BORZA MICHAEL (CA)
| WO2002084461A1 | 2002-10-24 |
| US6598161B1 | 2003-07-22 | |||
| US7103772B2 | 2006-09-05 | |||
| US5297207A | 1994-03-22 | |||
| US5345505A | 1994-09-06 | |||
| US20030079124A1 | 2003-04-24 |
CLAIMS
What is claimed is:
1. A method comprising; providing a first base key for extracting therefrom a plurality of first sequential security keys; sequentially extracting from the first base key a plurality of first sequential security keys including a first sequential key; providing a second base key for extracting therefrom multiple second sequential security keys; sequentially extracting from the second base key a plurality of second sequential security keys including a second sequential key; and overwriting said first sequential key with the second sequential key subsequently extracted prior to completely extracting all of the multiple first sequential security keys relating to the first base key.
2. A method according to claim 1 wherein, extracting a next sequential key from the multiple first sequential security keys is performed during a time that a previously extracted sequential key from the multiple first sequential security keys is used in a ciphering process.
3. A method according to any of claims 1 through 2 wherein, extracting each sequential key from the at least one of multiple first sequential security keys and multiple second sequential security keys is performed by dedicated circuitry for extracting the sequential keys, the dedicated circuitry operating in parallel to the cipher circuitry.
4. A method according to any of claims 1 through 3 wherein, extracting each sequential key is performed after storing of each prior extracted sequential key and during a use of the prior extracted sequential key within a ciphering process.
5. A method according to any of claims 1 through 4 wherein, processing each of the sequential keys relates to processing sequential keys each relating to different base keys being processed concurrently, each of the plurality of sequential keys at a different stage of key extraction from a related base key.
6. A method according to any of claims 1 through 5 wherein, the plurality of first sequential security keys are employed within a ciphering process.
7. A method according to any of claims 1 through 6 wherein, the ciphering process is performed in N stages in parallel and wherein at a point in time a first base key is associated with one of the N stages and a second base key is associated with a first other stage of the N stages and at another point in time the first base key is associated with a second other stage of the N stages and the second base key is associated with a third other stage of the N stages.
8. A method according to any of claims 1 through 7 wherein, the ciphering process is performed in N stages and wherein the base keys are provided to a first stage of the N stages in sequence in a cyclic manner.
9. A method according to any of claims 1 through 8 wherein, the ciphering process is performed in N stages and is performed with M parallel processing blocks, M being less than N.
10. A method according to any of claims 1 through 0 - wherein, each of the M parallel processing blocks processes more than one sequential key relating to a same base key.
11. A method according to any of claims 1 through 10 wherein, the process other than stores in advance all of the sequentially extracted keys relating to a same base key.
12. A method according to any of claims 1 through 12 wherein, the process supports multiple data threads.
13. A method according to any of claims 1 through 13 wherein, the plurality of first sequential keys is used to cipher a single data thread.
14. A method according to any of claims 1 through 13 wherein, the extraction is performed according to a process associated with each stage of the N stages.
15. A cipher processor comprising: a pipeline processor comprising N stages, each stage for extracting a sequential key and for ciphering of data using the extracted sequential key, the pipeline for providing at least the sequential key in a feed forward fashion to a subsequent stage for subsequent extraction therefrom of a subsequent sequential key, the extracted sequential keys for use in a ciphering stage and for being fed forward to a subsequent stage but other than for long term storage within memory of the cipher processor.
16. A cipher processor according to claim 15 wherein, the pipeline processor comprises N stages, N being equal to a number of the first sequential keys to be extracted and wherein a first stage receives another base key during processing of sequential keys based on a second other base key.
17. A cipher processor according to any of claims 15 throughlό wherein, N equals at least one of 10, 12, and 14.
18. A cipher processor according to any of claims 15 through 17 wherein, a number of the first sequential keys to be extracted is a whole number multiple of the number of stages, N.
19. A cipher processor according to any of claims 15 through 18 wherein, a first stage of the cipher processor receives another base key during processing of the sequential keys by a subsequent stage of the cipher processor based on a second other base key, and wherein each stage is for processing of data based on two or more sequential keys relating to a same base key.
20. A cipher processor according to any of claims 15 through 19 wherein, the cipher processor comprises each of the stages disposed for parallel processing different data and different sequential keys.
21. A cipher processor according to any of claims 15 through 20 absent an expanded key store.
22. A cipher processor according to any of claims 15 through 21 further comprising, circuitry for supporting multiple data threads.
23. A cipher processor according to any of claims 15 through 22 wherein, the sequential keys are related to a same base key and are extracted in sequence to cipher a single data thread.
