WikiPatents - Community Patent Review
Create Free Account  |  License or Sell Your Patent  |  WikiPatents Marketplace  |  WikiPatents Blog
Username:  Password:  
    
Advanced Search
Pseudorandom number generation and cryptographic authentication    
United States Patent5363448   
Link to this pagehttp://www.wikipatents.com/5363448.html
Inventor(s)Koopman, Jr.; Philip J. (Hebron, CT); Finn; Alan M. (Amston, CT)
AbstractAn automobile door lock receiver module (30) and a plurality of keychain fob transmitter units (16) contain identification numbers, secret initial values, and secret feedback masks so as to authenticate encrypted messages from any of the assigned fobs, indicative of commands registered by closing switches on the fob. Each fob is synchronized with the receiving module by means of a truly random number concatenated with a secret initial value and encrypted, through a linear feedback shift register or other operations. A second secret initial value is encrypted and command bits are exclusive ORed into the low order bit positions; the two encrypted numbers are concatenated and encrypted to form a key word which is transmitted with the fob ID. Synchronization includes decrypting to recover the truly random number and the secret initial value concatenated therewith; the truly random number is compared with previously received random numbers in order to avoid copying of recently transmitted synchronization commands. Successive lock-related commands utilize the number encrypted from the truly random number and the second secret initial value as starting values, employing a pseudorandom number of encryption iterations. A half-second delay between responses mitigates gaining access through numerical trials. An authenticated panic alarm command operates the headlights and horn of the vehicle but does not alter the synchronization.
   














 Title Information Submit all comments and votes
 
Patent Text Patent PDF Print Page Summary File History
Plain text PDF images Print Summary File History
Drawing from US Patent 5363448
Pseudorandom number generation and cryptographic authentication - US Patent 5363448 Drawing
Pseudorandom number generation and cryptographic authentication
Inventor     Koopman, Jr.; Philip J. (Hebron, CT); Finn; Alan M. (Amston, CT)
Owner/Assignee     United Technologies Automotive, Inc. (Dearborn, MI)
Patent assignment
All assignments
Publication Date     November 8, 1994
Application Number     08/086,080
PAIR File History     Application Data   Transaction History
Image File Wrapper   Patent Term   Fees
Litigation
Filing Date     June 30, 1993
US Classification     713/170 340/5.26 340/5.8 380/43 380/262 380/274 713/169
Int'l Classification     H04L 009/32
Examiner     Gregory; Bernarr E.
Assistant Examiner    
Attorney/Law Firm     Williams; M. P .
Address
Parent Case    
Priority Data    
USPTO Field of Search     380/4 380/9 380/23 380/24 380/25 380/46 380/49 380/50 380/21 380/43 331/78 364/717 340/825.31 340/825.34
Patent Tags     pseudorandom number generation cryptographic authentication
   
Enter a comma (,) or semicolon (;) between multiple tag words/phrases.
Describe this patent:
 Amusing   
 Clever   
 Complex   
 Efficient   
 Historic   
 Important   
 Innovative   
 Interesting   
 Practical   
 Simple   
[no votes]
Patent WIKI

Share information and news about this patent, including information and news about the technology, inventors, company, ligation and licensing.
 References Submit all comments and votes
 
*references marked with an asterisk below are user-added references
 U.S. References
 
Add a new US reference:  
ReferenceRelevancyCommentsReferenceRelevancyComments
5146215
Drori
340/5.22
Sep,1992
[0 after 0 votes]		5144667
Pogue, Jr.
380/45
Sep,1992
[0 after 0 votes]
5109152
Takagi
235/380
Apr,1992
[0 after 0 votes]		5048086
Bianco
380/28
Sep,1991
[0 after 0 votes]
5007016
Le Mehaute
707/6
Apr,1991
[0 after 0 votes]		5001754
Deffeyes
380/46
Mar,1991
[0 after 0 votes]
4876718
Citta
380/42
Oct,1989
[0 after 0 votes]		4691291
Wolfram
708/250
Sep,1987
[0 after 0 votes]
4667301
Chiu
708/250
May,1987
[0 after 0 votes]		4424414
Hellman
380/30
Jan,1984
[0 after 0 votes]
 Foreign References
 Other References
 Market Review Submit all comments and votes
   
