[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

USRE36181E - Pseudorandom number generation and crytographic authentication - Google Patents

Pseudorandom number generation and crytographic authentication Download PDF

Info

Publication number
USRE36181E
USRE36181E US08/751,932 US75193296A USRE36181E US RE36181 E USRE36181 E US RE36181E US 75193296 A US75193296 A US 75193296A US RE36181 E USRE36181 E US RE36181E
Authority
US
United States
Prior art keywords
signal
command
word
pseudorandom
iaddend
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US08/751,932
Inventor
Philip J. Koopman, Jr.
Alan M. Finn
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lear Corp EEDS and Interiors
Original Assignee
Lear Corp EEDS and Interiors
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=22196129&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=USRE36181(E) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Priority to US08/751,932 priority Critical patent/USRE36181E/en
Application filed by Lear Corp EEDS and Interiors filed Critical Lear Corp EEDS and Interiors
Assigned to UT AUTOMOTIVE DEARBORN, INC. reassignment UT AUTOMOTIVE DEARBORN, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: UNITED TECHNOLOGIES AUTOMOTIVE, INC.
Application granted granted Critical
Publication of USRE36181E publication Critical patent/USRE36181E/en
Assigned to LEAR CORPORATION EEDS AND INTERIORS reassignment LEAR CORPORATION EEDS AND INTERIORS CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: UNITED TECHNOLOGIES AUTOMOTIVE, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS GENERAL ADMINISTRATIVE AGENT reassignment JPMORGAN CHASE BANK, N.A., AS GENERAL ADMINISTRATIVE AGENT SECURITY AGREEMENT Assignors: LEAR AUTOMOTIVE DEARBORN, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT AND COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT AND COLLATERAL AGENT GRANT OF SECOND LIEN SECURITY INTEREST IN PATENT RIGHTS Assignors: LEAR AUTOMOTIVE DEARBORN, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT AND COLLATERAL AGENT reassignment JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT AND COLLATERAL AGENT GRANT OF FIRST LIEN SECURITY INTEREST IN PATENT RIGHTS Assignors: LEAR AUTOMOTIVE DEARBORN, INC.
Assigned to LEAR CORPORATION EEDS AND INTERIORS reassignment LEAR CORPORATION EEDS AND INTERIORS MERGER (SEE DOCUMENT FOR DETAILS). Assignors: LEAR AUTOMOTIVE DEARBORN, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS AGENT reassignment JPMORGAN CHASE BANK, N.A., AS AGENT SECURITY AGREEMENT Assignors: LEAR CORPORATION EEDS AND INTERIORS
Anticipated expiration legal-status Critical
Assigned to LEAR AUTOMOTIVE DEARBORN, INC. reassignment LEAR AUTOMOTIVE DEARBORN, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A.
Assigned to LEAR AUTOMOTIVE DEARBORN, INC. reassignment LEAR AUTOMOTIVE DEARBORN, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A.
Assigned to LEAR CORPORATION EEDS AND INTERIORS reassignment LEAR CORPORATION EEDS AND INTERIORS RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: JPMORGAN CHASE BANK, N.A., AS AGENT
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/582Pseudo-random number generators
    • G06F7/584Pseudo-random number generators using finite field arithmetic, e.g. using a linear feedback shift register
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/304Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy based on error correction codes, e.g. McEliece
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2207/00Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F2207/58Indexing scheme relating to groups G06F7/58 - G06F7/588
    • G06F2207/583Serial finite field implementation, i.e. serial implementation of finite field arithmetic, generating one new bit or trit per step, e.g. using an LFSR or several independent LFSRs; also includes PRNGs with parallel operation between LFSR and outputs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00182Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks
    • G07C2009/00238Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed
    • G07C2009/00253Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with unidirectional data transmission between data carrier and locks the transmittted data signal containing a code which is changed dynamically, e.g. variable code - rolling code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00753Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys
    • G07C2009/00769Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by active electrical keys with data transmission performed by wireless means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00825Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C2009/00968Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys shape of the data carrier
    • G07C2009/00984Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys shape of the data carrier fob
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/06Involving synchronization or resynchronization between transmitter and receiver; reordering of codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • This invention relates to pseudorandom numbers and cryptographically encoded transmissions, such as the type involved with an automobile key chain fob transmitter which opens the automobile door locks or trunk in response to transmissions from the fob.
  • the art of encoding transmissions so that the transmissions may be authenticated at a receiving module must meet criteria for technical viability (security) as well as low cost and convenience.
  • the cost and convenience criteria result in an inability to use any encoding with polynomials of excessive degree (such as binary numbers of hundreds of bits).
  • cryptographic processing must require less than one second for acceptability by the user. Cost and weight constraints can limit the size and sophistication of a microprocessor or other signal processing equipment used in the system.
  • the aforementioned system requires that a receiver and a transmitter be wired or loaded with a binary feedback mask at the factory and sold as a pair. It also precludes matching a replacement transmitter with an existing receiver without the involvement of dealership personnel, which could compromise security.
  • the pseudorandom number generators of the Hill and Finn patent use one iteration per encrypted message. This saves time but results in a certain level of correlation between successive samples, so that the samples are less random-like. In other pseudorandom number applications, the speed advantage of the aforementioned system could be useful but for the inherent correlation.
  • Coded keypads used for unlocking vehicles have inherent security features.
  • the generation of the code word by pressing keys can be shielded from view, and is certainly not capable of being determined beyond a line of sight.
  • the keypad cannot be breached by analysis, and is not likely to be breached by numerical trial.
  • lock systems which employ remote transmissions are enormously subject to security tampering because the surveillance of the transmissions may be carried out in another vehicle, without attracting any attention whatsoever. Therefore, it is possible to record many transmissions to a given vehicle, such as in a reserved workplace parking space (which commonly contains expensive cars), as well as providing an unobservable opportunity to attempt the breach of a security system (or even several systems at one time) by broadcasting huge volumes of random numbers, in parking lots where vehicles remain for long periods of time, such as at airports.
  • Objects of the invention include provision of an improved remote operating system, the security of which is extremely difficult to breach by analysis, in which analysis of transmitted signals provides essentially no assistance in reducing the amount of numbers required for a numerical trial breach of security, and in which numerical trial breach of security requires, at a minimum, a prohibitively long time, rendering the vehicle essentially secure to brute force numerical trial attack, and which is useful only on a per vehicle basis.
  • Other objects include rapid pseudorandom number generation with minimal correlation.
  • This invention is predicated on our observation that introducing non-linearities into the Galois field operation of linear feedback shift register pseudorandom numbers can render a code very difficult to breach by or with aid from numerical analysis.
  • the invention is further predicated on the fact that time constraints on authentication can render the numerical trial approach essentially useless.
  • the invention is predicated in part on the reversibility characteristic of the well-known exclusive OR operation, and on the reversibility of encryption such as encryption involving linear feedback shift register operations.
  • an encryption such as a linear feedback shift register pseudorandom number generation operation
  • a decryption such as a reverse pseudorandom number generation operation
  • the encryption and decryption are performed with a secret mask essentially unique to the transmitter.
  • an encrypted number, such as a pseudorandom number, used for cryptographic authentication contains command bits exclusive ORed into at least a portion thereof.
  • a number utilized in authentication of command transmissions is generated by an iterative encryption process, such as a linear feedback shift register pseudorandom number generation operation, which has a variable number of iterations per authentication, the number varying in response to a pseudorandom event.
  • an iterative encryption process such as a linear feedback shift register pseudorandom number generation operation, which has a variable number of iterations per authentication, the number varying in response to a pseudorandom event.
  • a pair of . .pseduo.! is generated by an iterative encryption process, such as a linear feedback shift register pseudorandom number generation operation, which has a variable number of iterations per authentication, the number varying in response to a pseudorandom event.
  • .Iadd.pseudorandom .Iaddend.numbers are iteratively encrypted, such as by linear feedback shift register pseudorandom number generation operations, using a different number of iterations in each successive encryption, the sequence of the number of iterations of one of them being different from the sequence of the number of iterations of the other of them said number of iterations being based upon respectively different pseudorandom events related to the respective words.
  • a plurality of transmitters are usable with a single receiver by means of secret numbers (such as initial values and feedback masks for feedback shift register encryption) essentially unique to each transmitter which are replicated in any receiver with which a transmitter is to be used, the receiver being capable of determining if each received transmission can be authenticated utilizing the initial values and masks of any of its assigned transmitters.
  • secret numbers such as initial values and feedback masks for feedback shift register encryption
  • the initial secret values and feedback masks of transmitters to be associated with a given receiver are stored (such as in an erasable read-only memory) by downloading the secret numbers of a transmitter into a receiver, thereby permitting the addition of a transmitter to the family of transmitters to which a receiver can respond.
  • this may be performed at a dealership, it does not require, nor need it permit, human knowledge of the precise numbers; therefore, the possibility of surreptitious access is nearly eliminated.
  • identification numbers are associated with the secret numbers of each transmitter, which prescreen transmissions before authorization attempts, thereby reducing nuisance operations from similar, unauthorized transmitters, and reducing the time required for multiple authentication attempts.
  • each word causes the receiver of a remote operating system to become unresponsive to further transmissions for a period of about one-half second or more, thereby significantly inhibiting the capability to breach the security thereof through exhaustive numerical trails.
  • cryptographic authentication of transmissions from a remote transmitter to a receiver module involves encryption, such as by linear feedback shift register pseudorandom number generation operations, utilizing secret feedback masks which are essentially unique to each transmitter, and replicated only in a receiver which is to respond to the related transmitter.
  • Random iterations of the invention reduce correlation between successively generated pseudorandom numbers.
  • Cooperative use of all of the aforementioned features in a remote operating system renders the system extremely difficult to breach by analysis; and use of a half-second delay, for example, causes a 50% statistical probability of a 39 bit encrypted key word being breached by exhaustive numerical trials to require more than one month.
  • the invention may be used in remote systems other than automobile lock systems.
  • FIG. 1 is a stylized, simplified schematic block diagram of a transmitter according to the invention.
  • FIG. 2 is a stylized, simplified schematic block diagram of a receiver according to the invention.
  • FIG. 3 is a logic flow diagram of a transmitter encryption routine according to the invention.
  • FIG. 4 is a logic flow diagram of a switch interrupt subroutine which may be utilized in the present invention.
  • FIG. 5 is a logic flow diagram of a first portion of a receiver decryption routine according to the invention.
  • FIG. 6 is a logic flow diagram of a panic command or resynch command portion of a decryption routine according to the invention.
  • FIG. 7 is a logic flow diagram of a normal command authentication portion of a decryption routine according to the invention.
  • FIGS. 8 and 9 are logic flow diagrams of alternative routines for pseudorandom iterations.
  • One example of the present invention is its use in a remote, encrypted automobile door and trunk locking and unlocking mechanism.
  • the command to perform a certain task such as a lock-related command (lock or unlock the doors, release the trunk), or to operate the lights and the horn or other alarm on the automobile in the event of a panic situation, or to cause cryptographic synchronization or resynchronization between the transmitter and the receiver module in the automobile, are under control of a plurality of buttons 12-15 disposed on a keychain fob or other hand-held transmitter unit shown in FIG. 1.
  • the switches 12-15 may be tactile or touch-type and feed a microprocessor 17 which is associated with a PROM 19, a RAM 20 and a ROM 21.
  • the PROM 19 is programmable only once, capable of having one set of output/input relationships burned therein, as is well known in the art. Typically, upon manufacture, each fob 16 will have its PROM burned in so as to establish a 16 bit identification number, which is not protected as secret information, as is described more fully hereinafter; two secret initial (seed) values from which encrypted messages are originated; and three secret feedback masks defining suitable polynomials for feedback exclusive ORing in the encryption process, for the life of the fob, all as is described hereinafter.
  • the RAM 20 is used as a scratch pad memory, in the usual way, and will contain changing values of the shift registers and commands, as described hereinafter.
  • the program for the microprocessor 17 is contained in the ROM 21.
  • the microprocessor 17 assembles a 64 bit command request word 25 which is applied serially over a line 26 to a suitable transmitter 27 (e.g., RF or infrared), which serially transmits the command request, as digital bits or otherwise, a suitable distance, such as not more than 10 meters.
  • a suitable transmitter 27 e.g., RF or infrared
  • the fob 16 will, before beginning its useful life, be associated with a particular automobile along with up to three more fobs (n the example herein) so as to form a set of up to four fobs, any one of which can operate the locks or the panic alarm of a related receiver module 30 in an automobile or other secured enclosure.
  • the receiver module 30 in the automobile includes a receiver 31 which receives the serial bits and applies them over a line 32 to a microprocessor 33, where the 64 bit word 25 is replicated in a 64 bit word 38.
  • the microprocessor 33 is powered from the automobile battery system 39.
  • the microprocessor 33 has an electrically erasable PROM 40, a RAM 41 and a ROM 42 associated therewith.
  • Each fob 16 is associated with a module 30 at a dealership, so that lost fobs may be replaced and matched to the module 30 anytime.
  • a 64 bit word 25 (FIG. 1) is formulated with each fobs' ID, secret initial values and masks, and a download signal is provided, in some fashion, by factory personnel on a line 49. This may be achieved by a jumper, or in any other suitable way, since it does not pose a security threat unless the receiver 30 is tampered with simultaneously, which can be avoided as described below.
  • the 64 bit word 25 sent to the receiver module 30 during a download includes one bit indicating the download operation. The presence of the download bit in the 64 bit word 38 (FIG.
  • the word 25 appears in FIG. 1 to be within a special 64 bit register. However, the word 25 actually appears in various parts of the RAM 20, in addresses designated to be used for holding the parts of the outgoing, serially transmitted word. Similarly, all of the apparent hardware within the microprocessor 17 is merely illustrative of processes and relationships, which may indeed be performed by hardware which resembles that illustrated in FIG. 1, or may be implemented, as is preferred, by processing of bits utilizing the RAM 20 as a scratch pad memory, by means of software which is well within the skill of the art in the light of the teachings which follow hereinafter.
  • the microprocessor 33 has functions and processes illustrated therein which may either be hardware or software, as described with respect to FIG. 1 hereinbefore.
  • FIG. 1 The narrative with respect to FIG. 1 is of a form describing hardware: software implementation of the invention is described with respect to FIGS. 3-7, hereinafter.
  • the receiver module 30 is connected to the locks 43 of the automobile, as well as to the automobile horn and lights 44, or other suitable alarm arrangements on the automobile.
  • synchronization Before a fob can be utilized to operate the locks or alarms on an automobile, synchronization must occur. Herein, this is also referred to as resynchronization since it is utilized at different times during the life of the system, as described hereinafter.
  • This resynchronizaton process is described hereinafter; suffice it at this point to say that the process will begin with the two secret initial (seed) values for the fob 16 located in a 20 bit linear feedback shift register (LFSR) 53, and a 19 bit LFSR 54, and suitable feedback masks for each of the LFSRs 53, 54 available at the input of corresponding feedback exclusive ORs 55, 56.
  • LFSR linear feedback shift register
  • the initial synchronization (an initial resynchronization command) includes 20 iterations of the shift register 53 and at least 19 iterations of the shift register 54, so as to provide a complete bit-wise convolution.
  • both shift registers may be provided with 20 iterations during initialization (which is assumed herein).
  • the high order bit is transferred by a line 61, 62 to the low order bit and is also exclusively ORed with those bits of the shift registers 53, 54 identified by bits in the feedback masks, to form the next higher order bits within the shift registers 53, 54.
  • One embodiment herein uses linear feedback shift registers, in some cases modified to be non-linear feedback shift register systems by shifting a pseudorandom number of iterations as described hereinafter.
  • pseudorandom number generation techniques may be used such as linear congruential pseudorandom number generators or non-linear congruential pseudorandom number generators as more fully set forth in Chapter 3 of The Art of Computer Programming, Volume 2/Seminumerical Algorithms, ed. 2, Knuth, Addison Wesley, Reading, Mass.
  • pseudorandom number generator need not be reversible.
  • a reversible generator is one where, given the current pseudorandom number and complete knowledge of the generation process, the previous pseudorandom number may be determined.
  • a linear feedback s register pseudorandom number generator is reversible.
  • the pseudorandom number provided by the iterations of the shift register 53 is supplied over a trunk of 20 lines 68 to a 39 bit shift register 69.
  • the shift register 69 is associated with feedback 70 in the same fashion as the LFSRs 53, 54, with the exception that the shift register 69 is loaded with new numbers before each cycle of shifting feedback iterations. In this sense, then, the shift register 69 and feedback operate more as a cyclic redundancy code generator.
  • the other input to the 39 bit shift register 69 is a trunk of 19 lines 73 from a gate 74 that causes the low order 5 bits of the 19 bit LFSR 54 on a trunk of lines 75 to be exclusive ORed with 5 bits on a trunk of 5 lines 76 from a command register 77.
  • the command register 77 simply registers up to 32 commands encoded from the operation of any of the switches 12-15 (or fewer commands if some bits are used in a discrete fashion).
  • the shift register 69 In each cycle, there is presented to the 39 bit shift register 69 the outputs of the LFSRs with a command exclusive ORed in the low order bits of one of them. Then, the shift register 69 undergoes 39 iterations of LFSR-type feedback through an exclusive OR process 70, which utilizes a secret feedback mask provided by the PROM 19. This provides a full bitwise convolution of the two words from the shift registers 53, 54, which is a cryptographic necessity.
  • Use of the shift register 69 may be employed in prior art systems, such as the two-generator embodiment of the Hill and Finn patent.
  • the result is an encrypted, key word provided on a trunk of 39 lines 80 to the 64 bit word 25, along with 16 fob ID bits from the PROM 19, a download bit 49 if appropriate, and a command flag such as a panic/resynch bit provided from the command register 77 on a line 81, when appropriate.
  • a command flag such as a panic/resynch bit provided from the command register 77 on a line 81, when appropriate.
  • both of the download and panic/resynch bits will be 0's.
  • an error correcting code circuit 83 to create a 7 bit error correcting code component on a trunk of 7 lines 84 for the 64 bit word 25; typically, a single error correcting, multi-error detecting code (such as a Hamming code) will be used.
  • the illustrated embodiment of the invention uses a linear feedback shift register as a cyclic redundancy code generator for encrypting the input into a key word.
  • any of several well-known reversible encryption techniques may be used.
  • McEliece error correcting code encryption For instance, the McEliece error correcting code encryption; the RSA cryptosystem; discrete exponentiation cryptosystem; linear or non-linear, full length or truncated congruential cryptosystems; or the DES cryptosystem, as more fully set forth in Chapter 10 of Contemporary Cryptology: The Science of Information Integrity, Simmons, ed., IEEE Press New York, N.Y. (1992).
  • the 64 bit word When the 64 bit word is fully assembled, it is transmitted serially (bit-by-bit) or otherwise, by any well-known technique, through the transmitter 27 to the receiver 31 of the receiver module 30 to become the 64 bit word 38 therein. All of the bits of the word 38 are applied over trunks of 57 lines 90 and 7 lines 91 to an error correcting and detecting process 92. If a single bit error has occurred, a signal on a line 93 (as appropriate) will correct the bit that is in error. If a multiple bit error is detected, the process is totally void, and the receiver module 30 simply goes into a half second wait state, which simply slows down any attempts to crack the code which is being used, as is described more fully hereinafter. If a multiple bit error has occurred but is not detected, the cryptographic authentication process will almost certainly fail. On the other hand, if the error correcting code shows that the 64 bit word 38 has no errors, then a first OK signal is provided on a signal line 94.
  • the ID of the fob reduces the probability that a command from a wrong fob will be cryptographically acceptable; it also reduces the amount of time it takes to iterate the code words in the receiver module to reach authentication (a match).
  • there is no restriction on which fobs are assigned as a group to an automobile and it is assumed that there is approximately one chance in 11,000 that two fobs assigned to a particular automobile will have the same ID number.
  • a feature of the invention is that if one fob with matching ID does not become authenticated, the receiver module 30 will see if there is another assigned fob with that same ID number, and if so, attempt authentication.
  • the 16 bit ID in the 64 bit word 38 is provided over a trunk of 16 lines 97 to a 16 bit compare circuit 98, the other inputs of which, on a trunk of 16 lines 99, are provided by the ID register 100, which really represents four different locations in the EE PROM 40, one for each associated fob. If, indeed, the message has come from one of the four associated fobs, a second OK signal appears on a line 101, and the identification number of the fob which has sent the message is provided on a trunk of 4 lines 102 to the PROM 40 and to the RAM 41 so as to utilize in the ensuing decryption process the secret mask for the selected fob and the two LFSR values which have previously been created for that fob.
  • the previous LFSR values are utilized rather than the initial secret values, because, according to the invention, the LFSR values are built upon, with only one, two or three iterations for each command received by the receiver module 30.
  • the 39 bit encrypted key word is provided over a trunk of 39 lines 107 to a 39 bit shift register 108 which can be identical in either structure or function to the 39 bit shift register 69 in the fob, except that it is iterated in a reversing process.
  • the reversing process is easily understood, one bit at a time, by considering how the received 39 bits got to be what they were. In the last iteration between the shift register 69 and the exclusive OR circuit 70 (FIG. 1) if the high order bit (leftmost bit in FIG.
  • the least significant bit in the shift register 108 is a 1, it is applied to exclusive OR the bits of each order with the same secret mask which was downloaded for this fob originally. For any bit (such as the ninth bit) for which there is a corresponding bit in the secret mask, whenever the lowest ordered bit at the start of the iteration is a 1, that bit will be inverted from 1 to 0 or from 0 to 1. But if there is no corresponding bit in the secret mask then the bit in question is simply advanced to the next lower order stage (in the example here, bit 10 becomes bit 9) without being inverted. Or, if the least significant bit (the rightmost bit in FIG.
  • a fob Once a fob is identified in the 16 bit compare circuit 98, its two secret feedback masks are loaded (from RAM 41) for use in corresponding exclusive ORs 113, 114, and its previously achieved 20 bit LFSR value is loaded into a 20 bit LFSR 115, while its previously achieved 19 bit LFSR value is loaded into the 19 bit LFSR 116.
  • the LFSR is shifted (with or without exclusive ORing as described hereinbefore) either once or twice, in the case of the LFSR 115 or two or three times in the case of the LFSR 116 in dependence upon a pair of corresponding gates 117 which control the application of a clock 118 thereto, in the same fashion as described with respect to FIG.
  • the 20 bits of the 20 bit LFSR 115 so generated are applied over a trunk of 20 lines 123 to a compare circuit 124, to be compared with 20 bits provided from the 39 bit shift register 108 over a trunk of 20 lines 125.
  • the high order 14 bits which are generated in the 19 bit LFSR 116 are provided by a trunk of 14 lines 127 to the compare circuit 124 for comparison with 14 bits of the 39 bit shift register 108 provided on a trunk of 14 lines 128. Assuming that both the 20 bit and 14 bit words compare properly, this signals a successful authentication on a line 129 and the receiver module 30 is allowed to receive and respond to the command made by the fob.
  • the only way to recover those bits is to exclusive OR the low order 5 bit positions from the 19 bit LFSR 116 with the low order 5 bit positions of the reconstituted word in the 39 bit shift register 108. Therefore, the low order 5 bit positions produced by the 19 bit LFSR 116 are provided over a trunk of five lines 130 to a five bit exclusive OR circuit 131, the opposite inputs of which consist of the lowest order 5 bit positions from the 39 bit shift register 108 on a trunk of 5 lines 132.
  • the result of the exclusive OR on a trunk of 5 lines 137 comprise the command which is stored in a command register 138.
  • the typical commands provided on a trunk of lines 139 to the locks 43 comprise door unlock, door lock, and trunk release.
  • Another command indicated by a signal on a line 140 may comprise a panic command which will cause the horn and lights 44 (or other alarms) on the car to scare away a loiterer as the driver approaches the car with the fob (as described more fully hereinafter).
  • the LFSRs 115, 116 are cycled again. In each cycle, the LFSR 115 will be shifted once or twice depending upon the random bit utilized as a control over its gate 117, and the LFSR 116 will be shifted two or three times in dependence on the random bit utilized to control its clock gate 117. This is to allow the receiver module 30 to catch up, in cycles, and therefore in iterations, to the status of the LFSRs 53, 54 in the fob 16.
  • buttons 12-15 on the fob will undergo one cycle, and the shift registers 53, 54 will undergo one or two, or two or three iterations, respectively.
  • the pressings of the buttons 12-15 may occur simply by being crushed in a purse, children playing with the fob, or otherwise. Since each fob keeps its own LFSR generated numbers, and the receiver module 30 likewise maintains separate LFSR generated numbers for each fob, each fob will generally be able to track with the receiver module except for the inadvertent pressings of the switches 12-15.
  • an 8 bit counter 143 allows the receiver module 30 to try to catch up to the fob in question by repeating as many as 256 cycles, automatically. In a normal case, the receiver module 30 will catch up to the fob in only a few cycles.
  • the receiver module 30 is non-responsive to incoming signals while it is attempting authentication of a previous signal; the 256 attempts to catch up will transpire in only a half second or less; thus, authentication will not be hampered by repetitive pressing of the unlock button 13 due to impatience.
  • the operator will understand that the receiver module is out of synchronization (cryptographic synchronization), and will press two buttons at one time (such as lock and unlock), or some other combination that will be recognized in the fob as a command to effect cryptographic resynchronization between the receiver module 30 and the fob 16, as well as to reinitalize following a loss of battery power (dead or changed), which allows the RAM data to disintegrate.
  • a recognized command to synchronize (resynch command”, hereinafter) in the command generator 77 (FIG. 1) will produce the panic/resynch bit on the line 81.
  • the resynchronization process in accordance with the present invention includes returning to the beginning; that is, returning to the use of the secret initial values and starting all over again.
  • the resynch command is used to initialize the units in the first place, and when they become out-of-synch, they are in a sense reinitialized just as when they are new.
  • the panic/resynch bit on the line 81 will cause the two initial secret values to be loaded from the PROM 19 to the LFSRs 53, 54 and the two initial secret feedback masks to be made available to the exclusive ORs 55, 56, and the 39 bit secret feedback mask to be made available to the exclusive OR 70.
  • the panic/resynch command on the line 145 causes the clocking gates 64 to cause 20 iterations, respectively, of the LFSRs 53, 54. The purpose is that, utilizing as many iterations as there are bits in the word, causes the maximal mix of the feedback, regardless of what the mask is, to assure complete bit-wise convolution.
  • the eight low order bit positions of the shift register 53 are provided with a truly random number on a trunk of 8 lines 146 from an 8 bit counter 145 which is allowed to respond to the clock 65 in a manner related to pressing of the buttons 12-15, as described with respect to FIG. 3 hereinafter. Since it is impossible for persons to depress buttons carefully enough to achieve other than a random number at computer clocking frequencies (500 KHz or more), the likelihood of this number being exactly the same in successive resynch processes is extremely small.
  • outputs of the 20 bit LFSR 53 and the 19 bit LFSR 54 are provided to the 39 bit shift register 69.
  • the shift register 69 thereafter undergoes 39 feedback shifting iterations, of the type described hereinbefore, to produce the 39 bit encrypted word in the 64 bit word 25.
