United I States Patent
`
`[19]
`
`Resenblum I
`
`[11]
`
`[45]
`
`4,182,933
`
`Jan. 8, 1980
`
`[54].
`
`[75].
`
`[73]
`
`[21]
`[221
`
`[51]
`[52]
`[58]
`
`SECURE COMMUNICATION SYSTEM WITH
`REMOTE KEY SETTING
`
`Inventor: Howard E. Rosenbluni, Silver Spring,
`Md.
`
`Assignee: The United States of America as
`represented by the Secretary of the
`Army, Washington, DC.
`
`Appl. No.: 800,371
`Filed:
`Feb. 14, 1969
`
`Int.‘ Cl.2
`...... HMK 1/00; H04L 9/00
`U.S.‘CI.;.................. 179/1.5 R; 178/22
`Field of Search ........................... 179/ 1.5; 178/22;
`325/32
`
`Primary Examiner—Howard A. Birmiel
`Attorney, Agent, or Firm—John R. Utermohle
`
`ABSTRACT
`[57]
`An apparatus for maintaining secure communication
`between subscribers. A centrally located key distribu-
`tion center, which includes a data processor, is utilized
`as a source of remotely selected working variables
`which are utilized to enable secure communication
`between a plurality of selected subscribers. Each sub-
`scriber in the system has a unique variable which identi-
`fies him to the data processor, and enables a secure
`communication with the data processor, which will
`then provide him with the working variable of the sub-
`scriber that he wishes to call. The key distribution cen-
`ter also reiteratively replaces the working variable of
`the caller, and the called subscriber if desired, each time
`contact is made with the key distribution center.
`
`10 Claims, 2 Drawing Figures
`
`r“ —————————— n/m
`STAN DARD
`
`TELEPHONE
`
`3:1‘ 3
`
`
`
`
`
`I
`H
`”GENERAL
`
`
`:ITELEPHONE :I
`
`
`SYSTEM
`:{swncmue ll
`
`
`
`SWITCHING
`CONTROL
`.1 NETWORK I}
`
`
`
`
`RANDOM
`
`
`I STATE
`GBIERATOR
`
`
`SYSTEM
`I
`
`CONTROL
`
`
`
`SWITCHING
`
`. L“‘1r13—PEA-ff-
`NETWORK
`
`L"“’L§.EEERL“°§J
`as]
`
`
`
`KEY DISTRIBUTION CENTER
`
`SUBSCRIBER 2
`
`
`Unified Patents Inc. Ex. 1017, pg. 1
`
`Unified Patents Inc. Ex. 1017, pg. 1
`
`

`

`US. Patent
`
`Jan. 8, 1980
`
`Sheet 1 of 2
`
`4,182,933
`
`Eooz<m
`
`moqumzmwI
`
`mhdFmlllllll
`
`
`
`__xmozfimz2H__oz_:o:;m_
`
`Jomhzou
`
`Suhwrm
`
`wukummlxa_102523_lllll4mmx5352__m._.<n_n5rlll"zmum—mommam02.10526rIIIIIL|__..42:.on_2586_
`
`
`
`mmkzmo2952529h;
`
`...........g__II._mm
`
`
`___
`
`Unified Patents Inc. Ex. 1017, pg. 2
`
`Unified Patents Inc. Ex. 1017, pg. 2
`
`
`
`
`
`
`

`

`US. Patent
`
`Jan. 8, 1980
`
`Sheet 2 of 2
`
`4,182,933
`
`
` \._er>mxL
`1m0p<mmzum4
`IJJII
`
`dm\4_QLlliJIJIIIL
`
`Egg_.om<ozm+ML
`
`_Il.lll_l|._ll.ull.
`
`
`
`“IIWI_I|..|II..I—_mmoooo>_
`
`_________
`
`______
`
`hMVfi.lllll__2mm02.
`_3.55_a.
`
`‘..06.
`
`4<h__o
`
`I323505-2v
`
`O?
`
`//
`
`//
`
`//
`
`19:3w
`
`ozazmnomm
`
`>m<mOQEMP
`
`mo<m0hm
`
`_.llllll_m0h<mmzmo*.lJ
`
`nlwh<omJ%IIJ///
`
`«mus////
`//NN”
`
`N0_u
`
`fllllllllllllllllllllllllllI4
`
`Unified Patents Inc. Ex. 1017, pg. 3
`
`Unified Patents Inc. Ex. 1017, pg. 3
`
`
`
`
`
`
`

