive signal to be 27 applied to condition the AN~ invert circuit 436.
28 Now, if an attempt is made to execute a PIOR data command, 29 a positive signal on the PIOR EARLY is applied to render the conditioned AND invert circuit 436 KI~-77-009 -227-1~2481~

1 effective to apply a negative signal to decondition 2 the AND circuit 438 causing a negative signal to be 3 applied to the -PROC ERR line indicating a 4 procedural error.
3. Procedural errors for a WR DSD order command 6 a. If a WR DSD order command is issued at a time when 7 any of the cipher key handling orders are in progress, 8 this causes a procedural error since a cipher key 9 handling operation once begun must be completed.
Accordingly, referring to Fig. 26d3, whenever a 11 key handling order command is being performed a 12 negative signal is applied via the -K ORD line to 13 decondition the AND invert circuit 433 causing 14 a positive signal to be applied to one input of the AND invert circuit 434. Now, if a WR
16 DSD order command is given while a previous cipher 17 key handling order is in progress, then, positive 18 signals on the WR DSD ORDER and TC SE~ lines are 19 applied to render the AND invert circuit 434 effective to apply a negative signal to decondition the 21 AND circuit 438 causing a negative signal to be 22 applied to the -PROC ERR line indicating a procedural 23 error.
24 b. If a W~ DSD order command is issued at a time when data from the buffer registers of the crypto engines 26 are being read, this causes a procedural error since 27 unread data still remains in the crypto engines.
28 Referring now to Fig. 2~d3, while data is being read 29 from the buffer registers of the crypto engines, the 3Q block count flip flop 414 is in a set state causing '''- l~Z~8~2 1 a positive signal to be applied via the -BLK 0 line 2 to the inverter 418 where it is inverted to a negative 3 signal to decondition the AND invert circuit 433 4 which, in being deconditioned, applies a positive signal to one input of the AND invert circuit 434.
6 Now, when a WR DSD order command is issued, positive 7 signals are applied via the WR DSD ORDER and TC SEL
8 lines to render the AND invert circuit 434 effective 9 to apply a negative signal to decondition the AND
circuit 438 causing a negative signal to be applied 11 to the -PROC ERR line indicating a procedural error.
12 c. If a WR DSD order command is issued at a time when a 13 write operation is being performed (an input cycle 14 is in progress), this causes a procedural error since a process once begun must be completed. Accordingly, 16 referring to Fig. 26d3, while an input cycle is in 17 progress, a negative signal is applied via the -IN
18 CYCLE line to decondition the AND invert circuit 433 19 which, in turn, applies a positive signal to one input of the AND invert circuit 434, as described above~ so 21 that when a WR DSD order command is issued the AND
22 invert circuit 434 is rendered effective to initiate 23 generation of a negative signal on the -PROC ERR
24 line indicating a procedural error.
d. If a WMK order command is issued at a time when the 26 EW switch is off, this causes a procedural error 27 since the command cannot be executed unless the 28 EW switch is switched on. Referring now to Fig.
29 26c3, if the enable write switch is off, a negative signal on the EWMK line is applied to the inverter ~2A8~

1 423 where it i~ inverted to a posltlve signal and 2 applied to one lnput of the AND invert circuit 425.
3 Now, when a c~pher key handling order command i9 4 decoded and further particularlzed as a WMK order S command by a po~it~ve ~ignal on the -Y lina then, 6 positive 8 ignal~ are applied vl~ the WMK and -Y
7 lines to condit$on the AND invert circuit 425.
8 At SYNC~ TD time of the WMK order operation, 9 a positive signal is applied via the WR ORD TIME
lin~ to render the AND invert circult 425 effective 11 to apply a negative signal to aecondition the AND
12 circuit 438 in Fig. 26e3 causing a negat~e aign~l i3 to be applied to the -PROC E M l~ne ind~at~ng 14 a procedural error.
Referrlng n~w to Fig. 26i2, whenever a procedural error 16 occur~ ~ecause of any of the above condlt~ons, ~he negative 17 signal on the -PROC ERR line iff applied to s~t ~he bit O !~-18 and ~it 1 latch~s 954A and 954~ of the ~atu~ reglster 952 19 to provide an indlcstion of the procedural ~rror.
ERROR COND~TIONS
21 Slx different kind~ of errors ar~ detected ln the data 22 ~cuLlty device. Each klnd, when it is detected, re~ult- in 23 th~ setting of a unique combination of b~t~ ln the statu~
24 reqister thereby prov~d~ng ~nformat$on u~able by the proces-or in ~arrying out erxor reco~e~y procedure~. The combination 26 of b~t3 in the status reg~ter for the different k~nd~ of 27 errors i8 ~hown in the following table.

