MXPA96000625A - Security variable level cryptographication - Google Patents

Abstract

The present invention relates to a method and an apparatus for cellular digital telephonic cryptographication including a commutator, when an option between compatibility security and a higher security is required. A simple text is converted into a numerical text, utilizing a three-stage transformation process. In a first stage, the simple text is transformed utilizing a secret code for controlling cryptography by a reversible transformation process. In a second stage, the output of the first stage is transformed by an involution transformation, the code being withdrawn therefrom when the compatibility commutator is in a compatibility arrangement, and entered when said compatibility commutator is in a security arrangement. In a third stage, the output of the second stage is transformed by the inverse of that transformation performed in the first stage. The compatibility commutator hasa lower security cryptographication standard and a security cryptographication based on a code.

Description

'CRIPTOGRAPHY OF VARIABLE SECURITY LEVEL' INVENTORS: SEPPO ALANARA THOMAS BERSON.

NATIONALITY: CITIZEN FILANDES CIUDADANO NORTEAMERICAN RESIDENCE: SIIONINTIE 29 90800 OULU FINLAND. 764 FOREST AVENUE PALO ALTO, CALIFORNIA 94301 E.U.A.

OWNER: NOKIA MOBILE PHONES NATIONALITY: FILANDESA SOCIETY.

RESIDENCE: P O BOX 86 SF 24101 SALO FINLAND.

BACKGROUND OF THE INVENTION The present invention relates to the field of digital data cryptography. More specifically, in one embodiment, the invention provides the cryptography of voice and data transmitted from a cellular digital telephone network to varying levels of security. Cryptography is known for cell phone conversations and cell phone signaling data. For example, U.S. Pat. No. 5,159,634, shows a system for encrypting command messages in a cellular telephone network. In that system, the messages are encrypted in a telephone using a secret key, then they are transmitted to a base station, and there they are deciphered using the secret key. The messages are encrypted in three stages. In the first stage, the message is transformed using a secret key through an invertible cryptography function. In the second stage, the output of the first stage is transformed through an involutory transformation. In the third stage, the output of the second stage is transformed through a cryptography function, which is the "inverse" of the invertible cryptography function. An involutory transformation is such that when an input is transformed through transformation to an output and the output is transformed through the same transformation, it results in the original input. In the system discovered in U.S. Pat. No. 5,159,634, the involutory transformation does not depend on any particular key; the particular output depends solely on the input and the particular interconnections of the transformation. A disadvantage of such a system is that a message transformed by the system can be relatively easy to decipher ahead of time, even without knowing the secret key. It is known to use multi-stage cryptography systems with more secure decoding. For example, the Enigma machines, widely used in Germany during the Second World War, used an array of rotors of particular transformations determined by the electrical connections of each rotor. A rotor was a "reflector" rotor that had the effect of an involutory transformation. The secret keys of the cryptography were essentially the choice of the rotors, their positions and the internal wiring of the rotors. In operation, the coded messages were generated in the Enigma machine, usually recorded on paper to be transported or transmitted to a message receiver, and decoded by the message receiver using another Enigma machine. The compatibility of the message and the machines used to decode and encrypt the messages was easily solved using simply all Enigma machines, operating in the same way. However, currently such simplicity is not possible. Cell phones must be able to operate in many different environments and be compatible with different manufacturing equipment, as well as with many regulatory schemes that are used in different countries where cell phones are used. For example, in the United States of America, in law enforcement agencies, priority is given to the ability to decode messages without secret keys rather than privacy, and therefore, cryptography must be reasonably easy to encrypt. decipher. However, in other countries, safer systems may be required. Therefore, there is a need for cell phone equipment that is used in a variety of regulatory environments with varying levels of security for the transmission of messages as well as being compatible with cellular telephony standards that may exist in that country. DESCRIPTION OF THE INVENTION According to the invention, a method and apparatus for digital cellular telephone message cryptography employ a selected involutionary transformation. In an incorporation the simple text data is con- duced into digit text data using a three-stage transformation process. In the first stage, the simple text is transformed according to a cryptography process that uses a secret key to control the cryptography process; in a second stage, the output of the first stage is transformed according to an involutory transformation; and