`

`1
`
`4,182,933
`
`SECURE COMMUNICATION SYSTEM WITH
`'
`REMOTE IKEY SETTING
`
`BACKGROUND OF THE INVENTION
`1. Field of the Invention
`The present invention is a communication system,
`more particularly it is a secure communications system
`for maintaining secure communication between sub-
`scribers.
`2. Prior Art
`Prior art secure communication systems which utilize
`at least one working variable for enciphering and deci-
`phering secure messages transmitted therein, do not
`remotely select these working variables for purposes of
`retransmission of a secure message between subscribers
`in the system. These prior art systems utilize a working
`variable which must be known to all subscribers receiv-
`ing the secure message. This working variable, known
`by the subscribers, must be inserted into their enci-
`phering/deciphering means in order to maintain secure
`communication. If each subscriber to the system has a
`different working variable, the one initiating the mes-
`sage in such a system must have at his disposal the
`working variable of the subscriber he wishes to call so
`that he may insert it in his enciphering/deciphering
`means in order to maintain a secure message between
`subscribers. This requires a substantial inventory of
`working variables at the place of message initiation, and
`reception, thus minimizing the security of the system.
`Another feature of prior art secure communication
`systems, ‘which‘has limited desirability from a security
`viewpoint, is the requirement that in order to change
`the working variables utilized in these systems these
`variables must be changed in accordance with a prede-
`termined schedule, known to all subscribers in the sys-
`tem; thus, there is once again a minimization ofsecurity.
`In the secure communication system of the present
`invention, the security liabilities of prior art systems are
`overcome by providing for an automatic reiterative
`replacementfor the working variables of the system
`subscribers, and by providing a. means by which the
`working variable of the subscriber which is called is
`remotely selected for purposes of retransmission by the
`subscriber initiating the call. By reiteratively replacing
`the working variables automatically, there is no need
`for conforming to a rigid schedule known to all parties.
`By accomplishing remote selection and reiterative re—
`placement by some means external to the subscribers to
`the system, at some central location, an absolute maxi-
`mization of system security is provided. This is due to
`the singular remote location of the necessary informa-
`tion, asopposed to the multiplicity of locations, one at
`each subscriber, necessary in prior art systems, as well
`as the fact that the actual working variable which is
`utilized, at any given time, is unknown to all subscribers
`in the system, the setting of the enciphering/decipher-
`ing means of the subscribers being accomplished auto-
`matically with information received from a remote
`selection means. Furthermore, the security of the sys-
`tem of the present invention is enhanced due to the ease
`of reiterative replacement, which may occur as often as
`once per message instead of once per day, or once per
`plurality of messages, as in prior art systems.
`Prior art‘subscription television systems employing
`remote selection of sWitch setting information in order
`to allow the subscriber to receive a scrambled subscrip-
`tion television picture cannot provide for remote selec-
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`2
`tion of a working variable in the sense that the'switch
`setting information received is not utilized to transmit a
`secure message between the subscriber and another
`subscriber, but rather merely to receive information
`already existent.
`SUMMARY OF THE INVENTION
`
`An object of this invention is to provide a new and
`improved secure communication system which over-
`comes the disadvantages of the prior art.
`Another object of the present invention is to provide
`a new and improved secure communication system
`wherein the information necessary to enable secure
`communication is remotely selected.
`Another object of the present invention is to provide
`a new and improved secure communication system
`wherein the information necessary to enable secure
`communication is reiteratively varied.
`SUMMARY
`
`With these objects in view a secure communication
`system may include a remotely selectable means for
`selecting a key-setting variable and a unique variable
`and transmitting the remotely selected key-setting vari-
`able, the remotely selectable means including a means
`for reiteratively replacing the key-setting variable when
`the key-setting variable is remotely selected, the reitera- '
`tive key-setting variable replacement replacing the key-
`setting variable necessary to maintain secure communi-
`cation the next successive time remote selection occurs;
`a first means for initiating remote selection, for receiv-
`ing the transmitted remotely selected key-setting vari-
`able, and for transmitting a secure communication enci—
`phered in accordance with key-setting variable, the first
`receiving means being unique to the unique variable;
`and a second means for receiving communications from
`the first receiving means using the most recently ob-
`tained key-setting variable to enable secure communica-
`tion between the first and second receiving means.
`Other objects and many of the intended advantages
`of this invention will be readily appreciated as the in-
`vention becomes better understood by reference to the
`following description when taken in conjunction with
`the following drawings wherein:
`FIG. I is a functional diagram of a system which is a
`preferred embodiment of the present invention, and
`FIG. 2 is a functional diagram of a portion of the
`system shown in FIG. 1.
`Referring now to FIG. 1, which is a functional dia-
`gram of the entire system of the present invention, a
`general
`telephone switching network is shown, al-
`though the basic theory underlining the system is func-
`tional with any type of communication media. A sub-
`scriber has a secure module 10 comprising a standard
`telephone transceiver 11; a standard vocoder 12, or
`other speech-to-digit converter means such as a delta-
`modulation coder, or other digital communication de-
`vice, such as a teletypewriter; a key generator 15; a
`modem 16, which is a standard modulator-demodulator
`communication device for accomplishing conversion of
`a digital signal to an analog type signal, and vice versa,
`for direct delivery to and from a telephone network;
`and a system control switching network 17, shown in
`more detail in FIG. 2, which supervises the overall
`operation of the subscriber module 10. Each subscriber
`to the system has an identical secure module with re-
`
`— U
`
`nified Patents Inc. Ex. 1017, pg. 4
`
`Unified Patents Inc. Ex. 1017, pg. 4
`
`