  • the 16 bit ID for the fob is provided to the word 25, along with a panic/resynch bit (described hereinbefore) to indicate that this is a panic or resynch request, and the error correction code is computed and the code bits added to the word 25 as described hereinbefore.
  • the first two steps are the same as in a normal command. Error correction is provided if possible, and if the word is correct, the first OK signal appears on the line 94. Then, the four possible IDs are compared with the incoming ID in the word 38, and if there is a match, the second OK signal appears on the line 101 and the signals on the trunk of four lines 102 tell the EE PROM 40 which fob is being worked with and therefore which of the sets of two secret initial values and three secret feedback masks should be utilized. The appropriate secret initial values and three feedback masks are loaded into the LFSRs 115, 116, and the exclusive ORs 113, 114 and 109.
  • the content of the 39 bit shift register 108 is reconstructed by 39 reverse iterations, as described hereinbefore, so as to recover the word in the 39 bit shift register 69.
  • the output of the 20 bit LFSR 53 does not reflect 20 shift iterations of only the secret initial value that was placed therein, but rather represents 20 iterations of 12 high ordered bits of the secret initial value and 8 random low ordered bits
  • comparisons with the high order bits of the 39 bit shift register 108 cannot be made in the receiver module 30.
  • the 20 bit LFSR value must be recovered in the same way that the 39 bit shift register value is recovered. That is, a reverse linear feedback shift register operation, utilizing the exclusive OR mask with the least significant bit, is achieved in a 20 bit LFSR 151 (FIG.
  • the next step in the resynch process is to compare the high order 12 bit positions of the reconstituted word in the LFSR 151 with the 12 bits of the secret initial value of the 20 bit LFSR 115.
  • the 12 bits on the trunk of 12 lines 160 are compared with the 12 bits on the trunk of 12 lines 161, which are created solely in response to the initial secret value.
  • the 14 bits on the trunk of lines 127 are compared with the 14 bits on the trunk of lines 128; these should also compare because the 19 bit LFSR 116 has been pas through 20 iterations in response to its secret initial value so it should match the result in the 19 bit LFSR 54, the 14 high order bit positions of which have been reconstituted in the 14 bits of the 39 bit shift register 108 to which the trunk of lines 128 respond.
  • the panic/resynch command on the line 150 may be deemed to be a panic command, if desired, even if not decoded. Up to this point, the panic command and the resynch command are identical.
  • the next step in the resynch process is to compare the 8 bit random number in the low ordered bit positions of the 20 bit shift register 151 with the last four prior low order 8 bit random numbers received during resynchronizing.
  • the random number is compared with the last four such random numbers previously received by providing the 8 low order bit positions of the 20 bit LFSR 151 on a trunk of 8 lines 153 to 8 bits of the compare circuit 124 which are also responsive to a trunk of 8 lines 154 from a first in, first out stack 155 (actually embodied in the EE PROM 40), which keeps track of the last four 8 bit random numbers received during resynchronization operations.
  • the 8 central bits of the compare circuit 124 compare with any of the four 8 bit words in the first in, first out stack (FIFO) 155, the operation is a failure, and the receiver module 30 reverts to a half second wait period before it will react to the next command (as described hereinafter) and the matched word goes to the head of the stack and remaining words in the FIFO are adjusted accordingly.
  • the 8 bit word on the trunk of lines 153 does not compare with any of the bits in the stack 155, the comparison is a success and the operation can proceed; additionally, the 8 bit word on the trunk of 8 lines 153 is applied over the trunk of lines 154 to the FIFO stack 155, for comparison with subsequent random 8 bit words during subsequent rsynchronization operations. In such a case, the new word goes in the FIFO and the oldest word is dropped out of the FIFO.
  • the resynchronization operation is complete.
  • the resynchronization is commanded, after successful comparisons of the 12 high order bits and the 14 bits as described hereinbefore and no comparison with the FIFO, the values established in the shift registers 53, 54, 115 and 116 are left as they are, for use in authenticating the next normal command cycle.
  • the panic command is the same as has been described with respect to the resynch command, except that, if the command register 138 produces the panic command signal on the line 140, the lights and the horn 44 (or other alarm) are operated, and, all of the LFSRs 53, 54, 115, 116 are then restored to whatever setting they had immediately before sending and receiving the panic command.
  • the panic command operates differently from lock, unlock and trunk release commands, so that there will be response, even with total missynchronization between the fob and the receiver module. In the case of the panic command, starting over with the secret initial values ensures that authentication (to avoid nuisance responses) will be successful on the first try. Therefore, the panic command in the fob (FIG.
  • the fob comprises a microprocessor, such as a 68HC11, which has a stop mode in which the clock is stopped, the power consumption is negligible, and the only thing the processor can do is to respond to an external interrupt to get started again.
  • a microprocessor such as a 68HC11
  • application of battery power would cause the program to be reached through a power up entry point 170 and the processor would immediately stop at a step 171 where the only function is to perform a test 172 to determine whether any of the buttons 12-15 have been pressed, or not. So long as no button is pressed, the processor waits in a low power stop mode, in the loop 171, 172.
  • an affirmative result of test 172 reaches steps 173 in which a switch word in RAM 20 is ORed with the one of the switches which was pressed.
  • a switch word in RAM 20 is ORed with the one of the switches which was pressed.
  • two switches cannot be pressed within a few computer clocks of each other, so the first one will be sensed.
  • a second one is pressed within about 1/2 to one second, it will be treated as paired-up with the first; if the two are correct (e.g., lock and unlock) a resynch command is declared.
  • a switch interrupt selectively enabled during normal command cycles only, allows sensing the second switch of a resynch.
  • the steps 173 also enable the switch interrupt and start the random counter.
  • a decode command subroutine 179 is performed and a test 180 determines if the command is either panic or resynch. If so, an affirmative result of test 180 reaches a series of steps 181 in which the shift register contents are saved in buffers, the panic/resynch (P/R) bit on line 81 is set to 1; a working register, herein referred to as a "shift register" (SR), is set with the random counter in its low order 8 bit positions and with the higher order bit positions equal to a 12 bit secret initial value for the 20 bit LFSR, the mask associated with the SR is set equal to the 20 bit secret feedback mask from the PROM 19, and a cycle counter C is set to 20 iterations.
  • P/R panic/resynch
  • SR shift register
  • a bitwise linear feedback shift register iteration subroutine 182 is performed in which each bit is shifted to the next higher order position, with or without inversion, dependent upon the secret mask and/or whether the low order bit position has a 1, as described hereinbefore. Then the C counter is decremented in a step 183 and a test 184 determines if a complete, 20 iteration LFSR cycle has yet occurred. If not, another iteration is performed by the subroutine 182 and the C counter is decremented again. After 20 iterations, an affirmative result of the test 184 reaches a step 185 where the 20 bit shift register storage location in RAM 20 is set equal to the content of the working shift register.
  • the steps and test 182-185 comprise an LFSR cycle 186.
  • the 19 bit shift register 54 is prepared in a series of steps 190 in which the content of the shift register is set equal to the content of the 19 bit secret initial value in the PROM 19, the mask associated with the shift register set equal to the 19 bit secret feedback mask in the PROM 19, and the C counter is set equal to 19. Then an LFSR cycle subroutine 191 (similar to the subroutine 186) is performed. Then the 39 bit shift register 69 is prepared for its LFSR cycle in a series of steps 192.
  • the 5 low order bit positions are the exclusive OR of the command with the 5 low stages of the 19 bit shift register 54; the high 14 bits of the 19 bit shift register 54 are placed directly in the 39 bit shift register; and the highest order 20 bit positions are set equal to the 20 bit positions of the 20 bit shift register 53.
  • the mask is set equal to the secret feedback mask for the 39 bit shift register, found in the PROM 19, and the C counter is set to 39. Then, an LFSR cycle subroutine 193 is performed, this time with 39 iterations, and the result restored in the 39 bit shift register embodied in the scratch pad memory 20.
  • a routine 194 the 16 bits of the fob ID from the PROM 19, the 39 encrypted bits now in the 39 bit shift register, the P/R bit, and the download bit are all transmitted serially while the calculation for error correcting code bits is performed. These are calculated and transmitted, to complete the process of a panic or resynch command transmission. Whether it be a panic or a resynch is determined by the status of the five command bits. If a resynch was performed, the new values of the 20 bit shift register and 19 bit shift register will be retained as the pseudorandom starting words to be used for future authentication of transmissions to the receiving module. But if this is a panic command, the new values are only used to ensure synchronized response, one time, and a test 195 causes the previous values of the 20 bit and 19 bit shift registers to be restored from the buffers in a step 196.
  • the working shift register is set equal to the 20 bit shift register in the RAM 20 (not the secret initial value), so as to take advantage of the pseudorandom number generated by all of the previous iteration.
  • the mask for the shift register is set equal to the 20 bit shift register secret feedback mask from the PROM 19, and a set of random bits (which determines how many iterations are to be performed, similar to the gates 64 of FIG. 1) is set equal to whatever random bits have been selected to be used to control the iterations for the 20 bit shift register.
  • a pair of tests 200 determines what the random bits are: if both are a 1, a step 201 sets the C counter to 1; if both are a 0, a test 202 sets the C counter to 2. But if they are different, a step 201a sets the C counter to 3. Then, either a 1 iteration, 2 iteration or 3 iteration LFSR cycle subroutine 203 is performed.
  • This aspect of the invention may be used in prior art systems, such as in the Hill et al patent.
  • a series of steps 204 set the working shift register equal to the content of the 19 bit shift register in the ram 20, the mask for the working shift register is set equal to the secret feedback mask for the 19 bit shift register in the PROM 19, and the random bit is set equal to whatever bit has been chosen to be random for the 19 bit shift register.
  • a test 205 determines if the random bit is 1, or not. If it is, a step 206 sets the C counter to 3, and otherwise a step 207 sets the C counter to 2. This provides four iterations (201, 206; 202, 207) whether the random bit is 1 or 0; but it may be set in other ways, if desired.
  • a 2 or 3 iteration LFSR cycle subroutine 191 is performed.
  • the series of steps 192 set things up so as to form the 39 bit encrypted word
  • a 39 iteration LFSR cycle subroutine 193 is performed so as to produce the 39 bit encrypted word
  • the subroutine 194 transmits all the bits together with a calculated error correction code.
  • the differences between encrypting and transmitting normal commands and the panic/resynch command are the setting of the P/R bit, the use of the random counter 145, the use of the secret initial values and the particular code which is exclusive ORed into the 19 bit shift register 54.
  • the program advances to a one-half second wait in a step 208. This is to ensure that successive button pressings which are independent of each other will occur no closer than one-half second apart.
  • a switch interrupt might have occurred as a result of a second pressing of one of the switches 12-15. As described hereinbefore, this is most likely the case of an attempt to press two switches at once (such as lock and unlock) to thereby cause a resynch.
  • a test 211 determines if the resynch flag has been set. If it has, an affirmative result of test 211 reaches a step 212 which resets the resynch flag, and then the program advances to the decode command subroutine 179. If the first switch which was pressed, turning on the computer, was either lock or unlock, and the second switch which was pressed, causing the switch interrupt, was either unlock or lock, respectively, then the decode command subroutine will in fact decode a resynch command, to cause a resynch operation of the type described hereinbefore.
  • any other two-key series may be decoded into a lock command for security, or into a panic command since the panic command will not affect security, or it could cause reversion to the one-half second waiting period, at step 208, or otherwise as suits any particular implementation of the invention.
  • the decode command subroutine will decode a resynch command without the aid of FIG. 4 and the resynch flag. If switches are repetitively pressed at less than half-second intervals, the switch word will either contain gibberish or will simply repeat the resynch command.
  • the decryption of FIG. 5 is carried out in a microprocessor of the same general type as is used in the fob.
  • the routine When connected to a battery, the routine is entered through a power up transfer point 214 and the processor immediately goes into a stop mode at a step 215, where the clock is off and the only function is to respond to a receiver interrupt at a test 216.
  • the processor in the automobile In between usages, the processor in the automobile will remain in the stop mode, in the loop 215, 216.
  • an affirmative result of the test 216 will reach a subroutine 217 which handles receiving all 64 bits of the word transmitted from a fob, calculating the error correcting code, and fixing any single error which can be fixed.
  • test 218 determines if the error correction code indicates correct data. If it does not, a negative result of test 218 reaches a transfer point 219 and then a step 220 where the program just waits for half of a second. The purpose of this is to severely hamper any attempts to break the code through repetitive application of numbers, with or without calculated likely candidates. After waiting one-half second, the processor returns to the stop mode in the loop 215, 216.
  • n a working number
  • n a working number set equal to 4 (or to such other number as the number of fobs which can be associated with the automobile).
  • a subroutine 223 compares all the bits of the incoming ID number to all the bits of the ID number for fob 4. If they are not equal, a negative result of a test 224 will reach a step 225 where n is decremented and a test 226 determines if all of the fobs have been checked or not. If they have, that means a signal has been received from a fob of another automobile by accident, or from some other unauthorized sources.
  • an affirmative result of test 226 is taken to be a failure, and the wait step 220 is reached through the wait transfer point 219. Otherwise, the ID of another fob is checked in the subroutine 223. Assuming that the ID number matches for one of the fobs, another working number, N, is set equal to n so as to identify the words in the PROM and RAM needed for decryption, in a step 227. Since the received word may relate to a fob other than fob N, but having the same ID number, the shift register values for fob N are saved in a buffer, in a pair of steps 228, so they may be restored if authentication fails.
  • a test 229 determines if the P/R bit was present in the incoming word, or not. If it is present in the incoming word, the panic/resynch decrypt routine of FIG. 6 is reached through a transfer point 230.
  • the first steps 232 set a main working shift register (SR) and its mask equal to the secret initial value and the secret feedback mask for the 19 bit LFSR, respectively, from the PROM 40 for the selected fob N, and a C counter is set equal to 20 so as to cause 20 iterations. Then, a 20 iteration LFSR cycle subroutine 233 is performed on the 19 bit shift register. It is assumed that the 39 bit encrypted word portion of the 64 bit received word 38 is stored immediately in a 39 bit shift register location within the RAM 41, which is where it now can be found. Then the 39 bit encrypted word, in the 64 bit word 38, and the 39 bit secret mask for the fob N are provided to the shift register and the C counter is set for 39 iterations, in step 234.
  • SR main working shift register
  • a bitwise reverse LFSR iteration subroutine 235 is performed which looks at the low order bit to determine whether the bits corresponding to the mask should be flipped before they are shifted to the next lower order position in the shift register to reconstitute the original word prior to encryption.
  • the C counter is decremented in a step 236 and when all 39 iterations have been performed, an affirmative result of a test 237 will reach a step 238 wherein the content of the working shift register is stored in the 39 bit shift register in RAM 41.
  • the steps and tests 235-238 comprise a reverse cycle subroutine 239, which recovers the initial unencrypted value of the concatenation in the 39 bit shift register 69 in the fob.
  • Bits 19-38 of the decrypted 39 bit shift register are now loaded into the working shift register in steps 242, the rusk for the shift register is set equal to the 20 bit secret feedback mask for fob N from the EE PROM 40, and C is set equal to 20, and a 20 iteration, reverse LFSR cycle subroutine 243 is performed to recover the combined word (initial value plus random).
  • a subroutine 244 there is a bitwise comparison of the 39 bit shift register bits 27-38 with the twelve bits of the 20 bit secret initial value for fob N, from EE PROM 40, and of bits 5-18 of the 39 bit shift register with bits 5-18 of the 19 bit shift register for fob N, which are found in the RAM 41.
  • test 246 determines if the panic/resynch bit was established in response to a resynch command. If not, the panic command is performed by tuning on the lights, horn, or other alarm of the automobile in a step 254. Then, the shift registers for fob N are restored in the steps 250 and the wait step 220 is reached through the transfer point 219.
  • a positive result of test 253 reaches a subroutine 255 which compares bits 19-26 of the 39 bit shift register (the regenerated random number) to a queue of previously used random numbers in the first in, first out stack (FIFO) 155, in EEPROM 40. If the random word compares to any of the last four (or whatever size FIFO is chosen) random words in the queue which were used in resynchronization, the resynchronization is deemed to be unsuccessful, since it is assumed that there has been clandestine playback of a copied random word.
  • an affirmative result of a test 256 reaches a subroutine 257 that rearranges the FIFO stack by moving the random word from its position in the queue in the FIFO stack to the first position thereof, and adjusting the position of the other words in the queue, without losing any. And, since this is deemed to be an unsuccessful attempt to resynchronize the unit, the old values in the 19 bit and 20 bit shift registers for fob N are restored in the steps 250. Then, the wait step 220 is reached through the transfer point 219.
  • the resynch operation is successful, so the steps 250 are bypassed and the setting of the 19 bit shift register for fob N in RAM 20 is left as it was established by the resynchronization operation, at subroutine 233.
  • the 20 bit LFSR word created in the subroutine 243 is placed in the RAM for fob N (step 259), for use en future.
  • An important aspect of the present invention is that resynchronization occurs only after: 20 iterations of the 19 and 20 bit shift registers from their secret initial values and the random number; performing 39 iterations in the 39 bit shift register with those values, and the exclusive OR of the command; reverse iterations of the 39 bit encrypted word in the receiver module; reverse iteration of the 20 bits which include the secret initial value of the 20 bit shift register and the random counter; generation and successful comparison of the high order bits of the 19 bit shift register; and a failure of comparison of the random word with any of the last four random words used to resynchronize the system. This is quite secure.
  • the try counter 143 is set to its maximum count in a first one of a series of steps 262. Then, the working shift register (SR) is set equal to the 39 bit shift register in the RAM 20, which contains the 39 bit encrypted word.
  • the mask for the shift register is set equal to the 39 bit secret feedback mask in the EE PROM 40, the C counter is set equal to 39, and a reverse LFSR cycle subroutine 267 is performed.
  • a series of steps 271 cause the contents of the 20 bit shift register for fob N to be loaded from the RAM 41 into the working shift register (SR), the mask for the shift register is set equal to the secret feedback mask for fob N in the EE PROM 40 and a random bit is set equal to whatever bit or bits have been chosen for the 20 bit shift register (as described with respect to steps 199 in FIG. 3). Then the random bits are tested in a pair of steps 272, and if both are a 1, the C counter is set equal to 1 (step 273), if both are a 0, the C counter is set equal to 2 (step 274), and otherwise the C counter is set equal to 3 (step 274a). Then, an LFSR cycle subroutine 275 is performed.
  • a series of steps and tests 276-279 prepare to run an LFSR cycle subroutine 280 for the 19 bit shift register in a similar fashion.
  • a subroutine 284 does bit-by-bit comparisons of the 39 bit shift register to the 20 bit shift register and to the high order bit positions of the 19 bit shift register, for fob N. If all the bits are equal, an affirmative result of a test 285 causes the particular command to be found by exclusive ORing the 5 low order bits in a subroutine 286 and the command is performed in a step 287, such as locking or unlocking the door, or releasing the trunk lid.
  • a negative result of test 285 reaches a step 288 where the try counter is decremented and a test 289 to determine if 256 tries have been made yet. If not, another pair of iterations 275, 280 are performed and compared. This goes on until the receiver module 30 catches up with the fob 16 (if it can). If after 256 tries, a comparison has not been reached, an affirmative result of test 289 will reach a test 290 to see if all the fobs have been given consideration. If not, the restoration steps 249 (FIG. 5) are reached through the transfer point 248. Otherwise, the shift registers for fob N are restored to their starting values in steps 292 and the program reverts to the wait step 220 (FIG. 5) through the transfer point 219.
  • an alternative random iteration utilizes a pair of bits from the random counter to determine the number of iterations of the 20 bit shift register operation and one bit thereof to determine the number of iterations in the 19 bit shift register operation.
  • the cycle counter, C has its two low ordered bit positions (0, 1) set equal to the selected bits (3 and 6 in this example) of the random counter, and it is incremented to ensure that a zero-valued pair of bits will not result in no iteration.
  • steps 204a replace steps and test 204-207 to provide one or two iterations in the 19 bit operation.
  • the random number is found at the head of the queue in the FIFO memory (40) for fob N.
  • Steps 271a replaces steps and tests 271-274a and steps 276a replace steps and tests 276-279.
  • the number of iterations in each case is one higher (1-4; 1 or 2) than the value of the bit or bits (taken together as low ordered bits) selected from the random counter.
  • fewer choices of the number of iterations may be used in response to random counter bits, as in tests 200 and 272, or by means of any other decode. Of course, more bits and higher numbers may be used.
  • the present invention may be utilized without the use of ID numbers, simply by trying all of the sets of stored shift register words and masks; this would make the system subject to more nuisance iterations since the ID number would no longer screen out many transmissions from similar, unauthorized systems. And there must be some sort of a tag to correlate the generated pseudorandom words with the correct feedback mask for subsequent iterations, as well as with the correct initial value. This may be achieved by arbitrary numbering of the various sets of initial values and masks and corresponding registers for storing the iterated words.
  • the various number of iterations used during synchronization may be the same (e.g., 20, or more) for both random words generated from initial values, or they may be different (e.g., 20 and 19, or more).
  • the term "encryption" inherently defines a process capable of decryption.
  • the process of encryption employs a pseudorandom number generation operation of any type, that generation operation must be capable of being practiced in reverse, such as the reverse LFSR operation utilized herein.
  • the encryption processes and operations used herein may be any of those described hereinbefore by way of example, and others.
  • the LFSR pseudorandom number generation operation is one of the easier ones to understand, and probably the simplest to implement in dedicated or quasi-dedicated hardware. That is, if the signal processing means of the invention includes dedicated shift registers and the like as may be implied in FIGS. 1 and 2, the LFSR form of encryption may be preferred.
  • secret initial values and secret feedback masks for generating maximal length sequences of pseudorandom numbers are essentially unique to each transmitter, but not necessarily totally unique.
  • sets of two secret initial values and three secret feedback masks, taken together, are capable of distinguishing more vehicles than are made in a lifetime; however, the method of assignment, or human error or design, could result in some few with the same set of numbers.
  • the use of a 16 bit identification number means that there will be several fobs each year possibly having the same identification number (but not the same secret values) so that over a course of time, there could be many fobs (such as about 5,000 fobs in the USA over a 10-year period for each possible identification number). Within statistical probability, it is possible that as many as one out of 10,000 automobiles having four fobs each may have two fobs with the same identification number. It is an important aspect of the present invention, that even if one fob having a correct identification number is not authenticated within 256 tries (or whatever is used), it will nonetheless try any other fob that may have the same ID number.
  • the last tried fob is likely to be reported as faulty, and a new fob issued, with very minuscule likelihood that the new fob would have the same identification number as the remaining fobs in the set.
  • lock-related command means the conveying of other than a synchronization command, the conveyance of which is to be authenticated; this may then be thought of as a command apart from the internal functioning of the system itself.
  • each encryption (such as the 19 bit, the 20 bit and the 39 bit shift register encryptions) are the same linear feedback shift register pseudorandom number generation). However, they need not all be the same, and in fact can be different algorithms to further confuse any attempted analysis. Similarly, the number of bits in the shift registers can be whatever is desired. In all cases, the greater number of bits, the harder to break the code by analysis. The numbers used herein provide a safe system, but greater or fewer numbers of bits may be chosen in practicing the invention if desired. Similarly, the words may be considered to be single words, or double words in the sense that the 19 bit shift register produces one portion of 14 bits which is used for cryptographic authentication, and another portion which carries the command but is not used in cryptographic comparison for authentication.
  • the invention may use more than two concatenated words in the final encryption, such as an additional word or such as having three words, each slightly smaller than the two words used in the final 39 bit encryption herein.
  • the invention is disclosed as being employed in system in which the transmitter transmits to the receiver, but the receiver does not transmit back to the transmitter.
  • the precepts of the present invention can be used singularly, or in combinations in systems which, for one purpose or another, employ bilateral communications between the two units. Aspects of the invention may then be used to authenticate transmissions in both directions, or only in one direction, as is necessary.
  • the invention is disclosed herein, and nay find its greatest utilization, in a remote authentication system, it may as well be used in a system in which the transmitter is connected by a conductor to the receiver, so as to provide secure operation between the two.
  • aspects of the invention may be utilized in contact embodiments, such as in electronic keys, so as to provide insurance against the temptation of insiders to perform a clandestine system breach, as well as protecting against outsiders compromising the system.
  • the 20 bit shift register operation may employ one through five iterations, dependent upon the random occurrence of a pair of bits within the register, or a pair of random bits.
  • the 19 bit shift register operation may employ one through three iterations, depending upon one of its bits or a random bit.
  • these numbers may as well be reversed, they may be the same, they may depend on each other or on any pseudorandom events that can be duplicated in the receiver, and/or either of them may be greater, provided that time constraints do not prohibit a greater number of iterations, and that every possible condition results in at least one iteration.
  • the small number of iterations would not be important but for the fact that in any given transmission, the receiver is allowed up to 256 attempts to catch up, iteratively, to the encryption process for the given transmitter (or for several transmitters). There is even more flexibility when the variable iterations are used in a pseudorandom number generator in other than transmitter/receiver environments (such as in computer processes).
  • the present invention uses a one-half second waiting period in order to foil attempts to use a brute force, exhaustive numerical trial method of compromising the system.
  • This is a period of time, for the exemplary numbers herein, which assures that the expected time for success (the time to yield a 50% statistical chance of success) is longer than one month.
  • different periods of time may be used in the receiver, dependent upon the need to be responsive to the customer. This should not be confirmed with governmental limitations on transmitting more than one message in each half second, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computational Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Lock And Its Accessories (AREA)

Abstract

An automobile door lock receiver module (30) and a plurality of keychain fob transmitter units (16) contain identification numbers, secret initial values, and secret feedback masks so as to authenticate encrypted messages from any of the assigned fobs, indicative of commands registered by closing switches on the fob. Each fob is synchronized with the receiving module by means of a truly random number concatenated with a secret initial value and encrypted, through a linear feedback shift register or other operations. A second secret initial value is encrypted and command bits are exclusive ORed into the low order bit positions; the two encrypted numbers are concatenated and encrypted to form a key word which is transmitted with the fob ID. Synchronization includes decrypting to recover the truly random number and the secret initial value concatenated therewith; the truly random number is compared with previously received random numbers in order to avoid copying of recently transmitted synchronization commands. Successive lock-related commands utilize the number encrypted from the truly random number and the second secret initial value as starting values, employing a pseudorandom number of encryption iterations. A half-second delay between responses mitigates gaining access through numerical trials. An authenticated panic alarm command operates the headlights and horn of the vehicle but does not alter the synchronization.