24. A computer readable medium having stored therein data according to a predetermined computing device format, and upon execution of the data by a suitable computing device a security method is provided comprising: providing a first base key for extracting therefrom a plurality of first sequential security keys; sequentially extracting from the first base key a plurality of first sequential security keys including a first sequential key; providing a second base key for extracting therefrom multiple second sequential security keys; sequentially extracting from the second base key a plurality of second sequential security keys including a second sequential key; and overwriting said first sequential key with the second sequential key subsequently extracted prior to completely extracting all of the multiple first sequential security keys relating to the first base key.
25. A computer readable medium having stored therein data according to a predetermined computing device format, and upon execution of the data by a suitable computing device a circuit for implementing a security method is provided comprising: a pipeline processor comprising N stages, each stage for extracting a sequential key and for ciphering of data using the extracted sequential key, the pipeline for providing at least the sequential key in a feed forward fashion to a subsequent stage for subsequent extraction therefrom of a subsequent sequential key, the extracted sequential keys for use in a ciphering stage and for being fed forward to a subsequent stage but other than for long term storage within memory of the cipher processor. |
MULTIPLE SEQUENTIAL SECURITY KEY ENCRYPTION - DECRYPTION
FIELD OF THE INVENTION
[001] The invention relates to the field of electronic data security and more particularly to the field of extraction of sequential keys.
BACKGROUND OF THE INVENTION
[002] In recent years the rapid adoption of wireless communication technology has triggered a rapid increase in the ability of people to conduct their lives whilst on the move. Technological advances resulting in a combination of compact, low power, efficient, high speed, and ergonomically designed microprocessor based portable devices with advanced communications have spearheaded this adoption. With each generation, better, more user friendly or more advantageous features are added. Present wireless communication devices support a wide variety of applications including: World Wide Web access, text messaging, voice communications, address book management, scheduling, alarm clock, electronic mail, camera, video camera, video conferencing, and so forth. Only a few years ago, many of these features were only available on a desktop computer system.
[003] New features and applications are released, typically every year. For example, present systems now support the procurement and presentation of multiple media formats, including MPEG music, streamed video, news stories, and even books, through to the online purchase of items directly from company websites or other locations. This is now coupled with other facilities designed to make life easier for people on the move, and coincidentally acts to lower individual and corporate installation requirements for each office. This often results in lower office space requirements and in lower staffing requirements.
[004] In most of these applications and others, there exists the requirement to transfer information in a secure manner. This need is driven from both ends of the communication path, for example, either from the users' viewpoint of providing bank account details,
credit card numbers etc through to the service provider who seeks to similarly protect confidential information but also limit the dissemination of procured media content thereby reducing theft.
[005] Common to many security techniques are encryption mechanisms wherein data to be transmitted is obfuscated - transformed to seemingly meaningless information - through an encryption process utilising encryption keys which are either separately communicated or synchronized to allow the information to be reverse-transformed - recovered - after transmission via an insecure medium, such as the Internet. Different approaches are known using public and private key forms, multiple keys, and even multiple keys to encode different sections of the same information.
[006] Some encryption processes require that the encryption key is expanded prior to use. When key expansion is necessary, these keys are stored in their expanded form during use so that the expanded keys are readily available and processing time for key expansion is not necessary during the ciphering process. For a system managing for example multiple network data traffic flows simultaneously, such a pre-expansion is beneficial to ensure that system performance is not affected when context switching occurs. As such, when in common use, each key is stored both in its initial form and in its expanded form. Such approaches therefore require additional memory resources for the storage of the extracted keys but save processing time for extracting those keys repeatedly during use. Such approaches also have inherently lower security as an unauthorized access to the device or memory may extract all or some of the expanded encryption keys.
[007] For the manufacturers of many portable devices there is benefit in being able to lower the memory requirements of these devices, both to reduce cost of the memory itself but to also reduce the power consumption of the memory and increase the stand-by or active life of the device before requiring recharging. Such benefits are advantageous where they do not come at the expense of overall performance of the portable device.
[008] It would therefore be advantageous to use a ciphering process that reduces memory storage resource requirements but provides approximately equivalent performance.
SUMMARY OF THE INVENTION
[009] According to an embodiment of the invention there is provided a method comprising;
(a) providing a first base key for extracting therefrom a plurality of first sequential security keys;
(b) sequentially extracting from the first base key a plurality of first sequential security keys including a first sequential key;
(c) providing a second base key for extracting therefrom multiple second sequential security keys;
(d) sequentially extracting from the second base key a plurality of second sequential security keys including a second sequential key; and
(e) overwriting said first sequential key with the second sequential key subsequently extracted prior to completely extracting all of the multiple first sequential security keys relating to the first base key.