X~9?7009 -230-~2~Z

1 E~ROR CONDITIONS INDICATED IN STATUS REGISTER
2 STAT~S BITS
3 Error Cond~tion 0 1 2 3 5 4 Command Error - - - - 1 Illegal Order 1 - 1 - -6 Procedural Order 7 Write ~rror 8 Key Bus Error - 1 ~ - -9 Engine Error - 1 - - -The contents of the status reqi~ter, ~ndicating error 11 condition~, if any, are read back to the proce~or under 12 control of a READ BS command which will now be descr~bed.

14 The function of thi6 operation is to read the content~
of the Qtatus regi~ter with correct parity, to provide 16 $nformation as to the occurrence of any of the ~ix dlfferent 17 k~nd~ cf errors indicated a~ove. Therefore, thi8 opoxation 18 is performed periodic~lly to check for error conditions.
19 Referring n~w to Fig. 26b2, after addres~ ~el~ction 1~ -performing during ~A time and the command byte i~ loaded into 21 the command register during TC time, the AN~ invert circuit 22 242 decode~ the READ BS command code and produce~ a negativ 23 ~ignal which is applied to one input of the OR in~ert circuit 24 246. At TC EN2 time, a positive signal on the TC END llne 1~
applied to the inverter 244 where it is ii?verted to ~ negative 26 ~$~nal ~nd applied to the other input of ~he O~ invert circu~t 2~ 246 which thereby cause~ ~he OR in~ert circuit 246 ~o apply 28 a posit$~e 3$gnal to the READ ~S line. The po~it~ve si~nal 29 on the READ BS line i8 appl$ed to one input of the AND
invert circuits 956 in Fig. 26i2, the other inputs of which ~lZ~8~Z

1 are connected to the bit latches 954 of the statu~ regi~ter 2 952. Accordingly, a pattern of bit signals, corresponding to 3 the setting of the latches 954 of the sta~.u~ regl~ter, ~re 4 applied to the -DATA BUS IN and to the parity generator 914.
S It ~hould be noted that the ~tatu~ blt~ 4, 6 and 7 are not 6 ~mplemented and, therefore, are treated a~ O bitQ in tho 7 parity generator 914 to produce the correc' par~ty ~lt on 8 the -P line of the -DATA BUS I~. The ~ettlng of the ~tat w 9 register 952, now present on the DATA BU~ IN, remain~
stable until the end of thi~ IO operation when the command 11 regi~ter i~ reset and the positive signal ~n the READ BS
12 line i8 terminated.
13 SET/RESE~ ~ASIC STATVS COMMAND OPERATION
14 These command~ are used for diagnos~ic purpose~ for test$ng the operation of the statu~ regis~er 952. Thus, in 16 the case of the SET BS command, if the ~ata field~ associated 17 with the cormmand has good parity, then the ~ta~u~ latches 954 18 that correspond to l's in the data field associated with the 19 command are set to 1' 8 whereas in the case of the RESET BS
command, if the data field associated witb the command hAs 21 good parity, th~n the status latches 954 ~hat correspond to 22 1'8 in the data fields as~ociated with the command are set 23 to 0' 8 . If a parity error is detected during the execution 24 of either of these commands a write error ~ignal will be produce~, in a manner pre~iouæly described, to set the bit 3 26 ~tatus latch g54D of the Ytatu~ register ~52 to indicate the 27 occurrence of thi~ error. ~fter executio.~ of either of 28 these commands, a READ BS command may be issued to read the 29 content of the ~tatus regi~er 952 in a manner de~crtbed above, for ~ubse~uent determination as to whether ~ pre~to w ly XIg77009 _ > ~

