US20070140492A1

Movatterモバイル変換

Info

Publication number: US20070140492A1
Application number: US11/337,540
Authority: US
Inventors: Kazumi Onishi
Original assignee: Oki Electric Industry Co Ltd
Current assignee: Cavium International; Marvell Asia Pte Ltd
Priority date: 2001-01-11
Filing date: 2006-01-24
Publication date: 2007-06-21
Also published as: JP2002208923A; US7227956B1; US20020090088A1; US7082199B2

Abstract

A signal transmitted from a first device to a second device is encrypted using an encryption key generated from a preceding part of the signal itself. The signal is decrypted in the second device using a decryption key generated from a preceding part of the received and decrypted signal. This encryption method provides effective privacy protection, because the encryption and decryption keys are constantly changing. Since the transmitted signal provides its own encryption and decryption keys, the method is inexpensive to implement, and can be used in systems such as packet transmission systems that transmit signals intermittently.

Description

BACKGROUND OF THE INVENTION

The present invention relates to a system that encrypts and decrypts signals, and transmits and receives the encrypted signals, more particularly to a system, such as a packet transmission system, in which the encrypted signals are transmitted intermittently.

One well-known type of encrypted transmission system has the general structure shown inFIG. 8, comprising afirst device220 and asecond device280 linked by acommunication channel300. Thecommunication channel300 may be a wireline link comprising copper wire, optical fibers, or the like, or a wireless link comprising radio waves, infrared beams, or the like.

Thefirst device220 has a transmitting section and a receiving section. The transmitting section includes ascrambling circuit221 that scrambles a transmit signal A to obtain a scrambled signal CA, a pseudo-randompattern generating circuit222 that supplies a pseudo-random pattern RAl to thescrambling circuit221, and a transmittingcircuit223 that transmits a modulated signal MCA, modulated by the scrambled signal CA. The receiving section includes areceiving circuit230 that receives and demodulates a modulated signal MCB to obtain a scrambled signal CB, adescrambling circuit231 that descrambles the scrambled signal CB to obtain a receive signal B, and a pseudo-randompattern generating circuit232 that supplies a pseudo-random pattern RA2 to thedescrambling circuit231.

Thesecond device280 also has a transmitting section and a receiving section. The transmitting section includes ascrambling circuit281 that scrambles a transmit signal B to obtain a scrambled signal CB, a pseudo-randompattern generating circuit282 that supplies pseudo-random pattern RA2 to thescrambling circuit281, and a transmittingcircuit283 that transmits the modulated signal MCB, which is modulated by the scrambled signal CB. The receiving section includes areceiving circuit290 that receives and demodulates the modulated signal MCA to obtain a scrambled signal CA, a descramblingcircuit291 that descrambles the scrambled signal CA to obtain a receive signal A, and a pseudo-randompattern generating circuit292 that supplies pseudo-random pattern RAl to the descramblingcircuit291.

When signal A is transmitted from thefirst device220 to thesecond device280, thescrambling circuit221 uses the pseudo-random pattern RAl supplied by the pseudo-randompattern generating circuit222 to alter the contents of signal A in a seemingly random fashion, typically by taking the exclusive logical OR of corresponding bits of A and RA1. As a result, if the modulated signal MCA is intercepted by a third party, the intercepted signal is unintelligible. Thedescrambling circuit291 uses the same pseudo-random pattern RA1, supplied by the pseudo-randompattern generating circuit292, to perform the reverse alteration on the scrambled signal CA (typically by performing another exclusive logical OR operation), thereby obtaining the original signal A.

When signal B is transmitted from thesecond device280 to thefirst device220, it is similarly scrambled and descrambled, using pseudo-random pattern RA2, which may differ from pseudo-random pattern RA1.