`

`4,182,933
`
`4
`key-distribution-center-computer-associated-
`The
`storage device 22, which may be a drum storage, a tape
`storage, a discstorage, or, any'other acceptable comput-
`er-associated-storage means, would contain the unique
`variables and key-setting variables, associated with the
`telephone identification numbers of the subscribers, Ti,
`TX, for all the subscribers in the secure communication
`system.
`The function of the various key-setting variables in
`this system is to determine the key that is produced by
`the associated key generators, the key that is generated
`being generated from the key—setting variable, whether
`directly or indirectly, the generated key being utilized
`to encipher the communication in order to enable a
`secure message to be transmitted, and/or received. The
`key-setting variables associated with the key generators
`can be electrically changed so as'to alter the key which
`is produced by the associated key generator, and thus
`vary the enciphering/deciphering of the message, en-
`abling a more secure system than possible in prior art
`devices. In one embodiment of the general system, the
`key-setting variable of the called subscriber is directly
`utilized as the dynamic working variable, which is the
`variable which is ultimately utilized by the associated
`subscriber key generators to enable secure communica-
`tion between associated subscribers whose key genera-
`tors are set in accordance with the dynamic working
`variable. In an alternate embodiment of the general
`system, the key-setting variable of the called subscriber
`is not directly utilized as the dynamic working variable,
`but instead is combined with an indicator variable,
`which is a variable which dendtes the function to be
`performed on the key-setting variable to update it, to
`obtain the dynamic working variable which is utilized
`to set the associated subscriber key generators.
`The normal operating condition of all the subscriber
`modules 10 in the secure communication system of the
`present invention, when the telephone transceiver 11 is
`on-hook, in the particular embodiment where the key-
`setting variable is directly utilized as the dynamic work-
`ing variable, is to have the associated working key-set-
`ting variable, V, filled into its associated key generator
`15 while the subscriber is on-hook, so that he may re—
`ceive a secure communication immediately after
`contact is established without any further operation
`being necessary in order to place him in the secure
`mode, unless it is desired to override this automatic
`operation with a manual switch means, to be explained
`later. The normal operating condition of all the sub-
`scriber modules 10 in the secure communication system
`of the present invention, when the telephone trans-
`ceiver 11 is on—hook, in the alternate embodiment where
`the key-setting variable of the called Subscriber is com—
`bined withan indicator variable to obtain the dynamic
`working variable, is to have the associated key genera-
`tor 15 blank while the subscriber is On-hook.
`
`3
`spect to structure, differing only in its associated secu-
`rity parameters, as will be explained herein below.
`The key distribution center 20 is the heart of the
`system in that it provides the remote selection capabil-
`ity, as well as the reiterative replacement capability, of 5
`the present invention. The key distribution center 20,
`which is centrally located with respect to the subscrib-
`ers to the system, comprises a standard computer 21,
`which has an associated storage means 22; a random
`state generator 24, for generating random variables to to
`enable reiterative replacement. to be described later; a
`key generator 25; a modem 26; and a standard commu-
`nication line-finder device 27, which acts as a concen-
`trator and selects the open terminal pair of the modem
`26 when contacted by a subscriber,
`the modem 26 15
`shown as a singular modern having a plurality of termi-
`nal pairs, rather than a plurality of modems, for illustra-
`tive purposes. The key distribution center 20 may also
`contain an update generator 28, shown by hidden lines,
`when an alternate embodiment of the general system is 20
`utilized, to be explained later.
`Just as the key distribution center 20 is the heart of
`the entire system, the system control switching network
`17, shown in more detail in FIG. 2, is the heart of the
`subscriber module 10, as it controls the sequence of 25
`operations occurring in the subscriber module 10, from
`the initiation of a call to another subscriber in the sys-
`tem, until the cessation of contact with the called sub-
`scriber, and the going off line. The system control
`switching network 17 contains a storage device 29, 30
`which may be any type of standard storage device com-
`prising either a permanent storage (read only) and tem-
`porary storage (read-write) portion, or be completely of
`the read-write variety. The selection of storage device
`29 is merely a matter of choice, the system functioning 35
`equally well with other types of storage. For purposes
`of explanation, we will assume that a permanent stor-
`age-temporary storage type of storage device 29 is uti-
`lized.
`A subscriber module storage device 29 would have in 40
`its permanent storage a unique key-setting variable,
`designated U, this unique key-setting variable being of a
`predetermined bit length, and being used for purposes
`of secure communication with the key distribution cen-
`ter computer 21,
`to be explained subsequently;
`the 45
`unique telephone number of the subscriber, designated
`Ti, consisting of the predetermined number of digits
`which are necessary to uniquely identify the subscriber
`in the system, the number of digits being dependent on
`the number of subscribers in the system; and the number 50
`of digits necessary to contact any subscriber in a world-
`wide system, for example 12 digits; and the unique tele-
`phone number of the key distribution center 20, desig-
`nated 'I‘Kpc, consisting of the predetermined number of
`digits necessary to contact the key distribution center 20 55
`from any point in a world-wide system, for example 12
`digits. The temporary storage portion of the subscriber
`module storage device 29 would contain a key-setting
`variable, designated V, this key-setting variable being
`utilized to maintain a secure communication between 60
`any subscribers in the system having this key-setting
`variable; and, after a call has been initiated to another
`subscriber in the system,
`this operation to be subse-
`quently explained, the telephone number of the sub-
`scriber being called, designated TX, consisting of the 65
`predetermined number of digits necessary for contact- ‘
`ing the called subscriber anywhere in the secure com-
`munication network, for example, 12 digits.
`
`OPERATION
`
`The operation of the secure communication system of
`the present invention, in order to enable a secure com-
`munication between subscribers for the system, differs
`slightly for each‘ embodiment,
`the differences to be
`subsequently explained,
`the choice of embodiment
`being dependent on the degree of security desired.
`
`PREFERRED EMBODIMENT
`
`The operation of the system ‘when the particular
`embodiment, wherein the key-setting variable is di-
`
`)'
`
`Unified Patents Inc. Ex. 1017, pg. 5
`
`Unified Patents Inc. Ex. 1017, pg. 5
`
`

