Cryptographic system for wireless communications5727064Abstract A wireless communications system (110) with increased privacy. The system (110) transmits an encrypted signal between a base station (112) and a wireless terminal (122). In the forward channel, the base station (112) includes an encryptor (130) with a nonlinear scrambler (202) that creates an key signal that has a nonlinear dependence on a long code mask M. The wireless terminal (122) similarly includes a decryptor (164) with a nonlinear scrambler (210) that creates a key signal that has a nonlinear dependence on the long code mask M. Claims We claim: Description CROSS REFERENCE TO RELATED APPLICATION
TABLE 1
__________________________________________________________________________
Interleave Pattern of Interleaver 14 for Full Rate Case
__________________________________________________________________________
1 9 5 13 3 11 7 15 2 10 6 14 4 12 8 16
65 73 69 77 67 75 71 79 66 74 70 78 68 76 72 80
129
137
133
141
131
139
135
143
130
138
134
142
132
140
136
144
193
201
197
205
195
203
199
207
194
202
198
206
196
204
200
208
257
265
261
269
259
267
263
271
258
266
262
270
260
268
264
272
321
329
325
333
323
331
327
335
322
330
326
334
324
332
328
336
33 41 37 45 35 43 39 47 34 42 38 46 36 44 40 48
97 105
101
109
99 107
103
111
98 106
102
110
100
108
104
112
161
169
165
173
163
171
167
175
162
170
166
174
164
172
168
176
225
233
229
237
227
235
231
239
226
234
230
238
228
236
232
240
289
297
293
301
291
299
295
303
290
298
294
302
292
300
296
304
353
361
357
365
355
363
359
367
354
362
358
366
356
364
360
368
17 25 21 29 19 27 23 31 18 26 22 30 20 28 24 32
81 89 85 93 83 91 87 95 82 90 86 94 84 92 88 96
145
153
149
157
147
155
151
159
146
154
150
158
148
156
152
160
209
217
213
221
211
219
215
223
210
218
214
222
212
220
216
224
273
281
277
285
275
283
279
287
274
282
278
286
276
284
280
288
337
345
341
349
339
347
343
351
338
346
342
350
340
348
344
352
49 57 53 61 51 59 55 63 50 58 54 62 52 60 56 64
113
121
117
125
115
123
119
127
114
122
118
126
116
124
120
128
177
185
181
189
179
187
183
191
178
186
182
190
180
188
184
192
241
249
245
253
243
251
247
255
242
It is noted that the numbers in TABLE 1 refer to the bit positions in signal C from convolutional encoder 22. Additionally, each column in TABLE 1 represents one of the 16 groups of 24 bits. The operation of channel coder 12 is public and thus a potential eavesdropper can access the information contained in TABLE 1. Linear encryptor 16 creates a signal G to be summed (modulo-2) with signal E. Long code generator 26 creates a putatively private long code sequence F from a private long code mask M. An exemplary long code generator indicated generally at 26a is shown in FIG. 3. Long code generator 26a includes a linear feedback shift register 40 that contains a publicly known quantity having 42 bits. Each bit of the shift register is combined in a corresponding AND-gate 42 with a corresponding bit of the private long code mask M. The output of each AND-gate is coupled to an adder 44. Adder 44 comprises a modulo-2 or Exclusive-OR adder. Adder 44 adds the outputs of and-gates 42 together to produce a bit of the long code sequence F. The relationship between F and M can be expressed as: ##EQU1## where x.sub.i,f,j is the content of the i.sup.th cell of the linear feedback shift register 40 after having stepped j times during the processing of the f.sup.th frame, m.sub.i is the i.sup.th bit of the long code mask and F.sub.f,j is the j.sup.th bit of the long code sequence since the beginning of the f.sup.th frame. Decimator 28 outputs 1 in every 64 bits of signal F as signal G which is used to encrypt signal E. Thus, each bit of signal G can also be expressed as: ##EQU2## Signal E from block interleaver 14 is modulo-2 summed with a signal G of linear encryptor 16 at modulo-2 