In the system inFIG. 8, the pseudo-random patterns RA1, RA2 are hard-wired into the pseudo-random pattern generating circuits, which are typically manufactured in large quantities. Moreover, the pseudo-random patterns are of finite length, and repeat cyclically. Under these conditions, it is difficult to ensure that an intercepted transmission cannot be descrambled by the intercepting party, who may be in possession of equipment with a similar pseudo-random pattern generating circuit. The only defense is to use a very long pseudo-random pattern, but this requires a comparatively large and therefore expensive pseudo-random pattern generating circuit, and leads to difficulties in maintaining synchronization between the pseudo-random patterns generated in the first and

second devices

220,280.

A known solution to these problems is given in Japanese Unexamined Patent Application No. 05-007202, which discloses an encrypted transmission system that is both simpler and more secure. In place of the pseudo-random patterns employed inFIG. 8, this system uses signal A to encrypt signal B, and signal B to encrypt signal A.

Referring toFIG. 9, this system comprises afirst device200 and asecond device260 linked by acommunication channel300. The transmitting section of thefirst device200 includes aconverter201 that uses a received signal B′ as an encryption key to convert a transmit signal A to an encrypted signal CA, and a transmittingcircuit203 that converts the encrypted signal CA to a modulated signal MCA for transmission on thecommunication channel300. The receiving section includes areceiving circuit210 that receives and demodulates a modulated signal MCB and outputs an encrypted signal CB, adeconverter211 that decrypts the encrypted signal CB to obtain the receive signal B′, and amemory202 that stores the transmit signal A sent to theconverter201 and supplies the stored signal A as a decryption key to thedeconverter211.

Thesecond device260 has a similar structure. Its transmitting section includes aconverter261 that uses a received signal A′ as an encryption key to convert a transmit signal B to an encrypted signal CB, and a transmittingcircuit263 that converts the encrypted signal CB to a modulated signal MCB for transmission on thecommunication channel300. The receiving section includes areceiving circuit270 that receives and demodulates a modulated signal MCA and outputs an encrypted signal CA, adeconverter271 that decrypts the encrypted signal CA to obtain the receive signal A′, and amemory262 that stores the transmit signal B and supplies it as a decryption key to thedeconverter271.

Because it uses the receive signals A′ and B′ as encryption keys, and the transmit signals A, B as decryption keys, this system does not require separate circuits for generating pseudo-random patterns. A high level of security is provided, even if a simple encryption procedure is used, because the encryption and decryption keys are constantly changing. Encryption by the exclusive logical OR operation, for example, provides better security inFIG. 9 than inFIG. 8.

The system inFIG. 9 has the disadvantage, however, of requiring synchronization between the transmit signals, so it cannot be used when A and B are intermittent signals.

If thefirst device200 encrypts the transmit signal A by performing exclusive logical OR operations, for example, then for each bit of A, theconverter201 uses a corresponding bit of the receive signal B′. If thesecond device260 transmits signal B intermittently, the required bits of the receive signal B′ may not be available when they are needed. Similarly, if signal A is not transmitted continuously (Al, A2, A3, . . . ), the receive signal A′ may not be available when needed for encrypting transmit signal B.

The system shown inFIG. 9, accordingly, cannot be used in packet communication systems, which include the numerous systems employing the internet protocol (IP).

SUMMARY OF THE INVENTION

An object of the present invention is to protect the privacy of signals that are transmitted intermittently.

When a signal is transmitted from a first device to a second device according to the invention, the first device generates an encryption key from the signal, delays the encryption key with respect to the signal, and uses the delayed encryption key to encrypt the signal. When the second device receives the encrypted signal, it uses a delayed decryption key to decrypt the encrypted signal, generates a decryption key from the decrypted signal, and delays the decryption key with respect to the decrypted signal, thereby obtaining the delayed decryption key.

Because the encryption and decryption keys are generated from the signal itself, the signal may be transmitted intermittently. In particular, the signal may be transmitted in a series of packets.

The second device preferably detects transmission errors in the encrypted signal, and transmits an initialization control signal to the first device when a transmission error is detected. Upon receiving the initialization control signal, the first device initializes the encryption key. The first device then preferably transmits an initialization reply signal to the second device. Upon receiving the initialization reply signal, the second device initializes the decryption key.

