Secured Communications Scheme Using Random Numbers
Background of the Invention
1. Field of the Invention
The invention relates to encrypting and decrypting data in order to provide a highly secured method of communications .
2. Description of the Related Art
The secure exchange of information using cryptography has been of ongoing and increasing importance . Cryptography has played an important role in history and, more recently, in commercial transactions. Several important historical events have been precipitated by the breaking of secret codes. The United States was propelled into World War I, for example, when the Zimmerman Note was broken and it was learned that Mexico was promised territories within the United States if they entered Germany's war effort. ( See Charles H. Bennett, et . al . , Quantum Cryptograph, Scientific American, Oct. 1992, p. 50).
The field of cryptography has advanced from the field of military intelligence into everyday commercial interactions. There is a need for secure transmission of electronic transactions, such as credit card purchases, and for a method of securely transmitting information over publicly accessible electronic channels.
Several schemes have been developed to address the problem of securing exchanges of information. The first mathematically unbreakable encryption scheme, the
Vernam cipher, was developed by Gilbert S. Vernam of American Telephone and Telegraph Company and Major Joseph O. Mauborgne of the U.S. Army Signal Corps. The Vernam encryption scheme (also known as the "one-time pad" scheme) requires a key that is at least as long as the message and which is never used to send another message .
The Vernam cipher relies on a sequence of random numbers of length at least as large as the length of the message to be sent. The sequence of random numbers, which can be a random sequence of "0"s and "l"s to be used with a message coded similarly, is subtracted from or added to the message before it is sent . The receiver decodes the message by adding or subtracting the same random sequence.
In the Vernam scheme, all concerned must have identical copies of the key. The deficiency in the Vernam scheme, therefore, is in the distribution of the keys to each of the parties. These keys are used only once and are typically distributed on pads, hence the origin of the name "one-time pad" scheme. A mistake, such as losing or reusing the pad, breaches the security of the message. This was learned all too well by Soviet intelligence shortly after World War II when some one-time pads were inadvertently used twice, causing American code-breakers to expose several spies.
Variations of the Vernam cipher have reused long keys or have used systems where the sender and receiver have identical pseudo-random number generators. A pseudo-random number generator generates a series of numbers which statistically appear random but which are actually completely deterministic. Both the receiver and the sender can generate the same key by starting the pseudo-random number generator using the same "seed" value. None of these schemes, however, are
completely secure because the keys can be predicted by an eavesdropper.
As a result of the necessity of communicating the key for each message and the difficulties in securing the keys, the Vernam system is rarely used. A more prevalent system of exchanging secured information is with the use of public-key cryptosystems . An advantage of public-key encryption systems is that they allow two parties who have not previously communicated to send secured messages. In the public-key system, the receiver, A, chooses randomly a pair of mutually inverse transformations to be used for encryption and decryption of the message. A then publishes instructions for encryption but does not publish the transformation used for decryption. The transformations are chosen so that it is at least extremely difficult to deduce the transformation used for decryption from that used for encryption. A sender, B, would then be able to send a secured message to A by encrypting the message as per the publicly known algorithm and sending it to A. A would then use the unpublished decryption algorithm to retrieve the message .
Although public-key encryption may be applicable for certain uses, especially when the parties have not foreseen a need to communicate, these system have not been shown to be secure .
Summary of the Invention
In accordance with this invention, a method of encryption is provided which expands on the Vernam cipher system but which dispenses with the need for the parties to continuously communicate a key by alternative channels.
In one embodiment of this invention, one of the users generates a key, preferably including a series of random numbers, the random numbers preferably being generated using a quantum random number generator as described in Applicant's previous application (serial number 08/876,994), hereby incorporated by reference in its entirety. The key is communicated to all of the other users. The communication channels used to distribute the key may include personal communication, postal mail, or electronic means. Personal communication is the most secure method of communicating the key while electronic transmissions suffer a high degree of risk because the key may be intercepted.