in a third stage, the output of the second stage is transformed according to a transformation that is inverse to the axis-rendered transformation in the first stage. The involutionary transformation in the second stage is optionally a keyless or keyless transformation, depending on the state of the compatibility switch. The compatibility switch allows a single device to operate in different digital cellular telephony environments. If the compatibility switch is set to a compatibility fix, the non-key transformation is used in order to be compatible with a less secure cryptography standard, but if the compatibility switch is fixed to a security fix, the transformation with key is employed in order to allow more secure cryptography. One advantage is that in manufacturing, only a cellular telephone device needs to be manufactured to use a cell phone in an area using the least safe standard or in an area using a more secure standard. A greater understanding of the nature and advantages of the invention within this same document can be carried out with reference to the following portions of the specification and the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram of a cell phone showing a telephone processor, and various signal processing elements according to the present invention; Figure 2 is a more detailed block diagram of the telephone processor shown in Figure 1; Figure 3 is a more detailed block diagram of the message cryptograph shown in Figure 1; - Figure 4 is a more detailed block diagram of the voice cryptography module shown in the Figure 1; Figure 5 (5 (A), 5 (B), 5 (C)) is a set of flowcharts illustrating a process for encrypting and deciphering message data blocks according to the present invention; and Figure 6 is a flow diagram of the creation of the values of the T () box used to encrypt and decrypt message data. DESCRIPTION OF THE PREFERRED INCORPORATIONS Figure 1 is a block diagram of the internal circuitry of a cellular phone 100 according to the present invention. The cellular phone 100 transmits the voice and other sound information to a base station (not shown) and receives similar information from the base station and provides it to a cell phone user 100. The cell phone 100 is also capable of receiving and transmitting message blocks, which carry information and instructions in both directions between the cellular phone 100 and the base station. While a cell phone can be used to transfer facsimile images, modem signals, DTMF signals, etc., in addition to voice, the example is described here with reference to voice transfer, with the understanding that other uses are also possible. As shown, a cellular phone 100 includes a microphone 102, which converts the sounds into electrical signals, a transmission subsystem 104, which converts those electrical signals into a baseband signal, a transmitter 140, which modulates the signal of baseband on a carrier wave, a duplex filter 106, which transfers the modulated transmission bearer to an antenna 108, while transferring a radio signal received from the antenna 108, to a receiver 150. The receiver 150 and the transmitter 140, receive a frequency carrier signal from the synthesizer 114. The receiver 150 receives the received radio signal and recovers a baseband input signal, which it transfers to a receiving subsystem 110, which receives the input signal of base band and converts it into appropriate electrical signals for conversion into sounds by a headset 112 and blocks of messages for interpretation by a cellular phone 100. The cell phone 100 also includes a telephone processor 116 for controlling various elements of the cellular telephone 100 and an I / O subsystem 118 for the interaction of the user's operation with the telephone processor 116. The telephone processor 116 also accepts an input from a compatibility switch 120. In some embodiments, the compatibility switch 120 is implemented as a bit in a mem such as ROM (Read Only Mem. In the embodiment shown, the telephone processor 116 interacts with the different elements on a bus 174 and generally controls most of the elements shown in Figure 1. Of course, in some embodiments, the transmitter 140, the receiver 150, the duplex filter 106 and the antenna 108 are not controlled by any processor, but are simple components of the hardware circuit. Furthermore, in order to control these different elements, the telephone processor 116 acts on the blocks of received messages and generates blocks of transmitted messages. Message blocks have many uses, such as indicating the beginning of a call and the called telephone number, which the base station uses to complete a call or to periodically identify the telephone to a base station. The transmission subsystem 104 is shown, comprising several modules used to digitally process the speech signals of the microphone 102, in a baseband signal provided to the transmitter 140, including a speech encoder 130, which digitizes the speech signals. voice in a stream of digital voice samples and encodes these digital voice samples, using a speech coding system, such as the Motorola VSELP (Vector-Sum, Excited Linear Predictive) speech coding system, to form a stream of coded copies of VSELP, a channel coder 132, which convolutionally encodes the resulting stream and adds the error correction data, a voice cryptography module 134, which