Description

TECHNICAL FIELD
This invention relates to pseudorandom numbers and cryptographically encoded transmissions, such as the type involved with an automobile key chain fob transmitter which opens the automobile door locks or trunk in response to transmissions from the fob.
BACKGROUND ART
The art of encoding transmissions so that the transmissions may be authenticated at a receiving module must meet criteria for technical viability (security) as well as low cost and convenience. The cost and convenience criteria result in an inability to use any encoding with polynomials of excessive degree (such as binary numbers of hundreds of bits). Furthermore, cryptographic processing must require less than one second for acceptability by the user. Cost and weight constraints can limit the size and sophistication of a microprocessor or other signal processing equipment used in the system.
An example of such a system is disclosed in commonly owned U.S. Pat. No. 5,191,610 to Hill and Finn. That system utilizes linear feedback shift register pseudorandom number generation having the same seed number and the same, fixed feedback mask in the receiver as in the transmitter. The number of iterations of linear feedback shift register pseudorandom number generation are counted in both the receiver and the transmitter, there being one additional iteration each time that a command is sent. Should the receiver not recognize one of the transmissions (because the transmitter was inadvertently activated at a great distance from the receiver, or otherwise), the receiver is allowed a moderate number of catch-up iterations in which it attempts to match the received transmission. Should that fail, the transmitter tells the receiver how many iterations from the seed it should perform in order to recreate a new current pseudorandom number in order to resynchronize the receiver to the transmitter pseudorandom number.
The aforementioned system requires that a receiver and a transmitter be wired or loaded with a binary feedback mask at the factory and sold as a pair. It also precludes matching a replacement transmitter with an existing receiver without the involvement of dealership personnel, which could compromise security. The pseudorandom number generators of the Hill and Finn patent use one iteration per encrypted message. This saves time but results in a certain level of correlation between successive samples, so that the samples are less random-like. In other pseudorandom number applications, the speed advantage of the aforementioned system could be useful but for the inherent correlation.
Any such system, except one that uses a truly random number of infinite degree, can be compromised either by analysis of a succession of intercepted signals, or by a brute force, exhaustive numerical trial approach which simply tries every number possible as the authentication word (the code or key).
Coded keypads used for unlocking vehicles have inherent security features. The generation of the code word by pressing keys can be shielded from view, and is certainly not capable of being determined beyond a line of sight. Furthermore, there would be great risk for an intruder entering every possible number into a keypad in an attempt to replicate the code (unless, of course, the automobile were parked in an unobservable area, such as a private or otherwise vacant garage). Thus, the keypad cannot be breached by analysis, and is not likely to be breached by numerical trial.
In contrast, lock systems which employ remote transmissions are enormously subject to security tampering because the surveillance of the transmissions may be carried out in another vehicle, without attracting any attention whatsoever. Therefore, it is possible to record many transmissions to a given vehicle, such as in a reserved workplace parking space (which commonly contains expensive cars), as well as providing an unobservable opportunity to attempt the breach of a security system (or even several systems at one time) by broadcasting huge volumes of random numbers, in parking lots where vehicles remain for long periods of time, such as at airports.
Whenever a transmitter is newly assigned to be used with an existing receiver, it is not sufficient to allow the new fob to identify itself and become authorized, without limiting that activity to a time when there is authorized access to the receiver through other than the transmitter itself (that is, within the vehicle itself). Thus, access to the vehicle by means of a traditional key or the like assures the safety of matching a newly assigned transmitter to an existing receiver. In the case of loss of synchronization between the transmitter and the receiver, simply allowing the receiver to synchronize to a particular pseudorandom number provided thereto by the transmitter makes it too easy for a surreptitious breach of security based on the analysis of a few transmissions, and synchronizing thereafter to one of the previous transmissions, utilizing numbers expected to be successful based upon analysis. Mere obfuscation of the resynchronizing code could be compromised by analysis of successful resynchronizations, and determination of the obfuscation function. The danger is not just that a single car might be broken into, but that a sophisticated capability might be developed and thereafter utilized extensively to breach the security of a large number of automobiles of a similar type.
DISCLOSURE OF INVENTION
Objects of the invention include provision of an improved remote operating system, the security of which is extremely difficult to breach by analysis, in which analysis of transmitted signals provides essentially no assistance in reducing the amount of numbers required for a numerical trial breach of security, and in which numerical trial breach of security requires, at a minimum, a prohibitively long time, rendering the vehicle essentially secure to brute force numerical trial attack, and which is useful only on a per vehicle basis. Other objects include rapid pseudorandom number generation with minimal correlation.
This invention is predicated on our observation that introducing non-linearities into the Galois field operation of linear feedback shift register pseudorandom numbers can render a code very difficult to breach by or with aid from numerical analysis. The invention is further predicated on the fact that time constraints on authentication can render the numerical trial approach essentially useless. The invention is predicated in part on the reversibility characteristic of the well-known exclusive OR operation, and on the reversibility of encryption such as encryption involving linear feedback shift register operations.
According to the present invention, an encryption, such as a linear feedback shift register pseudorandom number generation operation, is performed on a word comprising a pair of concatenated, independently generated numbers, which may themselves be encrypted (such as pseudorandom numbers) and the result transmitted to a receiving module where a decryption, such as a reverse pseudorandom number generation operation, recovers the concatenated numbers for cryptographic authentication. In accordance further with the invention, the encryption and decryption are performed with a secret mask essentially unique to the transmitter. According further to the invention, an encrypted number, such as a pseudorandom number, used for cryptographic authentication contains command bits exclusive ORed into at least a portion thereof.
According to the invention, a number utilized in authentication of command transmissions is generated by an iterative encryption process, such as a linear feedback shift register pseudorandom number generation operation, which has a variable number of iterations per authentication, the number varying in response to a pseudorandom event. According further to the invention, a pair of . .pseduo.!. .Iadd.pseudorandom .Iaddend.numbers are iteratively encrypted, such as by linear feedback shift register pseudorandom number generation operations, using a different number of iterations in each successive encryption, the sequence of the number of iterations of one of them being different from the sequence of the number of iterations of the other of them said number of iterations being based upon respectively different pseudorandom events related to the respective words.
According to the invention, a plurality of transmitters are usable with a single receiver by means of secret numbers (such as initial values and feedback masks for feedback shift register encryption) essentially unique to each transmitter which are replicated in any receiver with which a transmitter is to be used, the receiver being capable of determining if each received transmission can be authenticated utilizing the initial values and masks of any of its assigned transmitters.
In accordance with the present invention, the initial secret values and feedback masks of transmitters to be associated with a given receiver are stored (such as in an erasable read-only memory) by downloading the secret numbers of a transmitter into a receiver, thereby permitting the addition of a transmitter to the family of transmitters to which a receiver can respond. Although this may be performed at a dealership, it does not require, nor need it permit, human knowledge of the precise numbers; therefore, the possibility of surreptitious access is nearly eliminated. In further accord with the invention, identification numbers are associated with the secret numbers of each transmitter, which prescreen transmissions before authorization attempts, thereby reducing nuisance operations from similar, unauthorized transmitters, and reducing the time required for multiple authentication attempts.
According to the invention, the reception of each word causes the receiver of a remote operating system to become unresponsive to further transmissions for a period of about one-half second or more, thereby significantly inhibiting the capability to breach the security thereof through exhaustive numerical trails.
According to the invention, cryptographic authentication of transmissions from a remote transmitter to a receiver module involves encryption, such as by linear feedback shift register pseudorandom number generation operations, utilizing secret feedback masks which are essentially unique to each transmitter, and replicated only in a receiver which is to respond to the related transmitter.
Random iterations of the invention reduce correlation between successively generated pseudorandom numbers. Cooperative use of all of the aforementioned features in a remote operating system renders the system extremely difficult to breach by analysis; and use of a half-second delay, for example, causes a 50% statistical probability of a 39 bit encrypted key word being breached by exhaustive numerical trials to require more than one month.
The invention may be used in remote systems other than automobile lock systems.
Other objects, features and advantages of the present invention will become more apparent in the light of the following detailed description of exemplary embodiments thereof, as illustrated in the accompanying drawing.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a stylized, simplified schematic block diagram of a transmitter according to the invention.
FIG. 2 is a stylized, simplified schematic block diagram of a receiver according to the invention.
FIG. 3 is a logic flow diagram of a transmitter encryption routine according to the invention.
FIG. 4 is a logic flow diagram of a switch interrupt subroutine which may be utilized in the present invention.
FIG. 5 is a logic flow diagram of a first portion of a receiver decryption routine according to the invention.
FIG. 6 is a logic flow diagram of a panic command or resynch command portion of a decryption routine according to the invention.
FIG. 7 is a logic flow diagram of a normal command authentication portion of a decryption routine according to the invention.
FIGS. 8 and 9 are logic flow diagrams of alternative routines for pseudorandom iterations.
BEST MODE FOR CARRYING OUT THE INVENTION
One example of the present invention is its use in a remote, encrypted automobile door and trunk locking and unlocking mechanism. The command to perform a certain task, such as a lock-related command (lock or unlock the doors, release the trunk), or to operate the lights and the horn or other alarm on the automobile in the event of a panic situation, or to cause cryptographic synchronization or resynchronization between the transmitter and the receiver module in the automobile, are under control of a plurality of buttons 12-15 disposed on a keychain fob or other hand-held transmitter unit shown in FIG. 1. The switches 12-15 may be tactile or touch-type and feed a microprocessor 17 which is associated with a PROM 19, a RAM 20 and a ROM 21. The PROM 19 is programmable only once, capable of having one set of output/input relationships burned therein, as is well known in the art. Typically, upon manufacture, each fob 16 will have its PROM burned in so as to establish a 16 bit identification number, which is not protected as secret information, as is described more fully hereinafter; two secret initial (seed) values from which encrypted messages are originated; and three secret feedback masks defining suitable polynomials for feedback exclusive ORing in the encryption process, for the life of the fob, all as is described hereinafter. The RAM 20 is used as a scratch pad memory, in the usual way, and will contain changing values of the shift registers and commands, as described hereinafter. The program for the microprocessor 17 is contained in the ROM 21.
It is assumed that the microprocessor 17 is the type which has a stop mode in which the clock does not run, and the only function that the microprocessor can perform is to respond to an external interrupt, which in this case would be the closure of one of the switches 12-15. This keeps power consumption extremely low, and a suitable battery 24 could last about five years. The microprocessor 17 assembles a 64 bit command request word 25 which is applied serially over a line 26 to a suitable transmitter 27 (e.g., RF or infrared), which serially transmits the command request, as digital bits or otherwise, a suitable distance, such as not more than 10 meters. The fob 16 will, before beginning its useful life, be associated with a particular automobile along with up to three more fobs (n the example herein) so as to form a set of up to four fobs, any one of which can operate the locks or the panic alarm of a related receiver module 30 in an automobile or other secured enclosure. The receiver module 30 in the automobile includes a receiver 31 which receives the serial bits and applies them over a line 32 to a microprocessor 33, where the 64 bit word 25 is replicated in a 64 bit word 38. The microprocessor 33 is powered from the automobile battery system 39. The microprocessor 33 has an electrically erasable PROM 40, a RAM 41 and a ROM 42 associated therewith. Each fob 16 is associated with a module 30 at a dealership, so that lost fobs may be replaced and matched to the module 30 anytime. A 64 bit word 25 (FIG. 1) is formulated with each fobs' ID, secret initial values and masks, and a download signal is provided, in some fashion, by factory personnel on a line 49. This may be achieved by a jumper, or in any other suitable way, since it does not pose a security threat unless the receiver 30 is tampered with simultaneously, which can be avoided as described below. The 64 bit word 25 sent to the receiver module 30 during a download includes one bit indicating the download operation. The presence of the download bit in the 64 bit word 38 (FIG. 2) can result in a download signal on a line 50 provided that the auto receiver 30 has been put into a download condition, such as by the installation of a download jumper 51 or other security measure. When download is suitably indicated, the fob ID and two initial values from the PROM 19 will be stored in the electrically erasable PROM 40. Then two secret feedback masks, of the same bit length as the initial values, will be sent with the ID in a similar fashion; and finally, a feedback mask which is as long as the concatenation of the two initial values is sent from the PROM 19 to the EE PROM 40 in the auto receiver 30. In a similar fashion, the initial values, feedback masks and ID's of three other fobs (in this example) will be loaded into the auto receiver 30 during valid download operations.
The word 25 appears in FIG. 1 to be within a special 64 bit register. However, the word 25 actually appears in various parts of the RAM 20, in addresses designated to be used for holding the parts of the outgoing, serially transmitted word. Similarly, all of the apparent hardware within the microprocessor 17 is merely illustrative of processes and relationships, which may indeed be performed by hardware which resembles that illustrated in FIG. 1, or may be implemented, as is preferred, by processing of bits utilizing the RAM 20 as a scratch pad memory, by means of software which is well within the skill of the art in the light of the teachings which follow hereinafter.
The microprocessor 33 has functions and processes illustrated therein which may either be hardware or software, as described with respect to FIG. 1 hereinbefore.
The narrative with respect to FIG. 1 is of a form describing hardware: software implementation of the invention is described with respect to FIGS. 3-7, hereinafter.
The receiver module 30 is connected to the locks 43 of the automobile, as well as to the automobile horn and lights 44, or other suitable alarm arrangements on the automobile.
Before a fob can be utilized to operate the locks or alarms on an automobile, synchronization must occur. Herein, this is also referred to as resynchronization since it is utilized at different times during the life of the system, as described hereinafter. This resynchronizaton process is described hereinafter; suffice it at this point to say that the process will begin with the two secret initial (seed) values for the fob 16 located in a 20 bit linear feedback shift register (LFSR) 53, and a 19 bit LFSR 54, and suitable feedback masks for each of the LFSRs 53, 54 available at the input of corresponding feedback exclusive ORs 55, 56. The initial synchronization (an initial resynchronization command) includes 20 iterations of the shift register 53 and at least 19 iterations of the shift register 54, so as to provide a complete bit-wise convolution. For ease in programming, both shift registers may be provided with 20 iterations during initialization (which is assumed herein). In each cycle, the high order bit is transferred by a line 61, 62 to the low order bit and is also exclusively ORed with those bits of the shift registers 53, 54 identified by bits in the feedback masks, to form the next higher order bits within the shift registers 53, 54. This is the very well known function of linear feedback shift registers, in the process of generating maximal length .Iadd.pseudorandom .Iaddend.numbers, as described in Numerical Recipes, Press, Flannery, Teukolsky, and Vetterling; Cambridge University Press, Cambridge, Mass. (1986). The feedback mask has to represent a suitable polynomial so as to provide a maximal length code, having degree N, which repeats only after 2N -1 iterations. This is more fully set forth at pages 108-109 of Error Correcting Techniques for Digital Communication, Michelson and Levesque, John Wiley & Sons, New York, N.Y. (1985), and in Appendix C of Error Correcting Codes, Pederson and Weldon, MIT Press, Cambridge, Mass. (1972).
One embodiment herein uses linear feedback shift registers, in some cases modified to be non-linear feedback shift register systems by shifting a pseudorandom number of iterations as described hereinafter. However, other well-known pseudorandom number generation techniques may be used such as linear congruential pseudorandom number generators or non-linear congruential pseudorandom number generators as more fully set forth in Chapter 3 of The Art of Computer Programming, Volume 2/Seminumerical Algorithms, ed. 2, Knuth, Addison Wesley, Reading, Mass. (1981); or inverse congruential pseudorandom number generators or generalized feedback shift register pseudorandom number generators as more fully set forth in Chapters 7, 8 and 9 of Random Number Generation and Quasi-Monte Carlo Methods, Niederreiter, SIAM, Capitol City Press, Montpelier, Vt. (1992); or multiplicative, I/P, power, discrete exponential, kneading map, shift register, or cellular automatic pseudorandom number generators as more fully set forth in "Pseudorandom Number Generators in Cryptography and Number Theory", J. C. Lagarias, pages 115-143 of Cryptology and Computational Number Theory, Pomerance, ed, Volume 42, Proc. SIAM (1990).
In general the pseudorandom number generator need not be reversible. A reversible generator is one where, given the current pseudorandom number and complete knowledge of the generation process, the previous pseudorandom number may be determined. For example, a linear feedback s register pseudorandom number generator is reversible.
The manner in which the system is originally synchronized and the registers are made ready to operate is described hereinafter, because the general operation should be first understood.
In the usual case, when everything has been established and the system is operating normally, assume that a lock, unlock or trunk release command has been provided by pressing one of the buttons 12-15. This will cause the microprocessor 17 to wake up and perform one cycle of operation. In the cycle of operation, the RAM 20 provides the values which were previously left in the shift registers 53, 54 and the PROM 19 provides the masks for the shift registers 55, 56. Then, depending upon some pseudorandom event, such as the status of one or more bits of the shifts registers 53, 54, each of the shift registers will be provided one or two iterations or two or three iterations of linear feedback shifting due to the effect of clock gates 64 on the output of a clock 65. This is a fist aspect of the present invention: instead of being shifted a number of times equal to the number of bits (which takes too many cycles to permit 256 attempts at decryption), the shift registers are only put through a few iterations after the initialization. Because this provides less scrambling of the feedback bits, the difficulty of mathematically ascertaining what the code might be is increased by causing the LFSRs to each undergo a different, variable number of iterations, in successive cycles, in a pseudorandom fashion. The pseudorandom number provided by the iterations of the shift register 53 is supplied over a trunk of 20 lines 68 to a 39 bit shift register 69. The shift register 69 is associated with feedback 70 in the same fashion as the LFSRs 53, 54, with the exception that the shift register 69 is loaded with new numbers before each cycle of shifting feedback iterations. In this sense, then, the shift register 69 and feedback operate more as a cyclic redundancy code generator. The other input to the 39 bit shift register 69 is a trunk of 19 lines 73 from a gate 74 that causes the low order 5 bits of the 19 bit LFSR 54 on a trunk of lines 75 to be exclusive ORed with 5 bits on a trunk of 5 lines 76 from a command register 77. The command register 77 simply registers up to 32 commands encoded from the operation of any of the switches 12-15 (or fewer commands if some bits are used in a discrete fashion). Thus, in each cycle, there is presented to the 39 bit shift register 69 the outputs of the LFSRs with a command exclusive ORed in the low order bits of one of them. Then, the shift register 69 undergoes 39 iterations of LFSR-type feedback through an exclusive OR process 70, which utilizes a secret feedback mask provided by the PROM 19. This provides a full bitwise convolution of the two words from the shift registers 53, 54, which is a cryptographic necessity. Use of the shift register 69 may be employed in prior art systems, such as the two-generator embodiment of the Hill and Finn patent. When the 39 iterations are complete, the result is an encrypted, key word provided on a trunk of 39 lines 80 to the 64 bit word 25, along with 16 fob ID bits from the PROM 19, a download bit 49 if appropriate, and a command flag such as a panic/resynch bit provided from the command register 77 on a line 81, when appropriate. In the usual case of authentication, both of the download and panic/resynch bits will be 0's. Then, all of these bits are monitored on a trunk of 57 lines 82 by an error correcting code circuit 83 to create a 7 bit error correcting code component on a trunk of 7 lines 84 for the 64 bit word 25; typically, a single error correcting, multi-error detecting code (such as a Hamming code) will be used. The illustrated embodiment of the invention uses a linear feedback shift register as a cyclic redundancy code generator for encrypting the input into a key word. However, any of several well-known reversible encryption techniques may be used. For instance, the McEliece error correcting code encryption; the RSA cryptosystem; discrete exponentiation cryptosystem; linear or non-linear, full length or truncated congruential cryptosystems; or the DES cryptosystem, as more fully set forth in Chapter 10 of Contemporary Cryptology: The Science of Information Integrity, Simmons, ed., IEEE Press New York, N.Y. (1992).
When the 64 bit word is fully assembled, it is transmitted serially (bit-by-bit) or otherwise, by any well-known technique, through the transmitter 27 to the receiver 31 of the receiver module 30 to become the 64 bit word 38 therein. All of the bits of the word 38 are applied over trunks of 57 lines 90 and 7 lines 91 to an error correcting and detecting process 92. If a single bit error has occurred, a signal on a line 93 (as appropriate) will correct the bit that is in error. If a multiple bit error is detected, the process is totally void, and the receiver module 30 simply goes into a half second wait state, which simply slows down any attempts to crack the code which is being used, as is described more fully hereinafter. If a multiple bit error has occurred but is not detected, the cryptographic authentication process will almost certainly fail. On the other hand, if the error correcting code shows that the 64 bit word 38 has no errors, then a first OK signal is provided on a signal line 94.
When it is believed that there are no errors in the 64 bit word 38, it is proper to determine whether the 16 bit, non-secret identification word matches any of the fobs that have been loaded into the receiver module 30. The ID of the fob reduces the probability that a command from a wrong fob will be cryptographically acceptable; it also reduces the amount of time it takes to iterate the code words in the receiver module to reach authentication (a match). However, in this embodiment, there is no restriction on which fobs are assigned as a group to an automobile, and it is assumed that there is approximately one chance in 11,000 that two fobs assigned to a particular automobile will have the same ID number. A feature of the invention is that if one fob with matching ID does not become authenticated, the receiver module 30 will see if there is another assigned fob with that same ID number, and if so, attempt authentication.