The first and second devices may also generate a pseudo-random pattern, by which the signal is scrambled before encryption in the first device, and by which the decrypted signal is descrambled in the second device.

BRIEF DESCRIPTION OF THE DRAWINGS

In the attached drawings:

FIG. 1 is a block diagram of a transmission system embodying the invention;

FIG. 2 is a block diagram illustrating a uni-directional version of the transmission system inFIG. 1;

FIGS. 3A, 3B, and3C illustrate the operation of the transmission system inFIG. 2;

FIG. 4 is a block diagram of another transmission system embodying the invention;

FIG. 5 is a block diagram illustrating a uni-directional version of the transmission system inFIG. 4;

FIG. 6 is a communication sequence diagram illustrating the operation of the transmission system inFIG. 5;

FIG. 7 is a block diagram of yet another transmission system embodying the invention;

FIG. 8 is a block diagram of a conventional transmission system; and

FIG. 9 is a block diagram of another conventional transmission system.

DETAILED DESCRIPTION OF THE INVENTION

Embodiments of the invention will be described with reference to the attached drawings.

The first embodiment, shown inFIG. 1, comprises afirst device1 having a transmittingsection10 and areceiving section20, asecond device6 having a receivingsection60 and a transmittingsection70, and abi-directional communication channel300 linking thefirst device1 andsecond device6.

The transmittingsection10 comprises anencryption circuit11, a transmittingcircuit12, anencryption key generator13, and amemory14. The transmittingsection10 receives a transmit signal A comprising successive packets, which arrive intermittently and are supplied to theencryption circuit11 andencryption key generator13. From the transmit signal A, theencryption key generator13 generates an encryption key KA. The encryption key KA is a signal similar to the transmit signal A, divided into packets. The encryption key KA is stored in thememory14 and thereby delayed. Theencryption circuit11 reads the delayed encryption key DKA from thememory14 and uses it to encrypt the transmit signal A. The transmittingcircuit12 receives the encrypted signal CA and converts it to a modulated signal MCA for transmission on thecommunication channel300.

The receivingsection20 comprises a receivingcircuit21, adecryption circuit22, adecryption key generator23, and amemory24. The receivingcircuit21 receives a modulated signal MCB from thecommunication channel300 and demodulates it. The resulting demodulated signal is an encrypted signal CB, which comprises successive packets that are received intermittently. Thedecryption circuit22 decrypts the encrypted signal CB by use of a delayed decryption key DKB read from thememory24, and outputs the decrypted signal as a receive signal B′. From the receive signal B′, thedecryption key generator23 generates a decryption key KB. Thememory24 stores and thereby delays the decryption key KB, which becomes the delayed decryption key DKB.

The receivingsection60 in thesecond device6 comprises a receivingcircuit61, adecryption circuit62, adecryption key generator63, and amemory64, which are similar to the corresponding elements in the receivingsection20 of thefirst device1. The receivingcircuit61 receives the modulated signal MCA and outputs an encrypted signal CA, which is decrypted by thedecryption circuit62 to obtain a receive signal A′. Thedecryption key generator63 generates an encryption key KA from the receive signal A′, and thememory64 stores the encryption key KA, supplying a delayed encryption key DKA to thedecryption circuit62. The transmittingsection70 comprises anencryption circuit71, a transmittingcircuit72, anencryption key generator73, and amemory74, which are similar to the corresponding elements in the transmittingsection10 of thefirst device1. Theencryption circuit71 encrypts a transmit signal B, which comprises intermittent packets. The transmittingcircuit72 modulates the signal MCB according to the encrypted signal CB. Theencryption key generator73 converts the transmit signal B to an encryption key KB, which is stored in thememory74 and supplied to theencryption circuit71 as a delayed encryption key DKB.

