CA1124810A - Cryptographic communication security for single domain networks - Google Patents

Abstract

CRYPTOGRAPHIC COMMUNICATION SECURITY FOR SINGLE DOMAIN NETWORKS
ABSTRACT OF THE DISCLOSURE
A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations.
At initialization time, a host-master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals.
Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations. The host data security device, using the enciphered master key of the designated remote terminal, transforms the enciphered operational key under control of the host master key into a form in which the operational key is enciphered under the terminal master key of the designated remote terminal. The operational key enciphered under the terminal master key of the designated remote terminal is transmitted to the remote terminal to permit the enciphered operational key to be used at the remote terminal for enciphering or deciphering data operations.

Description

1~2~

1 CROSS REFERENCE TO REh~TED PATENTS & APPLICATIONS:

2 This application is related to the following patents

3 and patent applications which are assigned to the same

4 assignee as the present application:
1. "Cryptographic Communication and File Security Using 6 Terminals", Canadian Application Serial No. 316,965, 7 filed November 28, 1978, by Ehrsam et al.
8 2. "Cryptographic File Security for Single Domain 9 Networks", U.S. Patent No. 4,238,854 issued December 9, 1980 by Ehrsam et al.
11 3. "Cryptographic Communication and File Security for 12 Multiple Domain Networks", U.S. Patent No. 4,227,253 13 issued October 7, 1980, by Ehrsam et al.
14 4. "Cryptographic File Security for Multiple Domain Networks", U.S. Patent No. 4,203,166, issued May 13, 16 1980, by Ehrsam et al.
17 5. "Cryptographic Verification of Operational Keys Used 18 in Communication Networks", U.S. Patent No. 4,193,131, 19 issued March 11, 1980 by Lennon et al.
BACKGROUND OF THE INVENTION:

.
21 This invention relates to cryptographic communication 22 security techniques in a single domain network and, more 23 particularly, to a single domain netw~rk which includes a 24 host and communication terminals each having a data security device which per~orms enciphering and deciphering operations 26 using system or private keys to permit cryptographic communi-27 cation security in a data processing networ~.

~2 ~

1 Wlth the inorea~ing number of eo~puter end usors, ~har$ng 2 of eommon system resour¢es sueh as files, progr~ms and hardware 3 and the inerea~ing u~e of distribut~d systen~ and tele-4 communication~, larger and more complex eomputer ba~e S informatlon sy~tems ase being er~atQd. ~n ~uch sy~tems, 6 an inereasing amount o~ ~ensitive data may be ~ransmitted 7 aero~s un~eeure co~munication line~. Be¢au~e of the 8 inseeurity of communication lines, there i8 an ~ncreasing 9 concern over the lntere-ption or alterat~on o~ sensitive data which mu~t pa~s outslde a eontrolled or proteeted 11 environment or whi¢h may beeome aeoessibl~ lf maintalned 12 for too long a perlod of time. Cryptography ha~ b~en 13 reeognized a8 an effeetive data seeurlty mea-ure ~n that 14 it proteots the data ltself rsther th~n the medlum over which it is tran~mltted or the medla on wh~eh it is Qtored.
16 Cryptography deal~ with methods by whleh mes~age data 17 ealled cleartext or plaintext is eneryptod or enclphered 18 into unlntelligible d~ta ealled elphertext ~nd by whieh th~
19 ciphertext ~9 decrypted or deeipher~d baek into the plaintext.
The eneipher~ent~dee$pherment trans~ormatlon~ are carried out 21 by a cipher funatlon or algorlthm controll~d in accordance 22 wi~h a cryptographic or cipher key. 2ho olpher k~y selects 23 one out of m~ny possibla relat-on~hip~ ~etwcen the plaint~x~
24 and the ciphertex~. Varlous algor~thm~ have been deYeloped in tho prlor art for ~mproving data socur~ty ~n Bata procos~lng 26 3ystem~. Examples o such algor~thm~ aro de~cribed in U.S.
27 Patent Number 3,796,830 iseueB Maroh 12, 1974 and U. S. Patent 28 Number 3,798,3~9 i~suad March 19, 1974. Another more recent 29 algQrithm prov~ding data secur~ty ~n data pxoc~sing ~ystQm~

~12`~8~

1 is de~cribed in U. S. Patent Num~er 3,958,081 i~ued May 18, 2 1976. This algorithm was adopted by the National Bureau of 3 Standards as a data encryption ~tandard ~DES~ algorithm and i~
4 described in detail in the Federal Tnformatlon Proce~ing S Standards publication, January 15, 1977, ~IPS PU~ 46.
6 A data communicat~on network may include a complex of 7 communication terminal~ connedted via communication lines 8 to a single host ~yJtem And it8 associated resources such 9 as the ho~t programs and locally attached torm~nal~ and data fileQ. Within the data communicatton network, the 11 domaln of the ho~t 8ystem i8 considered to be the ~et of 12 re~ources known to and managed by the host ~y~tem. Variou~
13 single doma~n data communication networks have been de~eloped 14 in the pr~or art U8~ ng cryptographic techniques for impro~ing lS the security of data communication with~n the network. In 16 such network8, a cryptographic facility 18 provided at the 17 host system and at various ones of the remote terminals.
18 In order for the host ~ystem and a remote terminal to perform 19 a cryptographic communication, both must use the ~ame crypto-graphic algorithm and a common operational cryptographic 21 key so that the data enciphered by the sending ~tation can 22 ~e deciphered at the receiving stat~on. In prior art crypto-23 ~raphic communicat$on arrangements, the operational key to be 24 used at the sending stat~on i8 communicated ~y mail, telephone 2~ or courier to the receiving station so that a common operational 26 key is installed at both statlon~ to permit the cryptoqraphic 27 communications to be performed. Furthermore, the operational 28 key was ~ept for a relatively long period of time. ~n order to 29 pre3ent a "moving targe~" to ~ opponent, o~her prior art arra~gements developed tech~iques which improved ~ecurity ~i977007 -4-~iZ~

1 by changing operational k~y8 dynamically where the frequency 2 of changing keys is done automatically by the 6ystem. One 3 such technique is provided in the IBM 3600 ~inance Communication 4 System utilizing the IBM 3614 consumer transaction facility as remote terminals and is exempli~$ed by U.S. Patent No.
6 3,9~6,615 issued ~.ay 11, 1976. In that ~ystem, an enciphered 7 operational or data encrypting key is transmitted over the 8 communication line from the host system to the remote communication 9 terminal. The enciphered data encrypting Xey i~ deciphexed and then used ac the current data encrypt~ng key for all 11 data transmissions. ~owever, with thts type of arrangement, 12 since the current data encryptlng key must be readily available 13 for the data transmis~ons it is stored ~n the clear at the 14 remote texminal thereby making the system somewhat unsecure by the clear keys being 6usceptible to possi~le acces4ibility 16 by unauthorized personnel. Additionally, with thi8 type of 17 system ,when the current data encrypting key is to be changed, 18 a new data encryptin~ key enciphered under the old data 19 encrypting ke~ is transmitted to the remote terminal where it i~ deciphered and then used as the new current data 21 encrypting key. T3Owever, with this type of arrangemen~, 22 ~ince each new current data encrypting key i6 ~ function of 23 the preceed~ng current data encrypting key, the ~ystem 24 become~ unsecure if one current data encrypting key becomes accessi~le as it will pe~mit the current ciphertext to be 26 deciphered and wi~l permit all succeeding data encrypting 27 keys to be o~tained thexeby a~lowing all succeeding ciphertext 28 to be deciphered.
29 Accordingly, it i~ an ob~ect of the invention to maintain 3~ the ~ecurity of data tr~n~miss~on~ in a data c~mmunicatior ~i9-77-~07 ~S--network.
Another object of the ~nvention i8 to provide a host 3 system having a data security device for enciphering/decipherinq 4 message blocks of data under control of a protected ho~t S cryptogxaphic ~ey.
6 A further o~ject of the invention i~ to provide a hos~
7 cryptographic facility in a data communication network without 8 having to provide host cryptographic key~ in the clear 9 outside of the facility.
Still another object of the inventlon iB to establi~h 11 cryptographic commun~cation sessions between a terminal and 12 a host system in a data communication network in a ~ecure 13 manner.
14 Still a further object of the invention ~ to provide a common operational ~ey for a terminal and the host in a data 16 communication network to perm~t enciphering/decipherinq 17 operations to be perfoxmed using the common operat~onal key.
18 Stil} another ob~ect of the in~ention is to dynamically 19 create a common operational key by ~enerating a pseudo random number defined a9 an enciphered operational key.
21 Still a further object of the invent~on i~ to create 22 secondary communication keys for the secure terminAls associated 23 with the data communication network by generating p~eudo random 24 numbers each being deflned a~ a secondary communication key.
~till another o~ject of the inven~ion i~malntain the 26 security of secondary communication keys ~y enciphering them 27 under a variant of the host master key.
28 Still a urther ob~ect of the invent~on i~ to reencipher 29 the enciphered operational ke to an opexational key enc~phered ~0 ~mder the secondary communicat~ on kay .

Ki9-77-007 -6-i~2~

1 Still another object of the invention is to provide the 2 reenciph~red operational key to the ~erminal with which a 3 co~munication session is desired.
4 Still a further object of the invention is to dynamically S create a differen~ operational key for each new cormunication 6 session between the host and a terminal in the data communication 7 network~
8 Still another object of the invention i~ to provide a 9 host cryptographic facllity which i8 maintained in a logically and physcially protected area.
ll Still a further object of the invention is to provide 12 a host data security device whlch includes a hardware 13 implementation of the data encryption standard algorithm 14 adopted as the United States Federal Data ~rocessing Standar~.
Still another object of the invention i8 to provide a 16 host data security device having interfaces to which 17 plaintext/ciphertext input data and operation requests are 18 presented and from wh$ch ciphertext/plaintext output data 19 is presented.
Still a further object of the inventlon i8 to provide a 21 host cryptographic fac~lity which includes cryptographic 22 apparatus, a host master cryptographic key memory and a 23 working key regi~er whereby the contents of the host maste:-24 ~ey memory, the working key register and intermediate results o~ the cryptog~aphic operation are cnly accesslble to the 26 cryptographic apparatus.
27 S~ill another o~ect of the in~ention is to provide 28 a host cryptographic facility for performing a wr~te ma~ter 29 key functi~n to xe~ectiYely store ~ host cryptographlc key u~ed ~or encryptinq/~ecrrptlng other cryptographic keys i~ a Ki9-77-007 -7-1 master key memory by manual or host control means.
2 Still a further object of the invention i8 to provide 3 host cryptographic facility having a battery powered host 4 master key memory to allow host master key retention when system power i~ not present.
6 Still another ob~ect of the invent~on is to provide 7 a host cryptographic facility for performing a host ma~ter 8 key overwrite function whenever a new host msster ~ey i8 9 to be used by the facility.
Still a further object of the invention i8 to prov~de 11 a host cryptographic facility hav~ng a working key register 12 for ~toring a host cryptographic key used to personali2e 13 the encrypting/decrypting operation of the host cryptographic 14 facility.
Still anothér object of the invention i5 to provide a 16 host cryptographic facility for performing a decipher key 17 function to decipher a data encrypting key enclphered under 18 a host ma~ter key to obtain the data encrypting key in 19 clear form for ~torage in a working key regi~ter.
Still a further ob~ect of the invention i8 to provide a 21 ho~t cryptographic ~acility for perfomin~ an encipher 22 function for enciphering input pla~ntext under control of 23 data encrypting key stored in a working ~ey reglster to 24 produce output ciphertext.
2S Still another o~ject of the invention i8 to pro~ide a 26 host cryptogr~phic facility for performing a decipher function 27 for decipherin~ input ~iphertext under ~ontrol of a data 28 en~rypting key stored i n a working key regi~ter to produce 29 output plaintext, St~ll another o~ject of the invent~ on i~ to pro~de a Ki~-77-007 -8-~2~

1 host cryptographic ~acility for performing a decipher 2 function for deciphering a data encrypting key enciphered 3 under a host master key to obtain the data encrypting key 4 in clear form within the facillty for use in encipherins input cleartext into output ciphertext.
6 Still a further object of the invention is to provide 7 a host cryptograph~c facility for perfor~ing a decipher 8 ~unction for deciphering a data encrypting key enciphered 9 under a host master key to obtain the data encrypting key in clear form within the facility for use in deciphering 11 ci~hertext enciphered under the data encrypting key into 12 cleartext.
13 Still anoth~r o~ect of the inven~ion ~ 5 to provide 14 a host data security device which declphers an enciphered data encrypting key used for data enciphering/deciphering 16 operations under selective control of a ~ystem or private 17 key encrypting key to permit cryptographic data tran~missions 18 in a data communication network.
19 Still a further object of the in~ention is to provide a host data security device which perform~ data encipherin~/
21 deciph~ring operations under control of a private data 22 encrypting key to permit private cryptographic data 23 transmissions in a data cammun~cation networ~.
z4 In accordance with the l~ention, a data comm~nication network is provided ha~ing a host with an integrated data 26 security ~e~ice and associated terminals each ha~in~ an 27 integrated data securtty dev1ce to permit cryptographic data 28 transmiss~ons between the host and th~ associated terminals.
29 The host data security deYice includes a memory for storing a ho~t m~ter key, cryptographlc apparatus for ciphering Ki9 77-007 ~9~

112`~

1 input data under control of a cryptographic ~ey stored in 2 a working key reglster to produce ciphered output data 3 and an interface adapter to which operation requests are 4 presented and plaintext/ciphertext are presented for S application a~ input data to the cryptographic apparatus 6 and from which ciphertext/plsintext data i8 presented as 7 applied from the ciphered output data of the cryptographic 8 apparatus. The hoat master key may ~e loaded into the 9 master key memory by manual means or under host control by a wr~te master key operation re~uest to the interface 11 adapter. The host data ~ecurity device then generates a 12 serie~ of random numbers each of which i8 defined as the 13 terminal master key for an a~sociated termlnal in the 14 network and communic~ted to each terminal user in a ~ecure lS m~nner for loading into the data security device of the 16 re~pective terminals. ~he ho~t data security device then 17 enci~hers and stores each of the termlnal master key~ under a 18 variant of the host ~aster key to maintain the terminal 19 keys in a secure manner. When communication is desired between the host and one of the associated terminals, the 21 ho~ data security de~ice generate~ a pseudo random number 22 which iB defined as an operational key enciphered under 23 the host master key. The hoat data security device then 24 performs a tran~formation functi~n which reenciphers ~he 2~ operational ~ey enciphered under the host master key to 26 the operational key enciphered under the terminal master 27 key by using ~he previously produced enciphered operational 28 key and the enciphered terminal master key. The operational 29 key enciphered under the term'nal master key is then 3~ transferxed as key ~ynchronizing data to the terminal over ~i9-77-007 -10-~2~

l the cor~unication line connectin~ the host and the terminal.
2 The terminal is key synchronized with the host system by 3 recep~ion and deciphering of the synchronizing data from 4 the host system. This i~ accomplished by deciph~rln~s the S synchronizing data under control of the terminal master key 6 to obtain the operational key, in clear form, which is 7 loaded into the working key register replacing the 8 terminal master key previously stored therein. Fncipher 9 operation requests may then proceed to encipher terminal plaintext under control of the operational key in the working 11 key register to produce terminal ciphertext for transmission 12 to the host. ~t the ho~t, upon receipt of the terminal 13 ciphertext, a decipher operation reque~t causes the host 14 cryptographic apparatus to decipher the enciphered operational key under control of the host master key to obtain 16 the operational key, in clear form, which is loaded into 17 the working key register replacing the host master key 18 previou~ly stored therein. The ciphertext recelved from the 19 terminal i.e. terminal data enciphered under the operational key, is then deciphered under control of the operational ):ey Zl present~y in the working ~ey register to produce the terminal 22 plaintext. In a similar manner, plaintext at tlle ho~t is 23 enciphered under ~he operational key at the host and 24 transmitted to the terminal where it is dec~phered under 2~ control of the common oper~tional key now stored at the 2~ terminal.
27 ~ther arrangement~ are also provided w~ich permit a 28 variety of communication security applicat~ons using 29 a pre-defin~d private terminal ma~ter key. A~d~ionally a further arrangement iB provided wh~ch permit~ a ~ 77 0~7 -ll-112~

1 communication security application using a pre-defined 2 private data encrypting key. At the terminal, the private 3 data encrypting key can be loaded dlrectly into the working 4 key register by a load key direct function. At the host, after the private data encrypting key has been received in a 6 secure manner and loaded in~o the ~ost, an encipher operation 7 is performed to encipher the private key under the host 8 master key in order to maintain it in a secure manner.
9 Then, when communication i~ to be had between the ho~t and the terminal, the host deciphers the enciphered private 11 data encrypting key and loads it as the wor~ing key in 12 the host working key regi6ter. With the private data 13 encryptinq key now present in the key reg~sters of the 14 host and terminal, ~ubsequent encipher/declpher operations can proceed under control of the common private dat~
16 encrypting key.
17 The foregoing and other objects, features and advantage~
18 of the invention will be apparent from the followin~ particular 19 description of a preferred embodiment of the lnvention, as illustrated in the accompanying drawings.

3~

~i9-77-007 ~:~2~ 0 1 BRIEF D~SCRIPTION O~ THE DRAWING:
2 Fig. 1 is a bloc~ diasram illustrating a cryptographic 3 data com~unication network.
4 ~ig. 2 i~ a ~lock diagram of a representative network S illustrating, in block form, the details of a host and terminal 6 in such a networ~.
7 Fig. 3 is a block diagram of a cryptographic engine 8 which performs cryptoqraphic functions in a logical~y and 9 physically secure manner.
Fig. 4 illu~trates in block diagram form a manual WMK
11 function.
12 ~ig. 5 illustrates in block diagram form a host controlled 13 ~K function.
14 Fig. 6 illustrates in block diagrsm form a ~ECK function.
~ig. 7 illustrates in block diagram form a ENC function.
16 Fi~. 8 illustrate~ in block diagram form a uEC ~unction.
17 Fig. 9 illustrates in bloc~ diagram form a ~RN function.
18 Fig. 10 illu~trates i~ ~lock diagram form an FMX~ func ~ion .
19 Fi~. ll illustrates in block diagram form an EMKl ~unct~on.
Fig. 12 illu~trates in block diaqram form a ~CP~ fun~tion.
21 Pig. 13 illustrates in block diagram form a DCPH function.
22 Fig. 14 illustrate~ in block dia~ram form a PFMK function.
2~ Fig. ~S is a block dia~ram ~llu~tratiny the ~asic conc~pt~
24 of cryptographic communication security in a slngle ~om~in network using ~ system or pri~ate ~ey as a key encrypting ke~.
26 Fig. 1~ is a ~lock dia~ram illustrating detail~ v~
27 cryptographic communication security in a ~ingle domain 28 network ucinq ~ystem generated ~eys.
29 Fig. 17 i~ a block di~gram ~l~ustratlng detail~ of Ki9-77-G07 -13-~12~

1 cryptographic communication security in a single domain 2 network usi~g a private '~ey.
3 Fiq. 18 is a block diagram illustrating deta~ls of 4 cryptographic communication security in a sinqle domain S network using a private key with a private end user protocol.
6 Fig. 19 is a block diagram illu~trating cryptographic 7 communication security in a single domain network using a 8 private key as a data encrypting key.
9 Fig. 20 illustxates the details of a clock circuit used in the data security device of the pre~ent invention.
11 Fig. 21 is a timing diaqram explaining the operation of 12 the clock circuit illustrated in ~ig. 20.
13 Fig. 22 is a diagram of how Figs. 22al through 22i2 may 14 be placed to form a detailed schematic diagram.
Eigs. 22al through 22i2, taken together, comprise a 16 detailed schematic diagram of the data security device of the 17 pre~ent invention.
18 Fig. 23 i~ a timing diagram of the manual WM~ operation.
19 Fig. 24 illustrateæ how Fiqs. 24 an~ 24~ may be placed to form a composite timing di~gram.
21 ~i~3, 24 and 24b, taken together, compri~e a timing diagram 22 of the host controlled WMR operation.
23 Fiq. 25 illustrates logic detail~ of the crypto engine 24 u~e~ .in the data security device of the present invention.
~ig~ 26 illustrate6 how Figs. 26a to 26c may be placed 2~ to ~orm a composite timing diagram.
27 ~igs 26a to 26c, taken together, comprise a timing diaqram 28 of the DECK uper~tion.
2~ Fig. 27 illustra~es how ~tg~. 27a to 27d may be placed to form a compo~ite timing dia~ram.
~i9-77-~7 -14-~4~0 1 ~iss. 27a to 27d, ta~.en together, comprise a timing diagram 2 of the D~C/~NC opcration.
3 Fig. 2~ illustrates how Figs. 28a to 28c may be placed 4 to form a composite timing diagram.
Figs. 28a to 28c, ta~en together, comprise a timing 6 diagram of the GRN operation.
7 Fig. 2~ illustratefi how Figs. 29a to 29c may be placed 8 to for~ a composite timing dlagram.
9 ~igs. 29a to 29c, taken together, comprise a timing diagram of the EMK operation.
11 ~ig. 30 illustrates how Fig~. 30a to 30g may be placed 12 to form a composite timing diagram.
13 Fig~. 30a to 30g, taken together, comprise a timing 14 ciagram of the R~M~ operation.

3~

Ki9-77-007 15-~z~

1 GENERAL DESCRIPTION:
_ 2 INTRoDuc~IoN:
3 In a data communication networ~, a complex of communication 4 terminal~ are connected via a plurality of communlcation line~
to a host data processing ~ystem and 1 t8 associated re~ources such as host programs, and locally attached terminal~ and 7 secondary storage files. Becau~e of the complexity an~
8 increa~ing ~ze of such network~ which may include single 9 or multiple domain networks, it has ~een recognized that when data i~ transmitted over unsecure communication lines 11 it is necessary to protect the data to maintain the con-12 f~dentiality and integrity of the information represented by 13 that data. Cryptography provides an effective data security 14 mea~ure for communication secur~ty in that it protects the confidentiality and integrity of the data itself rather than 16 the medium over which it is transmitted. Fig. 1 illustrate~
17 a cryptoqraphic arrangement in a representative single 18 domain data communication network.
19 Most practical cryptographic sy~tems require two ba~ic element~, namely, (l) a cryptographic algori~hm which is a set 21 of rules that specify the steps required to transform or 22 encipher plaintext into cipherte~t or to transform or decipher 23 ciphextext back into plaintext an~ ~2) a cipher ~ey. ~l~e cipher 24 ~ey is uxed ts select one out of many po~ble relationQhips ~etween the plaintext and the ciphertext. various crypto~raphic ~6 alyorithms have ~een developed in the prior art for improving 27 data security i~ data proce~sing sy~tem~c One such algorithm 28 i~ described in U.S. Patent No. 3,g58,0~1 is~ue~ May 18, 2~ 1~76 ~nd wa~ recently adopted as a United ~States ~ederal Data Proce~ing Standard as qet for~h in the afor~ai~

Ki9-77-007 -36-:~2~i~10 1 Federal Information Processinq Standard publication.
2 hardware implementation of this algorithm is incorporated in 3 the present invention. Tlle cryptographic algorithm operates 4 to transform or encipher a 64 bit block of plaintext into a unique 64 bit ~lock of ciphertext under control of a 56 bit 6 cipher key or to tran~form or decipher a 64 bit block of 7 ciphertext back into an original 64 bit bloc~ of plaintext 8 under control of the same 56 bit cipher key with the deciphering 9 process being the reverse of the enciphering process. The effecti~eness of this c~pher process depends on the techniques 11 u~ed for the selection and management of the cipher key u~ed 12 in the cipher process. The only cipher key actually used in 13 the cipher pr~ce6 to personalize the algorithm when encryp~ing 14 or decrypting data ox other keys is termed the working key and i8 acce~sible only ~y the cryptoyraphic apparatus. ~ll other 16 ~eys hereafter discussed are used at different times as 17 working keys depend~ng upon the cipher operat~on to be 18 performed.
19 There are basically two cate~ories of cipher keys us~d in the cryptographic 8y8tem, namely, operational key~ (K0) and 21 key encryptinq keys (KER) with operational keys bein~ referred 22 to and used as data encrypting keys. Data encrypting or 23 operationai keys are a cate~ory o~ ~ey~ used to encrypt/dec;rypt 24 data while ~ey encrypting key~ are a category of keys used to encrypt/decrypt other ~ey~.
26 Wi~hin the two basic cate~ories, there are variously defined 27 classes and type~ of cipher key~. Thus, in ~he data encryptin~
28 or op~rational class of ciph~r keys, the data encrypting or 29 operationa~ ~ey which protect~ data during data communication ~ession8 i8 a clas~ of key ca~led the primary co~mun~catic~n ~ 77-037 -17-~2`1~

1 key. One type of this class of keys is one which is a 2 system generated, time variant, dynamically created key 3 transmitted in enciphered form under a key encrypting key 4 from a host system to a remote terminal. The key is de-ciphered at the terminal and then loaded into the working 6 key register and used as the working key. The key exists 7 only for the duration of the communication session and will 8 be referred to as the system session key (KS). In private 9 cryptographic systems which use a private protocol known to each end user but unknown to the system, a private key may 11 be used as another type of primary communication key to 12 provide communication security. The private key is loaded 13 into the terminal working key register and then used as the 14 working key. The key exists only for a time duration deter-mined ~y the private protocol which may require the key to 16 be changed for each communication, once an hour, once a 17 week, etc. and will be referred to as the private session 18 ~ey (KSP).
19 Within the key encrypting category of cipher keys, there are two sub-categories, namely, the primary key encrypt-21 ing key and the secondary key encrypting key. In the primary 22 key encrypting key sub-category of cipher keys, the key 23 encrypting key used in the host system to encipher other 24 keys is a class of key called the system key. One type of this class of keys is one which is used to protect the 26 system session keys actively used at the host and will be 27 referred to as the host master key (KM~). In the secondary 28 key encrypting key sub-category of cipher keys, the key 29 encrypting key used in the termina~ to protect other keys is a class of key called a secondary communieation key. Two 31 types of this class of keys are used to protect system ~r ~2~

1 session keys transmitted to the terminal and when system 2 generated will be referred to as the terminal master ~ey 3 (KMT) and when prov~ded as a pre-def~ned private key w~ll be 4 referre~ to as a private terminal ma~ter key t~MTP). The S various cipher keys def~ned abo~e are summarized in the 6 followin~ table by category, class, type and u~e:

8 CATEGORY SF,CURITY CLASS _ I!SE
9 Key Encrypting Primary System Key ~ost Master 11 Key ~KMH) ~ncipher .
12 Secon~ary Secondary Terminal Ma~ter ~ther Communications Key (RMT) 13 Reys Cryptographlc Private 14 Term~nal ~a~ter Key~
Xey (KMTP) 1 5 _ . ..
16 Primary System Communicatlon Ses~$on Key 17 Data ~ncrypting Keys (KS) Encipher Keys Or 18 Private Decipher ~perational Se~ion Key Data 19 Keys) ~ _ (KSP3 ~ z~

1 GENERATION, DISTRIBUTION, INSTALLATION AND MANAGEMENT OF
_ 2 CRYPTOGRAPHIC K~YS:
.
3 Key generation is the proceR~ which provides for the 4 creation of the cipher keys required by a cryptographic system.
Key generation include~ the ~pecification of a system mas~er 6 key and primary and secondary communication key~.
7 The host master key i~ the primary key encryptinq 8 key and i~ the only cipher key that needs to be pre~en~ in 9 the host cryptographic facility in clear form. Since the host master key does not generally change for long periods 11 of time, great care mu~t be taken to ~elect thi~ key in a 12 random manner. This msy be accomplished by using some random 13 experiment such as coin tos~ing where blt value~ 0 and 1 are 14 determined by the ~ccurrence of heads and tail~ of the coin or by throwing dice where bit values 0 and 1 are determined 16 by the occurrence of even or odd rolls of the dlce, with the 17 occurrence of 0ach group of coins or dice being converted into 18 corre~ponding parity adjusted di~it3. By enciphering all other 19 cipher keys stored in or pas~ed out~ide the host ~y3tem, overall 20 ~ecurity i~ enhanced and secrecy for such other c~pher ~eys 21 reduces to that of providing secrecy for the si~gle host master 22 key. Secrecy for the host ma~ter key may be accompliYhed by 23 storing it in a non-volatl~e ma~ter key memory so that the host 24 mas~er key need only be installed once. Once installed, the master key is used only by the cryptograph~c apparatus for 26 internally deciphering enciphered keys which may then be ~sed 2 7 as the working key in a su~sequent encipher/dec~pher operation .
28 In~t~lLation of the ho~t master Xey may be accomplished 29 by a dixect manual entry proce~ u~ing mechanical swi~ches, 30 dial~, o~ a hand-held ~ey entry device. Alternately, an KI~77007 -20-1 indirect entry method may be used in which case the ho~t 2 master key may be entered from a non-volatile media ~uch as 3 a magnetic card or tape which is maintained in ~ secure 4 location (safe, vault, etc.) accessible only to the securi~y administrator. Another alternatlve indirect entry method 6 may be to use a keyboard entry device, though this method i3 7 ~ub~ect to human error. In any event, which~ver indirect 8 method i~ cho~en, dur~ng in$tialization, ~he host master key 9 may be read into and t~mporarily ~tored in the ho~t memory and then tran~ferred to the master key memory w~th the host memory 11 entry belng ~ubsequontly erased 80 that only one copy is 12 present and acce~sible only by the cryptographic facility.
13 The terminal ma~ter key i8 a ~econdary koy encrypting 14 key and like ~he system ma~ter key, i~ the only key encrypting key that need~ to be present in clear form ln the terminal 16 cryptographic facility. SincQ there may be numerous 17 termlnale a~ociAted with the data communication network, 18 it may not be practlcal or pruden~ to have tha~e ~eys 19 generated by a human us~r u~ng so~e type of rando~ experiment.
Therefore, to relieve th~ system admlnl~trator from the 21 burden of creating cryptograph~c key~, ex~ept for the ~ngle 22 sy~tem ma~ter key, the cryptograph$c apparatus of the ho~t 2 3 system can be us~d a~ a p~eudo ranaom generator for generating 24 the required termina} ma~ ter key~ uffed by ~he varlous terminals of the networ~. The manner by whlch ~uch host ~ystem 26 generated rAndom numbers are produced i8 de~cr~bed in detail 27 hereafter. ~n addltion to the ~y~tem generated te~mlnal 28 ma~tor key~, of~ e me~n~ may ~e w ed by end u~ar~ to 2~ a~ h ~ pr~vat~ t~rmln~l ma~to~ k~y. In olth~r ~v~ne~
the clear ~orm o~ th~ sy~tem or private gener~ted texminal K~977~7 -21-.

t 5.~24~

`. master key is distributed in a ~ecure manner to the authorized 2 terminal users. Thi8 may be accomplished by transporting 3 the key by cour~er, regi~tered mail, public telephone, etc.
4 The llklihood of an opponent obtaining t~e key during S transit can be lessened by tran~mitting different portion~
6 of the key over independent paths and then combining them 7 at the de~tlnation. Onc~ ha~ing properly received a valid 8 system or private generatad terminal master key in clear 9 form, it becomes nece~ ary to malntain lts secrecy. At the terminal, this is accompli~hed by writing the terminal 11 master key into à non-volatile master key memory, a~ in the 12 ca~e of the host ~y~tem master key. Once installed, the 13 terminal ma~ter key is used only by the ~erminal cryptographlc 14 apparatu~ for ~.ntern~lly dec$pherlng sys~em genorated primary comnun~catlon.k~y~ which may ~hen be~u~ed ~8 the work~ng key 16 ln a subse~uent encipher/deci~her oper~tlon~
17 Be~:au~o ~he ciphQr~ng al~orlthm ussd ~8 not secret, 1~ the deg:l~e~of protectlon that can ~ derived ~rom a crypto--19 graphic 8y8t~m ultimately dep~nd~; upon the 3ecurity of the cryptogr~phi.c key~. Therefoxe, ~he ~b~ect~v~s of Xey 21 mangoment a.r~: tl) cryptogr.~ph1c ~y~ should never occur 22 in clear. fo~ out~$d~ the cr~rptocJx~phic devic~, ~xcept unde1 23 ~ecure cond;~ ons ~uring t~e period whon k~y~ ~re originally 24 distr~bilte~ a~d inst~lled or wher~ ~tored ln ~ secur~ place such as a ~fe, vault or ~imil~r locat:ion for bac~up or 26 recovery a~d (2) no cryp~ographlc op~r~tion, or comblnation 27 thQreof, u~3.n~ any cryptogr~phic qua~t~ties which are 2~ routin~ly ~ored or mu~ed throu~h the s~stem, or derived 29 there~xom, should per~m~t cl~ar key4 ~::o ~e recoverable outs~d~
the cryptographic deYic~. TherefQre, i~ keeping with the KI~77~07 -22 ~12~8~

1 first o~jecti~e, if thc system generated terminal keys are 2 to be stored at the host system they must be protected by 3 bein~ enciphered under another ~ey. ~ne way in which this 4 may be accomplished is to encipher the terminal master keys S under the host master key hy an ~ncipher ~Aaster ~ey function 6 (FMK). I~owever, for reasons which will be described hereafter, 7 this results in an exposure of ~rimary communication }-eys 8 which violates the second objective of ~ey management.
9 Accordingly, to ~revent exposin~ these keys in clear form ,a dual master key a~roach is adapted, by the present invention, 11 in which a variant (XMHl) of the host mastcr key (RM~I¢~ is 12 used to encipher the terminal master keys by an ~ncipher 13 Master ~ey function (EMKl), whic~l will be descrihed in 14 greater detail hereafter. In the embodiment of the rresent invention, only the host ma~ter key resides in clear for~
16 within the cryptographic device. Accordin~ly, when an ~MK1 17 function is to be performed, the host master ~.ey i8 read out 18 of the master key memory and by selected inversion of certain 19 bits of the host master ~.ey the variant 77~1 i9 deri~ed for usc in enciphering the terminal master key. ~y enciphcrin~
21 the terminal master keys under the ~ariant of the host 22 ma~ter key, the enciphered terminal keys may be stored in a 23 cryptogra~hic data set until required for use in a cryptoaraphic Z4 operation and tbe first oh~ective ~f ~ey management i~
o~taine~, namely, that no key shall occur in clear form.
26 For rea%ons which will be descri~e~ hereafter, the encipherment 27 al50 meets the second objective of ~ey management.
28 System generate~ primary communication keys, i.e. sessio 29 keys, are time ~ariant keys which are dynamically generated for each communication session and are used to ~rotect Xig-77-007 ~23-1124Bl~) 1 communicated data. Since there may be numerous communications 2 sessions it is impractical to have these keys generated by 3 a human u~er. Therefore, the cryptographic apparatus of 4 the host system may be used as a p~eudo-random generator for S generating, a~ each communication session i8 required, a 6 pseudo-random number wh~ch, in keeping w~th the ob~ective 7 that cryptographic keys should never occur in the clear, 8 may be defined as being a ~ession key enciphered under the 9 host ma~ter key.
When encipher/decipher dat~ operations are required 11 at the host ~ystem, a decipher ~ey function (DECX) i~ first 12 performed, described in greater detail hereafter, in which, 13 using the ho6t master key as the working key, the se~sion 14 key enciphered under the host master key is declphered, with the resulting qe~sion key, in clear form, being 16 xe~a~ned in the host cryptographic device ~nd replacing the 17 host master key a~ the working key for enclpher/decipher 18 data operations. An encipher data ~unction (ENC) is performed 19 by enciphering data under the session key now availa~le a~
the working key whereas a decipher data ~unction (DEC) is 21 performed by decipherlng data enciphered un~er the ~ession 22 key by u~ing the session key now a~ ble as the working key, 23 ~oth of these functlon~ will be descri~ed in greater detail 24 hereafter.
Z5 In ordcr to a~low the host sy~tem and a terminal to 26 communicate with each other using the ~ession key as a common 27 operational key, it i8 necessary to communicate the ses~ion 28 key to the terminal. Thi~ is accomplished by first performing 29 a Re-enc~pher From Master Key transfonmation function ~RF~R~, which re-enciphers the ~ession key enciphered under the host Ki~-77 C07 -24-1~2~

1 master key to the session key enciphered under the terminal 2 master key, in a manner described in greater det~il hereafter, 3 ar~d then communicating the ses~ion key encip~ered under the 4 terminal master key to the terminal. At the terminal, the enciphered se6sion key i8 deciphered by a DECK function, 6 l-sing the terminal ma~ter key a~ the working key with the 7 resulting ses~ion key, in clear form, being retained in the 8 terminal cryptographic device and replacing t~e terminal 9 master key ~8 the working ~ey for terminal encipher/decipher data functions ENC/DEC.
11 In order to perform the transformation func~ion 12 described above, it i8 nece~ary to make use of the enciphered 13 '.erminal master key. Accordinqly, if the terminal master 14 key had been stored under the host ma~ter ~ey rather than a ~rariant of the host ma~ter key, then the se~ion key may 16 be exposed in clear form when the sess.ion key enciphered under 17 the terminal master key becomes available over the communication 18 line by wiretap and ~he enciphered terminal ma~ter key may 19 become exposed wh~le in storage at the host syqtem. ThiQ
may be accompli6hed by first performing a DECK function to 21 ~ecipher th~ terminal m~ster key encip~ered under the ho~t 22 master key, rather than the v~rian of the ho~t master key, 23 u~ing the host master key as the working key with the resultinq 24 terminal mas~er key, in clear form ,~eing retained in the host cryptographic device and replacing the ho~t ma~ter ~ey 26 zs the working key. ~hen, by performing a DEC function 27 using the wiretapped ~es~ion key enciphered under the terminal 28 master key as data, the ~nciphered ~es~qion key may ~e 29 deciphered uRing the terminal master key as the working ~ey Wit]l the resulting ses6ion key bec~ming ~vaila~ie in clear Xi~-77-007 -25-~24Bl~

1 form out~lde the cryp~ographic device and violating th~
2 first ob~ectlve of key management namely, that cryptographic 3 keys ~hould never occur in clear form outaide the crypto-4 graphic device. This exposure i8 eliminated by u~ng the S variant of the host master key to enclph~r the term~nal 6 master key s~nce the DECX function alway~ u~e~ the host 7 master key a~ the worklng key and ~ny attcmpt to decipber 8 the terminal key enclphered under a varlant of the ho~t 9 master key by using tho non-var~ant of the host ma~ter key will reault in u~elesJ informatlon. It should be noted that 11 althou~h the relAtlonship betwoen tho ho~t ma~ter k~y and 12 ~t~ variant are kncwn i.e. which bit~ are inverted, t~e 13 - cryptographic strength 1~ not ~eakonea becaus~ there i~ no 14 way to use thl~ informatlon to arri~e at u~eful ~ey lnfor-mation because of the complexlty of the algorlthm.
16 5~hus, by enciphorlng the tormln~l ma~ter ~ey under a 17 fir~t ~ariant of tho ho~t master koy, both of the ob~ectlves 18 of key management are o~tained, namely, the terminAl ma~ter 19 key doe~ not oacur ln cloar form out~ide th- cryptographic dev~ce and wh~n used in a cryptographlc functlon i~ doe~
21 not pexmit a cl~sr key to be recoverAble out~lde the 22 cryptogr~phlc device.
23 In ~ome pxivate crypto~raphlc sys~m~, end u~er~ mRy 24 wi~h to u~e ~ pr~v~te pr~mary com~un~caton key but 3tlll 2S ma~ u8e o~ ~he ~ystem fac~litle~ ~or key gcner~t~on and key 26 managemen~. Thus, in a ~ngle dom~n dat~ communlca~ion 27 network where an end user termln~ remote from the ho~t 28 ~ys~m, tha end u~er~ m~y define n mutually aqreed upon 29 private commun~c~t~ k9~ . a pr~ e ~ermlnAl m~ter J~ey 3~ KMT~ At the ho~t, the mutuall~ ~gre~d UpQn key ~ e Kig-77~007 -26 ~2~10 1 loaded into ho~t, be enclphered under n vari~nt of the host 2 na~ter key to maintain the private key in a secure manner, 3 ~d then stored in a crypto key data set until ~uch time as 4 a ses~ion i~ to be had wlth the terminal user as in the c~se of system generated keys. When a communication se~sion is 6 ~.o be established between the host and an end user term~nal, 7 the private terminal master key i~ lo ded into the terminal 8 master ~ey memory and the balance of the operat~on may 9 proceed as in the case of system generated key~.
Where llmit~d key managemont facllitie~ are used with a 11 private end user protocol, it may be neces~ary to wrlte the 12 enciphered private termlnal master key to ~n output device, 13 ~uch as a prlnter, and ~tore the pr~nter output in a secur~
14 manner, ~.g. in a phy~lcally protect d vault, unt~l ~uch lS time a~. th- communication ~os~on iJ de~ired. At that time, 16 the enciphered private terminal ~y i8 brought out and 17 loaded back into the host system. The terminnl u~er loads 18 the private key into the terminal mastor key ~amory and the lg communicatlon ~es~ion may then be ~nitiat-d~
In othsr private cryptographlc ~yct~ms, where the end 21 u~Qrs u~e a private protocol which i8 unknown to the system~
22 key selection, management and data trnnsfer operations nre 23 performed wlthout syRte~ knowledg~ that crypto~raphy i8 24 being performed. In ~uch arrang~ment~, the end w er~ may 2S def~ne a prlYate protoco~ using a mutu~ lly a~reed upon 2~ primary communica~ion key, i.e~ a pr~v~ e ses~lon ke~ hi~
2 7 key i8 loaded into ~he ho~t ~y~tem ~nd ~he ';e~n~l a~ ~
28 common working key th~roby al~ow~ng thQ ~o~t ~nd tenminal to 29 communcate u~ing ~he common pr~vate ~e~ion X~y. Wi~h thi~
39 end-to-end encryption appro~ch, enciphered message~ can be }~i9-77-0~7 27-1124BI~) 1 ~nt vla networkJ of any typ-, private or publlc, wlthout 2 sy~tom kno~lodgo ehat aryptography i~ b~lng porfor~ed but 3 providlng communiaatlon 8-curlty for ~uch data transml~slon~
4 Whlle lt 1~ ~fflclont to u-o varl~ntJ of a ho~t aa~tor key to provlde protoctlon for th- ~riou~ a~yptographlc 6 k~y- u~oa ~n tho sy~t~m, it 1- ~oll wlthln the ~k~ll o~ the 7 art to provld~ separate ma~tor ~ y~ in~t ~d o~ varlant~ of 8 a ~ingl- ma~ter ~ey Thi~ could b- ~ccompli~hod by providlng 9 separat~ m4ster k~y m-~orl-~ each bolng loaded ~lth a ma~ter whlch ls dl~for~nt from oa¢h other and boing acao~-od wh~n 11 nood~d Whilo th~ a Yl6bl- alt-rnatlve, lt would 12 ~ub~t~ntlally lncr~a-- th- co-t o~ ~h- ho-t dat~ ~curity ~3 devloo as oppo~d to u~lng a ~lngl- ~a~ter koy momory and 14 obt~lnlng variant~ a~ ne~d d~

KI9770Q7 ~28-~12~810 2 ~odern day data communication networks may include a 3 complex of communication terminals connected via communication 4 lines to a single host and its associated resources such as the host programs and locally attached terminals and data 6 files. A representative network is shown in Fig. 2 with the 7 host and its associated resources shown in block form and a 8 representative one of the plurality of remote communication 9 terminals also shown in block form. The terminal and inte-grated data security device and the manner in which the data 11 security performs cryptographic operations is described in 12 detail in the co-pending Canadian Application Serial No.
13 316,965, filed November 23, 1978 entitled "Cryptographic 14 Communication and File Security Using Terminals" by Ehrsam et al. While the particular manner in which the host is 16 implemented is not critical to the present invention, the 17 block diagram of the host in Fig. 2 shows the data flow and 18 control relationships of a representative host arrangement.
19 The host includes a programmable processor 1 operationally connected to a memory 2 which provides storage for data and 21 the programs which are utilized to control the system and a 22 channel 3 which controls the transfer of data between 23 input/output devices and the processor 1. Channel 3 is 24 connected to the processor 1 and memory 2 and via a channel I/O Interface, with control units such as control unit 4 2~ capable of controlling a cluster of input/output devices 27 which may be display or printer type of devices, control 28 unit 5 capable of controlling a plurality of magnetic tape 29 units or control unit 6 capable of controlling a plurality of disk files. Communication controller 7 is a two-direction t~

~12 ~

1 control unit that links the host to communic~tion lines 2 connected to remote terminals such a~ communication terminals 3 8, 9 and 10. While not ~hown, communication lines require 4 a modem at each end of the line to convert binary signals to analog signals back to binary signals at the other 6 ovex the communication line and for reconvvrt~ng (demodulation) 7 ana~og ~ignals back to binary ~ignals at the other end of 8 the line.
9 The collection of data and control llne~ connected between the channel and I/O control units is commonly referred to aR
11 the channel I/O intexface providing an lnformation format 12 and signal sequence common to all the I/O control units.
13 The I/O ~n~erface l~n~ generally include a data bus out 14 which is u~ed to transm~t devlce addres~es, comm~nds and data from the channel 3 to the I/O control unitt a dat~ bu~
16 in which $8 used to transmit device ldentification, dat~ or 17 status inform~tion from the I/O control unit to the channel 18 and tag ~ign~l lines which are used to provide signal~
19 identi~ying an ~/O operation, the nat~re of infoxmat~on on the data bus and parity condition. Since each I/O control 21 un~t ha~ a unique electrlcal interf~ce, d~v~ce adaptvrs 22 are generally provided to allow device connection to the 23 common IfO in~erface. All I~O data ~ran~fer~ be~ween ~he 24 procsssor and the ~t~3ched control unit~ may be performed in a pxoyrammed i~put/vutput (PIO) mode on a 1 byte per I/O
26 in~txuction ba~is.
27 Int~ thi~ ~rganizat~on of a general purpos~ Ao~t system 28 is ~ e~xa~ed a data s~curity d~vice of the pre~ent invention.
29 The data securi~y de~ice ~DSD) 11 includes a cryptv device 12, a m~ter key (MX) m~mory 13, a DS~ adapter lg whlch ~g77~7 -30-1 connects to the I/0 interface and a ~anual entry device 15 2 for manually loading a terminal ma~ter key ~nto the ~K
3 memory 13. Either one of two methods can be u~ed for writing 4 a host ma~ter key into the MK memory 13. The first method for writing the host master key into the MK memory 13 i~
6 achieved under pro~ram control. In thls method, an I/O
7 device having a keyboard, magnetic ~tr~pe card reader or the 8 like, may u~e such elements to cause the host ma~ter key to 9 be ~tored in the host memory 2 a~ in the case of conventional data entry. Sub~equently, under program control, the host 11 master key may be read from the ho~t memory 2 to the MX
12 me~ory 13 of the DSD in a manner which will be doscribed in 13 greater detail hereafter. ~he other method of writing the 14 host master key into the MK memory 13 con~ist~ of manually writing the host master key into ths MR memory 13 by means 16 of individual toggle or rotary switches wired to produce 17 binary coded hex dlglt~ as will be descr~bed in greater 18 detail he~eafter. To en~ble ma~ter key writing into the MK
19 memory 13 by either method, an enable writ~ key (EW) switch i~ provided which 1~ lnitially turned on when a write master 21 key operation i8 initiated and turned off a~ the end of 22 write ma~t~r key operation. To pre~ont the ~ey from ~eing 23 ch~nged ~y unauthoriz~d per~ons, thQ EW ~wi~ch operation may 24 be activated by a phy~ical ~ey lo~k arrangement.
The DSD adapt~r 14 ~erves a dual fu~ctlon namely, 26 providin~ adapter function~ for DSD connection to the I/O
27 ~nterface and control function~ for ~he DS~.
28 The l/O interface prov~de~ the DSD adapter 14 wi~h 29 overall d~rection, gi~es it cipher keys to be u~ed, pre6ents i~ wi~h data to be processed and accept~ the processed .