The 16 bit ID in the 64 bit word 38 is provided over a trunk of 16 lines 97 to a 16 bit compare circuit 98, the other inputs of which, on a trunk of 16 lines 99, are provided by the ID register 100, which really represents four different locations in the EE PROM 40, one for each associated fob. If, indeed, the message has come from one of the four associated fobs, a second OK signal appears on a line 101, and the identification number of the fob which has sent the message is provided on a trunk of 4 lines 102 to the PROM 40 and to the RAM 41 so as to utilize in the ensuing decryption process the secret mask for the selected fob and the two LFSR values which have previously been created for that fob. The previous LFSR values are utilized rather than the initial secret values, because, according to the invention, the LFSR values are built upon, with only one, two or three iterations for each command received by the receiver module 30.
At this stage, the normal decryption process can begin. The 39 bit encrypted key word is provided over a trunk of 39 lines 107 to a 39 bit shift register 108 which can be identical in either structure or function to the 39 bit shift register 69 in the fob, except that it is iterated in a reversing process. The reversing process is easily understood, one bit at a time, by considering how the received 39 bits got to be what they were. In the last iteration between the shift register 69 and the exclusive OR circuit 70 (FIG. 1) if the high order bit (leftmost bit in FIG. 1) was a 1, then exclusive ORing in accordance with the secret mask is provided against each bit of given order in the 39 bit shift register in order to determine what the next bit in order would be at the end of the iteration. That is to say, the ninth bit becomes the tenth bit (0 or 1 as the case may be) unless it is inverted by the exclusive OR. In order to be inverted by the exclusive OR, the ninth bit of the secret mask would have to be 1, and the most significant bit at the start of the iteration would also have to have been 1; and the most significant bit advances to the least significant stage, in a wraparound. If either the most significant bit is a 0 or the corresponding bit in the secret mask is a 0, the ninth bit would simply advance into the tenth stage. Since what was the most significant bit becomes the least significant bit, inspection of the least significant bit determines whether or not exclusive ORing occurred. If the least significant bit in the shift register 108 is a 1, it is applied to exclusive OR the bits of each order with the same secret mask which was downloaded for this fob originally. For any bit (such as the ninth bit) for which there is a corresponding bit in the secret mask, whenever the lowest ordered bit at the start of the iteration is a 1, that bit will be inverted from 1 to 0 or from 0 to 1. But if there is no corresponding bit in the secret mask then the bit in question is simply advanced to the next lower order stage (in the example here, bit 10 becomes bit 9) without being inverted. Or, if the least significant bit (the rightmost bit in FIG. 2) is a 0, then none of the bits are inverted as they are advanced from one stage to the next lower stage in the shift register 108. By doing this the same number of times (39 iterations in the example herein), the original word in the 39 bit shift register 69 is reconstructed. The operation of the 39 bit shift register is very much like cyclic redundancy code (CRC) generators, used for error detection and correction. The process in the 39 bit shift registers herein is the same as in the LFSRs with the exception of the fact that the shift registers herein receive a whole new starting word before the iterations of each cycle. More on CRCs, Galois field arithmetic, and the generation and utilization of pseudorandom binary numbers, may be found in Theory and Practice of Error Control Codes, Blahut, Addisson Wesley Pub. Company, Reading, Mass. (1984); An Introduction to Error-Correcting Codes, Shu Lin, Prentice Hall, Englewood Cliffs, N.J. (1970); and Error-Control Techniques for Digital Communication, Michaelson and Levesque, John Wiley & Sons, New York, N.Y. (1985).
In decryption, part of the process is reversed, and part of it is matched. Thus, the 39 bit encrypted code word is reversed by 39 reversing iterations, and the results thereof are compared to what should be identical results from the LFSRs.
Once a fob is identified in the 16 bit compare circuit 98, its two secret feedback masks are loaded (from RAM 41) for use in corresponding exclusive ORs 113, 114, and its previously achieved 20 bit LFSR value is loaded into a 20 bit LFSR 115, while its previously achieved 19 bit LFSR value is loaded into the 19 bit LFSR 116. Dependent upon a given bit of each of the LFSRs, the LFSR is shifted (with or without exclusive ORing as described hereinbefore) either once or twice, in the case of the LFSR 115 or two or three times in the case of the LFSR 116 in dependence upon a pair of corresponding gates 117 which control the application of a clock 118 thereto, in the same fashion as described with respect to FIG. 1 hereinbefore. The 20 bits of the 20 bit LFSR 115 so generated are applied over a trunk of 20 lines 123 to a compare circuit 124, to be compared with 20 bits provided from the 39 bit shift register 108 over a trunk of 20 lines 125. Similarly, the high order 14 bits which are generated in the 19 bit LFSR 116 are provided by a trunk of 14 lines 127 to the compare circuit 124 for comparison with 14 bits of the 39 bit shift register 108 provided on a trunk of 14 lines 128. Assuming that both the 20 bit and 14 bit words compare properly, this signals a successful authentication on a line 129 and the receiver module 30 is allowed to receive and respond to the command made by the fob.
Recalling that the five bit command is exclusively ORed to the low order five bit positions provided from the 19 bit LFSR 54, the only way to recover those bits is to exclusive OR the low order 5 bit positions from the 19 bit LFSR 116 with the low order 5 bit positions of the reconstituted word in the 39 bit shift register 108. Therefore, the low order 5 bit positions produced by the 19 bit LFSR 116 are provided over a trunk of five lines 130 to a five bit exclusive OR circuit 131, the opposite inputs of which consist of the lowest order 5 bit positions from the 39 bit shift register 108 on a trunk of 5 lines 132. The result of the exclusive OR on a trunk of 5 lines 137 comprise the command which is stored in a command register 138. The typical commands provided on a trunk of lines 139 to the locks 43 comprise door unlock, door lock, and trunk release. Another command indicated by a signal on a line 140 may comprise a panic command which will cause the horn and lights 44 (or other alarms) on the car to scare away a loiterer as the driver approaches the car with the fob (as described more fully hereinafter).
If the first attempt to match the outputs of the LFSRs 115, 116 with corresponding 34 bits of the 39 bit shift register 108 fails, then the LFSRs 115, 116 are cycled again. In each cycle, the LFSR 115 will be shifted once or twice depending upon the random bit utilized as a control over its gate 117, and the LFSR 116 will be shifted two or three times in dependence on the random bit utilized to control its clock gate 117. This is to allow the receiver module 30 to catch up, in cycles, and therefore in iterations, to the status of the LFSRs 53, 54 in the fob 16.
Anytime that one of the buttons 12-15 on the fob is depressed, the fob will undergo one cycle, and the shift registers 53, 54 will undergo one or two, or two or three iterations, respectively. The pressings of the buttons 12-15 may occur simply by being crushed in a purse, children playing with the fob, or otherwise. Since each fob keeps its own LFSR generated numbers, and the receiver module 30 likewise maintains separate LFSR generated numbers for each fob, each fob will generally be able to track with the receiver module except for the inadvertent pressings of the switches 12-15. Whenever the switches 12-15 have caused a cycle that is not responded to by the receiver module 30, the first time the switches are pressed and the receiver module does respond, the content of the LFSRs 115, 116 will not compare with the corresponding bits of the 39 bit shift register 108. However, provision is made in accordance with the invention to allow the receiver module 30 to initiate additional cycles, and the additional one or two iterations for the LFSR 115 and two or three iterations for the LFSR 116, so as to catch up to the fob. To this end, an 8 bit counter 143 allows the receiver module 30 to try to catch up to the fob in question by repeating as many as 256 cycles, automatically. In a normal case, the receiver module 30 will catch up to the fob in only a few cycles. But if the receiver module is more than 256 cycles behind, as may occur by repetitive pressings of one of the switches 12-15 in a suitcase or handbag, then the LFSRs 115, 116 will not match up with the 39 bit shift register 106. The receiver module 30 is non-responsive to incoming signals while it is attempting authentication of a previous signal; the 256 attempts to catch up will transpire in only a half second or less; thus, authentication will not be hampered by repetitive pressing of the unlock button 13 due to impatience. Eventually, the operator will understand that the receiver module is out of synchronization (cryptographic synchronization), and will press two buttons at one time (such as lock and unlock), or some other combination that will be recognized in the fob as a command to effect cryptographic resynchronization between the receiver module 30 and the fob 16, as well as to reinitalize following a loss of battery power (dead or changed), which allows the RAM data to disintegrate.
A recognized command to synchronize ("resynch command", hereinafter) in the command generator 77 (FIG. 1) will produce the panic/resynch bit on the line 81. The resynchronization process in accordance with the present invention includes returning to the beginning; that is, returning to the use of the secret initial values and starting all over again. As described hereinbefore, the resynch command is used to initialize the units in the first place, and when they become out-of-synch, they are in a sense reinitialized just as when they are new. To that end, the panic/resynch bit on the line 81 will cause the two initial secret values to be loaded from the PROM 19 to the LFSRs 53, 54 and the two initial secret feedback masks to be made available to the exclusive ORs 55, 56, and the 39 bit secret feedback mask to be made available to the exclusive OR 70. The panic/resynch command on the line 145 causes the clocking gates 64 to cause 20 iterations, respectively, of the LFSRs 53, 54. The purpose is that, utilizing as many iterations as there are bits in the word, causes the maximal mix of the feedback, regardless of what the mask is, to assure complete bit-wise convolution. In this case, however, two additional changes from normal occur: the eight low order bit positions of the shift register 53 are provided with a truly random number on a trunk of 8 lines 146 from an 8 bit counter 145 which is allowed to respond to the clock 65 in a manner related to pressing of the buttons 12-15, as described with respect to FIG. 3 hereinafter. Since it is impossible for persons to depress buttons carefully enough to achieve other than a random number at computer clocking frequencies (500 KHz or more), the likelihood of this number being exactly the same in successive resynch processes is extremely small. After twenty iterations of feedback shifting, with the low order 8 bit positions of the LFSR 53 comprising those from the counter 145, outputs of the 20 bit LFSR 53 and the 19 bit LFSR 54 are provided to the 39 bit shift register 69. The shift register 69 thereafter undergoes 39 feedback shifting iterations, of the type described hereinbefore, to produce the 39 bit encrypted word in the 64 bit word 25. As before, the 16 bit ID for the fob is provided to the word 25, along with a panic/resynch bit (described hereinbefore) to indicate that this is a panic or resynch request, and the error correction code is computed and the code bits added to the word 25 as described hereinbefore. The 20 bit LFSR and 19 bit LFSR results, after 20 iterations, form the pseudorandom starting words to be used in authenticating future transmissions.
In the receiver module 30, the first two steps are the same as in a normal command. Error correction is provided if possible, and if the word is correct, the first OK signal appears on the line 94. Then, the four possible IDs are compared with the incoming ID in the word 38, and if there is a match, the second OK signal appears on the line 101 and the signals on the trunk of four lines 102 tell the EE PROM 40 which fob is being worked with and therefore which of the sets of two secret initial values and three secret feedback masks should be utilized. The appropriate secret initial values and three feedback masks are loaded into the LFSRs 115, 116, and the exclusive ORs 113, 114 and 109. The content of the 39 bit shift register 108 is reconstructed by 39 reverse iterations, as described hereinbefore, so as to recover the word in the 39 bit shift register 69. However, since the output of the 20 bit LFSR 53 does not reflect 20 shift iterations of only the secret initial value that was placed therein, but rather represents 20 iterations of 12 high ordered bits of the secret initial value and 8 random low ordered bits, comparisons with the high order bits of the 39 bit shift register 108 cannot be made in the receiver module 30. Instead, the 20 bit LFSR value must be recovered in the same way that the 39 bit shift register value is recovered. That is, a reverse linear feedback shift register operation, utilizing the exclusive OR mask with the least significant bit, is achieved in a 20 bit LFSR 151 (FIG. 2) in association with a 20 bit exclusive OR 152. This restores the unscrambled number in which the 12 high order bit positions of the LFSR 151 should be the same as the 12 high order bit positions of the secret initial value in the 20 bit LFSR 115, and the low order 8 bit positions of the 20 bit LFSR 151 are some random number (produced by the counter 145).
The next step in the resynch process is to compare the high order 12 bit positions of the reconstituted word in the LFSR 151 with the 12 bits of the secret initial value of the 20 bit LFSR 115. Thus, the 12 bits on the trunk of 12 lines 160 are compared with the 12 bits on the trunk of 12 lines 161, which are created solely in response to the initial secret value. And, the 14 bits on the trunk of lines 127 are compared with the 14 bits on the trunk of lines 128; these should also compare because the 19 bit LFSR 116 has been pas through 20 iterations in response to its secret initial value so it should match the result in the 19 bit LFSR 54, the 14 high order bit positions of which have been reconstituted in the 14 bits of the 39 bit shift register 108 to which the trunk of lines 128 respond.
If both the 12 bit and 14 bit comparisons are successful, a determination is made whether the panic/resynch bit, provided on a line 150 from the 64 bit word 38, had been caused by a panic command or by a resynch command. If a resynch or panic command was sent, the resynch or panic command would have been exclusively ORed into the five low order bits of the 19 bit shift register 54, as described with respect to other commands hereinbefore. Therefore, the command will be extracted by the five bit exclusive OR 131 and provided over the trunk of lines 137 to the command register 138. Since performing the panic command cannot breach vehicle security, it is used as the default command; if the resynch command is not present on the line 140, then the panic/resynch command on the line 150 may be deemed to be a panic command, if desired, even if not decoded. Up to this point, the panic command and the resynch command are identical.
The next step in the resynch process is to compare the 8 bit random number in the low ordered bit positions of the 20 bit shift register 151 with the last four prior low order 8 bit random numbers received during resynchronizing. In the present invention, the random number is compared with the last four such random numbers previously received by providing the 8 low order bit positions of the 20 bit LFSR 151 on a trunk of 8 lines 153 to 8 bits of the compare circuit 124 which are also responsive to a trunk of 8 lines 154 from a first in, first out stack 155 (actually embodied in the EE PROM 40), which keeps track of the last four 8 bit random numbers received during resynchronization operations. If, during resynchronization, the 8 central bits of the compare circuit 124 compare with any of the four 8 bit words in the first in, first out stack (FIFO) 155, the operation is a failure, and the receiver module 30 reverts to a half second wait period before it will react to the next command (as described hereinafter) and the matched word goes to the head of the stack and remaining words in the FIFO are adjusted accordingly. On the other hand, if the 8 bit word on the trunk of lines 153 does not compare with any of the bits in the stack 155, the comparison is a success and the operation can proceed; additionally, the 8 bit word on the trunk of 8 lines 153 is applied over the trunk of lines 154 to the FIFO stack 155, for comparison with subsequent random 8 bit words during subsequent rsynchronization operations. In such a case, the new word goes in the FIFO and the oldest word is dropped out of the FIFO.
Assuming that there is no match of the 8 bit random word, the resynchronization operation is complete. When the resynchronization is commanded, after successful comparisons of the 12 high order bits and the 14 bits as described hereinbefore and no comparison with the FIFO, the values established in the shift registers 53, 54, 115 and 116 are left as they are, for use in authenticating the next normal command cycle.
The panic command is the same as has been described with respect to the resynch command, except that, if the command register 138 produces the panic command signal on the line 140, the lights and the horn 44 (or other alarm) are operated, and, all of the LFSRs 53, 54, 115, 116 are then restored to whatever setting they had immediately before sending and receiving the panic command. The panic command operates differently from lock, unlock and trunk release commands, so that there will be response, even with total missynchronization between the fob and the receiver module. In the case of the panic command, starting over with the secret initial values ensures that authentication (to avoid nuisance responses) will be successful on the first try. Therefore, the panic command in the fob (FIG. 1) causes the LFSRs to be loaded with the initial values in the PROM 19, rather than the shift register values which had been achieved to date through iterations in the RAM 20, and the panic/resynch process just descried is performed to ensure that there will be authentication to execute the panic command.
The foregoing description is given as if it were hardware, and indeed the invention may be implemented in hardware along the lines described hereinbefore. However, the invention has been implemented in suitably programmed microprocessors, which are deemed most suitable. In the flowcharts described hereinafter, exemplary software routines are illustrative of the processing of the invention, but not necessarily of the individual steps of the program in any given embodiment of the invention.
The process of encryption in the fob is illustrated in FIG. 3. It is assumed that the fob comprises a microprocessor, such as a 68HC11, which has a stop mode in which the clock is stopped, the power consumption is negligible, and the only thing the processor can do is to respond to an external interrupt to get started again. In such a processor, application of battery power would cause the program to be reached through a power up entry point 170 and the processor would immediately stop at a step 171 where the only function is to perform a test 172 to determine whether any of the buttons 12-15 have been pressed, or not. So long as no button is pressed, the processor waits in a low power stop mode, in the loop 171, 172. As soon as a key is pressed, an affirmative result of test 172 reaches steps 173 in which a switch word in RAM 20 is ORed with the one of the switches which was pressed. Generally, two switches cannot be pressed within a few computer clocks of each other, so the first one will be sensed. As described hereinafter, if a second one is pressed within about 1/2 to one second, it will be treated as paired-up with the first; if the two are correct (e.g., lock and unlock) a resynch command is declared. A switch interrupt, selectively enabled during normal command cycles only, allows sensing the second switch of a resynch.
In FIG. 3, the steps 173 also enable the switch interrupt and start the random counter. Then, a decode command subroutine 179 is performed and a test 180 determines if the command is either panic or resynch. If so, an affirmative result of test 180 reaches a series of steps 181 in which the shift register contents are saved in buffers, the panic/resynch (P/R) bit on line 81 is set to 1; a working register, herein referred to as a "shift register" (SR), is set with the random counter in its low order 8 bit positions and with the higher order bit positions equal to a 12 bit secret initial value for the 20 bit LFSR, the mask associated with the SR is set equal to the 20 bit secret feedback mask from the PROM 19, and a cycle counter C is set to 20 iterations. Then a bitwise linear feedback shift register iteration subroutine 182 is performed in which each bit is shifted to the next higher order position, with or without inversion, dependent upon the secret mask and/or whether the low order bit position has a 1, as described hereinbefore. Then the C counter is decremented in a step 183 and a test 184 determines if a complete, 20 iteration LFSR cycle has yet occurred. If not, another iteration is performed by the subroutine 182 and the C counter is decremented again. After 20 iterations, an affirmative result of the test 184 reaches a step 185 where the 20 bit shift register storage location in RAM 20 is set equal to the content of the working shift register. The steps and test 182-185 comprise an LFSR cycle 186.
Then the 19 bit shift register 54 is prepared in a series of steps 190 in which the content of the shift register is set equal to the content of the 19 bit secret initial value in the PROM 19, the mask associated with the shift register set equal to the 19 bit secret feedback mask in the PROM 19, and the C counter is set equal to 19. Then an LFSR cycle subroutine 191 (similar to the subroutine 186) is performed. Then the 39 bit shift register 69 is prepared for its LFSR cycle in a series of steps 192. Specifically, the 5 low order bit positions are the exclusive OR of the command with the 5 low stages of the 19 bit shift register 54; the high 14 bits of the 19 bit shift register 54 are placed directly in the 39 bit shift register; and the highest order 20 bit positions are set equal to the 20 bit positions of the 20 bit shift register 53. The mask is set equal to the secret feedback mask for the 39 bit shift register, found in the PROM 19, and the C counter is set to 39. Then, an LFSR cycle subroutine 193 is performed, this time with 39 iterations, and the result restored in the 39 bit shift register embodied in the scratch pad memory 20. In a routine 194, the 16 bits of the fob ID from the PROM 19, the 39 encrypted bits now in the 39 bit shift register, the P/R bit, and the download bit are all transmitted serially while the calculation for error correcting code bits is performed. These are calculated and transmitted, to complete the process of a panic or resynch command transmission. Whether it be a panic or a resynch is determined by the status of the five command bits. If a resynch was performed, the new values of the 20 bit shift register and 19 bit shift register will be retained as the pseudorandom starting words to be used for future authentication of transmissions to the receiving module. But if this is a panic command, the new values are only used to ensure synchronized response, one time, and a test 195 causes the previous values of the 20 bit and 19 bit shift registers to be restored from the buffers in a step 196.
Assuming that a normal command has been given a negative result of the test 180 reaches a series of steps 199 in which the working shift register is set equal to the 20 bit shift register in the RAM 20 (not the secret initial value), so as to take advantage of the pseudorandom number generated by all of the previous iteration. The mask for the shift register is set equal to the 20 bit shift register secret feedback mask from the PROM 19, and a set of random bits (which determines how many iterations are to be performed, similar to the gates 64 of FIG. 1) is set equal to whatever random bits have been selected to be used to control the iterations for the 20 bit shift register. This might, for instance, be the third and the ninth bit of the 20 bit shift register, or in a general case, can be anything else that is deterministically computable but difficult to predict. Then a pair of tests 200 determines what the random bits are: if both are a 1, a step 201 sets the C counter to 1; if both are a 0, a test 202 sets the C counter to 2. But if they are different, a step 201a sets the C counter to 3. Then, either a 1 iteration, 2 iteration or 3 iteration LFSR cycle subroutine 203 is performed. This aspect of the invention may be used in prior art systems, such as in the Hill et al patent. Next, the same sort of operation is accomplished with the 19 bit shift register; a series of steps 204 set the working shift register equal to the content of the 19 bit shift register in the ram 20, the mask for the working shift register is set equal to the secret feedback mask for the 19 bit shift register in the PROM 19, and the random bit is set equal to whatever bit has been chosen to be random for the 19 bit shift register. Then a test 205 determines if the random bit is 1, or not. If it is, a step 206 sets the C counter to 3, and otherwise a step 207 sets the C counter to 2. This provides four iterations (201, 206; 202, 207) whether the random bit is 1 or 0; but it may be set in other ways, if desired. Then a 2 or 3 iteration LFSR cycle subroutine 191 is performed. Then the series of steps 192 set things up so as to form the 39 bit encrypted word, a 39 iteration LFSR cycle subroutine 193 is performed so as to produce the 39 bit encrypted word, and the subroutine 194 transmits all the bits together with a calculated error correction code. Thus, the differences between encrypting and transmitting normal commands and the panic/resynch command are the setting of the P/R bit, the use of the random counter 145, the use of the secret initial values and the particular code which is exclusive ORed into the 19 bit shift register 54.