`

`5
`rectly utilized as the dynamic working variable, will be
`described first. In this embodiment, the subscriber'iiniti—
`ating the call, for the purposes of illustration to be
`known as subscriber 1, dials the telephone number of
`the subscriber he wishes to call, for purposes of illustra-
`tion to be known as subscriber 2, in any known manner.
`This operation inputs the called subscriber’s telephone
`number, letting this number be represented by Tx, into
`the temporary storage portion of the calling subscriber
`module storage device 29, through the programmed
`sequencing switch 30, the sequencing switch 30 control-
`ling the sequence of operations performed at the sub-
`scriber module 10 and being a standard sequencing
`means such as series of cyclical counters, the input to
`the switch being via a terminal pair 31—31 to the stor—
`age device 29 via another terminal pair 32—32. Simulta-
`neously with the insertion of the called subscriber tele-
`phone number, Tx, into the storage device 29, the pro—
`grammed sequencing switch 30 selects the unique vari-
`able, U1, of its associated subscriber, which is initiating
`the call, and routes it to its associated key generator 15,
`via another terminal pair 35—35 where it replaces the
`working key-setting variable, V], of the caller by reset-
`ting the key generator 15 using the unique variable, U1,
`which is a key-setting variable.
`After this operation has been performed, the pro-
`grammed sequencing switch 30 selects the telephone
`number of the key distribution center, TKDc, from the
`permanent storage portion of the storage device 29, and
`routes it to the line 37—37 via a variable rate clock 40,
`which determines the prOper readout rate, along the
`associated terminal pair 41—41 at the proper network
`rate determined by the clock 40, which for the Bell
`Telephone System would be 16 pulses per second, to
`the modem 16‘, where it is output over the telephone line
`37—37 to connect the subscriber to the key distribution
`center 20 through the general telephone switching net-
`work 42 via the path shown, for purposes of illustration,
`by hidden lines 43—43, There is a monitor device 45
`associated with the subscriber modem 16 which senses
`when the key distribution center 20 is on-line, due to a
`supervisory signal being received from the key distribu-
`tion center 20, such as a sudden cessation of the com-
`pleted ringing circuit.
`When the key distribution center 20 is called, the line
`finder 27 locates an open terminal pair to its associated
`modem 26, and a supervisory signal, as was just previ-
`ously described, is sent to the subscriber who has trans-
`mitted the telephone number of the key distribution
`center, TKDC, enabling contact to be established.
`When the subscriber receives the supervisory signal,
`from the key distribution center 20, the programmed
`sequencing switch 30 selects the predetermined number
`of digits necessary to uniquely identify the caller, Tn,
`for purposes of illustration we will assume five digits,
`from the permanent storage portion of the storage de-
`vice 29, and the same predetermined number of unique
`identifying digits from the telephone number of the
`called subscriber, Tx, in the example being given five
`digits are selected,‘ and routes these to the phone line
`37—4-37 via the clock 40, and through the modem 16 at
`a rate higherthan the telephone switching network rate,
`this rate once again determined by the clock 40, via the
`established path 43—43 to the key distribution center 20
`where it is routed to the computer 21. A higher infor-
`mation transfer rate is utilized due to the fact that the
`computer 211 information acceptance rate is faster than
`that of the telephone switching network 42, and this