~ 4~2 1 defined Yalue written by either the SET BS or ~ESET BS
2 commands is identical to that read by the .~AD BS command.
3 ~eferring now to Figs. 26a2 and 26b2, after the addren~
4 selection is performed during ~A time anQ the command bit i8 loaded into the com~and register during the TC time, the AND
6 in~ert circuit 232 ~ecodes the SET BS co~land while the AND
7 lnvert circuit 23& decodes the RST BS command. The AND in~ert 8 circuit 232 cauaes a negative signal to De applied to one 9 input of the O~ invert circuit 236 while the AND invert circuit 238 cause~ the negative signal to be applied to one 11 input of the OR invert circuit 240. At TD time, the data 12 field to be loaded into the status register is recel~ed via 13 the -~A~A BUS OUT and applied via the inverters 170 to the 14 par~ty generator 178 to senerate a parity bit which i~
compared with the parity bit received from the -DATA BUS
16 OUT. If the parity bits ~o not compare then, at TD SEL time 17 the AND invert circuit 362 in ~ig~ 26b3 will detect the bad 18 parity to app}y a negati~e signal to turn on the WR ERR
19 latch 364 which, in being turned on, applies a po~itive ~ignal to the ~ND invert circuit 944 i~ ~ig. 26i2 whlch i~
21 conditioned by po~itive signal on the -RST line to cau~e a 22 negative signal to be applied to set the ~it 3 latch 9~4D
23 of the status register 952 indicating the occurrence of the 24 write error. ~Rferring ~ac~ to Fig. 2Gb2, if th~ parity i~ ~ad then a negative signal is maintained on the parlty good line 26 to decondition the AND in~ert circuit 234 causing a pos~tive 27 si~nal to be applled to the OR in~ert circuit~ 236 and 240 28 which, ln turn, maintain negative ~ignal~ on the S&T BS or 29 ~ST 8S line~ to inhi~t execution of either of these comm~nd~.
On the other hand if ~ood parity i~ detectsd, then a po~itlve ~24~

1 signal is applied to the ~ND invert circuit 234 causing a 2 negative signal to be applied to the other inputs of the OR
3 invert circuits 236 and 240. Accordingly, depending on 4 which command is being called for, a positive signal ~s applled to either the SET BS or RS~ BS line~. Referring now 6 to Figs. 26h4 and 26i2, if the command being exe~uted ls the 7 SET BS command, then a positive s~gnal is applied to condlt~on 8 the AND invert circu~ts 924, g28, 934, 942 and 948. Th~refore, g those bits of the data field which correspond to l's render these AND invert circuits effectlve to apply negative signals 11 to set corresponding one~ of the latches of She status 12 register 952. On the other hand, if ~he ~ommand being 13 executed is the RESET BS co~mand, then a po~itive s~gnal on 14 the RESET ~S line is applied to conditlon the AND invert lS circuit~ 926, 932, 940, 946 and 950. Therefore, those ~its 16 of the data field which correspond to l's render these AND
17 invert circuits effective to apply negative ~gnals to reset 18 corresponding ones of the latches of the status register 19 952.
While the invention has been particularly shown and 21 described w~th reference to the preferred er~bod~ment thereof, 22 it will be understood by those skille~ in the art that 23 several changes in form an~ detail may be made without 24 depar~ment frorr. the spirit and scope of ~he lnvention.
What is claimed ~s:

~I977G09 -234-

Claims (36)

The embodiments of the invention in which an exclusive property or privilege is claimed are defined as follows:

1. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key, an arrangement for establishing a common operational key for cryptographic operations between said host systems comprising:
means in said first host system cryptographic apparatus providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system, means in said first host system cryptographic apparatus providing an operational key in protected form, cipher means in said first host system cryptographic apparatus operably responsive to said enciphered cross domain key and said protected operational key to perform a cryptographic operation for providing said operational key enciphered under said cross domain key for transmission to said second host system, means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received enciphered operational key to perform a cryptographic operation for providing said operational key enciphered under a second key encrypting key of said second host system cryptographic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.

2. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key, an arrangement for establishing a common operational key for cryptographic operations between said host systems comprising:
means in said first host system cryptographic apparatus providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system, means in said first host system cryptographic apparatus providing an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus, cipher means in said first host system cryptographic apparatus operably responsive to said enciphered cross domain key and said enciphered operational key to perform a cryptographic operation for reenciphering said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission to said second host system, means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and cipher means in said second host system cryptographic apparatus operably responsive to said second host system enciphered cross domain key and said received enciphered operational key to perform a cryptographic operation for reenciphering said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system crypto-graphic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.

3. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first key encrypting key of said first host system cryptographic apparatus is a variant of said first master key.

4. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.

5. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said second key encrypting key of said second host system cryptographic apparatus is said second master key.

6. In a multiple domain data communication network providing communication security for communication sessions between a first host system in one domain having crypto-graphic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key where the cryptographic apparatus of each host system provides a cross domain key for cryptographic cross domain communication with the other host system, an arrangement in said first host cryptographic apparatus for protecting the cross domain key provided by said first host system cryptographic apparatus comprising:
first host system working key storage means, means storing a first key encrypting key of said first host system in said first host working key storage means as a working key, means providing first input data representing said cross domain key provided by said first host system, and cipher means operable in a first cipher function to encipher said input data under control of said working key to obtain ciphertext representing said cross domain key provided by said first host system enciphered under aid first key encrypting key.

7. In a multiple domain data communication network as defined in claim 6 wherein said first key encrypting key is a variant of said first master key.

8. In a multiple domain data communication network as defined in claim 6 for further providing an arrangement in said first host system cryptographic apparatus for protecting the cross domain key provided by said second host system wherein said first host system cryptographic apparatus further includes:
means storing a second key encrypting key of said first host system in said working key storage means to replace said first key encrypting key as the present working key said input means providing second input data representing said cross domain key provided by said second host system, said cipher means operable in a second cipher function to encipher said second input data under control of said present working key to obtain ciphertext representing said cross domain key providing by said second host system enciphered under said second key encrypting key.

9. In a multiple domain data communication network as defined in claim 8 wherein said first and second key encrypting keys are first and second variants, respectively, of said first master key.

10. In a multiple domain communication network as defined in claim 6 for further providing an arrangement in said second host system cryptographic apparatus for protecting said cross domain key provided by said first host system cryptographic apparatus comprising:
second host system working key storage means, means storing a first key encrypting key of said second host system in said second host system working key storage means as a second host working key, means providing second host system input data representing said cross domain key provided by said first host system, and second host system cipher means operable in a first cipher function to encipher said second host system input data under control of said second host working key to obtain ciphertext representing said cross domain key provided by said first host system enciphered under said first key encrypting key of said second host system.

11. In a multiple domain communication network as defined in claim 10 wherein said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.

12. In a multiple domain data communication network providing communication security for data communication sessions between a terminal associated with a first host system in one domain and an application program associated with a second host system in another domain where said terminal, said first host system and said second host system have cryptographic apparatus provided with a terminal master key, a first master key and a second master key, respectively, an arrangement for establishing a cryptographic cross domain communication session between said terminal and said application program comprising:
means in said first host system cryptographic apparatus providing said terminal master key enciphered under a first key encrypting key of said first host system cryptographic apparatus, means in said first host system cryptographic apparatus providing an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus, cipher means in said first host system cryptographic apparatus operably responsive to said enciphered terminal master key and said enciphered operational key for performing a first cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said terminal master key, means in said first host system cryptographic apparatus providing a cross domain key enciphered under said first key encrypting key, said cipher means operably responsive to said enciphered cross domain key and said operational key enciphered under said second key encrypting key for performing a second cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission with said operational key enciphered under said terminal master key to said second host system, means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key for performing a cryptographic operation to reencipher said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system cryptographic apparatus for transmission with said operational key enciphered under said terminal master key to said application program, said application program transmitting said operational key enciphered under said terminal master key to said terminal so that said operational key in enciphered form is commonly available at said terminal and said application program for subsequent cryptographic operations.

13. In a multiple domain data communication network as defined in claim 12 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first key encrypting key of said first host system cryptographic apparatus is a variant of said first master key.

14. In a multiple domain data communication network as defined in claim 12 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.

15. In a multiple domain communication network as defined in claim 12 wherein said terminal cryptographic apparatus is operably responsive to terminal plaintext and said operational key enciphered under said terminal master key for performing an encipher operation to obtain terminal ciphertext representing said terminal plaintext enciphered under said operational key for transmission to said second host system.

16. In a multiple domain communication network as defined in claim 15 wherein said second host system crypto-graphic apparatus is operably responsive to said terminal ciphertext and said operational key enciphered under said second key encrypting key of said second host system for performing a decipher operation to obtain said terminal plaintext at said second host system for use by said application program.