When a command word has been transmitted by the subroutine 194, and if a panic command, the shift registers have been restored from the buffer, the program advances to a one-half second wait in a step 208. This is to ensure that successive button pressings which are independent of each other will occur no closer than one-half second apart. During the time from when the computer was awakened by a command interrupt (at test 172 until the end of the one-half second waiting period at step 208), a switch interrupt might have occurred as a result of a second pressing of one of the switches 12-15. As described hereinbefore, this is most likely the case of an attempt to press two switches at once (such as lock and unlock) to thereby cause a resynch. Whenever the switch interrupt is enabled, closing of one of the switches 12-15 will reach the interrupt subroutine of FIG. 4 through an entry point 209. In a series of steps 210, the particular switch which caused the present interrupt is remembered by being ORed into the switch word within the RAM 20; and since this may be a request for resynchronization, an internal resynch flag is set. The random counter is stopped, to provide the random number which is used in resynchronization, and then whatever part of the program of FIG. 3 was in process when the interrupt was sensed is returned to; this return may be to any of the functional steps ahead of the waiting step 208, or may be within the waiting step 208. Of course, if the waiting step 208 is interrupted, it will in fact turn out to be more than one-half second when the counting therefor is completed; this is irrelevant.
In FIG. 3, after the waiting period is over, a test 211 determines if the resynch flag has been set. If it has, an affirmative result of test 211 reaches a step 212 which resets the resynch flag, and then the program advances to the decode command subroutine 179. If the first switch which was pressed, turning on the computer, was either lock or unlock, and the second switch which was pressed, causing the switch interrupt, was either unlock or lock, respectively, then the decode command subroutine will in fact decode a resynch command, to cause a resynch operation of the type described hereinbefore. If not, any other two-key series may be decoded into a lock command for security, or into a panic command since the panic command will not affect security, or it could cause reversion to the one-half second waiting period, at step 208, or otherwise as suits any particular implementation of the invention. Of course, if two switches which can cause a resynch command are pressed essentially simultaneously, the decode command subroutine will decode a resynch command without the aid of FIG. 4 and the resynch flag. If switches are repetitively pressed at less than half-second intervals, the switch word will either contain gibberish or will simply repeat the resynch command.
After waiting one-half second at the step 208, if the resynch flag has not been set, a negative result of test 211 will cause a pair of steps 213 to return the switch word to all zeros and to disable the switch interrupt, so that all future operation of the switches can only turn on the computer from its stop condition, at test 172. It should be noted that the command interrupt and the switch interrupt respond to the same thing: the operation of any of the switches; the difference is the microprocessor's response to them, as is well known in the art.
It is assumed that the decryption of FIG. 5 is carried out in a microprocessor of the same general type as is used in the fob. When connected to a battery, the routine is entered through a power up transfer point 214 and the processor immediately goes into a stop mode at a step 215, where the clock is off and the only function is to respond to a receiver interrupt at a test 216. In between usages, the processor in the automobile will remain in the stop mode, in the loop 215, 216. When an incoming message is sensed, an affirmative result of the test 216 will reach a subroutine 217 which handles receiving all 64 bits of the word transmitted from a fob, calculating the error correcting code, and fixing any single error which can be fixed. Then a test 218 determines if the error correction code indicates correct data. If it does not, a negative result of test 218 reaches a transfer point 219 and then a step 220 where the program just waits for half of a second. The purpose of this is to severely hamper any attempts to break the code through repetitive application of numbers, with or without calculated likely candidates. After waiting one-half second, the processor returns to the stop mode in the loop 215, 216.
If the incoming word is OK, an affirmative result of test 218 reaches a step 221 where a working number, n, is set equal to 4 (or to such other number as the number of fobs which can be associated with the automobile). Then, a subroutine 223 compares all the bits of the incoming ID number to all the bits of the ID number for fob 4. If they are not equal, a negative result of a test 224 will reach a step 225 where n is decremented and a test 226 determines if all of the fobs have been checked or not. If they have, that means a signal has been received from a fob of another automobile by accident, or from some other unauthorized sources. Therefore, an affirmative result of test 226 is taken to be a failure, and the wait step 220 is reached through the wait transfer point 219. Otherwise, the ID of another fob is checked in the subroutine 223. Assuming that the ID number matches for one of the fobs, another working number, N, is set equal to n so as to identify the words in the PROM and RAM needed for decryption, in a step 227. Since the received word may relate to a fob other than fob N, but having the same ID number, the shift register values for fob N are saved in a buffer, in a pair of steps 228, so they may be restored if authentication fails. This is also necessary since if a panic operation has been commanded, the iterations of the shift registers continue in a normal fashion, after performing the panic command. Then a test 229 determines if the P/R bit was present in the incoming word, or not. If it is present in the incoming word, the panic/resynch decrypt routine of FIG. 6 is reached through a transfer point 230.
In FIG. 6, the first steps 232 set a main working shift register (SR) and its mask equal to the secret initial value and the secret feedback mask for the 19 bit LFSR, respectively, from the PROM 40 for the selected fob N, and a C counter is set equal to 20 so as to cause 20 iterations. Then, a 20 iteration LFSR cycle subroutine 233 is performed on the 19 bit shift register. It is assumed that the 39 bit encrypted word portion of the 64 bit received word 38 is stored immediately in a 39 bit shift register location within the RAM 41, which is where it now can be found. Then the 39 bit encrypted word, in the 64 bit word 38, and the 39 bit secret mask for the fob N are provided to the shift register and the C counter is set for 39 iterations, in step 234. Then, a bitwise reverse LFSR iteration subroutine 235 is performed which looks at the low order bit to determine whether the bits corresponding to the mask should be flipped before they are shifted to the next lower order position in the shift register to reconstitute the original word prior to encryption. After each iteration, the C counter is decremented in a step 236 and when all 39 iterations have been performed, an affirmative result of a test 237 will reach a step 238 wherein the content of the working shift register is stored in the 39 bit shift register in RAM 41. The steps and tests 235-238 comprise a reverse cycle subroutine 239, which recovers the initial unencrypted value of the concatenation in the 39 bit shift register 69 in the fob.
Bits 19-38 of the decrypted 39 bit shift register are now loaded into the working shift register in steps 242, the rusk for the shift register is set equal to the 20 bit secret feedback mask for fob N from the EE PROM 40, and C is set equal to 20, and a 20 iteration, reverse LFSR cycle subroutine 243 is performed to recover the combined word (initial value plus random). In a subroutine 244, there is a bitwise comparison of the 39 bit shift register bits 27-38 with the twelve bits of the 20 bit secret initial value for fob N, from EE PROM 40, and of bits 5-18 of the 39 bit shift register with bits 5-18 of the 19 bit shift register for fob N, which are found in the RAM 41. This is equivalent to the comparison of the 12 high order bits an the trunk of lines 160 with those on the lines 161 and of the 14 bits on the line 128 with the 14 bits on the lines 129, in FIG. 2. If these are not equal, the decryption is unsuccessful, the attempted access is a failure, and a negative result of a test 246 will reach a test 247 to see if another fob could match the ID; if it might, FIG. 5 is reverted to through a transfer point 248, the shift registers for fob N are restored from the buffers in steps 249 (FIG. 5), and the process is repeated for another fob. If all fobs have had their ID's checked, the routine reaches a pair of steps 250 where the shift registers for fob N are returned to their former values, and the program enters the half second wait at step 220 through the transfer point 219.
If the comparison is successful, indicating partial authentication, an affirmative result of test 246 reaches a subroutine 252 where the value in the command register 138 is set equal to the exclusive OR of the low order bits of the 39 bit shift register and the low order bits of the 19 bit shift register, both taken from the RAM 41. Then, a test 253 determines if the panic/resynch bit was established in response to a resynch command. If not, the panic command is performed by tuning on the lights, horn, or other alarm of the automobile in a step 254. Then, the shift registers for fob N are restored in the steps 250 and the wait step 220 is reached through the transfer point 219.
If the command were a resynch, a positive result of test 253 reaches a subroutine 255 which compares bits 19-26 of the 39 bit shift register (the regenerated random number) to a queue of previously used random numbers in the first in, first out stack (FIFO) 155, in EEPROM 40. If the random word compares to any of the last four (or whatever size FIFO is chosen) random words in the queue which were used in resynchronization, the resynchronization is deemed to be unsuccessful, since it is assumed that there has been clandestine playback of a copied random word. In such a case, an affirmative result of a test 256 reaches a subroutine 257 that rearranges the FIFO stack by moving the random word from its position in the queue in the FIFO stack to the first position thereof, and adjusting the position of the other words in the queue, without losing any. And, since this is deemed to be an unsuccessful attempt to resynchronize the unit, the old values in the 19 bit and 20 bit shift registers for fob N are restored in the steps 250. Then, the wait step 220 is reached through the transfer point 219.
If the random word did not compare with any word in the FIFO, a complete authentication exists, and a negative result of test 256 reaches a subroutine 258 which rearranges the FIFO for fob N simply by adding bits 19-26 of the 39 bit shift register to the first location in the queue and shifting all the other words downward therein, causing the oldest word to fall out. In this case, the resynch operation is successful, so the steps 250 are bypassed and the setting of the 19 bit shift register for fob N in RAM 20 is left as it was established by the resynchronization operation, at subroutine 233. The 20 bit LFSR word created in the subroutine 243 is placed in the RAM for fob N (step 259), for use en future.
An important aspect of the present invention is that resynchronization occurs only after: 20 iterations of the 19 and 20 bit shift registers from their secret initial values and the random number; performing 39 iterations in the 39 bit shift register with those values, and the exclusive OR of the command; reverse iterations of the 39 bit encrypted word in the receiver module; reverse iteration of the 20 bits which include the secret initial value of the 20 bit shift register and the random counter; generation and successful comparison of the high order bits of the 19 bit shift register; and a failure of comparison of the random word with any of the last four random words used to resynchronize the system. This is quite secure.
Assuming that there is no P/R bit 81 in the 64 bit word which is received, a negative result of test 229 in FIG. 5 will reach the normal command decryption routine of FIG. 7 through a transfer point 261. In the normal command decryption process, the iterated 19 bit and 20 bit words in the RAM 20 are given 1-3 additional iterations and compared with the reverse-processed bits of the 39 bit encrypted word. As described hereinbefore, since the fob may have its buttons pressed when the automobile cannot respond to it, they can become unsynchronized. Each time that a command is received in the receiver module 30, it is allowed 256 cycles to try to iterate to a correct pair of words that will match those which were transmitted to it. If it does so, then the command is responded to, and the iterated values are saved for authenticating the next command. If not, resynchronizaton is required, as described hereinbefore. In order to keep track of how many tries are made, the try counter 143 is set to its maximum count in a first one of a series of steps 262. Then, the working shift register (SR) is set equal to the 39 bit shift register in the RAM 20, which contains the 39 bit encrypted word. The mask for the shift register is set equal to the 39 bit secret feedback mask in the EE PROM 40, the C counter is set equal to 39, and a reverse LFSR cycle subroutine 267 is performed. Then a series of steps 271 cause the contents of the 20 bit shift register for fob N to be loaded from the RAM 41 into the working shift register (SR), the mask for the shift register is set equal to the secret feedback mask for fob N in the EE PROM 40 and a random bit is set equal to whatever bit or bits have been chosen for the 20 bit shift register (as described with respect to steps 199 in FIG. 3). Then the random bits are tested in a pair of steps 272, and if both are a 1, the C counter is set equal to 1 (step 273), if both are a 0, the C counter is set equal to 2 (step 274), and otherwise the C counter is set equal to 3 (step 274a). Then, an LFSR cycle subroutine 275 is performed. Then a series of steps and tests 276-279 prepare to run an LFSR cycle subroutine 280 for the 19 bit shift register in a similar fashion. Then a subroutine 284 does bit-by-bit comparisons of the 39 bit shift register to the 20 bit shift register and to the high order bit positions of the 19 bit shift register, for fob N. If all the bits are equal, an affirmative result of a test 285 causes the particular command to be found by exclusive ORing the 5 low order bits in a subroutine 286 and the command is performed in a step 287, such as locking or unlocking the door, or releasing the trunk lid. But if the bits do not compare, a negative result of test 285 reaches a step 288 where the try counter is decremented and a test 289 to determine if 256 tries have been made yet. If not, another pair of iterations 275, 280 are performed and compared. This goes on until the receiver module 30 catches up with the fob 16 (if it can). If after 256 tries, a comparison has not been reached, an affirmative result of test 289 will reach a test 290 to see if all the fobs have been given consideration. If not, the restoration steps 249 (FIG. 5) are reached through the transfer point 248. Otherwise, the shift registers for fob N are restored to their starting values in steps 292 and the program reverts to the wait step 220 (FIG. 5) through the transfer point 219.
In FIG. 8, an alternative random iteration utilizes a pair of bits from the random counter to determine the number of iterations of the 20 bit shift register operation and one bit thereof to determine the number of iterations in the 19 bit shift register operation. In a set of steps 199a (m place of steps and tests 199-202a, FIG. 3), the cycle counter, C, has its two low ordered bit positions (0, 1) set equal to the selected bits (3 and 6 in this example) of the random counter, and it is incremented to ensure that a zero-valued pair of bits will not result in no iteration. Similarly, steps 204a replace steps and test 204-207 to provide one or two iterations in the 19 bit operation. In FIG. 9, the random number is found at the head of the queue in the FIFO memory (40) for fob N. Steps 271a replaces steps and tests 271-274a and steps 276a replace steps and tests 276-279. In this embodiment, the number of iterations in each case is one higher (1-4; 1 or 2) than the value of the bit or bits (taken together as low ordered bits) selected from the random counter. However, fewer choices of the number of iterations may be used in response to random counter bits, as in tests 200 and 272, or by means of any other decode. Of course, more bits and higher numbers may be used.
In a system which uses only one or two fobs, or in which speed of response is not important, the present invention may be utilized without the use of ID numbers, simply by trying all of the sets of stored shift register words and masks; this would make the system subject to more nuisance iterations since the ID number would no longer screen out many transmissions from similar, unauthorized systems. And there must be some sort of a tag to correlate the generated pseudorandom words with the correct feedback mask for subsequent iterations, as well as with the correct initial value. This may be achieved by arbitrary numbering of the various sets of initial values and masks and corresponding registers for storing the iterated words.
The various number of iterations used during synchronization may be the same (e.g., 20, or more) for both random words generated from initial values, or they may be different (e.g., 20 and 19, or more).
As used herein, the term "encryption" inherently defines a process capable of decryption. Thus, if the process of encryption employs a pseudorandom number generation operation of any type, that generation operation must be capable of being practiced in reverse, such as the reverse LFSR operation utilized herein. The encryption processes and operations used herein may be any of those described hereinbefore by way of example, and others. However, the LFSR pseudorandom number generation operation is one of the easier ones to understand, and probably the simplest to implement in dedicated or quasi-dedicated hardware. That is, if the signal processing means of the invention includes dedicated shift registers and the like as may be implied in FIGS. 1 and 2, the LFSR form of encryption may be preferred. Similarly, if the signal processing means of the present invention is implemented with microprocessors having suitable program routines as disclosed in FIGS. 3-7 herein, the advantage of LFSR operations over other forms of encryption may be less distince. The term "encryption" is, therefore, used herein in its broadest sense, so long as the word which becomes encrypted can be recovered through decryption.
In the foregoing embodiments, secret initial values and secret feedback masks for generating maximal length sequences of pseudorandom numbers are essentially unique to each transmitter, but not necessarily totally unique. By this it is meant that the sets of two secret initial values and three secret feedback masks, taken together, are capable of distinguishing more vehicles than are made in a lifetime; however, the method of assignment, or human error or design, could result in some few with the same set of numbers. Within this definition, however, it is quite possible that several transmitters will have the same 19 bit secret initial value and/or the same 20 bit secret mask, or other similar combinations. In contrast, the use of a 16 bit identification number means that there will be several fobs each year possibly having the same identification number (but not the same secret values) so that over a course of time, there could be many fobs (such as about 5,000 fobs in the USA over a 10-year period for each possible identification number). Within statistical probability, it is possible that as many as one out of 10,000 automobiles having four fobs each may have two fobs with the same identification number. It is an important aspect of the present invention, that even if one fob having a correct identification number is not authenticated within 256 tries (or whatever is used), it will nonetheless try any other fob that may have the same ID number. If trying three or four fobs results in too much delay, the last tried fob is likely to be reported as faulty, and a new fob issued, with very minuscule likelihood that the new fob would have the same identification number as the remaining fobs in the set.
Although the present invention employs only lock-related commands, the panic alarm command, and synchronization command, it should be understood that the invention can be utilized to authenticate conveyance of any information in the form of bits similar to the command bits herein. Thus, in its broadest sense, the term "lock-related command" means the conveying of other than a synchronization command, the conveyance of which is to be authenticated; this may then be thought of as a command apart from the internal functioning of the system itself.
In the present embodiment, each encryption (such as the 19 bit, the 20 bit and the 39 bit shift register encryptions) are the same linear feedback shift register pseudorandom number generation). However, they need not all be the same, and in fact can be different algorithms to further confuse any attempted analysis. Similarly, the number of bits in the shift registers can be whatever is desired. In all cases, the greater number of bits, the harder to break the code by analysis. The numbers used herein provide a safe system, but greater or fewer numbers of bits may be chosen in practicing the invention if desired. Similarly, the words may be considered to be single words, or double words in the sense that the 19 bit shift register produces one portion of 14 bits which is used for cryptographic authentication, and another portion which carries the command but is not used in cryptographic comparison for authentication. These portions can be considered to be two different words except for the fact that in the embodiment herein they are generated in the same process. Of course, separate processes could be used, or two processes of a different split of numbers of bits could be used to encrypt and iterate the encryption of the word in which the command bits are found. For instance, in place of a single 19 bit shift register operation, a 10 bit shift register operation and a 9 bit shift register operation could be utilized, the results thereof concatenated, and five command bits exclusive ORed into a portion of one of them, before being used in the final encryption.
The invention may use more than two concatenated words in the final encryption, such as an additional word or such as having three words, each slightly smaller than the two words used in the final 39 bit encryption herein.
The invention is disclosed as being employed in system in which the transmitter transmits to the receiver, but the receiver does not transmit back to the transmitter. However, the precepts of the present invention can be used singularly, or in combinations in systems which, for one purpose or another, employ bilateral communications between the two units. Aspects of the invention may then be used to authenticate transmissions in both directions, or only in one direction, as is necessary. Although the invention is disclosed herein, and nay find its greatest utilization, in a remote authentication system, it may as well be used in a system in which the transmitter is connected by a conductor to the receiver, so as to provide secure operation between the two. Similarly, aspects of the invention may be utilized in contact embodiments, such as in electronic keys, so as to provide insurance against the temptation of insiders to perform a clandestine system breach, as well as protecting against outsiders compromising the system.
In the disclosed embodiments, the 20 bit shift register operation may employ one through five iterations, dependent upon the random occurrence of a pair of bits within the register, or a pair of random bits. Similarly, the 19 bit shift register operation may employ one through three iterations, depending upon one of its bits or a random bit. In the general case, these numbers may as well be reversed, they may be the same, they may depend on each other or on any pseudorandom events that can be duplicated in the receiver, and/or either of them may be greater, provided that time constraints do not prohibit a greater number of iterations, and that every possible condition results in at least one iteration. It is to be noted that the small number of iterations would not be important but for the fact that in any given transmission, the receiver is allowed up to 256 attempts to catch up, iteratively, to the encryption process for the given transmitter (or for several transmitters). There is even more flexibility when the variable iterations are used in a pseudorandom number generator in other than transmitter/receiver environments (such as in computer processes).
As disclosed, the present invention uses a one-half second waiting period in order to foil attempts to use a brute force, exhaustive numerical trial method of compromising the system. This is a period of time, for the exemplary numbers herein, which assures that the expected time for success (the time to yield a 50% statistical chance of success) is longer than one month. However, different periods of time may be used in the receiver, dependent upon the need to be responsive to the customer. This should not be confirmed with governmental limitations on transmitting more than one message in each half second, or the like.
Thus, although the invention has been shown and described with respect to exemplary embodiments thereof, it should be understood by those skilled .Iadd.in .Iaddend.the art that the foregoing and various other changes, omissions and additions may be made therein and thereto, without departing from the spirit and scope of the invention.