1 re~ults. Overall direction i8 achieved by use of operation 2 commands which are decoded and subsequently provide control 3 in properly tlmed ~oquence~ of signals to carry out sach 4 command. These signals are synchronize~ wlth the transfer S of data in and out. The DSD adapter 14 al80 controls the 6 placing of cipher keys in the ~rypto device 12 and direc~
7 the crypto device ln the enc~phering and deciph~ring operations.
8 The MR memory 13 i8 a non-volatlle 16X4 blt random 9 access memory (RAM) which is battory powerea to enable key retention when host pow~r may not be present. The host 11 ma~ter key consist~ of eight master key bytes (64 bits) each 12 of which con~ists of seven key bits and one parity bit.
13 The crypto device 12 i~ the heart of the DSD hardware 14 for performing encipher~ng and deciphering operatlon~. The crypto device 12 performs encipher/decipher oper~tlons on a 16 block cipher ba~i~ in which a mes~age bloc~ of 8 data bytes 17 ~64 bits) i8 enc~phered/deciphersd under control of a 56 bit 18 cipher working key to produce an enc~pher~d/d~ciphered 19 me~sage block of 8 data bytes. The block cipher i8 a product cipher function which i8 accompll~hed through 21 succe~sive applicatlon~ of a combination of non-linear 22 su~3t~tution~ and tran~po~ltion~ undex control of the clpher 23 working ksy. Six~een operat~on d~f~ned rounds of the product 24 cipher axe ex~cuted ln which th~ result of one round ~erve~
a~ ~he argument of the next round. Th~ block cipher functlon 26 operatlon i~ more fully described in the aforementloned V.S.
27 Pat~nt NO. 3,958,081. A ba~c ~ncipher/dec~pher operation 28 of a me~age ~lock of data ~tarts with the loading of the 29 cipher key from the ho~t m~mory 2. Th~ ~ey i generally 3~ ~tored under mast~r kcy encipherment to conceal ~t~ true XI~77007 -32--31~

1 value. Therefore, it i8 received as a block of data and 2 dec~phered under the master key to obtain the 3 encipher~ngJdecipher~ng key in the clear. ~he clear key 4 does not leave the crypto device 12 but i8 loade~ back in as S the working key. ~he mes~age block of data to be 6 enciphered/deciphered is then tran~ferred to the crypto 7 device 12 and the cipher function iR performed, after which 8 the re~ultant mes~age ~lock of enciphered/deciphered data is 9 tran~ferred from the ¢rypto device 12 to the host memory 3.
If sub~equent encipher/decipher function~ are to be performed 11 using the same working key, there i9 no need to repeat the 12 ~nitial ~tep~ of loaqing and dociphering the wor~ing key as 13 it will ~till be ~tored in the workin~ key reg~ster.
14 The crypto device 12 includes duplicate crypto engine~
operating in synchron~sm to achieve ahecking by 100~ redundancy.
16 Referrlng now to Fig. 3, one of the crypto engine~ i9 shown 17 in ~implifie~ block form with a heavy lined border ~ignifying 18 a ~ecure area. The crypto engine 16 contain~ a 64 bit 19 input/output buffer register 17 divided into upper and lower bu~fer regi~ter~ 18 and 19 of 32 blts each. The buffer 21 r~gi~ter 17 i used in a mutually 8xclu~1ve manner for 22 receiv~ng input dat4 on a ~erial by ~yte ba~i~ from the bu~
2 3 in, tenmed ~n input cycl~, and for provi~ing output d~ta t n 24 a serial by ~yte ba~1~ to the ~U3 out, termed an output cycle. Thu~, during each input cycl- a mes~age bloc~ of 26 eight data byte~ i~ written into the buffer re~i~ter 17 from 27 the host memory 2 whi~e ~uring each output cycla a mes~age 28 block of eight ~roaessed data bytes i~ read from the buffer 29 regi~ter 17 to the host memory 2. Seri~l output~ of the buffer regi~ter 17 are al~o appli~d a~ serial inputs to the o 1 worklng key regi~ter 20 and a parity check circu~t 21, the 2 latter being controllod to be effective only when a 64 bit 3 clear cipher kQy i~ to be loaded directly into the working 4 key register 20 from the host memory 2 via the buffer regi~ter ~ 17. Only 56 of the 64 b~ts are stored in ~he workin~ key 6 register 20, th¢ 8 parity bit~ be$ng usQd only in the parity 7 chock circuit 21. The buffer regi~ter 17 i~ al80 pro~ided 8 with paral}el $nput ~nd output path- from and to ~ 64 bit 9 data regi~ter 22 al80 divided ~nto upper ~nd lower data registerQ 23 ~nd 24 of 32 bit~ each. The uppor and lower 11 data reg~ters 23 and 24 each posse~ses parallel output~ ~nd 12 two set~ of parallel input~. m e parallel input~ to the 13 lower d~ta regl~ter 24 ~e$ng from the lower buffer register 14 19 and th~ upper d~ta reg~ter 23 whllo the par~llel ~nputs to the upper dat~ regl~ter being from the upper buffex 16 regiçter 18 and from ~he lower data register 24 after 17 modlficat$on by ~ho cipher funct~on clrcuits 25. ~he 64 b~t t8 ma~ter key i8 lnputted to the crypto engine 16 on a Qerial 19 by byte bas~s with each byte baing checked for correct par~ty by the parity chec~ circu$t 26. As ln the case of 21 the cipher key tran3fer from the buffer regi~ter 17 to the 22 working key regi~ter 20, only 56 ~f the 64 b~ts ~re stored 23 in t~e ~ey regi~ter 20, th~ 8 pari~y blt~ b~ing used only in 24 the par~ty chec~ c~rcuit 26. ~ur~n~ the lo~ding proc~s~, ~he key regl~ter 20 i8 configured a~ ~e~en 8-b~t s~ft right 2~ req~terR to ~ccommodats the eiqht 7-bi~ byt~Y received from 27 t~e MK me~ory 13 ~or th~ buffer reg~tex 1~).
28 When the work~ng key ~ 8 used for enciphering, the ~ey 29 regl~ter 20 ~ conflgured a~ two 28 bit recircula~ing .~hift left reql~ers and the wox~in~ key is sh~fted left, in ~I9770~7 -34-accordance with a predetermined shift schedule, after each round of operation of the cipher function so that no set of key bits once used to perform a cipher operation is used again in the same manner. Twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the encipher oration. The shift schedule provided is such that working key is restored to its initial beginning position at the end of the complete encipher operation.
When the working key is used for deciphering, the key register 20 is configured as two 28 bit recirculating shift right registers and the working key is shifted right in accordance with a predetermined shift schedule, after each round of operation of the cipher function so that again no set of key bits is used again. As in the enciphering operation, twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the decipher operation. The shift schedule provided in this case is also such that the working key is restored to its initial beginning position at the end of the complete decipher operation.
The cipher function circuits 24 perform a product cipher through successive application of a combination of non-linear substitutions and transpositions under control of the cipher working key. Sixteen rounds of the product cipher are executed in which the results of one round serves as the argument of the next round. Deciphering is accomplished by using the same key as for enciphering but with the shift schedule for shifting the key being altered so that the deciphering process is the reverse of the enciphering process, 112 ~

1 thus undo~ng ln reverse order ~very step that wa~ earried 2 out during the encipharing proee~s. During each round of 3 the cipher function, the dat~ eont~nta of the upper data 4 regigter 23, deglgnated R, ~ enciphered under control of the working k~y, deslgnated K, w~th the result be~ng added 6 modulo-2 to the contents of the lower d~ta regi~ter 24, 7 de~ignat~d L, the operatlon be~ng expres~ed as L f~,K). At 8 the end of the eiphor round, the eontent~ of the upper data 9 regl~ter 23 i~ parallel tran~ferred to the lower data register 24 while th~ output of the eipher function eireuits 25 is 11 p~rallel transferred to the upper data reg~ster 23 to form 12 the argument~ for the next round of the eipher function.
13 After a total of sixteen round~, whieh eomplete~ the total 14 ciphsr fun¢tion, Sho eontents of the upp~r data register 23 i9 parallel tran~ferr~d to the upper buffer regi~t~r 18 16 while the output of the eipher funetlon ~ircuits 25 i~
17 parallel transferred to the lower buffer reg~ter 19. The 18 ~r~nsformed data eontents o~ the buffer regi~ter 17 is then 19 outp~tt~d v~a th~ bus out to the ho~t memory 2.

~9 KI~773Q7 -36-1~2~

1 DSD CO~DS AND ORDERS:
2 Input/output operat~on~ of an I/O device are gener~lly 3 directed by the executlon of I/O in~truct~ons. In executing 4 an I/O tnstruction, the channel generally prov~de~ an address f~eld for addre~lng the I/O devlce, a command 6 field for de~ignatlng the operatlon to be performed ~nd 7 another address fiela for addres~ing the data fteld ~n memory 8 from whlch data ls ~otched or to which data 1~ ~tored. The g data ~ecurlty device 11 of ~he pre~ent lnvention ls re~pon~ve to ~even types of comm~ndJ from the proce~sor as Rhown in the 11 follow~ng table includlng the mnemonlc ~nd bit pattern of the 12 command:

14 Command Pleld Name ~nemonic 0 1 2 3 4 5 6 7 17 1. ~eset Adapter RST _ _ _ - 0 0 2. Set B~ic Status SET BS - - - - 0 1 1 0 3. ~es~t Basic Status RS~ BS - - - - 0 1 0 0 4. Read Basic Statu9 RD 3S - - - - 0 ~0

5~ PIO Write Data PIOW - - - - 1 1 0 0 2~

6~ PIO Read Data P~OR - ~ 1 0 23 7. Wr~te ~SD Order WR ~SD w x y z 1 1 1 o 24 The fol7Owing ~8 ~ br~ef descr~p~ion of the functlon of e~ch of the com~ands, the operation of wh~ch will ~e described 26 in greater detail here~fter.
27 1. ~e~et Adapter (RST) - This command csuse~ a reset ~B signal to be creaeed ~o reset ~11 countQrs, f~ip-flopq and 2g latche~ ln t~e adapter and control sect~ons of the ~S~.
2. Set Bas~c Status ~SET ~S) ~ Thi~ comma~d causes llZ~

1 those latches in a ~tatus register of the DSD that correspond 2 to l's in the data fiefd to be ~et to 1.
3 3. RRset Basic Statu8 (RST BS) - This command is 4 similar to the SET BS command except that the status latches corre~ponding to l's in the data field are set to 0.
6 4. Read Bacic Status (RD BS) - Thi~ command cau~es the

7 contents of the status latches to be applied via the data bus

8 in to th~ proces~or.

9 5. PIOM Data ~PlOW) - ~h18 ~ommand causes the data field to be loaded lnto the buffer register or the b~ts 0, 1, 2, and 3 11 of the data field to be ~tored in the ~ memory depending on the 12 operation to be performed.
13 6. PIOR Data (PIOR~ - Thi~ command causes the contents 14 of the buffer regi~tQr, with correct parity, to be app~ied via 1~ the data bu~ in to the processor.
16 7... Write DSD Order (WR DSD) - This command useR the four 17 high order bits of ~he command f~eld to de~ignate cipher key 18 handling and data proce~s~ng order~ as shown ln the following 19 table including the mnemonic and ~it pattern of the order field:

~r~ ~tnn~

ORDER FORMAT
2 , Order Command Field Field N~e ~nemon~c W X Y Z 4 5 6 7 Cipher Key Handlin~
1. write Master Key WMX 0 0 0 0 1 1 1 0 2. ~ecipher Key DECK 0 1 1 1 1 1 1 0 3. Gener~te ~andomG~N 1 1 1 1 1 1 1 0 8 Number 9 4. EnciphQr M~ster Key ~ EMK~ 1 1 0 0 1 1 1 0 5. Encipher Ma~ter Key 1 EMKl 1 1 0 1 1 1 1 0 11 6. ~eenclph~r ~romRPMX 0 1 0 1 1 1 1 0 Ma~ ter Key Data Proce~ing 1. Enciph~r ~;NC 1 0 0 0 1 1 1 0 2. Decipher DEC 1 0 1 0 1 1 1 0 16 DSD PUN.C~IONS
17 DSD cryptograph~c funct~ons may be performed by comb~ natlons 1~ of the previously défi~ed command~ or by a comb~atlon of 19 function~. ~hese funct~on~ require an input ~o the cryptographic apparatus consisting of a key parame~er or a 21 data parameter. The notation u~ed to describe these functions 22 wi~} ~e expressed a~ follcws: -23 FUNCTION~XEY P~RAMETE~IOUTPUT
24 FUNCTION~DATA PA~AMETE~] ~OUTPU~

and when ~unctions are combined, the notation u~ed to de~cribe 26 the comb~n~d funct~on~ w~l~ be expres-~d a~ follows:
27 FUNCTION~XEY PARAME~E~, DATA PA~AME~ER3~OUTPUT
28 ~he ~a~ient characteristic3 of ho~t cyrptogr~phic 2~ functioII~ are ~t ~1) the k~y paramet~r, i~ a~way~ in 39 en~lph~red form ~n~ ~hereore must ~e internally ~ec.Lphered ~12a~0 1 by the crypto engine before the clear key 16 u~ed and that 2 (2) no ~unction allows keys to become avail~ble ln clear 3 fonm. The descriptions that follow ~escribQ what each 4 function does and how it i8 performed. These functions will S be de~criked in greater detail h~r-after but the general 6 description of those fu~ction~ or comb~nation of function6 7 are given at this point to provide a better under~tanding of 8 how various ~ecurity appllcatlons may be per~ormed. The 9 de~criptions may follow along wlth reference to Pig. 3 at time~. In the d~agrams which are referenced in the following, 11 the cryptographic facility ~ ~hown in ~implified block form 12 for ease of undsrst~ndlng these operation~ and will be ~hown 13 and descrlbod in greater detail hereaftor.
14 Beforo proceeding to the de~crlptlons of the function~, a brlef gencral do~crlptlon w$11 be yiven of how the manual 16 write key operat~on i8 performed. Referrlng now to F~g. 4, 17 th~re ~8 shown a ~mpllf~ed bloc~ diagram of a manual WMK
18 operation. In the m~nual WMX op~ration, an EW switch i8 19 set on to enable writing into the MX memory 13 after which a MW sw~tch is clossd to ~nabl~ ~anual writing and causlng 21 the current master lcey to ~e o~.rerwrltten with whatever happens 2Z to be set in the d~t~ Icey entry swttches. Pollow~ng thi8, 23 16 ~ets of 4 bit~ (64 bi~s) are mz~ual~y wrltten lnto the MK
24 m~mory 13 to compl~to the manual WMX operation.
2S R~ferr~ng now to E'ig. 5, there iB ~hawn a slmpl~fied 26 block disgram of a write ma~ter key ~WM}C) function. ~hi~
27 function i8 carr~d out by the folla~ing se~3uenc~ of commands:
2 8 ( 1 ) ~K and ~ 2 ) 16 PIOW ' 8 . In this operation, a~ in ~he Z9 manual WMK operation, the EW switch i8 previou~ly ~et on to ~i9-77-~07 -4Q-1 enable writlng into the ~K memory 13. The execution of this 2 function causes the cu~rent ma~ter ~ey in the master key 3 memory 13 to be over-written with whatever happens to ~e 4 present as bits 0, 1, 2 and 3 on the bus in. Thereafter, S the crypto eng~ne controls are set to allow a 64 bit master 6 ~ey ~M to be written as a key parameter into the P~ memory 7 13 by mean~ of 16 successive PIOW data command~ with the 8 bits 0, 1, 2 and 3 in the data field~ a~oclated with the 16 9 PIO~ data ~ommand~ con~tituting the new master key. The 1~ notation WMKt~I]~XM ~ u~ed to descrl~e thi~ operation 1 whereby the term WMX ~ndicate~ the functlon, the contents of 12 the bracket~ indicate the key parameter input to the rlR
13 memory 13 and the arrow point~ to the result.
14 Referring now to F~g. 6, there i8 ~hown a simplified ~lock diagram of a dec$pher key DECK function. This function 16 is carriea out by the following ~e~uence of commands:
17 (1) D~CK and (2) 8 PlOW' 8 . ~he execution of this function 18 set~ the crypto engLne control~ to flrst allow the master 19 key I~lY ~n the .~K memory 13 to ~e tran~ferred to the crypto engine 16 as the wor~ing ~ey. ~fter or during the master 21 key transfer, a 64 bit data ~lock, defined as an operatlonal 22 ~ey en~iphered under the master key, is l~aded as a ~ey 23 par~meter into the crypto engine 1~ by means of 8 succe.c~ive 24 PIO~ data commands w~th the ~uccessive data f~e~ds associate~
with the 8 P~OW comm~nd~ const~tuting the enciphered operationa7 26 key. After the key parameter loading ls completed, the 27 crypto en~ine 16 performs a decipher operatlon to obtaln the 28 cipher ~ey in clear form. The xesultant clear cipher key 29 does not l~ave the crypto eng~ne 16 ~ut ls loaded b~cX into the key reqlster 20 of the crypto engine lfi re~lacin~ the ~z~o 1 ma~ter key aQ the working key. The notation DECKlEKMKO~KO
2 i~ used to describe this operatlon wherQby the term ~EC~
3 indicates the funetion, the contents of the bracket lndicate 4 the key parameter whieh i8 inputted to the erypto engine 16 and the arrow points to ~he result.
6 Referring now to Fig. 7, there i8 shown a ~implif~ed 7 bloek dlaqram of an eneipher (ENC) funetion. Thi~ funetion 8 i~ carried out by the ~ollowing sequ~nee of eommand~: ~1) EYC
9 (2) 8 PIOW's and (3) 8 PIOR's. The executlon of thi~
function set~ the erypto engine controls to the encipher 11 mode of operation and a110WB a 64 bl~ mes~age block of data 12 to be loaded as a data parameter into the erypto engine 16 13 by mean~ of 8 8ucce8~ive PIOW data eomm~nds with the 14 successive d~ta field~ a~soeiated with the 8 PIOW eommands eon~tituting the mes~ge block of dat~ to be eneiphered.
16 After the data param~er loadi~g ~ eompleted, the crypto 17 en~lne 16 perfoDm~ an Rne~pher oper~tion to encipher the 18 data para~eter under the operat~onal key prQsently ~torod 19 in the working key reqi~ter of the erypto deviee 16. The 64 bit ene~phered re~ult 1~ transf~rred by a Qerie~ of R PIOR
21 command~ from the erypto engine 16 for storage in de~ignated 22 d~ta f~eld~ of th~ host memory 2. The notation 23 E~C~A~Al+E~oDATR is ~sed to descrl~e this op~r~tion whereby 24 the term ENC ind~catea the function, t~e content~ of the ~ ~r~cket in~icate the d~ta parameter input to ~he crypto 26 engine 16 a~d the arrow point~ ~o the r~ult. Add~t~on~lly, 27 ao long ~ the crypto eng~ne con~rol~ rem~n set ~n the 28 encipher mode of oper~tion, ~hen a mes~ge whlch consists 2g o~ multlple ~ byte bloc~s o~ data may be enciphered by ehe cxyp~o englne 16 ~y mean~ of ~n e~cipher com~nd followed KI9770~7 -42-~124~3~0 1 by a series of ~uccessive 8 PIOW data commands and successiYe 2 8 PIOR data commands for each block of data. This message 3 encipherment may be expressed by the notation:
4 E~C~DATAl, DATA2~ DAT~Exo~DATAl, DAT~2----DAT~).
S Referring now to Fig. 8, there is shown a simplified 6 bloc~ diagram of a decip}ler (DEC) function. Thi~ function is 7 carried o~t by the following sequence of commands: (1) DEC
8 (2) 8 PIOW'~ and (3) 8 PIOR's. The execut~on of this function 9 sets the crypto engine controls to a decipher mode of operation and allows a 64 bit message block of enciphered data 11 to be loaded a~ a data parameter into the crypto engine 16 12 by means of 8 successiv~ PIOW data commands with the 13 succe~sive data field~ a~ociated with the 8 PIOW command~
14 cons~itutinq the message block of enciphered data to be deciphered. After the data parameter loading i~ completed, 16 the crypto engine 16 perform~ a dec~pher operation to 17 decipher the data parameter under control of the operational 18 key prosently stored in the working ~ey register of the lg crypto engine 16. The 64 bit d~ciphQred result ls transferred ~y a series of 8 PIOR co~unands from the crypto en~ine 1~ for 21 storage in de~i~nated da~a field~ of the host memory 2.
22 The notatlon DEC~EK~DAT~3~P,TA is u~ed ~co descrilJe tl~is ~3 operætion whereby the term DEC indicates the function, the 24 con~ents o~ the brac~et indicate the dæta parameter input to 2~ the crypto engine ~6 and the arrow points to the result~.
26 Addit~onally, ~o long as the crypto en~ine controls remain 27 8et i~ the d~cipher mode of operation, then a mes~age wh~ch 2~ consists of multiplQ b}ock~ of en~iphered data may he 29 deciphered by the crypto engine 16 by mesn~ of a decipher 3Q command followed by a s~ries of succes~ve 8 PIOW data ~o 77nn 7 ~ ~

1~24~

1 commands and succe~sive 8 PIOR data command~ for each block 2 of enc~phered data. Thi~ message dec~pherment may be 3 expres~ed ~y the notatlon:
4 DECtEXO(DATA1, DATA2~ 3AT ~ 11~DATA1~DATA2----DAT ~ .
Referring now to Fig. 9, there i8 ~hown a ~implified 6 block diagram of a generate random number ~5RN) function.
7 Thiq function is carried out ~y t~e following Requence of 8 commands ~1) GRN and (2) 8 PIOR'~. Accordingly, in g executing thi~ function, the crypto en~ine controls are set to the encipher mod~ of operation and a v~riant 11 KM3 of the master koy RM in the MK memory 13 i~ tran~ferred 12 to the crypto en~ine8 16 a~ the working key, the variant 13 RM3 ~eing obtain~d by inverting predefined b~ts of the 14 maæter key. During the transfer of the m~ter key variant KM3 to the crypto enqlne 16, a 64 b~t count value CT from ~
16 non-re~ettable ~N countor i9 lo~dcd a~ a data parameter into 17 the crypto engine 16. After the key ~nd tho data parameter 18 loading ~8 completed, the RN counter i8 ~tepped by one and 19 the crypto en~ine 16 performs an encipher operation to encipher the data parameter C~ under ~ontrol of the variant 21 KM3 of the maYter key pr~ently ~tored in the working key 22 re~1 ter of the crypto de~ice 16. The 64 bit enciphered 23 result ~8 a p8eudo random number ~N wh~ch ~s tran~ferred by 24 a ser~es of 8 PIOR c~mmands from the crypto englne ? 6 ~0~
s~orage in des~n~ted data fields of th~ ho~t memory for use 26 ag a crypto~raph~c key in a manner whlch wlll ~e described 27 herea~ter. The notation GRN tCT3 + RN ~EKM3C~) i8 used to 28 de~cribe this operat~on whereby the term G~N indicates the 29 f~nction, ~he content~ o~ the bracket ind~cate~ the d~ta 30 param~ter lnput to the crypto eng~n~ }6 ~nd the arrow points l~Z4~

1 to the result.
2 Referring now to ~ig~. ~0 and 11, there are shown 3 simplified block d~agra~s of the encipher ma~ter key (EMK~ and 4 EMKl) function. This function 1~ carried out ~y the followin~
sequence of commands (1) EMRp (2) 8 PIOW's and (3) 8 PIOR'~
6 or (1) EMKl (2) 8 PIOW'~ and (3) 8 PIOR' 9 . Accordingly, in 7 executing these function~, the crypto engine controls are set 8 to the ~ncipher mode of operat~on causin~, in the ca~e EMX~
g ~unctlon, the unmodl~led master key in the MX memory 13 to be transferred to tho crypto engine 16 as the working key 11 and, in the case ln the EMRl funct~on, a ~riant KMl of the 12 master key KM in the MK memory 13 to be tran~ferred to the 13 crypto engine 15 aR the working key. The variant RMl i~
14 obtained by lnvertlng predefined b~t~ of the ma~ter key which are di~ferent from tho~e used ln the GRN funct~on.
16 After or during th~ master key transfer, a 64 bit data 17 block, daf~ned a~ an operational key, in ~he ca~e of the EM~
18 command, or as a secondary key encrypting key, in th~ ca~e of 19 the EMRl command, ~g loaded as a data par~meter lnto the crypto eng~ne 16 by mean~ of 8 3uccessive PIOW data command~ wlth 21 ~uccesslve data ~ield~ as~ociated with the 8 PIOW comma~d~
22 con~tituting the oper~tio~al key or t~e ~econdary koy encrypting 23 k~y. After the k~y ~nd d~ta parAmeeer loa~lng ~ ~ompleted, 24 ~he cryp~o engine ~6 performs an encipher oper~eion to enciph~r 2~ the data p~ramet~r u~der t~e master ~ey or variant of t~e 26 ma~er key ~ored ~n the worki~g key regi~ter of the crypto 27 device 16~ The 64 bit enc~pher~d re~ult 18 transferred by a 28 serie3 of 8 PIOR command6 from the crypto eng~ne 16 for qtorage 29 in designated data f~eld~ of t~e host memory. The notation XI977007 ~45~

1 ~MX~ lKO] ~ EKMKO i~ used to ~escrl~e the EMK~ operation 2 wh~le the notatlon EMKl [KE~1 ~ EXMl~EK is used to descri~e 3 the EMRl operAtlon whereby the term~ EMK~ and EMKl indicate 4 the funct~on, the content~ of the ~rac~et indic~te the data parameter input to the crypto engine 16 and the arrow po~nt~
6 to the results.
7 Referring now to Pig. 12, there is shown a simplified 8 block dlaqram of an enclpher data tECP~) function. Thi~
g function ls a combinatlon of the DECR function and the ENC
function and is carried out ~y the followlng ~equence of 11 command~: (1) DECX (2) 8 PIOW'3 (3) ~NC (4) 8 PIOW'~ and (5) 12 8 PIO~' 8. Accordingly, in executing thls function, the 13 crypto engine controlJ are fixst set to the dec~pher key 14 mode of operation by the DECK command causing the master key lS XM in the ma~ter koy memory 13 to be trana~erred as the 16 worklng key ~o the working key regi~ter of the crypto eng~ne 17 16. After or during the ma~ter key loading, the key par~meter 18 of the funct~on, oonsist~ng of an opcratlonal key enciphered 19 und~r the master key, ~ loaded lnto th~ crypto engin~ 16 by means of 8 succe~slve PIOW data comm~nds. The crypto angine 21 16 then performs a declpher key operatlon to obtaln the 22 operatlon~l key in clear foxm whlch 18 th~n ~oaded ~ack in 23 a~ ~he wor~in~ key of the crypto engine 16 replac~ng the 24 prevlou~}y loade~ master ~ey . The crypto engine control~
2~ are then se~ to an encipher mode of operat~on ~y the ~NC
26 comman~ and the da~a parnmeter of the functio~, consis~ng 27 of clear data, is loado~ into the crypto ~ngine 16 by me~n~
28 of 8 ~uccessl~e PIOW data command~. The crypto eng~ne 16 29 then perform3 an enc~ph~r operation to encipher the data L~B10 1 parameter under the present operational key. The enciphered 2 resl-lt is then tran~ferred by a series of 8 PIOR commands 3 from the crypto engine 16 for storage in designated fields 4 of the host memory 2. The notation ECPH[EKMRO,DATA]~ExoDATA
is used to describe this operation whereby the term 6 ECP~ indicates tha function, the content~ of the bracket 7 indicate the ~uccesslve key parameter and data parameter inputs 8 to the crypto engine and the arrow points to the result.
g ~eferring now to Fig. 13, there is ~ho~n a simplifled ~lock d~agram of a decipher data (DCPH~ funct~on. Thi~
11 function i~ a combination of the DECX function and the DEC
12 function and is carried out by the following sequence of 13 commands: ~1) DECK (~) 8 PIOW's ~3) DEC (4~ 8 PIOW'~ and 14 (5~ 8 PIOR's. The f~rst part of this function is identical lS to that for the enclpher data function insofar as loadin~ an 16 operational key in clear form a~ the working key of the 17 crypto engine 16. After the operational key loading i8 18 completed, the crypto ~ngine controls ~re then set to a 19 decipher mode of operation by the D~C co~mAnd and ~he data parameter of the function, consisting of D~TA enciphered 21 under the operational ~ey, is loaded ~nto t~e crypto engine 22 ~6 by means of ~ succossive PIOW dats commands. ~he crypto 23 en~ine ~6 then perform~ the deciphar operat~on to decipher 24 the data parameter under control of the present operational 2~ ~ey. The dec~hered result i~ then transfer~ed by a ~er~es 26 of 8 PI~R commands from the crypto engine 16 for storage in 27 des~gnated fields of th~ h~st memory 2. The not~tion 2B ~CPH~EKMXO,EKoDATA~ TA is used to descri~e this operation 2g whereby the term DCPH indica~es the function, the contents ~0 of the bracket ind~c~te the success~ve key parameter an~ the data 112~B~O

1 parameter inputs to the crypto engine and the arrow point8 2 to the result.
3 Referrinq now to Fig. 14, there 1~ ~hown a ~impl$fied 4 block diagram of a reencipher from ma~ter key ~RFMR) function.
S This ~unction i~ carried out by the following sequence of 6 commandQ: ~1) RFMK, ~2) 8 PIOW's, (3) 8 PIOW's and (4) 8 PIOR's.
7 Accordingly, in executinq this funct~on, the crypto engine 8 controls are first set to the decipher mode of operat~on 9 by the ~FMR command and a variant KMl of the m~ster key ~ in the KM memory 13 is tran~f¢rred to the crypto engine 11 16 as the working key, the varlant KMl being obta~ned by 12 invertin~ the same predef~ned bits of the master key as in 13 the EMKl function. During or after the transfer of the 14 mas~er ~ey variant KM} to t~e crypto engine 16, a 64 bit data bloc~, def~ned a~ a key ~ncrypting key enciphered under 16 the ~ame variant of the master key ~g loaded as a ~ey 17 parameter to the crypto en~ine 16 by mean~ of 8 ~uccessive 18 PIOW data commands with the succe~v~ data f~eld~ as~ociated 19 with the commaDd~ con~tituting the en¢lphored key encryptlng key. After the key parameter load~ng is completed, the 21 crypto engine 16 performs ~ dscipher oper~t~on to obtain the 22 key en~rypt~ng key ~n c}ear form. The resultant clear key 23 encrypt~n~ key does not leave the crypto en~ine 16 but ~8 24 retaln&d, wlth ha~f the ~esuleant clear key aYailable Z5 at tne upper data req~ster~ 23 of ~che crypto eng~ne 26 ~6 and the other half availa~le at the cipher funct~on 27 circuit~ 25. W~th the crypto ~ngine control ~till ~e~ for 28 th~ dec~pher mode of operation, a spQcial key operation i8 29 now per~orme~ in which a 64 blt d~ta bloc~, defined a~ an operational ~ey enclphered under ~he maQ~er key, ~ loaded K~977007 -48-~Li2 ~10 1 as a data parameter into the buffer register 17 of the crypto 2 engine 16 by mean~ of 8 succe~sive PIOW data commands with 3 the successive dat~ fields associated with the commands 4 constituting the enciphered operational key. After the S data parameter loading is completed, th~ contents of the 6 buffer register 17 i~ tran~ferred to the data register 22 7 of the crypto eng~ne 16 while at the ~ame time the content~
8 of the upper data regi~ter 23 and the output of the cipher 9 function circuit~ 25 are tranaferred to the buffer r~gister 17 of the crypto engine 16. By this wapping action,-the 11 key encrypting key resulting from tho fir~t decipher 12 operation now resid~s $n the buffer register 17 of the 13 crypto en~ne 16 while the enciphered op~rational key now 14 re~e~ in the data reg~ster 22 of the crypto engine 16.
lS Because of the fact that a sp~cial key operation i~ ~eing 16 performed, the crypto ongine control all~w~ the ma~ter key 17 KM in the master key ~emory 13 to now be transferred to the 18 crypto engine 16 as th~ working key. After the master key 19 loading is completed, the crypto ~ng$ne 16 perform~ a second decipher operation to obtain the operational key in clear 21 form. The re~ultant clear operational key d~es not leave 22 the crypto engine 16 ~ut i5 retained, with half of 23 the resultant clear key a~aila~}e at the upper data regi~ter 24 23 of the crypt~ engine 16 a~ the ot~er haLf a~allable at Zs the cipher function circuit~ ~5. At th~ time, a special 26 encipher opera~ion i9 ~nit~ated with the crypto en~ne control~
27 ~eing set for an encipher mode of oper~tlon and the half of 28 the clear operational key at the c~pher func~ion circ~its 2g 29 is tr~nsferred to the lower data re~i~ter ~4 so that the clear operational key i5 now fully available in data realster il2~10 1 22. ~he key encryptinq key resulting from the first decipher 2 operation and presently residing in the buffer register 17 3 of the crypto englne 16 i~ now loaded as a working key 4 into the key register 20 of the crypto englne 16. After S key register loading operat~on ~ completed, the crypto 6 engine 16 performe~ ~n enclpher oper~tion to enc$pher the 7 operational key under the key encrypt~ng key to complete 8 the reenclpherment functlon by whlch the operational key 9 enciphered under the m4ster key is now enciphered under the key encrypting key. The reenclphered result is 11 tran~ferred by a serie~ of 8 PIOR command~ from the crypto 12 engine 16 for ~torage ln de~ignated data f~eld~ of the 13 host memory. The notation RFN~ lEKMlKEX, ExMK3 ~ ExEKXO
14 is u~d to describe th$~ operation where~y the term RFMK
lS indicates the function, the contents o the brackets indicates 16 the succe~give key parameter and data parameter input~ to 17 the crypto englne and the arrow polnts to the re~ult~.

3~

KI~7~007 -50-1 CO~IUNICATION SECURI~Y APPLICATIONS
. _ 2 The previous section provides a description of the 3 various ba~ic function, command and order capabilities of 4 a host having a data ~ecurity device capable of performing enciphering and deciphering operations. Similarly, the 6 aforementioned co-pending application ~erial nun~er 3 J6~96~, 7 provides a description of the various ba3ic function, 8 command and order capabilities of a terminal having a 9 data security device capable of performing enciphering and deciphering operations. Accordingly, the following 11 descriptions will provide an explanation of how such a 12 terminal and host may be u~ed in varIous commu~ication 13 security applications. While the diagram~ used to il~ustrate 14 these application~ are simplified block diagram-q, it should be understood that the networks represented ~y these diagram~
16 are far more complex t~an that shown. However, thi~ type of 17 representation is u~ed merely to ~implify and aid in the 18 understanding of the applications to be de~cribed. It 19 should be further understood that the ho~t sy~tem contain~ a full complement of known programming ~upport including an ~21: operating sy~tem, application programs, a telecommunications 22 access method which, in the present case of ~ingle domain 23 networks, d~rect~ the transmis~ion of data between host 24 application programs and terminaLs.
CO~UNI ~
26 Reerring now to Fig. 15, there iY shown a simplif i ed 27 conceptual block diagram of a ~i~g~e domain data communication 28 networ~ comprising a terminal, having a d~ta ~ecurity ~evice, 29 connected via ~ communication line to a ho~t syst~m al50 11~4810 1 having a data security device contained therein. The data 2 security device of the terminal and the manner in which it 3 is used to generate and manage cipher keys and perform 4 encipher/decipher op~ration~ i~ more fully de~cribed in the aforementioned co-p¢nd~ng application serial number ~cf96 6 At host system ~nitialization tlme, a primary kQy 7 encrypting key KMH is generated in some random manner, as by 8 coin or dice throwing, and then written into the MK memory g of the host DSD. Following this, ~econdary communication key encrypting keys, e.g. XEX, are qenerated in clear form 11 which, if system generated, are designated as terminal 12 master keys Kr1T or, if pr~vately generated, are designated 13 a~ private terminal ma~ter keys ~TP. The clear system or 14 private generated t¢rminal key encryptinq keys KEK are then distributed in a secure manner, as by courier, registered 16 ma~l, public phone etc. to the authorized terminal uæers 17 and retained at the ho~t sys~em in enciphered form by 18 enciphering the terminal key encrypting ~ey under a variant 19 of the host master key ~K~Hl~EK. At the terminal the first ~tep of inltializing the terminal for communicati~n sessions 21 is to ~ecure the terminal master key wh~ch ~ accomplished 22 by loading the terminal KEK into the MK memory of the 23 terminal's DSD by manu~l or t~rmlnal control mean~. To 24 e~tab~i~h a commun~cat~on ~ession ~atween the terminal and the host system, the nex~ step ~æ ~o generate a primary 26 commun~cation operat~ona~ or data encrypting key as the 27 common xe~io~ koy KS. ~his ~s initiatsd at termlna~ ~y the 28 auth~r~zed terminal u~er L~GON or SIG~O~ procedure which 29 causeæ a me~age to be trans~itt~d to the ho~t system 3~ identifying ~t8elf an~ the application progr~m with which it 1 wishes to communicate and a request to $nltiate a commun~cation 2 ~e~sion. The host sy~tem, in ro~ponse thereto, communicates 3 wlth the identified application program to determine whether 4 it i~ available for a commun$catlon ~e88~ on wlth the reque~ting S terminal. If availnblo, the host sy~tem cau~e~ a pseudo 6 ~andom n~m~er to be generated wh~ch i~ def~ned as being the 7 system ~e~sion key enciphered under the ~y~tem master 8 key EKMHpKS. This i8 in keeping wlth the rule that no key 9 ~hall ever appear in the clear. The enciphered session key is retained at the host system for encipher/decipher operatlon~
11 during the communicat$on session. Additiona}ly, ln order to 12 distribute the ses~ion key to the requqsting term~nal the ho~t 13 ~y~tem, u~$ng the enc~phered terminal key encrypting key 14 EKMHlKEK and the enciphored Jess$on key ERMHpXS, performs an ~FMK ~ran~formation function which reencipher~ the session 16 key from encipherment under the ~ystem master key to 17 encipherment under the terminal master key i.o. from 18 EKM~pKS to EKEKKS where KEX may be a sy~tem gcnerated terminal 19 master ~ey KMT or a private generated termin~l master key KMTP. 5incc the ~e~sion key i8 now enclphered under the 21 terminal key encryptin~ key ~.e. Ex~KS, it may b~ transmitted 2 2 over the ccmmunication line to bind th~ r~que~tlng terminal to ths 23 requested ~pplica~ion progra~ in ho~t ~y~tem for a communicat~on 24 ~ession.
Now, the re~ue~ting ~ermin~ c~n communic~te w~th the 26 appl~cation progr~m in host ~y~tom to perform the follow~g 27 encipher d~ta ~CP~ functlon: ECP~lExERgS~ DA~ATl~Ks DATAT
28 In ex~cutin~ thi~ functionO ~ decipher ~ey operation 2~ D~CK~EKEKKS) KS i~ first perform~d to obtain the ~e~sion key in clear fo~m a~ the wor~ln~ key, after which An encipher ~i9-7~ 7 -53-- ~ ~124~1~

1 operation ENC(DATAT~ ~EKS~ATAT U8 performed on the data to be 2 transmitted over the aommun$cation line to the application 3 program ln host ~ystem.
4 At the host system, the enclphered termlnal data ~ 8 S dec$phered by performing the following D~P~ function:
6 DCP~EXMH~KS, E~SDATAT)~DATAT
7 In executing this fun¢t$on, a decipher key operation 8 DECR(ERMH ~ S)~RS iB flr~t performed to obtaln the ~es~lon 9 ~ey in clear form for u-e as the working key, after whlch the enciphered data recelved from the terminal 1~ dec~phered 11 by a decipher operation DEC(ExsDATAT)~DAT ~ to obtain the 12 term$nal data in clear form. Alternatively, ho~t data m~y 13 be enc~phered under tho ~es~lon key at the host system by 14 per~orming the ECP~ function ECPH(ExMK~RS, ~ATAB)~EXsDATA~
lS for transmi~ion ovor the communlcation line to the termln~l.
16 In thi~ cas-, the terminal perform~ the (DCP~) functlon to 17 obtain the host data ln cl~ar form:
18 ~ KER~S~ EKS DAT ~ l DATA~
19 It ~hould be noted that when the communlcation ~e~lon i5 term$nated, the termln~l must reinit~at~ ~ new requ~t to 21 the ho~t ~yatem for ~ new communlc~tlon session and cau~e 22 the ho~t sy~tom to gener~te ~ new ~e~ion ~oy enciphered 23 under the term~nal m~ter ~ey for astabl~shln~ a new common 24 operatlonal key for the new commun~catlon ~os~lon. ~hl~
procedure provide~ ~n~roa~sd ~ecurlty for the ByBtem 8~ nce 26 the prlmary communicatio~ key~ are tl~o Yarlant ~nd dyn~mlcally 27 generated for eac~ n~w communication ~e~ion. ~hu~, lt ~hould 28 be apparent that there wil~ ~e fro~uent operational key 29 changes for subsequent communication ~e~lons thereby prvvldlng 3~ increased ~ecurity for the sy~tem.