Various encryption methods can be employed, such as the exclusive logical OR method mentioned above, or another method involving reversible arithmetic and logic operations. Signals A and B may be encrypted by different methods.

Various methods can be used to generate encryption and decryption keys from the transmit and receive signals. For example, the order of bits in the transmit and receive signals can be permuted according to a fixed rule to generate the encryption and decryption keys.

The transmission and reception of signal A are independent of the transmission and reception of signal B. If the receivingsection20 and transmittingsection70 are eliminated, as shown inFIG. 2, the resulting system is still capable of transmitting signal A in encrypted form from thefirst device1 to thesecond device6. The following description will be confined to the simplified uni-directional system shown inFIG. 2, but the description applies equally to the transmission of signal B inFIG. 1.

Initially, the

memories

14,64 store predetermined initial key values, such as all-zero values. Upon receiving the first packet of a transmission, theencryption circuit11 reads the initial key value from thememory14 and uses it to generate the first encrypted packet. At the same time, theencryption key generator13 uses the first packet to generate a new encryption key, which is then stored in thememory14. The first encrypted packet is transmitted to thesecond device6 and decrypted by use of the initial key stored inmemory64. Thedecryption key generator63 generates a new decryption key from the decrypted packet, and stores it inmemory64.

This process continues.FIG. 3A illustrates four successive packets A(n−2), A(n−1), A(n), A(n+1) of transmit signal A, where n is an arbitrary integer equal to or greater than three. As shown, the packets may be separated by unequal gaps of arbitrary length.FIG. 3B illustrates the corresponding encrypted packets CA(n−2) to CA(n+1);FIG. 3C illustrates the corresponding received packets A′ (n−2) to A′ (n+1).

When theencryption circuit11 receives packet A(n−2), it uses the key currently stored inmemory14 as an encryption key to generate an encrypted signal CA(n−2). At the same time, theencryption key generator13 uses packet A(n−2) to generate a new encryption key KA(n−2). Next, this encryption key KA(n−2) is stored in thememory14, and the transmittingcircuit12 converts the encrypted signal CA(n−2) to a modulated signal MCA(n−2).

In thesecond device6, the receivingcircuit61 demodulates the modulated signal MCA(n−2) to obtain the encrypted signal CA(n−2). The key currently stored inmemory64 matches the key that was read frommemory14 during the encryption of signal A(n−2). Thedecryption circuit62 uses this key to decrypt the encrypted signal CA(n−2), obtaining a receive packet A′ (n−2) identical to the transmit packet A(n−2). Thedecryption key generator63 generates a decryption key KA(n−2) from the receive signal A′ (n−2), and stores it inmemory64. The decryption key KA(n−2) is identical to the encryption key KA(n−2) generated by theencryption key generator13 in thefirst device1.

When theencryption circuit11 receives the next packet A(n−1), it uses the key now stored inmemory14 as an encryption key to generate an encrypted signal CA(n−1). This key is denoted DKA(n−2) inFIGS. 3A and 3B, although it is identical to the key KA(n−2) written previously by theencryption key generator13. The corresponding modulated signal MCA(n−1) is transmitted on thecommunication channel300 to thesecond device6, and demodulated by the receivingcircuit61, which outputs the encrypted signal CA(n−1). Thedecryption circuit62 uses the key now stored inmemory64, denoted DKA(n−2) but identical to the key KA(n−2) written previously by thedecryption key generator63, to decrypt the encrypted signal CA(n−1) and obtain the next receive packet A′ (n−1).

In the meantime, theencryption key generator13 in thefirst device1 generates the next encryption key KA(n−1) from packet A(n−1) and stores it inmemory14. Thedecryption key generator63 in thesecond device6 generates an identical decryption key KA(n−1) from the receive packet A′ (n−1) and stores it inmemory64.