17. In a multiple domain communication network as defined in claim 12 wherein said second host system crypto-graphic apparatus is operably responsive to second host system plaintext and said operational key enciphered under said second key encrypting key of said second host system for performing an encipher operation to obtain second host system ciphertext representing said second host system plaintext enciphered under said operational key for transmission to said terminal.

18. In a multiple domain communication network as defined in claim 17 wherein said terminal cryptographic apparatus is operably responsive to said second host system ciphertext and said operational key enciphered under said terminal master key for performing a decipher operation to obtain said second host system plaintext at said terminal.

19. In a multiple domain data communication network providing communication security for data communication sessions between a first application program associated with a first host system in one domain and a second application program associated with a second host system in another domain where said first host system has cryptographic apparatus provided with a first master key and an application key associated with said first application program and said second host system has cryptographic apparatus provided with a second master key, an arrangement for establishing a cryptographic cross domain communication session between said application programs comprising:
means in said first host system cryptographic apparatus providing said application key enciphered under a first key encrypting key of said first host system cryptographic apparatus, means in said first host system cryptographic apparatus providing an operational key enciphered under said application key, cipher means in said first host system cryptographic apparatus operably responsive to said enciphered application key and said enciphered operational key for performing a first cryptographic operation to reencipher said operational key from encipherment under said application key to encipher-ment under a second key encrypting key of said first host system cryptographic apparatus, means in said first host system cryptographic apparatus providing a cross domain key enciphered under a third key encrypting key of said first host system cryptographic apparatus, said cipher means operably responsive to said enciphered cross domain key and said operational key enciphered under said second key encrypting key for performing a second cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission with said operational key enciphered under said application key to said second host system, means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key for performing a cryptographic operation to reencipher said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system cryptographic apparatus for transmission with said operational key enciphered under said application key to second said application program, said application program transmitting said operational key enciphered under said application key to said first application program, and said cipher means in said first host system cryptographic apparatus operably responsive to said application key enciphered under said first key encrypting key of said first host system and said received enciphered operational key for performing a third cryptographic operation to reencipher said operational key from encipherment under said application key to encipherment under said second key encrypting key of said first host system for use by said first application program so that said operational key in enciphered form is commonly available to said application programs for subsequent cryptographic operations.

20. In a multiple domain data communication network as defined in claim 19 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first and third key encrypting keys of said first host system cryptographic apparatus are first and second variants, respectively, of said first master key.

21. In a multiple domain data communication network as defined in claim 19 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.

22. In a multiple domain communication network as defined in calim 19 wherein said first host system crypto-graphic apparatus is operably responsive to first host system plaintext in accordance with said first application program and said operational key enciphered under said application key for performing an encipher operation to obtain first host system ciphertext representing said first host system plaintext enciphered under said operational key for transmission to said second host system.

23. In a multiple domain communication network as defined in claim 22 wherein said second host system crypto-graphic apparatus is operably responsive to said first host system ciphertext and said operational key enciphered under said second key encrypting key of said second host system for performing a decipher operation to obtain said first host system plaintext at said second host system for use by said second application program.

24. In a multiple domain communication network as defined in claim 19 wherein said second host system crypto-graphic apparatus is operably responsive to second host system plaintext and said operational key enciphered under said second key encrypting key of said second host system for performing an encipher operation to obtain second host system ciphertext representing said second host system plaintext enciphered under said operational key for trans-mission to said first host system.

25. In a multiple domain communication network as defined in claim 24 wherein said first host system crypto-graphic apparatus is operably responsive to said second host system ciphertext and said operational key enciphered under said second key encrypting key of said first host system for performing a decipher operation to obtain said second host system plaintext at said first host system for use by said first application program.

26. A method of communicating an operational key from a first host system in one domain to a second host system in another domain of a multiple domain communication network, each of the host systems having a respective cryptographic apparatus and the operational key subsequently being used in each domain for cryptographic data communication between the domains, the method being characterised by the steps of:
providing at the first host system an operational key enciphered under a cross domain key for cross domain communication between the domain of the first host system and the domain of the second host system, providing at the second host system the cross domain key enciphered under a first key encrypting key of the second host system cryptographic apparatus, communicating the operational key enciphered under the cross domain key from the first host system to the second host system, and carrying out a cryptographic operation at the second host system cryptographic apparatus in accordance with the enciphered cross domain key and the received enciphered operational key to provide the operational key enciphered under a second key encrypting key of the second host system.