Ki9-77-007 -54-1 COMMUNICATION SECURITY IN SINGLE DOMAIN NETWO~KS USING
2 A SYSTEM_KEY
3 Referring now to Fig. 16, there i~ 3hown in ~lock 4 diagram form, a logical view of se~sion level communication ~ecurity in a ~ingle domain networ~. In order to properly 6 control data transmiss~ons throughout a data communication 7 network, ~t i8 neces~ary to define a communication architecture for 8 the network. The architecture establishes the logical qtructure, 9 format~, protocols, and operational sequences for the orderly movement of lnform~tlon throughout ~h- network. There 11 are many possible communlCation architecturo~ which 12 can be extanded to include cryptography ~upport. One such 13 type of architecture ~8 the ~ystem network arch~tectur~
14 described ~n varying detall in the follow~ng publicationQ:
"Systems Network Architocture - General In~ormation"
16 No. GA27-3102, IBM Corporat~on, Armonk, Ne~ York, 1975;
17 "AdvAnced Function ~or Communlcat~ons System Summary"
18 No. G~27-3099, IBM Corporation, Armonk, New York, Second 19 Ed~ton, 197~; "System Network Architecture" IB~ Sy~tem~
Journal, Vol. 15, No. 1, 1976, Page~ 4-80. Further 21 deta~ls of the formats and protocol~ o~ such architecture 22 .are de~cr~bed in "Sy~tems Network Archit~cture Format and ~3 Protocol ~e~Rrence Manual: Archltecture ~Og~cn No. SC3~-~112, 24 IBM Co~poration, Armonk, New York, ~976. ~l~o, one type o~
acc~ss method implementat~on o~ th~ architecture for contro~ling 26 the ~ransm~s~lon of data betwe~n element~ in a data communicat~on 27 network is described ln de~all ~n the publica~ion, "Advanced 2~ Co~mun~c~t~on ~unction for ~TAM ~ACP~VTAM) - Concept~ and ~g Planning" ~o. GC38-0282-1, IaM Corporation, Armonk, New York, Second Ed~tion, Augu t 1~77. Wh~le the deta~s of the arch~ecture C~ L 9 7 7 0 0 7 - 5 5--~12~

1 de~cr~bed in these publication~ are not critical to the 2 present invention, a brlef discussion of the commands for 3 ses~ion initiation and the network elements between which 4 they flow will be g~ven in the following to provide a better understand~ng of the env~ronment ~n which the invention may 6 be applied.
7 In data communlcation networks, application program~
8 and terminals are consiaered as logical units. Before 9 data may be communic~ted between such logical unit~, a logical relationsh~p called a sess$on mu~t be established 11 between the respective logical units. In the communication 12 session between an applicat~on program of a ho~t system 13 and a remote terminal of the system, the application program 14 acts a~ ~he primary ~o~cal unit ~PLU) for establishing and terminating the communlcation ses~on and the terminal acts 16 as ~he secondary logical uniS ~SLU). In order to a}low a 17 ~sion to proceed, it i9 neces~ary to e~tablish a connectlon 18 between ~he two logl~al unit~. Typica~y, the connection 19 may be initia~ed at the terminal or by the application program cau~ing an Initiate C~IT) reque~t to be passed to the 21 System Services Control Point (SSC~) of the ho~t sy~tem 22 along w~th request parameter~ i~e~tifying the SLU ~n 23 the ~e~ion. The SSCP i8 respon~b~e for mana~ing the 24 networ~ and ha~ av~ b~e to it a comp}ete descr~ptlon of the networ~. When the ~NIT re~ue~t i~ accepted, a 26 pos~t~e re~ponse lg returned to the requesting ~U.
27 The SSCP then cause~ a Control ~n~t~ate IC~ ) reque~t to ~e 28 pas5ed to the appl~cat~on pro~ram that it ~hould attempt to 29 establ~sh ~BrND) a communicatlon ses~ion b~tween the app~cat~on program and the ramote term~nal. Included with th~ CI~IT
3' reques~ is a Bind image wh~ch contains the session parameters ~Ig77007 -56-~123~10 1 that e~tablish the character~stic~ of the ~e~slon to be 2 esta~lishe~. Upon receipt of the CINIT reque~t, the 3 applic~tlon program ha~ the option to accep~ or re~oct 4 the request to go into se~slon w$th the remote term$nal.
When the CINIT reque~t is accepted, a pos~tive response 6 is returned to the SSCP. The application program then 7 cAuses a BlND request, ba~ed on the Btnd image, to be 8 passed to the remot~ tormlnal requesting th~t ~ communicatlon 9 ~es~ion be established. Included with the ~I~D re~uest is the ses~ion parameter- which define all of the protocols 11 which must be o~serv~d during thi~ se~s~on. Upon receipt 12 of the ~IND reguest, tho remote terminal has the option to 13 accept or re~ect the request to go into ~ession wlth the 14 application program. When the BIND requ~t iY accepted, a positive response i8 returned to the ~pplication program 16 and the se~sion i8 now established allowlng data to be 17 communicat~d between the appllcat$on progr~m and the remote 18 terminal.
19 The descriptions which now follow in connection w$th Fig. 16 through F~g. 19 are keyed to numbered not~tlons in 21 the figures in order to ~d ln understanding the saquence of ~2 operations performed t n carrying ou~ the appl~cat$on shown 23 in each f~gure.
24 Accordingly, referr~ng now to F~. 16, ~t host initializ~tion time, (1) a ho~t ma~ter key (XMh~) ~9 sele~ted Z6 and loaded ~nto the MX memory ~y ~ manual WMX funct~on or ~y 27 request~n~ the executlon of a WMX functlon ~nder host 28 control, (2) the host ~yst~m then r~uests ~ ser~es of G~N
29 fu~ctlo~ to be ex~cute~ ~9 deflne a eer~eq of tenmlnal ma~te~ k~ys (KMTl-KMTn) ~or ~ch of ~he ~erminals as~oc~ted ~i9-77-007 -S7-1~2~0 1 wlth tho ho~t sy~t m. (3) The~e k~ys are then distributed 2 to an authorlzed ter~inal us-rs in a secure mannor, as by 3 courier, register d ma$1, public telephone etc (4) 4 The ho~t sy~tem noxt requosts a ~eries of EMXl functions to be performed to enclpher each of tho gen-rat d t rm~nal 6 m~ster keys under a variant of the host ma~ter key 7 ' (EXMHl~MT~ ExMHlKMTn)~hich are thon (4) writton to a 8 cryptographlc key data set (CXDS) along with termlnal ID's 9 for sub~equent retrl-val when cryptograph$c operat$on~ are to be p-rformed The authoriz-d term~nal u er having 11 r-ceiv~d the terminal master key in a ecure manner now loads 12 the m~st-r key lnto tho MK memory of the te d nal by a ~6) 13 manual WMR fun¢tion or by reque~tlng the executlon of a WMK
14 functlon under ho~t ~ontrol The ~o~slon initiat$on proce-~ boglns w$th either the 16 terminal or an appllcation program initiat~ng (7) an INIT
17 regue~t to the SBCP of the ho~t y~t~m along with reque~t 18 par~mot~r~ identlfylng the terminal ln the ~o~slon for whieh 19 connoetion $~ bolng eought When the INIT r~qu-~t i~ accepted, 2~ a poslt~vo ra~pon~o i~ roturned to th- r~ue~tlng LU The 21 S8CP mu~t now obtain ~ es~ion k~y and arr~nge for lts 22 d~Jtribution to the p~rtleipat~ng network eloment~ Accordlngly, 23 the SSCP r~quests a (8) GRN funetlon to be p*rformed to 24 qener~t~ ~ random nu~b~r wh$ch i~ dofin~d a~ ~h~ ~e~io~ key 2s enclphered undar the ho~t ms~ter ~ay l e ~N-~KM~ ~S, ~n 26 keeping with the Gb~set~ve that no koy h~ll oeeur in clear 27 form, w~th the oneiphor~d ~s~ion key b~n~ ret~ined ~n the 28 host momory for aub-~qu~nt ancipher~doclpher d~ta operation~
29 In order to di~txlbut th~ sQssion ~ey in ~ form useable by th~ term~n~l, th~ SSCP next reguest3 a (9) pr~vi~eged RFMK

1~24~

1 tran-~formation function to be performed. This is accomplished 2 by accessing the CKDS for the enclphered terminal master kay 3 EXM~lK~Ti as the key paramQter and acces~lng the ho-~t memory 4 for the enciphered session ~ey EKHH~KS as the data parameter S to perform the RFMX funct~on, wher~by the ~ession key 6 enciphered under the host master key i~ re-enciphered to the 7 ~es~on key enciphered under the terminal master key EKMTiKS.
8 Having deriv~d these quantiti~s i.e. EKMTi~S and EKMH~KS, 9 they are included in th~ ses~ion parameter~ of the CIN~T
reque~t. (10~ The SSCP th~n c~uses the CINIT re~ue~t to be 11 passed to the applica~on program indicating that th~r~ is a 12 request for a session to be establi~hed with the terminal.
13 If the appllcation program accepts the CINIT request, a 14 posit~ve response i~ returned to the SSCP and the enciphered session key EKMH ~ S i8 extracted and sav~d for subsequent 16 encipher/decipher data operations during the se~ lon. (11) 17 The appl~cation program then generato~ a ~IND request 18 whioh contain~ among other thing~ th~ enciphered 19 ~es3ion key ERMTiXS, which iR passed to tho terminal.
If the terminal accept~ the BIND reque~t, a po~itive 21 response is returned to the appl~ca~lon program and 22 the enciphered se~8$0n key E~MT~KS i8 extract~d and 3av~d 23 for subsequent enciph~r/declpher data opexations during the 24 ~e~sion. The n~t re~ult of th~ o ~stablish a com~uni-cation ~e~ion betweQn two participa~ng TU's of the n~twor~
26 with each bein~ pxov~dod w~th a common operational k~y in a 27 form su~t~bl~ fer u8e with theix respective crypto~raphic 28 apparatus. Thu~, the t~rminal can now xequ~t that a~ (12) 29 ECPH ~u~ct~on be p~for~ed to enc~p~er terminal data, u~ing XS~77007 _59_ 1 the ~e8810n key enciphered under the terminal master key, to 2 obtain enclphered terminsl data EK8DAT~ for transfer to the 3 appllcation program and ~he appllcation pro~ram can request 4 a (13) DCPH functlon be p~rform~d to declpher the enclphered S data receive~ from the termlnal using thc 8ame session key 6 but enclpher~d under the host ma~ter key to obtain tha 7 terminal data DATAT in clear form. Alternatlvely, the 8 appl~catlon program can request an ~14) ECP~ function to be 9 performed, u~lng EXM~ ~ S, to enclpher bost d~ta ~nd tbe terminal can r~quest a (15~ DCPH function to be performed, 11 u~ing ~R~T~KS, to d~cipher enciphered host data received 12 from the appllcation program.
13 COMMUNICA~ION SECURITY IN SINGLE DOMAIN NET~ORRS
14 ~D~ A PR:V 5 ~T-i ~ferrin~ now to Flg. 17, there i9 shown in block aiagr~m 16 form, a logical view o~ ~e~slon level communicatlon ~ecurity 17 in a ~lngle ~omain network uslng a prlvat~ key. There are 18 many ~ituations where lt 1~ de~lrsd to provide data transmissions 19 through A d~tA communicatlon network u d ng ~ pr~vate secondary communic~tion key i.e. ~ private terminal ma~ter key KMTP, 21 which t8 not sy8tem ~e~r~ted but i8 ~utually agreed upon by 22 the end u~e~s. In th~ ca~e, the end user~ use the ~y3tem 23 for ganerat~ng the se~-lon ~y and key m~n~ment for 24 perfoxm~ng t~e transform~tion functlon bu~ the oncipher/
dec~pher dat~ oper~t~on~ m~y be ~n~o~ed by the 6y~tem or the 26 app~tcatlon progr~m d~pending upon the protocol e~t~bli~e~.
27 Therefore, ~ this ~a~, at ho~t inltia~iza~on tlme ~
28 host master key ~XMH~) 4 ~ ~g~tn ~e}ected and loaded into or 29 m~y ~lrèsdy res~d~ ln the ho~t M~ memory. ~2) ~he en~ u~ers d~c~de upon ænd defl~e, ln a ~ecure m~nner, the prlvate ~9-77-0~7 -60-1~24~10 1 term~nal ma~ter key (KMTP) to be used ln thelr communlcat~on 2 session. (3~ This value 18 then lo~ded lnto the host memory 3 and the host reque~t~ an EM~l function to be performed to 4 encipher the priYate key under a v~riant of the host master S key EKMHl~M~P which i8 then (4) written out to the CXDS
6 alon~ with a termlnal ID for retr~eval ln sub~e~uent crypto-7 graphlc operatlons. The b~l~nce of the operation to estab}lsh 8 a communlc~tlon se~lon between an appllcatlon program and 9 the termlnal used for the communlcatlon 18 ldentlcal to th~t de~crlbed above $n connoctlon wlth the sy~tem generated key ll ~ystem of Plg. 16 except, depending upon the protocol 12 e~tabli~hed, e~ther thc system or the appllcatlon program 13 may reque~t the enclpher/d~c~pher data operatlons to be 14 pertormed.
COMMU~ICATION SECUR~TY IN SING~E DOMAIN NE~WORKS ~SING A
16 PRIVA~E KEY AND PRrVATE END USER PROTOCO~
17 Referring now to F~g. 18, there $~ ~h~wn iQ block 18 di~gram form, a loglc~l vlew of communlcat$on ln a ~ingle 19 domaln network using a prlvste key and a prlvate end u~er protocol. In ~ome situatlons, ~ pri~ate level of commun~catlo 21 ~ecurity can be esta~ h~d us~ng a protoool whereby key 22 select~on and d~tr~butlon ~re the u~er'~ re~pons~bllity and 23 request~ for cryptogr~phlc ~ervlce are explic~tly sxpressed 24 by the ~n~ user. Therefore, ~n th~s ca~e, ~ ~n .he last 2S example, at ho~t ~nit~lizat~on t~me ~13 a host master ~ey 26 t~ 3 i~ 6elected and loaded ~nto or may ~lre~dy reside 27 ~n ~he ho~t MK memory. t2) The end users ag~n decide upon 28 and prlY~tely def~ne, ~n a ~ecure manner, the pr~vate term~nal 29 ~a~ter key (gMTP~ to be used ~n the~r com~un~c~tion se~ n.
3~ ~3) Th~s ~alue ~8 ~hen ~oaded into the ho~t m~mory and t43 the Xi9-77-0û7 -6~-1 host reque~ts that an EMKl function be pexformed to sncipher the 2 prlvate key under a varlant of tho host ma~ter key ~MHlRMTP.
3 However, in this lnstance, slnce crypto graphic serv~ces are 4 expl~citly expressed by the end u~er rather than th~ system, S the resultant value i0 not ~ritten out to a CgDS but rath~r 6 (5) to an output devic~ ~.g. a prlnter, where both a copy 7 of the defined private key and its en~lphered version is (6) 8 stored ln a secure manner e.g. a vault, untll such time as 9 a communlcatlon ses~on i~ to be establlshe~. At that tlm~, the coples are taken out of the vault and the prlvate key i8 11 (7) written into tha torminal MK memory and ~8) the enciphered 12 version i8 loaded into the host memory for subsequent use 13 when cryptograph~ servlces are requested. As ln the previously 14 de~cribed appl~cation~, the reque~t to e~tabl~h a connect~on may ~e in~tlated at th~ termlnal or by th~ applicat~on program 16 cau~ing an ~9) ~NIT r~que~t to be paJaed to the SSCP of the 17 host system. When the I~IT reque~t 18 acceptQd, a positive 18 response 1~ returned to the reque~tlng LU. ~n this casc, 19 ~lnce the prlvate ona u-er protocol haJ e6t~bl~shod th~t requ~ts for cryptograph~c services are to be expr~s~d by 21 the appl~cat~on program, the SSCP makes no requQst for a 22 8e8810n key but merely oauses a (101 C~N~ request to be ~3 pasA~d to the applicat~on program that ~t sbou~d attempt 24 ts ~IND a ~ommun~catlon 8e88ior: between the applic~tion progr~m and t~ terml~l. If the appl~ca~lon program acc~pt~
26 the C~NI~ r~qu~st, a positlve ~o~ponse i~ re~urned to the SSCP
2~ and the appl~c~t~on program then request~ the tll) GR~ fun~t~on 28 to be perfoxmed to o~in ~ r~ndom number de~ined a~ the 29 e~ciphere~ 8e5~iQn key ~.e. RN~EgM~p~S and the ~12? R~M~
function ~o tr~nsform the 9e88ion key enc~phered under the X~g-77~007 -62-1~24810 1 ho~t master key EKMH~S to the ~e~ion key enclphered under 2 the private terminal m~t~r key EKMTpgS for transmlttal to 3 the ter~lnal. The balance of the operation 1~ ~dentlcal to 4 that de~crlbed above ln connection wlth Fig. 17 and once the common ses~ion key 1~ establlshed at both ends, the appllcation 6 program wlll control all requests for enclph~r (ECPH) ~r 7 dec~pher ~DCPB) data opQratlon~ ~t the ho~t ~y~tem.
8 COMMUNICATION SECUR~TY IN S~NG~E DOMA~N NET~OR~S USING A
. _ . . . . _ _ .
9 PRrV~TE KEY AND A TOTAL~Y PRIV~TE PROTOCOL
Referrlng now to Fig. 19, there i~ shown in block di~gram 11 form a loglcal vteW of communlcat~on ~ecurity ln a s~ngl~
12 domaln network uslng a private k~y and a prlvate protocol 13 which 1~ totally pxiv-te and th~ro~ore un~nown to the system.
14 In to~ally pr~vate ~y~tQms, key s~l~ctlon, key m~nagement and data trnnsfer 1~ accompllshe~ wlthout ~ystem knowledge that 16 cryptography $8 bei~g per~ormea. Whatever crypto~raphy 18 17 perform~d i8 kno~m only to an appllcatlon progra~n. qq~ere~ore, 18 in th$s case, at host ln$t$allzatlon tlme, tl) a ho~t l9 m~ster key ~RMRp') i8 ~e~ected and lo~ded ~nto or alre~dy 20 res~e~ in thQ ho~t M}~ ~ry. (2) ~he ~na u~er~ ~gain 21 decis3e upon and prlvate~y dof~ne, in ~ ~ecure mannQr, a 22 prlvate prim~r~ cc~mmunication }coy ~.e. ~ prlvate ~e~ien 23 ~ey KSP, to be u~ed ~8 th~ common op~s~tlol~al key~ ~3) ~
24 ~alue i~ thon ~oaded lnto t~e ho~t m~mo~ nd ~e ap~sllcat~on pro~ram re~u~st an ~4) EM~ ~un~t~o~ to be performed i~
26 order to enc~pher the pr~te ~e~s~on ~ey under the host 27 ma~ter key EKM~RS. The re~ult~ng Qnciphered value i3 not 28 wrltten out tc a CKDS but ra~her to an output printer devlce 29 and both a aopy of the ~ ned pr~vate ses~ion ~ey ~nd ~t~
enciphered version ~re ~6) ~tore~ ~n ~ secure m~nner e.g.

K~9-77-007 ~3--1~24810 1 ~ vault, untll ~uch ti~e as a communication 8e8~10n 18 to 2 b~ e~tabllsh~d. At th~t tlme, the copi~ ~re t~ken out of 3 th~ vau~t and the prlvate ~esslon key ~ (7) wrltten dlrectly 4 into the koy regi~or~ of terminal cryp*o eng~ne a8 a working S key ~nd (8) th~ enclph-rsd vorJion i~ ~o~ded into th~ host 6 m~mory ~or ~ub~equ~nt uJe wh~n crypt~graphic servicos are 7 requeotaa. Sin¢e a totally private protocol lg b~ing u~ed 8 in thi8 ~pplicatLon, the ~t ps (9) ~N~ r~q~e-t (10) CINIT
9 reque~t and tll) B~ND r qU~8t proc ed ln a atraight forward m~nner to e~t~bli~h the communlcation Be~4ioa without the .r~
11 ~y~tem being aware that any crypto~rap~ic operation i8 to b~
12 per~orm~. Pollow~nq ~be e~tablishmQnt of She ~e~lon, the 13 termlnal can perform an ~12) ~NC function to encipher terminal 14 data u8~n~ the prl~-te ?~-sston key KBP a~ the operational key to obtaln enciphor~d t~rminal data EX~pDAT ~ for tra~fer 16 to the appllcatlon pxogram. At the ho~t ~y-tem, upon rec~lpt 17 of the en~iph red term~nal data, the appllcatlon program 18 re~ue~t~ a (13) dealpher DC~ functlon to be performod to 19 decipher th~ encipher~d term~nal d~ta, u~ng thQ enc~ph~rsd privat- se~-ion ~ey, to obtaln the t~r~ina~ d~t~ DAT~ in 21 clear form. Alternati w ly, the applioati~n pro~ram can 22 re~uost ~n ~14) e~cipher ECPH funct~on to be performe~ on 23 ho~ ata, u~ln~ the ~nc~phered priv~te sR~sion k~y, to 24 . obt~in en~iphe~ed ho~t dat~ EgSp~T ~ for communica~lon to tho t~rm~n~ t the t~rminal, upon r~ce~pt of the encipherod 26 ~ ho~t dAts, ~h- terminal r~uest~ a (15) d~ciph~r DEC function 27 to be perormod ~o ~d pher the enclphered ho~t dat~, u~lng 28 the pr~Yate s~sion k~y a~ the workin~ ~Qy~ to o~tain the 29 ho~t d~t~ DA~ ~ in c~r fo~m.

X~-7~-~07 - -64-112~8iO

1 DETAILED DESCRIPTION--HOST DATA SÆCURITY DEVICE
2 ~ata Securit Device Clock y 3 Referring now to Fig. 20, there is ~hown the logic detail~
4 of a clock pulse generator 100 u~ed in the DSD of the present invention. ~he primary input is a ~quare wave 6 oscillator whose no~inal repetition rate i~ 4'~Hz, having 7 approximately a 50~ duty cycle. The oscillator 102 effectively 8 drives a ring counter made up of two D-type flip-flops 108 9 and 110 which are used for controlling other logic circuits within the clock 100. The clock 100 produces a clock signal 11 -C derived from the flip-flop 110 and additionally produceq 12 ~our basic clock pulses from a ring counter and the oscillator 13 pulses on the pha~e 1, -pha~e 1, -pha~e 1 late, phase 3 late 14 and pha~e 4 llnes, each being nominally 125ns in duration and having the relationships ~hown ~n Fig. 21.
16 ?~ore specifically, the flip-flops 108 and 110 are 17 initially in an off state with the flip-~lop 110 applying a 18 positive signal t~ one input of the ~ND circuit 130 and to 19 condition the flip-flop 108 for being turned on. The leading edge of a pulse from the o~cillator 102 i~ applied via 21 inverters 104 and 106 to turn on the flip-flop lOR which, in 22 ~eing turned on, applie~ a positive signal to a second input 23 of the AND circuit 130 and to condition the flip-flop 110 for 24 ~eing turned on. At the trailing edge of the first oscillator ~ul~e, a positive signal is applied from the inverter 104 to 26 render the A~D cixcuit 130 effective to apply a positive pulse ;27 on the ~3L line havin~ a 125n~ duration. The leading edge of 28 the next oscillator pul~e is applied via the inverters 104 and 29 106 to turn on the conditioned flip-flop 110 which, in be~ng turned on, applies a po~itive signal to condition the .~ invert ~977007 -65-1~10 1 circuit 134 and to turn on the ~4 latch 132. ~he latch 132, 2 in being turned on, applie-R a positive signal to render the 3 AND invert circuit 134 effective to apply a negative pulse 4 on the -~4 line and, via inverter 136, a posltive pulse on S the ~4 line, both pul~es being of 12~ns duration. The 6 flip-flop 110 in bein~ turned on al~o applies a negative 7 signal to condition the flip-flop 108 for being turned off 8 and to render the AND invert circuit 120 effective ~o apply 9 a positive signal to the -C line. The leadinq edge of the next oscillator pul~e is effective via the inverters 104 and 11 106 to turn off the flip-flop 108 which, in being turned 12 off, applies a po~itiYe ~ignal to condition the AND invert 13 c~rcuit 124, to turn on the ~1 latch 122 and to one input of 14 the A~ invert circult 128 and also applied a negative signal lS to condition the flip-flop 110 for being turned off. The 16 latch 122 ln ~eing turned on applies a po~ltive ~ignal to 1~7 render the A~D invert circuit 124 effective to apply a 18 negati~e pul~e to the ~1 line and, via the inverter 126, a 19 po3itive pul~e to th~ ~1 line, both being of 125ns duration.
The flip-flop 110 ~t~ll being on appli~s a po~itive signal 21 to a ~econd input of the AND invert circuit 128. Accordinqly, 22 at the trailing edge of the third o~ci ~lator pulse, a 23 positi~e signal i~ applied from inver~er 104 to render the 24 AND invert ciruit 72~ effective to apply a ncg~tive pulse on the ~1~ line ~avlng a duration of 125ns. The trailin~ ed~e 26 of the third o~cillator pulse ~ also effect1ve via the ~nverter 27 ~06 to ~pply a negativ~ pul~e to reset the latch 122. The 28 leading edqe of the fourth oscillator pulse i9 effective, 29 via the inver~ers 104 and lOÇ, to reset t~e flip-flop llû
~Jhich return3 the rin~ counter back to its initial condition.

RI9770~7 -66--1~24~1~

1 The flip-flop 110 in being reset applies a po~itlve signal to 2 one input of the AND invert clrcu~t 120 and after a delay 3 provided by the inverters 112, 114, 116 and 118 to render the 4 AND lnvert circuit 120 effective to apply a negative ~ignal on the -C line. At the end of the fourth oscillator cycle, the 6 clock 100 i8 back at the initial condltion to repeat the generation 7 of the variou~ clock pulse~ in ~UCC08SiV~ phase times as Qhown 8 in Fig. 21.
9 MANUAL W~ITE MASTER REY ~W~K) OPERATION
The wrlse ma~ter key operatlon con~ists of manually 11 writing 16 half-bytes (4 bit-~) constitutlng the master key into 12 the ma~ter key (MK) me ry ~ia 4 bit l~no~. Enable write 13 ~EW) and manual wrlte ~MW) switchQs aro provlded to inltiallze 14 and control the 16 cycle~ needed for loading the individ~al hal~-byte~ into the MK memory. Bit ~witch~ are al~o 16 pxovl~ed for produclng the bin~ry coded numb~rs 0 through F with 17 all output~ being low for 0 and high for F. The master key 18 i8 pre-generated, ~n a random manner, a~ 16 hexadecimal number~
19 to be wr$tten lnto the 16 locations of th~ MK memory. The following i8 a gen~ralized ~tep-by-~tep procedure of manually 21 writing the master key into the MR me~ory.
22 Step 1: Set the EW ~witch to ~he on or enable write 23 master key (~WMK) po~ition.
24 Step 2: Pre~ the MW ~witch onc~ to re~et the MK memory ,25 addres~ counter to 0 and to overwrite ~he master key 26 pre~ently stored in the MK memory.
27 Step 3: Set th~ bit ~witche~ to the half-byte to be 28 wri~ten into the MK memory location 0.
?9 Step 4: Pre~s the MW switch once.
Step 5: Set the blt ~witches to the next h~lf-byte to ;I977007 -67-1 be written into the next uceoodlng lo~ation of the MK memory.
2 Step 6: Pres~ the MM push button once.
3 Step~ 7-34: Repeat StepB S and 6 in suece~ion until the 4 last half-byte has b-en written into the la~t location of ehe S MX m~mosy.
6 Step 35: Set th~ EW swlteh to the off positlon.
7 At any time durlnq the exeeution of thl~ proeedure, A8 8 when there 18 uneertalnty that lt has b-en corr-ctly done, a 9 re~tart ean be aeeompli~hed by dolng Step 35 and be~inning again w$th Step 1.
11 Referrlng now to Fig. 22el and the timlng diagram of Fig.
lZ 23, a more d~t~iled d -eription of the m~nual WMX operation 13 will ~e giv n in th- following. To init~ate this operation, 14 the En~bl~ Write ~EW) ~wlteh, whieh m~y b~ a SPDT ~wlteh activated by a physieal ~ey lo~k to pr~v~nt the key from being ehanged by 16 unauthorized person~, 18 ~et to the ON po41tion. Following thi~, 17 the Manual Writo (MW) ~witeh, whieh may be a pu~h-button 18 switeh, may be pre~od to the MWNO po~it~ on c~using a negative 19 pulse to be appl$ed to turn on the MW lateh 138. The lateh 138 in b~ing turned on applies a n~gatlve ~lgnal via the 21 -MW llne to turn on th~ MX BUS SELECT l~tch 140 and the manual 22 write half ~yte (MW~D) control lstch 154. ~he l~tch 140 ln 2 3 b~ing turned on appli~ a po~itive ~lgnal to condltion the AND
24 clrcuits 164 in Fig. 22dl for passlng ~ h~lf ~yte (4 bit~) from 25 the bit switch~s SWO-SW3. Wh~n th~ MM swltch i~ rele~sed, ~t 26 r~urns to the MWNC pOA~ tlon caw ing a n~gatlve ~lgnal to be 27 ~pplied to r~s~t the MW latch 138. Th- MW latch 138 in bolng 28 r~et ~pplieQ a po~itl~ signal on ~he -MW lln- which together 29 with th~ po~lt~ve ~n~l ~rom the l~tch 140 rond~r~ tho AND
invort oircu~t 142 ~f~e¢tive to apply a n~g~tlve slgnal to li2~181~

1 turn on the ENA~LE MAN RST latch 144. At ~1 tlme of the 2 next cloc~ cycle, a ~1 clock pul~e together with the positive 3 signal now on the -MW line and a positive signal from the 4 latch 154 render th~ AND invert circuit 156 effective to apply a negative signal ~o the inverter 160 where it i~
6 inverted to a positivQ signal on the MWHB line. The positive 7 signal on tho MWHB line is applied to conditlon the AND
8 invert circuit~ 152 and 158. ~he AND invert circuit 158 is 9 effective to maintain the positiv~ ~ignal on the MWHB line until the next ~1 time when a -~1 cloc~ pulse is applied to 11 decondition the AND invert circuit 158 cAuslng the positive 12 signal on the MW718 line to be terminat~d ehereby provlding a 13 1 microsecond posltive signal on th~ MWH~ line. Tha AND
14 invert circuit 152 i8 rendored effo¢tive by a ~4 clock pulse -15 in the pr~ent clock cycle for re3ettlng th~ MWHB CTRL latch ~16 154.
17 Referrlng now to Flg. 22c2, the positive ~gnal on the 18 MWHB line i~ inverted to a nogativo ~lgnal by inverter 162 19 to decondition the AN~ circuit 380 caus~ng a negativo slgnal to be appli~d to th~ -W ENABLE line ~nd to docondition the 21 AND lnv~rter 376 whlch, in turn, ~ppli~8 a positive s$gnal 22 to the invertQr 378 wh~re ~t i8 inYerted to a negatlve 23 ~ignal on th~ -M ENAB~E line.
24 Sign~l~ on the -M ~NABL~ ~nd -W ENABLE lin~s are used ~25 to en~ble the MR memory for writing ~nd reading opera~ion~.
26 The MK memory 700 ~hown in block form in ~igs. 22el and 22e2 27 i~ a 16 word by 4 bit CMOS random accoffs m~mory (RA~) which 28 is used for ~toring the maRter key. The MR memory 100 is Z9 addr~ed by a 4-bit v~lu~ on the addre~s line~ -ADRl, -ADR2, A~R3 and -ADR4 from the settlng of th~ ~ddress counter XI977007 _~9_ 112~10 1 39~ in Fig. 22d2. When negative signals are applied to both 2 the -W ENA~LE and -M ~NABLE lineJ, the informatlon present on 3 the 4 bit input line~ 0, 1, 2 and 3 is wrltten into the MX
4 memory 700 at the de~lgnated addres-. A transistor ~witch s 139 i~ provided in serlos wlth the -W ENABLE llne to control 6 wrltlng lnto the MX m~mory 700. ~he potontial at the base 7 of this ~wlteh i~ eontrolled by the ~ettlng of the EM switch.
8 Aceordingly, when the EW ~wlteh 1~ s-t on and a neg~tive ~ignal 9 i8 applled to the -W ENA~L~ line, the translstor 139 18 turned on to produee a negative ~lgnal on the -W ENABLE l~ne to enable 11 wrltlng into the MK momory 700 whoroaJ when the EW switeh i8 12 8et OFF the transl~tor Jwlteh 139 ~ blaJed off causing a 13 po~ltlve ~lgnal to bo malntainod on th -W ENABLE line to 14 prov nt writing lnto tho MX memory 700. Addr~ssing o~ the MX memory 700 or read~ng i8 aeeompllshed in the ~ame manner 16 aa that ~or wrltlng. Whon a po~ltivo aignal 1~ applled to the 17 -W E~ABLE lin- and a n~gatlve ~gnal i~ applied to tho -M
18 ENABLE llne, the infor~atlon whleh was written lnto the l9 de~ignated address of the MK m~mory 700 1- ro~d out ln inverted form to th- 4 bit output llnes of th~ M~ memory 700 21 and appli~d to a bu~fer regi~ter con~i-tlng of tho 4 ~hlft 22 registQr~ 702.
23 Re~rrlng now to Flgs. 22cl and 22~2, during ~3 tlme, a 24 posltlve 03L clock pul~e together wlth po~itive signal~ from the latche~ 144 and 146 render the AND invert circult 148 26 ef~ective to apply a negative signal to turn on the MAN ~S~
27 latch 150 which remains set until the next clock cycle when 28 a -~lL clock pulse i~ applied to reset latch 150 thereby providlng 29 a nsgatlve ~ignal on the -MAN ~ST llne ~rom 03L time to ~lL
time. The MAN RST l~tch 150 in bolng turned on applles a ~lZ~

1 negatlve signal via the -MAN RST line to re~et the latch 146, 2 to decondition ~he AND circuit 382, and to turn on the ma~tsr 3 ~ey ovexwrite (MX OVW) latch 276 and the Æ Y INVALID latch 278 4 in Flg 22c3 ~he AND clrcuit 382 in be~ng deconaltioned i~
effectlve to apply a n gatlve slgnal to the re~et lnputs of 6 the addre~s counter 390 reJettlng the counter to an address 7 of 0 Tho latch 276 ln being ~et applies a n-gative ~ignal 8 on the -MX OVW line to d conditlon th AND clrcult 380 to 9 malntaln a negative ~lgnal on th~ -W E~ABI~ line ~urlng the entire period of the ma~ter ~ey over~rlte operatlon The 11 negatlve signal on th- -MR OVW lin- 1- al80 applied to 12 decondition the AND lnv rt clrcult 368 whlch, ln turn, applies 13 a po~l~lva ~lgnal to condition th AND invert clrcult~ 370 14 and 374 durlng the entlr~ perlod of the MX overwrlte oporatlon Referrlng now to Flg 22¢1, at ~1 tlme of the 16 next clock cyclo, a -~1 clock pul~e i~ applled to 17 de¢ond~tion the AND inv rt circuit 158 and apply a positive 18 signal to the inverter 160 where lt ~- invert~d to a 19 negatlve signal en th MW~B llno ~hich 1~ ~alntained thereon for the balance of th ov~rwrite operation The negative 21 ~ignal i8 lnverted to a po~itiv~ ~lgnal and appli~a to one 22 lnput of the AND invert circu~t 376 ~owever, at thi~ time, 23 namely, ~1 time, po~itive 8iqnal8 are maint~ln-d ~t the inputs 24 to the AND invert circult 374 which i~ thexo~ore e~fectlve to apply a negative 8ign~1 to the other input of the AN~ invert 26 circui~ 376 to maintaln th~ AND invert clrcu~t 376 decondi-27 tioned d~pite the 8i~al chang~ on the MW~B line 28 As a r~ult, the AND inv xt circuit 376 malnta~ns a positive 29 signal output therefro~ untll alL timo when th~ -~lL clock pulse i8 zpplied to decondition th~ AND invert circuit 374 XI~77007 -71-1124~10 1 causing a po~itive signal to be applied to the AND invert 2 circuit 376. Therefore, at this ~1 tlme, the AND invert 3 circuit 376 is rendered effective to apply a negative 4 signal to the STEP CT~ line and to the inverter 278 where S it is inverted to a po~itive signal on the -M ENA9LE line.
6 It ~hould be apparent that from the time the address 7 counter 390 is reset to addre~ 0, namely, a~ 03L time, 8 until the present ~lL time negat~ve signals are maintained 9 on both the -W EN~BLE and -M ENABLE llne~ to allow a 4 bit value to be written into the MR Memory 700 at address 0.
11 Referring n~w to Fig. 22dl, whatever the bit switches 12 SW~ to SW3 happen to be set at are applied a~ a half byte 13 value via the conditioned AND circuits 164 and OR invert 14 circuits 168 to the bit inputs of the ~K memory 700. For example, if the bit sw~tch SW0 i~ set to the 1 position, 16 a positive signal is applied to render the ~ND circuit 164a 17 effective to apply a positive signal to the OR invert 18 circuit 168a which, in turn, applie~ a negat~ve signal as a 19 1 bit input to the t~K memory 700. I~ the blt switch SW~ is set to the 0 position then a po~itive signal i~ applied as a 21 0 ~it input to the ~K memory 700.
22 ~eturning now to Figs. 22c2 and 22d2, the negative 23 signal applied to the -STEP CTR line, at ~lL t~me, i8 24 inverted by inverter 388 to a positive signal and applied via the STEP CTR line to ~tep the addre~s counter to an 26 addres~ count of 1 in preparation for writing the half 27 byte value setting of switches SW0 to SW3 into the next 28 location of the MR memory 700. AND invert circu~t~ 374 and 29 376 are connected in a latching arrangement such that the negative signal output of the ~ND invert circuit 376 i~

~I977007 -72-llZ4~3~0 1 effective to maintaln the AND invert circuit ~74 deconditioned 2 after termination of the -~lL clock pulse and thereby 3 maintain a positive signal input to the AND invert circuit 4 376 whlch together with the positive signal from the inverter 162 (due to the negative signal now maintained on the MWHB
line) maintain the AND invert circu~t 376 effective to 7 maintain a negative signal output thereof ~and a posit~ve 8 signal on the -M ENABLE line). ~his condition will be 9 ~aLntain~d until ~3L t~me, when a ~3~ clock pulse i8 appl~ed to render the AND invert circult 370 effectlve to apply a 11 negative signal to now decondition the AND invert circuit 12 376. The AND invert clrcuit 376 in being deconditioned 13 applies a po~itive signal to the inverter 378 where it i~
14 inverted to a negative slgnal on the -M ENABLE line. ~he positive signal output of the ~ND lnvert circuit 376 w~ll 16 be operative ~n the latching arrangement of AND invert 17 circuit~ 374 and 376 to maintain thi~ siqnal ou~put until 18 ~lL time of the next clock cycle when the -~lL clock pulse 19 i3 applled to decondition the AND invert circu~t 374.
Accordingly, a negative ~lgnal will be maintained on the 21 -M ~NA~E line from ~3L tlme of the present clock cycle 22 which to~ether with the n~ative signal maintain~d on the 23 -W ENAB~E line, due to the AND circuit 380 being maintalned 24 deconditioned ~y the ~K OVW latch 276, allows writing of the half byte value settlng of thQ ~witches SW0 to SW3 26 into the MK ~emory 700 at addr~s 1.
27 In a ~imilar manner, each succeeding ~lL cloc~ pulse 28 will be effective to control stepping of the addres~ counter 29 290 to the next address of the ~K memory 700 and each succeedlng ~3L clock pul~e wi}l be effective to control 1~24810 1 writing the half byte value ~etting of the ~witches 2 SW0 to SW3 into the rtK memory 700 at the next address. After 3 16 such operations, the master ~ey previously stored in the 4 IK memory 700 will have been overwritten. Disclosure of the master key through unautllorized writing of trial 6 half bytes into the ~IX memory 700 i~ thwarted by this 7 overwriting operation of the previously ~tored master key 8 ~hen the ~ switch is fir~t pressed.
9 Referring now to Fig. 22d2, when the addres~ counter 390 steps to a count of 8 (the 9th location in MK memory 11 700) a negative ~ignal from the -C~ outpu~ i~ applied to set 12 the 16 STEP latch 404 which, in being ~et, applies a positive 13 signal to condition the AND circuit 406. After the 16th 14 half ~yte i~ written into the MK memory 700, the addxess counter 390 i~ again stepped, at ~1IJ time, back to an ad~re~
16 count of 0 and a pos~tive ~lgnal is applied via the -C~
17 output to render the A~D ~lrcuit 406 effect~ve to apply a 18 positive signal to the inverter 408 where ~t i~ inverted to 19 a negative ~ignal on the -16 STEP line. The negative signal on the ~16 S~EP line is applied to reset the MK OVW latch 21 276 in Fig. 22c2 which, in being re~et, applie-~ a positive 22 signal via the -MK OVW line to render the AND circuit 380 23 effective to apply a positive ~ignal to the -W ENABLE line 24 thereSy inhibiting further writ~ng into the MK memory 700.
The positive si~nal on the -.IK OVW line is also applied to 26 render the AND invert circuit 368 efectlve to apply a 27 negative signal to decondition the AND invert circuits 370 28 and 374 ~o that the -~lL and ~3L clock pul~e~ will have no 29 further effect. The jointly deconditloned AND invert circuits 370 and 374 will ~ointly apply a positive conditlonin~ signal K~977007 -74-112~81~

1 to one input of the ~ND invert circuit 376.
2 ~his completes the master ~ey overwrite operation and the 3 host operator may now proceed to load the new master key 4 into the ~K memory 700 a half byte at ~ time, for 16 times, in order to completely load the 64 bit maater key into the 6 ~iK memory 700. ~eferring to Figs. 22cl and 22dl the host 7 operator sets the switches SW0 to SW3 according to the first 8 half byte of the master key to be loaded. Following this, 9 the 'IW switch ~et to the 1' ~ O position causing a negative pulse to be applied to turn on the MW latch 138. The ?~W
11 latch 138 in being turned on applies a negative signal via 12 the ~ W line to set the MW~B CT~L latch 154 which, in being 13 set, applies a positive signal to one input of the AND
14 invert circuit 156. When the MW switch is released to the ~IWNC position, a negative signal i9 applied to reset the 16 MW latch 138 which, in being reset, applies a po~itive 17 signal to a second input of the ~D invert circuit 156.
18 Therefore, at ~1 time of the next clock cycle, a 19 Bl clock pulse is applied to render the AND invert circuit 156 effective to apply a negative signal to the inverter 150 21 where it is inverted to a positive signal on the ~WHB line.
22 ~he positive signal on the ,~WHB llne is applied to the 23 inverter 162 in Yig. 22c2 where it is inverted to a negative ~24 signal and applied to decondition the AN~ circuit 380 which, in turn, applies a negative signal to the -W ENABLE
26 line. The negative qignal from the inverter 162 is also 27 applied to decondition the AND invert circuit 376 which, in ~28 turn, applies a poRitive signal to ~he inverter 378 where it 2g is in~erted to a negative signal on the -~1 ENABL~ line. The ~30 combination of negative signals on the -W ~NABLE and -I ENABLE

KI977007 -75_ llZ4810 line~ permits the first half byte of the new master key to be passed via the ~ND circuits 164 in Fig. 22dl and the OR
invert circuit~ 168 to be loaded into the MK memory 700 at location 0. Referring now to Fig. 22cl, at ~4 time, a ~4 clock pulse in combination with the positive signal on the ~MHB
line renders the AND invert circuit 1~2 effective to apply a negative signal to reset the MWHB CTRL latch 154 which, in being reset, applie~ a negative signal to decondition the AND invert circuit 156. At ~1 time of the next clock cycle, 11 a -~1 clock pulse is spplied to decondition the AND invert 12 circuit 158 which, in turn, applie~ a po~itive signal to the -13 inverter 160 where it is inverted to a negative signal on the l~WHB line. The negative signal on the MWHB line i8 applied to the inverter 162 in Fig. 22c2 where it is inverted to a po~itive signal to render the AND circult 380 effect~ve 17 to apply a positive slgnal to the -W ENA~LE line to terminate the writing operation into the MX memory 700. The positive signal from the inverter 162 is also applied to render the '19 AND invert circuit 376, conditioned by the positive signal output from the AND invert circuit~ 370 and 374, effective to apply a ne~ative signal via the -STEP CTR line to the inverter 378 where it i~ inverted to a positlve signAl on the -M ENABLE line. The negative signal on the -STEP CTR

!5 line i5 ~lso lnverted by inverter 388 in Fig. 22d2 to a positive signal to step the addres~ counter 390 to an address count of 1 in preparation for writing into the next location of the MK memory 700. Rei'erring now to Fig. 22dl, the bit switches SW0 to SW3 are now set in accordance with the sQcond half byte of the master key for loading into the MK memory 700. The ~IW

.