Packet A(n) is now encrypted by use of delayed key DKA(n−1), identical to KA(n−1), and the encrypted signal CA(n) is decrypted by use of the same delayed key DKA(n−1) to obtain receive packet A′ (n). New keys KA(n) are generated from A(n) and A′ (n) and stored in the

memories

14,64. Then packet A(n+1) is encrypted by use of delayed key DKA(n), identical to KA(n), and the encrypted signal CA(n+1) is decrypted by use of the same delayed key DKA(n) to obtain receive packet A′ (n+1). In other words, after the first packet, each packet is encrypted and decrypted by use of a key generated from the preceding packet.

This system is simple because it generates key information from the transmit and receive signals, and therefore does not require circuitry to generate random patterns. The system is secure in that the key is constantly changing. Moreover, the system enables a signal transmitted from thefirst device1 to thesecond device6 to be encrypted and decrypted without reliance on a signal transmitted from thesecond device6 to thefirst device1, so it is particularly useful in packet transmission systems and other intermittent transmission systems.

As a second embodiment of the invention,FIG. 4 shows a system comprising afirst device2 having a transmittingsection30 and a receivingsection40, and asecond device7 having a receivingsection80 and a transmittingsection90. These sections and their constituent elements are equivalent to the corresponding elements in the first embodiment, but with additional functions and elements for detecting transmission errors and sending and receiving initialization command, control, and reply signals.

The transmittingsection30 in thefirst device2 has anencryption circuit31, a transmittingcircuit32, anencryption key generator33, amemory34, and an initializationcontrol signal generator35. The initializationcontrol signal generator35 receives an error detection signal EDB from the receivingsection40, and supplies a corresponding initialization control signal IPB to the transmittingcircuit32 for transmission on thecommunication channel300. IPB is supplied and transmitted as a packet. The initializationcontrol signal generator35 also receives a report-of-initialization signal (RIA) from the receivingsection40, and supplies a corresponding initialization reply signal (IRA) to the transmittingcircuit32 for transmission as a packet on thecommunication channel300.

The receivingsection40 has a receivingcircuit41, adecryption circuit42, adecryption key generator43, and amemory44. The receivingcircuit41 tests the validity of a frame check sequence (FCS) included in each packet to detect transmission errors, and generates the error detection signal EDB when an invalid FCS is detected. If the receivingcircuit41 receives an initialization control packet IPA from thesecond device7, it sends an initialization command ICA to theencryption circuit31,encryption key generator33, andmemory34 in the transmittingsection30. If the receivingcircuit41 receives an initialization reply signal (IRB) from thesecond device7, it sends an initialization command RCB to thedecryption circuit42, decryptionkey generator43, andmemory44.

The receivingsection80 in thesecond device7 has a receivingcircuit81,decryption circuit82, decryptionkey generator83, andmemory84, which are similar to the corresponding elements in the receivingsection40 in thefirst device2. The transmittingsection90 in thesecond device7 has anencryption circuit91, a transmittingcircuit92, anencryption key generator93, amemory94, and an initializationcontrol signal generator95 which are similar to the corresponding elements in the transmittingsection30 in thefirst device2. The receivingcircuit81 generates an error detection signal EDA, a report-of-initialization signal (RIB), and initialization command signals RCA and ICB. The initializationcontrol signal generator95 generates an initialization control signal IPA and an initialization reply signal (IRB).

The system inFIG. 4 is bi-directional, transmitting a signal A from thefirst device2 to thesecond device7, and a signal B from thesecond device7 to thefirst device2.FIG. 5 shows a variation of the second embodiment adapted for transmission of signal A without transmission of signal B. Thefirst device2 includes theencryption circuit31, transmittingcircuit32,encryption key generator33,memory34, initializationcontrol signal generator35, and receivingcircuit41 ofFIG. 4, the initializationcontrol signal generator35 now being external to the transmittingsection30. Thesecond device7 includes the receivingsection80, transmittingcircuit92, and initializationcontrol signal generator95 ofFIG. 4. The operation of the second embodiment will be described in relation to the variation inFIG. 5, but similar operations take place when signal B is transmitted inFIG. 4.