Claims (49)

We claim:
1. A method of cryptographic authentication of transmissions from a transmitting unit to a receiving module, comprising, in said transmitting unit:
separately generating a plurality of pseudorandom numbers;
concatenating said numbers to form a combined word;
performing an encryption operation on said combined word; and
transmitting a command word including a key portion derived from the result of said encryption operation; and
comprising, in said receiving module:
receiving said command word;
performing a decryption operation on the key portion of said command word to recover said combined word;
providing at least one number; and
providing an authentication signal only if at least a portion of said at least one number is identical to a corresponding portion of said recovered combined word.
2. A method according to claim 1 wherein:
said step of providing at least one number comprises separately generating a second plurality of pseudorandom numbers; and
said step of providing an authentication signal comprises providing said authentication signal only if at least a portion of each of said second plurality of pseudorandom numbers is identical to a corresponding portion of said recovered combined word.
3. A method according to claim 2 wherein said generating steps each comprise generating a pair of numbers.
4. A method according to claim 1 wherein said generating step comprises generating a pair of numbers.
5. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a linear encryption operation.
6. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a feedback shift register operation.
7. A method according to claim 6 wherein said step of performing an encryption operation comprises performing a linear feedback shift register operation employing a secret feedback mask and said step of performing a decryption operation comprises performing a reverse linear feedback shift register operation employing the same secret feedback mask as in said encryption operation.
8. A method according to claim 7 wherein said linear feedback shift register operation comprises a number of iterations on the order of the degree of said combined word or more.
9. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:
providing a starting number in said transmitting unit and providing said starting number in said receiving module;
in said transmitting unit:
providing . .an.!. .Iadd.a first .Iaddend.iteration control signal which changes in a pseudorandom manner in response to successive transmissions from said transmitting unit;
performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal;
transmitting a command word derived at least in part from the result of said encryption operation; and
in said receiving module
receiving said command word;
recovering the result of said encryption operation from said received command word;
providing a second iteration control signal which changes, in the same pseudorandom manner as said first iteration control signal, in response to successive receptions of command words by said receiving module;
performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal;
comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and
providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.
10. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a linear iterative encryption operation.
11. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a feedback shift register operation.
12. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a linear feedback shift register operation employing the same secret feedback mask in said transmitting unit as in said receiving module.
13. A method according to claim 9 wherein:
the same . .secret initial value.!. .Iadd.starting number .Iaddend.is provided in said transmitting unit and in said receiving module; and
said starting number is provided by performing said iterative encryption operation on a word derived at least in part from said secret initial value a number of iterations on the order of the degree of said word, or more.
14. A method according to claim 9 wherein said variable number of iterations is a fraction of the degree of said starting number.
15. A method according to claim 9, comprising:
providing a second starting number in said transmitting unit and providing said second starting number in said receiving module;
in said transmitting unit:
providing a third iteration control signal which changes in a pseudorandom fashion in response to successive transmissions from said transmitting unit;
performing a changeable number of iterations of an iterative encryption process on said . .third.!. .Iadd.second .Iaddend.starting number, said changeable number determined by said third iteration control signal;
transmitting said command word derived at least in part from the result of said encryption process; and
in said receiving module:
recovering the result of said encryption process from said received command word;
providing a fourth iteration control signal which changes, in the same pseudorandom fashion as said third iteration control signal, in response to successive receptions of command words by said receiving module;
performing a changeable number of iterations of said iterative encryption process on said starting number, said changeable number determined by said fourth iteration control signal;
comparing at least a portion of the result of said encryption process performed in said receiving module with a corresponding portion of said recovered result of said encryption process; and
providing an authentication signal only if said portion of said encryption process performed in said receiving module is identical to said corresponding portion of said recovered result of said encryption process.
16. A method according to claim 15 wherein said variable number is different from said changeable number.
17. A method according to claim 15 wherein said pseudorandom manner is different from said pseudorandom fashion.
18. A method according to claim 15 wherein said iterative encryption operation is the same as said iterative encryption process.
19. A method according to claim 9 wherein, in response to the presence of said first and second equal signals, the command portion of said recovered new altered word is exclusive ORed with the corresponding portion of said second new pseudorandom number and said steps (a) and (b), are performed in response to the result of said exclusive OR operation indicating said command is a synchronization command.
20. A method according to claim 9 wherein said iteration control signal changes in response to the value of a bit position of a changing number.
21. A method according to claim 9 wherein said iteration control signal changes in response to the value of a plurality of bit positions of a changing number.
22. A method according to claim 9 wherein said iteration control signal changes in response to the value of a bit position of said starting number.
23. A method of cryptographically authenticating transmissions from any of a plurality of remote command transmitting units to a command performing receiving module, comprising:
providing a set of numbers in each of said transmitting units, each set corresponding to one of said transmitting units, each set including at least one secret initial value, each set essentially unique to the corresponding unit;
providing in said receiving module, said set of numbers for each of said transmitters to which said receiving module is to respond;
transmitting a command word from one of said transmitting units including a key portion derived at least in part from an encryption operation performed on said secret initial value; and
authenticating said command word received at said receiving module utilizing the numbers in a corresponding set.
24. A method according to claim 23 wherein each of said sets includes an identification number;
said transmitting step comprises transmitting said command word including said identification number; and
said authenticating step comprises performing a process to authenticate said received command word only in response to said command word containing an identification number which matches an identification number in one of the sets provided in said receiving module.
25. A method according to claim 24 wherein, in response to receipt of said command word, said receiving module performs an authentication process using successive ones of said sets which have an identification number that matches the identification number included in said received command word until either authentication occurs or all of said sets have been used.
26. A method according to claim 23 wherein, in response to receipt of said command word, said receiving module performs an authentication process on said key portion using successive ones of said sets until either authentication occurs or all of said sets have been used.
27. A method according to claim 23 wherein each set includes at least one corresponding secret feedback mask, and said encryption operation comprises a feedback register pseudorandom number generation operation utilizing said secret feedback mask.
28. A method according to claim 27 wherein said shift register operation is linear.
29. A method of synchronized cryptographic authentication of transmissions from a remote command transmitting unit to a command performing receiving module selectively responsive thereto comprising:
transmitting a command word including a key portion derived from at least one encrypted number generated in said transmitting unit and indicative of a command;
receiving said command word and, in response thereto, comparing a number in said receiving module with a number decrypted from the key portion recovered from said command word, providing an authentication signal based at least in part on identity between said number in said receiving module and said number decrypted from the key portion recovered from said command word, selectively performing the command indicated thereby in response to said authentication signal; and
rendering said receiving module unresponsive, following receipt of one command word, to receipt of an additional command word for a period of time on the order of one-half second, or more.
30. The method according to claim 29 wherein said rendering step comprises providing a waiting period between the conclusion of any operation responsive to receipt of one of said command words and the enabling of said receiving module to be responsive to a subsequently received command word.
31. A method of selectively cryptographically authenticating transmissions, indicative of commands initiated by operating switches, from each of a plurality of transmitting units to a receiving module, comprising:
providing a set of numbers in each one of said transmitting units, each set corresponding to one of said transmitting units and identified by an identification number, each set including at least a pair of secret initial values;
providing in said receiving module the one of said sets corresponding to each of said transmitting units to which said receiving module is to respond.Iadd., the one of said sets having a first and second receiver secret initial value.Iaddend.;
in response to operation of said switches indicating a command other than a lock-related command in one of said transmitting units:
providing a command bit;
generating a random number;
concatenating said random number with a first one of said secret initial values so as to provide a combined word;
performing a first encryption operation on said combined word to provide a first number;
performing a second encryption operation on a second one of said secret initial values to provide a second number;
exclusive ORing a plurality of command bits indicative of said command with the corresponding bits of said second number to provide an altered word;
performing a third encryption operation on the concatenation of said first number with said altered word to provide an encrypted key word;
storing said first and second numbers as first and second pseudorandom numbers for future use in subsequent authentication;
transmitting a command word including said encrypted key word, said command bit, and said identification number;
in response to operation of said switches indicating a lock-related command in one of said transmitting units:
performing a fourth encryption operation on said first number to provide a new first pseudorandom number;
performing a fifth encryption operation on said second number to provide a new second pseudorandom number;
exclusive ORing a plurality of command bits indicative of said lock-related command with the corresponding bits of said new second pseudorandom number to provide a new altered word;
performing a sixth encryption operation on the concatenation of said new first pseudorandom number and said new altered word to provide a new encrypted key word;
storing said new first and second pseudorandom numbers for future use in subsequent authentication in place of said first and second pseudorandom numbers;
transmitting a command word including said new encrypted key word and said identification number;
in said receiver, selectively, in response to receipt of said command word including said command bit:
determining if said receiver has secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so:
performing a first decryption operation on said key word portion of said received command word so as to recover said first number and said altered word;
performing, on said recovered first number, a second decryption operation so as to recover said combined word, comparing said first .Iadd.receiver .Iaddend.secret initial value to a corresponding portion of said recovered combined word and providing a first equal signal only in the event of identity therebetween;
performing a seventh encryption operation on said second .Iadd.receiver .Iaddend.secret initial value to provide said second number, comparing the non-command portion of said recovered altered word with the corresponding portion of said second number and providing a second equal signal only in response to identity therebetween;
then, in response to the absence of either of said first and second equal signals, terminating all further response to said command word;
or otherwise, in response to the presence of said first and second equal signals, comparing the random number portion of said recovered combined word to a random number portion derived from a command word previously received from said transmitter and, in response to identity therebetween, terminating all further response to said command word, but otherwise, (a) storing said random number portion for future use in subsequent synchronization operations and (b) storing said second number and said recovered first number, as first and second pseudorandom numbers for future use in subsequent authentication operations;
in said receiver, selectively, in response to receipt of said command word not including said command bit:
determining if said receiver has .Iadd.first and second receiver .Iaddend.secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so:
performing a third decryption operation on the key word portion of said received command word, so as to recover said new first pseudorandom number and said new altered word;
performing an eighth encryption operation on said first . .pseudorandom number.!. .Iadd.receiver secret initial value .Iaddend.to provide a first . .new.!. .Iadd.receiver .Iaddend.pseudorandom number, and comparing said first . .new.!. .Iadd.receiver .Iaddend.pseudorandom number to said recovered . .new.!. .Iadd.receiver .Iaddend.first pseudorandom number and providing a third equal signal in response to identity therebetween;
performing a ninth encryption operation on said second . .pseudorandom number.!. .Iadd.receiver secret initial value .Iaddend.to provide a second . .new.!. .Iadd.receiver .Iaddend.pseudorandom number and comparing the non-command portion of said recovered new altered word to a corresponding portion of said second . .new.!. .Iadd.receiver .Iaddend.pseudorandom number and providing a fourth equal signal only in response to identity therebetween;
then, in the absence of either of said third or fourth equal signals, terminating all further response to receipt of said command word, but in the presence of both of said third and fourth equal signals, exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said second . .new.!. .Iadd.receiver .Iaddend.pseudorandom number, performing the command indicated by the result thereof, and storing said first . .new.!. .Iadd.receiver .Iaddend.pseudorandom number and said second . .new.!. .Iadd.receiver .Iaddend.pseudorandom number for future use in subsequent authentication operations.
32. A method according to claim 31 wherein said encryption operations comprise linear feedback shift register operations.
33. A method according to claim 31 wherein said first, second and third encryption operations employ the same algorithm.
34. A method according to claim 31 wherein said first and fourth encryption operations employ the same algorithm.
35. A method according to claim 31 wherein said second and fifth encryption operations employ the same algorithm.
36. A method according to claim 31 wherein said third and sixth encryption operations employ the same algorithm.
37. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto;
said transmitting unit comprising:
a source of signals for providing first and second seed signals indicative of respective secret pseudorandom number generator initial values and first, second and third mask signals indicative of respective secret feedback masks, each mask defining a respective feedback polynomial for linear feedback shift register pseudorandom number generation, said initial values and said polynomials being essentially unique to said transmitting unit;
command switches operable to indicate a physical effect which is to be caused by said receiving module; and
first signal processing means responsive to selected operation of said switches indicative of a synchronization command for providing a random signal indicative of a variable random number, for performing a first linear feedback shift register pseudorandom number generation operation, on a combined number consisting of the initial value defined by said first seed signal concatenated with the random number defined by said random signal, a given number of iterations on the order of the degree of said fist polynomial, or more, using the mask defined by said first mask signal, said first polynomial having a degree on the order of the degree of said combined word, for performing a second linear feedback shift register pseudorandom number generation operation, on a second word consisting of the initial value defined by said second seed signal, a fixed number of iterations on the order of the degree of said second polynomial, or more, using the mask defined by said second mask signal, said second polynomial having a degree on the order of the degree of said second initial value, for exclusive ORing a plurality of command bits indicative of said synchronization command with a corresponding plurality of bits of the result of said second generation operation to form an altered word, for storing, for future use in authenticating subsequent transmissions to said receiving module, first and second pseudorandom numbers respectively indicative of the results of said first and second generation operations, for performing a third linear feedback shift register pseudorandom number generation operation, on a word consisting of said first pseudorandom number concatenated with said altered word, a predetermined number of iterations on the order of the degree of said third polynomial, or more, using the mask defined by said third mask signal said third polynomial having a degree on the order of the summation of the degrees of said first pseudorandom number and said altered word, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion and including a command bit indicative of said synchronization operation;
said first signal processing means responsive to selected operation of said switches indicative of a lock-related command for performing a fourth linear feedback shift register pseudorandom number generation operation, on said first pseudorandom number, a first determined number of iterations, using the mask defined by said first mask signal, to provide a new first pseudorandom number, for performing a fifth linear feedback shift register pseudorandom number generation operation, an said second pseudorandom number, a second determined number of iterations, using the mask defined by said second mask signal, to provide a new second pseudorandom number, for exclusive ORing a plurality of command bits indicative of said lock-related command with a corresponding plurality of bits of said new second pseudorandom number to form a new altered word, for performing a sixth linear feedback shift register pseudorandom number generation operation, on a word consisting of said new first pseudorandom number concatenated with said new altered word, said predetermined number of iterations, using the mask defined by said third mask signal, for storing said new first and second pseudorandom numbers for future use in authenticating subsequent transmissions to said receiving module, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion;
said receiving module comprising
a signal source for providing third and fourth seed signals respectively indicative of said initial values and fourth, fifth and sixth mask signals respectively indicative of said masks; and
second signal processing means for receiving said command word signal and responsive to said command word including said command bit, for performing a first reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, for performing a second reverse linear feedback shift register pseudorandom number generation operation, on a portion of the result of said first reverse generation operation corresponding to said combined word, said given number of iterations, using the mask defined by said fourth mask signal, for comparing said initial value defined by said third seed signal with an equivalent portion of the result of said second reverse generation operation and providing a first equal signal only if they are identical, for performing a seventh linear feedback shift register pseudorandom number generation operation on a word consisting of the initial value defined by said fourth seed signal, said fixed number of iterations, using the mask defined by said fifth mask signal, for comparing a portion of the result of said seventh generation operation, corresponding to the unaltered portion of said altered word, with a corresponding portion of the result of said first reverse generation operation and providing a second equal signal only if they are identical, in response to said first and second equal signals, for storing, for subsequent use, the random number portion of the result of said second reverse operation and for comparing said random number portion with a similar random number portion, previously stored for subsequent use in response to prior performances of said second reverse operation, and for selectively storing third and fourth pseudorandom numbers respectively indicative of the result of said second reverse operation and said seventh generation operation, for future use in subsequent authentication of transmissions from said transmitting unit, only if said compared random portions are not equal;
said second signal processing means responsive to said command word signal not including said command bit for performing a third reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, to recover said new first pseudorandom number and said new modified word, for performing an eighth linear feedback shift register pseudorandom number generation operation, on said third pseudorandom number, said first determined number of iterations, using the mask defined by said fourth mask signal, to provide a third new pseudorandom number with said third new pseudorandom number and generating a third equal signal only if they are identical, for performing a ninth linear feedback shift register pseudorandom number generation operation, on said fourth pseudorandom number, said second determined number of iterations, using the mask defined by said fifth mask signal, to provide a fourth new pseudorandom number, for comparing the non-command portion of said recovered new altered word with a corresponding portion of said fourth new pseudorandom number and providing a fourth equal signal only if they are identical, and, in response to said first and second equal signals, for storing for future use in subsequent authentication of transmissions from said transmitting unit, said new third and fourth pseudorandom numbers indicative of the results of said eighth and ninth generation operations, for exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said fourth new pseudorandom number to recover said plurality of command bits and for performing said lock-related command.
38. A system according to claim 37 wherein the initial value indicated by said first seed signal is different from the initial value defined by said second seed signal.
39. A system according to claim 37 wherein said polynomials are all different from each other.
40. A system according to claim 37 wherein said fixed number is equal to said given number.
41. A system according to claim 37 wherein said first determined number is different from said second determined number.
42. A system according to claim 37 wherein said feedback polynomials are maximal length feedback polynomials.
43. A system according to claim 37 wherein said first and second determined numbers each vary as a function of a respective pseudorandom event, responsive to each transmission in said transmitting unit and responsive to each reception in said receiving module.
44. A system according to claim 43 wherein said first and second determined numbers are a fraction of said given number and said fixed number, respectively.
45. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:
providing a starting number in said transmitting unit and providing said starting number in said receiving module;
in said transmitting unit:
providing an iteration control signal which changes in a random manner in response to successive transmissions from said transmitting unit;
performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal;
transmitting a command word derived at least in part from the result of said encryption operation; and
in said receiving module:
receiving said command word;
recovering the result of said encryption operation from said received command word;
providing a second iteration control signal which changes, in the same random manner as said first iteration control signal, in response to successive receptions of command words by said receiving module;
performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal;
comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and
providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.
46. A method according to claim 45 wherein said iteration control signal changes in response to the value of a plurality of bit positions of a random number. .Iadd.
47. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto,
the transmitting unit comprising
a first signal generator for providing a plurality of number signals indicative of respective pseudorandom numbers;
a signal processor for concatenating the plurality of number signals to form a combined word signal indicative of a combined word;
an encrypter for encrypting the combined word signal to form an encrypted combined word signal; and
transmission means for transmitting a command signal including a key portion derived from the encrypted combined word signal; and
the receiving module comprising
reception means for receiving the command signal;
a decrypter for decrypting the key portion of the command signal to recover the combined word signal;
a second signal generator for providing at least one number signal; and
authentication means for providing an authentication signal only if at least a portion of said at least one number signal is identical to a corresponding portion of the recovered combined word signal. .Iaddend..Iadd.48. A system according to claim 47 wherein
said at least one number signal comprises a second plurality of number signals indicative of respective pseudorandom numbers; and
the authentication means comprises means for providing an authentication signal only if at least a portion of each of the second plurality of number signals is identical to a corresponding portion of the recovered combined word signal. .Iaddend..Iadd.49. A system according to claim 47 wherein the encrypter comprises means for performing a linear encryption operation. .Iaddend..Iadd.50. A system according to claim 47 wherein the encrypter comprises means for performing a feedback shift operation. .Iaddend..Iadd.51. A system according to claim 50 wherein the feedback shift operation is linear. .Iaddend..Iadd.52. A system according to claim 51 wherein the linear feedback shift register operation employs a secret feedback mask. .Iaddend..Iadd.53. A system according to claim 50 wherein the linear feedback shift register operation employs a secret feedback mask and the decrypter comprises means for performing a reverse CRC operation employing the same secret feedback mask as the CRC operation. .Iaddend..Iadd.54. A system according to claim 53 wherein the linear feedback shift register operation comprises a number of iterations on the order of the degree of the combined word or more. .Iaddend..Iadd.55. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto, comprising
means for providing a starting number signal in the transmitting unit and for providing the same starting number signal in the receiving module, the starting number signal indicative of a starting number; and
comprising in the transmitting unit
a first signal generator for providing a first iteration control signal which changes in a pseudorandom manner in response to successive transmissions from the transmitting unit;
a first signal processor for iterating a variable number of times an iterative encryption operation on the starting number signal, the variable number determined by the first iteration control signal, and for providing a first resulting signal therefrom;
transmission means for transmitting a command signal derived at least in part from the first resulting signal; and
comprising in the receiving module:
reception means for receiving the command signal;
a signal conditioner for recovering the first resulting signal from the command signal;
a second signal generator for providing a second iteration control signal which changes in the same pseudorandom manner as the first iteration control signal in response to successive receptions of command signals by the receiving module;
a second signal processor for iterating a variable number of times an iterative encryption operation on the starting number signal, the variable number determined by the second iteration control signal, and for providing a second resulting signal therefrom;
comparison means for comparing at least a portion of the first resulting signal with a corresponding portion of the second resulting signal; and
authentication means for providing an authentication signal only if the portion of the first resulting signal is identical to the corresponding
portion of the second resulting signal. .Iaddend..Iadd.56. A system according to claim 55 wherein the iterative encryption operation comprises a linear iterative encryption operation. .Iaddend..Iadd.57. A system according to claim 55 wherein the iterative encryption operation comprises a feedback shift register operation. .Iaddend..Iadd.58. A system according to claim 57 wherein the feedback shift register operation is linear. .Iaddend..Iadd.59. A system according to claim 58 wherein the linear feedback shift register operation employs a secret feedback mask. .Iaddend..Iadd.60. A system according to claim 59 wherein the linear feedback shift register operation employs the same secret feedback mask in the transmitting unit as in the receiving module. .Iaddend..Iadd.61. A system according to claim 55 further comprising means for providing a secret initial value signal in the transmitting unit and the same secret initial value signal in the receiving unit; and further wherein the starting number signal is indicative of a word derived at least in part from the secret initial value signal, and is formed at least in part from a number of iterations of an iterative encryption operation on the order
of the degree of the word. .Iaddend..Iadd.62. A system according to claim 55 wherein the variable number is a fraction of the degree of the starting number. .Iaddend..Iadd.63. A system according to claim 55 comprising:
means for providing a second starting number signal in the transmitting unit and for providing the same second starting number signal in the receiving module, the starting number signal indicative of a starting number; and
comprising in the transmitting unit
a third signal generator for providing a third iteration control signal which changes in a pseudorandom fashion in response to successive transmissions from the transmitting unit;
a third signal processor for iterating a changeable number of times an iterative encryption process on the second starting number signal, the changeable number determined by the third iteration control signal, and for providing a third resulting signal therefrom;
transmission means for transmitting the command signal derived at least in part from the third resulting signal; and
comprising in the receiving module
fourth signal conditioning means for recovering the third resulting signal from the command signal;
a fourth signal generator for providing a fourth iteration control signal which changes in the same pseudorandom fashion as the third iteration control signal, in response to successive receptions of command signals by the receiving module;
a fourth signal processor for iterating a changeable number of times an iterative encryption operation on the starting number signal, the variable number determined by the fourth iteration control signal, and for providing a fourth resulting signal therefrom;
comparison means for comparing at least a portion of the third resulting signal with a corresponding protion of the fourth resulting signal; and
authentication means for providing an authentication signal only if the portion of the third resulting signal is identical to the corresponding portion of the fourth resulting signal. .Iaddend..Iadd.64. A system according to claim 63 wherein the variable number is different from the changeable number. .Iaddend..Iadd.65. A system according to claim 63 wherein the pseudorandom manner is different from the pseudorandom fashion. .Iaddend..Iadd.66. A system according to claim 65 wherein the iterative encryption operation is the same as the iterative encryption process. .Iaddend..Iadd.67. A system according to claim 55 wherein the iteration control signal changes in response to the value of a bit position of a changing number. .Iaddend..Iadd.68. A system according to claim 67 wherein the changing number is the starting number. .Iaddend..Iadd.69. A system according to claim 55 wherein the iteration control signal changes in response to the value of a plurality of bit positions of a changing number. .Iaddend..Iadd.70. A system according to claim 69 wherein the changing number is the starting number. .Iaddend..Iadd.71. A cryptographically authenticated remote control system in which any of a plurality of command transmitting units selectively causes a physical effect in a command receiving module rendered responsive thereto, comprising:
transmitter memory for storing a set of numbers in each of the transmitting units, each set corresponding to one of the transmitting units, each set including at least one secret initial value, each set essentially unique to the corresponding unit;
receiver memory for storing in the receiving module the set of numbers for each of the transmitters to which the receiving module is to respond;
transmission means for transmitting to the receiving module from one of the transmitting units a command word including a key portion derived at least in part from an encryption operation performed on the secret initial value; and
authentication means for authenticating the command word received at the receiving module utilizing the numbers in a corresponding set. .Iaddend..Iadd.72. A system according to claim 71 wherein each set includes an identification number and the command word includes the identification number; and comprising authentication means for authenticating the command word received at the receiving modules utilizing the numbers in a corresponding set only in response to the command word containing an identification number which matches an identification number in one of the sets disposed in the receiving module. .Iaddend..Iadd.73. A system according to claim 72 wherein the receiving module further comprises selection means for performing an authentication process using successive ones of the sets which have an identification number that matches the identification number included in the received command word until either authentication occurs or all of the sets have been used. .Iaddend..Iadd.74. A system according to claim 71 wherein the receiving module further comprises selection means for performing an authentication process on the key portion using successive ones of the sets until either authentication occurs or all of the sets have been used. .Iaddend..Iadd.75. A system according to claim 71 wherein each set includes at least one corresponding secret feedback mask, and the encryption operation comprises a feedback shift register pseudorandom number generation operation using the secret feedback mask. .Iaddend..Iadd.76. A system according to claim 75 wherein the feedback shift register operation is linear. .Iaddend..Iadd.77. A synchronized cryptographic authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto comprising:
transmission means for transmitting a command word including a key portion derived from at least one encrypted number generated in the transmitting unit and indicative of a command;
reception means for receiving the command word and, in response thereto, for comparing a number in the receiving module with a number decrypted from the key portion recovered from the command word;
authentication means for providing an authentication signal based at least in part on identity between the number in the receiving module and the number decrypted from the key portion recovered from the command word and for selectively performing the command indicated thereby in response to the authentication signal; and
deactivation means for rendering the receiving module unresponsive, following receipt of one command word, to receipt of an additional command word for a period of time on the order of one-half second, or more. .Iaddend..Iadd.78. A system according to claim 77 wherein the period of time commences on the conclusion of receipt of one of the command words. .Iaddend..Iadd.79. An authentication system for generating an authentication signal upon the identity between two signals comprising
first and second nonvolatile memory;
a starting number stored in each of first and second nonvolatile memory;
a first signal generator for providing a first iteration control signal which changes in a pseudorandom manner in response to successive operations of the authentication system;
a first signal processor coupled to the first nonvolatile memory for iterating a variable number of times an iterative encryption operation on the starting number, the variable number determined by the first iteration control signal, and for providing a first resulting signal therefrom;
reception means for receiving the first resulting signal;
a second signal generator for providing a second iteration control signal which changes in a pseudorandom manner in response to successive receptions of the first resulting signal;
a second signal processor coupled to the second nonvolatile memory for iterating a variable number of times an iterative encryption operation on the starting number, the variable number determined by the second iteration control signal, and for providing a second resulting signal therefrom;
comparison means for comparing at least a portion of the first resulting signal with a portion of the second resulting signal; and
authentication means for providing an authentication signal only if the portion of the first resulting signal is identical to the corresponding portion of the second resulting signal. .Iaddend..Iadd.80. A system according to claim 79 wherein the iterative encryption operation comprises a linear iterative encryption operation. .Iaddend..Iadd.81. A system according to claim 79 wherein the iterative encryption operation comprises a feedback shift register operation. .Iaddend..Iadd.82. A system according to claim 81 wherein the feedback shift register operation is linear. .Iaddend..Iadd.83. A system according to claim 82 wherein the linear feedback shift register operation employs a secret feedback mask. .Iaddend..Iadd.84. A system according to claim 83 wherein the linear feedback shift register operation employs the same secret feedback mask in the transmitting unit as in the receiving module. .Iaddend..Iadd.85. A system according to claim 79 further comprising means for providing a secret initial value signal in the transmitting unit and the same secret initial value signal in the receiving unit; and further wherein the starting number signal is indicative of a word derived at least in part from the secret initial value signal, and is formed at least in part from a number of iterations of an iterative encryption operation on the order of the degree of the word. .Iaddend..Iadd.86. A system according to claim 79 wherein the variable number is a fraction of the degree of the starting number. .Iaddend..Iadd.87. A remote control lock system comprising
a transmitter having
a first pseudorandom number generator for generating a first pseudorandom number, and a second pseudorandom number generator for generating a second pseudorandom number;
a first signal processor for concatenating the first and second pseudorandom numbers to form a combined word;
a plurality of command switches indicative of respective lock commands;
a second signal processor responsive to the plurality of command switches for generating a combined signal derived at least in part from the combined word and indicative of a lock command; and
transmission means for transmitting the combined signal to a receiver responsive thereto; and
a receiver having
recovery means for recovering the combined word and the lock command from the combined signal;
a third pseudorandom number generator for generating a third pseudorandom number and a fourth pseudorandom number generator for generating a fourth pseudorandom number;
a third signal processor for concatenating the third and fourth pseudorandom numbers to form an authentication word; and comparison means for comparing the combined word and the authentication word, for generating an authentication signal in response to identity therebetween, and for authorizing the performance of the lock command upon the generation of the authentication signal. .Iaddend..Iadd.88. The system of claim 87 in which the first, second, third, and fourth pseudorandom number generators employ a feedback shift register. .Iaddend..Iadd.89. A remote control lock system comprising a transmitter and a receiver, the transmitter comprising at least one transmitter register having a plurality of bit positions indicative of binary states, wherein the binary state of at least one of the bit positions determines the number of iterations of an iterative encryption algorithm performed on the contents of the transmitter register. .Iaddend..Iadd.90. The system of claim 89 wherein the receiver comprises at least one receiver register having a plurality of bit positions indicative of binary states, wherein the binary state of at least one of the bit positions determines the number of iterations of an iterative encryption algorithm performed on the contents of the receiver register; and
comparison means for comparing the contents of a number derived at least in part from the contents of the transmitter register with a number derived at least in part from the contents of the receiver register to provide an authentication signal upon identity therebetween. .Iaddend..Iadd.91. The system of claim 90 wherein the iterative encryption algorithm is a feedback shift register algorithm. .Iaddend..Iadd.92. The system of claim 91 wherein the feedback shift resister algorithm is linear. .Iaddend..Iadd.93. The system of claim 92 comprising
command switches on the transmitter indicative of a plurality of lock related commands;
a signal processor responsive to the command switches for concatenating any one of the lock related commands with a number derived at least in part from the contents of the transmitter register; and
the comparison means comprising means for communicating a signal representative the lock related command from the transmitter to the receiver, and authorization means for authorizing performance of the lock related command on the condition that at least a portion of the contents of the transmitter register is identical to a corresponding portion of the contents of the receiver register. .Iaddend.
US08/751,932 1993-06-30 1996-11-08 Pseudorandom number generation and crytographic authentication Expired - Lifetime USRE36181E (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US08/751,932 USRE36181E (en) 1993-06-30 1996-11-08 Pseudorandom number generation and crytographic authentication

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/086,080 US5363448A (en) 1993-06-30 1993-06-30 Pseudorandom number generation and cryptographic authentication
US08/751,932 USRE36181E (en) 1993-06-30 1996-11-08 Pseudorandom number generation and crytographic authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US08/086,080 Reissue US5363448A (en) 1993-06-30 1993-06-30 Pseudorandom number generation and cryptographic authentication

Publications (1)

Publication Number Publication Date
USRE36181E true USRE36181E (en) 1999-04-06

Family

ID=22196129

Family Applications (2)

Application Number Title Priority Date Filing Date
US08/086,080 Ceased US5363448A (en) 1993-06-30 1993-06-30 Pseudorandom number generation and cryptographic authentication
US08/751,932 Expired - Lifetime USRE36181E (en) 1993-06-30 1996-11-08 Pseudorandom number generation and crytographic authentication

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US08/086,080 Ceased US5363448A (en) 1993-06-30 1993-06-30 Pseudorandom number generation and cryptographic authentication

Country Status (7)

Country Link
US (2) US5363448A (en)
EP (2) EP0872976B1 (en)
JP (1) JPH08512183A (en)
CA (1) CA2159360A1 (en)
DE (2) DE69418714T2 (en)
ES (1) ES2140548T3 (en)
WO (1) WO1995001685A2 (en)

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020049904A1 (en) * 2000-08-24 2002-04-25 Juergen Nowottnick Access system with possibility of learing unknown access keys
US6438432B1 (en) * 1996-08-24 2002-08-20 Robert Bosch Gmbh Process for the protection of stored program controls from overwriting
US20020114453A1 (en) * 2001-02-21 2002-08-22 Bartholet Thomas G. System and method for secure cryptographic data transport and storage
US20030074319A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20030072446A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
US6580908B1 (en) 1997-07-16 2003-06-17 Mark W. Kroll Generic number cellular telephone
US6617961B1 (en) 1999-11-15 2003-09-09 Strattec Security Corporation Security system for a vehicle and method of operating same
US20040019791A1 (en) * 2002-07-24 2004-01-29 Congruence, Llc Code for object identification
US20040091106A1 (en) * 2002-11-07 2004-05-13 Moore Frank H. Scrambling of data streams having arbitrary data path widths
US6823070B1 (en) * 2000-03-28 2004-11-23 Freescale Semiconductor, Inc. Method for key escrow in a communication system and apparatus therefor
US20050278591A1 (en) * 2004-06-14 2005-12-15 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US20060177064A1 (en) * 2005-02-07 2006-08-10 Micky Holtzman Secure memory card with life cycle phases
US20060176068A1 (en) * 2005-02-07 2006-08-10 Micky Holtzman Methods used in a secure memory card with life cycle phases
US7113592B1 (en) * 1996-06-05 2006-09-26 Deutsche Telekom Ag Method and device for loading input data into a program when performing an authentication
US20070011724A1 (en) * 2005-07-08 2007-01-11 Gonzalez Carlos J Mass storage device with automated credentials loading
US20070061570A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Method of hardware driver integrity check of memory card controller firmware
US20070061581A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20070080941A1 (en) * 2005-10-11 2007-04-12 Hsu Mao-Shan Display device, keypad thereof and method for activating display device
US20070127458A1 (en) * 2005-12-06 2007-06-07 Micrel, Inc. Data communication method for detecting slipped bit errors in received data packets
US20080052524A1 (en) * 2006-08-24 2008-02-28 Yoram Cedar Reader for one time password generating device
US20080072058A1 (en) * 2006-08-24 2008-03-20 Yoram Cedar Methods in a reader for one time password generating device
US20090279693A1 (en) * 2006-04-10 2009-11-12 France Telecom Method and a device for generating a pseudorandom string
US8321686B2 (en) 2005-02-07 2012-11-27 Sandisk Technologies Inc. Secure memory card with life cycle phases
US8423794B2 (en) 2006-12-28 2013-04-16 Sandisk Technologies Inc. Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications
US8861725B2 (en) 2012-07-10 2014-10-14 Infineon Technologies Ag Random bit stream generator with enhanced backward secrecy
US8879733B2 (en) 2012-07-10 2014-11-04 Infineon Technologies Ag Random bit stream generator with guaranteed minimum period