~12A8~0 1 switch 1~ again set and the circultry operate~ in the ~ame 2 manner as described above wlth respect to wrltlng the f~rst 3 half ~yte for writing the next hal~ byte of the new master 4 key and stepplng the address counter 390 to the next addres~. ~his operation 18 repeated for a total of 6 16 times in order to write the 16 half byte~ of the master 7 ~ey ints the ~K memory 700.
8 After the last half byte of the new master key i8 g loaded into the MK momory 700, the EW ~w$tch $n Fig. 22cl 1~ switched off to terminate the manual wrlte oporat$on.
11 The EW ~witch in be$ng turned off Applles ~ n~gative s$gnal 12 to reset the MK BUS SELECT latch 140 and to roset the 13 ENA~LE MAN RESET latch 144 which, in being reset, applies 14 a negative signal to ~et the MAN RST CTRL l~tch 146 in preparat~on for the next time a manual write mAster key 16 operation i8 to b~ performed.
17 ADDRESS DECODING AND S~ECTION
-18 Referrlng now to Flgs. 22al and 22a2, when an IO
19 operation i~ to be performed, a n~gat$ve signal i9 appl$ed to the -~O tag l$ne. The con~entlon to be used $n the 21 following description~ are that all llne~ axe down level 22 active i.e. the ac~ive ~tate i8 the pre~enco of a negat~ve 23 signal and, in the ca3e of data, a 1 ~it i8 represented as 24 a negative ~ignal and a 0 blt ns a po~itive ~lgnal.
Information i~ recelved by the DSD on a -DATA BUS OUT and 26 may include addres~ information, command information or 27 data to be processed. Tag signals are used as control 28 signals to identlfy the nature of the lnformation belng 29 provided on the Data ~u~. ThuQ, when an addre~s is plaoed on the -DAT~ BUS OUT, a -TA signal i~ pra~ided on the 11248iO

1 -~A tag line to identify the information as being address 2 information, when a command is placed on the bus, a -.C
3 signal is provided on the -TC tag line to identify the 4 information as heing a command and when data is placed on the bus, a -TD .signal i8 provided on the -T~ tag line to 6 identify the information as heing data. ~he -IO signal is 7 inverted to a positive signal by the inverter 182 an~ applied 8 to one input of the AND invert circuit 190. At TA time, g addres~ information i~ received on the -nATA BUS OUT and a -TA ~ignal is applied to the inverter 184 where it 11 i~ inverted to a positive ~gnal and applied as a second 12 input to the AND invert circuit 19~.
13 The data security device can be per~onalized to be 14 responsive to any one of 40 po~sible addresses. ~hi3 i~
1~ accomplished by jT~npering each of the 3 pins, J5, J6 and J7 16 to either ground or +Sv, and by jumpering one pin JU to any 17 one of five others JO, Jl, J2, J3 or J4. In the example 18 shown, the wiring is 3uch that the DSD responds to the 19 addre~s lxxxxO10. The 8 bit address is pas~ed via the inverters 17~ to the parity generntor 178 which generate~ a p~rity bit 21 which is compared with the parity bit received with the 22 address~ If the generated parity bit is equal to ~he received ~3 pari~y bit a positive signal is applied vla the PARITY GOO~
24 line to a third input of the AND invert circuit 190. Aclditionally, 2~ the personalized bits from the jumpers J5, J6 and J7 are 26 compared with the inverted incoming bit~ on lines 5, 6 and 7 27 by the exclusive ~R and ~nverter combination~ 172 and 174 28 whieh produ~e positive ~ignal inputs to the AND circuit 176 29 if a match is found. The personalized bit on the JTT jumper is applied as the remaining posit~ve input to render the AND

8~0 1 clrcult 176 effectivo fox applylng a pos~tl~e ~lgn~l to the 2 remalning lntput of the AND lnvert circult 190 Accordlngly, 3 lf the personallzed addro~s havlng good parlty has been 4 det cted, then the AND ~nvert clrcuit 190 is rondered effective S to apply a negatlve ~lgnal to s-t the SEL latch 192 and to 6 de¢ond~tlon the AND circult 216 ln ~lg. 22bl whlch, in turn, 7 produco~ a -VALID B ~iqnal ~ndicating a valid addxess byte 8 pre-entatlon ~ho S8L latch ~92 remQln~ s-t throughout the 9 1/0 oporatlon unlos~ ro~et sub~equ ntly by the occaslon of a command orror whlch wlll be de~crlbed h~r~aftor Th~ SEL
ll latch 192, ln boing et, appl~e~ a po~ltlvo ignal v~a the 12 SEL llno to conditlon the AND invert clrcuits 204, 206 and 13 208 Referring now to Fig 22al, at the end of TA time, a 14 posltlve ~lgnal 18 applied to th- -Ta tag llne whlch ~ lnvort-d to a negatlve slgnal by invortor 184 to dscond~tlon the 16 AND lnvort c~rcult i90 Accordingly, AND lnvert clrcuit 17 190 applle~ a positive ~ignal to rond-r AND c~rcuit 216 18 effoctive to termlnat tho negatlvo ~gnal on the -VALID B
l9 line COMMAND DECODING
21 A TC t~me, command lnformatlon 1~ rec~lved on the 22 -DATA BUS OUT and a -TC signal 1~ proYidod to indicate thl~
23 conditlon. The lo~ oxd~r command blt (bit 7) ~p~cifle~
24 the directlon of th~ data transf~r, l e , wh-ther the I/O
25 operation i~ a ro~d ~ t 7-l) or a wrlte (blt 7-0) opsration 26 Referring now to Fig. 22~2, the I/O command byts i~ pa~ed 27 via th~ inv~rter~ 170 to the ~ND inYert clrcult~ 222 and to 28 the parity g~nerator 178 whero a par~ty bit i~ generat~d and 29 compared with the parity blt provided wlth the command byte by the exclu~lvo or 180 If the parity bit gener~ted by the 1124~

1 parity generator 178 1- egual to the par~ty ~lt aJsociated 2 with the command byte then the exclu~ivo OR 180 provides a 3 po~itlv- slgnal on th PAR~TY GOOD llne ~- a seeond 4 input to the AND invert eireuit 206 The -TC signal 18 S inverted by the lnverter 188 to a po~itive TC ~lgnal ard 6 appl~ed to the remalning inputs of the AND lnvert cireuits 7 206 and 209 The AND lnvert eireuit 206 1~ r-nd red 8 effective to apply a neg~tive ~ignal ~la -TC SEL llne to 9 the inverter 214 and to decondition the AND cireu$t 216 The

10 AND clreuit 216 ln b-lng deeondltlon d ~ppli-~ a -VALID B

11 siqnal to indicat~ that a valid ¢ommand byte ha- been

12 reeelved The inv rt r 214 inv rt~ th nogativo ~ignal to

13 a po~itive signal o~ th- TC SEL line whleh i~ applied to

14 proeedural error eireuitry, whieh ~11 be d ~er~bed hereafter, and to the other inputs of tho AND invert eireuit~
16 222 in Fig 22a2 to allow the I/O ~omm~nd byte to b~ loaded 17 into the eommand r-gi-t r 224 Th- po~itlvo signal on the 18 TC llne in eombinatlon wi~h the posltlve signal on the SEL
19 line render the AND i~vert eireuit 208, in Fig 22~1, effe¢tivo to apply a neg~tive ~lgn~l to ~et the TC END
2I lateh 210 which in being set, appl~e- a po~ltlv~ ~ignal to 22 condition the AND cireuit 218 23 Referring now to Figs 22b2 and 22b3, the command 24 and order codas of the command byte storod ln tho command regl-t~r 224 durlng q~ tlme ar- ~ecodbd by a ~er~es of AND
26 inv~rt c~rcu~ts Bits 4, 5 6, and ? ar~ decoded to produce 27 one of the ~even defined comm~nd~ d~crlbed ln the ~ect~on 28 D~D COMMANDS AND ORDERS Thu~, tho AND lnv~rt clrcuit 226 29 decode~ the PIOW data comm~nd (PIOW), tho AND lnvert clrcuit 232 decode~ the ~t baslc ~tatus command ~SE~ BS), the AND

O

1 invert circu~t 238 decode~ the reset ba~ic ~tatus command 2 (RST BS), the AND invert circuit 242 decodes the read basic 3 ~tatus command ~RD BS), the AND invert circuit 250 decodes 4 the re~et adapter command (RST), the ~ND invert circuit 262 S decodes the PIOR data command (PIOR) and the AND invert 6 circuit 266 decode~ the-WR DSD order command ~WR DSD).
7 Detailod de~cript$on of the oporation of these commands will be provided hereafter.
9 In addit~on to the command cod- provld~d by bitq 4, 5, 6 and 7 an order code WXYZ i8 provld~d by the othor four 11 blts, namely, bitJ O, 1, 2 and 3 1~ the command i~ a WR DSD
12 command. Thu~, bit~ 0, 1, 2 and 3 of tho order code are 13 decoded to produce ono of the flve previou~ly defined 14 cipher handling order~ or one of the two previou~ly defined d~ta proce~sing order~. Accordingly, the AND inv4rt circuits 16 280 and 302 decode a portion of the cipher key handling and 17 data proces~ing order~ ~or (WMK) and ~ENC or DEC), respectivsly, 18 the AND $nvert c~rcu$ts 288, 314, 324, 340 and 341 decode 19 thQ c~pher key handling orders ~DECX), (GRN), (RF,~K), (EMK~) and (EMKl), respect$vely. Detailed decryption of the operation 21 o~ these order~ will be provided hereafter.
22 Referring now to Flg. 22al, at the end of TC t~me, a 23 positive ~ignal i~ applied to the -TC tag line which is 24 inverted to a negative ~ignal by the lnvarter 18~ and applied via the TC line to d~condltion the AND $nvert circuits 206 26 and 208. Accordingly, d~conditioned AND invert circuit 206 27 applie~ a pos~tive s$gnal to rcnder AND circuit 216 effective 28 to term~nate the negati~Q sign~l on the -VALID B llne. The 29 po~itiYe ~lgnal from d~conditionod AND ~nvcrt circult 206 $8 XI97~007 -81 4aio 1 also anplied to inverter 214 where it is inverted to a 2 negative slgnal on the TC S~L line and applied to the 3 ~rocedural error c~r~uitry and to decondltion the AND invert 4 circuits 222 associated with the command register 22~ in ~ig. 22a2. The deconditioned AND invert circuit 208 applies 6 a positive signal to render the AND circuit 218, conditioned 7 by the positive signal ouput of the TC End latch 21~, 8 effective to apply a positlve signal on the TC END line.
9 If bit 7 of the decoded command code is a 1, indicating a read operation, then positive ~ignals on the bit 7 line and 11 the TC END line are applied to render the AND invert circuit 12 220 e~fective to produce a -P Valid Rignal to ind~cate that 13 the parity of the data ~yte to be subse~uently pre~ented to 14 the -DATA BUS I~ i8 valid. This is 80 ~ecause the nsD ~lwa~s provi(les correct parlty for data bytes it applies to the 16 -DAT~ BUS I~ for read type com~andq. The po~itive signal 17 on the TC ~ND line i~ al50 applied, in Fig. 22b2, to the 18 inverter 244, ~ND circuit 254, inverter 258 to control the 19 operation of the P~EAD B~, RST and PIOR command~, respectively, and to AN~ invert circu~t 3S6 in Fig. 22c4 to control the 21 command error detection, all of which will be de~cribed in 22 ~reater detail hereafter.
23 CO~D ~R~OR DETECTION
24 Referring now to Fig~. ~2b3 and 22c4 if one of the legal co~mands has been decoded, then a negative ~i~nal is 26 applied to decondition either AND clrcuit 350 or AND invert 27 circuit 352 to apply a positive signal to the L~GAL CMD
28 line. The po~itive ~i~nal on the LEGAL C:ID line is inverte~' 29 by inverter 354 to a negative signal which 1~ applied vla the .~O LEGAL C~ID line to decondition the AND invert circuit ~I977007 -82-~iZ4810 l 356. The AND invert circui~ 356 in be~ng deconditioned 2 applies a positive signal which has no effect on the CMD ERR
3 latch 358. On the other hand, if none of the legal commands 4 are decoded, then the AND invert circuit 352 i~ rendered S effective to apply a negativ~ ~ignal to the invert~r 354 6 where it i8 inverted to a positive signal and applied via 7 the NO LE~AL CND line to conditlon the AND invert circuit 8 356. ~t the end of TC time, the po~it$ve signal on the 9 TC END line is applied to render the AND invort c~rcuit 356 effective to apply a negative signal to ~et the C~D ERR
11 latch 358 which in being ~et, Applles a negative 12 ~ignal via the -CM~ ERR line to resQt the 8EL latch 192 in l3 ~ig. 22al thereby de~lecting the DS~ du~ to the command 14 error. Referring now to ~ig. 22i2, the negatlve signal on the -CMD E~R line i~ al~o applied to ~et the m~chine check 16 b~t latch 954 E (bit 5) of the ~tatus regi~ter 952.
17 SY~C TD
18 At TD time, a -TD ~ignal i~ provlded to lndlcate that l9 a data byte i~ present on the -DATA BUS OV~ or that a d~ta byte i8 on the -DATA BUS IN depending upon whether a wrlte 21 or read operation i~ to be performed. Additionally, becau~e 22 the clock 100 may run asynchronou~ly with re~pect to the 23 proces~or, it is necessary to provide a speclal timing 24 signal for use during certa~n operation3, this slqnal being called the SYNC TD siqnal. Thi~ ~ignal begins at pl time 26 of a clock cycle coinciding with or following the beginning 27 of a T~ time and l~sts until ~1 time of the n~xt cloak 28 cycle. It then remain~ inoperative untll the next occurring 29 TD tlme.
Re~erring now to F~g. 22al, at TD tlme, the -TD ~lgnal ~I977007 -83-112~810 1 is applied to the inverter 186 where it is inverted to a 2 positive TD signal and applied in combination with a positive 3 signal ~rom the SYNCH latch 196 to condition the AND invert 4 circuit 198. ~t ~1 time, a pl clock pu186 iS applled to render the AN~ invert circuit 198 effsct~ve to apply a 6 negative slgnal to the ~nverter 202 where it i~ inverted 7 to a po~itive sign~l on the SYNCH TD line. At ~4 time, a 8 ~4 clock pulse in combination with the positive signal on 9 the SYNCH TD line render the AND invert circult 194 2ffective to apply a negative ~lgnal to re~et the SYNCH latch 196.
11 At ~1 time of the next cloc~ cycle, a -~1 signal i9 applied 12 ~o decondi~ion the ~ND invert circuit 200 cau~ing a po~itive 13 signal to be applled ~o the inverter 202 to terminate the 14 posltive slgnal on the SYNCH TD llne, the po~ltive ~ignal having been pre~ent for a 1 u~ec clock cycle per~od. The 16 po~itive ~gnal on the SYNCH TD line i8 used to ~ynchronize 17 the PIOW data and WR DSD command~ a~ will be de wribed in 18 greater detail hereafter.
19 Referring now to F$g~. 22al and 22~1, if the SEL latch 192 has not been reset by a command error, then positive 21 cignals on the S~ and TD line~ are applied to render the 22 A~D invert circuit 2~4 effectlYe to apply a negatlve signal 23 via the ~TD SEL line to the inverter 212 and to decondition 24 the AND ci~cuit 216 cau~ing a -VAL~D B signal to be produced indicating that the DSD wa~ selected and a legal command wa~
26 decoded. The inver~er 212 invert~ the negatlve signal to a 27 positive signal on the TD SEL line whlch i8 u~ed to detexmine 28 whether there wa~ a crypto eng~ne data error during the 29 execution of a PIOR Data command whlch w~ll be de~cribed in greater detail here~fter and for controlling write error .I9770~7 -84-llZ4810 1 detection which w$11 be doscribed ln the next section 2 Referrlng now to Fig 22al, ~t the end of TD tlme, a 3 po~itive signal i8 applied to tho -TD tag line which ~8 4 inverted to a negatiYo ~ignal by th- inverter 186 and applied via the TD line to do¢ondition th~ AND invor~ circuit 204 6 The AND invert circuit 204 in belng decondltloned c~u9e8 a 7 positive signal to be ~ppliod to the -TD SEL line which, 8 in turn, is applied to the ~n~erter 212 and to render the 9 AND circuit effecti~e to terminate the negative ~ignal on the -VALID B lino 5h- inverter 212 lnverts tho pO9~ tiYe 11 signal to a negative ~lgnal on the TD SE~ line which is 12 applied to deconditlon the englne ~rror circultry in 13 Fig 22h3, to control c$rcuit~y in ~ig. 22b2 for terminat$ng 14 the operation of the SET BS or RS~ B8 command~ and to decondition the write error circuitry in Fig. 22b3 16 Following the ond of TD time, the IO operatlon end~
17 and a positive signal $8 applied via tho -IO tag line to 18 the invert-r 182 where it i8 invort-d to a nogative signal 19 to re~t the SEL latch 192 and th- WR ERR latch 364 in Fig 22c4 The SEL latch 192 ln b~ng reset applles a 21 negative ~ignal to reset the command resister 224 ~n Fig 22 22a2 to reset the TC END latch 210 which, in being re~et, 23 applies a negative signAl to decondltlon th~ AND circuit 24 218 thereby terminating the po~iti~e ~gnal on the TC END
line Th~ d~conditioned AND circuit 218 C~U~8 a negative 26 ~ignal to be appliod vi~ the TC END l~n~ to decondition 27 the AND invert circuit 220 th~reby terminatlng the negative 28 ~lgnal on ~he -P Valld lin~ Tho co~mand register 224 in 29 being res~t decondltion~ all of the decod~r circuitry in Figs 22b2 a~d 22b3 1~2~

WRITE ERROR DETECT~ON
2 Referring now to Fig~. 22b3 and 22c4, if a legal command 3 ha~ been decodea, indicated by a positlve 3ignal on the LEGAL
4 C;~D line, and the command i9 of the write type, indicated by S a po~itive ~ignal on the -7 line, and if the data byte on 6 the BUS IN ha~ bad parity, indicated by a po~itive -~ignal on 7 the PARI~Y BAD line, then, at ~D time, the poqitive ~ignal 8 on the TD SEL line is applied to render the AND invert 9 circuit 362 effective to apply a negative signal to ~et the WR ERR latch 364. This latch will remain ~et for the duration 11 of the IO opexation or until the end of TD time for a RST
12 com~and. The WR ERR latch 364 in beinq ~et applies a pos$tive 13 signal to set the status bit 3 latch 954D in the ~tatus 14 regi~ter 952 in F$g. 22i2 to record the fact that a write error was dstected.

17 If the DSD has been properly addre~sed and selected and 18 if the command byte ~pecifie~ an order code not recognized 19 by the DSD, then thiY condition will be detected and the statu~ bits 0 and 2 of the status regi~ter eet to indicate 21 this illegal order co~dition. More ~pecifically, referr~ng 22 to ~ig. 22b2, if a WR DSD O~DER command i~ decoded by the AND
23 invert circuit 266, a negative signal i8 applied to the 24 inverter 268 where it i8 inverted to a po~itive ~ignal and applied via the WR DSD ORDER line to condition the AND
26 circuit 270. At TD t~e, the po~it~ve signal on the 27 SYNCH TD line is applied to render the AND circu$t 270 28 effective to apply a po~itive ~ignal via the WR ORD TI~E
29 line to one input of the AND invert circuit 348 in Fig.
22b3. The other inputs to the AND invert circuit 348 are ~I977007 -86-~24~10 1 the legal order code~ recogni2ed by the DSD. If none of 2 these order codes occur, then positive signals are applied 3 to the remaining inputs of the AND lnvert circu~t 348 rendering 4 it effective to apply a negative s~gnal ~ia the minuQ ILG
ORD linQ to set the st~tus bit Q ~nd 2 latches 954a and 6 954c of the status registsr 952 ln Fig. 2212.
7 WRITE MASTER KEY ORDE~ OPERATION
8 A general descriptlon of this operation will first be 9 given followed by a more detailed de~crlption. Provided that the EW switch ha~ been prevlously set to the on po~ition, 11 three latches are set ~hen this order 1~ decoded, nam~ly, the 12 WMK latch 274 in Fig. 22c3, the key invalid latch 278 and the 13 master key overwrite latch (MW OVW) 276 ln Flg. 22c2. The master 14 key overwrlting funct~on, which i~ provldod to destroy the previously stored contonts of the M~ memory 700, i8 accomplished 16 by a~t~vatlng the write en~ble line, pulsing the memory ena~le 17 line and stepping the addreJs counter 390 ln Fig. 22b2. Whatever 18 happens to be present as bits 0, 1, 2 and 3 on ~he ~US IN
19 will be writtQn into th~ MK memory in all location~. The MK
OVW latch 276 remains set for 16 micro~econds and is reset 21 after the 16th MK memory lo~at~on ha~ been overwritten. Thereafter, 22 the actual master key ~s written with blt3 0, 1, 2 and 3 from 23 the data fields in ~ ~er$es of 16 PIOW data command~ wlth one 24 m~crosecond write enable and memory enable sign~l~ being provided for each SYNCH TD time. The address eounter 390 is stepped 26 at the con¢lus$on of each pul~e~ There ~ no automatic termination 27 of the write master koy order. After the 16th half byte ha~ been 28 wxitten into the MK memory 700, a RST command must be i~sued 29 to reset ~he WMX latch 274 and reg~rdless of whether the operatlon is under term~nal control or manua} control the ~W switc~ must KI~77007 -87-11248~0 1 be set to the off po~ition. The key invalid latch 278 is left 2 set and no data can be proce~ed until after a valid key is 3 installed in the crypto engines by a DECR order. If 4 the WMK order i8 issued while the EW ~wltch i~ ~et in the off po~ition, there i~ no action oth~r than recording a 6 procedural error. The WMK order i8 performed infrequently 7 and i9 done only under phy~ically secure conditions, ns the 8 master ~ey appear~ in clear form in the machine at this time.
9 A more detailed de~cription of the write master key order operation w$11 now be given and should be foll~wed in con~unction 11 with the timing diagr~m of Fig. 24. After addre~ s~lection 12 at TA time and loading of the comm4nd reg$~ter 224 13 at TC time, the command code 1~ decoded by the AND inverter 14 circuit 266 in Flg. 22b2 to produce a n~gative signal which i8 inverted to a positive signal by the inverter 268 16 on the WR DSD ORD~R lin~ thereby indicating the pre~ence of 17 a WR DSD order command. The positivo signal on the WR DSD
18 ORDER line i5 applied to condltion th~ AND circuit 270. At 19 the same time, a portion of the order codo i~ decoded by the AND invert circuit 280 to apply a negative signal via the 21 -W~K DEC line to the inverter 282 where it ~ inverted 22 to a positive ~ignal and applied via the WMK line to 23 one input of ~he AND $nvert circuit 272. A positive ~ignal 24 on the -Y line p~xsonalizes thi~ order a~ a ~K order and i~
applied ~o a ~econd input of the AND invert circuit 272.
26 Referring now to Fig. 22cl, the EW switch will have prevlsusly 27 been set to the on posit~on, thereby permitting a positive 28 signal ~rom the +SV sourc~ to be applled ~8 a third input to 2~ the AN~ invert circult 272 in Fig. 22b2O At TD time, a po~it~ve signal i~ ~pplied via the SYNCH TD l~ne to render th~

~;2~8~0 1 conditioned AND circuit 270 ef~ective to apply a positive 2 signal via the WR ORD TI~E line to the remaining input of 3 the AND invert circuit 272. Accordin~ly, the ~ND invert 4 circuit 272 i~ rendered effective to apply a negative signal S via the -SET ~;IK llne to set the WMK l~tch 274 in Fiq. 22c3 6 and to ~et the ~K OVW 276 in Fig. 22c2. The MK O~ latch 276 7 in being set applie3 a negative ~ignal via the -MK OVW line 8 to decondition the AND circuit 3~0 and the AND inver~ circuit 9 368. The deconditioned AND circuit 380 applies a negative signal to the -W ENABL~ line to prepare the ~K ~emory 700 11 for a writing operation. The AND invert circuit 368 in 12 being deconditioned applies a positive ~ignal to condition 13 the AN~ invert circult 370 and 374, in a manner a~ previously 14 de~cribed in the manual W~K op~ration, for producing the ,~ucces~ive signals on the -~I ENABLE line during the memory 16 overwrite operation. The ~K latch 274 remain~ ~et for the 17 remainder of this operation and applies a po~itive signal to 18 the W~lK line and a negative signal to the -h~ line. The 19 positive signal on the WMK line i6 applied to condition the A~ invert circuit 366 in ~ig. 22c2 in preparation for 21 writing the new master key into the .~ memory 700. ~he 22 negative signal on the -T~MX line i~ applied to set the 23 ~EY INVALID latch 278 which remain~ ~et for the remainder 24 of this operation and will be reset only after a valid key is installed in the crypto engine~ by either a LKD or ~ECK
26 order, either o~ which wil~ cau~e a reset of thi~ latch.
27 The neqative ~ignal on the -~n~ line ~ also applied to 28 decondition the AND invert circuit 298 in Fig. 22c4 cau~ing 29 a positive ~ignal to be applied to the K ORD line and via inverter 300 a negative signal to ths -~ ORD indicating 48~0 1 that a key order operation i8 being performed.
2 Referring now to Fig. 22c2, at ~3L time, a ~3L clock 3 pulse i8 applied to render the AND invert circu~t 370 effective 4 to apply a negative signal to decondition the AND invert circuit 376 which, ln turn, applies a posltlve signal which 6 is inverted by the inverter 378 to a negative ~ignal on 7 the -M ENABLE line. Accor~ingly, the pre~ence of negative 8 ~lgnal~ on the -W ENABLE and -M ENABLE line~ enabl~s the MK
9 memory 700 for a wrlte operation. Rof~rring now to Fiq. 22cl, since the ~ switch has not operated, the MW latch 138 11 rema~n~ re~et and likewise the MK BUS SELECT latch 140. The 12 MK BUS SELECT latch 140 in being in a reset ~tate applie~ a 13 positive signal to condition the AND cirauit~ 166 and a 14 negative ~ignal to docondition the AND circult~ 164 in Fig.
22dl. In this case, the half byte value ~ 8 not taken from 16 the manusl switchQs SW0 to SW3 but rather from whatever 17 happens to be present on the bits 0, 1, 2 and 3 line of the 18 BUS I~ which will now be wrltten into location 0 of the r~lx 19 memory 700. R~ferring now to Fig. 22c2, the positive signal produced by the AND invert cixcuit 376 i8 applied to the AND
21 invert circuit 374 the other input~ of whiah have positive 22 signal3 maintained thereon at this time causlng a negative 23 signal to be applied to the ~ND invert circuit 3~6 to maintain 24 the positive signal output thereof untll ~lL time of the next clock cycle. At that time, a -~lL clock pulse 26 is applied to decondition the AND invert clrcuit 374 which, 27 in turn, applies a positive signal to ronder the AND circu~t 28 376 effective to apply h negative ~gnal to the -ST~P CTR
29 line and to the inverter 378 where it i~ inv~rtsd into a po~itive signal on tho -M ENABLE line. The negative signal ~CI977007 -90-li2~10 1 on the -STEP CTR line i8 inverted by the inverter 388 in 2 Pig. 22d2 to a positive si~nal which i8 applied via the 3 -STEP CTR line to step the address counter 390 to an address 4 count of l indicating the next location of the l~tK memory 700. In a similar manner each Rucces~ive ~3L clock pulse is 6 effective to control the application of a negative ~ignal on 7 the -il ENABLE line to permit half byte value on the BUS IN to 8 be written into and o~erwrite the previous master key hal~ byte 9 at that location and each succeeding ~-~lL clock pulse is effective to control the termination of the negative si~nal 11 on the -M E~A~LE line and to step the addreRs counter 390 to 12 the next location as previously described in connection with 13 the manual write master key operation. Similarly, when a 14 count of 16 ls reached and the address counter 390 returns to an addres~ count of 0, the negative ~ignal on the -16 16 STEP line is applied to rese~ the MK OVW latch 276 to 17 thereby terminate the MK overwrtte operation.
18 Following the end of the M~ overwrite operation, the 19 first of 16 PIOW dat~ commands i8 provided to the ~SD.
After addre~s selection during the TA time and loadin~ of 21 the command byte in the command reg$~ter during TC time, in 22 A manner previou~ly described, the AND invert circuit 226 in 23 Fig. 22~2 decodes this command and applies a negative ~ignal 24 via the -PIOW DATA DEC line to one input of the OR invert circuit 230. At TD tlme, a positive signal on the SYNCH TD
26 line is inverted by the inverter 228 to a negative signal to 27 the other input of the OR invert circuit 230 which, in turn, 28 applies a positive signal to ~he PIOW DATA line. The positi~e 29 si~nal on the PIOW DA~A line ls applied to the AND invert circuit 366 in ~i~. 22c2 which in combination with the ~12'~310 1 positive ~ignal on the l~K line renders the AND invert 2 circuit 366 effective to apply a negative 41gnal to de-3 condition the AND circuit 380 and the AND invert 376 for the 4 period of the SYNC TD pulse. The AND circuit 380 in being deconditioned appliQs a negative signal to the -W ENABLE
line. ~he AND invert circuit 3?6 in being deconditioned 7 applie~ a po~itive slgnal whlch i8 inverted by inverter 378 8 to a negative signal on the -M ENABLE line. The combination 9 of negative signals on the -W ENABLE snd -M ENABLE lines permit the bits 0, l, 2 and 3 of the data field a~sociated 11 with the PIOW command, which is the fir~t half byte of the 12 new ma~ter ~ey,to be written into location 0 of the MX
13 memory 700. At the end of SYNC TD time, a negative signal 14 is applied to the SYNC TD line which is inverted by inverter 228 in Fig. 22b2 to a po~itive ~ignal which renders the AND
16 invert circuit 230 effective to apply a negative signal via 17 the PIOW DATA line to decondition the AND invert circuit 366 18 in Fig. 22c2. Accordingly, AND invert circuit 366, in being l9 deconditioned, applies a positiv~ signal to condition the ~ND circuit 380 and the AND lnvert circuit 376. The AN~
21 circuit 380 in being conditioned applies a positive signal 22 on the -W ENABLE line whlle the AND invert circuit 376 in 23 being conditioned applies a negative ~ignal to the -STEP CTR
24 line and i~ inverted by the inverter 3?8 to a po~itive signal on ~he -~ ENABLE line. The pos$tive signals on the 26 -W ENABLE AND -~ ~NABLE line~ lnhlbit further writing 27 operations into the MK memory 700. ~he negative signal 28 on the -STEP CTR line i~ inverted by ln~erter 388 in 29 Fig. 22d2 to a po~itive signal on th~ STEP CTR line to step the addre~ counter 390 ~o an addre~ count of 1 repreQenting XI977007 -92~

1~24810 1 the next address for the MK memory 700. In a similar manner, 2 succeeding negative signals on the -W ENABLE and ~ NABLE
3 lines are provided for succeeding SYNC TD times to write 4 the succeeding half bytes of the new master key into the `1~
memory 700 with the address counter ~90 being stepped at the 6 conclusion of each succeeding SYNC TD signal.
7 After the sixteenth half-byte value has been written 8 into the ~IK memory 700, the WMK order operation is completed 9 ~y setting the rw switch in Pig. 22cl to the off position which, in turn, causes a negative signal to be applied 11 to decondition the AND invert circult 272 in Fi~. ~2h2 and 12 inhibit the performance of any subsequent ~K order operation 13 so long as the ~W switch remains off. This concludes the 14 description of the ~K order operation. However, it should be noted that the t~R latch 274 in Fi~. 22c3 remains set 16 until ~uch time as a RST command is issued to re3et this 17 latch and that the KEY INVALID latch 278 al~o remains set 18 and no data can be processed until after a valid key is 19 installed in the crypto engine by ~ DECK order as will be described in greater detail hereafter.
21 RESET ADAPTER CO~AND OPE~ATION
~2 The execution of this command cause~ a RST sl~nal to 23 be created ~rom the end of TC time until the end of I/~
~4 operation. Thi~ signal is used to reset all counters, flip-flops and latches in the adapter and control section.
; 26 Nothing in the crypto engines are reset and the data field 27 associated with this command is ignored. The same reset 28 signal can also be created by a discrete reset ~ignal on 29 the -RESET line from the I/O interface.
A more detailed de~cription of the reset adapter ~124810 1 command operation will now be given in conjunction with the 2 tlming diagram in Fig. 24. After the address selection is 3 performed during TA time and the command byte is loaded into 4 the command regi3ter during the TC time, as previously described, the ~ND invert circuit 250 in Fig. 22~2 decodes 6 the RST command code and produces a negative signal which 7 is applied to the inverter 252 where it is inverted to a 8 positive signal and appl~ed to one input of the ~ND circuit 9 254. At TC time, a positive signal ~n the TC END line is applied to render the AND circuit 254 e~fective to apply a 11 positive signal to the OR invert circuit 256 which, in turn, 12 applies a negative signal on the RST line. A similar 13 operation may be initiated by a discrete negative signal on 14 the -RESET line from the I/O interface in F~g. 22a2 which is inverted by the inverter 248 to apply a po~itive signal ~o 16 the O~ invert circuit 256 which, in turn, applies a negative 17 signal to ~he -RST line. As mentioned above, thi ~ignal is 18 used to reset all counters, flip-flops and latche~ in the 19 adapter and control sect~ons that are not automatically re~et by the clock 100 or tag -~ignals~ If this comQand is 21 issued after a W~IX order ~ommand, then the negative signal 22 on the -RST line is applied to reset the WMK latch 274 which, 23 in being re~et, applies a positiv~ signal on the -~ ~ line 24 to render the AND invert circuit 298 in Fig. 22c5 effective ~ to apply a negative signal on the K ORD line and via the 26 inv~rter 300 a positive signal on the -K ORD line.
2 7 INPUT/OUTPUT MAN~GE~iEN~ AND CONTROLS
28 Be~ore proceeding to various order commands which 29 involve the use of the crypto engine, a description will be given of the I/O management technlque used in the 1 DSD as well as some of the major controls used in such 2 management. Referring now to Figs. 22fl and 22~1, one of 3 the crypto engines i~ ~hown in block form and includes a 64-4 bit input/output buffer reqi~ter divided into an upper buffer register UBR 100 and a lower buffer register LBR 150 6 of 32 bits each. The buffer register i~ u~ed for both input 7 and output operations in a mutually exclusive manner for 8 receiving an input block of data by a series of 8 PIOW DATA
9 commands, termed an input cycle or for producing an output block of data ~y a series of 8 PIOR data command~, termed an 11 output cycle. During each input cycle, an 8 byte block of 12 input data i8 written into the buffer regi~ter on a serial-13 by-byte basis from the terminal me~ory and during each 14 output cycle an 8 byte block of output data is read from the lS buf~er register on a ~erial~by-byte basis to the terminal 16 memory. During the input cycle, each received byte i5 17 parity checked for odd parity over nine bit~ and during the 18 output cycle to each byte is appended a parlty bit to achieve 19 odd parity over nine bits. Principal input/output controls which are used for the I/O managem~nt include: (1) an 21 input cycle latch 454 in Fig. 22e3 whtch is set by a PIOW
22 data command, except during the execution of a l~ order 23 command, and remain~ set until after 8 PIOW data commands 24 have been counted by a byte counter 448 in Fig. 22d4; (2) an output cycle latch 464 in Fig. 22e3 which iQ set by a 26 PIOR data command, hy the conclusion of the input cycle ~7 during the LXD order operation or by the conclusion of the 28 deciphering prQce~s during the execution of the DECK order 29 operation, and remain~ set until after the 8 PIOR data commands have ~een counted or until after 8 buffer to key ~1;248iO

1 register shifts have been counted by the byte counter; ~3) 2 a byte counter 448 which counts the numbor of shifts of the 3 buffer register a~ lt is being loaded or unloaded by PIOW or 4 PIO~ data commands, respoctively, or as a cipher key is being tranaferred from the buffor regi~ter to the key regi~ter;
6 and ~4) a block counter 414 in Fig 22d3 which i~ set at the 7 end of every input cycle and is r-set at ths end of every 8 output cycle 9 CRYPTO ENGINE CONTRO~S
The arypto engine u~ed in the present invention is 11 similar in detail to that shown and do~cribod in the afore-12 mentioned U S Pat-nt No 3,598,081 One differenc~ between 13 the engine shown ln the aforementionod patent and that in 14 the present invention i~ that in th- aforementioned patent the crypto ongine i~ providod with ~oparate input and output 16 buff~r register~ wh-roas in the crypto engine of the present 17 invontion a single input/output bufer regi-ter is provided 18 and used, in a mutually exclusive manner, for ~nput/output 19 oper~tisn~ However, while thero i8 a diff-rence in design detail betw en ~he provious and the pre~ent crypto engine, 21 the algorith~ per~ormod by both i~ identical Add$tlonally, 22 the crypto engine of the afore~entioned patsnt dlsclo~es how 23 the basic ~ncipher~docipher operatlon~ are performed with 24 the cipher key bein~ loaded dlrectly lnto the key register a~ a working key whereas, in the pre~ont lnvontion, in 26 addition to being loaded directly into the key regi6ter from 27 the MX memory 700, it i8 also loaded a~ a worklng key into 28 the key regi~ter via the input/output buffer register when 29 ~he cipher key i~ provided frcm th- host memory during a DECK operation The detall~ of the~e modification~ of the i ~1~481~

1 prior crypto engine are shown in Fig. 25a to ~ig. 25c 2 and correspond to Figs. 3a to 3d of the aftorementioned 3 patent with the notations used being identical for both 4 except for the lines labeled ER and L~R which correspond to lines labeled LB and IBT in the aforementioned patent.
6 The variou~ control ~ignals used in the crypto engine 7 and thelr function will be generally described in the 8 following and the operation of the modified crypto engine 9 will be described ln con~unction with the detailed descriptions of the variou~ command operation~ which 11 will be deqcribed hereafter.
12 Load Input Buffer (LIB) - This signal is u~ed for 13 loading and unload~ng the buffer reg~ster~ UBR 100 and LBR
14 150. During ~n input cycle, this Q~gnal cause~ a data byte pre~ently on the BVS IN to be latched in and ~imultaneou~ly 16 shifted in th¢ buffer regi~ter~. After ei~ht such actions, 17 the loading operation is complete. During an output cycle, a 18 data byte i~ outputted, after which thi~ ~ignal cause~ the 19 buffer register~ UBR 100 and ~BR 150 to be ~hifted in prepaxation for outputting the next data byte. P~fter eight 21 such actions, the unloading operation i~ complete.
22 Load ~ey Register From Buffer ~LKB) - Thi~ signal is 23 e~sentially identical to the LIB signal and i~ produced 24 during the output cycle of LKD or DECK operations causing the buffer register outputs to be latched into the key 26 registers UKR 350 and LKR 400.
27 Load Data Register (LDR) and End of Last Round (~LR? -28 The~e signals are simultaneou~ly produced from the same 29 source with LDR cau$ing the content of the buffer register UB~ 100 and LBR 150 to be transferred to the data registers 112A8~0 1 UD~ 200 and LD~ 250 and ELR causing the contQnts of the data 2 registers UDR 200 and LDR 250 ~via the cipher function 3 circuits) to be transferred to the buffer registers UBR 100 4 and LBR 150, the simultaneous action constituting a swap of the contents of the buffer and data registers.
6 Engine Busy (EB) - This control signal is produced 7 during actual da~a ciphering operationæ and occurs from the 8 end of the input cycle to the end of the last of the 16 9 rounds of the cipher function.
End of Round (ER) - This signal i8 used to latch up 11 the intermediate results of each round in the data reg$sters 12 UD~ 200 and LDR 250.
13 ~nd of Round 16 (ER16) - This signal is used to latch 14 up the final result output of the cipher function circuits to the lower data regl~ter LD~ 250.
16 Load Ma~ter Key tLDX) - This signal cause~ the contents 17 of the MK memory buffer 702 to be latched into the key 18 registers UKR 350 and LKR 400.
19 Shift ~ight (SR), Shift kight and Recirculate (SRR) and Shift Left (SL) - The SR ~ignal is used to shif~ the key 21 registers UKR and LKR 400 to the right when a cipher key 22 is being loaded from ei~her the ~K memory 700 or the buffer 23 registers UBR lO0 ~nd LBR 150. ~he ~RR ~ignal configures 24 the key register UKR 350 and LXR 400 into two recirculating right ~hifting regi~ters. During the decipher process, the 26 S~ and SRR control signals cause the key registers to be 27 shifted to the right~ During the encipher operation, the 28 SL control signal configures the key registers UKR 350 and 29 LKR 400 into two recirculating left shifting regis~ers which are shifted to the left.

2 The function of thi8 operation i~ to decipher an enciphered 3 operational Xey and then load the operational key in 4 clear form as the working key in the key regi~ters of the S crypto engines for sub~equent data proces~ing operations.
6 When the order code specifying this order is decoded, a 7 decipher key (DECg~ lat~h is ~et, a load ma~ter key t~K) 8 latch is ~et, the key ~nvalid latch i~ reset (having been 9 set and remain set by a previous WMR order command if that command preceded the pre~ent one) to permit data to be 11 subsequently proce~ed ~ince a new working key is to be 12 written into the key regi~ters of the crypto engines by the 13 present operation and an encipher (ENC) latch is reset so 14 that the processing mode ~ set for a decipher oper~tion.
With the LMK latch set, the contents of the ~X memory i~
16 cau~ed to ~e read out and transfQrred, a byte ~t a time, to 17 the crypto engines. The maqter key is parity checked, a 18 ~yte at a time, and loaded as a working key directly into 19 the key regi~ters of the crypto engine~. Concurrently with (or after) loading the ma~ter key lnto the key reqisters, a 21 ~erie~ of 8 PIOW commands are received with the d~ta fields 22 associated with the command~, con~titut~ng the enciphered 23 oper~tional key to be dec~ph~red under control of the master 24 key, being loaded into the buffer register~ of the crypto engines. The first ~uch command ini~iate~ an input cycle 26 and a byte counter counts each such command received. After 27 the 8 PIOW command~ have been received and the 8th byte 28 wri~ten in~o the buffer register~, then, at ehe 8th count, 29 the input cycle ends, the enclphered operational key i~