[0010] In accordance with another embodiment of the invention there is provided a cipher processor comprising a pipeline processor comprising N stages, each stage for extracting a sequential key and for ciphering of data using the extracted sequential key, the pipeline for providing at least the sequential key in a feed forward fashion to a subsequent stage for subsequent extraction therefrom of a subsequent sequential key, the extracted sequential keys for use in a ciphering stage and for being fed forward to a subsequent stage but other than for long term storage within memory of the cipher processor.
[0011] In accordance with another embodiment of the invention there is provided a computer readable medium having stored therein data according to a predetermined computing device format, and upon execution of the data by a suitable computing device a security method is provided comprising:
(a) providing a first base key for extracting therefrom a plurality of first sequential security keys;
(b) sequentially extracting from the first base key a plurality of first sequential security keys including a first sequential key;
(c) providing a second base key for extracting therefrom multiple second sequential security keys;
(d) sequentially extracting from the second base key a plurality of second sequential security keys including a second sequential key; and
(e) overwriting said first sequential key with the second sequential key subsequently extracted prior to completely extracting all of the multiple first sequential security keys relating to the first base key.
[0012] In accordance with another embodiment of the invention there is provided a computer readable medium having stored therein data according to a predetermined computing device format, and upon execution of the data by a suitable computing device a circuit for implementing a security method is provided comprising: a pipeline processor comprising N stages, each stage for extracting a sequential key and for ciphering of data using the extracted sequential key, the pipeline for providing at least the sequential key in a feed forward fashion to a subsequent stage for subsequent extraction therefrom of a subsequent sequential key, the extracted sequential keys for use in a ciphering stage and for being fed forward to a subsequent stage but other than for long term storage within memory of the cipher processor.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] Exemplary embodiments of the invention will now be described in conjunction with the following drawings, in which:
[0014] Fig. 1 illustrates a typical application environment of portable devices within a communications network.
[0015] Fig. 2 illustrates a prior art approach to key extraction and encryption.
[0016] Fig. 3 illustrates an embodiment of the invention for sequential key extraction and use.
[0017] Fig. 4 illustrates a further embodiment of the invention wherein processing is batched allowing the designer to balance the processor speed, memory and power requirements against the time to complete an encryption.
[0018] Fig. 5 illustrates another embodiment of the invention wherein processing is executed in multiple small batches wherein each batch is several ciphering processes with sequentially extracted keys, the approach allowing the designer to balance the processor speed, memory and power requirements against the time to complete an encryption.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
[0019] Referring to Fig. 1 , shown is a simplified schematic of two portable devices having communications therebetween according to a method of secure encryption. As shown a mobile telephone 101 is in wireless communication with a cellular network base station 102 allowing the user of the mobile telephone 101 to access multiple services, including for example the Internet 110. In the course of using the mobile telephone 101, the user optionally accesses from multiple service providers different services including for example exchange of email text messaging with a user at a personal computer 106, execution of financial transactions with a bank through a central server 105, and downloading of media content from a file server 107 belonging to a music company.
[0020] Also coupled to the file server 107 is a microprocessor-based computer 109. Attached to the microprocessor-based computer 109 is a wireless router 108. In this example the wireless router is within a store of the music company and allows users to locally procure content from this music company. Interfacing to the wireless router 108 is a user operating a personal digital assistant (PDA) 103 through which they are able to download music directly from the company's file server 107.
[0021] Referring to Fig. 2 shown is a prior art encryption approach such as employed in the portable devices of Fig. 1. Shown is a first key extraction process 20 wherein the
basekey 200 undergoes an initial extraction process 201 wherein all the expanded keys 203 are generated from this initial extraction process 201. The plurality of expanded keys 203 are then stored within a first memory block 202 for subsequent extraction and use.
[0022] Subsequently in a ciphering process 21 the expanded keys 203 are retrieved from the first memory block 202 and entered into the ciphering block 204. Also entered into the ciphering block 204 is the data 203 to be ciphered. Upon completion of the ciphering process the ciphered data is transferred to a second memory block 205 for storage and transmission. Advantageously, the base key is only expanded once requiring a small amount of processing. Problematically, a large amount of memory is used for storing multiple expanded base keys when multiple streams are supported and a considerable amount of power is consumed moving the expanded keys.