Market Size
Estimate the gross annual revenues of the relevant market sector:
> $10B
$5B - $10B
$2B - $5B
$500M - $2B
$100M - $500M
$10M - $100M
$1M - $10M
$500K - $1M
$100K - $500K
< $100K
[No votes]
$0
 
$0   $2.5B   $5B   $7.5B   $10B
Market Share
Estimate the percentage of the relevant market sector this invention will capture:
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Reasonable Royalty
What percentage of gross sales should the inventor or assignee be paid?
75% - 100%
50% - 74.99%
25% - 49.99%
10 - 24.99%
5 - 9.99%
2 - 4.99%
1 - 1.99%
< 1%
[No votes]
0.0%
 
0%   25%   50%   75%   100%
Public's "Guesstimation" of Royalty Value
Market SizeN/A[No votes]
xMarket ShareN/A[No votes]
xReasonable RoyaltyN/A[No votes]
N/A
License Availablity
If you are NOT the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
License Availablity
If you ARE the owner or assignee, answer here:
Yes, license is available for purchase

No, license is not currently available



 [No votes]
Competitive Advantage
Does this invention have a significant competitive advantage over similar technologies?
Yes

No



 [No votes]
Most helpful competitive advantage comment
[No comments]
Commercial Alternatives
Are there viable commercial alternatives for this invention?
Yes

No



 [No votes]
Most helpful commercial alternative comment
[No comments]
 Technical Review Submit all comments and votes
 Claims Submit all comments and votes
 


We claim:

1. A method of cryptographic authentication of transmissions from a transmitting unit to a receiving module,

comprising, in said transmitting unit:

separately generating a plurality of pseudorandom numbers;

concatenating said numbers to form a combined word;

performing an encryption operation on said combined word; and

transmitting a command word including a key portion derived from the result of said encryption operation; and

comprising, in said receiving module:

receiving said command word;

performing a decryption operation on the key portion of said command word to recover said combined word;

providing at least one number; and

providing an authentication signal only if at least a portion of said at least one number is identical to a corresponding portion of said recovered combined word.

2. A method according to claim 1 wherein:

said step of providing at least one number comprises separately generating a second plurality of pseudorandom numbers; and

said step of providing an authentication signal comprises providing said authentication signal only if at least a portion of each of said second plurality of pseudorandom numbers is identical to a corresponding portion of said recovered combined word.

3. A method according to claim 2 wherein said generating steps each comprise generating a pair of numbers.

4. A method according to claim 1 wherein said generating step comprises generating a pair of numbers.

5. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a linear encryption operation.

6. A method according to claim 1 wherein said step of performing an encryption operation comprises performing a feedback shift register operation.

7. A method according to claim 6 wherein said step of performing an encryption operation comprises performing a linear feedback shift register operation employing a secret feedback mask and said step of performing a decryption operation comprises performing a reverse linear feedback shift register operation employing the same secret feedback mask as in said encryption operation.

8. A method according to claim 7 wherein said linear feedback shift register operation comprises a number of iterations on the order of the degree of said combined word or more.

9. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:

providing a starting number in said transmitting unit and providing said starting number in said receiving module;

in said transmitting unit:

providing an iteration control signal which changes in a pseudorandom manner in response to successive transmissions from said transmitting unit;

performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal;

transmitting a command word derived at least in part from the result of said encryption operation; and

in said receiving module:

receiving said command word;

recovering the result of said encryption operation from said received command word;

providing a second iteration control signal which changes, in the same pseudorandom manner as said first iteration control signal, in response to successive receptions of command words by said receiving module;

performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal;

comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and

providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.

10. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a linear iterative encryption operation.

11. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a feedback shift register operation.

12. A method according to claim 9 wherein said step of performing an iterative encryption operation comprises performing a linear feedback shift register operation employing the same secret feedback mask in said transmitting unit as in said receiving module.