adder 30. Signal E is added to signal G with modulo-2 arithmetic. For each bit output by modulo-2 adder 30, multiplexer 32 transmits either the output of modulo-2 adder 30 or the PCB signal as the output signal O of forward channel circuit 10. The PCB signal is a power control signal that overwrites a pair of the first 17 bits in each group of 24 bits in signal E. Thus, only the last 7 bits of each group of 24 bits in signal O is free of the effect of the PCB signal. The long code sequence F used to encrypt the transmission is linearly dependent on the long code mask M (Equation (1)). Further, channel encoder 12 manipulates the bits of input signal I such that the bits of signal D are related to the bits of signal I by known, linear algebraic equations. Thus, if a potential eavesdropper can manipulate the output signal O to remove the effect of the input signal L the eavesdropper will have data that depends linearly on the unknown bits of the long code mask M. With this data, the eavesdropper can use standard techniques for the solution of linear equations to determine the long code mask M. The bits of signal E output by channel coder 12 can be combined to create linear equations that depend only on the bits of the long code mask M. To see this relationship, consider the mathematical representation of forward channel circuit 10. First, a bookkeeping detail. Due to the effect of the PCB signal, the only bits that the eavesdropper can rely on are the last 7 bits of each group of 24 bits in output signal O. Thus, in the f.sup.th frame, for all bit positions j falling into the last 7 bits of each of the groups of bits, the output of forward channel circuit 10 can be described by the equation: E.sub.f,j .sym.G.sub.f,j =O.sub.f,j. (3) In each frame, Equation (3) governs the value of 112 bits of signal I input into forward channel circuit 10. Equation (2) above states that G depends on the unknown bits m.sub.i of the long code mask. The vector E is unknown to the eavesdropper. Thus to create an equation that only depends on m.sub.i, the effect of the vector E must be removed. If a vector .alpha. can be found such that .alpha..sub.j is zero for all values of j among the first seventeen bits in each group of 24 bits and such that <.alpha.,E.sub.f >=0 (4) then the effect of E on the output vector O can be removed. It is noted that equation (4) refers to the dot product with modulo-2 arithmetic of the vectors .alpha. and E. In the vector .alpha., the bits are selected such that the dot product with E creates a sum of bits in E that equal zero. Taking the dot product of each vector in Equation (3) with .alpha. produces: <.alpha.,E.sub.f >.sym.<.alpha.,G.sub.f >=<.alpha.,O.sub.f >. (5) Substituting Equation (4) into equation (5), it is seen that: <.alpha.,G.sub.f >=<.alpha.,O.sub.f >. (6) As discussed above in Equation (2), signal G is a decimated version of signal F and each bit is thus linearly dependent on the bits of the long code mask m.sub.i. Equation (6) can thus be expanded as follows: ##EQU3## Substituting equation (2) into equation (7) reveals that: ##EQU4## This is a linear equation wherein the bits m.sub.i of the long code mask are the only unknowns. Thus, the eavesdropper can use known techniques to determine the bits of the long code mask provided enough data is gathered to produce 42 equations. The eavesdropper must first identify the vectors .alpha. that satisfy Equation (3). Channel coder 12 makes this possible. To find the vectors .alpha. that satisfy Equation (3), trace the last 16 bits of data in a signal B through convolutional encoder 22. Assume the last eight bits are 0 as set by tail encoder 20. Further assume that the prior eight bits are a, b, c, d, e, f, g, and h with a being the bit that is followed by the eight zero bits. Then, the last sixteen bits of signal