1 transferxed from the buffer registers to the data registers 2 of the crypto engines, a block counter is set and the crypto 3 engines start a decipher operation whlch ls inaicated by 4 the generation of an engine busy signal. At t}le end of the S decipher operation, the operational key, now in clear form, 6 is loaded into the buffer registers of the crypto engines 7 and an output cycle is ~tarted. During the output cycle, 8 the buffer registers and the key registers are ~hifted in 9 -~ynchronlsm, once for each clock cycle, cau~ing the operational key pre~ently in the buffer registers to be shifted into the 11 key register~. During thi~ tran~fer, the byte counter 12 counts the clock cycles and after the 8th count, the output 13 cycle ends, the block counter is reset and th~ ~ECX latch 14 i~ reset to end the operation. Any attempt to read the contents of the buf~er registers while the operational key 16 i~ present in clear form will be detected and cause a 17 procedural error aR will be de~cribed in greater detail 18 hereafter.
19 A more detailed description of the declpher key operation will now be given in con~unctlon with the timing diagrams of 21 Figs. 26a-26c. After address selection at TA time and loading the 22 command byte into the command register at TC time, the command 23 code is decoaed by AND invert circuit 266 in Flg. 22b2 to 24 produce a negative signal which i8 inverted by inverter 268 to a po~itive signal on the WR DSD ORDER line thereby indicating 26 the presence of a W~ DS~ order command. At the same time, 27 the order code is decoded by the AND invert circuit 288 to 28 apply a negative ~ignal via the -DECK DEC line to the inverter 29 290 where it is inverted to a positive signal and applied to one input of the ~ND invert circult 292. At TD time, a KI977007 -lO0-1 positive ~ignal is applied via the SYNCH TD line to render 2 the ~r~D circuit 270, conditioned by the po~itive signal on 3 the WR DSD ORDER line, effective to provide a positive 4 signal on the WR O~D TIME line which i~ applied to the remaining input of the AND invert circult 292 to render it 6 effective to produce a negative signal on the -SET DECK
7 line. The negative signal on the -SET DECK line is applied 8 to set the DECK latch 296 in Fig. 22c3, to reset the key g invalid latch 278, to set the LMK latch 566 in Fig. 22g4 and to decondition the AND invert circuit 368 ~n Fig. 22c2. The 11 AND invert circuit 368 in being deconditioncd applies a 12 po~it$ve signal to condition the AND invert circuits 370 and 13 374 which w~ll be us~d for controlling a MR memory readout 14 as will be de~cribed hereafter. The LMX latch 566 in being set applles a negative slgnal via the -LMK line, in Fig. 22c2, 16 to maintain the AND invert circu~t 368 deconditioned and 17 thereby malntain the AND invert circuits 370 and 374 conditioned 18 while the LMK latch remRins set i.e. during th~ MK memory 19 read out time. Referring now to Figs. 22c3, 22c4 and 22d5, the DECK latch 296 in being set applie~ a negative ~ignal via 21 the -DECK line to decondition ~he AND lnvert circ3~it 298 22 which, in turn, applies A positi~e signal on the R O~D line 23 and via inverter 300 a negative ~ignal on the -K ORD line 24 thereby provlding ~ndlcations that thls i~ a key order operation. The negative signal on the -K ORD line is 26 applied to reset th~ ENC latch 312. S~nce DECK latch 296 i8 27 ~et, a po~itive DECK signal is applied to OR invert circuit 28 4g2, r~setting SPEC ENC latch 494. The ENC latch 312, and 29 SPEC ENC latch 494, being raset, apply a negative signal via OR circu$t 522 to the ENC line which, in Fig. 22g3 is inverted 11248i0 1 to a positive signal by the inverter 546 to provide a 2 positive signal on the DEC line indicating a decipher mode 3 of operation.
4 Referring now to Fig. 22c2, negative ~qnal6 are applied S to ~he inputs of the AND invert circuit 366 and a negative 6 ~ignal is applied to the inverter 162 both of which cause a 7 positive signal to be applied to one input of the AND circuit 8 380 and to condition the AND invert c~rcuit 376. Additionally, 9 the MK OVW latch 276, pre~ently in a reset state, causes a positive Qignal to be applied via the -`~K OVW line to the 11 other input of the AND circuit 380 rendering it effective to 12 apply and maintain a positive signal on the -W ENABLE line.
13 At ~3L time, a ~3L clock pulse i~ applled to render the AND
14 invert circuit 370 effective to apply a negative pulse to decondition the AND invert circuit 376 which, in turn, 16 applies a positive ~gnal to the inverter 378 where it is 17 inverted to a negative slgnal on the -M ENABLE llne. The 18 po~itive signal on the -W ENA~LE line together with the now 19 negative signal on ths -M ENABLE line are effective to cause the first half byte ~t location 0 of the .~K MEM9RY 700 to be Zl read out. At ~1 time of the next clock cycle, a ~1 cloc~
22 pulse ~s effective to shift the half byte lnto the shift 23 registers 702 in Fig. 22el. Referring now to Fig. 22c2, at 24 ~lL time, a ~ clock pul~e is applied to decondition the AND invert circuit 374 which, in turn, applies a positi~e 26 signal to render the AND invert c~rcuit 3?6 effective to 27 apply a negati~e signal to the -STEP CTR line and to the 28 inverter 378 to apply a positive ~gnal on the -M ENABLE
29 line. The negative signal on the -STEP CT~ line is applied to the invert~r 388 where it i~ invert~d to a positive -~124810 1 signal to ~tep the address counter 390 to an addres~ count 2 of 1 and cause a po~itive ~ignal to be provided on the Cl 3 line. At ~3L time, a ~3L clock pulse i~ again applied to 4 render the AND invert circuit 370 effective to initiate production of a negative signal, via the AND invert circuit 6 376 and the inverter 378, on the -M ENABLE line. The 7 positive signal on the -W ENABLE line in combination with 8 the negative signal on the ~ EN~BLE line ~ s again effective 9 to cause the next half byte at location 1 of the ~K memory 700 to be read out. At ~l time of the next clock cycle, a 11 ~l clock pulse is effective to ~hift the next half byte into 12 the fir~t stages of th~ shlft register 702 and to shift the 13 previou~ half byte read out of the MK memory 700 to the 14 second stages of the shift registerY 702. As a result of thi~ action, the fir~t full byte of the ciphsr key is now 16 stored in the ~hift regist~rq 702.
17 Rcferring now to the AND invert circuit 568 in Fig.
18 22g4, a ~l DEL clock pulse in combination with po3itive 19 signal~ on the Cl, -STEP CT~ and ~K lines are applied to render the ~ND invert circuit 568 effective to apply a 21 negative signal to ~et the LDK latch 570 which, in being 22 set, applie~ a n~gattve signal via the -L~K line to decondition 23 the AND circui~ 572 and to one input of the OR invert 24 cir~ult 576. The deconditioned ~ND circuit 572 cau~s a negative signal to be applied via the -SR line to one input 26 of the OR invert circuit 574.
27 Referring to the A~D in~ert circuit 374 in Fig. 22c2, 28 at ~lL time, a -~lL clock pul~e i~ applied to decondition 29 the AND invert circuit 374 causing a posit~ve ~ignal to be applied to render the AND invert circuit 376 effective to ~77007 -103-~I2~ 0 1 apply a negative signal to the -STEP CTR line and v~a the 2 inverter 378 to a po~itive signal on the -M ENABLE line.
3 The negative signal on the -STEP CTR line i8 inverted by the 4 inverter 388 to a pO9~ tive signal to step the address counter to an addre~ count of 2 and causing a negative 6 ~ignal to now be applied to the Cl line.
7 Referring now to the OR invert circu~ts 574 and 576 in 8 Fig. 22g4, at ~2 time, a -C cloc~ pulse is applied to the 9 other inputs of the OR circuit~ 574 and 576 causing them to apply po~it$ve ~ignals via the SR and ~DX lines respectively, 11 to the control ~ignal cable connected to the crypto engines.
12 The po~itive signal on th~ SR line i~ al~o applied to the OR
13 invert circuit 606 in Eig. 22h4 caus$ng a negative ~ignal, 14 delayed by delay circuit 608, to be applied via LDX line to the control ~ignal cable.
16 Referring now to the crypto engines in Flg. 22gl, the 17 positive siqnal on the LDK line i~ applied to condition ~he 18 A~D circuit 807 to permit a parlty check to be made of the 19 fir~t byte of the clpher ~ey stored in the 3hift regi~ters 702 to be checked for a parity error. The positive ~ignal~
21 on the SR, LDK and LDK line~ are applied as control ~ignal 22 input~ to the key regi~ters llKR 350 and ~RR 400 to ~hift the 23 key regi9ter and allow the first byte of the cipher key, 24 pas~ed via the P box 300, to be latched into the key register~.
Referr~ng now to F~g. 22c2, at ~3L time, a ~3L clock 26 pul~e is again applied to render ~he AND inver~ circuit 370 `27 effective to initiate production of a negative 3ignal on 28 the -M ENABLE line to parmlt the th~rd half byte to be read 29 out of the ~K memory 700 from loc~tion 2. Referring now to Fîg. 22g4, at 0~ time of ~he next cloc~ cycle, a -~1 clock 1~24810 1 pulse i~ applied to re~et the LDK latch 570 to inhibit 2 production of the control signals for the cryp~o engine 3 during this clock cycle in order to permit the next half 4 byte to be read out of the 2~K memory 700 and shifted into the shift registers 702 in Fig. 22el. Accordingly, referrin~
6 to Fig. 22el, at the same time that the L~K latch 570 is 7 reset, a ~1 clock pulse is applied to shift the next half 8 byte from the ~K memory 700 ~nto the ~hift registers 702.
9 In a similar manner, during each succeeding clock cycle, a half byte of the cipher key i8 read out of the ~SK
11 memory 700 and shifted into the shift registers 720 and the 12 address counter 390 stepped to the next address count.
13 After each second clock cycle, when a full byte of the 14 cipher key is loaded into the ~hift reglsters 720, control signals are provided on the LDK, SR and ~b~ lines to parity 16 check the cipher key byte and to simultaneously shift the 17 previously loaded byte one position to the riqht and to 18 latch up the newly entered byte in the key registers in the 19 crypto e~gine~
~eferring now to Fig. 22d2, when the address counter 21 390 ~teps to an addre~s count of 8 tthe 9th address location), ~2 a negative signal i8 produced on the -C8 line to ~et the 16 23 STEP latch 404 which, ln being set, ~pplie~ A positi~e signal to ~4 one input of the AND circuit 406. After the 8th byte i5 loaded into the key registers, the addre~s countsr 390 steps from an 26 address count of 15 back to an address count of 0 (count of 16) 27 cau~ing a positive signal to be produced on the -C8 line which 28 is applied to cond~tion the ~ND invert circuit 402 and to the 29 other input of the AND circuit 406. The ~ND circuit 406 is rendered effective to produce a positive signal which is ~2~t810 1 inverted by inverter 408 to a negative ~ignal on 2 the -16 STEP line to re~et the LL~K latch 566 in Fig.
3 22g4. The LMK latch 566 in being reset applies a negative 4 signal via the ~K to decondition the AND invert circuit 568 and inhiblt further setting of the LDR l~tch 570 and further 6 production of crypto engine control signals on the ~DK, SR
7 and ~DK- line~. Referring to Fig. 22d2, at ~4 time of the 16th 8 clocX cycle, a ~4 clock pulse is applied to re~et the 16 9 STEP latch 404.
After loadlng the master key into the key regis~er~ of 11 the crypto engine~ the first of a series of 8 PIOW data 12 command~ i8 now recelved by the DSD and after address ~election 13 at TA time and command loading into the command regi~ter at 14 TC time, the AND invert circuit 226 in Fig. 22b2 decodes this command cau~ing a negative ~ignal to be applied to one 16 input o~ the OR invert circuit 230. At ~D time, a positlve 17 signal on the SYNCH TD line i~ inverted by inverter 228 to a 18 negative signal to tho other input of the OR lnvext circuit 19 230 which, ln turn, applies a positive slgnal to the PIOW
data line. ~he po~itive signal on the PIOW data line 19 21 applied to the AND ~nv~rt circuit 426 ln Fig. 22d3 which is 22 pre~ently ¢onditioned by a po~ltive ~ignal on the -WMR line.
23 Accordingly, the AND ~nvert clrcult 426 i~ rendered effective 24 to apply a negative signal to one input of the OR lnvert circuit 430. At this time, positiv~ ~ignal~ are maintained 26 at the input of the ~ND $nvert circuit 428 cau~lng a negative 27 signal to be applied to the o~her $nput of the OR invert 28 circu~t 430. The negative signal inputs to the OR lnvert 29 circuit 430 cau~e~ a po3itive signal to be applied via the PIOW line to conditlon the AND invert circu1t 431, to 1124~310 condition the AND invert circuit 444, in Fig. 22d4, and to be applied to the invert~r 596 in ~ig. 22g3 where it is inverted to a negative ~ignal to decondltion the AND circuit 4 600 which, in turn, applie~ a negative siqnal on the -LIB
S line to one input of the OR invert clrcuit 602. At -C time, 6 a -C clock pul~e i~ app~ied to the other input of the OR
7 invert circuit 602. The negative signal input~ to the OR
8 invert circuit 602 cause~ a pos$tive s$gnal to be applied 9 vla the LIB line and the control line bus to the crypto engines and to ths OR invert circuit 648 in Fig. 22h4. The 11 OR invert circui~ 648 i8 rendered ef~ectlve to apply a 12 negative signal to the delay circuit 650, whlch pxovides a 13 250ns time delay, and via the LIB llne and the control line 14 bus to the crypto engines. Referring now to Figs. 22fl and 22gl the combination of siqnal~ on the LIB and LIB line~ are 16 effect$ve to permit the data fleld as~ociated with the fir~t 17 PIOW d~ta command to ~e loaded from the BUS IN via the P box 18 50 into the buffer regl~ters UBR 100 and LBR 150 in each 19 crypto engine.
Referring now to Fig. 22e3, at ~3~ time of the clock 21 cycle, a ~3L clock pulse i~ applied to render the conditioned 22 AND invort circuit 431 e~fective to apply a negative ~ignal 23 to set the INPUT CYCLE latch 454 to ~tart the input cycle 24 operation. The INPUT CYCLE latch 4S4 in bein~ ~et applies a negative signal vla the -IN CYCLE llne to ~et the START IN
26 CYCLE END latch 530 which, in being set, applies a po~itive 27 signal to one input of the AND invert circuit 532. Referring 28 now to Fig. 22d4, at ~4 time, a ~4 clock pul~e is applied to 29 render the conditioned AND invert circuit 444 effective to apply a negative pulse to the STEP BYTE CTR line, the poRitive ~1248iO

1 trailing edge of which is effective to step the byte counter 2 448 to a count of one.
3 In a similar manner, ~ucceeding onQs of the data fields 4 a~ociated with the series of 8 PIOW data commands S are loaded into the buffer registers UBR 100 and LBR 150 6 with the previous ~yte being simultaneouQly shifted and 7 the byte counter 448 counting each Ruch byte received.
8 After the 8th byte i8 written into the buffer registerq, the 9 byte counter 448 steps from a count of 7 back to a count of 0 caus~ng a negative ~ignal to be produced to set the COUNT
11 8 latch 450 which, in turn, applies a negatlve signal to 12 the -C~8 line. The negative ~ignal on the -CT8 line is 13 applied to reset the INPUT CYCLE latch 454 in Fig. 22e3 14 thereby ending the input cycle. The INPUT CYC~E latch 454 in heing reset applies a positive signal via the -IN CYCLE
16 line to the ~ND invert circult 410 in Fig. 22d3. The combination 17 of positive signals on -IN CYCLE and -OVT CYCLE line~ are 18 applied to render the AND invert circuit 410 effective to 19 apply a neqatlve ~ignal to re~et the COUNT 8 latch 450 in Fig. 22d4 and i8 inverted by lnverter 412 to a positive 21 signal to ~et the BLOCX COUN~ flip flop 414 produclng a 22 positive ~ign~l on the -BLK0 line and a n~gative ~ignal on 23 the -BLKl line.
24 Referring now to F~g~. 22e3 and 22f3, positive Rignals on the -IN CYCLE lln~ ~nd from th~ START IN CYCLE END latch 26 530 are applied to condi~ion the AND invert circuit 532. At 27 the next ~1 time, the AND invert circuit 524 i8 rendered 28 effectiva to apply a negative pulse, from ~1 time to ~lL time, 29 on the -~l/L line to inverter 526 where it i9 invexted to a positive pulse which is appl~ed vla the 01 DEL line to KI977n07 -108-112~810 1 render the now condit$oned AND lnvert circuit 532 effective 2 to apply a negative pulse to set the IN CYC~E END latch 534 3 which, in being set, applie~ a poslt~ve ~ignal to the IN
4 CYCLE END llne.
S Referrinq now to Flg. 22f4, the posltive ~$gnal on the 6 IN CYCLE END line i8 applied to the inverter 622 where lt i~
7 inverted to a neg~tive slgnal and applled to dsconditlon the 8 AND circuit 626 causing a neg~tive signal to be applied to ~et 9 the START EB latch 628 and to the lnverter 638 ln Fig. 22g4 where it is inverted to a pos~tive signal and applied to the 11 OR invert circuit 640 whlch produces negatlve ~ignal~ on 12 the -ELR and -LDR lines. Tho negative ~ignal on the -~LR
13 line is applied to one $nput of tho OR invert olrcuit 642 14 and, $n Flg. 22c2 to deconditlon the AND circuit 382 cau~lng a negative ~ignal to be applied to re~et the counter 390 ln 16 Fig. 22d2 in preparation for thi~ counter to operate a~ a 17 round counter for the 16 rounds o op r~tion o~ the cipher 18 engine~. The negative signsl on the -LDR line i~ appl$ed to 19 one input of the OR invert circuit 644. At g2 time, a -C
clock pul~e 1~ applied to the othor input~ of tho OR invert 21 circuit 642 and 644 cau~lng po-itlve signal~ to be applied 22 via ~he EL~ and LDR line~, re~pectively, to the control 23 ~ignal cable connected to the crypto engine~. The positive 24 signal on the RLR line 1~ also applied to ~he OR invert circuit 648 cau~ing a negative ~ignal, delay~d by the 250ns 26 time delay circuit S50, to be applied via the LlB- line to 27 the aontrol ~lgnal cable. The po~t$ve ~ignal on the LDR
28 line i~ applled to the OR invert circuit 652 causing a 29 negative signal, delayed by the 250ns time delay circuit 654 to be applied via the LbR line to the control ~ignal-cable.
.

~241310 1 Referring now to the crypto engines in Fig. 22gl, the 2 control signals LD~ and LDR are effective for parallel 3 tran~ferring the content~ of the buffer reqister~ UB~ 100 4 and LB~ 150 to the data regi~ter~ UDR 200 and LDR 250. The control signalc ELR and ~ are effective for causing the 6 contQnts of the upper data register UDR 200 and the lower 7 data register LD~ 250 ~via the cipher function circuits) to 8 be transferred to the uppor buffer regi~ter UBR 100 and the 9 lower buffer register LBR 150, the transfer to the buffer regi~ters being of no con~equence at this time but will be 11 of con~equence at the end of the 16th round of operation of the 12 crypto engine~. At thi3 time, with the enciphered operational 13 key presently ~tored in the data registers and the cipher 14 key stored in the key regi~ter~, the crypto engines are now effective to perform a decipher function in a manner described 16 in detail in the aforementioned U.S. ~atent No. 3,958,081.
17 Reference may be made to the aforementlonQd patent for a 18 more detailed descxiption of the d~cipher function.
19 A description of the manner in which the crypto engine control s~gnals are produced will now be given and can be 21 followed in conjunction with the t~ming diagram in Fig. 26.
22 Referring now to Fig. 22f3, at ~/L tlme, a -~l/L clock 23 pul~e i8 applied to re~et the IN CYCLE END latch 534 which, 24 in being reset, applie~ a negative signal to inverter 622 in Fig. 22f4, where it i8 in~erted to a positive ~ignal to be 26 applied to render the AND circuit 626 effective and together 27 with the positive signal from the ~et S~ART EB latch 628 28 renders the AND invert circuit 630 effective to apply a 29 negative s~gnal to set the ~B latch 632 indicating the start of the crypto op~ration. The EB latch 632 in be~ng 88t 1 applies a positive signal to the EB line and a negative 2 signal to the -~B llne. The positlve s~gnal on the EB line 3 i~ applied to one input of the AND invert clrcuit 398 in 4 Fig. 22d2 and to condltion the ~R flip flop 384 in Fig. 22c2 S while the nogative ~ignal on the -EB line i8 applied to ~et 6 the STAR~ EB END latch 612.
7 The cipher function is performed by ropeating a product 8 cipher function 16 time~, termed 16 round~, with each round 9 being carried out in two clock cycles for a total of 32 clock cycle~ per cipher function. During each round, the 11 data content_ of the upper data register U~R 200 i3 ciphered 12 (in the pre~ent ca~e deciphered) under control of the contents 13 o~ the key regiQters URR 350 and LKR 400 with the results 14 being added to the contents of the lowor data regi~ter LDR
250 by modulo-2 adder~ 650-664. At the end of each round, 16 the outputs of the modulo-2 adder~ ar~ parallel tran~ferred 17 to the upper data reglsterQ UDR 200 while the contents of 18 the upper data regls~er~ UDR 200 are parallel transferred to 19 t~e lower data register ~DR 250 to form the ar~umen~s for the next round.
21 Referring now to Flg. 22d2, during the cipher function 22 operation the counter 390 function~ a~ a round counter. The 23 round counter 390 i~ ~tepped every 2 clock cycles from a 2~ count value of 0 to a count value of 15 providing a total count of 16 for the 16 rounds. Stepping of the round 26 counter 390 is accomplished under control tho ER flip flop 27 384 after being enabled by the po~itive ~ign~l on the EB
28 line. Thus, at ~1 time following the conditlonlng of the ER
29 flip flop 384, a ~1 clock pulse i~ applled to ~et the flip flop 384 and at ~1 time of the succeeding clock cycle, a 01 ll2~e 1 clock pulse i~ again applied to re-~et the flip flop 384 2 which in ~eing reset applies a negatlve signal to inverter 3 386 where it is inverted to a positive ~ignal and applied to 4 ~tep the round counter 390. Therefore, it should be apparent, that the round counter 390 is stepped to the next count 6 every 2 clock cycles~ Additionally, during the first clock 7 cycle of each round, ER flip flop 384 being in a reset 8 state, applies a positive signal via the -ER FF line to one 9 input of the AND invert circuit 400. The other input to the AND invert circuit 400 i4 connected to a round count decoder 11 consisting of AND invert circuits 392, 394, 396 and 398 12 which is effective, while a po3itive stgnal is maintained on 13 the EB line, to produce a positive signal at the output of 14 the AND invert circuit 398 when the round count is 0, 7, 14 lS or lS and a negative signal at all other times. Thus, 16 during the ~irst clock cycle of rounds 0, 7, 14 and 15, the 17 combination of posit~ve signals on the -ER FF line and the 18 output of the AND invert circuit 398 will render AND invert 19 circult 400 effective to apply a negative ~ignal on the CT
0, 7, 14, 15 line whereas during the first clock cycle of 21 all other round~ the negative signal output of the AND
22 invert circuit 398 decondition3 the AN~ ~nvert circuit 400 23 causing a positive signal to be appl~ed to the CT 0, 7, 14, 24 lS line. During th~ second clock cycle of every round, the ER flip flop 384 i~ in a ~et state causing a negative signal 26 to be applied to decondition the AND invert circuit 400, 27 which, in turn, applies a po~itive signal to the CT 0, 7, 28 14, 15 line. Thu~, it should be apparent, that a positive 29 ~ignal 18 m~lntained on the CT 0, 7, 14, 15 line durin~
e~ery round count except during the fir~t clock cycle of K~977007 -112--~2~8~0 1 round count 0, 7, 14 and 15 with one exception, n~mely, 2 during the Qecond cycle of the round count 15 (16th round).
3 This is 80 becau~e of the fact that the EB latch 632 in Fig.
4 22f4 i4 reset at the end of the fir~t clock cycle of the 16th round to terminate the positive signal on the EB line 6 and thereby inhiblt production of a posltive signal on the 7 CT O, 7, 14, 15 line during the second clock cycle. Therefore, 8 a positive signal is maintained on the CT O, 7, 14, 15 line 9 from the beginning of the second clock cycle of round count 0 to the end of the second clock cycle of round count 6, 11 then from the beginning of the ~econd clock cycle of round 12 count 7 to the end of the second clock cycle o~ round count 13 13 and during the 5econd clock cycle of round count 14.
14 Referr~ng now to the AN~ lnvert circuit 548 in Fig.
22g3, during the time that the po~itive signal is maintained 16 on the CT O, 7, 14, 15 llne, that posltive slgnal in combination 17 with the positive signal on the ~C line are applied to 18 render the AND invert ctrcuit 548 effective for applying a 19 negative ~ignal via the -SRR line to one input of the OR
invert circuit 550 and to decondition the AND circuit 572 in 21 Fig. 22g4. The AND c~rcuit 572 in being deconditloned causes 22 a negative ~ignal to be applied via the -SR line to one 23 input of the OR invert circuit 574. Thus, negative signal~
24 are maintained on the -SRR and -SR line during times corre~ponding to the po~itive signal maintained on the CT O, 7, 14, 15 26 line. During each 9ucceeding -C time, while ~uch negative 27 signals are maintained on the -SRR and -SR line~, -C clock 28 pul~es are applied to the other input of the OR invert 29 circuits 550 and 574 causing posltlve ~ignals to be applied via the SRR and SR lines, respectively, to the control ~1~4810 1 signal cable connectad to the crypto engine~. The positive 2 signals on the SR lines are also applied to the OR invert 3 circuit 606 causing negative signal- delayed by delay circuit 4 608 to be applied via the ~DX line to the control ~ignal S cable. Therefore, a total of 27 positive signals are produced 6 on the SRR, SR and LDX lines during 15 rounds of the cipher 7 function. Referrlnq now to the crypto engines in ~ig. 22gl, 8 cach combination of po-~itive signals on the SR, SRR and 9 LDK lines are effective for shifting the key regi~t~r right one position. Thu~, with thi~ key shifting schedule arrange-11 ment the key regi~ter~ are shifted twice each round except 12 during round counts 0, 7 and 14 when the key register~ are 13 shifted once and durlng round count 15 where the key registers 14 are not shifted at all as shown in the timing diagram of Fig. 26.
16 Referring now to the ~R flip flop 384 in Fig. 22c2, since 17 the ER flip flop 384 i8 8witched every clock cycle, a 18 negative signal i~ ~pplied to the -ER FF llne durin~ every 19 second clock cycle of each round except the last round.
Thi~ i8 ~0 because o~ the fact that the ~.B latch 632 in Fig.
21 22f4 is reset at the end of the f~rst clock cycle of the 22 round count 15 (16th round) to terminate the positive ~ignal 23 EB line and thereby 1nhib~t ER flip flop 384 in Fig. 22c2 24 rom being 8et during the second clock cycle of the round count 15. The succes~ive negative slgnals on the -ER FF line 26 are applied to one input sf the OR invert circuit 542.
27 Accordingly r during every second clock cycle of a round, a 28 -C clock pulse is applied to the other ~nput of the OR invert 29 circuit 542 cau~ing po~itive signals to be applied on the ER
line to the control ~ignal cable connected to the crypto KI~77007 -114-~2~10 1 engine~. The po~it$ve signals on the ER l$ne are also 2 applied to render the OR invert circuit 652 in ~ig. 22h4 3 effective to apply negative ~ignals, delayed by a 250ns 4 delay circuit 654, via the LDR line to the control signal ca~le. Referring now to the crypto engine in Fig. 22gl, the 6 positive signals on ~he ÆR and LDR line are applied to the 7 upper and lower data register~ UDR 200 and LDR 250 at the 8 end of each round and are effective to cause the intermediate g result of the cipher function to be transferred from the output of the modulo-2 adders 650-664 to the upper data 11 register UDR 200 while the output of the upper data register 12 UDR 200 are transferred to the lower data register LDR 250 13 in preparation for the next round of the cipher function.
14 Refarring now to the ~ND invart circuit 624 in Eig.
22f4, at ~4 time of the f$rst clock cycle of the round count 16 15, a ~4 clock pulse in combination with po~itive siqnals on 17 the Cl and 14, 15 line render the AND invert c$rcuit ef~ective 18 to apply a negative ~gnal to re~et START EB and EB latches 19 628 and 632, respectively. The EB latch 632 in being reset applies a negative signal on the EB line to decondition the 21 ER flip flop 384 in Fig. 22c2 and a positive slgnal on the 22 -~B line which together with a po~itlve ~ignal from the 23 START EB END latch 612 condition the AND invert c$rcui~ 614.
24 At ~1 time of the second clock cycle of round count 15, a ~1 DEL clock pulse ~5 applted to render the AND invert 26 oircuit 614 effective to apply a negative signal to set the 27 EB END latch 616 producing a posit$ve signal on the ~B END
28 line and a n~gative slgnal on the -EB END l~nc. The pos$t$ve 29 sign~l on the ~B END llne 1~ applied to condltton the A~D
invert circuit 610 in Fig. 22e4 and together with the positive 1124~310 1 signal on the DECR line to condition the AND invert circuit 2 618 and to render the AND circuit 636 in Fig. 22g4 effective 3 to apply a positive ~ignal to the OR invert c~rcuit 640 4 cau~ing negative signals to be applied via the -E~R and -LDR
S line to one input of the OR invert circults 642 ~nd 644, 6 respectively. The negative signal on the -~B END line is 7 applied to decondition th~ AND circuit 382 in Fig. 22c2, 8 cau~ing a negative signal to be appl~ed to reset the round 9 counter 390 in Fig. 22d2 back to a count of 0.
Referring now to Fig. 22g4, at ~2 time of the second 11 clock cycle of round 16, a -C clock pulse i~ applied to the 12 other input of the OR invert circuit 642 and 644 causing 13 po~itive ~ignals to be applied via ELR and LDR lines to the 14 control ~ignal cable connected to the crypto engines. The po~itive slgnalq on the ELR and LDR lines are al30 applied 16 to the OR invert circuit~ 648 and 652, re3pectively, cauqing 17 negative ~ignals, delayed by del~y circu~t~ 650 and 654, to 18 be applied via the L~ and ~ llnes to the control ~ignal 19 cable. Referring now to the crypto engine in Fig. 22gl, the signals on the ELR and ~ ne~ and on the LDR and LDR
; 21 line9 cau~e a swapping action between the data regi~ter~ and 22 the bu~fex regi~ters a~ previously de~cribed. However, the 23 significance at this tlme i8 to transfer the contents of the 24 upper data register UDR 200 to the upper buffer register UBR
100 and to transfer the output~ of the modulo-2 adder~ 650-26 664 to the lower buffer register LB~ 150 90 that the result 27 of the cipher function, namely, the operational key in cle~r 28 form i~ now qtored in the buffer reqlster~.
29 Referrlng now to F~g. 22e4, at ~4 time of the second clock cycle of the 16th round, a ~4 clock pul~e i~ applied XI~77007 -116-1 to render the ~ND invert circuit 610 effective to apply a 2 negative ~ignal to reset the START EB END latch 612 in Fig.
3 22f4. ~t the same time, the ~4 clock pulse i5 al80 applied 4 to render the ~ND invert c~rcuit 618 in Flg. 22e4 effective to apply a negative signal to the OR invert circuit 620 in 6 ~ig. 22f4 where it is inverted to a positive signal on EB
7 END L line. ~he positive signal on the EB END L line is 8 applied to the AND invert circuit 619 the other inputs of 9 which have po-Qitive signals maintained thereon ~o as to render the AND invert circuit 619 eff~ctive to maintain a 11 negative signal input to the OR invert 620 thereby latchlng 12 the positive signal on the ~B EN~ L line un~il a negative 13 signal is sub~equently applied to the -OUT CYCLE STA~T line.
14 The positive signal on the ~B END L line i8 also applied to condition the AND invert circuit 458 in Fig. 22e3. At ~1 16 time of the next clock cycle, a ~1 clock pulse is applied to 17 rende~ the AND invert circuit 458 effective to apply a 18 negative ~ignal to set the OUTPUT CYCLE latch 464 producing 19 a positive Rignal on OUT CYCLE line ~nd ~ negative ~ignal on the -OUT CYCLE line thereby inltiating an output cycle with 21 the negative signal on the -OUT CYCLE llne being applied to 22 ~et the START OUT CYCLE END latch 580. Referring now to 23 F$g. 22g4, the po91tive ~ign~l on the OUT CYCLE line together 24 with a po~itive ~ignal on the K ORD llne render the AND
invert circuit 598 effective to apply a nega~ive signal to 26 decondition ~he AND circuit 600, to decondition the AND
27 circuit 572 and via the -LRB line to one input of the OR
28 invert circuit 60q. The decondit~oned AN~ circuit 600 29 applies A negative signal via the -L~B line to one input of the O~ inv~rt circuit 602 while the deconditloned AND circu~t ~lS~810 1 572 applie~ a negative signal via the -SR line to one ~nput 2 of the OR invert circuit 574. Referring now to Fig. 22f4, 3 at ~l/L time, a -~l/L clock pulse i~ applied to reset the ~B
4 END latch 616. Referring now to Fig. 22g4, at ~2 time, a -C clock pulse i~ applied to the other lnput of the OR
6 invert circuits 602, 604 and 574 cau~ing them to be deconditioned 7 and apply positive signals via the ~IB, I.KB and SR lines, 8 respectively, to the control signal cable connected to the 9 crypto engines. The po~it~ve ~ignal~ on the SR line is al~o applied to the ~R invert circuit 606 in Fig. 22h4 causing a 11 negative signal, delayed by delay circult 608, to be applied 12 Yia the ~ line to the control ~ignal cable.
13 Referring now to the crypto engine~ ~n F~g. 22gl, these 14 ~ignals are effectlve to cause the buffer and key reg~sters to shift in ~ynchroni~m with a data byte being transferred 16 from the buffer register~ UBR 100 and LBR 150 to the key 17 register~ UKR 3~0 and LXR 400. Referring now to Fig. 22d4, 18 at ~4 time, a ~4 clock pulse in combination with po~Ltive 19 ~ignals on the OUT CYCLE and K ORD llne~ are applied to render the AND invert clrcuit 442 effective ~o apply a 21 negative pulse to the STEP BYTE CTR line, at the trailing 22 edge of which a positive signal ~s effective to step the 23 byte counter to a coun~ o~ 1. In a simllar manner to that 24 de~cribed above, the buffer r~gi~ters and the key registers of the crypto engine are ~hifted in synchronism, once for 26 each clock cycle, cau~ing successive bytes of the operational 27 key in clear form to be transferred from the buffer reg~ters 28 to the key registers.
29 ~he byte co~nter g48 counts the clock cycle~ and when thP count ~teps from a count of 7 back to a count of 0, a -112~810 1 negati~e ~ignal is applied to set the COUNT 8 latch 450 2 which, in ~eing set, applies a negative signal via the -CT8 3 line to re~et the OUTPUT CYCLE latch 464 in Fig. 22e3. Tl-e 4 OUTPUT CYCLE latch 464, in being ~eset, applies a positive S signal on the -OUT CYCLE line and a negative signal on the 6 OUT CYCLE line. Referring now to Fig. 22d3, the com~ination 7 of positive signals on the -OUT CYCLE line and the -IN CYCLE
8 line render the AND invert circuit 410 effective to apply a 9 negative qignal to re~et the COUNT 8 latch 450 in Fig. 22d4, and 18 inverted by the inverter 412 to a po~itive signal to 11 reset the 8LOCK COUNT flip flop 414 producing a negative 12 signal on the -BLR0 llne and a po~itive siqnal on the -BLKl 13 line. At the same time, the negative slgnAl on the OUT
14 CYCLE line is applied to decondition the AND invert circuit lS 598 in Fig. 22g4 cau~ing a po~itlve signal to be appl~ed 16 via -L~B llne to the OR invert circuit 604 and to render the 17 AND circuits 600 and 572 effectlve to apply positive ~ignal~
18 via the -LIB and -SR line to the OR invert circuits 602 and 19 574. As a result, neqative signal~ are now maint~ined on the LIB, L~B and SR llne to terminat~ further qhifting of 21 the buffer and key registers $n the crypto eng$nes.
22 Referring now to F~g. 22f3, at ~1 time of the next 23 clock cycle, a ~1 DEL clock pulse ~n combin~tion with the 24 positive ~ignal on the -OUT CYCLE line and the positive signal output of th~ START OUT CYCLE END l~tch 580 are 26 appli~d to render th~ AND ~nvert circuit 582 effective to 27 produce a negative signal to set the OUT CYCLE END latch 28 584. The OUT CYCLE END latch 584, in be1ng ~ot, applie~
29 a po~ltive ~i~nal on ~he OUT CYCLE END line to condition the AND invert circuit 578 in Fig. 22e3 and a ne~ative ~ignal on li2~!310 1 the -OUT CYCLE END line to reset the DECX latch 296 in Fig.
2 22c3. The DECK latch 296 in being re~et applies a po~itive 3 signal to render the AND invert circuit 298 in Fig. 22c4 4 effective to apply a negative signal on the X ORD line and via the inverter 300 a positive signal on th~ -K ORD line 6 indicating the end of the key order operation. Referring now 7 to Figs. 22e3 and 22f3, at ~4 time, a ~4 clock pulse is 8 applied to render the AND invert circuit 578 effective to 9 apply a negative ~ignal to reset the START OUT CYCLE END
latch 580. At ~l time of the next clock cycle, a ~
11 clock pulse i~ applied to re~et the OUT CYCLE END latch 584 12 and thereby ena the d~cipher key order operAtlon with the 13 operational key presently storqd in the key register~ in 14 preparation for a sub~equent data proce~sing operation.

~12'~810 E~CIPHER ORDER OPERATION
2 The function of th$s operation 1~ to encipher a message, 3 whlch may con~ist of one or more 8 byte blocks of plalntext, 4 into a corresponding message of ciphertext. After a valid S operational key i8 lnstalled in the crypto engines there is 6 no need to i~sue any further key handling orders for quccessive 7 b}ocks of plaintext 80 long as that same operational key 8 is used. A valld operational key is loadod in the key 9 registers of the crypto engine by performing ~ DECK operation, as prev$ously described.
11 When the order code speclfying the encipher order i~
12 decoded, a ENC latch is set to ~ignal the encipher mode of 13 operation. Following the ENC order command, a first series 14 of 8 PIOW data commands i8 issued, with the data field~
associated with the commands, be~ng loaded into the buffer 16 register~ of the crypto engines as the first mes~age block 17 of plalntext to be enciphered. ~he first such ccmmand 18 inltiate~ an input cycle and ~ byte counter counts each such 19 command received. After thc 8 PIOW commands have been received and the 8th byte of the message block written into 21 the buffer registers, then at the 8th count, the tnput ycle 22 end~, a block counter is 8et and the crypto englne~ ~tart an 23 encipher function wh~ch i8 indicated by the gener~tion of an 24 engine busy signal. At the end of the encipher operation, 25 half of the ciphertext block of dat~ ~g pre~nt in the upper 26 data register and the other half is present at the outputs 27 of the c~pher functlon circuits. Followlng the encipher 28 operatlon, a ser~es of 8 PIOR data commands are i3sued for 29 reading the enciphered mes~age block of ciphertext. The fir~t ~uch command lnitlate~ ~n output cycle and the byte ~I977007 -121-1~*~10 1 counter counts each such command received. During the 2 execution of the fir~t PIOR data command, while the block 3 count ls at a count of 1, the mes~age block of ciphertext i8 4 parallel transferred from the upper data xegister and the S outputs of the cipher function circuits to the buffer 6 registers where lt 1~ now available for read~ng, a byte at a 7 time. At the end of the execution of each PIOR command, the 8 buffer registers are shifted one po~ition to pre~ent the 9 next byte of the mos~age block of ciphortext for readlng.
At the 8th count of the byte counter, the output cycle ends, 11 the bloc~ counter i~ reset and the ENC la~ch remain~ set to 12 end the encipher order operation. The ENC latch in remalning 13 3et permits one or more succeeding mes~age blocks of plaintext 14 to be enclphered in a slmilar manner a~ that de~cribed above.
16 A more detailed aescr~ption of the enclpher order 17 operation will now ~e given in con~unction with the tlming 18 diagrams of F$gs. 27a-27d. After addres~ selection at TA time and 19 loading the command byto into the command register at TC
time, the command code is decoded by AND lnvert circuit 266 21 in Fig. 22b2 to produce a neqative signal which i~ inverted 22 by inverter 268 to a positlve ~ignal on the WR DSD ORDER
23 line thereby indicating the presence of a WR DSD O~D~
24 command. At the samo time, a data processlng order code i~
decoded by the A~D invext circuit ~02 to apply a negative 26 signal vla the -DP D~C line to ~he ~nverter 304 where it is 27 inverted to a po~ltive-~ignal and applied to one input of 28 the AND invert circult 306. At TD time, a po3itlve ~ignal ~9 is applled via the SYNCH TD line to render the AND c~rcuit 270, conditioned by the positivo slqn~l on tho WR DSD ORDER

-~12~810 1 line, effective to produce a po~itive ~ignal on the WR O~D
2 ~ E line which 18 applied to the remaining input of the ~D
3 invert circuit 306 to render ~t effective to produce a 4 negative signal whlch i8 applied via the -RST ENC line to reset the ENC latch 312 in Fig. 22c4 and to the inverter 308 6 where it is inverted to a positive ~ignal and applied to one 7 input of the AND invert circu$t 310. A positive signal on 8 the -Y line from the command register 224 personalizes the 9 pre~ent order as an ENC oxder and is applied to the other input of the AND invert circuit 310 to render it effective 11 to appl~ a negative signal via the -SET ENC line to set the 12 ~C latch 312. The ENC latch 312 in being set applies a 13 positlve signal via the ENC l$ne to Fig. 22g3 where it is 14 effective via OR gate 522 to condition the A~D circuit 536 and is inverted to a negative signal by the inverter 546 to 16 apply a negative ~ign~l on th~ DEC line to decondition the 17 ~D invert circuits 548 and 560.
18 The series of 8 PIOW data commands is now received and 19 processed ln a similar manner to that described in the DECK
order operation i.e. an input cycle i~ lnitiated, the byte 21 counter 448 is conditioned to count each PIOW data command 22 received and the me~age block of plaintext is loaded, a 23 byte at a time, per PIOW data command, into the buffer 24 registers UBR 10~0 and LB~ 150. After the 8th byte has been written into the buffer register~, then, at the 8th count, 26 the input cycle ends, the bloc~ count flip flop 414, in Fig.
27 22d3, is set and the IN CYCLE END latch 534 in Fig. 22f3 is 28 set. The IN CYCLE END latch 534 in being set initiates the 29 swapping action between the buffer registers and the data registers of the crypt~ engines which, in this case, causes ~2~8~0 1 the message block of pl~intext to be transferred from the 2 buffer registers UBR 100 and LBR 150 to the data regi~ters 3 UD~ 200 and LDR 250 preparatory to performing the encipher 4 operation. At the same time, referrlng to the AND circuit 538 in Fig. 22g3, positlve signals on the IN CYCLE END and 6 ENC line~ render the AND circuit 538 effective to apply a 7 positive signal to the O~ invert clrcuit 540 causing a 8 negative ~ignal to be applied via the -SL line to one input 9 of the OR invert clrcult 544. At -C time, a -C clock pulse is applied to the other input of the OR lnvert clrcuit 544 11 causing it to apply a positive signal via the SL line to the 12 control signal cable and to one input of the OR invert 13 circuit 606 in Fig. 22h4. The OR invert circuit 606 i~
14 rendered effective to apply a neqative ~ignal, delayed by the d~lay circuit 608, via the LDK line to the control 16 8ignal cable conne¢ted to the crypto ~ng~ne~. Referring now 17 to the crypto engines in Flg. 22gl, the 8ignal8 on the SL
18 and LDX line are appl~ed to the key regi~ter~ causing the 19 content~ thereof to be ~hifted one po~ition to the left as a pre-shift operation prior to the ancipher operation.
21 The encipher operation i~ similar to the d~cipher 22 operation previously described in connection with DECK order 23 operation except that in this case the key register is 24 ~hifted to the left und~r control of SL control ~ignals rathex than the S~R and S~ control s~gnals as can be better 26 seen hy re~erring to the tlming dlagram of Pig. 27. Peferring 27 to Fig. 22g3, this i~ 80 because the 8ignal8 on the CT 0, 7, 28 14, 15 line are used with the ~D circul~ 536 conditioned by 29 the positiv¢ signal on the ENC line and inhibited from being u~ed with the AND circuit 548 deconditioned by the negative KI~77007 -124-~12~8~0 1 signal on the ~EC line. As a reQult of the single pre-shift 2 signal on the SL line and the 27 additional signals on the 3 SL line during the encipher operation, the key registers 4 shift left exactly 28 times to return the operational key back to the initial condition in the key registers in 6 preparation for enciphering the next block of a multi-block 7 plaintext message. ~t the end of the cipher function, half 8 of the ciphertext block of data is available at the output 9 of the upper data regi~ter UDR 200 and the other half i5 available at the outputs of the cipher function circuits.
11 l~eferring now to F~g. 22b2, ~he first of a series of 8 12 PIOR data commands i8 now received and af~er address selection 13 at TA time and command loading into the command register at 14 TC time, the AND invert c~rcuit 262 decodes t~i9 command and applieQ a negative signal to one ~nput of the OR invert 16 circuit 260 and to the invertor 264 where it is inverted to 17 a positive ~ignal on the PIOR EARLY line. Referring now to 18 Fig. 22d3, the po~itive signal on the PIOR EARLY line is 19 applied to the inverter 422 where it i8 inverted to a negative signal and applied to one input of the OR invert 21 circuit 424. ~t this time, positive ~ignal~ are maintained 22 at the input of the AND inYert circuit 416 causing a negative 23 signal to be applied to ~he other input of the OR invert 24 circuit 424 which therefore produces a positive signal on 2~ the PIOR line. The positive signal on the PIOR line is 26 applied to the OR invert circuit 456 in Fig. 22e3 where it 27 is inverted to a negative signal to R~t the OUTPUT CYCLE
28 latch 464 producing a positive signal on the ~UT CYCLE line 29 and a nega~ive signal on the -OUT CYCLE line to initiate an output cycle. The positive signal on the proR line is ~12 ~310 1 also applied to the inverter 462 where it i~ inverted to a 2 negative ~1gnal and applied via the -PIOR line to set the 3 STA~T PIOR END latch 588 in Fig. 22f3. Referring now to 4 Figs. 22e3 and 22f3, the negative signal on the -OU~ CYCLE
lin~ is applied to set the START OUT CYCLE END latch 580 6 while the positive signal on the OUT CYCLE line in combination 7 with the positive signal output of the START OUT CYCLE START
8 latch 554 in Fig. 22f3 are applied to condition the AND
g invert circuit 556~ At ~1 time of the next clock cycle, a ~1 3EL clock pul8e i5 applied to render ~he ~D invert 11 circuit 556 effective to apply a negative signal to set the 12 OUT CYCLE START latch 558 which, in being set, applies a 13 positive signal to tho OUT CYCLE START line and a negative 14 signal to the -OUT CYCLE START line. The po~itive ~ignal on the OUT CYCLE START line is applied to condit~on the AND
16 invert circuit 552 in Fig. 22e3 and is al~o applied ~o the 17 AND circuit 634 in Fig. 22g4. Since this is not a key order 18 operation and the block count is at a count of one, positive 19 signals are maintained on the other inputs to the ~ND
circuit 634 which, therefore, is rendered effective to apply 21 a positive signal to the OR invert circuit 640 which, in 22 turn, initiates production of the ~LR and LI3 control 23 ~ignal~, in a manner previously de3cri~ed, to the crypto 24 engines where they are effective to cau~e the enciphered block of data to be transferred from the outputs of the 26 upper data register UDR 200 and the outputs of the modulo-2 27 adder 650-664 to the upper buffer register 100 and the lower 28 buffer register 150, re~pectively, in preparation for 29 reading the now enciphered block of ciphertext. Referring now to Figs~ 22e3 and 22f3, at ~4 time, a ~4 clock pulse is K_~77007 -126-112~810 1 applied to render the .~ND invert circuit 552 effective to 2 apply a negative signal to reset the START OUT CYCLE START
3 latch 554. At ~l/L time, a -~l/I, clock pulse iQ applied to 4 reset the OUT CYCLE START latch 558.
S Referring now to Fig. 22b2, at TC END time, a positi~e 6 signal on the TC END line i8 applied to the inverter 258 7 where it is inverted to a negative signal to decondition 8 the O~ invert circuit 260 causing a positive signal to be 9 applied to the PIOR DATA line. Referring now to the AND
circuit 902 in ~ig.22h3, assuming there has been no procedural ll error, the positive signal on the PIOR DATA line is applied 12 to render the AND circuit 902 effective to apply a positive 13 signal to condition an array of exclusive OR circuits 906 in 14 ~ig. 22il. ~he functlon of this array i~ to compare corresponding data byteR from the two crypto engines for 16 equality. Exclusive OR circuit 906A i8 representative of 17 this array and will be described in detail. Byte outputs 18 from ~he crypto ~ngine are applied to the AND invert circuits 19 908, 910 and 912 with a po~itive signal on the bit line repre~enting a bit l and a negative signal on the bit line 21 representing a bit-0. If the output bits are both equal to 22 l, then po~itive signals are applied to render the AND
23 invert cixcuit 908 effective to apply a negative signal to 24 decondit~on both the AND invert circuits 910 and 912 causing a positive signal to be produced from the ~oint outp~ts 26 thereof. Similarly, if the output bits are both equal to 0, 27 then n~gative signals are applied to decondition the AND
28 invert circuits 910 and 912 causing a po~itive Qignal to 29 also be produced from the joint outputs thereof. On the other hand, if the output bits from the crypto eng~ne~ are K;977007 -127-1 not equal, then the AND invert circuit 908 is deconditioned 2 to apply a positive signal to condition the AND invert 3 circuits 910 and 912, one of which will have a positive 4 signal applied ~hereto from one of the crypto engines to render that AND invert circuit effective to apply a negative signal from the ~oint outputs thereof. Accordingly, it 7 should be apparent that if the outputs of one crypto engine 8 e~ual the outputs of the other crypto englne, then positive 9 signals will ~e applied from the arr~y of exclu~ive OR
circu~t 906 to render the AND invert c~rcuit 916 effective 11 to produce a negative ~ignal to decondition the engine error 12 detect AN~ invert circuit 918. On the other hand, if any bit 13 of the cipher engineB doe~ not compare, then, a negative signal 14 output from the exclu~ive OR circuit corresponding to the error bit will be applied to decondition the AND invert 16 circuit 916 causing a positive ~ignal to be applied to 17 condition the englne error detect AND invert circuit 918.
18 During TC END time, while a po~itive signal i~ m~intained 19 on the PIO~ DATA lin~, and as~uming there i8 no engine error, the byte output of ~le crypto engines ~s taken from 21 the output of the A~D invert circuits, ~uch as AND invert 22 circu~t 908, of the array of excluslve O~ circuits 906 and 23 applied to the -DATA BUS IN. At the ~ame time, parity 24 generator circuit 914, which i~ re~ponsive to the data byte output of the array of exclusive OR circuit~ 906, generate~
26 a parity bit for the data byte which i5 applied to the 27 -P line of the -DATA BUS IN.
28 At TD time, a positive ~ignal 1~ applied via the TD SEL
29 line to render the AND invert circuit 918 effective or not depending on whether an engine error ha~ been detected. If ~12~8~0 1 an engine error is detected, the AND invert circuit 918 is 2 rendered effective to apply a negative signal via the ENGINE
3 ERR line to set the bit 1 latch 954B of the status register 4 952 to indicate the fact that an engine error was detected.
At the end of this IO operation, the command register 6 224 in Fig. 22a2 is reset to decondition the command decoder 7 AND invert circuit 262 thereby causing a positive signal to 8 be applied to the OR invert circuit 260 and the inverter 264 9 which, in turn, cause negative signals to now be applied to the PIOR DATA and PIOR EARLY lines, respectively. The 11 negative signal on the PIOR EARLY line is applied to the 12 inverter 422 in Fig. 22d3 where it is inverted to a positive 13 signal to render the OR invert circuit 424 effective to 14 apply a negative signal on the PIOR line. The negative signal on the PIOR line is applied to the inverter 446, in 16 Fig. 22d4, where it is inverted to a positive signal on the 17 STEP BYTE CTR line to step the Byte Counter 448 to a count 18 of 1~ The negative signal on the PIOR line is also applied 19 to the inverter 462 in Fig. 22e3 where it is inverted to a positive signal and applied together with a positive signal 21 from the START PIOR END latch 588 in Fig. 22f3 to condition 22 the AND invert circuit 590. At 01 time of the next clock 23 cycle, a 01 DEL clock pulse is applied to render the AND
24 invert circuit 590 effective to produce a negative signal to set the PIOR END latch 592 causing a positive signal to be 26 produced on the PIOR END line to condition the AND invert 27 circuit 586 in Fig. 22e4 and a negative signal on the -PIOR
28 END line which is applied to decondition the AND circuit 600 29 in Fig. 22g4. The AND circuit 600 in being deconditioned initiates the production of a LIB and LIB control signals, ~12'~8~0 1 in a manner as previously de~cri~ed, via the control signal 2 cable to the crypto engines to shift the buffer registers 3 one position in preparation for outputting the next byte of 4 ciphertext of the enciphered message ~lock of data. Referring S now to the AND invert circu$t 586 in Fig. 22e4, at ~4 6 time, a ~4 clock pul~e i9 applied to render the AND invert 7 circuit 586 effective to reset the S~ART PIOR END latch 588.
8 At ~l/L time of the next clock cycle, a -~l/L clock pulse is 9 applied to reset the PIOR END latch 592.
In a similar. manner, during each of the succeeding one~
11 of the series of 8 PIOR data co~mands, the next data byte of 12 cipher text is passed with an appended parity bit to the -13 ~ATA ~US IN, the data byte is checked for an engine error, 14 the byte counter is 3tepped to the next count and the buffer xegi~ters of the crypto engines are qhifted one position to 16 provide the next ~ucceeding data byte of ciphertext for 17 proces~ing.
18 After the 8th byte i9 read to the -DATA BUS IN, the 19 byte counter 448 in Fig. 22d4 ~teps from a count of 7 back to a count of 0 cau~ing a negative signal to be produced to 21 set the COUNT 8 latch 450 which, ~n turn, applies a negative 22 signal to the -CT 8 line. The negative signal on the -CT 8 23 line i~ applied to reset the OUTPUT CYCLE latch 464 in Fig.
24 22e3 thereby ending the output cycle. The OUTPUT CYCLE
latch 464 in being re~et applies a po~itive ~ignal on the 26 -OUT CYCLE line and a negative signal on the OUT CYCLE line.
: 27 Referring now to Fig. 22d3, the combination of the 28 positive signals on the -OUT CYCLE line and the -IN CYCLE
29 line render the AND invert circuit 410 effective to apply a 30 negative ~ignal to re~etthe COUNT 8 latch 450 in Fig. 22d4 ~I977007 -130-~o 1 and is inverted by inverter 412 to a po~itive signal to 2 reset the BLOCK COUNT flip flop 414. The negative signal on 3 the OUT CYCLE line is applied to ~et the STAXT OUT CYCLE
4 START latch 554 in Fig. 22f3. At the end of this IO operation, S the command register is reset to effectively cause a po~itive 6 signal to be applied on the -PIOR line, as in a manner 7 previously described, which in combination with the positive 8 signal output of the START PIOR EN~ latch 588 are applied to 9 condition the AND invert circuit 590 in Fig. 22f3. Accordingly, at ~1 time of the next clock cycle, a ~1 DEL clock pulse is 11 applied to render the AND invert circuit 590 effective to 12 apply a negative signal to set the PIOR E~D latch 592 which, 13 in ~eing qet, applies a positive signal to the PIOR END line 14 and a negative signal to the -PIOR END line. The negative sLgnal on the -PIOR END line i9 applied to decondition the 16 AND circuit 600 in Fig. 22g4 which initiates production of 17 the LI~ and ~ control signals, in a manner previously 18 descrlbed, via the control cable to the crypto engines.
19 Referring now to the crypto engine ln Fig. 22gl, the LIB and LIB control ~ignals ara applied to Qhift the buffer regi~ter 21 one more position to effectively cleax the content thereof 22 in preparation for receiving the next block of plaintext of 23 a multi-block message for encipherment. Referring now to 24 Fig. 22e4, at ~4 time, a ~4 clock pulse in combination with the positive signal on the PIOR END line are applied to 26 render the AND invert circuit 586 effective to apply a 27 negati~e signal to re~et the STA~T PIOR END latch 58~ in 28 Pig. 224. ~t ~l/L time of the next clock cycle, a ~
29 clock pulse is appl~ed to reset the PIOR END latch 592 to terminate the encipher order operation.