13. A method according to claim 9 wherein:

the same secret initial value is provided in said transmitting unit and in said receiving module; and

said starting number is provided by performing said iterative encryption operation on a word derived at least in part from said secret initial value a number of iterations on the order of the degree of said word, or more.

14. A method according to claim 9 wherein said variable number of iterations is a fraction of the degree of said starting number.

15. A method according to claim 9, comprising:

providing a second starting number in said transmitting unit and providing said second starting number in said receiving module;

in said transmitting unit:

providing a third iteration control signal which changes in a pseudorandom fashion in response to successive transmissions from said transmitting unit;

performing a changeable number of iterations of an iterative encryption process on said third starting number, said changeable number determined by said third iteration control signal;

transmitting said command word derived at least in part from the result of said encryption process; and

in said receiving module:

recovering the result of said encryption process from said received command word;

providing a fourth iteration control signal which changes, in the same pseudorandom fashion as said third iteration control signal, in response to successive receptions of command words by said receiving module;

performing a changeable number of iterations of said iterative encryption process on said starting number, said changeable number determined by said fourth iteration control signal;

comparing at least a portion of the result of said encryption process performed in said receiving module with a corresponding portion of said recovered result of said encryption process; and

providing an authentication signal only if said portion of said encryption process performed in said receiving module is identical to said corresponding portion of said recovered result of said encryption process.

16. A method according to claim 15 wherein said variable number is different from said changeable number.

17. A method according to claim 15 wherein said pseudorandom manner is different from said pseudorandom fashion.

18. A method according to claim 15 wherein said iterative encryption operation is the same as said iterative encryption process.

19. A method according to claim 9 wherein, in response to the presence of said first and second equal signals, the command portion of said recovered new altered word is exclusive ORed with the corresponding portion of said second new pseudorandom number and said steps (a) and (b), are performed in response to the result of said exclusive OR operation indicating said command is a synchronization command.

20. A method according to claim 9 wherein said iteration control signal changes in response to the value of a bit position of a changing number.

21. A method according to claim 9 wherein said iteration control signal changes in response to the value of a plurality of bit positions of a changing number.

22. A method according to claim 9 wherein said iteration control signal changes in response to the value of a bit position of said starting number.

23. A method of cryptographically authenticating transmissions from any of a plurality of remote command transmitting units to a command performing receiving module, comprising:

providing a set of numbers in each of said transmitting units, each set corresponding to one of said transmitting units, each set including at least one secret initial value, each set essentially unique to the corresponding unit;

providing in said receiving module, said set of numbers for each of said transmitters to which said receiving module is to respond;

transmitting a command word from one of said transmitting units including a key portion derived at least in part from an encryption operation performed on said secret initial value; and

authenticating said command word received at said receiving module utilizing the numbers in a corresponding set.

24. A method according to claim 23 wherein each of said sets includes an identification number;

said transmitting step comprises transmitting said command word including said identification number; and

said authenticating step comprises performing a process to authenticate said received command word only in response to said command word containing an identification number which matches an identification number in one of the sets provided in said receiving module.

25. A method according to claim 24 wherein, in response to receipt of said command word, said receiving module performs an authentication process using successive ones of said sets which have an identification number that matches the identification number included in said received command word until either authentication occurs or all of said sets have been used.

26. A method according to claim 23 wherein, in response to receipt of said command word, said receiving module performs an authentication process on said key portion using successive ones of said sets until either authentication occurs or all of said sets have been used.

27. A method according to claim 23 wherein each set includes at least one corresponding secret feedback mask, and said encryption operation comprises a feedback shift register pseudorandom number generation operation utilizing said secret feedback mask.

28. A method according to claim 27 wherein said shift register operation is linear.

29. A method of synchronized cryptographic authentication of transmissions from a remote command transmitting unit to a command performing receiving module selectively responsive thereto comprising:

transmitting a command word including a key portion derived from at least one encrypted number generated in said transmitting unit and indicative of a command;

receiving said command word and, in response thereto, comparing a number in said receiving module with a number decrypted from the key portion recovered from said command word, providing an authentication signal based at least in part on identity between said number in said receiving module and said number decrypted from the key portion recovered from said command word, selectively performing the command indicated thereby in response to said authentication signal; and

rendering said receiving module unresponsive, following receipt of one command word, to receipt of an additional command word for a period of time on the order of one-half second, or more.