C are: c.sub.369 =a.sym.b.sym.c.sym.e.sym.g.sym.h; (9) c.sub.370 =b.sym.c.sym.d.sym.h; (10) c.sub.371 =a.sym.b.sym.d.sym.f.sym.g; (11) c.sub.372 =a.sym.b.sym.c.sym.g; (12) c.sub.373 =a.sym.c.sym.e.sym.f; (13) c.sub.374 =a.sym.b.sym.f; (14) c.sub.375 =b.sym.d.sym.e; (15) c.sub.376 =a.sym.e; (16) c.sub.377 =a.sym.c.sym.d; (17) c.sub.378 =d; (18) c.sub.379 =b.sym.c; (19) c.sub.380 =c; (20) c.sub.381 =a.sym.b; (21) c.sub.382 =b; (23) c.sub.383 =a; (24) and c.sub.384 =a. (25) Combinations of the bits of signal C that yield a modulo-2 sum of zero satisfy Equation (3). For example, the sum of bits c.sub.383 and c.sub.384 is zero because the bits are equal. It is noted that after symbol repetition and interleaving bits 383 and 384 of signal C become bits 192 and 384 of signal E, respectively. Thus, a vector .alpha. that results in the sum of these two bits will yield a linear equation in the bits m.sub.i of the long code mask M as follows: G.sub.f,192 .sym.G.sub.f,384 =O.sub.f,192 .sym.O.sub.f,384. (26) Equation (26) can be rewritten as: ##EQU5## In Equation (27), the only unknowns are the bits m.sub.i of the long code mask. Other combinations that result in vectors .alpha. are as follows: c.sub.369 .sym.c.sub.370 .sym.c.sub.371 .sym.c.sub.373 .sym.c.sub.379 .sym.c.sub.383 =0; (28) c.sub.377 .sym.c.sub.378 .sym.c.sub.379 .sym.c.sub.381 =0; (29) c.sub.373 .sym.c.sub.374 .sym.c.sub.375 .sym.c.sub.377 .sym.c.sub.383 =0; (30) c.sub.381 .sym.c.sub.382 .sym.c.sub.383 =0; (31) c.sub.371 .sym.c.sub.372 .sym.c.sub.373 .sym.c.sub.375 .sym.c.sub.381 =0; (32) c.sub.379 .sym.c.sub.380 .sym.c.sub.381 .sym.c.sub.383 =0; (33) and c.sub.375 .sym.c.sub.376 .sym.c.sub.377 .sym.c.sub.379 =0. (34) Thus, in the full rate case, the eavesdropper can create at least eight combinations of bits from one frame of data that cancel the effect of the input signal I on the output signal O. With just six frames of data the eavesdropper can create more than the 42 equations necessary to determine the value of the 42 bits of the long code mask M. This data can be gathered in less than one second. In the lower rate cases, the task of the eavesdropper is somewhat simplified. TABLE 2 below shows the bits of signal E with the number of the bit position for each bit as in signal C output by the convolutional encoder.
TABLE 2
__________________________________________________________________________
Interleave Pattern of Interleaver 14 for Low Rate Case
__________________________________________________________________________
1 2 1 2 1 2 1 2 1 2 1 2 1 2 1 2
9 10 9 10 9 10 9 10 9 10 9 10 9 10 9 10
17
18 17
18 17
18 17
18 17
18 17
18 17
18 17
18
25
26 25
26 25
26 25
26 25
26 25
26 25
26 25
26
33
34 33
34 33
34 33
34 33
34 33
34 33
34 33
34
41
42 41
42 41
42 41
42 41
42 41
42 41
42 41
42
5 6 5 6 5 6 5 6 5 6 5 6 5 6 5 6
13
14 13
14 13
14 13
14 13
14 13
14 13
14 13
14
21
22 21
22 21
22 21
22 21
22 21
22 21
22 21
22
29
30 29
30 29
30 29
30 29
30 29
30 29
30 29
30
37
38 37
38 37
38 37
38 37
38 37
38 37
38 37
38
45
46 45
46 45
46 45
46 45
46 45
46 45
46 45
46
3 4 3 4 3 4 3 4 3 4 3 4 3 4 3 4
11
12 11
12 11
12 11
12 11
12 11
12 11
12 11
12
19
20 19
20 19
20 19
20 19
20 19
20 19
20 19
20
27
28 27
28 27
28 27
28 27
28 27
28 27
28 27
28
35
36 35
36 35
36 35
36 35
36 35
36 35
36 35
36
43
44 43
44 43
44 43
44 43
44 43
44 43
44 43
44
7 8 7 8 7 8 7 8 7 8 7 8 7 8 7 8
15
16 15
16 15
16 15
16 15
16 15
16 15
16 15
16
23
24 23
24 23
24 23
24 23
24 23
24 23
24 23
24
31
32 31
32 31
32 31
32 31
32 31
32 31
32 31
32
39
40 39
40 39
40 39
40 39
40 39
40 39
40 39
40
47
48 47
48 47
48 47
48 47
48 47
48 47
48 47
48