A message may be sent between the parties using the sequence of random numbers as an encryption key. In addition, each time that the parties communicate, a new key is generated. The new key is encrypted using the previous key, or alternatively the previously sent message or a preset encryption sequence, and is communicated to the users . The new encrypted key may be sent along the same transmission channel as was the encrypted message. Each of the users then decrypts the new key using the previous key and stores the new key in place of the previous key so that the new key is used for the next communication. Therefore, any given key is used in sending and/or receiving only one message and is abandoned in favor of a new key without
any further need of communication between the parties through alternative channels.
In addition, only one of the parties needs to have the capability of generating the key. The other parties need only have means of storing the keys and decrypting the messages. Devices for storing keys and decrypting messages include smart cards, computer systems, or even magnetic tape storage devices (such as credit cards) combined with use of a processor system. The invention is inherently applicable to computer based communications.
As is further described below, users who have not previously interacted to initialize an encryption key may send and receive secured messages through a mediator with whom each of the parties have initialized a communication channel. The invention is applicable to use with the Internet, the world wide web, credit card or debit card transactions, or Pay TV systems, among other uses . In yet another embodiment, the encryption key may be used to encode a passkey. In this system, the message itself is a random sequence which, when decrypted by the receiver, is used to access coded information such as debit card balances. The passkey may also allow physical access, i.e. unlocking or opening a door.
In another embodiment of the invention, the key may be used to certify the source of the message. In this embodiment, the sender transmits the key to the receiver and the receiver compares the key with a stored key to certify the sender's identity. After the sender is certified by the receiver, further communications without encryption may be undertaken. Additional communications may include passkeys or, alternatively, the certified key may itself act as a
passkey, allowing access to information or to allow physical access such as opening doors.
An additional feature of the invention is that, because the encryption key is updated after every communication, if a user's key has been intercepted and used by an eavesdropper (such as would be the case with fraudulent credit card transactions) then that user will no longer have access to the system and can promptly notify the mediator or other users of a breach in security.
Description of the Figures
Figure 1 shows schematically communication between several parties.
Figure 2 shows schematically communication between several parties using a mediator as a central communications node. Figure 3 shows an apparatus for communicating between two parties.
Figure 4A shows a smart card used as a communicator .
Figure 4B shows a memory card/magnetic strip card used as a communicator.
Description of the Invention
Figure 1 shows schematically communication between several parties using a distributed network system. Although only parties A, B, C and D are shown, any number of parties greater than two may be linked in accordance with the technique shown in Figure 1. In addition, a message sender may selectively choose to whom a particular message is to be sent. Figure 1 also shows a possible eavesdropper E.
The message may be represented as a numerical sequence (Mlf . . ., Mir . . . ML) where MA is a number which represents the ith character of the message and L is the length of the message. Although many different schemes may be devised for translating a message into numerical format, a particularly useful form for computerized communication is the binary form, a series of "0"s and "l"s. Some applications which use the binary format include the Internet, the world wide web, credit card purchases, debit card purchases, and pay TV, although other applications may use it as well.
A message may also include verification or routing information. The verification information may be used to verify the identity of the sender to the receiver. Routing information may be used to determine who the sender chooses to receive the message .
The communications channels are initialized by first generating and distributing to all of the parties an encryption key. Figure 1 shows the scenario where party C has the capability of generating a key G while parties A, B and D do not. Therefore, Party C would generate the key and distribute the key to parties A, B and D. Any of the parties, or all of the parties, may have the capability of generating a key G, but at least one of them must have the capability of generating a key G. The communication channel is initialized by any party generating and distributing the key to all of the other parties. Each party stores the encryption key for future use . Preferably, the key includes a sequence of random numbers, (Rl f . . . RN) . The key, however, may also include further information such as, for example, a choice of encryption/decryption methods. The key generator G is preferably a random number generator. Although the random number generator may be one of any of the well known types, the preferred random
number generator used with this invention is a true random number generator such as the quantum mechanical random number generator of Applicant's previous application (Ser. No. 08/876,994) . The preferred random number generator employs the laws of quantum mechanics in order to generate a true random number sequence which does not repeat . These generators are fast enough to produce a sequence of random numbers of adequate length in an amount of time consistent with the needs of this communication scheme and are relatively independent of external influences.