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`4,182,933
`
`6
`will minimize the time necessary to obtain the security
`parameters, which are the key-setting variables.
`The computer 21 looks up in its associated storage 22
`the unique key-setting variable of the caller, U1, and the
`working key-setting variable, of the party being called,
`for purposes of illustration designated Vx, from the
`identification contact variables it has received, Tn, and
`TX. The computer 21 then feeds the caller’s unique
`key—setting variable, U1,
`into a high speed dynamic
`logic key generator 25, as the enciphering variable
`which will determine the key generated by the key
`generator 25. The computer 21 then draws a new work-
`ing key—setting variable for the caller, V1.1, from the
`random state generator 24, which may be any random
`source, and puts this quantity in its temporary storage
`47.
`At this point, the computer 21 will generate a parity
`word so that error correction, or parity checking, may
`be accomplished in order to maintain the integrity of the
`transmission. If there is sufficient faith in the integrity of
`the transmission with the equipment that is utilized, the
`error correction procedure may be eliminated.
`Several schemes may be utilized in order to accom-
`plish parity checking. In one such scheme the computer
`21 generates a parity word from the bit stream com-
`posed of the working key-setting variables of the called
`subscriber, Vx, and the reiteratively-replaced, working-
`key—setting variable, V1,, of the caller, in order to pro-
`vide a subscriber check of the accuracy of the transmis-
`sion. This parity word is transmitted along with the
`information.
`The computer 21 then inserts the working key-setting
`variable of the called subscriber, Vx, the reiteratively-
`replaced, working-key-setting variable of the caller,
`V1”, and the parity word into its associated key genera—
`tor 25 where it is enciphered in accordance with the
`unique key-setting variable of the caller subscriber, U1.
`The computer 21 then transmits this information from
`the key generator 25 at the high computer 21 informa-
`tion rate to the caller subscriber via the established path
`43—43.
`.
`After this information is sent from the computer 21,
`the enciphered stream is received by the caller sub-
`scriber through its modem 16, where this enciphered
`stream is immediately routed to the key generator 15
`and deciphered. In this instance, it is not necessary to
`first go through the programmed sequencing switch 30,
`this being the only such instance in which programmed
`sequencing switch 30 is bypassed. After this information
`is deciphered, the key generator 15 sends this informa-
`tion to the programmed sequencing switch 30,. which
`then commences parity checking by routing the inforv
`mation to the parity check device 48, which could be
`any standard parity checking device.
`If the parity check results in a lack of parity condi-
`tion, then a signal is sent to the caller, indicating parity
`does not exist and he must initiate the call again; a signal
`is also sent to the key distribution center 20. Upon re-
`ceipt of the lack-of-parity signal by the key distribution
`center 20, the computer 21 clears the reiterative-work-
`ing-key-setting-variable replacement of the caller, Vla,
`from its temporary storage 47 location and goes off-line.
`The caller must then reinitiate the operation if he still
`desires to contact the called subscriber. Since parity did
`not exist, the working key-setting variable of the caller
`was not reiteratively replaced, as it was not inserted into
`the computer associated storage device 22.
`
`— U
`
`nified Patents Inc. Ex. 1017, pg. 6
`
`Unified Patents Inc. Ex. 1017, pg. 6
`
`

