Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberWO1999012309 A1
Publication typeApplication
Application numberPCT/GB1998/002129
Publication date11 Mar 1999
Filing date17 Jul 1998
Priority date29 Aug 1997
Also published asEP1008251A1
Publication numberPCT/1998/2129, PCT/GB/1998/002129, PCT/GB/1998/02129, PCT/GB/98/002129, PCT/GB/98/02129, PCT/GB1998/002129, PCT/GB1998/02129, PCT/GB1998002129, PCT/GB199802129, PCT/GB98/002129, PCT/GB98/02129, PCT/GB98002129, PCT/GB9802129, WO 1999/012309 A1, WO 1999012309 A1, WO 1999012309A1, WO 9912309 A1, WO 9912309A1, WO-A1-1999012309, WO-A1-9912309, WO1999/012309A1, WO1999012309 A1, WO1999012309A1, WO9912309 A1, WO9912309A1
InventorsIan Nigel Harvey, Someren Nicholas Benedict Van
ApplicantNcipher Corporation Limited
Export CitationBiBTeX, EndNote, RefMan
External Links: Patentscope, Espacenet
System for generating sub-keys
WO 1999012309 A1
Abstract
A facility for enhancing data security comprises - plurality of encryption modules, an interface and a data processing machine (10) the encryption modules are each responsible to a sub-key for encrypting data. The interface is operative to receive a master key, and the data processing machine (10) is operative to create a series of sub-keys for use with the modules. The machine (10) is operative to create each of the sub-keys by means of a hash function of the master key.
Claims  (OCR text may contain errors)
1. A facility for enhancing data security, the facility comprising a plurality of encryption modules each being responsive to a sub-key for encrypting data, an interface for receiving a master key, and a data processing machine (10) operative to create a series of sub-keys for use with the encryption modules, the machine (10) being operative to create each of the sub-keys by means of a hash function of the master key.
2. A facility in accordance with claim 1 wherein the hash function operates on a concatenation of the master key with at least one other piece of data.
3. A facility in accordance with claim 2 wherein the other piece of data comprises at least one of a constant, the position of the sub-key in the series, a function of the position of the sub-key in the series, preceding sub-keys in the series, and a function of preceding sub-keys in the series.
4. A facility in accordance with claim 2 or claim 3 wherein the concatenation comprises a first string of other data preceding the master key and a second string of other data following the master key, at least one of the first and second strings varies with the position in the series of the sub-key being calculated.
5. A facility in accordance with any preceding claim wherein the hash function is a one way hash function.
6. A facility in accordance with claim 5 wherein the hash function is collision free.
7. A facility in accordance with any preceding claim wherein the data processing machine (10) derives the sub-keys of the series and then stores the series for later use by the encryption modules.
8. A facility in accordance with any one of claims 1 to 6 wherein the sub-keys are derived as they are required by the encryption modules.
9. A facility in accordance with claim 7 or claim 8 wherein the sub-keys are derived in the order in which they are to be used.
10. A facility in accordance with any preceding claim the hash function produces results the same length as the desired length of sub-key.
Description  (OCR text may contain errors)

Title: SYSTEM FOR GENERATING SUB-KEYS

This invention is concerned with data security, and in particular to the security of data transferred in the course of commercial activities such as banking.

In the field of banking, data is transferred along data carriers in such a manner that a data stream can be intercepted by an unauthorised person. Hence, there is a need to disguise the data so that it can only be comprehended by the intended and authorised user.

In one method of disguising data, a cryptographic cipher system is used. If data is to be sent between a sender and a recipient along a channel which is of questionable security, then it is encrypted using a cipher implemented by the system.

Most ciphers require a secret "master key" to be shared between sender and recipient. In many systems, the master key is used by the cipher to generate a plurality of sub-keys which are used by internal functions of the cipher in the encryption process.

In the past, sub-keys have been derived either by re-ordering selected bits of the key data or by using a simple mathematical function such as arithmetic progression.

The type of system described above is lacking in versatility, in that it expects a master key of a predetermined length, and cannot accommodate master keys of different lengths. It cannot deal with the generation of a variable number of sub-keys, which would improve security.

Furthermore, where there is a simple relationship between two master keys used with the above system, there may be a correspondingly simple relationship between the sets of sub- keys so produced. That relationship could easily be found by a cryptanalyst, and the security of a system protected in that matter could be compromised. It is an object of the present invention to provide a system which ameliorates the above problems.

According to the invention there is provided a facility for enhancing data security, the facility comprising a plurality of encryption modules each being responsive to a sub-key for encrypting data, an interface for receiving a master key, and a data processing machine operative to create a series of sub-keys for use with the encryption modules, the machine being operative to create each of the sub-keys by means of a hash function of the master key.

In that way, the series of sub-keys corresponding to a master key will not be evident to an unauthorised user.

Preferably, the hash function operates on a concatenation of the master key with at least one other piece of data. Therefore, the complexity of the result of the hash function is substantially increased which makes it more difficult for a pattern between the sub-keys and master key to be established.

The other data may comprise at least one of a constant, the position of the sub-key in the series, a function of the position of the sub-key in the series, preceding sub-keys in the series, and a function of preceding sub-keys in the series.