.;I97700~ -131-1 ~ECIPHER ORDER OPERATIO~
2 The function of thi~ operation ~ to decipher a message, 3 which may consist of one or more 8 byte blocks of ciphertext, 4 into a corre~pondlng me~sage of plaintext. After a valid S operational key is in~talled in the crypto eng~ne by a 6 DECK order operation there is no need to issue any further 7 key handlt ng oraers for ~ucce~sive blocks of ciphertext so 8 long as the ~ame operatlonal key is used.
9 When the order code specifylng a decipher order is decoded, the ENC latch is reset to slgnal the decipher mode 11 of operation. Following the DEC order command, a series of 8 12 PIOW data commands i~ is~ued, with the data fields a~sociated 13 with the commands, constltuting the mes~age block of ciphertext, 14 ~eing loaded into the buffer register~ of the crypto engines. The fir~t ~uch command ~nitiate~ an input cycle 16 and a byte counter counts each such command received. After 17 the 8 PIOW commands have been received and the 8th byte 18 written into the buffer register~, then, at the 8th count, 19 the input cycle end~, the block of ciphertext is transferred from the buffer registers to the data registers of the Zl crypto engines, a block counter i~ set and the crypto 22 engine~ start a declpher functlon which ~8 indicated by the 23 generation of an engine bu~y slgnal. At the end of the 24 decipher operation, ha}f of the cleartext block of data is present ln the upper data regi~tar and the other half i~
26 present at the output~ of the cipher functlon circuit~.
27 ~ollowing the decipher operation, a series of 8 PIOR data 28 commands are i~sued for reading the deciphered message block 29 of cleartext. The fir~t ~uch command lnitiates an output 3~ cycle and the byte counter count~ each ~uch command rece~ved.

KI977oo7 -182-1 During the execution of the first PIOR data command, while 2 the block count is at a count of l, the me3sage block of 3 cleartext is parallel transferred from the upper data 4 register and the outputs of the cipher function circuits to S the buffer registers where it is now available for reading, 6 a byte at a time. At the end of the execution of each PIOR
7 data command, the buffer register~ are shifted one position 8 to present the next byte of the message block of cleartext for 9 reading. At the 8th count of the byte counter, the output cycle end~, the bloc~ counter is res~t and the ENC latch 11 remains reset to end the decipher operation. The ENC latch 12 in remaining reset permits one or more succeeding message 13 block~ of ciphertext to be deciphered in a similar manner as 14 that described above.
The decipher operation i~ slmilar to the encipher 16 operat~on in that an order code i8 decoded, a serles of 8 17 / PlOW data com~ands are issued to proceed into an input cycle 18 for loading a data parameter into the crypto engine~, a lg cipher func~on i8 performed on the data parameter under control of an operational key and a serle~ of 8 PIO~ data 21 commands are issued to proceed into an output cycle for 22 reading the results of the cipher function. The similarity 23 between these two operations can be seen from the 24 timing d$agrams o~ Figs. 27a 27d. The basic difference between these two operations is in the spec~flcation of the 26 decipher order rather than an encipher order, which sets the 27 device for the decipher mode of operation, and the key 28 shifting schedule provided for the ~ey registers during the 29 decipher function performed by the crypto engi~es. It will be remembered that for an encipher op~ration the k~y regi~ters 1~2L~ 0 1 are shifted to the left by one pre-shlft SL eontrol signal 2 followed by 27 additlonal SL eontrol signal~ during the 16 3 round~ of the eneipher operation for a total of 28 SL control 4 signals to restore the eipher key baek to its inltial home position in preparation for eneiphering the next bloek of 6 cleartext. In the deelpher operAtion, the key registers, 7 instead of being ~hifted to the left, a~ in the enc~pher 8 operatlon, are shlfted to the right by 27 SRR snd SR control 9 signal~ during the 16 round~ of the deeipher funetion, as deseribed in detailed in the DECK order operation, followed 11 by one post-shift SRR and SR eontrol ignals at the beginning 12 of the output eyelo for a total of 28 8 M and SR control 13 signals to restore tho eipher key ba~k to its initial home 14 position in preparation for deeipherlng the next bloek of eiphertext. It ~hould be apparent that with this symmetry, 16 the deeipher rounds are performed in the roverse order of 17 the enelpher rounds l.e. the ~et of elpher key bytes used in 18 the last round of an eneipher oporation 1~ the set of eipher 19 key byte~ used in th~ fir~t round of the declpher operation 50 that eaeh round of the deeipher operation undoe~ eaeh 21 round of the enelpher operation, ln reverse order.
22 Sinee the ba~ic eipher operation has been deseribed in 23 detail tn the previou~ seetion and tho generation of the 27 24 control aignal3 SRR and SR for a deeipher function has been described in connection with the detalled de~eription of 26 DECK order operatlon, the following detalled descript~on 27 will be re~tricted to a descrlption of how the device is ~et 28 for ~he deeipher mods of operat~on and how the 28th post-29 shift SRR and SR control pul~es ~rs prov~d~d at the beg~nnlng of the output cycle of the declpher order operation.

KI~77007 -134-~2~810 1 After addre~s ~election at TA time and loading the 2 command byte into the command regiRter at TC time, the 3 command code is decoded by the AND invert circuit 266 in 4 Fig. 22b2 to produce a negative cignal which is inverted S by inverter 268 to a positive ~ignal on the WR DSD ORD~R
6 line thereby indicating the presence of a WR DSD order 7 command. At the same time, the order code for data proces~ing 8 operation is decoded by the AND lnvert circuit 302 in Eig.
9 22b3 to produce a negative signal on the -DP DEC line where it is inverted to ~ positive signal by inverter 304 and 11 applied to one input of the AND invQrt circuit 306. At 12 TD time, a positive ~gnal i~ applied via the SYNCH TD line 13 to render the AND circuit 270, conditioned by the posltive 14 ~ignal on the WR DSD ORDER line, effective to producc a po~itive ~ignal on the WR ORD TIME line which i~ applied 16 to the remAining input o~ the AND invert circuit 306 to 17 render it effective to produce a negative signal which is 18 applied via the -RST ENC line to reset the ENC latch 312 in 19 Fig. 22c4 and to the inverter 308 where it ~8 inverted to a po~itive signal and applied to one lnput of the AND invert 21 circuit 310. A negative signal on ~he -Y line from the 22 command register 224 personalize~ thi~ d~ta proce3sor order 23 as a DEC order and i8 applied to decondition the AND invert 24 circuit 310, which in being deconditioned, mainta~n~ a positive ~ignal on the -SET ENC line so that the ENC latch 26 312 remains in a reset condition. SPEC ENC latch 494 is a}so 27 held re~et ~y the inverted WR ORD TIME ~ignal. The ENC
28 latch 312, and SPEC ENC latch 494, being in a re~et conditlon, 29 apply a negative ~ignal via OR clrcuit 522 to the inverter 546 ~n Fig. 22g3 where it i~ lnv~rted ~o a positive ~ignal ~2~310 1 on the DEC line to condition the AND invert circuits 548 and 2 560 each of which i~ effective for controlling the gener-3 ation of the SRR and SR control slgnal~ u~ed during the 4 decipher operation.
S After the deciph2r function has baen completed and the 6 key registers have been shifted 27 tim~s under control of 7 the 27 SRR and SR control signal~, the fir~t of a serles of 8 8 PIOR data commands i~ is~ued to initiate an output cycle 9 causing the OUTPUT CYCLE latch 464 in Fig. 22e3 to be ~et which, in being s~t~ applie~ a po~itive signal to the OUT
11 CYCLE line. The positive signal on th~ OUT CYCLE line in 12 combination with a positive signal from the START OUT CYC~E
13 START latch 554 in Fig. 22f3 are appli~d to condition the 14 AND invert circuit 556. At th~ next ~1 time, a ~1 DEL clock lS pul~e 1~ applied to r~nder the AND invert circuit 556 16 effective to apply a negative signal to ~t OVT CYCLE START
17 latch 558. The OUT CYCLE START latch 558, in being ~et, 18 applies a po~tive ~ignal to the AND invert clrcult 560 in 19 ~ig. 22g3 which, at thls time, ha~ positive signal~ maintained on the o~her inputs th~reto ther~by rendering the AND invert 21 circuit 560 effective to apply a negative ~ignal on the 22 -SRR and via the AND circuit 572 in Flg. 22g4 a negative 23 signal on the -SR line to initi~te the generation of the 24 post-shift SRR and SR control signal~ which are u~ed to ~hift the key register the 28th time to restore the cipher ~6 key back to its initial home pos$tion in preparation for Z7 de~iphering the next block of ciphertext. The remainder 28 of the DEC order oper~tion, namsly, to road the 8 byte~ of 29 the block of cleart~xt i8 perform~d in a ~imilar mann~r a~
~hat des~ribed in det~il for the en~ipher order operatlon.

~I977007 -136-llZ'~10 ~NERA~E IU~NDO~ NU`IBER ORDEP~ OPE~ATION
2 Th~ function of this operation is to generate a randorn 3 numher by enciphering a pseudo random number under a variant 4 of ~he host rilaster key which, in the applications previously described, is used as a secondary key (or multiple ~econdary 6 ]eys if multiple operations are performed) or is used as an 7 enciphered operational key.
8 ~uring commaQd time of this operat-ion, when the order 9 code specifying a generate random number (~RN) order is ~ecoded, a load master key (LMK) latch and a key variant 3 11 latch are set. .~ith the L~IK latch set, the contents of tlIe 12 ~l~ memory is caused to be read out and Wit}l the key 13 variant 3 latch set, each byte of the master key read 14 out is modified to provide a variant thereof for transfer to the crypto engines. l'he variant of the master key is parity 16 checked, a byte at a time, and loaded as a working key into 17 the key registers of the crypto engines. During synch TD time 18 of this operation, a GRN latch and a special encipher latch 19 are set, the latter causing the processing mode to be set for an encipher operation. ~fter half of the variant of the 21 master key i~ loaded into the key registers of the crypto 22 engine and while the remaining half ~s being loaded, an 23 input cycle is initiated during which the contents of a non-24 re~ettable 64 }~it random counter is transferred, a byte at a time each clock cycle, to the buffer registers of the crypto 26 engine. During this transfer, a byte counter counts the 27 clock cycles and after the 8th byte of the random number has 28 ~een loaded into the buffer registers, then, at the 8th 29 count, ~he input cycle end~, the ~MK latch is reset to terminate further ~X memory read out, the random number is ~12~810 1 transferred from the buffer register~ to the data regi~ters of 2 the crypto engine and a block counter is ~et. During this 3 transfer, the la~t byte of th~ variant of the master key i~
4 loaded into the key regi~ter~, the crypto engines initiate an encipher operation, indicated by an engine busy signal, the 6 ~ey variant latch iQ reset and the random number counter is 7 stepped to the next count value. During the encipher operation, 8 the random number count value in the data register~ of the crypto 9 engines is enciphered under control of the variant of the ma~ter key in the ~ey register~ of the crypto engine~. At the end 11 of the encipher operation, half of the enciphered random number 12 is present in the upper data regi~ter ~nd the other half i8 13 present at the outputs of the cipher function circuits. Following 14 the encipher operation, ~ sexie~ of 8 PIOR data command~ i8 received for reading the enciphered random number. The first 16 such command initiate~ an output cycle and a byte counter count~
17 each such command recoived. During the ~xecution of the first 18 PIOR data command, whlle the block count is at a count of 1, 19 the enciphered random number is parallel tran~ferred from the upper data register and the output~ of the cipher function 21 circults to the buffer registers where it i3 then available for 22 reading, a byte at a time, and the GRN latch i~ reset. At the 23 end of the execution of each PIOR command, the buffer registers 24 are shifted one po~ition to pre~ent the next byte of the enciphered random number fsr reading. At the 8th count of the 26 byte counter, the output cycle ends snd the block counter i~
27 reset to end the operation.
28 A more detailed de~cription of the gen~r~te random 29 number order operation will now be given in con~unction with the timing diagrams of Figs. 28a-28c. After address selection at 31 TA time and loading the csmmand byte into the command register 1 at TC time, the command code i8 decod~d by AND invert circuit 2 266 in Fig. 22b2 to produce a negative ~$gnal which is 3 inverted by inverter 268 to a positive ~ignal on the WR DSD
4 ORDER line thereby indicating the pre~ence of a WR DSD order S command. At th~ 8ame time, the order code i8 decoded by the 6 AND invext circuit 314 to apply a negative ~ignal via the 7 -GRN DEC line to the inverter 316 whore it i~ inverted to a 8 po~itive signal nd applied to one lnput of the AND invert 9 circuit 318. Referring now to the lnverter 476 in Fig.
22d5, the negative signal on the -GRN DEC line i8 inverted 11 to a positive signal and pas~ed via the OR circuit 484 to 12 the SET LMK line. Referring now to the OR inv~rt circu~t 13 564 in Fig. 22g4, ths positive signal on the SET LMK line i8 14 applied to render the OR invert circuit 564 effective to apply a negative ~ignal to set the LMK latch 566 producing a 16 positive signal on the LMK line and a nogative signal on 17 the -LMK line. Referring now to the AND invert circuit 368 in 18 Fig. 22c2, the negative signal on the -LMK line i~ applied 19 to decondition the AND invert circuit 368 which, in turn, maintains a po~itive ~ignal at one input of the AND invert 21 circuit~ 370 and 374 so long ~ the LMX latch 566 remain~
22 set i.e. while the MX memory ~ being read out.
23 Referring now to the KEY VAR 3 CTRL latch 515 in Fig.
24 22e5, the negative signal on the -~RN DEC llno 1~ appli~d to aet the KEY VAR 3 CTRL latch 515 wh~ch, in being set, 26 applies a po~itive ~ignal to the VARIANT 3 line and vla the 27 OR circuit 518 to the VARIANT 1/3 line. Reforring now to 28 Fig. 22el, the po~it~ve ~ignals on the VARIANT 1/3 and 29 VARIANT 3 lin~s sre appl~ed tO the exclu~ve OR circuit~
704A and 704D which ~re used to invert bitfi 0 and 6 of each -~12~810 1 byte read out of the ~K memory 700 thereby providing a 2 variant of the master key for transfer to the crypto 3 engines.
4 Referring now to ~ig. 22c2, negative ~lgnals are maintained at the lnputs of the AND invert clrcuit 366 and a 6 negatlve signal is malntained at the lnput to the inverter 7 162 ~oth of which cause a positive signal to be applied to 8 one input of the AND circult 380 and to condition the AND
9 invert circuit 376. Additionally, the MK OVW latch 276, presently ln a reset ~tate, cause~ a po~ttive signal to be 11 applied vla the -MK OVW llne to the other input of the AND
12 clrcuit 380 thereby rendering it effectlve to apply and 13 malntain a positive signal on the -W ENAB~ line. Thereafter, 14 and ln a manner which is described in detail for the DECK
lS order operation, the AND lnvert clrcuits 370 and 374 are 16 al~ernately rendered effective by ~3L and -~lL clock pulses, 17 respectively; the AND inv~rt circuit 370 controlling the ~ND
18 invert circuit 376 and inverter 378 to produce successive 19 negative signals on the -M ENABL~ line which in combination with the po~itive slgnal on the -W ENABLE line allow succes~ve 21 reading of the ~K m~mory 700 while the ~ND invert circuit 22 374 controlling the AND invert c~rcuit 376 and inverter 388 23 in F~g. 22d2 to produce succe~sive po~itive ~ignal~ on the 24 STEP CTR line for successively ~tepping the addres~ counter 390 to addre~ successive locations of the M~ memory 700.
26 Succe~sive pairs of h~lf bytes read out of the rlx memory 700 27 in Flg. 22el are ~hi~ted into the ~hift regl~ters 702 to 28 provide ~ucces~ive bytes of the ma~ter key for the 29 crypto engine~, with bits 0 ana 6 of each byte being inverted by the exclu3ive OR circu~t~ 704A and 704D to effectively KI977007 -140~

112~18iO

1 provide a variant of the master key for transfer to the 2 crypto engine~.
3Referring now to the ~D invert circuit 568 in Fig.
4 22g4, after each byte of the master key are loaded into the 5shift regi~ter 702 in Fig. 22~1, a ~1 D~L clock pulse in 6 combination with po~itive signalQ on the Cl, -ST~P CTR and 7 ~K lines are applled to render the AND invert clrcuit 568 8 effective to produce a negative signal ~o set the LDX latch 9 570 which, in being ~et, initiate~ production of positive ~ignals on the SR, LDK and LDR control l~ne~ for the crypto 11 engines, in a manner as previously de~cribed in detail in 12 connection with DECX order operation. Reierring now to the 13 crypto engine in Fig. 22gl, the po~itive Qignal on the LDK
14 line i~ applied to condition the AND clrcuit 807 to permit a parity check to be made of each variant byte of the master 16 key for parity error~. The ~ucce~$vo positive signals on 17 the SR, LDK and LDK llnes are applied as control inputs to 18 the key regiQters UKR 350 and LXR 400 to shift the key 19 registers and allow 8ucce~ive variant byte~ of the master key to be }oaded into the key regi~ters.
21 I~eferring now to ~lg 22b2, at TD time, while the variant 22 of the ma~ter key i8 being loaded into the key register~, a 23 positive signal iq zpplied via the SYNCH TD lin~ to render 24 the ~D circuit 270, conditioned by the posi~ive signal on the WR DSD ORDER line, effective to provide a positive 26 signal on the WR ORD TI~ line. Referring now to Fig.
27 22h2', thc positive 3ignal on the W~ ORDER TIME line is 28 applied to the inverter 322 where it is inverted to a 29 neg~tive ~ignal on the -WR ORD TIME line to reset the S~N latch 320 in Fig. 22c3' and the S~EC ENC latch 494 1~2~ 0 1 in Fig. 22dS. Referrlng now to Fig. 22b2, the poQitlve 2 ~ignal on the WR ORD T~M~ line is applied to the remaining 3 input of the ~ND invert circuit 318 to render it effective 4 to produce a ~ignal on the -SET GRN line which i~ applied to S set the GRN latch 320 in Fig. 22c3' producing a positive 6 ~ignal on the GRN line and a negative ~lgnal on the -GRN line.
7 Referring now to Fig. 22e4 the positive signal on the GRN
8 line is applied to one input of each of the ~D circuits in 9 unit~ 472A-472H a~d to condltion the AND circuits 475 in Fig. 22fl while the negative signal on the -~N line i~
11 applied to decondition the A~D circuits 473. Accordingly, 12 information on the BUS IN i~ inhibited from pas~lng via the 13 deconditioned AND circult~ 473 while information from the 14 random number (RN) counter 470 ln Fig. 22e4 i~ pa~sed via the conditioned AND circuits 475 and the O~ circuit 476 to 16 the crypto engine~. Referring now to ~ig. 22d5, the po~itive 17 ~ignal on ~he ~,RN llne i~ also applied to the OR invert 18 circuit 490 where it is inverted to a negative ~ignal to set 19 the SPEC ENC latch 494 causing a po~ltive ~ignal to be applied to the SP ~NC line and a negative ~ignal to the -SP
21 E~C line. Referring now to Fig. 22e3, the po~itive signal 22 on the SP ENC line is applied via the OR circuit 522 to 23 condition the AND circuit~ 536 ~nd 538 in Fig. 22g3 and via 24 the inverter 546 to apply a negative 3ignal to the DEC line to decondition the AND invert circu~ts 548 and 560. Referring 26 to Fig. 22f4, the nQgatlve signal on the -SP ENC line is 27 applied to decondit$on the AND invert circuit 621 cau~ing a 28 positive ~lgnal to be applied to one inpu~ of the ~ND circuit 626.
29 Referring now to ~ig. 23d4, while the variant of the master key i~ being lo~d~d into the ~ey regl~ers and when -~2a810 1 the address countor 390 in Fig. 23d2 i~ stepped to a count 2 of 8 by a -~lL clock pulse, a negative signal on the -C8 3 line i8 applied to set the 16 STEP latch 404 c~using a 4 positive ~ignal to be applied to condltlon the AND c~rcuit 406 and to set the CT O~ 8 iatch 441 in ~ig. 22d4 causing a 6 positive signal to be applled to the CT 8 line. The positive 7 signal on the CT 8 line in combinatlon with the posltive 8 signals on the GRN and LMK llnes ronder tho AND invert 9 circuit 443 effective to apply a negative ~ignal on the -GRNW line. The neqatlve signal on the -GRNW line i8 applied 11 to decondition the AND circuit 600 in Fig. 22g4 which, in 12 being deconditioned, applies a nogatlve ~ignal via the -LIB
13 line to one input of the OR invert circuit 602. At ~2 14 time, A -C clock pul~e i~ ~pplled to the other input of the OR invert circuit 602 thereby decondltionlng it and cau~ing 16 a positlve signal to be applle~ via th~ ~IB line to the 17 control ~ignal cable connected to the crypto engln~s and to 18 the OR invert circuit 648 in Flg. 22h4 c~u~lng a negative 19 signal, delayed by delay circuit 650, to be applied via the ~ line to the control signal cable connection to the 21 crypto engines.
22 Referring to Fig-. 22d4 and 22e4 the RN counter 470 is 23 a 64 ~tag~ nonresettable binary counter whlch i8 battery 24 powered so that it may retain it~ contents independent of system power. ~ach of the 8 output byte~ of the ~N counter 26 470 is connected to a csrresponding ~et of AND circuit~ 472A
27 to 472H conditionea by the positi~e sign~l on the GRN line 28 and controlled by th~ s~ttings of the by~e counter 448. At 29 this time, the byt~ counter 448 i8 at a count of 0 which cond~tion is decoded by the decoder 4~6 producing a positive signal on ~2`~810 1 the BC 0 line to render effective the ~t of ~ND clrcuits 2 472A for p~sing the flr~t byte of the count ~alue in the ~N
3 counter 470 via the OR clrcuit~ 474 to the AND circuit-Q 475.
4 m e AND clrcult~ 475 being condltioned by the posltive cignal on the ~RN line pa~ses the rando~ number byte via the 6 OR circult 476 and the P box 50 to the buffer regl~ters UBR
7 100 and LBR 150. Accordingly, the naw recelved comblnation 8 of ~ignals on the LIB and ~ lne are eff~ctlve to permit 9 the random number byte to be loaded lnto the buffer regi~ters in e~ch crypto engine.
11 Referring now to Fig. 22e3. at ~3L time, a ~3L clock 12 pulse together with po~ltlve ~ignals on the GRNW and GRN -;
13 line~ render the AND invert circuit 43S effective to apply 14 negative signAl to Jet the INPUT CYC~E latch 454 to ~tart an input cycle operat~on durlng which uc¢-~Jive byte~ of 16 the random number count value of the RN counter are loaded 17 lnto the buffer regl~ters. The ~NPUT CYC~E latch 454 in 18 being set applie~ a negative ~ignal via the -I~ CYCLX line 19 to ~et the START lN CYCLE END latch 530 ln Flg. 22f3. Referrlng now to Fig. 22d4, at ~4 time, ~ ~4 clock pul~e in combination 21 with posltive ~ignal~ on the GRN, LM~ ~nd C$ ~ llnes axe 22 applied to render the AND invert circult 440 effectlve to 23 apply a nsgative pul~e to the STEP BYqE CTR llne, the po~itive 24 tralling edga of whlch 1~ eff~ctive to ~t~p the byte counter 448 to a count of 1.
26 In a ~imilar ~anner, ~ucceedlng ones of the random 27 number count value byte~ are gated, under control of the 28 byte ¢ounter 448, and lo~ded lnto the buf~or regl-ter~ UBR
29 100 and LBR 150, wlth the previous byt~ b~ing simultaneou~ly shifted and the byte counter 448 being st~pped at ~4 tlme of :, ~2~810 l each clock cycle.
2 After the 8th random number count value byte is 3 wrltten into the ~uffer registers, then at ~4 tlme of 4 that clock cycle, the byte counter 448 step~ from a count of 7 back to a count o~ 0 causlng a negative slgnal to be 6 produced to set the COUNT 8 latch 450 which, in beinq set 7 applies a neqatlve ~ignal to the -CT 8 llne. The negative 8 signal on the -CT 8 line is applled to reset the INPUT CYCLE
9 latch 454 in Fig. 22e3 thereby endlng the lnput cycle.
Referring now to Fig. 22d3, the INPUT CYCL~ latch 454, in 11 ~eing reset, applie~ a po~itlve ~ignal whlch, ln combinatlon 12 wlth the po~itive ~gnal on the -OUT CYC~E line, renders the 13 AND invert circuit 410 effective to ~pply a negative ~ignal 14 to reset the COUNT 8 latch 450 in Flg. 22d4 and is inverted by lnverter 412 to a po~ltive ~ignal to ~et the BLOC~ COUNT
16 fllp flop 414 producing a posltlve ~lgnal on the -BLK 0 line 17 and a negative ~ignal on the -BLK l llne.
18 Referring now to F~g. 22f3, at ~l time of the next clock 19 cycle, a ~l DEL clock pul~e in com~inatlon with po~it~ve ~ignal~
on the -I~ CYCLE lin~ and from the START IN CYCLE ~ND latch 530 21 render the AND invert clrcuit 532 ef~ective to apply a negatlve 22 signal to set the IN CYCLE END latch 534 whlch, in belng ~et, 23 applie~ a po~tive ~ignal ~o the IN CYCLE ~ND llne.
24 Referring n~w to Fig. 22f4, the posltive ~lgnal on the IN
CYCLE END line i9 applied to the inverter 622 where it i~
26 inverted to a negativo signal and appl$ed to decondition the 27 AND circuit 626 causlng a negative signal to be applied to 28 set the START EB latch 628 and to tho inverter 638 ln Fig.
29 22g4 where it i~ lnverted to a po~itlve signal ~nd applied to render the OR invert circui~ 640 ~ffec~ive to apply 31 negatlv~ ~lgn~l~ via the -ELR ~nd -LDR line~ to one XI977n07 -145--112~10 1 input of the OR invert cireuits 642 and 644. Referring now 2 to F$g. 22c2, the n~gative ~ignal on the -~LR line ic 3 applied to deeondition the AND clreuit 382 which, in turn, 4 re~t~ the addre~ counter 390 in Fig. 22d2 from a count of

15 back to a count of O cau~ing a po~itive signal to be 6 applied to the -C 8 line. The positive signal on the -C 8 7 line is applied to render the ~ND clreu$t 406, eonditioned 8 by the po~itive ~ignal from the 16 STEP lateh 404, effective 9 to appl~ a positive signal to the lnverter 408 where it is inverted to a negatlve ~ignal on the -16 STEP llne which i~
11 applied to re~et tho CT OF 8 l~teh 441 ln Fig. 22d4 and to 12 reset the LMK lateh 566 in 22g4. LMK l~teh 566 $n being 13 re~et applios a negatlve ~ignal to the LMK llne ~nd a 14 positive ~ignal to the -LMK llne. The negatlve slgnal on the LMK line deeond$tlon~ the AND invert eireult 568 to

16 lnhibit further produ¢tlon of the ~hlftlng eontrol signals

17 SR, LDK and LDX for the key registers of the erypto engine~.

18 Referr$ng now to Fig. 22e2, the po~itive ~ign~l on the g -LMK l~ne 18 applled to r~nd~r th~ AND $nvert eireuit 368 eff~etlve to apply a neg~tive siqnal to deeonditlon the AND
21 invert eireult~ 370 ~nd 374 to lnh$b$t furth~r reading of the 22 MK memory 700 and stepplng of the address eounter 39~.
23 Referrtng now to Fig. 22g3, the po~itlYe signal on the 24 IN CYCLE END line in eombination w$th the posltive signal on the ENC line are ~pplled to render the AND eireui~ 538 26 effective to apply a po~itive ~ignal to the OR invert 27 cireuit 540 whieh, in turn, applies a nagat~ve sign~l via 28 the -SL llne to one $nput of th~ OR invort e~reuit 544.
29 Referring now to Pigs. ~2g3 and 22g4, At ~2 t~m~ C
clock puls~ i8 appllod to the oth~r input of th~ OR ~nvert -K~977007 -146-`~2~10 1 circuits 544, 642 and 644 to decondit$on them causing 2 positive signals to be applied via the SL, ELR and I,DR
3 lines, respectively, to the control signal cable connected 4 to the crypto engines. Referring to Fig. 22h4, the S positive ~ignal on the SL line is applied to the O~ invert 6 606 causing a negative signal, delayed by delay circuit 608, 7 to be applied via the LDX line to the control signal cable.
8 The positive signal on the L~DR line is applied to the OR
9 invert circuit 652 caus~ng a negative ~ignal, delayed by delay circuit 654, to be applied via the LDR line to the 1~ control ~ignal cable. Referring now to the crypto engine in 12 Fig. 22gl, the control signals LDR and LDR are effective for 13 causing the random number ~tored in the buffer registers UBR
14 10~ and LBR 150 to be transferred and loaded into the data registers UDR 200 and LDR 250 in preparation for the encipher 16 function. The control ~ignals on the SL and ~D~ lines are 17 applied to the key register~ causing the content~ thereof, 18 namely, the variant of the master key, to be shifted one

19 position to the left a~ a pre-shift operation prior to the encipher operation.
21 Referring now to ~igs. 22e3 and 22f3, at ~4 time, a ~4 22 clock pulse in com~ination with the pssitive signal on the 23 I~J CYCLE END line are applied to render the AND ~nvert 24 circuit 528 effective to apply a negative signal to reset the START IN CYCLE END latch 530. At ~l/L time of the next 26 clock cycle, a -~l/L clock pul~e is applied to re~et the IN
27 CYCLE END latch 534 causing a negative signal to be produced 28 on the IN CYCLE END line. Referring now to Fig. 22f4, the 29 negative signal on the IN CYCLE END line is applied to inverter 622 where it is inverted to a positive o 1 ~ignal to be applied to render the ~D circuit 626 effecti~e 2 to apply a positiYe signal to render the ~D invert circuit 3 630, conditioned by the po~itive signal from the START EB
4 latch 628, effective to apply a negative iignal to set the EB latch 632 indicating the start of the crypto operation.
6 The EB latch 632, in being set, applies a positive signal to 7 the ~B line and a ne~ati~e sign~l to the -EB line. Referrin~
8 to Fig. 22d4, the po~itive signal on the EB line in comblnation 9 with the positive ~ignal on the GRN l~ne are applied to render the ~ND circuit 468 effective to apply a positive 11 signal to step the RN COUN~ER 470 to the next count. Referring 12 to Fig~. 22c2 and 22d2, the po~itive ~ignal on the ~B line 13 is also applied to condltion the address decoder AND invert 14 circuit 398 and to con~ition the ER flip flop 384 to permit stepping of the round counter 3g0. Refexring to ~ig. 22f4, 16 the negative signal on the -EB line i~ applied to set the 17 S~ART EB END latch 612 and referring to Fig. 22eS, to reset 18 the KEY VAR 3 CTRL latch 515.
19 The encipher funct~on operation is similar to that previously described in detail in connection w~th the encipher 21 order operation and can generally be followed by referring 22 to the timing diagram of Fig. 28. Generally, the encipher 23 function i8 performed by repeating a product cipher function 24 for 15 ro~nds. During each round, the contents of the upper data register U'DR 200 is enciphered under control of the 26 contents of the key registers UKR 350 and L~R 400 with the 27 result~ being added to the content~ of the lower data register 28 LDR 250 by the modulo-2 adders 650~664. ~t the end of each 29 round, the outputs of the modulo-2 adders Are parallsl tran~fexred to the upper data r~yi~ter UDR 200 whlle the 1 contents of the upper data register UDR 200 are parallel 2 transferred to the lower data register LDR 250 to form the 3 arguments for the next round and the key registers are 4 shifted by the control signal on the S~ line in accordance with key shift schedule shown. As a re~ult of the single 6 pre-shift signal on the SL line and the 27 additional signals 7 on the ~L line during the encipher operation, the key 8 registers shift left exactly 28 times to return the variant g of the master key back to the initial home position in the key regi~ters. At the end of encipher function, half of the 11 enciphered random number is available at the outputs at the 12 upper data register t7DR 200 and the other half is available 13 at the outputs of the cipher function circuits.
14 ~ollowing the encipher operation, a series of 8 PIOR
data commands are is~ued for reading the enciphered random 16 number. The first ~uch command ~nlt~ates an output cycle 17 which is performed in a qimilar manner to that described in 18 detail in connect~on with the encipher order operation. In 19 general terms, during the execution of the PIO~ data command, while the block count is a~ a count of 1, the enciphered 21 random number is parallel transferred from the upper data 22 register and the outputs of the cipher function circuits to 23 the buffer register~ where it is then available for reading, 24 a hyte at a time. At the beginning of the execution of the first PIOR data command, a positive s~gnal is applied on the 26 OUT CYCL~ START line to reset the ~,~N latch 320 in ~ig. 22c3' 27 and a~ the end of the execution of each PIOR command, the 2B buffer registers are ~hifted one posltion to pre~ent the 29 next byte of the enciphered random number for reading. At the 8th count of the byte counter, the output cycle ends and 8~0 1 the block counter is reset to end the operation, with 2 the enciphered random number now available for use as a 3 secondary ~ey or an enciphered operational key. While 4 a 64 bit RN counter i8 used in this operat~on to provide a p~eudo random number, it should be apparent that it is 6 well within the qkill of the art to use a truly random 7 number generator for gen~rating a random value e.g. a 8 noi~e generator.