encrypts the data in the stream, an interpolator 136 that interpolates the data in the stream for protection against attenuation errors, while multiplexing the message blocks destined for the base station in the data stream, a burst generator 138 for synchronizing the bits in the stream. data flow with transmission time windows, in a time division multiplexed scheme, commonly used in digital cellular telephony networks and to add synchronization bits to the data flow. In the transmission subsystem 104, both the voice cryptography module 134, the interpolator 136 and the burst generator 138 are all shown coupled to the telephone processor 116 via the bus 174. The module 134 receives a reset signal from counting and a 260-bit mask of the telephone processor 116. The interpolator 136 receives the message data from the telephone processor 116 through the line 188. The burst generator 138 receives the temporary information from the telephone processor 116 to indicate where the time openings for the telephone transmissions are. cell phone. As an example of an implementation of this, see EIA / TIA Interim Standard, "Cellular System Dual-Mode Mobile Station - Base Station Compatibility Standard" ("Cellular System Dual Mode Mobile Station - Base Station Compatibility Standard" ), IS-54, published in May 1990 and is updated by IS-54-A, published in March 1991 ("IS -54") and IS-54-B, published in July 1992. Subsystem 110 of reception, is shown and comprises several modules used to process the baseband signal received from the receiver 150 to voice signals for its output on the handset 112 and message blocks provided to the telephone processor 116. The reception subsystem 110 includes a demodulator 152 for recovering a data signal from the baseband signal received below, converted into a radio signal, an equalizer 154 to compensate for a possible time dispersion, a symbol detector 156 for recovering the digital bit stream, a deinterleaver 158 for rearranging the digital bit stream to its proposed order and for separating the message blocks from the digital bit stream, a speech decoding module 159 for converting to the remaining bit stream of digit text to single text, a channel decoder 160 for removing convolutional coding and detecting and correcting errors and a speech decoder 162 for converting the resulting digital data stream into a speech signal for presentation to the headset 112. The deinterleaver 158 and the voice deciphering module 159 are shown coupled to the telephone processor 116 via bus 174. The deinterleaver 158 is coupled to the telephone processor 116 to provide the message blocks extracted from the received data stream and the voice deciphering module 159 is coupled to the telephone processor 116 to receive a bit decoder mask and a reset signal. The subsystem 118 I / O comprises a display 170 and a keyboard 172, each of which is coupled to the telephone processor 116. The keyboard 172 usually consists of 12 digital keys in a normal telephone arrangement in addition to additional function keys. The presentation 170 usually consists of a multi-character alpha-numeric presentation, formed of LED lamps or an LCD panel. During the operation, an analog voice signal is detected by the microphone 102 and is provided to the speech encoder 130 which converts the analog voice signal into a flow of digital samples of speech signals. The channel encoder 132 convolutionally encodes these samples and adds cyclic redundancy review (CRC) bits to the flow, for the detection and correction of errors. Speech encoder 130 and channel encoder 132 operate together to encode bits convolutionally, partially, by adding a CRC to the most important bits, only convolutionally encoding some bits and not encoding the least important bits (it is not channel coding). The cryptography voice encryption module 134 encodes the stream using the cryptography mask provided by the telephone processor 116. The bits of the mask are exclusively OR'ed (XOR) with the flow to cryptograph the voice signals. A 260-bit mask is used here, although other lengths can be used if. Both ends of the communication are agreed. For the XOR operation, a bit of the input is taken and a bit of the mask is taken. Thus, the mask sequence is repeated every 260 bits. The telephone processor 116 also provides a reset signal to indicate to the voice encryption module 134 where the bit sequence of the mask should start. Normally, the mask is constant during a phone call and changes from call to call. As it should be apparent, a non-encrypted call if needed, can be carried out simply by setting the mask to zeros, and that when an XOR is used, the decryption is the same operation as the cryptography. The speech encryption module 134 transfers the encrypted bit stream to the interpolator 136 which, to protect against Rayleigh attenuation, interpolates the data bits of the stream at least a depth of two time openings, wherein said time openings they are, for example, 324 bit time windows in a time division multiplexed communication system with six time channels and two assigned to the cell phone user 100. Of the 324 bits, 260 are available for data, 52 bits are used for synchronization and 12 bits are reserved for future use. A message is 48 bits plus 16 CRC and one control bit. These 65 bits are convolutionally encoded by a speed of 1/4 code to make 260 bits. The