In a preferred embodiment of the invention, the concatenation comprises a first string of other data preceding the master key and a second string of other data following the master key, at least one of the first and second strings varies with the position in the series of the sub-key being calculated. In that way, the security of the cipher defined by the series of sub-keys is enhanced.

The hash function is preferably a one way hash function. In a preferred embodiment, the hash function is collision free.

In a preferred embodiment of the invention, the data processing machine derives the sub-keys of the series and then stores the series for later use by the encryption modules.

Alternatively, the sub-keys are derived as they are required by the encryption modules.

Preferably, the sub-keys are derived in the order in which they are to be used.

In a preferred embodiment of the invention, the hash function produces results the same length as the desired length of hash key. Alternatively, if the hash function results are shorter than the desired length of sub-key, then a sub-key can be constructed from a concatenation of hash function results. Furthermore, if the hash function results are longer than the desired length of sub-key, then more than one sub-key could be derived from a hash function result.

Further preferred aspects and features of the invention will be appreciated from the following description of a specific and preferred embodiment of the invention with reference to the drawing appended hereto which shows a schematic diagram illustrating the function of a data processing machine contained in a cryptographic system in accordance with the invention.

A cryptographic system comprises n sections, each acting on target data in response to a sub- key supplied to that section. Hence, the system as a whole is operated by a key schedule comprising a set of n sub-keys {KbK2, KJ.

The figure illustrates a sub-key data processing machine 10 having a series of interconnected modules.

A counter 12 generates a counter signal having value between 1 and n, where n is the number of sections of the system and thus the number of sub-keys to be generated.

A prefix generator 14 and a suffix generator 16 are provided, the generators 14, 16 being operative to generate values S, and Tt respectively.

S„ „ and a master key K are fed forward to a concatenation module 18 where the data is concatenated, and then the concatenated data is fed to a hash function module 20.

A key schedule is derived from the master key K, by means of a hash function embodied in the hash function module 20 as follows:

K, = H (SA K \ TJ l≤ i ≤ n,

where H() is a hash function, the | symbol represents concatenation of data and S, and T, are generated in the prefix and suffix generators 14, 16 as indicated above. S, and Tt may be constructed from some or any of:

( 1 ) a constant value ;

(2) the value i; (3) a function of the value i;

(4) any of the values K, ,Kl_I;

(5) a function of the values K, K,_,.

The sub-keys are used in order, so that the first use of K, is after the first use of each of

Kj, K,.,. This is an optional arrangement which allows sequential production of sub-keys, such as in the case where a sub-key is a function of preceding sub-keys. As shown in the drawing, the result output by the hash function module 20 is fed back to the prefix and suffix generators 14, 16 so that they can utilise the result in later iterations. The machine can thus derive each sub-key as it is needed. However, it may be more useful for the machine to derive all of the sub-keys at an initial stage and store them in turn for later use.

In some cases, the length of the sub-keys required for the sections of the system is less than the length of the output of the hash function. In that case, the result of each hash operation can be used to make more than one sub-key. If the length of the sub-key required is greater than the length of the output of the hash function, the outputs of several hash operations can be concatenated to construct the sub-key. In order to ensure that the key schedule is "strong", i.e. that it is not susceptible to deciphering, at least one of S, and Tt varies with the value of /.

For optimal security, the hash function H() should be chosen to be one way and collision free.

The system described above is useful in that it is capable of defining a master key of arbitrary length. Moreover, a variable number of sub-keys of variable length can be generated from each master key. The system avoids "weak" keys from which a pattern can be derived easily, and is generally more robust against cryptanalysis than previous encryption systems, since there is no simple relationship between sub-keys generated from master keys which have a simple relationship.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
EP0768774A2 *15 Oct 199616 Apr 1997Sony CorporationMethod and apparatus for data encryption using a key generation hierarchy
US5172414 *13 Sep 199115 Dec 1992At&T Bell LaboratoriesSpeech and control message encrypton in cellular radio
US5483598 *1 Jul 19939 Jan 1996Digital Equipment Corp., Patent Law GroupMessage encryption using a hash function
Classifications
International ClassificationH04L9/08, H04L9/06
Cooperative ClassificationH04L9/0643, H04L2209/24
European ClassificationH04L9/06R
Legal Events
DateCodeEventDescription
11 Mar 1999AKDesignated states
Kind code of ref document: A1
Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW
11 Mar 1999ALDesignated countries for regional patents
Kind code of ref document: A1
Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG
2 Jun 1999121Ep: the epo has been informed by wipo that ep was designated in this application
24 Jun 1999DFPERequest for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
29 Feb 2000NENPNon-entry into the national phase in:
Ref country code: KR
6 Mar 2000WWEWipo information: entry into national phase
Ref document number: 1998935142
Country of ref document: EP
15 May 2000WWEWipo information: entry into national phase
Ref document number: 09486756
Country of ref document: US
14 Jun 2000WWPWipo information: published in national office
Ref document number: 1998935142
Country of ref document: EP
29 Jun 2000REGReference to national code
Ref country code: DE
Ref legal event code: 8642
28 Feb 2001NENPNon-entry into the national phase in:
Ref country code: CA
5 Mar 2003WWWWipo information: withdrawn in national office
Ref document number: 1998935142
Country of ref document: EP