[0023] Now referring to Fig. 3 shown is an exemplary embodiment of an encryption process 3 Wherein a first ciphering process 30 takes the base key 300 and performs an extraction process 301 on the base key 300, this extraction process 301 resulting in the generation of a first sequential encryption key 305. This first sequential encryption key 305 is fed into a first ciphering block 313 along with the information to be ciphered, which is then stored in partition A 309. The output data from the first encryption process
313 is then forwarded and stored as partition B 310. Also fed forward is the first sequential encryption key 305 for use in generating therefrom the next sequential key.
[0024] These forwarded elements are then used within a second ciphering process 31. A second extraction process 302 operates upon the fed forward first sequential encryption key 305 and generates a second sequential encryption key 306 relating to a same base key. This second sequential encryption key 306 is used within a second ciphering block
314 along with the output data from the first ciphering block 313 which has been stored within the partition B 310. The output data from the second encryption process 314 is then forwarded and stored as partition C 311. Also fed forward is the second sequential encryption key 306 for use in generating therefrom the next sequential key.
[0025] These forwarded elements are then used within a third ciphering process 32. A third extraction process 303 operates upon the fed forward second sequential encryption
key 306 and generates a third sequential encryption key 307. This third sequential encryption key 307 is used within a third ciphering block 315 along with the output data from the second ciphering block 314 which has been stored within the partition C 311. The output data of the third encryption process 315 is forwarded in the same manner as previous ciphering processes, as is the third sequential encryption key 307.
[0026] In this manner the ciphering process is repeated sequentially and exploits a repeated use of a common ciphering process, represented in the different stages by first, second, and third ciphering processes 30, 31 and 32 respectively. In operation therefore each sequentially extracted encryption key may be stored within the same memory location thereby overwriting the previous key until the final N th ciphering process 39. Within this N ciphering process 39 the final sequential encryption key 308 is extracted by process 304 from the (N-l) th sequentially extracted key (not shown). In the same manner the N th ciphering block 316 takes this N th ciphering key 308 along with the N th partition N 312 and undertakes the final ciphering. The final ciphered data 316 is forwarded to a final transmission block 320 wherein it is stored and transmitted.
[0027] The final N th ciphering key 308 upon completion of the N th ciphering process 39 is deleted in the GONE process 321. Typically, this occurs when the final N th ciphering key 308 is overwritten without further propagation as opposed to through an active process of deleting same. In the same manner that the extracted keys may be stored within a single memory location the partitions storing each sequential stage of encoding may be the same, thereby rewriting the partition in each process, thereby lowering memory requirements for memory further.
[0028] Within the sequential ciphering processes 30 through 39 a time t e is assigned for the duration of each extraction process, t p for the time required to encrypt the data, and t tr for the time required to transmit the encrypted block. In respect of these (t e & t p ) are inversely scaleable with increasing processor speed, and (t lr ) similarly scales with the bandwidth of the communications path supporting the transmittal of the data. In the prior art the multiple parallel sequences therefore result in the total time for processing to be Ye + t p + t tr ) > though t e is performed in advance and off-line and only one time. In this
exemplary embodiment of the invention, the feed forward of the sequential key to the next extraction and the next sequential key extraction are undertaken whilst the ciphering is in process. In this exemplary embodiment the duration or latency for the complete ciphering process is now Nt e + 1 p + t lr where t e is longer than t p , which is longer than the prior art but accomplished with J/, of the memory requirements and reduced power consumption for storing the expanded keys. Typically t e is shorter than t p such that the result includes N t p and only a single t e . In this way, by generating the sequential extracted keys in less time than is required for processing of the cipher data, little additional latency results and the memory and power savings are supported.
[0029] Of course, the above paragraph refers only to latency because after a first base key is provided to the first stage for processing, a second base key is optionally fed into the first stage of the process during the second stage allowing for processing of up to ten different basekeys simultaneously, each at a different stage of the sequencing. Alternatively, a same base key is provided for processing of different blocks of data. Thus, the latency is as described above, but the cipher processing speed can be improved by up to approximately an order of magnitude. Optionally, the encryption process 3 may balance speed, latency and power reduction by supporting two, or more, ciphering processes each associated with memory stores.
[0030] Now referring to Fig. 4 shown is another exemplary embodiment as ciphering process 4. Shown are two initial extraction processes 401 and 402 that generate sequential encryption keys αl 410 and cc5 411. These sequential encryption keys αl 410 and α5 411 are then used within an encryption sequence to generate encrypted content αlA 4010 and α5A 401 1 respectively, which are then transmitted forward. In this first sequence the keys αl 410 and α5 411 are used simultaneously. Fed forward from this overall ciphering process are the encrypted content αlA 4010 and α5A 4011 and the first pair of sequentially extracted keys αl 410 and α5 411.