FIG. 6 depicts the operation from a point at which a packet A(m) is encrypted in thefirst device2, using a key generated from the preceding packet A(m−1) as described in the first embodiment (step S1). The encrypted packet CA(m) is transmitted as a modulated signal MCA(m) to. thesecond device7 and decrypted using the same key, which is generated from the preceding received packet A′ (m−1), as also described in the first embodiment (step S2). This process continues as long as no transmission errors are detected.

If at some point a packet A(n) encrypted by the first device2 (step11) is corrupted in transmission, the error is detected by the FCS check performed by the receivingcircuit81 in the second device7 (step S12). The receivingcircuit81 then sends an error detection signal EDA to the initializationcontrol signal generator95. The initializationcontrol signal generator95 generates an initialization control signal IPA and supplies it as a maintenance packet to the transmitting circuit92 (step13). The transmittingcircuit92 transmits this IPA packet to thefirst device2.

If the IPA packet is received without error, the receivingcircuit41 in thefirst device2 sends an initialization command signal ICA to theencryption circuit31,encryption key generator33, andmemory34, thereby initializing the transmitting section30 (step S14). At the same time, the receivingcircuit41 reports the reception of the IPA packet by sending a report-of-initialization signal RIA to the initializationcontrol signal generator35, which generates an initialization reply signal IRA and supplies it as a maintenance packet to the transmittingcircuit32. The transmittingcircuit32 transmits this IRA packet to thesecond device7.

If the IRA packet is received without error, the receivingcircuit81 in thesecond device7 sends an initialization command signal RCA to thedecryption circuit82, decryptionkey generator83, andmemory84, thereby initializing the receiving section80 (step S15). Thus IPA is the trigger for initialization of the transmittingsection30, while IRA is the trigger for initialization of the receivingsection80. After this initialization, both

memories

34,84 hold the same initial key value, such as an all-zero value.

Theencryption circuit31 in thefirst device2 now encodes the next packet A(n+1), using the initial key (step S16). The encrypted packet CA(n+1) is transmitted as a modulated signal MCA(n+1) to thesecond device7 and decrypted, using the same initial key (step S17).

The next packet A(n+2) is encrypted in the normal way in thefirst device2, using a key generated from the preceding packet A(n+1) (step S18). In thesecond device7, the encrypted packet CA(n+2) is decrypted by use of a key generated from the preceding received packet A′ (n+1) (step S19).

The second embodiment provides a way to recover from transmission errors without retransmitting the erroneous packet. The second embodiment is particularly useful in systems that must operate in real time and cannot afford to retransmit erroneous packets.

If the system provides for retransmission of erroneous packets, either the first or the second embodiment can be employed.

In a variation of the second embodiment, the receivingcircuit81 also detects missing packets, by use of packet serial numbers, for example, and generates an error detection signal EDA when a packet is either corrupted or missing.

As a third embodiment of the invention,FIG. 7 shows a uni-directional transmission system comprising afirst device3 having a transmittingsection50, and a second device8 having a receivingsection100.

The transmittingsection50 comprises anencryption circuit51, a transmittingcircuit52, anencryption key generator53, and amemory54, which are similar to the corresponding elements in the first embodiment, and a pseudo-randompattern generating circuit55 and scramblingcircuit56. The receivingsection100 comprises a receivingcircuit101, adecryption circuit102, adecryption key generator103, and amemory104, which are similar to the corresponding elements in the first embodiment, and a pseudo-randompattern generating circuit105 anddescrambling circuit106. The two pseudo-random

pattern generating circuits

55,105 generate identical pseudo-random patterns RA.