Most random number generators employ arithmetic methods for generating random numbers which inherently are deterministic and which may, with enough persistence, be shown not to be truly random. At some point in the sequence generated they repeat, thereby compromising the desired nonpredictability of the key sequence .
These "pseudo-random" number generators calculate a series of numbers from a user inputted "seed" number where the series of numbers is statistically random. The series of numbers, however, is completely deterministic in that the same series is always generated from a particular "seed" value. Another method of generating random numbers is by use of statistical process such as the electronic noise created by the random movement of electrons in electronic circuitry. (See Robert Matthews, "It's a Lottery", New Scientist, 22 July 1995, p. 38, 39). Although this method is preferred over an arithmetic method, these devices are slow and may lose their true randomness based on external influences. Yet another statistical process random number generator uses radioactive decay to generate random numbers. The length of the sequence, N, is arbitrary but it is preferred that the length N be chosen to be equal to
or greater than the length of the numerical sequence representing the message, L. A sequence length N that is less than the length of the message L will result in a less secure transmission because it is necessary that part of the key be repeated in the encryption process. The part of the encryption key which is repeated potentially compromises the portions of the message encrypted with the repeated key. If the message is to be sent in bit format, i.e. as a sequence of "0"s and "l"s, then the sequence of random numbers is also preferably a sequence of "0"s and "l"s.
The initial encryption key is preferably communicated to each of the other parties in person. Alternative forms of communicating the initial encryption key include mail or by electronic transmission. In-person communication of the initial key has the advantage of more securely ensuring that the parties receive the key and that potential eavesdroppers do not gain access to the key. Other forms of communication increase the risk that the initial key is intercepted by a potential eavesdropper.
After the parties are all in possession of the encryption key, any of them may send a secured message to any or all of the others. The message, after translation into its corresponding numerical sequence, may be encrypted using the key in a number of ways, but whichever way is chosen must be agreed upon by the parties in advance. The method of encryption may also be communicated between the parties along with the key itself where a code in the key signals a selection from a predetermined set of encryption/decryption methods.
One common method of encryption, the preferred method, is to add or subtract the random number sequence of the key to the message. This is the well known Vernam cipher. The resulting encrypted message is therefore (M ± Rl t . . . , ML ± Rj) . If L=N, then j=N
whereas if L<N, j=L. If L>N, then j is the end of whatever partial sequence of the random number sequence in the key that was used to fill the end of the key. Any operation which convolutes the message with the key can be used to encrypt the message so long as all parties know and agree upon the operation so that the decryption of the message can be accomplished by deconvoluting the message from the key. Possible convolution operations include any mathematical function of the message sequence and the encryption sequence, or any shifting and rearranging of sequence strings in the message and the key such that the resulting encrypted message is a single sequence.
In the preferred method, the message and the key are both in binary form and the convolution of the message with the key results in an encrypted sequence having the same length as the message. However, in general the encrypted message may be of any length sufficient to contain the entire message. The sender of the message encrypts the message and transmits the encrypted message to each of the receiving parties. Not all of the parties may receive the message.
At the end of the transmission of the message, one of the parties who is capable of generating a key (C in Figure 1) generates a new key. Preferably, that party encrypts the new key using the old key and transmits the encrypted new key to all of the parties, the old key being the key previously used to send the message. Alternatively, but with less security, the new key may be encrypted using the previously transmitted message or a preset encryption sequence previously shared by the parties.
Each of the parties, then, decrypts the new key using the old key and stores the new key in place of the old key. The new key is then used in future
communications and the old key can be abandoned. Alternatively, the old key can be stored as proof of the message.