interpolator 136 also multiplexes the message data in the current flow. The interpolated data stream is then provided to the burst generator 138, which sets the bit time in the bitstream to correspond to the allocated time slots in the cellular phone 100 and thence to the transmitter 140. Due Because they are interpolated, the message data uses time openings that can not be used by the voice data. Other messages, in a Slow Association Control Channel (SACCH), are sent to a continuous logical channel, formed by the reservation of 12 bits in each TDMA opening (voice or SACCH message openings). The messages sent on the SACCH channel are generally not encrypted because the communicative information is not particularly sensitive, such as power levels, changes in the time alignment, measurement information of the adjoining channel, etc. The transmitter 140 is implemented using an RF modulator, a riser converter and a power amplifier. The RF modulator modulates a carrier frequency according to p / 4 to the differential QPSK modulation (p / 4 offset, differentially encoded quadrature phase with shift key). In this QPSK technique, the data bits are grouped by pairs, presented as a single symbol per pair and transmitted as one of four possible phase changes selected from + - p / 4 and + -3p / 4. The frequency synthesizer 114 generates the channel injection frequency, which is mixed with the modulated carrier frequency to produce the actual transmission signal. The power amplifier of the transmitter 140 is turned on only for the duration of the assigned time slot. The level of transmitted power is monitored and controlled by the telephone processor 116. The signal transmitted from the transmitter 140 is filtered in the duplex filter 106 to remove the harmonic products. A separate filter and the antenna switch, they could also be used in place of the 106 duplex filter. The signal is then transmitted to the base station in a cellular telephone network, (not shown), by an antenna 108. In the receiving subsystem 110, the received baseband signal is filtered and demodulated by the demodulator 152. to recover the modulated QPSK signal p / 4. The modulated QPSK signal is then equalized by the equalizer 154 to correct the possible time dispersion due to the different signal propagation conditions. The output of symbols equalized by the equalizer 154 are then detected by the symbol detector 156 and are deinterleaved by the deinterleaver 158. This results in, at the output of the deinterleaver 158, a stream of digital voice data that could have been taken by a cryptography module 134 from another cellular telephone or from a base station. The deinterleaver 158 removes the message blocks from the data stream. The deinterleaver 158 is able to separate the message blocks from the voice blocks by assuming that the data in a received opening contains speech and speech review CRC. If this fails, the block is uninterrupted as a message. The message block contains its own 16-bit CRC message. An example of this is shown in p2.2.2.2.3.2. of IS-54, rev. B. The output of the deinterleaver 158 passes through a voice deciphering module 159 and its deciphered output is provided to the decoding channel 160. The decoding channel 160 decodes the encoded signal convolutionally, correcting errors if necessary. After decoding, a CRC review is executed. If the CRC bits are correct, the decoded signals are assumed as speech, and then they are provided to a speech decoder 162 which converts the signals into analog speech signals to be expressed by the handset 112. In this form, the signals of The voice of the microphone 102 and the message blocks of the telephone processor 116 are sent over the radio network of the cell phone and the voice signals and message blocks are received and provided to the headset 112 (voice) and to the telephone processor 116 ( messages) . The messages include instructions for handling calls, registering cells and position information, identifying telephone messages and instructions for updating secret codes. Typically the 260-bit mask used for voice cryptography is computed from one or more of these other data provided to a cell phone 100. In this way, cryptography of message blocks and voice signals is important to prevent interception not authorized conversations, unauthorized control of the cell phone 100 and the impersonation of a cell phone user. In an operating system, the base station includes a corresponding cryptography and decryption system, so that the data traffic of the cell phones can be interpreted. The telephone processor 116 controls the different functions of a cellular telephone 100, including the detection of inputs on a keypad 172, presentation of the information on a presentation 170 and control of the operation of the voice encryption module 134, the module 159 deciphering day? voice, interpolator 136, deinterleaver 158, burst generator 138, compatibility switch 120, transmitter 140 and synthesizer 114. When a message is to be transmitted, the message is sent from telephone processor 116 to interpolator 136. When it detects a message, it is extracted from the data stream of the reception subsystem 110 by means of the deinterleaver 158 and passed to the telephone processor 116, which performs the appropriate action. Figure 2 is a block diagram of a telephone processor 116, wherein a