30. The method according to claim 29 wherein said rendering step comprises providing a waiting period between the conclusion of any operation responsive to receipt of one of said command words and the enabling of said receiving module to be responsive to a subsequently received command word.

31. A method of selectively cryptographically authenticating transmissions, indicative of commands initiated by operating switches, from each of a plurality of transmitting units to a receiving module, comprising:

providing a set of numbers in each one of said transmitting units, each set corresponding to one of said transmitting units and identified by an identification number, each set including at least a pair of secret initial values;

providing in said receiving module the one of said sets corresponding to each of said transmitting units to which said receiving module is to respond;

in response to operation of said switches indicating a command other than a lock-related command in one of said transmitting units:

providing a command bit;

generating a random number;

concatenating said random number with a first one of said secret initial values so as to provide a combined word;

performing a first encryption operation on said combined word to provide a first number;

performing a second encryption operation on a second one of said secret initial values to provide a second number;

exclusive ORing a plurality of command bits indicative of said command with the corresponding bits of said second number to provide an altered word;

performing a third encryption operation on the concatenation of said first number with said altered word to provide an encrypted key word;

storing said first and second numbers as first and second pseudorandom numbers for future use in subsequent authentication;

transmitting a command word including said encrypted key word, said command bit, and said identification number;

in response to operation of said switches indicating a lock-related command in one of said transmitting units:

performing a fourth encryption operation on said first number to provide a new first pseudorandom number;

performing a fifth encryption operation on said second number to provide a new second pseudorandom number;

exclusive ORing a plurality of command bits indicative of said lock-related command with the corresponding bits of said new second pseudorandom number to provide a new altered word;

performing a sixth encryption operation on the concatenation of said new first pseudorandom number and said new altered word to provide a new encrypted key word;

storing said new first and second pseudorandom numbers for future use in subsequent authentication in place of said first and second pseudorandom numbers;

transmitting a command word including said new encrypted key word and said identification number;

in said receiver, selectively, in response to receipt of said command word including said command bit:

determining if said receiver has secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so:

performing a first decryption operation on said key word portion of said received command word so as to recover said first number and said altered word;

performing, on said recovered first number, a second decryption operation so as to recover said combined word, comparing said first secret initial value to a corresponding portion of said recovered combined word and providing a first equal signal only in the event of identity therebetween;

performing a seventh encryption operation on said second secret initial value to provide said second number, comparing the non-command portion of said recovered altered word with the corresponding portion of said second number and providing a second equal signal only in response to identity therebetween;

then, in response to the absence of either of said first and second equal signals, terminating all further response to said command word;

or otherwise, in response to the presence of said first and second equal signals, comparing the random number portion of said recovered combined word to a random number portion derived from a command word previously received from said transmitter and, in response to identity therebetween, terminating all further response to said command word, but otherwise, (a) storing said random number portion for future use in subsequent synchronization operations and (b) storing said second number and said recovered first number, as first and second pseudorandom numbers for future use in subsequent authentication operations;

in said receiver, selectively, in response to receipt of said command word not including said command bit:

determining if said receiver has secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so:

performing a third decryption operation on the key word portion of said received command word, so as to recover said new first pseudorandom number and said new altered word;

performing an eighth encryption operation on said first pseudorandom number to provide a first new pseudorandom number, and comparing said first new pseudorandom number to said recovered new first pseudorandom number and providing a third equal signal in response to identity therebetween;

performing a ninth encryption operation on said second pseudorandom number to provide a second new pseudorandom number and comparing the non-command portion of said recovered new altered word to a corresponding portion of said second new pseudorandom number and providing a fourth equal signal only in response to identity therebetween;

then, in the absence of either of said third or fourth equal signals, terminating all further response to receipt of said command word, but in the presence of both of said third and fourth equal signals, exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said second new pseudorandom number, performing the command indicated by the result thereof, and storing said first new pseudorandom number and said second new pseudorandom number for future use in subsequent authentication operations.