Both the message and the new key are securely transmitted between the parties even though transmission of the encrypted new key requires a repeated use of the old key. If the new key is encrypted using the old key, an outside party, Eavesdropper E in Figure 1, would not be able to break the code based on the encrypted new key because the new key itself is a sequence of random numbers. Eavesdropper E could break the code, however, if the old key was reused to send a new message or repeated in the transmission of the old message. A new party may be included in the communication scheme of Figure 1 by sharing the current encryption key to the new party and by connecting the new party to the other parties so that the new party can send and receive encrypted messages. Figure 2 shows schematically a communication technique between several parties (A, B, C, and D) where each of the parties has previously initialized a communication channel with a mediator. The parties do not necessarily have an initialized communication channel with each other. In addition, the parties may not have previously contemplated the need for communications between them.
In Figure 2, each party (A, B, C, or D) individually initializes a communication channel with a mediator. Although Figure 2 shows only parties A, B, C and D, the mediator may initialize communications channels with any number of separate parties. Preferably, the mediator has the capability of generating a key G and communicates a separate key to each of the parties. Alternatively, if the mediator does not have the capability of generating a key, each
of the parties should have that capability G and then each party communicates a key to the mediator. The latter scenario may be useful if the mediator is a shared member of separate communications networks which utilize this methodology. If the mediator is not capable of generating a key and not all of the parties have the capability of generating a key G, then the mediator must receive keys from a capable party to distribute to those not capable of generating a key. The mediator stores the encryption key for each party individually in such a way that the key associated with an individual party is easily identifiable to the mediator.
As was discussed above, the key preferably includes a random number sequence generated from a random number generator. After initializing the communication channels, an initial key is shared between the mediator and each of the parties . Each channel may be opened separately; therefore each of the parties in the configuration of Figure 2 may share a different key with the mediator. A new member is added to this scheme by initializing a separate communication channel with the mediator.
Any one member, for example A, may now send a secured message to any other party, for example B. Party A encrypts the message using the key and an encryption method that is shared between party A and the mediator. Party A transmits the encrypted message to the mediator. The mediator decrypts the message and determines from routing information that is transmitted as part of the message which party or parties are to receive the message . The mediator then encrypts the message using the key which is shared with the receiving party, B in this example, and transmits the message to the receiving party. The receiving party retrieves the message by decrypting the message using
the key that the receiving party shares with the mediator.
The key which is shared with the sending party, A, and the keys that are shared with the receiving parties, B, are then replaced. For each party, a new key is generated. Preferably, the new key is encrypted using the key that is shared between that party and the mediator M. Alternatively, the new key could be encrypted using the message which was previously sent between the party and the mediator. In addition, the new key could be encrypted using a preset encryption sequence previously shared between the party and the mediator.
The encrypted new key is then transmitted so that both the party and the mediator M share the new key.
The encrypted new key is then decrypted and is used to replace the previous key. In this way, different parties, such as A and B, may securely communicate through a mediator while never themselves sharing a common key.
The configuration of Figure 2 is employable to send messages between parties, such as Party A and Party B, even if the parties are members of a network such as Figure 1 if the communications link between them is faulty or non existent. The parties A and B in Figure 1 may communicate using party C or D as a mediator. In addition, the parties A, B, C and D in Figure 1 may themselves each be networks as shown in Figure 1, each of these networks having the mediator as a member.
The configuration illustrated in Figure 2 may be particularly employable for secured credit card or debit card purchases over the Internet, world wide web or via telephone lines where the purchaser and vendor have not previously interacted but both use a central credit card service such as mastercard or visa.
In a credit card application, a transfer of funds from user A to user B may result from A transmitting a different message to the mediator than the mediator finally sends to B. For example, if A is transferring funds to B then A' s message may include a passkey and account information. The mediator records A' s message, and after approval of the transfer of funds, sends B a confirmation that funds have been credited to B's account from A' s account . The mediator may hold the account information or, alternatively, another user may hold the account information and the mediator must communicate with the third user for approval before sending a confirmation to B. The mediator may communicate with the third party user using the techniques of this invention.