central processing unit (CPU) 202 communicates with a ROM 204, a random access memory 206 (RAM), an erasable and programmable ROM 204 (EPROM), and a message processing subsystem 210. ROM 204 is used to store data values that do not change; RAM 206 is used to store the data values that are expected to change as the data is processed; and the EPROM 208 stores the values that are expected not to change frequently and which are preserved when the power of the cellular phone 100 is removed. In some embodiments, EPROM 208 is a jump memory or an electrically erasable PROM (EEPROM), although the conventional EPROM that requires ultraviolet light for erasures can be used where erasures are only made at a location where ultraviolet light be available quickly. ROM 204 stores software programs to be executed by a telephone processor 202, IKEY, a secret involution key value CTABLE [], a matrix for key cryptographic values, and other constant data fields as needed. RAM 206 stores current values for the DIGITS variables; LENGTH, the matrices KEY [] and MSG [], intermediate process variables Z, I, J, H and Y, and other temporary values as needed. The variable DIGITS keeps the number dialed at that moment. The variable LENGTH ('L' for short), indicates the length of a message, in bytes, being encrypted or decrypted. The KEY ti matrix maintains a key value of eight bytes derived from a variable BASE_KEY stored in EPROM 208. The MSG matrix [] is a matrix of L bytes to maintain a message that is encrypted or decrypted. The variables Z, I, J, H and Y are used as indicated in Figures 5 (A), 5 (B), 5 (C) and 6. EPROM 208 stores an electronic serial number (ESN) for the telephone cell 100, a unique identifier (LOCAL_ADDR) of the cell phone 100 (which in many cases is the area code and the telephone number of the cell phone), and a secret number (BASE_KEY), as well as any other semi-permanent values that need be stored. In an alternative embodiment, some of these stored values are retained on a removable memory card. The message processing subsystem 210 includes a message decoder 220 coupled to receive the message data stream from the deinterleaver 158, a message decoder 222 which receives the decoded messages from the message decoder 220, and depending of the state of a DECRYPT / CLEAR # signal excluded by the CPU 202, whether it passes the decoded messages without change to the CPU 202 or decrypts them before passing them. The message processing subsystem 210 also includes a message cryptograph 224 coupled to the CPU 202, which either crypto or passes a message block to a message encoder: 226 without change. The message encoder 226 is a convolutional encoder similar to the channel encoder 132, and encodes the output of the message crypto-grapher 224 and passes the resulting data stream to the interpolator 136. The details of the internal operation of the cryptogram-sear 224 of messages are shown in Figure 3. During the operation, a message flow is extracted from the incoming inflow, where the message flow has been coded convolutionally with error detection and correction bits added. Once the message decoder 220 detects and corrects the errors as necessary and reorders the bit message flow in the desired order, a portion or all of the bit message flow is decrypted. The CPU 202 can control the message decryptor 222 so that only the appropriate message blocks or the message block portions are deciphered. This control is provided from the control lines of the CPU 202 to the decoder 222 which includes a CRYPT / CLEAR # line to indicate what is to be deciphered or not, and a line or lines to communicate values used in the process of cryptography / decryption, as shown in Figure 3. Although Figure 2 generally shows a one-way system, a real implementation may include the ability of the message flow to be returned so that an operation can be executed for a more rapid arrival of data in the flow where the operation is dependent on data with later arrival in the data flow. Figure 3 is a detailed block diagram of the message cryptograph 224. The message cryptograph 224 accepts the message data stream from the CPU 202 and outputs a message data stream which is either the same as the one that entered or a cryptographed version of the input message data stream. As it should be apparent, if the CRYPT / CLEAR # line is set to CRYPT and the input is a simple text data stream, the output will be a data stream of figures text. In the same way, if the line is set to CRYPT and the input is a data stream of digits text encoded with the same control information used to encrypt the digit text, the output is a stream of text data simple. In this way, the decryption operation is the same as a cryptography operation. The user of a mobile telephone 100 may select either the use or the non-use of the cryptography feature. The message cryptograph 224 includes a blocking memory 302 for grouping the bits of the message data stream into discrete data blocks, a prior transformation module 304, a self-inverting transformation module 306, a reverse transformation module, a memory 310 of current to reverse the effect of the blocking memory 302, each connected in series, and a multiplexer 330 with one input which is the output of the current memory 310 and the other input being the input to the cryptograph 224 of messages. With this arrangement, the message