32. A method according to claim 31 wherein said encryption operations comprise linear feedback shift register operations.

33. A method according to claim 31 wherein said first, second and third encryption operations employ the same algorithm.

34. A method according to claim 31 wherein said first and fourth encryption operations employ the same algorithm.

35. A method according to claim 31 wherein said second and fifth encryption operations employ the same algorithm.

36. A method according to claim 31 wherein said third and sixth encryption operations employ the same algorithm.

37. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto;

said transmitting unit comprising:

a source of signals for providing first and second seed signals indicative of respective secret pseudorandom number generator initial values and first, second and third mask signals indicative of respective secret feedback masks, each mask defining a respective feedback polynomial for linear feedback shift register pseudorandom number generation, said initial values and said polynomials being essentially unique to said transmitting unit;

command switches operable to indicate a physical effect which is to be caused by said receiving module; and

first signal processing means responsive to selected operation of said switches indicative of a synchronization command for providing a random signal indicative of a variable random number, for performing a first linear feedback shift register pseudorandom number generation operation, on a combined number consisting of the initial value defined by said first seed signal concatenated with the random number defined by said random signal, a given number of iterations on the order of the degree of said first polynomial, or more, using the mask defined by said first mask signal, said first polynomial having a degree on the order of the degree of said combined word, for performing a second linear feedback shift register pseudorandom number generation operation, on a second word consisting of the initial value defined by said second seed signal, a fixed number of iterations on the order of the degree of said second polynomial, or more, using the mask defined by said second mask signal, said second polynomial having a degree on the order of the degree of said second initial value, for exclusive ORing a plurality of command bits indicative of said synchronization command with a corresponding plurality of bits of the result of said second generation operation to form an altered word, for storing, for future use in authenticating subsequent transmissions to said receiving module, first and second pseudorandom numbers respectively indicative of the results of said first and second generation operations, for performing a third linear feedback shift register pseudorandom number generation operation, on a word consisting of said first pseudorandom number concatenated with said altered word, a predetermined number of iterations on the order of the degree of said third polynomial, or more, using the mask defined by said third mask signal, said third polynomial having a degree on the order of the summation of the degrees of said first pseudorandom number and said altered word, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion and including a command bit indicative of said synchronization operation;

said first signal processing means responsive to selected operation of said switches indicative of a lock-related command for performing a fourth linear feedback shift register pseudorandom number generation operation, on said first pseudorandom number, a first determined number of iterations, using the mask defined by said first mask signal, to provide a new first pseudorandom number, for performing a fifth linear feedback shift register pseudorandom number generation operation, on said second pseudorandom number, a second determined number of iterations, using the mask defined by said second mask signal, to provide a new second pseudorandom number, for exclusive ORing a plurality of command bits indicative of said lock-related command with a corresponding plurality of bits of said new second pseudorandom number to form a new altered word, for performing a sixth linear feedback shift register pseudorandom number generation operation, on a word consisting of said new first pseudorandom number concatenated with said new altered word, said predetermined number of iterations, using the mask defined by said third mask signal, for storing said new first and second pseudorandom numbers for future use in authenticating subsequent transmissions to said receiving module, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion;

said receiving module comprising:

a signal source for providing third and fourth seed signals respectively indicative of said initial values and fourth, fifth and sixth mask signals respectively indicative of said masks; and