27. A method as claimed in claim 26, wherein the operational key enciphered under the cross domain key is provided by the steps of:
providing the cross domain key enciphered under a first key encrypting key of the first host system cryptographic apparatus providing the operational key in protected form, and carrying out a cryptographic operation at the first host system cryptographic apparatus in accordance with the enciphered cross domain key and the protected operational key to provide the operational key enciphered under the cross domain key.

28. A method as claimed in claim 27, wherein the operational key is protected by encipherment under a second key encrypting key of the first host system cryptographic apparatus.

29. A method as claimed in claim 28, wherein the second key encrypting key of the first host system cryptographic apparatus is a master key and the first key encrypting key of the first host system cryptographic apparatus is a variant of the master key.

30. A method as claimed in claim 28 or 29, wherein the second key encrypting key of the second host system cryptographic apparatus is a master key and the first key encrypting key of the second host system cryptographic apparatus is a variant of the master key.

31. A method as claimed in claim 28, wherein the cryptographic communication is between a terminal associated with the first host system and an application program associated with the second host system, the terminal, the first host system and the second host system all having a respective cryptographic apparatus provided respectively with a terminal master key, a first master key and a second master key, the method further comprising the steps of:
providing at the first host system the terminal master key enciphered under the first key encrypting key of the first host system encryptographic apparatus, carrying out a cryptographic operation at the first host system cryptographic apparatus in accordance with the enciphered terminal master key and the operational key enciphered under the second key encrypting key to provide the operational key enciphered under the terminal master key, communicating the operational key enciphered under the terminal master key together with the operational key enciphered under the cross domain key to the second host system, communicating the operational key enciphered under the second key encrypting key of the second host system cryptographic apparatus and the operational key enciphered under the terminal master key from the second host system to the application program, and communicating the operational key enciphered under the terminal master key from the application program to the terminal whereby the operational key in enciphered form is commonly available at the terminal and the application program for subsequent cryptographic operations.

32. A method as claimed in claim 31, wherein the second key encrypting key of the first host system cryptographic apparatus is the first master key and the first key encrypting key of the first host system cryptographic apparatus is a variant of the first master key.

33. A method as claimed in claim 31 or 32, wherein the second key encrypting key of the second host system cryptographic apparatus is the second master key and the first key encrypting key of the second host system cryptographic apparatus is a variant of the second master key.

34. A method as claimed in claim 28, wherein the cryptographic communication is between a first application program associated with the first host system and a second application program associated with the second host system where the first host system cryptographic apparatus is provided with a first master key and the second host system cryptographic apparatus is provided with a second master key, the method further comprising the steps of:
providing at the first host system an application key associated with the first application program and enciphered under a third key encrypting key of the first host system cryptographic apparatus, providing at the first host system the operational key enciphered under the application key, carrying out a cryptographic operation at the first host system cryptographic apparatus in accordance with the enciphered application key and the operational key enciphered under the second key encrypting key to provide the operational key enciphered under the second key encrypting key of the first host system cryptographic apparatus, communicating the operational key enciphered under the application key together with the operational key enciphered under the cross domain key to the second host system, communicating the operational key enciphered under the second key encrypting key of the second host system and the operational key enciphered under the application key from the second host system to the second application program, communicating the operational key enciphered under the application key from the second application program to the first application program, and carrying out a cryptographic operation at the first host system cryptographic apparatus in accordance with the application key enciphered under said third key encrypting key of the first host system and the received operational key enciphered under the application key to provide the operational key enciphered under the second key encrypting key of the first host system whereby the operational key in enciphered form is commonly available to both the application programs for subsequent cryptographic operations.

35. A method as claimed in claim 34, wherein the second key encrypting key of the first host system cryptographic apparatus is the first master key and the first and third key encrypting key of the first host system cryptographic apparatus are first and second variants, respectively, of the first master key.

36. A method as claimed in claim 34 or 35, wherein the second key encrypting key of the second host system cryptographic apparatus is the second master key and the first key encrypting key of the second host system cryptographic apparatus is a variant of the second master key.