The transmit signal A received by the transmittingsection50 is first scrambled by the scramblingcircuit56, using the pseudo-random pattern RA supplied by the pseudo-randompattern generating circuit55. Various well-known scrambling methods can be used, such as the exclusive logical OR method described above. The resulting scrambled signal SA is then encrypted by theencryption circuit51, using a delayed encryption key DKSA read from thememory54. The transmittingcircuit52 converts the encrypted signal CSA to a modulated signal MCSA for transmission to the second device8. Theencryption key generator53 generates a new key KSA from the scrambled signal SA, and stores the new key in thememory54, from which it will be read as the delayed encryption key DKSA for the next scrambled packet.

In the second device8, the receivingcircuit101 demodulates the modulated signal MCSA to obtain the encrypted signal CSA, which is decrypted by thedecryption circuit102, using a delayed decryption key DKSA read from thememory104. The decrypted signal is the scrambled signal SA, from which thedecryption key generator103 generates a new decryption key KSA. The new decryption key KSA is stored in thememory104, from which it will be read as the next delayed decryption key. The scrambled signal SA is descrambled by thedescrambling circuit106, using the pseudo-random pattern RA supplied by the pseudo-randompattern generating circuit105, to obtain the receive signal A′.

In the first and second embodiments, a party intercepting the communication between the first device and the second device may attempt to decrypt each packet on the assumption that it was encrypted with the initial key value. In this way, the intercepting party may succeed in decrypting the first packet transmitted in the first embodiment, or a packet transmitted after a transmission error in the second embodiment. If the decrypted packet includes a text message, for example, the intercepting party will know that he has decrypted the packet successfully because the decrypted message will be in plain text. The intercepting party may then be able to determine how the key is generated and decrypt the succeeding packets as well.

In the third embodiment, even if an intercepted packet is correctly decrypted, the intercepting party obtains only a scrambled message, and cannot easily recognize that the packet has been decrypted correctly. This makes it extremely difficult for the intercepting party to determine how the key is generated, and how the packets have been scrambled.

The third embodiment accordingly provides a higher level of security than the first and second embodiments. This higher level of security can moreover be obtained with a comparatively short pseudo-random pattern, because the key changes from packet to packet, so that even if two packets are scrambled in the same way, they will not be encrypted in the same way. Differing from the prior art, the third embodiment does not require long pseudo-random patterns or complex and expensive pseudo-random pattern generating circuits in order to protect the privacy of communications.

The third embodiment can be modified for bi-directional communication, by adding a receiving section to thefirst device3 and a transmitting section to the second device8.

The third embodiment can also be varied by providing for initialization in case of transmission errors, as in the second embodiment.

In the description of the first embodiment, the delay of the encryption and decryption keys in the

memories

14,64 was assumed to be equal to the length of one packet, but this is not a requirement. The delay can have any fixed value, expressed as a fixed number of bits with respect to the transmit and receive signals.

In the description of the first embodiment, the packets were implicitly assumed to be of equal length, but this is not a requirement either. The packets may have variable length.

The encryption key used to encrypt the transmit signal need not be identical to the decryption key used to decrypt the encrypted signal. The decryption key may be complementary to the encryption key, for example.

Any of the preceding embodiments can be modified for communication among more than two devices. The invention can be used in a packet-switching network, for example.

The invention can also be used in systems that transmit signals continuously, instead of intermittently. The invention is particularly useful in uni-directional systems, as illustrated inFIGS. 2 and 5.

Those skilled in the art will recognize that further variations are possible within the scope claimed below.

Claims

1-13. (canceled)

14. A system for encrypting a first signal having successive parts and transmitting the first signal from a first device to a second device in an encrypted form, the system including a transmitting section disposed in the first device and a receiving section disposed in the second device,

the transmitting section comprising:

an encryption key generator for receiving each part of the first signal and generating an encryption key from each received part of the first signal;

a memory for temporarily storing the encryption key, thereby delaying the encryption key with respect to the first signal;

an encryption circuit for encrypting each part of the first signal by use of the delayed encryption key generated from an earlier part of the first signal, thereby generating an encrypted signal having successive parts; and

a transmitting circuit for transmitting the encrypted signal to the second device;

the receiving section comprising:

a receiving circuit for receiving the encrypted signal from the first device;

a decryption circuit for decrypting each part of the encrypted signal by use of a delayed decryption key, thereby obtaining a decrypted signal having successive parts;

a decryption key generator for generating a decryption key from the decrypted for each part of the decrypted signal; and

a memory for temporarily storing the decryption key, thereby delaying the decryption key with respect to the decrypted signal and obtaining the delayed decryption key that will be used to decrypt a subsequent part of the encrypted signal.