data flow is either encrypted and passed or passed and not encrypted. The blocking memory 302 assembles data blocks of the message data stream so that subsequent modules within the message cryptograph 224 can operate on data, one block at a time. In an embodiment, a message block is rearranged in a block of Lbyte, where L is typically 256, or another fixed variable or integer variable. Once the bits 8L are accumulated in the blocking memory 302, the block is passed to a previous transformation module 304. If necessary, a message is filled in to complete an entire number of bytes (bytes). The previous transformation module 304 accepts the block and the KEY [] as its input. KEY [] is provided to the message cryptograph 224 by the CPU 202, which reads the KEY [] of the RAM 206. The transformation that occurs in the previous transformation module 304 is described in a flow chart shown in Figure 5 ( TO) . Once the block is thus transformed, it is passed to the self-inversion transformation module 306, which obtains IKEY and CS (the positional arrangement of the compatibility switch 120) of the CPU 202 and transforms the block obtained from the module 304 according to to the flow chart shown in Figure 5 (B). Once the block is thus transformed, it is passed to inverse transformation block 308, which transforms the given block according to KEY [] as shown in Figure 5 (C). The transformation provided by the inverse transformation module 308 is the inverse transformation executed by the previous transformation module 304. In other words, a block provided to the previous transformation module 304 and immediately thereafter to the inverse transformation module 308 will result in the original input block. The key entries for module 304 and module 308 are the same, ie KEY []. Once the block is taken out of the reverse transformation module 308, the current memory 310 is provided which passes the bits of the message block out to recreate a data stream. This data stream is then provided to the input of the message flow multiplexer 330. Depending on the arrangement of the CRYPT / CLEAR # line, the multiplexer 330 either extracts a flow of encrypted message data or passes its output directly. In an implementation of the cellular phone 100, the transformations executed by the message cryptograph 224 are actually executed in software by a CPU 202 or some other digital signal processor. In fact, if the CPU 202 is a sufficiently powerful digital signal processor (DSP), a variety of functions can be performed for the elements of the transmission subsystem 104 and the reception subsystem 110 which are shown separately in Figure 1. In the following examples, it is assumed that the transformations performed by the message crypto-recorder 224 are executed by the CPU 202. Figure 4 shows a speech encryption module 134 in greater detail, consisting of an adder 350 XOR, a mask storage register 352, and a counter 354. The voice encryption module 134 has two control inputs, one for obtaining a mask value from the telephone processor 116 and one for receiving an initialization signal from a telephone processor. phone. The initialization signal is an input to the counter 354, and the mask input is an entry to the storage register 352. In operation, a mask value is summed by XOR with the voice bit stream. This mask value is provided by the telephone processor 116 and is stored in the mask storage register 352. After the counter 354 is initialized, it starts counting the bits in the voice bit stream. This account is provided to the mask storage register 352, which outputs the mask bit in the position corresponding to the account. The bit output by the mask register 352 is applied to the XOR adder 350 having the speech input as its other input. In this manner, the voice bit stream is summed by XOR with the mask as it was synchronized by the initialization signal. Figures 5 (A), 5 (B), and 5 (C) describe the transformations performed by message encryption subsection 300; Figure 5 (A) describes the previous transformation; Figure 5 (B) describes the auto reversal transformation, and Figure 5 (C) describes the reverse transformation. With this description, it should be apparent that these three transformations applied in series will provide a block encrypted in number text when entering a non-encrypted block of simple text, and will provide a cryptographed block of simple text when entering a block of encrypted text of figures and the key values for the transformations are those that were used to encrypt the text in figures. Figure 5 (A) shows the previous transformation process. First, Lbyte's input block (8L bits) is read inside an MSG matrix [] (Step Al). Then a temporary variable, Z, and the cycle counter, I, are initialized to zero (Step A2). After this the element I of the MSG matrix [] is modified according to the formula: MSGtH = (MSG [I] + box t (Z XOR I)) mod 256 (Step A3). The temporary Z variable is then modified according to the relation: Z = (Z + MSG [I]) mod 256 (A4) where the box t O is a function that returns a value derived from an input function parameter and the KEY values "[] and CTABLE [] are provided as inputs to the transformation In some implementations, for the efficiency of computation, the value of the box t () for each function input parameter and the fixed values of KEY [] and CTABLE [] are calculated and