Abstract: Methods and apparatus for enhanced CMEA, or ECMEA, processing. A forward ECMEA and a reverse ECMEA process are provided. The forward ECMEA process decrypts text encrypted by the reverse ECMEA process and the reverse ECMEA process decrypts text encrypted by the forward ECMEA process. The forward ECMEA process employs a first transformation, an iteration of the CMEA process, and a second transformation. The reverse ECMEA process employs a first inverse transformation, an iteration of the CMEA process, and a second inverse transformation. The transformations and inverse transformations, and the iterations of the CMEA process, employ secret offsets to improve security. The transformations and the iteration of the CMEA process also employ an enhanced tbox function using an involutary lookup table.

Abstract: The secure management of encryption keys is obtained by preventing external access thereto and ensuring that the keys do not leave an encryption unit in their original form. This result is obtained via a facility which (a) generates a unique device encryption key and at least one program encryption key, (b) encrypts the program encryption key using the device encryption key, and (c) stores the result in local memory. Thereafter, responsive to receipt of an indication to encrypt data, the program encryption key is retrieved from memory and is decrypted using the unique device encryption key. The data is then encrypted using the decrypted program encryption key and the encrypted data is stored in a server for distribution to a user who enters a request for the data. When there is a need to transport the latter key to another element, then the program key is encrypted using a symmetrical encryption key that the facility shares with the other element and the result is supplied to that element.

Abstract: A self-inverting enhanced CMEA encryption system suitable for use in wireless telephony. An unprocessed text message is introduced into the system and subjected to a first iteration of a CMEA process, using a first CMEA key to produce a first intermediate message, a first intermediate processed text message, a first intermediate ciphertext message or the like. The first intermediate processed text message is subjected to a further iteration of the CMEA process, using a second CMEA key, to produce a second intermediate processed text message. The second intermediate processed text message is subjected to a final iteration of the CMEA process, using the first CMEA key, to produce the final processed text message. Security may be additionally enhanced by subjecting each message to an input/output transformation before and after each iteration of the CMEA process.

Abstract: Methods and apparatus for enhanced CMEA, or ECMEA, processing. A forward ECMEA and a reverse ECMEA process are provided. The forward ECMEA process decrypts text encrypted by the reverse ECMEA process and the reverse ECMEA process decrypts text encrypted by the forward ECMEA process. The forward ECMEA process employs a transformation, an iteration of the CMEA process, and an inverse transformation. The reverse ECMEA process employs a reverse transformation, an iteration of the CMEA process, and a reverse inverse transformation. The transformations and inverse transformations, and the iteration of the CMEA process, employ secret offsets to improve security. The transformations and the iteration of the CMEA process also employ an enhanced tbox function using an involutary lookup table.

Abstract: A microcomputer incorporates a pair of DMA controllers that are co-dependently operated to read and write common data blocks to two peripheral devices. In an exemplary embodiment of the invention, one of the DMA controllers is designated to read a data block from memory, store the data, and then write the data in a single write cycle to each of the two peripheral devices. This DMA controller provides the address and control signals necessary for writing the data to a first of the two peripheral devices, while the other DMA controller provides the address and control signals necessary for writing the data block to a second of the two peripheral devices. As a result, only one read and one write command are required for the data to be written to the two peripheral devices.

Abstract: An enhanced CMEA encryption system suitable for use in wireless telephony. A plaintext message is introduced into the system and subjected to a first iteration of a CMEA process, using a first CMEA key to produce an intermediate ciphertext. The intermediate ciphertext is then subjected to a second iteration of the CMEA process using a second CMEA key to produce a final ciphertext. Additional security is achieved by subjecting the plaintext and intermediate ciphertext to input and output transformations before and after each iteration of the CMEA process. The CMEA iterations may be performed using an improved use of a tbox function which adds permutations to a message or intermediate crypto-processed data. Decryption is achieved by subjecting a ciphertext message to the reverse order of the steps used for encryption, replacing the input and output transformations by inverse output and inverse input transformations, respectively, as appropriate.

Abstract: An enhancement to the use of a tbox function for CMEA encryption. Offsets are generated for application of the tbox function to a message, using secret values and previously encrypted message octets. The offsets are used to permute the message for application of the tbox function. For the first message of a call, the previously encrypted message octets are replaced by an initialization value. In a system employing a single iteration of CMEA encryption, first and second offsets are generated. In a system employing two iterations of CMEA encryption, first, second, third and fourth offsets are generated, with the first and second offsets being used in the first iteration of CMEA encryption and the third and fourth offsets being used in the second iteration of CMEA encryption.

Abstract: The generation of electronic identifiers for network interface units connected to a data network for use in detecting unauthorized decryption of encrypted data transmitted over the data network. A random number is generated for use as a private key decryption code and is stored in memory in each network interface unit. A public key is calculated from the stored private key using a non-invertible mathematical formula. If the calculated public key is unique, then a portion of the public key (e.g. a subset of its bits) is stored in a data provider database as an electronic identifier for use in detecting unauthorized decryption of data by the interface unit.

Abstract: We have recognized that there is a strong need to control and maintain the secrecy of the intelligence that may be used by computers to communicate with another, for example, by encrypting the messages that they exchange with one another. Thus, the encryption keys used to encrypt such messages need to be managed in a highly secure manner. Accordingly, we provide an encryption module, which, in accord with an aspect of the invention, generates a unique device encryption key (S.sub.local), a cryptographic key formed from a unique identification key (S.sub.id) and an associated public key (KP.sub.id), and at least one program encryption key, in which the public key is generated as a function of the unique identification key. The module then encrypts the unique identification key and program encryption key using said device encryption key and stores the encrypted result in memory internal to security module, thereby securing the keys against misappropriation.