Families Citing this family (240)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6175312B1 (en) 1990-05-29 2001-01-16 Microchip Technology Incorporated Encoder and decoder microchips and remote control devices for secure unidirectional communication
FR2699300B1 (en) * 1992-12-15 1995-03-10 Mireille Campana Method of authenticating a computer assembly by another computer assembly.
JPH0781521A (en) * 1993-06-30 1995-03-28 Alpine Electron Inc Security device
US5444781A (en) * 1993-08-23 1995-08-22 Apple Computer Inc. Method and apparatus for decryption using cache storage
US5680131A (en) * 1993-10-29 1997-10-21 National Semiconductor Corporation Security system having randomized synchronization code after power up
US5420925A (en) * 1994-03-03 1995-05-30 Lectron Products, Inc. Rolling code encryption process for remote keyless entry system
US5619575A (en) * 1994-08-22 1997-04-08 United Technologies Automotive, Inc. Pseudorandom composition-based cryptographic authentication process
US5606322A (en) * 1994-10-24 1997-02-25 Motorola, Inc. Divergent code generator and method
JP2825064B2 (en) * 1994-12-19 1998-11-18 株式会社日本自動車部品総合研究所 Encryption device
US7007166B1 (en) * 1994-12-28 2006-02-28 Wistaria Trading, Inc. Method and system for digital watermarking
US7362775B1 (en) 1996-07-02 2008-04-22 Wistaria Trading, Inc. Exchange mechanisms for digital information packages with bandwidth securitization, multichannel digital watermarks, and key management
US6237096B1 (en) 1995-01-17 2001-05-22 Eoriginal Inc. System and method for electronic transmission storage and retrieval of authenticated documents
US7743248B2 (en) 1995-01-17 2010-06-22 Eoriginal, Inc. System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components
US5615268A (en) * 1995-01-17 1997-03-25 Document Authentication Systems, Inc. System and method for electronic transmission storage and retrieval of authenticated documents
US5748738A (en) * 1995-01-17 1998-05-05 Document Authentication Systems, Inc. System and method for electronic transmission, storage and retrieval of authenticated documents
US7162635B2 (en) * 1995-01-17 2007-01-09 Eoriginal, Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6014446A (en) * 1995-02-24 2000-01-11 Motorola, Inc. Apparatus for providing improved encryption protection in a communication system
US5598475A (en) * 1995-03-23 1997-01-28 Texas Instruments Incorporated Rolling code identification scheme for remote control applications
JP2914211B2 (en) * 1995-03-24 1999-06-28 住友電装株式会社 Keyless entry system
US5598476A (en) * 1995-04-20 1997-01-28 United Technologies Automotive, Inc. Random clock composition-based cryptographic authentication process and locking system
US5640452A (en) * 1995-04-28 1997-06-17 Trimble Navigation Limited Location-sensitive decryption of an encrypted message
US7492905B2 (en) * 1995-05-17 2009-02-17 The Chamberlain Group, Inc. Rolling code security system
US6690796B1 (en) 1995-05-17 2004-02-10 The Chamberlain Group, Inc. Rolling code security system
EP0771498B1 (en) 1995-05-17 2007-05-09 The Chamberlain Group, Inc. Rolling code security system
NO951965L (en) * 1995-05-18 1996-11-19 Defa Group As Transceiver system
US5737418A (en) * 1995-05-30 1998-04-07 International Game Technology Encryption of bill validation data
US5613004A (en) 1995-06-07 1997-03-18 The Dice Company Steganographic method and device
WO1996042155A1 (en) * 1995-06-08 1996-12-27 Motorola Inc. Method of encrypting data packets and detecting decryption errors
US5661804A (en) * 1995-06-27 1997-08-26 Prince Corporation Trainable transceiver capable of learning variable codes
DE19523654A1 (en) * 1995-06-29 1997-01-02 Sel Alcatel Ag Fraud-proof equipment identification method
US5754657A (en) * 1995-08-31 1998-05-19 Trimble Navigation Limited Authentication of a message source
US5757923A (en) * 1995-09-22 1998-05-26 Ut Automotive Dearborn, Inc. Method of generating secret identification numbers
US5696828A (en) * 1995-09-22 1997-12-09 United Technologies Automotive, Inc. Random number generating system and process based on chaos
US6282362B1 (en) 1995-11-07 2001-08-28 Trimble Navigation Limited Geographical position/image digital recording and display system
US5764770A (en) * 1995-11-07 1998-06-09 Trimble Navigation Limited Image authentication patterning
US5799082A (en) * 1995-11-07 1998-08-25 Trimble Navigation Limited Secure authentication of images
GB2307514B (en) * 1995-11-25 1999-06-02 Rover Group Vehicle security system
US7664263B2 (en) 1998-03-24 2010-02-16 Moskowitz Scott A Method for combining transfer functions with predetermined key creation
US6205249B1 (en) 1998-04-02 2001-03-20 Scott A. Moskowitz Multiple transform utilization and applications for secure digital watermarking
FR2745135B1 (en) * 1996-02-15 1998-09-18 Cedric Colnot METHOD FOR AUTHORIZING ACCESS BY A SERVER TO A SERVICE FROM PORTABLE MEMORY CARD TYPE ELECTRONIC MICROCIRCUIT DEVICES
FR2748144B1 (en) * 1996-04-25 1998-06-12 Sagem METHOD FOR SECURE TRANSMISSION BETWEEN A TRANSMITTER AND A RECEIVER, TRANSMITTER AND RECEIVER FOR IMPLEMENTING THE METHOD
US5889868A (en) 1996-07-02 1999-03-30 The Dice Company Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data
US7095874B2 (en) 1996-07-02 2006-08-22 Wistaria Trading, Inc. Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data
US7457962B2 (en) 1996-07-02 2008-11-25 Wistaria Trading, Inc Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data
US7177429B2 (en) 2000-12-07 2007-02-13 Blue Spike, Inc. System and methods for permitting open access to data objects and for securing data within the data objects
US6078664A (en) * 1996-12-20 2000-06-20 Moskowitz; Scott A. Z-transform implementation of digital watermarks
US7346472B1 (en) 2000-09-07 2008-03-18 Blue Spike, Inc. Method and device for monitoring and analyzing signals
US7159116B2 (en) 1999-12-07 2007-01-02 Blue Spike, Inc. Systems, methods and devices for trusted transactions
US7107451B2 (en) * 1996-07-02 2006-09-12 Wistaria Trading, Inc. Optimization methods for the insertion, protection, and detection of digital watermarks in digital data
US5731756A (en) * 1996-10-10 1998-03-24 United Technologies Automotive, Inc. Universal encrypted radio transmitter for multiple functions
US5850188A (en) 1996-12-10 1998-12-15 United Technologies Automotive, Inc. Self-diagnosing remote entry apparatus
US7730317B2 (en) 1996-12-20 2010-06-01 Wistaria Trading, Inc. Linear predictive coding implementation of digital watermarks
AUPO799197A0 (en) * 1997-07-15 1997-08-07 Silverbrook Research Pty Ltd Image processing method and apparatus (ART01)
US5978483A (en) * 1997-04-07 1999-11-02 Inkel Corporation Securely encrypted remote keyless entry system
DE19725444A1 (en) * 1997-06-16 1998-12-17 Siemens Ag Authorization verification procedure and arrangement for performing this procedure
US6041410A (en) * 1997-12-22 2000-03-21 Trw Inc. Personal identification fob
US6038666A (en) * 1997-12-22 2000-03-14 Trw Inc. Remote identity verification technique using a personal identification device
US6094487A (en) * 1998-03-04 2000-07-25 At&T Corporation Apparatus and method for encryption key generation
US6285873B1 (en) * 1998-03-09 2001-09-04 Qualcomm Incorporated Method for generating a broadcast challenge value
US6266412B1 (en) * 1998-06-15 2001-07-24 Lucent Technologies Inc. Encrypting speech coder
US6314351B1 (en) 1998-08-10 2001-11-06 Lear Automotive Dearborn, Inc. Auto PC firewall
US6057764A (en) * 1998-08-20 2000-05-02 Williams; Melvin P. Dynamically bypassed alarm system
FR2783270B1 (en) * 1998-09-10 2000-11-17 Mr Electronic Sa ELECTRONIC LOCK WITH DYNAMIC CONTROL AND CONTROL SYSTEM PROVIDED WITH SUCH A LOCK
US6128528A (en) * 1999-03-18 2000-10-03 Medtronics, Inc. Error code calculations for data stored in an implantable medical device
US7664264B2 (en) 1999-03-24 2010-02-16 Blue Spike, Inc. Utilizing data reduction in steganographic and cryptographic systems
US6529487B1 (en) * 1999-07-09 2003-03-04 Qualcomm Incorporated Method and apparatus for securely transmitting distributed RAND for use in mobile station authentication
WO2001018628A2 (en) 1999-08-04 2001-03-15 Blue Spike, Inc. A secure personal content server
WO2001016702A1 (en) 1999-09-01 2001-03-08 Intel Corporation Register set used in multithreaded parallel processor architecture
US7191309B1 (en) * 1999-09-01 2007-03-13 Intel Corporation Double shift instruction for micro engine used in multithreaded parallel processor architecture
AU7098400A (en) 1999-09-01 2001-03-26 Intel Corporation Register set used in multithreaded parallel processor architecture
GB2361567B (en) 2000-04-18 2004-02-11 Mitel Corp Hardware authentication system and method
DE10022422A1 (en) * 2000-05-09 2001-11-15 Bosch Gmbh Robert Accessing device in communications network in motor vehicle by external device involves gateway checking if device requested by external device allows access, sending software element
AUPQ904100A0 (en) * 2000-07-27 2000-08-17 Filippi, Ross Method of encryption
WO2002016715A2 (en) * 2000-08-24 2002-02-28 Siemens Automotive Corporation Remote entry transmitter with transmission identification codes
US7681018B2 (en) * 2000-08-31 2010-03-16 Intel Corporation Method and apparatus for providing large register address space while maximizing cycletime performance for a multi-threaded register file set
US20020053017A1 (en) * 2000-09-01 2002-05-02 Adiletta Matthew J. Register instructions for a multithreaded processor
US7127615B2 (en) 2000-09-20 2006-10-24 Blue Spike, Inc. Security based on subliminal and supraliminal channels for data objects
US7020871B2 (en) * 2000-12-21 2006-03-28 Intel Corporation Breakpoint method for parallel hardware threads in multithreaded processor
US7184546B2 (en) * 2001-02-13 2007-02-27 Arkion S.L. Method based on an algorithm capable of being graphically implemented to be used for the generation of filtering of data sequences and crytographic applications
US7280658B2 (en) * 2001-06-01 2007-10-09 International Business Machines Corporation Systems, methods, and computer program products for accelerated dynamic protection of data
US7225281B2 (en) 2001-08-27 2007-05-29 Intel Corporation Multiprocessor infrastructure for providing flexible bandwidth allocation via multiple instantiations of separate data buses, control buses and support mechanisms
US6868476B2 (en) 2001-08-27 2005-03-15 Intel Corporation Software controlled content addressable memory in a general purpose execution datapath
US7487505B2 (en) 2001-08-27 2009-02-03 Intel Corporation Multithreaded microprocessor with register allocation based on number of active threads
US7216204B2 (en) 2001-08-27 2007-05-08 Intel Corporation Mechanism for providing early coherency detection to enable high performance memory updates in a latency sensitive multithreaded environment
US20030063742A1 (en) * 2001-09-28 2003-04-03 Neufeld E. David Method and apparatus for generating a strong random number for use in a security subsystem for a processor-based device
EP1391853A1 (en) 2001-11-30 2004-02-25 STMicroelectronics S.A. Diversification of the unique identifier of an integrated circuit
EP1359550A1 (en) * 2001-11-30 2003-11-05 STMicroelectronics S.A. Regeneration of a secret number by using an identifier of an integrated circuit
FR2833119A1 (en) 2001-11-30 2003-06-06 St Microelectronics Sa GENERATION OF SECRET QUANTITIES OF IDENTIFICATION OF AN INTEGRATED CIRCUIT
US7610451B2 (en) 2002-01-25 2009-10-27 Intel Corporation Data transfer mechanism using unidirectional pull bus and push bus
US7437724B2 (en) * 2002-04-03 2008-10-14 Intel Corporation Registers for data transfers
US7287275B2 (en) 2002-04-17 2007-10-23 Moskowitz Scott A Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth
US7337275B2 (en) 2002-08-13 2008-02-26 Intel Corporation Free list and ring data structure management
US6941438B2 (en) 2003-01-10 2005-09-06 Intel Corporation Memory interleaving
JP4196770B2 (en) * 2003-07-23 2008-12-17 ソニー株式会社 Data processing method, data inspection method
ES2238151B1 (en) * 2003-08-06 2006-11-01 Consejo Sup. Investig. Cientificas PROCEDURE AND DEVICE FOR ENCRYPTION OF IMAGES THROUGH A SYSTRIC GRAPHIC CRYPTOSYSTEM.
US8422667B2 (en) 2005-01-27 2013-04-16 The Chamberlain Group, Inc. Method and apparatus to facilitate transmission of an encrypted rolling code
US9148409B2 (en) 2005-06-30 2015-09-29 The Chamberlain Group, Inc. Method and apparatus to facilitate message transmission and reception using different transmission characteristics
US7175073B2 (en) * 2005-03-02 2007-02-13 International Business Machines Corporation Secure cell phone for ATM transactions
US8183980B2 (en) 2005-08-31 2012-05-22 Assa Abloy Ab Device authentication using a unidirectional protocol
US9002750B1 (en) * 2005-12-09 2015-04-07 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
US7904946B1 (en) 2005-12-09 2011-03-08 Citicorp Development Center, Inc. Methods and systems for secure user authentication
US9768963B2 (en) * 2005-12-09 2017-09-19 Citicorp Credit Services, Inc. (Usa) Methods and systems for secure user authentication
DE102006017911B4 (en) 2006-04-18 2023-01-26 creditPass GmbH Electronic payment system and method for carrying out a payment transaction
KR101285863B1 (en) * 2006-11-17 2013-07-12 엘지전자 주식회사 Method for optimizing digital data communication
US8244426B2 (en) 2007-10-27 2012-08-14 GM Global Technology Operations LLC Method and apparatus for monitoring processor integrity in a distributed control module system for a powertrain system
US8150036B2 (en) * 2007-10-31 2012-04-03 Igt Encrypted data installation
JP4970221B2 (en) * 2007-11-16 2012-07-04 株式会社東芝 Power saving control apparatus and method
JP5121542B2 (en) * 2008-04-09 2013-01-16 キヤノン株式会社 Application packaging device, its control method, and program
WO2010019593A1 (en) 2008-08-11 2010-02-18 Assa Abloy Ab Secure wiegand communications
US8244909B1 (en) * 2009-06-18 2012-08-14 Google Inc. Method, apparatus and networking equipment for performing flow hashing using quasi cryptographic hash functions
EP2500872A1 (en) * 2011-03-08 2012-09-19 Openways Sas Secured method for controlling the opening of locking devices by means of a communication object such as a mobile phone
US8345876B1 (en) 2012-03-06 2013-01-01 Robert Samuel Sinn Encryption/decryption system and method
US10708043B2 (en) * 2013-03-07 2020-07-07 David Mayer Hutchinson One pad communications
US9094388B2 (en) 2013-05-01 2015-07-28 Dmitri Tkachev Methods and systems for identifying, verifying, and authenticating an identity
CN104636115B (en) * 2013-11-14 2017-12-15 国家电网公司 A kind of true random number after-treatment device and method
DE102014001270A1 (en) * 2014-01-31 2015-08-06 Infineon Technologies Ag Method and system for calculating codewords for protected data transmissions
US10608815B2 (en) * 2014-07-28 2020-03-31 The Boeing Company Content encryption and decryption using a custom key
US10084593B2 (en) * 2015-01-20 2018-09-25 Ternarylogic Llc Apparatus for unconventional non-linear feedback shift registers (NLFSRs)
US9660803B2 (en) * 2015-09-15 2017-05-23 Global Risk Advisors Device and method for resonant cryptography
US10680810B2 (en) * 2016-10-26 2020-06-09 Nxp B.V. Method of generating an elliptic curve cryptographic key pair
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
US10652743B2 (en) 2017-12-21 2020-05-12 The Chamberlain Group, Inc. Security system for a moveable barrier operator
US11146540B2 (en) * 2018-05-09 2021-10-12 Datalogic Ip Tech S.R.L. Systems and methods for public key exchange employing a peer-to-peer protocol
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US11074773B1 (en) 2018-06-27 2021-07-27 The Chamberlain Group, Inc. Network-based control of movable barrier operators for autonomous vehicles
US10553058B2 (en) * 2018-06-29 2020-02-04 Micron Technology, Inc. Secure wireless lock-actuation exchange
WO2020028502A1 (en) 2018-08-01 2020-02-06 The Chamberlain Group, Inc. Movable barrier operator and transmitter pairing over a network
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
JP2022511281A (en) 2018-10-02 2022-01-31 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Systems and methods for cryptographic authentication of non-contact cards
JP2022508026A (en) 2018-10-02 2022-01-19 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Systems and methods for cryptographic authentication of non-contact cards
CA3108917A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
AU2019355436A1 (en) 2018-10-02 2021-04-15 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10630653B1 (en) 2018-10-02 2020-04-21 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
BR112021005174A2 (en) 2018-10-02 2021-06-15 Capital One Services, Llc counter resynchronization system, method of resynchronizing a counter on a contactless card, and contactless card
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10680824B2 (en) 2018-10-02 2020-06-09 Capital One Services, Llc Systems and methods for inventory management using cryptographic authentication of contactless cards
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
JP2022502891A (en) 2018-10-02 2022-01-11 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニーCapital One Services, LLC Systems and methods for cryptographic authentication of non-contact cards
WO2020072440A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072670A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072694A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115107A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10664830B1 (en) 2018-12-18 2020-05-26 Capital One Services, Llc Devices and methods for selective contactless communication
US11171949B2 (en) * 2019-01-09 2021-11-09 EMC IP Holding Company LLC Generating authentication information utilizing linear feedback shift registers
US20200226581A1 (en) 2019-01-11 2020-07-16 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US10749680B1 (en) 2019-03-25 2020-08-18 Micron Technology, Inc. Secure communication between a vehicle and a remote device
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US10997810B2 (en) 2019-05-16 2021-05-04 The Chamberlain Group, Inc. In-vehicle transmitter training
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US12086852B2 (en) 2019-07-08 2024-09-10 Capital One Services, Llc Authenticating voice transactions with payment card
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
JP2023503795A (en) 2019-10-02 2023-02-01 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Client Device Authentication Using Contactless Legacy Magnetic Stripe Data
CN110930558B (en) * 2019-12-12 2021-05-07 创斯达科技集团(中国)有限责任公司 Dynamic encryption and decryption method among lock control system modules, multiple authentication lock control system, lock control method and safe
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
WO2021174264A1 (en) * 2020-02-27 2021-09-02 Vietnam Onyx Joint Stock Company Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method
JP7371757B2 (en) * 2020-02-28 2023-10-31 日本電気株式会社 Authentication encryption device, authentication decryption device, authentication encryption method, authentication decryption method and program
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
WO2022192872A1 (en) * 2021-03-08 2022-09-15 SecureXperts Incorporated Techniques for generating cryptographic values
US11245438B1 (en) 2021-03-26 2022-02-08 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card
US12041172B2 (en) 2021-06-25 2024-07-16 Capital One Services, Llc Cryptographic authentication to control access to storage devices
US12061682B2 (en) 2021-07-19 2024-08-13 Capital One Services, Llc System and method to perform digital authentication using multiple channels of communication
US12062258B2 (en) 2021-09-16 2024-08-13 Capital One Services, Llc Use of a payment card to unlock a lock
US12069173B2 (en) 2021-12-15 2024-08-20 Capital One Services, Llc Key recovery based on contactless card authentication
US12124903B2 (en) 2023-03-16 2024-10-22 Capital One Services, Llc Card with a time-sensitive element and systems and methods for implementing the same

Citations (92)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3622991A (en) * 1969-09-16 1971-11-23 Electro Optics Devices Corp Electronic locking system
US3654604A (en) * 1970-01-05 1972-04-04 Constellation Science And Tech Secure communications control system
US3665162A (en) * 1968-12-16 1972-05-23 Omron Tateisi Electronics Co Identification system
US4133974A (en) * 1976-11-05 1979-01-09 Datotek, Inc. System for locally enciphering prime data
US4319273A (en) * 1979-10-26 1982-03-09 Rca Corporation Television signal with encoded synchronizing signals
US4322577A (en) * 1977-12-21 1982-03-30 Braendstroem Hugo Cryptosystem
US4418275A (en) * 1979-12-07 1983-11-29 Ncr Corporation Data hashing method and apparatus
US4424414A (en) * 1978-05-01 1984-01-03 Board Of Trustees Of The Leland Stanford Junior University Exponentiation cryptographic apparatus and method
DE3225754A1 (en) * 1982-07-09 1984-01-12 Hülsbeck & Fürst GmbH & Co KG, 5620 Velbert METHOD FOR THE LOCKING EFFECTIVE INTERACTION OF A KEY-LIKE PART WITH A LOCK-LIKE PART
US4435826A (en) * 1980-09-05 1984-03-06 Hitachi, Ltd. Frame synchronizer
GB2144564A (en) * 1983-07-29 1985-03-06 Philips Nv Authentication system between a card reader and a card exchanger data
US4595985A (en) * 1982-08-25 1986-06-17 Omron Tateisi Electronics Co. Electronic cash register
US4596985A (en) * 1982-11-27 1986-06-24 Kiekert Gmbh & Co. Kommanditgesellschaft Radio-controlled lock method with automatic code change
US4613980A (en) * 1984-09-04 1986-09-23 Conoco Inc. System for high accuracy remote decoding
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US4654480A (en) * 1985-11-26 1987-03-31 Weiss Jeffrey A Method and apparatus for synchronizing encrypting and decrypting systems
US4667301A (en) * 1983-06-13 1987-05-19 Control Data Corporation Generator for pseudo-random numbers
US4691291A (en) * 1985-09-23 1987-09-01 Thinking Machines Corporation Random sequence generators
US4733215A (en) * 1985-11-13 1988-03-22 Delta Elettronica S.P.A. Remote control apparatus for a property protection device
US4734680A (en) * 1986-02-06 1988-03-29 Emhart Industries, Inc. Detection system with randomized transmissions
US4736419A (en) * 1984-12-24 1988-04-05 American Telephone And Telegraph Company, At&T Bell Laboratories Electronic lock system
US4758835A (en) * 1985-08-21 1988-07-19 Vdo Adolf Schindling Ag System for the locking and/or unlocking of a security device
US4771463A (en) * 1986-12-05 1988-09-13 Siemens Transmission Systems, Inc. Digital scrambling without error multiplication
US4797921A (en) * 1984-11-13 1989-01-10 Hitachi, Ltd. System for enciphering or deciphering data
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
EP0304733A1 (en) * 1987-08-14 1989-03-01 Siemens Aktiengesellschaft Data-transmission method
US4825210A (en) * 1986-08-12 1989-04-25 Siemens Aktiengesellschaft Electronic locking system having a lock and a method for re-synchronization
US4847614A (en) * 1986-10-29 1989-07-11 Wilhelm Ruf Kg Electronic remote control means, especially for centrally controlled locking systems in motor vehicles
US4853884A (en) * 1987-09-11 1989-08-01 Motorola, Inc. Random number generator with digital feedback
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system
US4870682A (en) * 1987-02-25 1989-09-26 Household Data Services (Hds) Television scrambling system
US4876718A (en) * 1987-03-12 1989-10-24 Zenith Electronics Corporation Secure data packet transmission system and method
US4881148A (en) * 1987-05-21 1989-11-14 Wickes Manufacturing Company Remote control system for door locks
US4892098A (en) * 1985-06-26 1990-01-09 Sauer Jude S Tubular tissue welding device without moving parts
US4905176A (en) * 1988-10-28 1990-02-27 International Business Machines Corporation Random number generator circuit
USRE33189E (en) * 1981-11-19 1990-03-27 Communications Satellite Corporation Security system for SSTV encryption
US4912463A (en) * 1988-08-09 1990-03-27 Princeton Technology Corporation Remote control apparatus
US4928098A (en) * 1984-03-30 1990-05-22 Siemens Aktiengesellschaft Method for code protection using an electronic key
US4942393A (en) * 1988-05-27 1990-07-17 Lectron Products, Inc. Passive keyless entry system
US4980108A (en) * 1988-02-29 1990-12-25 Teijin Limited Process for forming a polyurethane coated biaxially oriented polyester film
US5001754A (en) * 1990-02-01 1991-03-19 The Trustees Of Princeton University Encryption system and method
US5007016A (en) * 1987-12-21 1991-04-09 Compagnie Generale D'electricite Fractal-type periodic temporal signal generator
US5048086A (en) * 1990-07-16 1991-09-10 Hughes Aircraft Company Encryption system based on chaos theory
US5054067A (en) * 1990-02-21 1991-10-01 General Instrument Corporation Block-cipher cryptographic device based upon a pseudorandom nonlinear sequence generator
US5055701A (en) * 1988-08-16 1991-10-08 Nissan Motor Company, Limited Operator responsive keyless entry system with variable random codes
US5060265A (en) * 1990-07-23 1991-10-22 Motorola, Inc. Method of protecting a linear feedback shift register (LFSR) output signal
US5103221A (en) * 1988-12-06 1992-04-07 Delta Elettronica S.P.A. Remote-control security system and method of operating the same
US5105162A (en) * 1991-06-20 1992-04-14 United Technologies Automotive Electrically tuned RF receiver, apparatus and method therefor
US5109152A (en) * 1988-07-13 1992-04-28 Matsushita Electric Industrial Co., Ltd. Communication apparatus
US5113441A (en) * 1989-04-21 1992-05-12 Pioneer Electronics Corporation Method for scrambling a television signal and method and apparatus for descrambling a scrambled television signal
US5115236A (en) * 1987-11-18 1992-05-19 U.S. Philips Corporation Remote control system using a wake up signal
US5136642A (en) * 1990-06-01 1992-08-04 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
US5144667A (en) * 1990-12-20 1992-09-01 Delco Electronics Corporation Method of secure remote access
US5146215A (en) * 1987-09-08 1992-09-08 Clifford Electronics, Inc. Electronically programmable remote control for vehicle security system
US5161190A (en) * 1987-09-10 1992-11-03 Computer Security Corp. System for encryption and identification
US5179592A (en) * 1988-09-30 1993-01-12 Nec Corporation Data scrambler and descrambler capable of preventing continuous bit zeros or ones
US5191610A (en) * 1992-02-28 1993-03-02 United Technologies Automotive, Inc. Remote operating system having secure communication of encoded messages and automatic re-synchronization
US5195136A (en) * 1991-09-30 1993-03-16 Motorola, Inc. Method and apparatus for data encryption or decryption
US5220616A (en) * 1991-02-27 1993-06-15 Northern Telecom Limited Image processing
US5220606A (en) * 1992-02-10 1993-06-15 Harold Greenberg Cryptographic system and method
US5222141A (en) * 1992-03-25 1993-06-22 Motorola, Inc. Apparatus and method for encoding data
US5224161A (en) * 1988-05-06 1993-06-29 Laboratoir Europeen De Recherches Electroniques Avancees, Societe En Nom Collectif Method of scrambling and of unscrambling composite video signals, and device for implementation
US5231667A (en) * 1990-12-10 1993-07-27 Sony Corporation Scrambling/descrambling circuit
US5241598A (en) * 1991-05-22 1993-08-31 Ericsson Ge Mobile Communications, Inc. Rolling key resynchronization in cellular verification and validation system
US5243653A (en) * 1992-05-22 1993-09-07 Motorola, Inc. Method and apparatus for maintaining continuous synchronous encryption and decryption in a wireless communication system throughout a hand-off
US5243650A (en) * 1990-03-23 1993-09-07 Televerket Method and apparatus for encryption/decryption of digital multisound in television
US5272755A (en) * 1991-06-28 1993-12-21 Matsushita Electric Industrial Co., Ltd. Public key cryptosystem with an elliptic curve
US5276738A (en) * 1992-12-17 1994-01-04 Bull Hn Information Systems Inc. Software data protection mechanism
US5280267A (en) * 1991-07-01 1994-01-18 Medardo Reggiani Passive action antitheft device
US5313530A (en) * 1991-03-05 1994-05-17 Canon Kabushiki Kaisha Calculating apparatus and method of encrypting/decrypting communication data by using the same
US5313491A (en) * 1992-12-31 1994-05-17 Gte Government Systems Corporation Acquisition method for DSSS communications
US5317639A (en) * 1989-10-04 1994-05-31 Teledyne Industries, Inc. Non-linear block substitution devices derived by constructive corruption
US5319710A (en) * 1986-08-22 1994-06-07 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encrytions for network transmission
US5365225A (en) * 1989-05-18 1994-11-15 Siemens Aktiengesellschaft Transmitter-receiver system with (re-)initialization
US5369706A (en) * 1993-11-05 1994-11-29 United Technologies Automotive, Inc. Resynchronizing transmitters to receivers for secure vehicle entry using cryptography or rolling code
US5377270A (en) * 1993-06-30 1994-12-27 United Technologies Automotive, Inc. Cryptographic authentication of transmitted messages using pseudorandom numbers
US5398284A (en) * 1993-11-05 1995-03-14 United Technologies Automotive, Inc. Cryptographic encoding process
US5412379A (en) * 1988-05-27 1995-05-02 Lectron Products, Inc. Rolling code for a keyless entry system
US5420925A (en) * 1994-03-03 1995-05-30 Lectron Products, Inc. Rolling code encryption process for remote keyless entry system
US5434806A (en) * 1992-05-12 1995-07-18 Telefonaktiebolaget Lm Ericsson Apparatus and method for random number generation
US5436901A (en) * 1992-12-21 1995-07-25 Otis Elevator Company Synchronous time division multiplexing using jam-based frame synchronization
US5442341A (en) * 1992-04-10 1995-08-15 Trw Inc. Remote control security system
US5479511A (en) * 1991-11-05 1995-12-26 Thomson Consumer Electronics S.A. Method, sender apparatus and receiver apparatus for modulo operation
US5511124A (en) * 1989-07-20 1996-04-23 Siemens Aktiengesellschaft Cryptographic equipment
US5517189A (en) * 1990-12-21 1996-05-14 Siemens Aktiengesellschaft Closure system with adjustable sensitivity
US5528230A (en) * 1992-01-06 1996-06-18 Samsung Electronics Co., Ltd. Remote control transmitter/receiver system
US5554977A (en) * 1993-01-07 1996-09-10 Ford Motor Company Remote controlled security system
US5555303A (en) * 1992-11-17 1996-09-10 Stambler; Leon Secure transaction system and method utilized therein
US5563600A (en) * 1993-06-30 1996-10-08 Alpine Electronics, Inc. Data transmission for remote-controlled security system
US5588058A (en) * 1993-03-31 1996-12-24 U.S. Philips Corporation Method and device for scrambling and descrambling of a specific television broadcast
US5598476A (en) * 1995-04-20 1997-01-28 United Technologies Automotive, Inc. Random clock composition-based cryptographic authentication process and locking system
US5619475A (en) * 1994-03-30 1997-04-08 Schlumberger Technology Corportion Method of predicting mechanical failure in formation utilizing stress derivatives which measure formation nonlinearity