stored in a look-up table The calculation of the box t () from these values is explained in connection with Figure 6. Once these values have been modified, the Cycle counter I is incremented (A5) and its value is checked (A6) to see if each Lbyte has been modified by Step (A3) .If it is not, the cycle counter I will be less than L and the next byte is processed (A3) .If all the Lbytes have been processed, the transformed block, which is stored and n MSG [], is taken out (A7). Fig. 5 (B) shows a process of self-involuting transformation. As already described, the three transformation processes are carried out in series and so the temporal matrices and the variables used for a transformation can be used for other transformations. Of course, if these transformations were to be made by means of a parallel processing system or by a multiple processor system, the separate variables would be provided for each transformation. As with the previous transformation, an input block of Lbyte is first read into the MSG [] (Bl) matrix and then the cycle counter I is initialized to zero (B2). Then, in each step of the cycle, the element I of the MSG matrix [] is modified according to the relationship: MSG [I] = MSG [I] XOR (MSG [(L - 1) - I] OR F) (B3) where F is a function of CS and IKEY such that F = l when CS indicates that the compatibility switch 120 is in the compatibility fix, or F = IKEY when CS indicates that the compatibility switch 120 is in the security arrangement. After (B4), the cycle counter I is incremented and compared to (LD / 2 (B5).) If the first half of the MSG L elements [] have not all been modified by Step B3, then the cycle counter I will be less than (LD / 2 and the process will continue in Step B3 for the next element of MSG [].) However, if I is not less than (LD / 2, then the number of elements required has been processed and the MSG contents [] are taken out (B6) Due to this operation from step B, the transformation of the data into MSG t] is self-involutionary, which means that when any given Lytes L block is transformed according to the transformation shown in Figure 5 (B), and the resulting block is again trans-formed in that manner, will result in the ori-nal block.According to the invention, the auto-involutionary transformation is a function of the input block when CS indicates a compatibility arrangement, but the transformation is as much a f anointing of the input block as of 30 have been modified, the next MSG element t] is processed by steps C3 - C7. If all the Lbytes have been processed, MSG [] is removed (C8). Figure 6 is a sheet flow diagram showing how the cajat function values are generated for use in the processes shown in Figures 5 (A) and 5 (C).

First, an input parameter is loaded into a memory area of RAM 206 labeled "Y" in Figure 2 (Step TI), and then a temporary variable, H, is initialized to the value stored in Y and a cycle counter, J, is initialized to zero (T2). Therefore, the temporal variable H is modified according to the relation: H = H XOR KEY [J] (T3) and after (T4) of H is again modified, this time according to the relation: H = ( H + KEY [J + 1]) mod 256. Then (T5), H is modified a third time, this time according to the relation: H = (Y + CTABLE [H])) mod 256 where CTABLE [] is the matrix of 256 byte elements stored in RAM 204. The cycle counter J is then incremented (T6) by two and is checked (T7) to see if four passes have been made through Steps T3 to T6. If not, the have been modified, the next element of MSG [] is processed by steps C3 - C7. If all the Lbytes have been processed, MSG [] is removed (C8). Figure 6 is a sheet flow diagram showing how the cajat function values are generated for use in the processes shown in Figures 5 (A) and 5 (C).

First, an input parameter is loaded into a memory area of RAM 206 labeled "Y" in Figure 2 (Step TI), and then a temporary variable, H, is initialized to the value stored in Y and a cycle counter, J, is initialized to zero (T2). Therefore, the temporal variable H is modified according to the relation: H = H XOR KEY [J] (T3) and after (T4) of H is again modified, this time according to the relation: H = ( H + KEY [J + 1]) mod 256. Then (T5), H is modified a third time, this time according to the relation: H = (Y + CTABLE [H])) mod 256 where CTABLE [] is the matrix of 256 byte elements stored in RAM 204. The cycle counter J is then incremented (T6) by two and is checked (T7) to see if four passes have been made through Steps T3 to T6. If not, the process recycles backwards (T3) and repeats the cycle; otherwise the routine returns (T8) the last value of H as the return value for the box. In summary, the aforementioned incorporations of a cell phone cryptography system provide compatibility with other systems while allowing the system to cryptograph in a secure manner if strict compatibility with less secure systems is not a requirement. further, all this can be done in an efficient way simply in the normal hardware. The above description is illustrative and not restrictive. Many variations of the invention will be apparent to those skilled in the art with the review of this invention. The panorama of the invention must, therefore, not be determined with reference to the previous description, but must be determined with reference to the attached clauses together with the complete picture of equivalences.