`

`4,182,933
`
`7
`If the parity check results in an existence of parity
`condition, then a parity check signal indicating this is
`sent to the key distribution center 20, and the reitera-
`tively—replaced, working-key-setting variable of the
`caller, V1“, is entered in the subscriber's storage device
`29 in place of the previous subscriber working key~set-
`ting variable V1; and the working key-setting variable
`of the called subscriber, Vx, is routed to the key genera-
`tor 15 in order to reset the key generator 15 to a new
`key in accordance with the working key-setting vari-
`able of the called subscriber, Vx, in place of the unique
`key-setting variable of the caller subscriber, U1.
`The parity check signal indicating an existence of
`parity condition that is transmitted to the key distribu-
`tion center 20, is routed to the computer 21, the com-
`puter 21 then entering the caller subscriber reiterative-
`working—key-setting-variable-replacement, V14,
`in its
`associated storage device 22 in place of the previous
`working key-setting variable of the caller subscriber,
`V1, clears its temporary storage 47, and causes the key
`distribution center 20 to go off-line.
`After the caller subscriber enters the working key-
`setting variable of the called subscriber, Vx, in its key
`generator 15, the programmed sequencing switch 30
`removes the telephone number of the called subscriber,
`T1, from the temporary storage portion of its storage
`device 29, and routes this phone number, TX, to the
`phone line 37—37, via the clock 40, at the proper tele-
`phone switching network rate through its modem 16.
`If the called subscriber telephone is off-hook and a
`busy signal is received, or if no answer is received, or at
`any time when the caller subscriber hangs up by placing
`his telephone 11 on-hook, the working key-setting vari-
`able of the called subscriber, Vx, is cleared from the key
`generator 15; the called subscriber’s telephone number,
`TX, is cleared from the storage device 29; and the sub-
`scriber module 10 reverts to the normal condition, in
`this case resetting the key generator 15 in accordance
`with the most recently obtained working key-setting
`variable associated with it, Vlg.
`If the called subscriber answers, then a connection is
`established via a path 51—51, shown for illustrative
`purposes in FIG. 1 by hidden lines, and the secure com-
`munication enciphered by the key, generated in accor-
`dance with the called subscriber key-setting working
`variable, Vx, is received through the called subscriber’s
`modem 53, which is identical with the caller subscrib-
`er’s modem 16, and routed to a digital-signal-rate detec-
`tor 54, which is a device which merely recognizes the
`transmission of a digital signal as opposed to an audio
`signal indicating the presence of cipher, the digital rate
`detector 54 being any standard bit rate detection means,
`such as a narrow filter at the frequency of the desired bit
`rate. The caller subscriber also transmits a cipher syn-
`chronizing stream in order to synchronize the key gen—
`erators 15, 55, which are identical structurally, although
`this structural identity is not necessary for the operation
`of this system.
`When the digital-signal-rate detector 54 of the called
`subscriber recognizes that it is cipher which is being
`transmitted, it passes this signal and routes it to the key
`generator 55 where it is deciphered and then, in turn,
`routed to the vocoder 56, and then to the associated
`telephone transceiver 57, whereby a secure communica-
`tion is received.
`A secure conversation may then be carried on be-
`tween the subscribers, enciphered by the key derived in
`accordance with the working key-setting variable of the
`
`called subscriber, Vx, a message proceeding from the
`telephone transceiver; through the vocoder; to the key
`generator, where it is enciphered; through the modem;
`through the general telephone switching network into
`the other party’s modem; through his key generator,
`where it is deciphered; through this vocoder; to his
`telephone transceiver. After the call is completed, and
`the caller hangs up, as was previously stated, his module
`10 reverts to the normal condition, his key generator 15
`being reset in accordance with his most recently ob-
`tained working key-setting variable, Vla. There is no
`need for the key generator 55 of the called subscriber to
`be reset as it is already in its normal state, Vx, when the