[0031] Now the processing returns to the top and two new extraction processes 403 and 404 generate a new pair of sequential encryption keys βl 412 and β5 413. These then
are used in the next encryption process 4111. As shown the sequential encryption keys βl 412 and β5 413 represent the first two keys of a second master key β and not the third and fourth keys of the first master key α.
[0032] Again the processing sequence returns to the beginning with two new extraction processes 400 and 409 which act upon previously extracted keys αl 410 and cc5 411 respectively to generate the second sequentially extracted pair of keys α2 414 and α6 415. This second sequentially extracted pair of keys α.2 414 and α6 415 are then used within a ciphering process 4112. Also fed into this ciphering process 4112 are the previously encrypted data blocks αl A 4010 and α5E 4011.
[0033] This sequence repeats for both the α and β sequences until the final ciphering processes are completed. In this exemplary embodiment the final extractions processes for the β key sequence are processes 407 and 408 which generate the final sequential encryption keys β4 416 and β8 417, which are used in the final encryption process 4113. The output data of this final encryption process is two blocks of data β4D 4114 and β8H which are stored and subsequently transmitted.
[0034] Now, considering the same execution flow as the first exemplary embodiment then the extraction processes occur in sequence, whilst the ciphering process is being executed. In this exemplary second embodiment the duration or latency for the completed ciphering process is now Mt e +t p + t tr where t e is longer than t p , and where M = Iy 5 X is the number of simultaneous sequential key extractions performed and N the total number of sequential key extractions for the full ciphering process. Of course if t e is shorter t p the result include N t p Hence if X =2, then M = ^yC . This approach allows the designer of circuits supporting encryption processes a means of balancing the competing tradeoffs such that the circuit die area is adjustable at a cost of increased encryption time, which can be compensated for by increased processor speeds and / or transmission speeds. In this way, by generating the sequential extracted keys in less time than is required for processing of the cipher data, little additional latency results and memory and power savings are supported.
[0035] Now referring to Fig. 5 shown is another exemplary embodiment as ciphering process 5. An initial extraction process 501 is shown which generates a pair of sequential encryption keys αl 510 and α2 511. These sequential encryption keys αl 510 and α2 511 are then used within an encryption sequence 50 to generate encrypted content α2B 5010. Within encryption sequence 50 the data to be ciphered is first encrypted using key αl 510 and then encrypted with α2 511. Fed forward from this first ciphering process 50 are the encrypted content α2B 5010 and the second sequentially extracted key α2 511.
[0036] Now the processing continues with a second extraction process 503 which generates a new pair of sequential encryption keys α3 512 and α4 513. These then are used in the next encryption process 5111 which operates from the encrypted output data α2B of the prior ciphering process 5110 to generate encrypted data oc4D. Again the processing sequence returns to the beginning with a new extraction process 500 which acts upon the previously extracted key α4 513 to generate the third pair of sequentially extracted keys α5 514 and α6 515. This third sequentially extracted pair of keys α5 514 and oc6 515 are then used within a ciphering process 5112. Also fed into this ciphering process 5112 is the previously encrypted data blocks α4D.
[0037] This sequence repeats until the final ciphering processes are completed. In this exemplary embodiment the final extraction processes for the α key sequence is process 507 which generates the final sequential encryption keys α9 516 and αlO 517, which are used in the final encryption process 5113. The output data of this final encryption process is the encrypted block of data αlOJ which is stored and subsequently transmitted in process 5115
[0038] Now, considering the same execution flow as the previously presented encryption process 3 then the extraction processes occur in series, each whilst the preceding ciphering process is being executed. In this exemplary embodiment the processing time for the overall encryption is Mt 11 +t p + t tr where M = N/ ; x is the number of simultaneous sequential key extractions performed and N the total number of sequential key extractions for the full ciphering process. Hence if X =2, as described in
the prior description of FIG. 5 then M = Kζ • This approach allows the designer of processor circuits providing security processes a means of balancing the competing tradeoffs such that the memory requirements can be lowered at a cost of increased encryption time, which can be compensated for by increased processor speeds and / or transmission speeds.
[0039] Optionally, the preceding embodiments of the invention presented in Figs. 3 through 5 relate to a decryption of data or information as opposed to the presented encryption. Whilst the exemplary embodiments have been described in respect of the benefits arising to implementing circuits for performing security processes involving encryption and decryption the embodiments may optionally be realized with other approaches including but not limited to integrated semiconductor circuits, hybrid circuits, finite state machines and dedicated hardwired processors.
[0040] Numerous other embodiments may be envisaged without departing from the spirit or scope of the invention.