second signal processing means for receiving said command word signal and responsive to said command word including said command bit, for performing a first reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, for performing a second reverse linear feedback shift register pseudorandom number generation operation, on a portion of the result of said first reverse generation operation corresponding to said combined word, said given number of iterations, using the mask defined by said fourth mask signal, for comparing said initial value defined by said third seed signal with an equivalent portion of the result of said second reverse generation operation and providing a first equal signal only if they are identical, for performing a seventh linear feedback shift register pseudorandom number generation operation on a word consisting of the initial value defined by said fourth seed signal, said fixed number of iterations, using the mask defined by said fifth mask signal, for comparing a portion of the result of said seventh generation operation, corresponding to the unaltered portion of said altered word, with a corresponding portion of the result of said first reverse generation operation and providing a second equal signal only if they are identical, in response to said first and second equal signals, for storing, for subsequent use, the random number portion of the result of said second reverse operation and for comparing said random number portion with a similar random number portion, previously stored for subsequent use in response to prior performances of said second reverse operation, and for selectively storing third and fourth pseudorandom numbers respectively indicative of the result of said second reverse operation and said seventh generation operation, for future use in subsequent authentication of transmissions from said transmitting unit, only if said compared random portions are not equal;

said second signal processing means responsive to said command word signal not including said command bit for performing a third reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, to recover said new first pseudorandom number and said new modified word, for performing an eighth linear feedback shift register pseudorandom number generation operation, on said third pseudorandom number, said first determined number of iterations, using the mask defined by said fourth mask signal, to provide a third new pseudorandom number with said third new pseudorandom number and generating a third equal signal only if they are identical, for performing a ninth linear feedback shift register pseudorandom number generation operation, on said fourth pseudorandom number, said second determined number of iterations, using the mask defined by said fifth mask signal, to provide a fourth new pseudorandom number, for comparing the non-command portion of said recovered new altered word with a corresponding portion of said fourth new pseudorandom number and providing a fourth equal signal only if they are identical, and, in response to said first and second equal signals, for storing for future use in subsequent authentication of transmissions from said transmitting unit, said new third and fourth pseudorandom numbers indicative of the results of said eighth and ninth generation operations, for exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said fourth new pseudorandom number to recover said plurality of command bits and for performing said lock-related command.

38. A system according to claim 37 wherein the initial value indicated by said first seed signal is different from the initial value defined by said second seed signal.

39. A system according to claim 37 wherein said polynomials are all different from each other.

40. A system according to claim 37 wherein said fixed number is equal to said given number.

41. A system according to claim 37 wherein said first determined number is different from said second determined number.

42. A system according to claim 37 wherein said feedback polynomials are maximal length feedback polynomials.

43. A system according to claim 37 wherein said first and second determined numbers each vary as a function of a respective pseudorandom event, responsive to each transmission in said transmitting unit and responsive to each reception in said receiving module.

44. A system according to claim 43 wherein said first and second determined numbers are a fraction of said given number and said fixed number, respectively.

45. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:

providing a starting number in said transmitting unit and providing said starting number in said receiving module;

in said transmitting unit:

providing an iteration control signal which changes in a random manner in response to successive transmissions from said transmitting unit;

performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal;

transmitting a command word derived at least in part from the result of said encryption operation; and

in said receiving module:

receiving said command word;

recovering the result of said encryption operation from said received command word;

providing a second iteration control signal which changes, in the same random manner as said first iteration control signal, in response to successive receptions of command words by said receiving module;

performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal;

comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and

providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.

46. A method according to claim 45 wherein said iteration control signal changes in response to the value of a plurality of bit positions of a random number.
 Description Submit all comments and votes
 


TECHNICAL FIELD

This invention relates to pseudorandom numbers and cryptographically encoded transmissions, such as the type involved with an automobile key chain fob transmitter which opens the automobile door locks or trunk in response to transmissions from the fob.

BACKGROUND ART

The art of encoding transmissions so that the transmissions may be authenticated at a receiving module must meet criteria for technical viability (security) as well as low cost and convenience. The cost and convenience criteria result in an inability to use any encoding with polynomials of excessive degree (such as binary numbers of hundreds of bits). Furthermore, cryptographic processing must require less than one second for acceptability by the user. Cost and weight constraints can limit the size and sophistication of a microprocessor or other signal processing equipment used in the system.