`called subscriber hangs up.
`If it is desired, reiterative replacement can be applied
`to the working key-setting variable of the called sub-
`scriber, as well as the caller subscriber, so that it would
`not be necessary for the called subscriber to initiate a
`telephone call to another subscriber in order to have his
`working key-setting variable, Vx, reiteratively replaced.
`A possible procedure for accomplishing this, when the
`above-described embodiment is utilized, is to have the
`programmed sequencing switch of the called sub-
`scriber, after he goes off-line, select the telephone num-
`ber of the key distribution center, TKDC, from his stor-
`age device and route it to the telephone line, then to the
`key distribution center 20 thus establishing a connection
`path 60—60, shown for illustrative purposes in FIG. 1
`by hidden lines, and the same reiterative replacement
`operation as was previously described for the caller
`subscriber would occur, with the exception that, since
`another subscriber is not being called, the computer 21
`will not receive any called subscriber telephone num-
`ber, T,, but rather will receive a stream of zeros in its
`place, since this position has been cleared from the
`storage device of the subscriber.
`Upon receipt of this stream of zeros in place of Tx,
`the computer 21 will know that it is reiteratively replac-
`ing the called subscriber’s working key-setting variable
`Vx. When parity exists and the key distribution center
`20 goes off-line,
`the reiterative replacement of the
`working key setting variable, Vx, will be completed; the
`new reiterative replacement working key-setting vari-
`able, an, will have been inserted in the computer asso—
`ciated storage device 22 in place of the previous work-
`ing key-setting variable, Vx; and the key generator 55 of
`the called subscriber will have been reset in accordance
`with the new reiterative-replacement-working—key-set-
`ting-variable, V“. The called subscriber will then also
`go off-line.
`ALTERNATE EMBODIMENT
`
`The operation of the system when the particular
`embodiment wherein the key-setting variable of the
`called subscriber is combined with an indicator variable
`to obtain the dynamic working variable is utilized will
`now be described. In this embodiment, the subscriber
`key generators 15, 55 are blank in the normal state, as
`was previously mentioned.
`The subscriber initiating the call, subscriber 1, does so
`in the same manner as in the previously described em-
`bodiment. The subsequent procedure for contacting the
`key distribution center 20, including selecting U1 from
`the subscriber associated storage device 29 and routing
`it to the associated key generator 15, where it resets the
`key generator 15, is also accomplished in the same man-
`ner as for the previously described embodiment, with
`the exception that the key generator 15 is reset from its
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`60
`
`65
`
`Unified Patents Inc. Ex. 1017, pg. 7
`
`
`
`Unified Patents Inc. Ex. 1017, pg. 7
`
`

`

`4,182,933
`
`10
`
`15
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`20
`
`9
`normal blank state rather than the normal V1 state of the
`previous embodiment.
`The operation of the key distribution center 20 in this
`instance is similar to the operation previously described,
`with the exception of the selection of an indicator vari-
`able forthe called subscriber and the derivation of the
`dynamic working variable of the called subscriber from
`the indicator variable and key-setting variable, this op-
`eration to be subsequently described.
`After the caller subscriber, subscriber 1, has transmit-
`ted the callerand called subscriber contact variables,
`Tx and Tn, necessary to uniquely identify the subscrib-
`ers in the system, to the key distribution center 20, the
`computer :21 looks up in :its associated storage 22 the
`uniquewkey-setting variable of the caller, U1, and the
`key-setting. variable of the party being called, Vx, from
`the identification contact variables it has received, as in
`the previously described embodiment.
`The computer .21 then draws a new key-setting vari-
`able for the caller, Via, and an indicator variable for the
`called subscriber, 1,, from the random state generator
`24, which may be any random source. The computer 21
`then routes the called subscriber key-setting and indica-
`tor variables, Vx, 1,, man update generator 28, which
`then forms