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CH668340A5 (en) * 1985-10-17 1988-12-15 Bbc Brown Boveri & Cie GENERATOR FOR GENERATING BINARY CIFFERENTIAL SEQUENCES.
CH674423A5 (en) * 1987-03-25 1990-05-31 Crypto Ag

Patent Citations (96)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3665162A (en) * 1968-12-16 1972-05-23 Omron Tateisi Electronics Co Identification system
US3622991A (en) * 1969-09-16 1971-11-23 Electro Optics Devices Corp Electronic locking system
US3654604A (en) * 1970-01-05 1972-04-04 Constellation Science And Tech Secure communications control system
US4133974A (en) * 1976-11-05 1979-01-09 Datotek, Inc. System for locally enciphering prime data
US4322577A (en) * 1977-12-21 1982-03-30 Braendstroem Hugo Cryptosystem
US4424414A (en) * 1978-05-01 1984-01-03 Board Of Trustees Of The Leland Stanford Junior University Exponentiation cryptographic apparatus and method
US4319273A (en) * 1979-10-26 1982-03-09 Rca Corporation Television signal with encoded synchronizing signals
US4418275A (en) * 1979-12-07 1983-11-29 Ncr Corporation Data hashing method and apparatus
US4435826A (en) * 1980-09-05 1984-03-06 Hitachi, Ltd. Frame synchronizer
USRE33189E (en) * 1981-11-19 1990-03-27 Communications Satellite Corporation Security system for SSTV encryption
DE3225754A1 (en) * 1982-07-09 1984-01-12 Hülsbeck & Fürst GmbH & Co KG, 5620 Velbert METHOD FOR THE LOCKING EFFECTIVE INTERACTION OF A KEY-LIKE PART WITH A LOCK-LIKE PART
US4509093A (en) * 1982-07-09 1985-04-02 Hulsbeck & Furst Gmbh & Co. Kg Electronic locking device having key and lock parts interacting via electrical pulses
US4595985A (en) * 1982-08-25 1986-06-17 Omron Tateisi Electronics Co. Electronic cash register
US4596985A (en) * 1982-11-27 1986-06-24 Kiekert Gmbh & Co. Kommanditgesellschaft Radio-controlled lock method with automatic code change
US4667301A (en) * 1983-06-13 1987-05-19 Control Data Corporation Generator for pseudo-random numbers
US4612413A (en) * 1983-07-29 1986-09-16 U.S. Philips Corporation Authentication system between a card reader and a pay card exchanging data
GB2144564A (en) * 1983-07-29 1985-03-06 Philips Nv Authentication system between a card reader and a card exchanger data
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US4928098A (en) * 1984-03-30 1990-05-22 Siemens Aktiengesellschaft Method for code protection using an electronic key
US4613980A (en) * 1984-09-04 1986-09-23 Conoco Inc. System for high accuracy remote decoding
US4797921A (en) * 1984-11-13 1989-01-10 Hitachi, Ltd. System for enciphering or deciphering data
US4736419A (en) * 1984-12-24 1988-04-05 American Telephone And Telegraph Company, At&T Bell Laboratories Electronic lock system
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US4892098A (en) * 1985-06-26 1990-01-09 Sauer Jude S Tubular tissue welding device without moving parts
US4758835A (en) * 1985-08-21 1988-07-19 Vdo Adolf Schindling Ag System for the locking and/or unlocking of a security device
US4691291A (en) * 1985-09-23 1987-09-01 Thinking Machines Corporation Random sequence generators
US4733215A (en) * 1985-11-13 1988-03-22 Delta Elettronica S.P.A. Remote control apparatus for a property protection device
US4654480A (en) * 1985-11-26 1987-03-31 Weiss Jeffrey A Method and apparatus for synchronizing encrypting and decrypting systems
US4734680A (en) * 1986-02-06 1988-03-29 Emhart Industries, Inc. Detection system with randomized transmissions
US4825210A (en) * 1986-08-12 1989-04-25 Siemens Aktiengesellschaft Electronic locking system having a lock and a method for re-synchronization
US5319710A (en) * 1986-08-22 1994-06-07 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encrytions for network transmission
US4847614A (en) * 1986-10-29 1989-07-11 Wilhelm Ruf Kg Electronic remote control means, especially for centrally controlled locking systems in motor vehicles
US4771463A (en) * 1986-12-05 1988-09-13 Siemens Transmission Systems, Inc. Digital scrambling without error multiplication
US4870682A (en) * 1987-02-25 1989-09-26 Household Data Services (Hds) Television scrambling system
US4876718A (en) * 1987-03-12 1989-10-24 Zenith Electronics Corporation Secure data packet transmission system and method
US4881148A (en) * 1987-05-21 1989-11-14 Wickes Manufacturing Company Remote control system for door locks
EP0304733A1 (en) * 1987-08-14 1989-03-01 Siemens Aktiengesellschaft Data-transmission method
US5146215A (en) * 1987-09-08 1992-09-08 Clifford Electronics, Inc. Electronically programmable remote control for vehicle security system
US5161190A (en) * 1987-09-10 1992-11-03 Computer Security Corp. System for encryption and identification
US4853884A (en) * 1987-09-11 1989-08-01 Motorola, Inc. Random number generator with digital feedback
US5115236A (en) * 1987-11-18 1992-05-19 U.S. Philips Corporation Remote control system using a wake up signal
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system
US5007016A (en) * 1987-12-21 1991-04-09 Compagnie Generale D'electricite Fractal-type periodic temporal signal generator
US4980108A (en) * 1988-02-29 1990-12-25 Teijin Limited Process for forming a polyurethane coated biaxially oriented polyester film
US5224161A (en) * 1988-05-06 1993-06-29 Laboratoir Europeen De Recherches Electroniques Avancees, Societe En Nom Collectif Method of scrambling and of unscrambling composite video signals, and device for implementation
US5319364A (en) * 1988-05-27 1994-06-07 Lectron Products, Inc. Passive keyless entry system
US4942393A (en) * 1988-05-27 1990-07-17 Lectron Products, Inc. Passive keyless entry system
US5412379A (en) * 1988-05-27 1995-05-02 Lectron Products, Inc. Rolling code for a keyless entry system
US5109152A (en) * 1988-07-13 1992-04-28 Matsushita Electric Industrial Co., Ltd. Communication apparatus
US4912463A (en) * 1988-08-09 1990-03-27 Princeton Technology Corporation Remote control apparatus
US5055701A (en) * 1988-08-16 1991-10-08 Nissan Motor Company, Limited Operator responsive keyless entry system with variable random codes
US5179592A (en) * 1988-09-30 1993-01-12 Nec Corporation Data scrambler and descrambler capable of preventing continuous bit zeros or ones
US4905176A (en) * 1988-10-28 1990-02-27 International Business Machines Corporation Random number generator circuit
US5103221A (en) * 1988-12-06 1992-04-07 Delta Elettronica S.P.A. Remote-control security system and method of operating the same
US5113441A (en) * 1989-04-21 1992-05-12 Pioneer Electronics Corporation Method for scrambling a television signal and method and apparatus for descrambling a scrambled television signal
US5365225A (en) * 1989-05-18 1994-11-15 Siemens Aktiengesellschaft Transmitter-receiver system with (re-)initialization
US5511124A (en) * 1989-07-20 1996-04-23 Siemens Aktiengesellschaft Cryptographic equipment
US5317639A (en) * 1989-10-04 1994-05-31 Teledyne Industries, Inc. Non-linear block substitution devices derived by constructive corruption
US5001754A (en) * 1990-02-01 1991-03-19 The Trustees Of Princeton University Encryption system and method
US5054067A (en) * 1990-02-21 1991-10-01 General Instrument Corporation Block-cipher cryptographic device based upon a pseudorandom nonlinear sequence generator
US5243650A (en) * 1990-03-23 1993-09-07 Televerket Method and apparatus for encryption/decryption of digital multisound in television
US5136642A (en) * 1990-06-01 1992-08-04 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
US5048086A (en) * 1990-07-16 1991-09-10 Hughes Aircraft Company Encryption system based on chaos theory
US5060265A (en) * 1990-07-23 1991-10-22 Motorola, Inc. Method of protecting a linear feedback shift register (LFSR) output signal
US5231667A (en) * 1990-12-10 1993-07-27 Sony Corporation Scrambling/descrambling circuit
US5144667A (en) * 1990-12-20 1992-09-01 Delco Electronics Corporation Method of secure remote access
US5517189A (en) * 1990-12-21 1996-05-14 Siemens Aktiengesellschaft Closure system with adjustable sensitivity
US5220616A (en) * 1991-02-27 1993-06-15 Northern Telecom Limited Image processing
US5313530A (en) * 1991-03-05 1994-05-17 Canon Kabushiki Kaisha Calculating apparatus and method of encrypting/decrypting communication data by using the same
US5241598A (en) * 1991-05-22 1993-08-31 Ericsson Ge Mobile Communications, Inc. Rolling key resynchronization in cellular verification and validation system
US5105162A (en) * 1991-06-20 1992-04-14 United Technologies Automotive Electrically tuned RF receiver, apparatus and method therefor
US5272755A (en) * 1991-06-28 1993-12-21 Matsushita Electric Industrial Co., Ltd. Public key cryptosystem with an elliptic curve
US5280267A (en) * 1991-07-01 1994-01-18 Medardo Reggiani Passive action antitheft device
US5195136A (en) * 1991-09-30 1993-03-16 Motorola, Inc. Method and apparatus for data encryption or decryption
US5479511A (en) * 1991-11-05 1995-12-26 Thomson Consumer Electronics S.A. Method, sender apparatus and receiver apparatus for modulo operation
US5528230A (en) * 1992-01-06 1996-06-18 Samsung Electronics Co., Ltd. Remote control transmitter/receiver system
US5220606A (en) * 1992-02-10 1993-06-15 Harold Greenberg Cryptographic system and method
US5191610A (en) * 1992-02-28 1993-03-02 United Technologies Automotive, Inc. Remote operating system having secure communication of encoded messages and automatic re-synchronization
US5222141A (en) * 1992-03-25 1993-06-22 Motorola, Inc. Apparatus and method for encoding data
US5442341A (en) * 1992-04-10 1995-08-15 Trw Inc. Remote control security system
US5604488A (en) * 1992-04-10 1997-02-18 Trw Inc. Remote control security system
US5434806A (en) * 1992-05-12 1995-07-18 Telefonaktiebolaget Lm Ericsson Apparatus and method for random number generation
US5243653A (en) * 1992-05-22 1993-09-07 Motorola, Inc. Method and apparatus for maintaining continuous synchronous encryption and decryption in a wireless communication system throughout a hand-off
US5555303A (en) * 1992-11-17 1996-09-10 Stambler; Leon Secure transaction system and method utilized therein
US5276738A (en) * 1992-12-17 1994-01-04 Bull Hn Information Systems Inc. Software data protection mechanism
US5436901A (en) * 1992-12-21 1995-07-25 Otis Elevator Company Synchronous time division multiplexing using jam-based frame synchronization
US5313491A (en) * 1992-12-31 1994-05-17 Gte Government Systems Corporation Acquisition method for DSSS communications
US5554977A (en) * 1993-01-07 1996-09-10 Ford Motor Company Remote controlled security system
US5588058A (en) * 1993-03-31 1996-12-24 U.S. Philips Corporation Method and device for scrambling and descrambling of a specific television broadcast
US5563600A (en) * 1993-06-30 1996-10-08 Alpine Electronics, Inc. Data transmission for remote-controlled security system
US5377270A (en) * 1993-06-30 1994-12-27 United Technologies Automotive, Inc. Cryptographic authentication of transmitted messages using pseudorandom numbers
US5398284A (en) * 1993-11-05 1995-03-14 United Technologies Automotive, Inc. Cryptographic encoding process
US5369706A (en) * 1993-11-05 1994-11-29 United Technologies Automotive, Inc. Resynchronizing transmitters to receivers for secure vehicle entry using cryptography or rolling code
US5420925A (en) * 1994-03-03 1995-05-30 Lectron Products, Inc. Rolling code encryption process for remote keyless entry system
US5619475A (en) * 1994-03-30 1997-04-08 Schlumberger Technology Corportion Method of predicting mechanical failure in formation utilizing stress derivatives which measure formation nonlinearity
US5598476A (en) * 1995-04-20 1997-01-28 United Technologies Automotive, Inc. Random clock composition-based cryptographic authentication process and locking system

Non-Patent Citations (29)

* Cited by examiner, † Cited by third party
Title
"Integrated Circuit Compatible Random Number Generator," IBM Technical Disclosure Bulletin, vol. 30, No. 11, Apr. 1988, pp. 333-335.
Application for Equipment Authorization, Federal Communications Commission, Grantee: General Motors, Dated Nov. 15, 1990 and grant of Equipment Authorization, Dated: Jan. 14, 1991. *
Breed, Gary A., "A Basic Review of Feedback," rf tutorial, Apr., 1993.
Breed, Gary A., A Basic Review of Feedback, rf tutorial, Apr., 1993. *
Brown, Fred, "Stable LC Oscillators", rf design feature, Mar., 1987.
Brown, Fred, Stable LC Oscillators , rf design feature, Mar., 1987. *
Correspondence letters from Robert P. Greenspoon to Audrey Sugimura dated Feb. 2, 1998 and Feb. 3, 1998. *
Demma, Nick, "Balanced Meissner Oscillator", rf design awards, Dec., 1993.
Demma, Nick, Balanced Meissner Oscillator , rf design awards, Dec., 1993. *
IEEE Industrial Electronics Society, Edited by Newman, John G. and Martinsons, Robert, "Automotive Applications of Microprocessors," Oct. 25-26, 1984, Dearborn, MI.
IEEE Industrial Electronics Society, Edited by Newman, John G. and Martinsons, Robert, Automotive Applications of Microprocessors, Oct. 25 26, 1984, Dearborn, MI. *
Integrated Circuit Compatible Random Number Generator, IBM Technical Disclosure Bulletin, vol. 30, No. 11, Apr. 1988, pp. 333 335. *
Key, Edwin L., "An Analysis of the Structure and Complexity of Nonlinear Binary Sequence Generators," IEEE Transactions on Information Theory, Nov., 1976.
Key, Edwin L., An Analysis of the Structure and Complexity of Nonlinear Binary Sequence Generators, IEEE Transactions on Information Theory, Nov., 1976. *
Michelson et al, Error Control Techniques For Digital Communication , John Wiley & Sons, 1985. *
Michelson et al, Error-Control Techniques For Digital Communication, John Wiley & Sons, 1985.
Mitsumi ICs, "The Best Way to Protect a Microprocessor", no date.
Mitsumi ICs, The Best Way to Protect a Microprocessor , no date. *
Morgan, Harvey L., "An Emitter Follower Oscillator", rf design feature, no date.
Morgan, Harvey L., An Emitter Follower Oscillator , rf design feature, no date. *
National Semiconductor Corporation Inc. s Response to United Technologies Automotive, Inc. s First Set of Interrogatories (dated Sep. 2, 1997). *
National Semiconductor Corporation Inc.'s Response to United Technologies Automotive, Inc.'s First Set of Interrogatories (dated Sep. 2, 1997).
Peterson et al, Error Correcting Codes , MIT Press, 2ed., 1972. *
Peterson et al, Error-Correcting Codes, MIT Press, 2ed., 1972.
Petrovic, Branislav, "A Balanced RF Oscillator", rf design awards, no date.
Petrovic, Branislav, A Balanced RF Oscillator , rf design awards, no date. *
Relevant Art to the Cryptography Portfolio, no date. *
Taylor, Craig and Kenny, David, "Basic Crystal Oscillator Design Considerations", RF tutorial, no date.
Taylor, Craig and Kenny, David, Basic Crystal Oscillator Design Considerations , RF tutorial, no date. *

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7113592B1 (en) * 1996-06-05 2006-09-26 Deutsche Telekom Ag Method and device for loading input data into a program when performing an authentication
US6438432B1 (en) * 1996-08-24 2002-08-20 Robert Bosch Gmbh Process for the protection of stored program controls from overwriting
US20090137223A1 (en) * 1997-07-16 2009-05-28 Kroll Family Trust Emergency Cellular Telephone
US6580908B1 (en) 1997-07-16 2003-06-17 Mark W. Kroll Generic number cellular telephone
US6617961B1 (en) 1999-11-15 2003-09-09 Strattec Security Corporation Security system for a vehicle and method of operating same
US6823070B1 (en) * 2000-03-28 2004-11-23 Freescale Semiconductor, Inc. Method for key escrow in a communication system and apparatus therefor
US20020049904A1 (en) * 2000-08-24 2002-04-25 Juergen Nowottnick Access system with possibility of learing unknown access keys
US20020114453A1 (en) * 2001-02-21 2002-08-22 Bartholet Thomas G. System and method for secure cryptographic data transport and storage
US20110040986A1 (en) * 2001-10-11 2011-02-17 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US9317720B2 (en) 2001-10-11 2016-04-19 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US7003111B2 (en) 2001-10-11 2006-02-21 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
US7865440B2 (en) 2001-10-11 2011-01-04 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20030072446A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program, for encoding and decoding input data
US20030074319A1 (en) * 2001-10-11 2003-04-17 International Business Machines Corporation Method, system, and program for securely providing keys to encode and decode data in a storage cartridge
US20040019791A1 (en) * 2002-07-24 2004-01-29 Congruence, Llc Code for object identification
US20040091106A1 (en) * 2002-11-07 2004-05-13 Moore Frank H. Scrambling of data streams having arbitrary data path widths
US20070288811A1 (en) * 2004-06-14 2007-12-13 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US7500160B2 (en) 2004-06-14 2009-03-03 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US20050278591A1 (en) * 2004-06-14 2005-12-15 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US7228471B2 (en) * 2004-06-14 2007-06-05 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US7634699B2 (en) 2004-06-14 2009-12-15 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US20090132874A1 (en) * 2004-06-14 2009-05-21 Research In Motion Limited System and method for testing a data storage device without revealing memory content
US8423788B2 (en) 2005-02-07 2013-04-16 Sandisk Technologies Inc. Secure memory card with life cycle phases
US8321686B2 (en) 2005-02-07 2012-11-27 Sandisk Technologies Inc. Secure memory card with life cycle phases
US8108691B2 (en) 2005-02-07 2012-01-31 Sandisk Technologies Inc. Methods used in a secure memory card with life cycle phases
US20060177064A1 (en) * 2005-02-07 2006-08-10 Micky Holtzman Secure memory card with life cycle phases
US20060176068A1 (en) * 2005-02-07 2006-08-10 Micky Holtzman Methods used in a secure memory card with life cycle phases
US7743409B2 (en) 2005-07-08 2010-06-22 Sandisk Corporation Methods used in a mass storage device with automated credentials loading
US7748031B2 (en) 2005-07-08 2010-06-29 Sandisk Corporation Mass storage device with automated credentials loading
US8220039B2 (en) 2005-07-08 2012-07-10 Sandisk Technologies Inc. Mass storage device with automated credentials loading
US20070011724A1 (en) * 2005-07-08 2007-01-11 Gonzalez Carlos J Mass storage device with automated credentials loading
US20070016941A1 (en) * 2005-07-08 2007-01-18 Gonzalez Carlos J Methods used in a mass storage device with automated credentials loading
US20070061581A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061597A1 (en) * 2005-09-14 2007-03-15 Micky Holtzman Secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061897A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Hardware driver integrity check of memory card controller firmware
US8966284B2 (en) 2005-09-14 2015-02-24 Sandisk Technologies Inc. Hardware driver integrity check of memory card controller firmware
US20080215847A1 (en) * 2005-09-14 2008-09-04 Sandisk Corporation And Discretix Technologies Ltd. Secure yet flexible system architecture for secure devices with flash mass storage memory
US7934049B2 (en) 2005-09-14 2011-04-26 Sandisk Corporation Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory
US20070061570A1 (en) * 2005-09-14 2007-03-15 Michael Holtzman Method of hardware driver integrity check of memory card controller firmware
US20070080941A1 (en) * 2005-10-11 2007-04-12 Hsu Mao-Shan Display device, keypad thereof and method for activating display device
US8085245B2 (en) * 2005-10-11 2011-12-27 Delta Electronics, Inc. Display device, keypad thereof and method for activating display device
US20070127458A1 (en) * 2005-12-06 2007-06-07 Micrel, Inc. Data communication method for detecting slipped bit errors in received data packets
US8416951B2 (en) * 2006-04-10 2013-04-09 France Telecom Method and a device for generating a pseudorandom string
US20090279693A1 (en) * 2006-04-10 2009-11-12 France Telecom Method and a device for generating a pseudorandom string
US20080072058A1 (en) * 2006-08-24 2008-03-20 Yoram Cedar Methods in a reader for one time password generating device
US20080052524A1 (en) * 2006-08-24 2008-02-28 Yoram Cedar Reader for one time password generating device
US8423794B2 (en) 2006-12-28 2013-04-16 Sandisk Technologies Inc. Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications
US8861725B2 (en) 2012-07-10 2014-10-14 Infineon Technologies Ag Random bit stream generator with enhanced backward secrecy
US8879733B2 (en) 2012-07-10 2014-11-04 Infineon Technologies Ag Random bit stream generator with guaranteed minimum period

Also Published As

Publication number Publication date
WO1995001685A2 (en) 1995-01-12
DE69433566D1 (en) 2004-03-25
DE69418714D1 (en) 1999-07-01
EP0872976A1 (en) 1998-10-21
WO1995001685A3 (en) 1995-02-16
EP0706735B1 (en) 1999-05-26
EP0706735A1 (en) 1996-04-17
ES2140548T3 (en) 2000-03-01
JPH08512183A (en) 1996-12-17
DE69418714T2 (en) 1999-12-23
CA2159360A1 (en) 1995-01-12
EP0872976B1 (en) 2004-02-18
DE69433566T2 (en) 2004-12-16
US5363448A (en) 1994-11-08

Similar Documents

Publication Publication Date Title
USRE36181E (en) Pseudorandom number generation and crytographic authentication
USRE36752E (en) Cryptographic authentication of transmitted messages using pseudorandom numbers
US5144667A (en) Method of secure remote access
US5774550A (en) Vehicle security device with electronic use authorization coding
EP1260942B1 (en) Rolling code encryption process for remote keyless entry system
US5598476A (en) Random clock composition-based cryptographic authentication process and locking system
US4206315A (en) Digital signature system and apparatus
US5978483A (en) Securely encrypted remote keyless entry system
JP2673941B2 (en) Vehicle security device with usage rights electronically encoded
US7502941B2 (en) Wireless data communication method and apparatus for software download system
US20110200189A1 (en) Encoder and decoder apparatus and methods with key generation
WO1985004299A1 (en) Method and apparatus for protecting stored and transmitted data from compromise or interception
Bogdanov Attacks on the KeeLoq block cipher and authentication systems
US5649014A (en) Pseudorandom composition-based cryptographic authentication process
Lee et al. The tag authentication scheme using self-shrinking generator on RFID system
US20030215089A1 (en) Method and apparatus for encrypting and decrypting messages based on boolean matrices
JPH07226979A (en) Remote controller
JP2001326631A (en) Chaos encryption communication method, and chaos encryption communication system
KR100839177B1 (en) Locking apparatus for using cipher algorithm
JPH10190651A (en) Remote control system
JP2009264010A (en) Remote control device

Legal Events

Date Code Title Description
AS Assignment

Owner name: UT AUTOMOTIVE DEARBORN, INC., MICHIGAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:UNITED TECHNOLOGIES AUTOMOTIVE, INC.;REEL/FRAME:009008/0492

Effective date: 19980211

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: LEAR CORPORATION EEDS AND INTERIORS, MICHIGAN

Free format text: CHANGE OF NAME;ASSIGNOR:UNITED TECHNOLOGIES AUTOMOTIVE, INC.;REEL/FRAME:014172/0760

Effective date: 19990504

FPAY Fee payment

Year of fee payment: 12

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS GENERAL ADMINISTRATI

Free format text: SECURITY AGREEMENT;ASSIGNOR:LEAR AUTOMOTIVE DEARBORN, INC.;REEL/FRAME:017823/0950

Effective date: 20060425

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT

Free format text: GRANT OF FIRST LIEN SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:LEAR AUTOMOTIVE DEARBORN, INC.;REEL/FRAME:023519/0683

Effective date: 20091109

Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT

Free format text: GRANT OF SECOND LIEN SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:LEAR AUTOMOTIVE DEARBORN, INC.;REEL/FRAME:023519/0699

Effective date: 20091109

AS Assignment

Owner name: LEAR CORPORATION EEDS AND INTERIORS, MICHIGAN

Free format text: MERGER;ASSIGNOR:LEAR AUTOMOTIVE DEARBORN, INC.;REEL/FRAME:029732/0846

Effective date: 20111115

AS Assignment

Owner name: JPMORGAN CHASE BANK, N.A., AS AGENT, ILLINOIS

Free format text: SECURITY AGREEMENT;ASSIGNOR:LEAR CORPORATION EEDS AND INTERIORS;REEL/FRAME:029923/0618

Effective date: 20130130

AS Assignment

Owner name: LEAR AUTOMOTIVE DEARBORN, INC., MICHIGAN

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:032712/0676

Effective date: 20100830

Owner name: LEAR AUTOMOTIVE DEARBORN, INC., MICHIGAN

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:032712/0428

Effective date: 20100830

AS Assignment

Owner name: LEAR CORPORATION EEDS AND INTERIORS, MICHIGAN

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS AGENT;REEL/FRAME:037701/0171

Effective date: 20160104