An example of such a system is disclosed in commonly owned U.S. Pat. No. 5,191,610 to Hill and Finn. That system utilizes linear feedback shift register pseudorandom number generation having the same seed number and the same, fixed feedback mask in the receiver as in the transmitter. The number of iterations of linear feedback shift register pseudorandom number generation are counted in both the receiver and the transmitter, there being one additional iteration each time that a command is sent. Should the receiver not recognize one of the transmissions (because the transmitter was inadvertently activated at a great distance from the receiver, or otherwise), the receiver is allowed a moderate number of catch-up iterations in which it attempts to match the received transmission. Should that fail, the transmitter tells the receiver how many iterations from the seed it should perform in order to recreate a new current pseudorandom number in order to resynchronize the receiver to the transmitter pseudorandom number.

The aforementioned system requires that a receiver and a transmitter be wired or loaded with a binary feedback mask at the factory and sold as a pair. It also precludes matching a replacement transmitter with an existing receiver without the involvement of dealership personnel, which could compromise security. The pseudorandom number generators of the Hill and Finn patent use one iteration per encrypted message. This saves time but results in a certain level of correlation between successive samples, so that the samples are less random-like. In other pseudorandom number applications, the speed advantage of the aforementioned system could be useful but for the inherent correlation.

Any such system, except one that uses a truly random number of infinite degree, can be compromised either by analysis of a succession of intercepted signals, or by a brute force, exhaustive numerical trial approach which simply tries every number possible as the authentication word (the code or key).

Coded keypads used for unlocking vehicles have inherent security features. The generation of the code word by pressing keys can be shielded from view, and is certainly not capable of being determined beyond a line of sight. Furthermore, there would be great risk for an intruder entering every possible number into a keypad in an attempt to replicate the code (unless, of course, the automobile were parked in an unobservable area, such as a private or otherwise vacant garage). Thus, the keypad cannot be breached by analysis, and is not likely to be breached by numerical trial.

In contrast, lock systems which employ remote transmissions are enormously subject to security tampering because the surveillance of the transmissions may be carried out in another vehicle, without attracting any attention whatsoever. Therefore, it is possible to record many transmissions to a given vehicle, such as in a reserved workplace parking space (which commonly contains expensive cars), as well as providing an unobservable opportunity to attempt the breach of a security system (or even several systems at one time) by broadcasting huge volumes of random numbers, in parking lots where vehicles remain for long periods of time, such as at airports.

Whenever a transmitter is newly assigned to be used with an existing receiver, it is not sufficient to allow the new fob to identify itself and become authorized, without limiting that activity to a time when there is authorized access to the receiver through other than the transmitter itself (that is, within the vehicle itself). Thus, access to the vehicle by means of a traditional key or the like assures the safety of matching a newly assigned transmitter to an existing receiver. In the case of loss of synchronization between the transmitter and the receiver, simply allowing the receiver to synchronize to a particular pseudorandom number provided thereto by the transmitter makes it too easy for a surreptitious breach of security based on the analysis of a few transmissions, and synchronizing thereafter to one of the previous transmissions, utilizing numbers expected to be successful based upon analysis. Mere obfuscation of the resynchronizing code could be compromised by analysis of successful resynchronizations, and determination of the obfuscation function. The danger is not just that a single car might be broken into, but that a sophisticated capability might be developed and thereafter utilized extensively to breach the security of a large number of automobiles of a similar type.

DISCLOSURE OF INVENTION

Objects of the invention include provision of an improved remote operating system, the security of which is extremely difficult to breach by analysis, in which analysis of transmitted signals provides essentially no assistance in reducing the amount of numbers required for a numerical trial breach of security, and in which numerical trial breach of security requires, at a minimum, a prohibitively long time, rendering the vehicle essentially secure to brute force numerical trial attack, and which is useful only on a per vehicle basis. Other objects include rapid pseudorandom number generation with minimal correlation.

This invention is predicated on our observation that introducing non-linearities into the Galois field operation of linear feedback shift register pseudorandom numbers can render a code very difficult to breach by or with aid from numerical analysis. The invention is further predicated on the fact that time constraints on authentication can render the numerical trial approach essentially useless. The invention is predicated in part on the reversibility characteristic of the well-known exclusive OR operation, and on the reversibility of encryption such as encryption involving linear feedback shift register operations.

According to the present invention, an encryption, such as a linear feedbac