K~977007 -150-E?~CIPHER .'~ASTl~:R KEY ORDER OPERATION
2 The function of the enclpher master key EMK~ operation 3 is to encipher an operational key under the host master ~ey 4 while the function of the enciphex ma~ter key EMKl operation is to encipher a secondary key under a variant of the ho~t 6 ma~ter key.
7 When the order codes specifying either of these orders 8 is decoded, a load master key (LMK) latch is set and, in the 9 case of the E`IKl order, a key variant 1 latch i8 additiohally set. With the LMK latch set for either order, the contents 11 of the MX me~ory is caused to be read out and in the case of 12 the ~MK~ order operatlon, is transferred, a byte at a time, to 13 the crypto engine~ while in the case of the EMKl order 14 operation each byte of the master key read out of the ~K
memory i~ modified to provide a variant of the master key to 16 the crypto engine~. The ma~ter key or the varian~ of the 17 ma~ter key, depending upon which order is being performed, 18 is parity checked in the crypto engines, a byte at a time, 19 and loaded as a working key into the key registers of the crypto engine~. During synch TD time of either operation, 21 an EMX latch and ~ special encipher SPEC ENC latch are set, 22 the latter causing the proce~sing mode to be ~et for an 23 encipher operation. After loading the ma~ter key or the 24 variant of the ma~ter key into the key registers, a series of 8 PIOW commands are received with the data field associated 26 with the comma~ds, con~t~tuting the operational key or 27 secondary key, depend~ng upon which order i~ being performed, 28 to be enciphered, being loaded i~to the buffer regi~ters of 29 the crypto engines. The first ~uch command initiate~ an input cycle and a byte counter counts each ~uch command li~8~

1 received. After the 8 PIOW commands have been received and 2 the 8th byte written into the buffer registers, then, at the 3 ~th count, the input cycle ends, the operational or secondary 4 key i~ tran~ferred from the buffer registers to the data registers of the crypto engines, a block counter is set, the 6 crypto engines ~tart an encipher operation, indicated by the 7 generation of an engine busy s~gnal, and the key variant 1 8 latch is reset. ~uring the encipher operation, the 9 operational or secondary key, depending upon which order operation i~ being performed, in the data registers of the 11 crypto engines is enciphered under control of the master key 12 or variant of the master key, respectively, in the key 13 registers of the crypto engines. At the end of the encipher 14 operation, half of the enciphered operational or secondary key is present in the upper data register and the other half 16 i~ present at the outputs of the cipher function circuits.
; 17 Pollowing the enclpher operation, a series of 8 PIOR data 18 command~ i~ received for reading the enciphered operational 19 or seconaary key. The first such comm~nd lnitiate~ an output cycle and the byte counter count~ sach such command 21 received. ~uring the execution o~ the first PIOR data 22 command, while the block count is At a count of 1, the 23 enciphered operational or ~econdary key is parallel transferred 24 from the upper data register and the output~ of the cipher ~unction circuits to the ~uffer regi~ters where it i~ then 26 available for reading, a byte at a time, and the EMK latch r 2 7 is re~et. At the end of the execution of each PIOR command, 28 the buffer registers are shifted one position to present the 29 next byte of the enciphered operational or -cecondary ~ey ~or rea~lng. At the 8th count of the byte counter, the output ~2`~0 1 cycle ends and the block counter is reset to end the operation.
2 ~ more detailed description of the encipher master key 3 order operation will now be given in con~unction with the 4 timing diagramsof figs. 29a-29c. After address selection at S TA time and loading the command byte into the command 6 register at TC tim~, the command code i5 decoded by the A~D
7 invert circuit 266 in Fig. 22b2 to produce a negati~e signal 8 which i8 inverted by inverter 268 to a positive ~ignal on 9 the ~R DSD ORDER line thereby indicating the presence of a WR DSD ORD~R command. At the same time, if the order co~e pecifies an ~r~K~ order, then that order code is decoded by 12 the AND invert circuit 340 to apply a negative signal via 13 the -El~ EC line to the inverter 342 where it is inverted 14 to a positiv~ signal and applied to one input of the AND
invert circuit 344 whereas, if the order code specifies a 16 EMKl order, ~he order code is decoded by the A~D invert 17 circuit 341 to apply a negative signal via the -~MKl DEC
18 line to the inverter 343 where it is inverted to a positive 19 signal and applied to one input of the AND invert circuit 345. Referring now to the inverter circults 479 and 481 in 21 Fig. 22d5, negatiYe signals on either of the -~KO DEC or 22 -E~lKl DEC lines are inverted, respectively, to positive 23 signals and passed via the OR circuit 484 to the SET LMK
24 line. Referring now to the OR invert circuit 564 in Fig.
22g4, the positive signal on the SET LMK line is applied to 26 render the O`R invert circuit 564 effective to apply a negative 27 signal to set the Ll~K latch 566 producing a positive signal 28 on the L2~ line and a negative signal on the -LMX line.
29 Referring now to the ~ND invert circuit 368 ln ~ig. 22c2, t~.e negative signal on the -I.'~ line is app~ied to decondition 13 2-~10 1 the ~ND invert circuit 368 which, in turn, mainta~ns a 2 positive ~ignal at one input of the A~D invert circuits 370 3 and 374 so long a~ the LMK latch 566 remains set i.e. while 4 the ~1K memory is being read out.
Referring now to the K~Y VAR l CTRL latch 513 in Fig.
6 22e5, if the order code $s a ~MKl order code, then the 7 negative signal on the -~MKl DEC line is applied via the OR
8 circuits 511 to ~et ~he XEY VAR 1 CTRL latch 513 which, in 9 being set applies a positive si~nal to the VARIANT 1 line and via the OR circuit 518 to the VARIANT l/3 line. Referring 11 now to Fig. 22el, the positive ~ignals on the VARIA~T l/3 12 and VARlANT 1 lines are applied to the excluslve OR circuit 13 704A and 704B which are used to inver~ b$ts 0 and 2 of 14 each byte read out of MK memory 700 thereby providing a lS variant of the ma~ter key for transfer to the crypto engines.
16 P.eferring now to Pig. 22c2, positive ~ignals are maintained 17 at the inputs of the AND circuit 380 to thereby render it 18 effective to apply and maintain a positive signal on the 19 -W ENABLE line. ~he AND invert circuit 370 and 374 are alternately rendered effecti~e by ~3L and -~lL clock pulses, 21 respectively; the AND invert circuit 370 contxolling the 22 AND invert circuit 376 and inverter 378 to produce successive 23 negative ~ignals on the -M ENABLE line which in combination 24 with the positive s~gnal on the -W ENABLE line allow~
successive reading of the MK memory 700 while ~he AND invert 26 circuit 374 controll~ns the AND invert circuit 376 and inverter 27 388 in Fig. 22d2 to produce successive posi~ive signals on 28 the STEP CTR line for successivQly stepping the addre~s 29 counter 39n to addre9~ successive loc~t~ons on the ~X memory 7(~0, ~u~e~a~1v~ ~alrs o~ hnl~ by~ r~nd out of th~ ~1K menlory KI9/70~7 -154-8~

1 700 in Fig. 22el are ~hifted into the ~hift registers 702 2 to provide succe~ive bytes of the master key for the 3 crypto engines. If the encipher master key order being performed is ~K~, the succe~sive byte~ of the m~ster key are tran-~ferred in unmodified form to the crypto engines 6 whereas if the encipher master key order belng performed is 7 ~MKl, then ~itq 0 and 2 of each byte are inverted by the 8 exclusive OR clrcults 704A and 704B to effectively provide a g variant of the master key for transfer to the crypto englnes Referring now to the AND invert clrcuit 568 in Fig.
11 22g4 a ~1 DEL clock p~lse in comblnation with positive 12 signal~ on the Cl, -S~EP CTR and LMX lines are applied to 13 render the AND invert circuit 568 effective to produce a 14 negative ~ignal to set ~he LDK latch 570 which, in being lS ~et, initiates production of the positive ~gnals on the SR, 16 LDK and LDK control lines for the crypto engines, in a 17 manner previously descr$bed in detail in connection with the 18 ~ECR order operation. Referrlng now to the crypto engine in 19 Fig. 22gl, the ~ucce~ive posltive ~gnal~ on the LDK line are applied to succe~sively conditlon the ~ND c$rcuit 807 to 21 permit a parity check to be made of each byte lo&ded lnto 22 the key register~ for par~ty error~. The succe~ive positive 23 signal~ on the SR, LVK and LDX line~ are applled a~ control 24 inputs to the key register3 UKR 350 and LKR 400 to shift the key registers and allow succe~sive bytes to be loaded into 26 the key registers.
27 Referring now to ~g. 22b2, at TD time, while the key 28 register~ are being loaded, a po~itlve ~ignal is applied via 29 the SYNCR TD line to render the ~D circuit 270, conditioned by the posltive signal on the WR DS3 order line, effective KI977007 . -155-~124810 1 to provide a positive ~iqnal on the WR ORD TIME line.
2 Referring now to Fig. 22b2', the po~itive signal on the 3 WR OR~ TIME line is applied to the inverter 322 where it is 4 inverted to a negative signal on the -WR ORD TINE line and S applied to reset the ~t~K latch 346 in Fig. 22c3' and the 6 SPEC ENC latch 494 in Fig. 22dS. Referrin~ now to Fi~.
7 22b2', the po~itive ~ignal on the WR ORD TIr~E line i8 8 ~pplied to the remaining input of the A~D invert circuits 9 344 and 345 to rendor one of them effective, depending upon whether the E,~K~ or EMKl order operation i8 heing performed, 11 to produce a signal on the -SET EMK~ line or the -SET EMKl 12 line, re~pectively, to decondition the AND circuit 345 13 causing a negative ~gnal to be applied to set the F~K latch 14 346 which, in being ~et, applies a po~itive ~ignal to the lS Er~K line. Referring now to ~ig. 22d5, the positive signal 16 on the EMK line i8 applied to the OR invert circuit 490 17 where it iQ inverted to a negAtive signal to ~et the SPEC
18 ENC latch 494 which, in being set, applies a po~itive ~ignal 19 to the SP ENC line and a negative ~lgnal to the -SP ENC
line. Refarring now to Fig. 22e3, the positive ~ignal on 21 the SP ENC line is applied via the OR clrcuit 522 to condition 22 the AND circuit 536 and 538 in Fig. 22g3 and via the inverter 23 546 to apply a negative ~ignal to the ~EC lino to decondition 24 the I~D lnvert circuits 548 and 560.
Referring now to Fig. 22d2, after the 8th byte is 26 loaded ~nto the k~y regi~ters, the address counter 390 YtepS
27 ~rom an addres~ coun~ of 15 back to an ~ddre~ count of 0 28 (count of 16) causlng a po~itive signal to be produced on 2g the -C8 line which i8 ~pplied to condition the AND invert circuit 402 ~nd to render the AND circuit 406, conditioned 112`~8i0 1 by the po~itive signal output by the 16 STEP latch 404, 2 effective to produce a positive signal which is inverted by 3 inverter 408 to a negative signal on the -16 STEP line.
4 Referring now to Fig. 22g4, the negati~e signal on the -16 STEP line is applied to re~et the LMK latch 566 which, in 6 being reset, applie~ a negative ~ignal to the LMK line and a 7 positive signal to the -LMK line. The negative signal on 8 the L~IK line deconditions the AND invert circuit 568 to 9 inhibit further production of the shifting control signals SR, LD~ and LDK for the key register~ of the crypto engines.
11 Referring now to Fig. 22c2, the positive slgnal on the -LMK
12 line is applied to r~nder the AND in~ert circuit 368 effective 13 to apply a negative signal to decondition the ~ND invert 14 circuits 370 and 374 to inhibit further reading of the !IK
memory 700 and stepping of the address counter 390.
16 ~fter loading the key registers of the crypto engines, 17 a series of 8 PIOW comman~s are received with the data 18 fields associated with the commands constituting the operational 19 key or the s~condary key to ~e enciphered, being written into the buffer registers of the crypto engines. The writing 21 operation of the operational Xey or the ~econdary key into 22 the buffer registers of the crypto engines by a series of 8 23 PIOW commands i~ similar to the writing operation described 24 in detail in DEC order operatlon i.e. an input cycle is initiated, the byte counter 448 ~s conditioned to count each 26 PIOW data command received and the operational key or 27 secondary key is written, a byte at a time, per PIOW data 28 coImmana~ into the buf fer registers UBR 100 and LBR 150.
~` 29 ~fter the 8th byte of the operational key or the secondary key has been written into the buffer regi~ters, then, at ~4 :

~2'1~1~

1 time of that clock cycle, the byte countex 448 ~teps from a 2 count of 7 back to a count of O causing a negative signal to 3 be produced to set the COUNT 8 latch 450 which, ln be~ng set 4 applies a negatlv~ signal to the -CT8 line. The negative ~ignal on the -CT8 line is applied to re~et the INPUT CYCLE
6 latch 454 in Fig. 22e3 thereby ending the input cycle.
7 Referring now to Fig. 22d3, the INPUT CYCLE latch 454, in 8 being reset, applie~ a po~itlve signal on the -IN CYCLE
9 lino which, in combination wlth th~ posltivo s~gnal on the -OU~ CYCLE line, renders the AND invert clrcuit 410 effective 11 to apply a negativo signal to reset the COUNT 8 latch 450 in 12 Fig. 22d4 and i~ inverted by inverter 412 to a positive 13 signal to ~et the BLoCK COUNT flip ~lop 414 producing a 14 pO8~ ti~e signal on the -BLKO line and a neg~t~ve ~ignal on the -BLKl line.
16 Referring now to Fig. 22f3, at ~1 t~mo of the next 17 clock cycle, a ~1 DE~ clock pul~e in comb$nation with 18 po~itive signals on tho -IN CYCLE llne and from the START IN
19 CYCLE END latch 530 ronder the AND invert c~rcuit 532 effective to apply a negatlve ~lgnal to s~t tho IN CYCLE END latch 21 534, which, in being set, applies a pos~tive ~lgnal to the 22 ~N CYCLE END line. Referring now to Fig. 22f4, the positive 23 signal on the IN CYCLE END line ~ appli~d to the inverter 24 622 ~here it iY inv~rted to a negative ~lgnal to decondition the AND circu~t 626 which, in turn, causes a negat~ve signal 26 to b~ applied to ~t the START ~B latch 628 and to the AND
27 inverter 638 in Fig. 22g4 wh~re it is ~nvorted ~o a positLve 28 ~ignal and appli~d to render the OR invert ~ircuit 640 29 effective to apply negative ~ignal~ vla the -EL~ and -LDR
lines to one input of the OR lnvert c~rcults 642 and 644.

-~2~0 1 Referr~ng now to Fig. 22g3, the positive ~ignal on the 2 IN CYCLE END line in combination with the positive ~ignal on 3 the ENC line are applied to render the AND circuit 538 4 effective to apply a po~itive signal to the OR invert circuit 540 which, in turn, applies a negative signal via the -SL
6 line to one ~nput of the OR invert circuit 544. Referring 7 now to Figs. 22g3 and 22g4, at ~2 time, a -C clock pulse is 8 applied to the other ~nputs of the OR invert circuits 544, 9 642 and 644 to decondition them causing positive signals to be applied via the SL, ELR and LDR line~, re~pectively, to 11 the control ~ignal cable connected to the crypto engines.
12 The positive signal on the SL line initiate~ production of 13 the LDK control signal and the positive Qignal on the ~DR
14 line i8 applied to init~ate production of the ~DR control lS signal both of which are applied via ~he control signal 16 ca~le to the cxypto engines. Referring now to the crypto 17 engine in Fig. 22gl, the control ~i~nals LDR and LDR are 18 effective for causing the operatlonal ~ey or the secondary 19 key stored in the buffer registers UB~ 100 and LBR 150 to be transferred and loaded into the data regi~ter~ UDR 200 and 21 LDR 250 in preparation for the encipher function. The 22 control signals on th~ SL and ~g lines are applied to the ~3 ~ey registers causing the contents thereof to be shifted one 24 position to the left as a pre-shift operation prior to the encipher operation.
26 Referring now to Fig~. 22e3 and 22f3, at ~4 time a ~4 27 c~ock pulse in combination with the positive signal on the 28 IN CYCLE END line are applied to render the AND invert 29 circuit 528 effectivQ to apply a negative signal to re~et 3~ the START IN CYCLE END latch 530. ~t ~l/L time of the next 1~2(~8iO

1 clock cycle, a -~l/L clock pulse i~ applied to reset IN
2 CYCLE END latch 534 causing a negative signal to be produced 3 on the IN CYCLE ~ND line. Referring now to Fig. 22f4, the 4 negative ~ignal on the IN CYCLE END line i~ applied to S the inverter 622 where it i8 inverted to a posit~ve signal 6 and applied to render the AND circuit 626 effective to produce 7 a positive ~ignal which, in turn, renders the AND invert 8 circuit 630, conditioned by the po~itive signal from the 9 STAR~ EB latch 628, effective to apply a negative signal to set the EB latch 632 ~ndicating the ~tart of the crypto 11 operation. The ~ latch 632, in beln~ ~et, applie~ a positive 12 signal to the ~B line and a negative ~ignal to the -EB line.
13 Referring to Fig~. 22d2 and 22c2, a po~it~ve signal on the 14 EB line i~ applied to condition the addre~ decoder AND
lS invert circuit 398 and to condition the ER flip flop 384 to 16 permi~ ~tepping of the round counter 390. Referring now to 17 Fig. 22f4, the negative ~ignal on the -EB line 18 applied to 18 ~et the START EB ~ND latch 612 and referring to F~g. 22e5, 19 if the EMKl order operation i~ being performed, to reset the KEY VAR 1 CTRL latch 513.
21 The encipher function operation is qimilar to that 22 prev~ously described in detail in connection with the encipher 23 oxder opexation and can generally be followed by referring 24 to the timing diagram of Figs. 29a-29c. Generally, the encipher function i~ performed by xepeating a product cipher 26 function for 16 rounds. During ea~h round, the con~ent~ of 27 the upper data regi~ter UDR 200 is enciphered under control 28 of the content of the key register UKR 350 and LKR 400, 29 which may contain the mas~er key or a variant of the master key, depending upon whether the E~lK~ or EMKl order operation ~24810 1 is being performed, with the re~ults being added to the 2 contents of the lower data register ~DR 250 by the modulo-2 3 adder~ 650-664. At the end of each round, the output~
4 of the modulo-2 adder~ are parallel tran~ferred to the upper data regi~ter UDR 200 while the content~ of the upper data 6 regi~ter UDR 200 are parallel transferred to the lower data 7 regi~ter LDR 250 to fonm the arguments for the next round 8 and the key regi~ters are shifted by the control signal on ~ the SL line in a¢cordance with the key shift schedule shown.
As a result of the slngle pre-shift ~ignal on the SL line 11 and the 27 additional signals on the SL line during the 12 encipher operation, the key regi~ters shift left exactly 28 times to return the master key or the variant of the master 14 key baak to the initial home positlon in the key regi~ter.
At the end of the en¢ipher function, half of the enciphered 16 operatlonal or secondary key i~ available at the output of 17 the upper data regl~ter UDR ~00 and the other half is 18 available at the outputs of the cipher ~unction circuit~.
19 Pollowlng the encipher operation, a series of 8 PIOR
data commands are received for reading the enc~phered 21 operational or secondary key. The firRt such command 22 initiates an output cycle which i8 performed in a ~imilar 23 manner to that des~ribed in detail in connection with the 24 encipher order operation. In general terms, during the execution of the PIOR data command, whlle the block count is 26 at a count of one, the enciphered operatlonal or secondary 27 key i8 parallel trans~erred from the upper data register and 28 the outpu~ of the cipher function circuit~ to the buffer 29 register3 where it i~ then available for reading, a byte at a time. At the beginning of the execution of the first PIOR

kI977007 -161-~12481~

1 data command, a negative signal is applied on the OUT CYCL~
2 START line to reset the ~MK latch 346 in Fig. 22c3' and at 3 the end of the execution of each PIOR command, the buffer 4 registers are shifted one position to present the next byte of the enciphered operational or secondary key for reading.
6 ~t the 8th count of the byte counter, the output cycle ends 78 and the block counter is reset to end the operation.

~no ItEENCIPHER FE~O~l ~ASTER KEY (2F.~IK) ORDER OPERATION
. _ 2 ~he function of this operation is to reencipher an 3 operational key enciphered under a host master key 4 to the operational key enciphered under a secondary key S which is itself enciphered under a variant of the host 6 master key.
7 During command time of this operation, when the order 8 code specifying a RFMK order is decoded, a load master key 9 ~LMK) latch and a key variant l latch are set and a special encipher (SP ENC) latch is reset. With the LMK latch set, 11 the contents of the .~fK memory is caused to be read out for 12 transfer to the crypto engines and with the key variant l 13 latch set each byte of the master key transferred is modified 14 to provi~c a variant (~Hl) of the master key (KMH~).
The variant of the master key is parity checked, a byte at a 16 time, and loaded as a working key into the key registers of 17 the crypto engines. During synch TD time of this operation, 18 a RFr~K latch is set causing a key order ~K ORD) signal to be 19 produced indicating that a key order operation i8 to be performed and an encipher (ENC) latch is reset causing the 21 processîng mode to be set for a decipher (~EC) operation.
22 After the 8th byte i5 loaded into the key registers, the L.~X
23 latch is reset to terminate further ~IR memory read out.
24 series of 8 PIOW da~a commands i8 then received with the data fields associated with the commands, constltuting a 26 secondary key enciphered under the same variant of the host 27 master key ~tored in the key registers, being loaded into 28 the buffer registers of the crypto engine~. The first such 29 command initiates a first input cycle and a byte counter counts each such command received. ~fter the 8 PIOW co~mands li2~810 1 have been received and the 8th byte written into the buffer 2 reg$sters, then, at the 8th count, the input cycle ends, the 3 enciphered ~econdary key is transferred from the buffer 4 registers to the data register~ of the crypto engines, a block counter i~ set, the crypto engine~ start a decipher 6 operation, lndicated by the generation of an eng$ne busy 7 signal, and the key variant l latch i~ reset. During the 8 deciphsr operation the ~econdary key enciphered under the 9 variant of the ho~t ma~ter key in the data registers of the crypto engines i~ declphered under control of the ~ame 11 variant of the ho~t ma~ter key in thQ key register~ of the 12 crypto engines to obtain the secondary ~ey in clear form.
13 At the end of the decipher operation, half of the ~econdary 14 key, now ~n ~lear form, i~ av~llable at the outputs of the upper data regl~ter UDR and the other half i8 available at 16 the outputs of the cipher fu~ction cir~uits. ~dditionally, 17 at the end of th~ declpher oporation, a special ~ey operation 18 (SP KEY OP) latch i~ ~et.
19 A second series of 8 PIOW data command~ $s then received with the data fields associated with the commands, con~titut$ng 21 the operat~onal key enciphered under the host ma~ter key, - 22 be$ng load~d ~nto tho buffer regLstar~ of the crypto engines.
23 The ~$r~t such command received initiates a second input 24 cycle and the byte counter again count~ each ~uch command received. After th~ 8 PIOW commands have been recelved and 26 the 8th byte wrltten into the buffer regi~ters, then, at the 27 8th count, the second input cycle ends, the bloc~ counter i8 28 reset and the operational key enciphered under the host 2g master k~y is tran~ferred from the buffer rQgi~ters to the data regi~ter~ of the crypto engines whlle, at the same ~I977007 -164-11.24~10 1 time, the secondary key, in clear form, is transferred from 2 tlIe outputs of the upper data register and the outputs of 3 the cipher function circuits to the buffer registers.
4 Follow~ng the end of this second lnput cycle, the ~IK latch is again ~et and the ho~t master key contents of MK memory 6 (~H~) is caused to be read out for tran~fer to the crypto 7 engines. The host master key i~ parity checked, a byte at a 8 time, and loaded a~ the working key into the key registers 9 of the crypto engines. After the 8th ~yte is loaded into the key registers, the LMX latch i~ reset to terminate 11 further MK memory read out a~d the crypto engines then start 12 a second dscipher oporation, indicated by the E~ signal, to 13 decipher the operational key enciphered under the host ma~ter 14 key in the data r~gister~ of the crypto eng$nes under control of the ho~t ma~ter key in the key xegister~ of the crypto 16 engines to obtain the operational ~ey in clear form. At the 17 end of the ~econd decipher operation, half of the operational 18 key, now in clear form, is available at the outputs of the 19 upper data register UDR and the other half i~ available at the outputs of the cipher function circuits. ~dditionally, 21 at the end o~ the second decipher operation, with the )~FMK
22 and SP R OP latche~ ~et, a first output cycle is initiated, 23 at the start of which, the special encipher (SP ENC) latch is 24 set cau~ing the processing mode to now be set for an encipher (ENC) operation. Additionally, at the start of the output 26 cycle, an end of round 16 (ER16) ~ignal i3 produced to cause 27 the half of the operational key at the outputs of the cipher 28 function circuits to be transferred to the lower data register 29 L~R so that the full operation~l key in clear form is now stored in the combined upper and lower data regi~ters of the 1124~310 1 crypto englne~. nur~ng the first output cycle, the buffer 2 register~ and the key registers are shifted in synchroni~m, 3 once for each clock cycle, causlng the secondary key, now 4 stored in the buffer reg~ters, to be shifted into the key S regi~ters, a byte at a time. During thi~ tran3fer, each 6 byte $~ checked for a parity error. The byte counter counts 7 cloc~ cycles and at the 8th count, the fir~t output cycle 8 end~, the block counter i8 again set and the R~MK latch is 9 reset cau~ing the ~ey order signal to be terminated.
During the fir~t clock cycle ~fter the end of the first 11 output cycle, the key registers are pre-shifted one po~ition 12 in preparation for the encipher operation. At the end of 13 thl~ clock cycle, the crypto engine~ then start the ~pecial 14 encipher operation, indicated by the g~neration of the E~
signal, and the EB ~ignal to~ether with the SP ENC latch ~till 16 being set cau~e the SP K OP latch to be reset signaling the 17 end of the special key operation. During th~ special 18 encipher operation, the operational key, pre~ently in the 19 dats register~, $~ enciphered under control of the secondary kcy, presently in the key re~i~ters, to o~tain the operational 21 key enciphered under the secondary key. At the end of the 22 special ~ncipher oper&~$on, half of the oFerational key 23 enc~phsr~d under the secondary key ~ available at the outputs 24 of the upper data ragister and the other half i~ avail~ble at the output3 of the cipher function circuits.
26 A s~rie~ of 8 PIOR data command~ is now received for 27 r~ading the enciphe~od operational ~oy. The fir~t such 28 comman~ initia~es a ~cond output cycle and the byte counter 29 count~ e~h ~uch command receiv~d. During the execution o~
the fir~ PIOR dat~ com~and, while the block count 1~ at 8 ~i2~810 1 count of 1, the enclphered operational key $8 p~rallel 2 transferred from the output~ of the upper data regi~ter and 3 the outputs of the cipher function circuits to the buffer 4 reg~ster~ where it is then available for reading, a byte at S a time. At the end of the ex~cution of each PIOR command, 6 the buffer registers are shifted one po~i~ion to present the 7 next byte of the enciphered operational ~ey for reading. At 8 the 8th count ~f the byte counter, the second output cycle 9 end~ and the block ¢ounter is rss~t to end the RFMR operation.
A more detAiled doscription of the RFMK order operation 11 will now be given in con~unction with the timing diagram3 12 of Figs. 30a-30g. After address selectlon at TA time and 13 loading the command byte into ~he command register at TC
14 time, the command code i8 decoded by the AND invert circuit 266 in F~g. 22b2 to produce a negative ~ignal whlch i8 16 inv~rted by inverter 268 to ~ po~itive ~ignal on the WR DSD
17 ORDER llne thereby indicating th- presance of ~ WR DSD ORDER
18 command. At the 8ame time, tho order code i8 decoded by the 19 AND invert circuit 324 to spply a negatlve 8ign 1 via the -~FMK DEC llne to the inverter 326 where it i8 inverted to a 21 po3itive ~ignal and applled to one lnput of the AND invert 22 circuit 328. Re~erring now to tho inverter 478 in Fig.
23 22d5, the negative signal on the -RFMK DEC line i~ inver~ed 24 to a positi~e signal nd passed via the OR circuit 484 to the SET LMX line. Referring now to the OR invert oircuit 26 564 in Fig. 22g4, the pO8~t~ ve ~ignal on the SET LMK line is 27 applied to render the O~ invert circu~t 564 effective to 28 apply a negatlve signal to 8et the LMK latch 566 producing a 29 po~itive ~ignal on ~h~ LMX line and a negAtive 3ignal on the -LMK line. Referring now to the AND invert circuit 368 112~810 1 ~n Fig. 22c2, the negati~e signal on the -LM~ line is applied 2 to decond~tlon the AND invert circu~t 368 which, in turn, 3 malntaln~ a po~ltive signal at one input of the AND invert 4 circultæ 370 and 374 ~o long as the ~MK latch 56,6 remains S set i.e. while the MK memory is being read out. Referring 6 now to the XEY VAR 1 CTRL latch 513 in Fig. 22eS, the negative 7 signal on the -RFMX DEC line i~ applied to set the KEY VAR 1 8 CTRL latch 513 which, in being set, applie~ a positive 9 ~lgnal to the VARIANT 1 line and vi~ the OR ~ircuit 518 to the VARIANT 1/3 llne. Referxing now to Fig. 22el, the 11 poQitlve sign41s on the VARIANT 1/3 and VARIANT 1 line~
12 are applied to the ~xclusive OR circults 704A and 704B which 13 are u~ed to invert blts 0 and 2 of each byte read out of the 14 MX memory 700 th~reby providing a,variant of the ma~ter key for transfer to the crypto engines. The balance of the 16 operation for loadlng the v~rl~nt of the ma~tQr key lnto 17 the key registers of the crypto englne can be followed from 18 the tlm~ng diagrams of Fig~. 30a-30g and i~ simtlar to that 19 described ~n detail in connection with the DECX order operation whlch may be referred to for ~uch detail.
21 Referring n~w to Fig. 22b2, at TD time, whlle the 22 , variant of the m~Jter koy i8 being loaded into the ~ey 23 registers, a po~lt~ve ~gnal 1~ ~pplied vla the SYNCH TD
24 line to render the AND circu~t 270, condltloned by the po~itive ~ignal on the WR DSD ORDER l~ne, effective to 26 prov$de a positi~e signal on the WR ORD TIME llne. Referring 27 now to Fig. 22b2', the positive signal on th~ W~ O~D TIME
28 line t~ applied to the lnvert~r 322 wher~ it is inverted tO
29 a negativ~ 31gnal on the -WR ORD TIME lln~ to reset RFMK
l~tch 330 in Fig. 22c3 ' and the SPEC ENC latch 494 in Fig.

1 22d5. Referring now to Fig. 22b2', the po~itive signal on 2 the WR ORD TIME llne is applied to the rema~ ning input of 3 the AND lnvert circuit 328 to render it effec~ive to produce 4 a negative signa} on the -SET RFMK line which i~ applied ~o S set the RFMK latch 330 which, in ~eing ~et, applie~ a 6 positive signal to the R~MX line and a negative ~ignal to 7 the -RFMK line. Referring now to F~g. 22c4, the negative 8 signal on the -RFMR llne is applied to decondition the A~D
9 invert c~rcuit 298 causing a positive ~ignal to be applied to the K ORD line and via the inverter 300 to a negative 11 signal on tha -K ORD line~ The negative signal on the -K
12 ORD lin~ is applied to reset the ENC l~tch 312, whioh, in 13 being re~e~, applies a negative signal to the ENC line.
14 Referr~ng now to Fig. 22g3, the negative signal on the ENC
line i8 applied to docondition the AND circults 536 and 538 16 and via the invertar 546 ~pplie3 a positi~e signal to the 17 DEC line to condition the AND invert circu~t~ 548 and 560 18 fox a decipher operation. Referring now to Fig. 22g4, after 19 the 8th byte of the variant of th~ ma~ter key 15 loaded into t~e key r~gl~ters~ a nsgative signal on the -16 STEP line is 21 appli~d ~o re~et the LMK latch 566 to terminate further MK
22 memory r~ad out.
23 The nQxt operat~on to b~ performed is to write the 24 ~econdary key enciph~red under the 8ame ~ariant of the ho~t master k~y into th~ buffer register~ of the crypto engineq~
26 ~hi3 writ$ng operati~ can be followed from the timing 27 d~a~r~ms of Fig~. 30a-30g and i8 similar to the wr~ting 28 operation de~cribed ~n detail in the D~CK ord~r operatior~.
2g In g~ner~l ~erm~, ~ 8~xio8 of 8 PIOW da~a commands i~
3U r~ceived with th~ data fi~lds as~Qo~at~d w~ th the commal-~d~, KIg77aO7 -169-li24810 1 constitut~ng the secondary key enciphered under the Qame 2 variant as the host master key stored ln the key regi~ter~, 3 being loaded into the buffer registers of the crypto engines.
4 The fir~t ~uch command initiate~ a first ~nput cycle and the S byte counter 448, in Fig. 22d4, count~ each ~uch command 6 received. After tho 8 P~OW commands have boen received and 7 the 8th byte wrltton into the buffer reglster~, then, at the 8 8th count, the input cycle end~, the BLOCK COUNT flip flop 9 414, in Fig. 22d3, $8 set, the encipher d seconaary key is transferred from tho buffer registers to the data register~
11 of the crypto engine~ and the crypto engines then staxt a 12 decipher operation, indicated by the goneration of an englne 13 busy EB ~ignal, to decipher the socondary key enciphered under 14 the varlant of the host master koy in the data reg~sters of the crypto engines unaer control of the variant of the ho~t 16 master kQy in the k-y regist~r~ of the crypto engine~ to 17 o~tain the ~econdary key in clear form. Referring to Fig.
18 22e5, additionally, at the start of th- decipher operation a 19 negative signal on the -EB l~ne i~ appliea to re~et REY VAR
1 CTRL l~tch 513 whioh, in being re~et, appli~8 A negative 21 signal to the VARIANT 1 line and vi~ the OR circuit 518 tO a 22 negative signal on the VARIANT 1/3 line, both of which are 23 effectiv~ to de~ond~tion the exclu~ive OR Circuit8 704A and 24 704B in Fig. 22el, re~pffctively, ~o th~t a sub~equent tran~fer o~ the m~ter key from the M~ memory to the crypto 26 engines will be in un~od$fied form. At the end of the 27 decipher operation, half of the secondary key, now in clear 28 form, i~ ava~lable at the output~ of the upper data register 29 and the othex half ~8 av~ilable at the output~ of the cipher function circuits. Referring now to Flg. 22d5, at the end ~o 1 of the deeipher operation, a po~ltive signal i8 applied to 2 the EB END line whleh is applied, in eombination with po~itive 3 signals on the RFMK and -SP ENC lines, to r~nder the AND
4 circult 480 effeetive for one clock cycle, at the end of whieh, the po8itive ~ignal on the EB END line i8 terminated 6 with a negative slgnal being applied to deeondition the AND
7 cireuit 480 eaus$ng a negative signal to be applled to turn 8 on the SPBC KEY OP lateh 504 in Fig. 22e5 to signal a special g key operation.
The next oper~t~on to be performed is to write the 11 operational key enciphered undor the ho~t master key into 12 the buffer registers of the erypto engines. Thls operation 13 can al80 be followod from tho timlng diagrams of Flgs. 30a-30g 14 and i8 similar to the write operation described in detail in the DECK order operation. In general term~, a serie~ of 16 8 PIOW data eommand~ i9 reeeived with the data fields assoeiated 17 with the eommand, ~onstituting the operational key enciphered 18 under the host ma~ter key being loadbd into the buffer 19 registers of the erypto engine~. The fi~t sueh eommand initlates a seeond input eycle ~nd the byte eounter 448 21 again eount~ eaeh su¢h eommand roeeived. After the 8 PIOW
22 eommands havo been reeeived and the 8th byt~ written into 23 th~ buf~er register~, then, at the 8th eount, the input 24 cyele ends, the BLOCK COUN$ flip flop 414 in Fig. 22d3 is reset and the oparational key eneiphered under the host 26 master key is transferred from the buffer registers to the 27 data r~gi ters of the ¢rypto engines by the control s~gnal~
28 LDR and ~ in Fig. 22gl while ~t the same time, the second~ry 29 key in ele~r form ~ txan~ferred from the outputs of the ~pper data register UDR 200 and the output~ of the modulo-2 KI~77007 -171-1 adder~ 650-664 to the buf~er reglsters UBR 100 and L~R 150 2 by the control ~ignals EL~ and LIB a~ ~hown in Fig. 22gl.
3 Referring now to the AND circuit 475 in Fig. 22dS, at 4 the end of the input cycle, a positive ~ignal i~ appl$ed to S the IN CYC~E END l~ne which in combination with positive 6 ~ignal~ on the RF~K and SP K O~ lines render t~e AND circuit 7 475 effective to apply a positive 8ign~1 via the OR circu$t 8 484 to the SET LMK line. Ref~rring now to Fig. 22g4, the 9 positive signal on the SET LMK line 18 appl~ed to render the OR invert circult 564 effective to apply a negative signal 11 to Qet the LMK latch 566 wh~ch, in being set, initiates the 12 operat$on for reading the contents of the MX memory 700 for 13 tran~fer in unmodlfied form to the crypto engine~. Referring 14 now to ~lg. 22gl, ~ucce~sive control ~ign~ls ~DK ana LDK
permit the master key to be loaded, a byte at a time, as the 16 working key into the key regi~ters o~ the crypto engines.
17 Additionally, the successive control ~ignal~ LDK s~ccesQively 18 condition the AND c~rcuit 807, to pormlt a parity check to 19 be made of each byte lo~ded into tho key reg~st~r~.
2Q Referrlng now to Fig. 22g4, ~fter the 8th byte $8 21 load~d into the key regi~ter~, a nogative signal on the -16 22 STEP line 18 applied to re~et the LMK latch 566 which, in 23 being ros~t, termlnate~ further ~K memory reedout. Additionally, 24 referrin~ to the AND invert clrcuit 621 in Fig. 22f4, a po~itive signal on the 16 S~EP llne to~ether wit~ positive signals on 26 the -SP ENC, RF~K and SP ~ OP lines are ~pplied to render 27 the ~ND invert circuit 621 effoctlve to apply a negative ~ignal 28 to decondition the AND circuit 626 which, in turn, applie~ a 29 negative ~ignal to ~et ~he START EB latch 628. At the end of ~he po~ltive sign~l on the 16 STEP line, the AND invert ~o 1 circuit 621 i8 decondltioned cau-~ing a po~itive cignal to 2 be applied to render the AND circuit 626 effective to apply 3 a positive signal to one input of the AND invert circuit 4 630. Accordlngly, with the START EB latch now set, a S positive signal i8 applied to the other lnput of the AND
6 invert clrcuit 630 to render the AN~ lnvort circuit 630 7 effective to apply a negative signal to set the E9 latch 632 8 producing a posltive s~gnal on the E8 llne and a negative 9 signal on the -EB line lndlcatlng the start of the second dec~pher operation. A second declpher operation 18 then 11 performed to deciphor th~ operatlonal key enclphered under 12 the host master key ln tho data regl~ters of the crypto 13 engines under control of th~ host ma~ter key in the key 14 registsrs of the crypto sngines ~o obta~n the operatlonal key in clear form. Re~erring now to Flg. 22gl, at the end 16 of the second decipher operation, half of the operatlonal 17 key, now ln als~r form, is avallable at the outputs of the 18 upper data register U~R 200 and th~ other half 1~ avallable 19 at the output~ of the ~odulo-2 adders 650-664.
Referrlng now to F~g. 22f4, at ~4 tlme, a ~4 clock 21 pul~e in combination wlth positive ~i5n~10 on the Cl and 14, 22 15 line~ ~re applled to render ~he AND invQrt circuit 624 23 effective to apply a negative ~ignal to re~et ~he START EB
24 latch 62R and the EB latch 632 wh~ch, ln belng reset, applie~
a n~gative 3ignal on the EB line and a positive ~ignal on 26 -EB lina. At ~l ti~e of the next clock cycle, a pl DEL
27 clock pulse in combination w~th the posltlve ~ignal on 28 the -EB llno and the positive signal from the S~ART EB EN~
29 latch 612 are applied to render tho AND lnvert circuit 614 effect$Ya tO ~pply A n~g~t~ve slgnal ~o ~et tho ~ END latch KIg77007 -173--~10 1 616 which, ln belng set, applies a posltlve slgnal to EB END
2 line and a negatlve signal to the -EB END line. Referring 3 now to the AND clrcuit 382 ln Fig. 22c2, the negatlve ~lgnal 4 on the -EB END line i8 appliod to decondition the AND circuit S 382 causlng a negative slgnal to be applied to reset the 6 round counter 390 in Plg. 22d2.
~7 Referrlng now to th~ AND circuit 508 ln Fig. 22eS, the 8 positlve ~ignal on the EB END line ln combination with the 9 positive ~lgnals on the RFMK and SP K OP line~ are applied to r¢nder the AND clrcult 508 ef~ectlve to apply a po~itive 11 signal on the INIT OUT CYC line. The positive ~ignal on the `12 -INIT OUT CYC line i8 appliod to the OR inv~rt circuit 490 in 13 Fig. 22dS where it i- inverted to a nogatlve signal to set 14 th- SPEC ENC latch 49~ whlçh, in belng set, applles a positive ~ignal to the SP ENC llne and a negatlv~ ~ignal to -SP ENC
16 line. Ref~rrlnq now to Flg~. 22O3 and 22g3, the positive '17 si~nal on the SP ENC ll~e i8 passed vla the OR circuit 522 `l8 to the ENC line wh~re lt i~ applied to condition the AND
~19 c~rcuits 536 and 538 for an encipher operation and i~ invert~d to a negative slgnal on the DEC line via th~ inverter 546 to 21 decondit$on the AND invert circults 548 and 560 used during ^22 a decipher operation. Reerring now to ~ig. 22O3, the 23 po~itive sign~l on the INIT OU~ CYC l$ne ~8 al~o applied to ~24 the OR invert cirsuit 456 causing a negatlve sign~l to be i25 applied to ~et the OUTPUT CYCLE latch 464 which, in being Z6 ~et, applies a po~tive ~ignal on the OU~ CYCLE llne and a ~7 negative signal on th~ -OUT CYCLE lln~. Referring now to 28 Fig. 22f3, the po~itivo slgnal on tho OUT CYCLE line in 29 combinat~on wlth the ~l DEL clock pul8e and the positlvo signal from the set START OUT CYCL~ START latch 554 are 11~4~10 1 applied to ren~er the AND invert circuit 556 effective to 2 apply a negative signal to ~et the OUT CYCLE START latch 558 3 whicl~, in being set, applies a positive signal to the OUT
4 CYCLE START line and a negative signal to the -OUT CYCLE
START line. Referring now to Fig. 22e5, the positive signal 6 on the OUT CYCLE START line in combination with the positive 7 signals on the SP K OP and RF~R lines are applled to render 8 the ~ND invert circuit effective to apply a negative ~ignal 9 via the -ER 16 line to one input of the OR invert circuit 646 in Fig. 22g4. ~he positive signals on the OUT CYCL~
11 and K ORD lines are applied to render the ~ND invert circuit 12 598 effective to apply a negative signal to decondition the 13 AND circuit 600 and via the -~D~ line to decondition the AND
14 circuit 572 and to one input of the OR invert circuit 604.
The AND circuit 600 in being deconditioned applie~ a negative 16 signal via the -L~B line to one input of the OR invert 17 circuit 602 while the AND circui~ 572 in being deconditioned 18 applies a negative signal v~a the -S~ line to one input of 19 the OR invert circuit 574. Referring now to Fig. 22f3, the negative ~ignal on the -OUT CYCLE line ls applied to ~et the 21 START OUT CYCLE END latch 580. Referring now to Fig. 22g4, 22 at ~2 time, a -C clock pul~ applied to the other inputs 23 of the OR invert circu$t~ 602, 604, 574 and 646, causing 24 them to be deconditioned to apply positive ~ignals via the 25 LIB, LKB, SR and ~R 16 lines to the control signal cable 26 connected ~o ~he crypto engines. The po3itive ~ignal on the 27 LIB line is al30 appliQd to the OR invert circuit 648 28 causing ~ n~gative ~ignal, delayed by aelay circuit 650, to 29 be appli~d via the LIB line to the control signal cable.
The positive signal on the SR line is al~o applied to ~he OR

KI977007 -~0~-~ 115--112~810 1 clock pulse is applied to r~3et the OUT CYCLE START latch 2 558 and the E~ END latch 616. Referring now to Fig. 22e5, 3 the negat$ve signal on the OUT CYCLE START line i~ applied 4 to decondition the AND invert circuit 506 which, in turn, applies a po~it~ve signal to the -ER 16 line to effectively 6 terminate any further ER 16 control si~nals to the crypto 7 enginQ.
8 Referrlng now to Pigs. 22g4 and 22h4, at ~2 time, a -C
9 clock pulse i8 effect$ve to again decon~ition the OR inv~rt circuit~ 602, 604 and 574 to initiate production of the 11 control signal~ on the LIB, LX~, SR, LIB and LDK. Referring 12 now to the crypto engin~s in Fig. 22gl, the LKB and L~X
13 control ~ignal~ are Qffectivs to load the next byte of the 14 operational key from the buffer registers to the key regi~ters, the LIB and L~B and SR and LDX control signals are effective 16 to simultaneously shl~t the buffer registers and the key 17 register~ in ~ynchroni~m 80 that the next byte of the 18 operational k~y is available at the output~ of the buffer 19 regi~ters and the pre~iou~ly loaded byte of the op~rat~onal key in the key register~ ~s ~hifted one position. In a 21 similar ~anner, the buffer register~ ~nd the key registers 22 of the crypto engine are shifted in synchronism, once for 23 each clock cycle, cau~ing ~uccessive byte~ of the operational 24 key, ~n clear form, to be transferred from,the buffer register3 to the key regi~ter~.
26 The byte counter 448 count~ the clock cycle~ and~ at 27 the 8th count, a n~gative signal i9 applied to ~et the COUNT
28 8 latch 450, which, in being set, ~pplles a negative s~gnal 29 via the -CT8 line to r~et the OUTPUT ~YCLE latch 454 in Fig. 22e3~ The OUTPUT CYCLE latch 454, in being reset, 11~
KI977007 -k~-~24810 1 applie~ a positive ~ign~l to the -OUT CYCLE line and a 2 negative ~ignal on the OUT CYCLE line. ~ferring now t~
3 Fig. 22d3, the combination of positive signals on the -OUT
4 CYCLE line and the -~N CYCLE line render the AND invert circuit 410 effective to apply a negative ~gnal to reset 6 the COUNT 8 latch 450 in ~ig. 22d4, and is inv~rted by 7 inverter 412 to a positive signal to res~t BLOCX COUNT flip 8 flop 414 producing a negative signal on the -~XO line and a g positive ~ignal on ~he -BLXl line. The negatlve ~ignal on the OUT CYCLE line i8 ~lso applied to d~condition the AND
11 invert circuit 598 in Fig. 22g4 to inltiate termination of 12 the positive ~ignals on the LIB, LKB ~nd SR control lines to 13 inhibit further shlftlng of the buffer key registers in the 14 crypto enginas. Ref~rring now to Fig. 22f3, the negative ~ignal on the OUT CYCLF line i~ applied to ~et the START OU~
16 CYC~E START latch 554. Referring now to Fig. 22f3, at ~1 17 time of the next clock cycle, a ~1 DEL clock pul8e in combinst~on 18 w~th the po~itive ~ignal on the -OU~ CYCLE l~ne and the 19 posltive signal output of the START OUT CYCLE END latch 580 are applied to render the AND invert circuit 582 effective 21 to produce a negative ~ignal to set the OU~ CYCLE EN~ latch 22 584 which, in being 3et, applies a positive signal to the 23 OUT CYCL~ END line.
24 Referring now to Fig. 22e5, the po~itlve ~lgnal on the OIJT CYCLE EN3:~ line in co~bination with the positive ~ignal 26 9n the SP R OP line r~nder the AND invert circuit 505 27 effective to apply a negative signal ~o ~he -S~T EB line.
28 Referring now to Fig. 22c3' the negative signal on the -SET
29 EB line is applied to reset the RFM~ latch 330, which, in being re~et, applie~ a positive ~ignal vla the -R~ line to Il~
~I977007 8iO

1 render the AND lnvert circuit 298 in Fig. 22c4 effective to 2 apply a negative signal to the X ORD llne and via the 3 lnverter 330 a positlve signal on tho -R ORD line lndicating 4 the end of the key order operation. Referring now to Fig.
22f3, the negative signal on the -SET EB line is inverted to 6 a posltive signal on the SET EB llne and applled vla the 7 SET EB llne to the OR lnvert cir¢ult 540 causlng a neqative 8 ~lgnal to be applled to one lnput of the OR invert clrcuit 9 544 to initiate productlon of the SL control slgnal to pre-~hlft the key rogl~ters of the crypto englnes ln 11 proparation for the onclpher operation. Referring now to 12 Fig. 22f4, the negative ~ignal on the -SET EB line is spplied 13 to deconditlon the AND clrcuit 626, whl¢h, in belng de-14 ¢ondlt$onod, applle~ a nogative signal to set the START EB
latch 628. Referring now to Fig~. 22e3 and 22f3, at ~4 16 time, a p4 clock pu180 i~ appliod to ronaer the AND invert 17 circuit 578 e~foctive to apply a negatlvo ~ignal to reset 18 the START OUT CYCLE EN~ latch 580. At pl tlm~ of the next 19 clock cycle, a -~l/L clock pul9e i~ applled to reset the OUT
CYCLE END latch 584 whlch, in belng reset, appli~s a negative 21 signal vla th~ OUT CYCLE END l$ne ~o decondltion the AND
22 invert clrcuit 505 in Fig. 22e5 ¢auslng a posltlve ~ignal to 23 now be applied to the -SET EB llne. ~e~errlng now to Fig.
24 22f4, the positive ~ignal on tha -SET ~B llne is applied to render the AND circuit 626 effective to ~pply a positive 26 ~ignal together with the positive slgnal output of the START
27 EB latch 628 to render the ~ND inv~rt clrcuit 630 effective ~8 to apply ~ n~gative slgnal to set the EB latch 632. The EB
29 latch 632 in be~ng 5et applies a po~itive ignal to the EB
line and a n~gative signal to the -EB llne lndlcat$ng the ~12~8iO

1 8tart of the encipher operation. Referring now to Fig~.
2 22d5 and 22e5, the po~itlve qignal on the EB line in 3 combination with the po~itive signal on ~he SP ENC line is 4 applied to render the AND ~nvert circuit 502 effective to apply a negative signal to re-~et the SPEC K OP latch 504 6 which, in being reset, applies a negative signal to the SP X
7 OP l$ne indicating the end of the special key operatlon.
8 During the enclpher opsration, the operational key~ ~tored g in the data regi~ters of the crypto engine are enciphered under control of the qecondary communication key stored in 11 the ~ey regi~ter~ of the crypto eng~ne to obtain, at the end 12 of the encipher operation, the operational-key enciphered 13 under the secondary communication key. Referring now to 14 Fig. 22gl, at the end of the enclpher operation half of the enciphered operational key i~ ava~lable at the output of the 16 upper data register UDR 200 and the other half is avail~ble 17 at the output~ of the modulo-2 adders 650-654.
18 The balance of the RFMR order operation can be followed 19 from the timing diagram of Fig3. 30a-30g and i~ similar to that described in detail in connection with the encipher 21 order opQr~tion which may be referred to for ~uch deta~ 1Q.
22 In gen~ral term~, a serles of 8 PIOR data commands ~ 8 received 23 for reading the enciphered operational key. The fir~t such 24 command initiate~ a ~econd output ~ycle and the byte counter counts each Quch commana received. During the execution of 26 the fir~t PIOR data command, while the block count is at a 27 count of one, the enciphered operation~l key i~ parallel 28 ~ransferred from the output~ of the upper data regi~ter and 29 the ouput~ of the cipher function circults to the buffer ~ regis~er~ where it i8 then available for reading, a byte at ~4810 1 a tlme. At the end of the execution of each PIOR command, 2 the buffor reg~sters ~re shifted one po~ition to present the 3 next byte of the enclphered oper~tlonal ~ey for readlng. At 4 the 8th count of the byte counter, the ~econd output cycle S ends and the bloc~ counter ~s reset to end the RFMK order 6 opor~tion.