Another useful application of the invention, either in the configuration of Figure 1 or the configuration of Figure 2, is to obtain access to information or initiate an action from another communicating party. In this embodiment, the message includes a passkey which may be randomly generated. Other non-encrypted messages may be sent between the sender and receiver in addition to the message which includes the passkey. The use of the system to send passkeys may be particularly useful for debit card account access or simply to unlock or operate doors (e.g., garage doors).
In this embodiment the party seeking access encrypts the message including the passkey using the key and transmits the encrypted passkey to the party responsible for granting access. The key is replaced after each use. The granting party decrypts the encrypted passkey and, by comparing the passkey with a stored passkey, either grants or disallows access to the party seeking access. The granting party may grant access to information (such as in a debit card
transaction) , transfer funds in response to the remainder of the messages (such as in a credit card transaction or debit card transaction) , or open a door (such as in a garage door opener) . In yet another embodiment, the key may be used to certify the validity of a communication. In the certification embodiment, the key is sent to the receiver and replaced after every transmission. The receiver compares the key with a stored key to certify that communication with that sender is valid. In this embodiment, the key itself may act as a passkey such as discussed above or is used to certify that a message originates from a particular sender. A message, which may or may not be encrypted, may be sent in the communication. One method of sending the message with the key is to appending the message sequence onto the end of the random number sequence of the key. Alternatively, the message may be sent in a transmission separate from the transmission which includes the key. In either case, the key is used to certify that the message originates from a particular sender .
The systems described in Figures 1 and 2 and in the embodiments of the invention are secure once the initial key is successfully communicated. However, if security is breached there is an additional security feature. If a user's key is used by an eavesdropper to send or receive data, then that user's key will not be updated (the eavesdropper's stolen key will be updated instead) . The user will find the communications system inaccessible and can alert the other parties and/or the mediator to the breach in security.
In addition, if a record is made of the previously used keys, the current key in the possession of the user will evidence the last transaction made by the
user. Subsequent transactions with the user's keys, therefore, are made by the eavesdropper.
An apparatus for use with either of the communication configurations shown in Figures 1 and 2 is shown in Figure 3. The apparatus includes at least two communicators and at least one key generator, a communicator being a device for communications. Figure 3 shows Communicator A 100, Communicator B 200 and Key Generator 300. Communicator A 100 includes Data I/O port 110, processor 120, encryption key storage memory 130, message storage memory 140, and system memory 150. Communicator B 200 includes data I/O port 210, processor 220, encryption key storage memory 230, message storage memory 140 and system memory 250. Communicator B 200 also communicates with key generator 300 so that Communicator B 200 has the capability of generating a key (G on Figures 1 and 2) .
Each communicator must at least have the ability to store the key, encrypt and decrypt messages, and communicate with other communication devices.