Claims (9)

1. NOVELTY OF THE INVENTION Having described the invention, it is considered as a novelty and therefore the content of the following clauses is claimed as property. CLAUSES 1. A method for securely encrypting a block of simple text data to a block of text data of digits, the method consists of the steps of: converting the block of simple text data into a first intermediate block of data according to a first cryptography process which uses a first key signal as its key and the plain text data block as its input data; determine the state of the compatibility switch, said state is a compatible state or a secure state; converting said first intermediate data block into a second intermediate data block according to a second cryptography process which uses said first intermediate data block as its input data and uses a second key signal as its key when said state is said secure state and a compatibility value as its key when said state is said compatible state, wherein said second cryptography process is an involutory transformation of its input data; and converting said second intermediate data block into a data block of digit data according to a cryptography process which is an inverse transformation of said first cryptography process using said first key signal as its key and said second intermediate block of data as your input data.
2. 2. The method of clause 1, where said compatibility value is one.
3. 3. The method of clause 1, wherein the simple text data block is a message data block and the digit text data block is a cryptographed block of message data.
4. 4. The method of clause 1, wherein the simple text data block is simple text only related to said digit text block, said simple text data has previously been encrypted to achieve additional security.
5. 5. A cryptographic system for transforming a message data block into a cryptographed message data block, consisting of: mechanisms of a first transformation to transform the message data block into a first intermediate data block, said mechanisms of a first transformation configured to transform a data entry therein through a first transformation according to a key entry in a key entry therein; a compatibility switch that indicates a state of a compatible state or of a secure state; mechanisms of a second transformation, coupled to receive said first intermediate data block of said first transformation mechanisms, to transform said first intermediate data block into a second intermediate data block, said second transformation mechanisms configured to transform an input of data there itself through a second transformation according to a key entry therein, said second transformation is a transformation is an involutory transformation of said data entry; third transformation mechanisms, coupled to receive said second intermediate data block from said second transformation mechanisms, to transform said second intermediate data block towards a cryphotgraphed message data block, said third transformation mechanisms configured to transform a data entry right there through an inverse of said first transformation according to a key entry to a key entry there; first key application mechanisms, coupled to said key inputs of said first and third transformation mechanisms, to apply a first key to said key inputs of said first and second transformation mechanisms; and second key application mechanisms coupled to said key input of said second transformation mechanisms and said compatibility switch to apply a second key to said key input of said second transformation mechanisms when said compatibility switch indicates a secure state and apply a compatibility value to said key input of said second transformation mechanisms when said compatibility switch indicates a state of compatibility.
6. 6. The cryptography system of clause 5, wherein said compatibility value is one.
7. 7. The cryptography system of clause 5, wherein the simple text data block is a message data block and the digit text data block is a cryphotgraphed block of message data.
8. 8. The cryptography system of clause 5, wherein the simple text data block is simple text only in relation to said text block of data, said simple text data has previously been encrypted to achieve additional security .
9. 9. A method of surely encrypting a block of simple text data towards a data block of digit text, wherein the method consists of the steps of: converting the simple text data block to a first intermediate data block of data. according to a first cryptography process which uses a first key signal as its key and the simple text data block as its data entry; converting said first intermediate data block into a second intermediate data block according to a second cryptography process which uses said first data itner block of data as its input data and uses a second key signal as its key, wherein said key second cryptography process is a transformational -involving-your input data; and converting said second intermediate data block into a text data block of figures according to a cryptography process which is an inverse transformation of said first cryptography process -using said first key signal as its key and said second intermediate block of data as your input data. IN WITNESS WHEREOVER, I have signed the above description and claims of novelty of the invention, as attorney of NOKIA MOBILE PHONES, in Mexico City, Mexico on February 16, 1996.