~1 XI97?007 1 PROCEDURAL E~RORS
.
2 A procedural error i~ one in which the DSD receives a 3 command out of ~equence or at the wrong time, ~uch that its 4 execution would cause the destructlon or 108s of good data in the crypto engines or the providing of usele~n data from 6 the crypto engln~s. There are three commands that may cause 7 a procedural error, n~mely, tha PIOW dat~ command, the PIOR
8 data command and the WR DSD order comm~nd. The various 9 error conditions which may occur for these three command~ are described in the following.
11 1. Procedural errors for a PIOW dat~ command 12 a. If a PIOW d~ta command i~ lssued while a read 13 operation i8 being performsd ~an output cycle 14 is in progre~), this causes a procedural error ~ince th~ buffer registers cannot be 16 used concurrently for both reading and writing.
17 Accordingly, referring ~o Pig. 22d3, whil~ the 18 output cycle i8 in progress, a negative signal i5 19 spplied to decondition the AND invert circuit 428 CAusing a positlve signal to be ~pplied to one 21 input of the AND lnvert circuit 432. Since a 22 WM~ order operation is not ln progro~s, a po~ltive 23 sign~l i8 applied vi~ the -WMK line to a ~econd 24 input of the AND invert circuit 432. Now, if an attompt $s m~de to execute a PIOW data command 26 before thQ ~nd of the output cycle, a positive 27 sign~l ls ~pplied via the PIOW DATA llne to a third 28 input of the AND invert circult 432 thereby 29 conditioning this clrcuit. At ~3L time of the ~ame clock cycle in which the po~itlve s1gnal is l~
KI977007 ~X~~

~2~0 1 applied to the PIOW DATA line, a ~3L clo~k pulse 2 i9 applied to render the AND lnvort circuit 432 3 effective to apply a negative signal to decondition 4 the AND circuit 438 whlch, in turn, applies a n~gative ~ignal to the -PROC ERR l ine indicating 6 a procedural error.
7 b. If a PIOW data command i~ issued whlle a block 8 of data i~ contained in the buffer reqisters, 9 this cause~ a procedural error ~ince the buffer registers can only contain one block of data 11 ~t a time. hccordingly, referring to Fig. 22d3, 12 while a block of dat~ i8 contained in the buffer 13 registers, a neqat~ve Jignal is applied via the 14 -BL~ 1 line to decondition the AND invert circuit 428 causing a po~itlve signal to be applied to 16 one lnput of the AND inv~rt circu$t 432 and ~ince 17 a WM~ order operation i~ not in progre~ and a PIOW
18 data command ~8 being attempted, po~itive slgnal~
19 are again appliod via the -WM~ and PIOW D~TA llnes to condit~on the AND invert circuit 432. At 03L
21 time, ~he ~3L clock pUlBe 18 again applied to 22 apply a negative signal to decondition the AND
23 circuit 438 wh~ch then applies a negative ~ignal 24 to the -PROC ERR line indicat~ ng a procedural error.
26 c. After a reset or after a WMR ord~r op~ration, the cipher key ln the key reglsters i~ lnvalid and a 28 new clphex key mu~t be load~d into the k~y register~
29 by a DEC~ order command. I~ a PIOW data command i~ ued while an invalla key i present in the Igd~
KI9~7007 ~R~

~24E~10 1 key regl~ters, this c~we8 a procedural error 2 sinc~ a valld k~y i~ not pre~ent in the key 3 regl-ter~ Accordlngly, referr~ng to ~ig 22d3, 4 while an invalid key i8 pr--ent ln th~ key regl~ters, a negatlv si~nal 1~ applied vla the -key lnvalld 6 llne to decondition tho AND invert clrGuit 428 7 cau~lng a po~ltlve signal to be applied 8 to one ~nput o the AND lnvert circult ~32 and ~ince 9 a WMX ordor op~ratlon i~ not in progr ~8 and a PIOW
data comm4nd i~ ~ing att~mpted, po-ltivo signals . .
11 are agaln applled vla th- -WMX and PIO~ DA~A llne~
12 to aondltion the AND ~nvert oircuit 432 to produce 13 a procedur~l rror ~lgnal at ~3L tlm~ on the -PROC
14 ~R line d If a PIOW data command 18 is~u d to writo a new 16 ma~tor key lnto the MX m~mory 1-8~ th n 16 micro-17 se¢ond- after ~-~ulng ~ WMX order comm~nd, a proc-dural 18 error will o¢cur ~lnc- a WMX ovorwrlt- operation 1 19 in progre~ for overwriting th- old ma-ter key in th~ MX memory Iherefore, ~-forrlng to ~lg 22d3 21 a positivo ignal on tho MK OYW llne in combinatlon 22 wlth a po8itl~0 81~nal on tb~ PIOW DATA line renders 23 the A~D invert clrcult 427 eff~ctl~e to ~pply a 24 negatlve signal to deconditlon the AND circult 438 to produce a negative B ~gnal on th~ -PROC ERR line 26 indicating a procodural error 27 2 Procedur~l erroxs for ~ P~OR data command 28 a If a PIOR data comm~nd 1~ is~ued while a write 29 op~ration i~ p~c~ently b~ing per~orm~d ~n lnput cycl~ 1~ ln progro--), thls cau~o~
~9~7007 _ ~ _ Ig3 ~Z4810 1 a procedural error sinc~ the buffer regi~ters cannot 2 be uBed concurrently for both reading and writing 3 Accordingly, referring to Fig 22d3, while an $nput 4 cycle i~ in progress, a n~gativo slgnal 18 applied to deconditlon the AND invert clrcuit 416 causing a 6 po~ltlve signal to b~ appllod to co~dltlon the AND
7 invert circuit 436 Now, if an attempt i8 made to 8 execute a PIOR data command, a posltive signal on g the PIOR EAR$Y lino i- applied to render the conditioned AND invert clrcuit 436 effectlve to apply a neqative 11 Jignal to db¢ondltion the AND circuit 43~ cau~ing a 12 negative ~lgnal to be appli-d to the -PROC ERR line 13 lndicatlng ~ procodural ~rror 14 b If a PIOR data commana i~ u d at a t~m~ when there i8 no data contalned ln the buffer registers of the 16 crypto eng~n~J, thls CaU~eJ a procedural error since 17 th~r i3 no data to b~ rQad. Accordlngly, referxing ~1 .
18 to Fig 22d3, at ~ time when thore 1~ no data contained 19 in the buffer register~ of th- crypto engine~, the BLOCX COUNT fl~p flop 414 1~ ln ~ r~et conditlon 21 cau-ing a negatlve ~ignal to be applied vla the 22 -BLK 0 lino to decondition tho AND invert c$rcult 23 416 causing ~ po-ltive slgnal to be applled to 24 conditlon tho AND invert c$rcuit ~36 Con~equ~ntly, ~5 ~f an attempt i~ ~ade to execute a PIOR data command, 26 a posit~ve ~ign~l on th~ PIOR EARLY lin~ i~ again 27 applied to r~nd~r the conditloned AND inv~rt circuit 28 ~36 eff~¢tiv~ to apply a negati~e ~ignal to 29 decond~tion th- AND circuit 438 cau~ing a negat~ve ~ignal to b~ applied to the -PROC ERR lin0 K~977007 lg~

1~2481~

1 indicating a procedural error.
2 c. If a PIOR data command 18 issued at a time when ~ny 3 of the cipher ~Qy handling order~ are in progre~s, 4 this cau~e~ a procedural error since no data is to ~e read during these c$p~er key handling operations.
6 Accordingly, r~ferring to Fig. 22d3, whenever a key 7 order op4ration 18 in progress a negative si~n~l 8 is applied via th~ -K O~D line to dccondition the g AND invert clrcult 416 causlng a positive signal to be appl~ed to condition the AND invert circult 11 436. Now, if an attempt is made to execute a PIOR
12 data command, a po~it$ve signal on the PIOR EARLY
13 line i~ appl~ed to render the conditioned 14 AN~ in~ert circuit 436 effectlve to apply a negatlve ~$gn~1 to decondition the AND circuit 438 16 cau~ing a negative signAl to be spplied to the 17 -PROC ERR l~ne indicatlng a procedural error.
18 d. If a PIOR dsta command i8 is~ued at a tlme when a 19 block of data iB loaded in the buffcr register~ and fewer than 32 usec have elapsed ~ince the la~t PIOW
21 data command was issued, a procedu~al error will 22 re~ult since the engine i~ ~till busy processing the 23 block of data. Therefor~, referring to F$g. 22d3, 24 while th~ englne i8 bu~y, a nega~ive signal 18 appliQd via thQ -E~ line to d~cond~tion the AND
26 invert circuit 416 cau3ing a pos$tlve signal to be 2~ applied to condi~ion the A~D invert circuit 436.
2~ Now, if an att~mpt i~ made to execute a PIOR data command, 29 ~ pos~tive s~gnal on the PIOR EARLY i~ applied to rendcr the conditioned AND invert circuit 4 3 ~ ~6S
K~977007 - ~ -~24810 1 effective to apply a negativo signal to decondition 2 the AND clrcult 438 causlng a nogat$ve sign~l to be 3 appliod to tho -PROC ERR line indicating a 4 proc~dural error~
3 Procedural errors for a WR DSD order commAnd 6 a If a WR D8D ord r command 1~ ued at a time when 7 any of the o~pher key handling orders are ln progres~, 8 thi~cause~ a proc-dural error ince a ¢ipher key 9 handling op~rat$on once begun mu t b~ completed Accordlngly, r-ferring to F~g 22d3, wh~never a 11 key handling order comm~nd i~ b~ing perform~d a 12 negative ~ignal i~ appllod Yia the -R ORD l$ne to 13 deconditlon the AND invert clrcuit 433 c~using 14 a po~ltivo ~$gnal to b~ appliod to one input of the AND invert clxc~lt 434 Now, $f a WR
16 DSD order commana i~ giv~n while a pr~viow clpher 17 key handling ord~r $8 in progre-~, then, po~itive 18 s~gnal~ on th- WR DSD ORDER and TC SEL line~ are 19 applied to r nder the AND inv rt c~rcult 434 effective to apply a neqativ~ ~lgnal to decond$tion ~he 21 AND circuit 438 cau~ing a n-gativo ~ignal to be 22 applied to the -PROC ERR line indlcating a procedural 23 error 24 b If a WR DS~ ord~r command is ie-u~d at a tim~ when data from the buffer rQgi~ters of the crypto engines 26 are b~ing read, this C~U~8 a procedural ~rror ~incs 27 unread data ~t$11 remain~ in th~ crypto sngines 28 Referring no~ to FigO 22d3, while data is being rsad 29 from the buff~r regi3~er~ of the crypto engine~, the block count ~lip flop 414 i~ in a ~et ~tate causing XI977007 ~æ~-112~8iO

1 a positive ~ignal to be applled via th~ -BLK 0 line 2 to the inverter 418 where it i8 inverted to a negative 3 signal to decondition the AND invert circuit 433 4 which, in being d~cond~tioned, ~pplle~ a positive signal to one input of the AND invert circuit 434.
6 Now, when a WR DSD order command i~ ls~ued, po-qitive 7 ~ignal~ ara appliod via the WR DSD ORDER and TC SEL
8 line~ to render the AND invert circuit 434 effective 9 to apply a negative signal to decondition the AND
circuit 438 cau~ing ~ ne~atlve signAl to be applied 11 to the -PROC ERR line indicatln~ a procedural error.
12 c. If a WR DSD order command is issued ~t a time when a 13 write operation is ~eing performRd (an input cycle 14 i8 in progres~), this causes a procedural error since a proce~s once begun must be completed. Accordingly, 16 referring to Flg. 22d3, while an input cycle i~ in 17 progress, a negative signal 18 applied via the -IN
i 18 CYCLE line to docondition the AND lnvert circuit 433 19 which, in turn, applie~ a po~itive ~ignal to one lnput of th~ AND lnvort circui~ 434, ~8 descxibed above, ~o 21 that when a WR DSD order co~m~nd is issued the AND
22 i~vert circuit 434 ia rendered ~ffectlve to init~ats 23 generation of a nega~lve ~ignal on the -~ROC ~RR
24 line indic~t~ng a proc~dural error.
d. If a WMK ord~r comm~nd i8 i~suQd at a ~ime when the 26 EW 3witch i~ off, thi~ cau~es a procedural error 27 since the command cannot be executed unle88 the 28 EW switch i8 swltched on. Referring now to Fig.
29 22~3, lf the enable write switch i8 off, a negative slgnal on the EWMX line i~ appl~ ed to the invexter 1~1 XI977007 - ~ -1 423 whero lt 1~ lnvert d to a positive ~ignal and 2 applied to one input of the AND invert circuit 425.
3 Now, when a cipher key handling order command is 4 deeoded and further particularlzed as a WMX order command by a po~ltlve sign~l on the -Y line then, 6 pos$tive signals are applied via the WMX and -Y
7 llne~ to condltion the AND invort circuit 425.
8 At SYNC~ TD time of tho WMR ordor operation, 9 a positive signal i8 applied vla the WR ORD TIME
lino to rend r the AND invert clreuit 425 effectlve 11 to apply a n qativo ~lgn~l to deeondition the AND
12 clrcult 438 ln Fig. 22a3 eau~ing a negatlve slgnal 13 to be applled to the -PROC ERR llno indieating 14 a procedural error.
Referring now to Fig. 22i2, whenever a procedural error 16 occur~ b-eause of any of the above conditlons, the negative 17 slgnal on the -PROC ~RR line is applled to set the bit 0 18 and bit 1 latches 954A and 954B of the Jtatus register 952 19 to provide an indie~tlon of the proeedural error.
ERROR CONDI~IONS
21 Slx differont kinds of errors aro ~etocted in the d~ta 22 eeurity devl~e. Eaeh klnd, when ~t ls deteeted, results in 23 tha ~etting of a unique eombination of ~lts in the statu~
24 register there~y provldlng ~nformatlon usable by the proce~or in carrying out error recovery proeedures. ~he combination 26 of b~ts ln the ~tatus regi~ter for the dlfferent k~nd~ of 27 error~ ~ shown in the following tabIe.

KI9~7007 E~OR CONDITIONS I~DICATED IN STATUS R~5GISTER

3 Error Condition O l 2 3 5 4 Command ~rror Illegal Order l - l - -6 Procedural Order 7 Write ~rror 8 Xey Bus ~rror 9 Engine ~rror The contcnts of the status register, indicating error ll conditions, if any, are read back to the processor under 12 control of a ~EAD BS command which will now ~e described.

14 The function of this operation ls to read the contents of the status register with correc~ parity, ~o provlde 16 information as to the occurrence of any of the six different 17 kinds of ~rror~ indicated above. Thor~fore, thi8 operation 18 i~ performed periodically to check for error conditions.
l9 Referring now to Fig. 22b2, after address selection is pexfo~ming during TA time and the command byte i9 loaded into 21 the command register during TC time, the AND ~nvert circuit 22 242 decode~ the REA~ BS command code and produces a negative 23 signal which is applied to one input of the OR invert circuit 24 246. At TC END time, a po~itive ~lgnal on the TC ~ND line is applied to the inverter 244 where lt is inverted to a negati~e 26 signal and applied to thc other input of the OR invert circuit 27 246 which thereby causes the OR ~nvert circuit 246 to apply 28 a positive signal to the READ BS line. The posltive ~ignal 29 on the READ BS line ~s applied to one input of the ~ND
invert circults 956 ln Fig.2212, t~e oth~r lnput~ of which 1~9 XI977007 -~-~Z~l~

1 are connected to the bit latche~ 954 of the status regi~ter 2 952. Accordingly, a pattern of bit signals, corresponding to 3 the setting of the latches 954 of the ~tatu~ register, are 4 applied to the -DA~A BUS IN and to the parity generator 914.
It should be noted that the ~tatu~ b$ts 4, 6 and 7 are not 6 implemented and, therefore, are tr-ated a~ O bits in the 7 psrity generator 914 to produce the correct parity bit on 8 the -P llne of the -DATA BUS IN. The ~ettlng of the status g register 952, now pr ~ent on the -DAT~ 8US IN, remains stable until the end of this IO oper~tion ~hen the command 11 regl~ter is reset and the positive ~ignal on the READ BS
12 line is terminated.
13 SE~/~ESET BASIC STATUS COMMAND OPERATION
14 These commsnds are used for diagno~tic purpose~ for te8tlng the operation of the status register 952. Thus, in 16 the case of the SET B8 command, if the data field~ associated 17 with the command has good parity, then th~ ~tatus latches 954 18 that correspond to 1'~ ~n the data fiold a~soclated with the 19 command are sQt to 1'~ ~h~reas in the ca8e of the RESET BS
command, i~ the data fi~la associated with the command has 21 good paxity, then the ~tatus latches 954 that correspond to 22 l's in the date fields associatea with the command are set 23 to 0'~. ~f a parity error is det~cted durin~ the execution 24 of either of these commands a wrlte error slgnal wlll be produced, in a mann~r previously de~cribed, to s~t the bit 3 26 ~tatus latch S54D of the statu~ regi~ter 952 to lndlcate the 27 occurrence of thi~ error. After execution of e~ther of 28 these comma~ds, a READ BS command may be issued to read the 29 content of the status regi~ter 952 in a manner described abo~e, for subsaquent determlnation a~ to whe~h~r a prevlou~ly ~o 1 defined value written by e$ther the SET BS or RESET BS
2 commands ls identical to that read by the READ BS command.
3 Referrlng now to F$g~. 22a2 and 22b2, after the addres~
4 ~eleetion 1~ perormed durlng TA tlme and the command bit i~
loaded lnto the commsnd register during the TC time, the AND
6 ~nvert eireult 232 decodes the SET BS command while the AND
7 lnvert circult 238 decodes the R8T BS command. The AND invert 8 circuit 232 causes a negative signal to be applied to one 9 input of the OR $nvert circult 236 whil~ the AND ~nvert circuit 238 causes the negative ~lgnal to be Appl~ed to one 11 input of the OR invert circult 240. At TD tlme, the data 12 field to be loaded into the ~tatu~ regl~ter i3 recelved via 13 the -DATA BUS OUT and applied via the invorters 170 to the 14 parity generator 178 to generate a parity bit which is compared with the parity bit recelved from the -DATA BUS
16 OU~. If the parity bits do not compare then, at TD SEL time 17 the AND invert clrcuit 362 in ~ig. 22b3 wlll detect the bad 18 par~ty to apply a negative ~lgn-al to turn on the W~ ERR
19 lateh 364 whlch, in be~ng turned on, applies a po~itive ~ignal to the AND invert circ~it 944 in Fig. 22i2 which i~
21 conditioned by po~itive ~ignal on the -RST line to c~u~e a 22 n~gative ~ignal to be applled to ~et the blt 3 latch 954D
23 of the sta~us regi~t~r 952 indicatlng the occurrence of the 24 wri~e error. Referrlng back to Fig. 22b2, if the parity iA bad then a negative ~ignal i~ maintained on the parity good line 26 to decondlt$on the ~ND invert circuit 234 causin~ a positive 27 ~ignal to be applied to the OR invert clrcuits 236 an~ 240 28 which, ~n ~urn, mainta~n negative ~ignals on the SET BS or 29 RS~ BS line~ to ~nh$bit ~xeeution o~ elther of these command~.
On the other hand if good parity i8 detect~d, then a positive lql KI977007 - ~ -~24~10 1 signal $8 applied to the AND invert circuit 234 cau~ing a 2 negat$ve signal to be applied to the other input8 of the OR
3 $nvert c$rcults 236 and 240 Aceordingly, depending on 4 which eommand 18 being called for, a pos$tive s$gnal $8 appl$ed to either th- SET BS or RST BS l$no~ Re~orring now 6 to Figs. 22h4 and 22$2, $f the ¢ommand be$ng executed i8 the 7 SET BS command, then a positive s$gnal i~ appl$ed to condition 8 the AND $nvert c$rcu$ts 924, 928, 934, 942 and 948 Therefore, 9 those b$ts of the data field whlch eorre-pond to 1'8 render these AND invert cireuit~ effectivQ to apply negat$ve signal~
11 to set eorrespond$ng ones of the latehes of the ~tatus 12 registQr 952 On tho other hand, lf the command be$ng 13 exeeuted $8 the RESET B8 eommand, then a po-lt$ve ~$gnal on 14 the RESET B8 llne is applled to cond$t$on the AND lnv~rt c$reuit~ 926, 932, 940, 946 and 950 Therefore, tho~e bits 16 of the d~ta fleld whi¢h eorrespond to 1'8 render the~e AND
17 $nvert clr~uits effeetivo to apply negatlvo s~gnals to re~et ; 18 co~respond$ng one~ of the latches of the status reglster Whlle tho lnventlon has been part$eularly ~hown and 21 de~cribed w$th reference to the per~errod e~bodlment thereof, 22 $t w$11 be understood by thoie ~klliQd ln the art that 23 ~everal ¢hangos in ~orm and detail ~ay b~ ~ade w~thout 24 departing from the ~p$rlt and 8Cope of tho $nvent$on What is cla~med $s ~30 ~q~
~I977007 -~4-

Claims (57)

1. A data security device for performing a crypto-graphic operation comprising working key storage means, means storing a key encrypting key in said working key storage means as a working key, means providing input data representing an operational key, and cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said operational key enciphered under said key encrypting key.

2. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a key encrypting key, working key storage means, means causing said key encrypting key to be transferred from said key storage means to said working key storage means as a working key, means providing input data representing an operational key, and cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said operational key enciphered under said key encrypting key.

3. A data security device having a dual master key arrangement in which a first master key provides protection for data encrypting keys and a second master key provides protection for key encrypting keys, said arrangement for protecting said key encrypting keys, comprising:
working key storage means, means storing said second master key in said working key storage means as a working key, means providing input data representing a key encrypting key, and cipher means operable to encipher said input data under control of said working key to obtain ciphertest representing said key encrypting key enciphered under said second master key.

4. A data security device as defined in claim 3 wherein said first master key is a multi-bit master key and said second master key is a multi-bit variant of said first master key.

A data security device as defined in claim 4 wherein said storing means includes means inverting predetermined ones of said multi-bits of said first master key to obtain said second master key as a multi-bit variant of said first master key.

6. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a first master key, working key storage means, means causing a variant of said first master key to be transferred from said key storage means as a second master key to said working key storage means as a working key, means providing input data representing a key encrypting key, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said key encrypting key enciphered under said second master key.

7. A data security device for performing a cryptographic operation comprising:
working key storage means, means storing a key encrypting key in said working key storage means as a working key, means providing input data representing a random number, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said random number enciphered under said key encrypting key.

8. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a multi-bit key encrypting key, working key storage means, means causing a variant of said key encrypting key to be transferred from said key storage means to said working key storage means as a working key, means providing input data representing a random number, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said random number enciphered under said variant of said key encrypting key.

9. A data security device as defined in claim 8 wherein said transfer means includes means inverting predetermined ones of said multi-bits of said key encrypting key to obtain said variant of said key encrypting key.

10. A data security device having a dual master key arrangement in which a first master key provides protection for data encrypting keys and a second master key provides protection for key encrypting keys, said data security device performing a cryptographic transformation operation comprising:
working key storage means, means storing said second master key in said working key storage means as a working key, input means providing first enciphered data representing a key encrypting key enciphered under said second master key, cipher means operable in a first cipher function to decipher said first enciphered data under control of said working key to obtain said key encrypting key in clear form, said input means providing second enciphered data representing an operational key enciphered under said first master key, means storing said first master key in said working key storage means to replace said second master key as the present working key, said cipher means operable in a second cipher function to decipher said second enciphered data under control of said present working key storage means to obtain said operational key in clear form, and means causing said key encrypting key in clear for to be transferred from said cipher means to said working key storage means to replace said first master key as the now present working key, said cipher means operable in a third cipher function to encipher said operational key under control of said now present working key to obtain ciphertext representing said operational key enciphered under said key encrypting key.

11. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a first master key, working key storage means, means causing a variant of said first master key to be transferred from said key storage means as a second master key to said working key storage means as a working key, input means providing first enciphered data representing a key encrypting key enciphered under said second master key, cipher means operable in a first cipher function to decipher said first enciphered data under control of said working key to obtain said key encrypting key in clear form, said input means providing second enciphered data representing an operational key enciphered under said first master key, means causing said first master key to be transferred from said key storage means to said working key storage means to replace said second master key as the present working key, said cipher means operable in a second cipher function to decipher said second enciphered data under control of said present working key to obtain said operational key in clear form, and means causing said key encrypting key in clear form to be transferred from said cipher means to said working key storage means to replace said first master key as the now present working key, said cipher means operable in a third cipher function to encipher said operational key under control of said now present working key to obtain ciphertext representing said operational key enciphered under said key encrypting key.

12. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a key encrypting key, working key storage means, means causing said key encrypting key to be transferred from said key storage means to said working key storage means as a working key, data storage means, input control means controlling the writing of input data representing a operational key into said data storage means, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said operational key enciphered under said key encrypting key for storage in said data storage means, and output control means controlling the reading of said ciphertext from said data storage means to a utilization device.

13 A data security device having a dual master key arrangement in which a first master key provides protection for data encrypting keys and a second master key provides protection for key encrypting keys, said arrangement for protecting said key encrypting keys, comprising:
working key storage means, means storing said second master key in said working key storage means as a working key, data storage means, input control means controlling the writing of input data representing a key encrypting key into said data storage means, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said key encrypting key enciphered under said second master key for storage in said data storage means, and output control means controlling the reading of said ciphertext from said data storage means to a utilization device.

14 A data security device for performing a cryptographic operation comprising:
key storage means storing a first master key, working key storage means, means causing a variant of said first master key to be transferred from said key storage means as a second master key to said working key storage means as a working key, data storage means, input control means controlling the writing of input data representing a key encrypting key into said data storage means, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said key encrypting key enciphered under said second master key for storage in said data storage means, and output control means controlling the reading of said ciphertext from said data storage means to a utilization device.

15. A data security device for performing a crypto-graphic operation comprising:
working key storage means, means storing a key encrypting key in said working key storage means as a working key, data storage means, input control means controlling the writing of input data representing a random number into said data storage means, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said random number enciphered under said key encrypting key for storage in said data storage means, and output control means controlling the reading of said ciphertext from said data storage means to a utilization device.

16. A data security device as defined in claim 15 wherein said input control means include a non-resettable counter proving a count value as said random number.

17. A data security device for performing a crypto-graphic operation comprising:
key storage means storing a key encrypting key, working key storage means, means causing a variant of said key encrypting key to be transferred from said key storage means to said working key storage means as a working key, data storage means, input control means controlling the writing of input data representing a random number into said data storage means, cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said random number enciphered under said variant of said key encrypting key for storage in said data storage means, and output control means controlling the reading of said ciphertext from said data storage means to a utilization device.

18. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device for generating a terminal key encrypting key for said communication terminal comprising working key storage means, means storing a host key encrypting key in said working key storage means, means providing a random number, and cipher means operable in a cipher function to encipher said random number under control of said host key encrypting key to obtain ciphertext representing said terminal key encrypting key for said terminal.

19. In a data communication network providing commun-ication security for data communication sessions between a host system and a communication terminal, a host data security device for generating a terminal key encrypting key for said communication terminal comprising:
key storage means storing a host key encrypting key, working key storage means, means causing a variant of said host key encrypting key to be transferred from said master key storage means to said working key storage means, means providing a random number, and cipher menas operable in a cipher function to encipher said random number under control of said variant of said host key encrypting key to obtain ciphertext representing said terminal key encrypting key for said terminal.

20. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device having a dual master key arrangement in which a first master key provides protection for data encrypting keys and a second master key provides protection for terminal key encrypting keys, said arrangement for protecting terminal key encrypting keys comprising:
working key storage means, means storing said second master key in said working key storage means as a working key, means providing input data representing said terminal key encrypting key, and cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said terminal key encrypting key enciphered under said second master key.

21. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device for protecting a terminal key encrypting key for said terminal comprising:
key storage means storing a first host master key, working key storage means, means causing a variant of said first host master key to be transferred from said key storage master as a second host master key to said working key storage means as a working key, means providing input data representing said terminal key encrypting key, and cipher means operable to encipher said input data under control of said working key to obtain ciphertext representing said terminal key encrypting key enciphered under said second host master key.

22. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device for generating a different session key in protected form for each communication session to be established between said host system and said terminal comprising:
working key storage means, means storing a host key encrypting key in said working key storage means, means providing a different random number for each communication session to be established, cipher means operable to encipher each said random number under control of said host key encrypting key to obtain different ciphertext each defining a different session key as being enciphered under a host master key for each communication session.

.

23. In a data communication network providing communication security for data communication sessions between en a host system and a communication terminal, a host data security device for generating a different session key for each communication session to be established between said host system and said terminal comprising:
key storage means storing a host key encrypting key, working key storage means, means causing a variant of said host key encrypting key to be transferred from said key storage means to said working key storage means, means providing a different random number for each communication session to be established, cipher means operable to encipher each said random number under control of said variant of said host key encrypting key to obtain different ciphertext each defining a different session key as being enciphered under said host key encrypting key for each communication session.

24. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device having a dual master key arrangement in which a first master key provides protection for data encrypting keys and a second master key provides protection for terminal key encrypting keys, said host data security device performing a cryptographic transformation function for reenciphering a data encrypting session key for a communication session from encipherment under a host key encrypting key to encipherment under a terminal key encrypting key of said terminal comprising:
working key storage means, means storing said second master key in said working key storage means as a working key, input means providing first enciphered data representing said terminal key encrypting key enciphered under said second master key, cipher means operable in a first cipher function to decipher said first enciphered data under control of said working key to obtain said terminal key encrypting key in clear form, said input means providing second enciphered data representing said session key enciphered under said first master key, means storing said first master key in said working key storage means to replace said second master key as the present working key, said cipher means operable in a second cipher function to decipher said second enciphered data under control of said present working key to obtain said session key in clear form, and means causing said terminal key encrypting key in clear form to be transferred from said cipher means to said working key storage means to replace said first master key as the now present working key, said cipher means operable in a third cipher function to encipher said session key under control of said now present working key to obtain ciphertext representing said session key enciphered under said terminal key encrypting key for transmission to said terminal.

25. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device for reenciphering a session key for a communication session from encipherment under a host key encrypting key to encipherment under a terminal key encrypting key of said terminal comprising:
key storage means storing a host key encrypting key, working key storage means, means causing a variant of said host key encrypting key to be transferred from said key storage means to said working key storage means as a working key, input means providing first enciphered data representing said terminal key encrypting key enciphered under said variant of said host key encrypting key, cipher means operable in a first cipher function to decipher said first enciphered data under control of said working key to obtain said terminal key encrypting key in clear form, said input means, providing second enciphered data representing said session key enciphered under said host key encrypting key, means causing said host key encrypting key to be transferred from said key storage means to said working key storage means to replace said variant of said host key encrypting key as the present working key, said cipher means operable in a second cipher function to decipher said second enciphered data under control of said present working key to obtain said session key in clear form, and means causing said terminal key encrypting key in clear form to be transferred from said cipher means to said working key storage means to replace said host key encrypting key as the now present working key, said cipher means operable in a third cipher function to encipher said session key under control of said now present working key to obtain ciphertext representing said session key enciphered under said terminal key encrypting key for transmission to said terminal.

26. In a data communication network providing communication security for data communication sessions between a host system and a communication terminal, a host data security device providing a session key for cryptographic operations with said terminal comprising master key storage means storing a host master key, working key storage means, means causing said host master key to be transferred from said master key storage means to said working key storage means as a working key, input means providing input data representing a session key enciphered under said host master key, cipher means for performing cipher functions, decipher key control means causing said cipher means to decipher said input data under control of said working key to obtain data representing said session key in clear form, and means causing said data representing said session key in clear form to be transferred to said working key storage moans as the present working key for subsequent cryptographic operations with said terminal.

27. In a data communication network as defined in claim 26 for further providing host ciphertext for trans-mission to said terminal wherein said input means provides host plaintext, and further comprising:
encipher control means causing said cipher means to encipher said host plaintext under control of said present working key to obtain host ciphertext representing host plaintext enciphered under said session key for transmission to said terminal.

28. In a data communication network as defined in claim 26 for further deciphering terminal ciphertext received at said host system from said terminal wherein said input means provides said terminal ciphertext repre-senting terminal plaintext enciphered under said session key, and further comprising:
decipher control means causing said cipher means to decipher said terminal ciphertext under control of said present working key to obtain said terminal plaintext in clear form at said host system.

29. In a data communication network providing data communication sessions between a host system having a data security device and a communication terminal having a data security device, the method of providing communication security for data communication sessions comprising the steps of:
storing a session key enciphered under a first host key encrypting key at said host system, storing a terminal key encrypting key enciphered under a second host key encrypting key at said host system, reenciphering said session key from encipherment under said first host key encrypting key to encipherment under said terminal key encrypting key, communicating said session key enciphered under said terminal key encrypting key as key synchronizing data to said terminal, storing said terminal key encrypting key at said terminal, providing said terminal key encrypting key as a terminal working key at said terminal, providing said received key synchronizing data as input data at said terminal, carrying out a decipher key operation at said terminal to decipher said input data under control of said terminal working key to obtain said session key in clear form, and replacing said terminal key encrypting key with said session key as the present terminal working key at said terminal to establish a communication session between said terminal and said host system.

30. In a data communication network providing data communication sessions between a host system having a data security device and a communication terminal having a data security device, the method of providing communication security for data communication sessions comprising the steps of:
storing a session key enciphered under a host key encrypting key at said host system, storing a terminal key encrypting key enciphered under a variant of said host key encrypting key at said host system, reenciphering said session key from encipherment under said host key encrypting key to encipherment under said terminal key encrypting key, communicating said session key enciphered under said terminal key encrypting key as key synchronizing data to said terminal, storing said terminal key encrypting key at said terminal, providing said terminal key encrypting key as a working key at said terminal, providing said received key synchronizing data as input data at said terminal, carrying out a decipher key operation at said terminal to decipher said input data under control of said working key to obtain said session key in clear form, and replacing said terminal key encrypting key with said session key as the present working key at said terminal to establish a communication session between said terminal and said host system.

31. In the method as defined in claim 30 wherein said host key encrypting key is a host master key and said terminal key encrypting key is a terminal master key.

32. In the method as defined in claim 30 wherein said host key encrypting key is a host master key and said terminal key encrypting key is a private terminal master key.

33. In the method as defined in claim 29 further providing a cryptographic data communication between said terminal And said host system comprising the further steps of:
providing terminal plaintext, carrying out an encipher operation at said terminal to encipher said terminal plaintext under control of said present terminal working key to obtain terminal ciphertext representing said terminal plaintext enciphered under said session key, and communicating said terminal ciphertext to said host system.

34. In the method as defined in claim 33 further providing a cryptographic operation to obtain said session key in clear form at said host system for subsequent cryptographic operations comprising the further steps of:
providing said first host key encrypting key as a host working key at said host system, providing said session key enciphered under said first host key encrypting key as host input data, carrying out a decipher key operation at said host system to decipher said host input data under control of said host working key to obtain said session key in clear form, and replacing said first host key encrypting key with said session key as the present host working key at said host system for subsequent cryptographic operations.

35. In the method as defined in claim 34 further providing a cryptographic operation to obtain terminal plaintext in clear form at said host system comprising the further steps of:
providing said received terminal ciphertext as present host input data at said host system, and carrying out a decipher operation at said host system to decipher said present host input data under control of said present host working key to obtain said terminal plaintext in clear form at said host system.

36. In the method as defined in claim 29 further providing a cryptographic operation to obtain said session key in clear form at said d host system for subsequent cryptographic operations comprising the further steps of:
providing said first host key encrypting key as a host working key at said host system, providing said session key enciphered under said first host key encrypting key as host input data, carrying out a decipher key operation at said host system to decipher said host input data under control of said host working key to obtain said session key in clear form, and replacing said first host key encrypting key with said session key as the present host working key at said host system for subsequent cryptographic operations.

37. In the method as defined in claim 36 further providing a cryptographic data communication between said host system and said terminal comprising the further steps of:
providing host plaintext, carrying out an encipher operation at said host system to encipher said host plaintext under control of said present host working key to obtain host ciphertext representing said host plaintext enciphered under said session key, and communicating said host ciphertext to said terminal.

38. In the method as defined in claim 37 further providing a cryptographic operation to obtain host plain-text in clear form at said terminal comprising the further steps of:
providing said received host ciphertext as present terminal input data at said terminal, and carrying out a decipher operation at said terminal to decipher said present terminal input data under control of said present working key at said terminal to obtain said host plaintext in clear form at said terminal.

39. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of generating a terminal key encrypting key at said host system for said terminal comprising the steps of:
providing a host key encrypting key, providing a random number, and carrying out an encipher operation to encipher said random number under control of said host key encrypting key to obtain ciphertext representing said terminal key encrypting key for said terminal.

40. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of generating a terminal key encrypting key at said host system for said terminal comprising the step of:
storing a host key encrypting key, providing a variant of said host key encrypting key, providing a random number, and carrying out an encipher operation to encipher said random number under control of said variant of said host key encrypting key to obtain ciphertext representing said terminal key encrypting key for said terminal.

41. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal by a dual master key arrangement at said host system in which a first master key provides protection for data encrypting keys and a second master key provides protection for terminal key encrypting keys, the method of protecting a terminal key encrypting key at said host system comprising the steps of:
providing said second master key at said host system as a working key, providing said terminal key encrypting key at said host system as input data, and carrying out an encipher operation to encipher said input data under control of said working key to obtain said terminal key encrypting key enciphered under said second master key.

42. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of protecting a terminal key encrypting key at said host system comprising the steps of:
storing a host key encrypting key at said host system, providing a variant of said host key encrypting key as a working key, providing said terminal key encrypting key at said host system as input data, and carrying out an encipher operation to encipher said input data under control of said working key to obtain said terminal key encrypting key enciphered under said variant of said host key encrypting key.

43. In the method as defined in claim 42 wherein said host key encrypting key is a host master key and said terminal key encrypting key is a terminal master key.

44. In the method as defined in claim 42 wherein said host key encrypting key is a host master key and said terminal key encrypting key is a private terminal master key.

45. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of generating session keys for each communication session to be established between said host system and said terminal comprising:
providing a host key encrypting key, providing a different random number for each commun-ication session to be established, carrying out an encipher operation to encipher each said random number under control of said host key encrypting key to obtain different ciphertext each defining a different session key as being enciphered under a host master key for each communication session.

46. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of generating session keys for each communication session to be established between said host system and said terminal comprising:
storing a host key encrypting key, providing a variant of said host key encrypting key, providing a different random number for each communication session to be established, carrying out an encipher operation to encipher each said random number under control of said variant of said host key encrypting key to obtain different ciphertext each defining a different session key as being enciphered under said host key encrypting key for each communication session.

47. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal by an arrangement at said host system in which a host first key encrypting key provides protection for data encrypting keys and a host second key encrypting key provides protection for terminal key encrypting keys, the method of performing a cryptographic transformation function for reenciphering a data encrypting session key for a communication session from encipherment under a host first key encrypting key to encipherment under a terminal key encrypting key of said terminal comprising:
providing a host second key encrypting key as a working key, providing first enciphered data representing said terminal key encrypting key enciphered under said host second key encrypting key, carrying out a first ciper function to decipher said first enciphered data under control of said working key to obtain said terminal key encrypting key in clear form, providing second enciphered data representing said session key enciphered under said host first key encrypting key, replacing said host second key encrypting key with said host first key encrypting key as the present working key, carrying out a second cipher function to decipher said second enciphered data under control of said present working key to obtain said session key in clear form, replacing said host first key encrypting key with said terminal key encrypting key as the now present working key, and carrying out a third cipher function to encipher said session key under control of said now present working key to obtain ciphertext representing said session key enciphered under said terminal key encrypting key for transmission to said terminal.

48. In a data communication network which provides communication security for data communication sessions between a host system and a communication terminal, the method of reenciphering a session key for a communication sessions from encipherment under a variant of a host key encrypting key to encipherment under a terminal key encrypt-ing key of said terminal comprising:
storing a host key encrypting key, providing a variant of said host key encrypting key as a working key, providing first enciphered data representing said terminal key encrypting key enciphered under said variant of said host key encrypting key, carrying out a first cipher function to decipher said first enciphered data under control of said working key to obtain said terminal key encrypting key in clear form, providing second enciphered data representing said session key enciphered under said host key encrypting key, replacing said variant of said host key encrypting key with said host key encrypting key as the present working key, carrying out a second cipher function to decipher said second enciphered data under control of said present working key to obtain said session key in clear form, replacing said host key encrypting key with said terminal key encrypting key as the now present working key, and carrying out a third cipher function to decipher said session key under control of said now present working key to obtain ciphertext representing said session key enciphered under said terminal key encrypting key for transmission to said terminal.

49. In a data communication network which provides communication security for a data communication session between a host system having a data security device and a communication terminal having a data security device, the method of establishing a common private session key for a private data communization session comprising the steps of:
providing a host master key as a working key at said host system, providing said private session key enciphered under said host master key at said host system as input data, carrying out a decipher operation at said host system to decipher said input data under control of said working key to obtain said private session key in clear form, replacing said host master key with said private session key as the present host working key at said host system, providing said private session key as the present terminal working key at said terminal so that a common private session key is maintained as the present working key at both said terminal and said host system for establishing a private communication session.

50. In the method as defined in claim 49 further providing a cryptographic data communication between said terminal and said host system comprising the further steps of:
providing terminal plaintext at said terminal as input data, carrying out an encipher operation at said terminal to encipher said input data under control of said present terminal working key to obtain terminal ciphertext representing said terminal plaintext enciphered under said private session key, communicating said terminal ciphertext to said host system, providing said received terminal ciphertext as present input data at said host system, and carrying out a decipher operation at said host system to decipher said present input data under control of said present host working key to obtain terminal plaintext in clear form at said host system.

51. In the method as defined in claim 49 further providing a cryptographic data communication between said host system and said terminal comprising the further steps of:
providing host plaintext at said host system as input data, carrying out an encipher operation at said host system to encipher said input data under control of said present host working key to obtain host ciphertext representing said terminal plaintext enciphered under said private session key, communicating said host ciphertext to said terminal, providing said received host ciphertext as present input data at said terminal, and carrying out a decipher operation at said terminal to decipher said present input data under control of said present terminal working key to obtain host plaintext in clear form at said terminal.

52. A method of providing communication security for a data communi-cation session in a data communication network between a host system and a communication terminal, the method being characterised by the steps of:
providing and storing a terminal key encrypting key enciphered under a first host key encrypting key at the host system, storing the terminal key encrypting key at the terminal, pro-viding a session key enciphered under a second host key encrypting key at the host system for cryptographic operations during the communica-tion session between the terminal and the host system, reenciphering the session key from encipherment under the second host key encrypting key to encipherment under the terminal key en-crypting key, communicating the session key enciphered under the terminal key encrypting key to the terminal for cryptographic operations during the communication session between the terminal and the host system.

53. A method as claimed in claim 52, wherein the first host key en-crypting key is a variant of the second host key encrypting key.

54. A method as claimed in claim 53, wherein the second host key en-crypting key is a multi-bit key and the first host key encrypting key is a multi-bit variant of the second key formed by inverting predeter-mined ones of the bits of the second key.

55. A method as claimed in claims 52, 53, or 54, wherein re-enci-phering the session key comprises:
providing the first host key encrypting key as a working key, deciphering the terminal key encrypting key enciphered under the first host key encrypting key to obtain the terminal key encryp-ting key in clear form, replacing the first host key encrypting key by the second host key encrypting key as the working key, deciphering the session key enciphered under the second host key encrypting key to obtain the session key in clear form, replacing the second host key encrypting key by the terminal key encrypting key as the working key, and enciphering the session key to obtain the session key enciphered under the terminal key encrypting key.

56. A method as claimed in any of claims 52, 53, or 54, wherein providing the terminal key encrypting key enciphered under the first host key comprises:
generating a random number representing the terminal key encryp-ting key, and enciphering the random number using the first host key encrypting key as a working key.

57. A method as claimed in claims 52, 53, or 54, wherein providing the session key enciphered under the second host key encrypting key comprises generating a random number.