15. The system ofclaim 14, wherein the encrypted signal is transmitted intermittently.

16. The system ofclaim 15, wherein the encrypted signal is transmitted as a series of packets.

17. The system ofclaim 14, wherein:

the receiving circuit in the receiving section in the second device detects transmission errors in the encrypted signal;

the second device has an initialization control signal generator for generating an initialization control signal when the receiving circuit detects a transmission error in the encrypted signal;

the second device also has a transmitting circuit for transmitting the initialization control signal to the first device; and

the first device has a receiving circuit for receiving the initialization control signal and thereupon sending an initialization command signal to the encryption circuit, the encryption key generator, and the memory in the transmitting section.

18. The system ofclaim 17, wherein:

the first device has an initialization control signal generator for generating an initialization reply signal when the receiving circuit receives the initialization control signal;

the transmitting circuit transmits the initialization reply signal to the receiving circuit in the second device; and

upon receiving the initialization reply signal, the receiving circuit sends an initialization command signal to the decryption circuit, the decryption key generator, and the memory in the receiving section.

19. The system ofclaim 14, wherein:

the transmitting section in the first device further comprises:

a first pseudo-random pattern generating circuit for generating a pseudo-random pattern; and

a scrambling circuit for using the pseudo-random pattern to scramble the first signal before the first signal is encrypted by the encryption circuit; and

the receiving section in the second device further comprises:

a second pseudo-random pattern generating circuit for generating the pseudo-random pattern; and

a descrambling circuit for using the pseudo-random pattern to descramble the decrypted signal.

20. The system ofclaim 14, wherein the first device also has a receiving section similar to the receiving section in the second device, and the second device also has a transmitting section similar to the transmitting section in the first device, for encrypting a second signal, transmitting the encrypted second signal from the second device to the first device, and decrypting the encrypted second signal at the first device.

21. A method of encrypting a signal having successive parts and transmitting the signal from a first device to a second device in an encrypted form, comprising the steps of:

generating, from each part of the signal, an encryption key for use in encrypting a subsequent part of the signal;

delaying the encryption key with respect to the signal, thus obtaining a delayed encryption key;

encrypting the subsequent part of the signal by use of the delayed encryption key, thus obtaining an encrypted signal;

transmitting the encrypted signal from the first device to the second device;

decrypting each part of the encrypted signal by use of a delayed decryption key, thus obtaining a decrypted signal having successive parts;

generating a decryption key from each part of the decrypted signal; and

delaying the decryption key with respect to the decrypted signal, thus obtaining the delayed decryption key for decrypting a subsequent part of the encrypted signal.

22. The method ofclaim 21, wherein the encrypted signal is transmitted intermittently.

23. The method ofclaim 22 wherein the signal is transmitted in packets.

24. The method ofclaim 21, further comprising the steps of:

detecting a transmission error in the encrypted signal at the second device;

transmitting an initialization control signal from the second device to the first device when the transmission error is detected; and

initializing the encryption key when the first device receives the initialization control signal.

25. The method ofclaim 24, further comprising the steps of:

transmitting an initialization reply signal from the first device to the second device when the first device receives the initialization control signal; and

initializing the decryption key when the second device receives the initialization reply signal.

26. The method ofclaim 21, further comprising the steps of:

generating a pseudo-random pattern in the first device and the second device;

scrambling said signal according to the pseudo-random pattern in the first device, before said signal is encrypted; and

descrambling the decrypted signal according to the pseudo-random pattern in the second device.