Communicator A 100 has a processor 120 which receives and sends messages through data I/O port 110. Data I/O port 110 may include a modem to facilitate communications with other communicators. Processor 120 stores the message in message storage memory 140, reads the key from encryption key storage memory 130, and encrypts or decrypts the message in response to programming instructions stored in the system memory 150. Communicator B 200 reads and writes encryption keys to encryption key storage memory 230, receives and sends messages through data I/O port 210, and reads and writes messages from message storage memory 240 in response to programming instructions stored in system memory 240. Data I/O port 110 and data I/O port 210 must be compatible so that communicator A 100 and communicator
B 200 can exchange data through transmission path 400. Transmission path 400 may be telephone lines, Ethernet lines, or other communications path by which different communicators may communicate. In addition, Communicator B 200 receives new keys from key generator 300. Key generator 300 generates a key and could be one of the random number generators previously discussed, preferably the quantum mechanical random number generator. Figure 3 shows only two communicators, but the apparatus for carrying out this invention could include any number of separate communicators configured as in Figure 1 or Figure 2. In the configuration of Figure 1, the communicators communicate with all other communicators and in Figure 2 each communicator communicates with a mediator. A communicator which is functioning as a mediator in Figure 2 must additionally be capable of storing a separate key in relation to each of the users of the mediator configuration. A network of communicators as in Figures 1 or 2 may include any number of different communications devices, each device having the capability of storing a key, encrypting and decrypting data, and of communicating with the other communicators or with the mediator through transmission paths 400. The preferred apparatus for use with this invention includes at least one smart card, a communicator acting as a mediator, and a key generator communicating with the mediator. Figure 4A shows a smart card for use with this invention. Preferable, the smart card 500 is physically convenient to transport, i.e. about credit card size. The smart card 500 includes a processor 520, a data I/O port 510, an encryption key storage memory 530, a system storage memory 550, and a message storage memory 540. Processor 520 is capable of encrypting and decrypting messages, of reading and
writing to the encryption key storage memory 530 and the message storage memory 540, and of communicating through data I/O port 510 with another communicator, such as a mediator. In Figure 4A, the smart card 500 communicates through data I/O port 510 to an intermediate I/O device 560 which communicates with the other communicators of network 700, although smart card 500 may itself be capable of communicating with network 700. In one embodiment, smart card 500 also stores account information and account balances. This information is useful if the smart card is used as a debit card. In addition, smart card 500 or intermediate I/O device 560 may have external displays and controls so that an outside user may query smart card 500 regarding account information and balances. If interaction with the smart card is possible, the encryption key and the program instructions containing the encryption method should remain inaccessible. The intermediate I/O device 560 need have no further features except to facilitate communications with other communicators in network 700. For example, an intermediate I/O device 560 may connect smart card 500 to a phone modem wherein the intermediate I/O device 560 communicates with the smart card 500 through the data I/O port 510 and transmitting to network 700 through a phone modem. Other intermediate I/O devices include computer systems capable of networking with other communicators . At least one communicator in network 700 with smart card 500 must be capable of generating encryption keys . The key generator used in the preferred embodiment is the quantum mechanical random number generator. Although the smart card is the preferred device for use with this method, any device which has the
capability of storing a key, reading the key, encrypting information and decrypting information may be used. A standard card type memory storage device, such as a standard credit card with a magnetic strip or a memory card having a memory chip, used with a card reader capable of sending and receiving messages to the central computer, reading the memory storage device, and writing to the memory storage device will suffice. Figure 4B shows a storage card communicator 600 having a storage card 630 in communication with card reader 660. Storage card 630 may be a memory card, a card with a magnetic strip, or any other device capable of storing data. Card reader 660 includes a processor 620, a system memory 650, a message memory 640 and a data I/O port 610. The processor 620 read the encryption key from the memory card 630 and encrypts or decrypts messages in response to program instructions stored in the system memory 650. The data I/O port 610 is capable of communicating with other communicators on network 700.
Storage card 630 may also store account information and account balances. This information is useful if the storage card is used as a debit card. In addition, card reader 660 may have external displays and controls so that an outside user may query account balances stored in the card.
Yet another embodiment of the communicator includes a computer, the computer being capable of communicating with all of the other communicators in the network or with a mediator computer. Each computer must be able to store the encryption key and encrypt and decrypt data which it receives. This communicator is useful for Internet communications or for networking communications. In addition, and for added security, each of the computers may be capable of communicating with a device external to the computer, the device
being one which stores the key and possibly is also one which encrypts and decrypts the data (such as a smart card or a storage card) . The external device could make the key and possibly the encryption/decryption algorithms inaccessible to the computer.
The examples illustrated here are representative examples and in no way limit the scope of this application. Other obvious embodiments of the invention will be apparent to one skilled in the art and are included within the scope of this application.