__________________________________________________________________________
It is noted that each bit is repeated eight times. Thus, in the low rate case, the eavesdropper can determine the bits of the long code mask M with a single frame of data. Thus, it is easier in the low rate case to create equations to determine the bits of the long code mask M. FIG. 4 is a block diagram of a wireless system indicated generally at that implements a spread spectrum technology and is constructed according to the teachings of the present invention. Wireless system 110 includes a plurality of base stations 112 that are coupled to and in communication with a Mobile Switching Center (MSC) 114. MSC 114 is coupled to and in communication with the public switched telephone network (PSTN) 116, including one or more local offices 118 and one or more toll offices 120. PSTN 116 further includes fixed terminals 122 coupled to and in communication with local offices 118 and toll offices 120. Fixed terminals may be coupled to PSTN by any appropriate telecommunications cable including, for example, copper wires, fiber optic cables and the like. Wireless system 110 also includes one or more wireless terminals 124. The forward channel of each wireless terminal 124 and each base station 112 includes an encryptor as described below for providing increased transmission privacy when compared to prior systems and methods. In operation, wireless system 110 transmits an encrypted signal between a base station 112 and a wireless terminal 124. For example, a communication to a wireless terminal 124 may be initiated at a fixed terminal 122. Local office 118 and MSC 114 connect fixed terminal 122 to an appropriate base station 112. Base station 112 encrypts a signal from fixed terminal 122 and transmits the encrypted signal. The appropriate wireless terminal 124 receives the encrypted signal. Wireless terminal 124 decrypts the signal to complete the communication. FIG. 5 is a block diagram of one embodiment of a base station indicated generally at 112 and constructed according to the teachings of the present invention. Base station 112 includes a forward channel 126 for transmitting signals to a wireless terminal 124. Base station 112 also includes a reverse channel 128 for receiving signals from a wireless terminal 124. Forward channel 126 includes an encryptor 130 that creates a key signal that is a nonlinear function of a private long code mask. Thus, forward channel 126 provides increased transmission privacy. Forward channel 126 includes a channel coder 132 that is coupled to MSC 114. Forward channel 126 further includes the series combination of bit interleaver 134, encryptor 130, Walsh function modulator 136, quadrature spreader 138, quadrature carrier modulator 140, and RF transmitter 142. RF transmitter 142 is coupled to antenna 144. Reverse channel 128 includes the series combination of RF receiver 146, quadrature carrier demodulator 148, quadrature despreader 150, despreader 152, Walsh symbol demodulator 154, bit deinterleaver 156, and channel decoder 158. In operation, forward channel 126 processes and encrypts a signal from MSC 114 for transmission on antenna 144. MSC 114 provides a digital signal to channel coder 132. Channel coder 132 codes the signal for error correction after transmission. Bit interleaver 134 rearranges the order of the bits in the signal so as to minimize the impact of error bursts. Encryptor 130 uses a nonlinear encryption signal to encrypt the signal from bit interleaver 134. Walsh function modulator 136 modulates the signal by multiplying the signal with a selected Walsh function. Quadrature spreader 138 spreads the signal with a selected pseudo-noise (PN) code that is unique to the transmission between fixed terminal 122 and wireless terminal 124. Quadrature carrier modulator 140 modulates the signal for transmission by RF transmitter 142 on antenna 144. Reverse channel 128 receives a signal from a wireless terminal 124 at antenna 144 and receiver 146. Quadrature carrier demodulator 148 demodulates the signal from the carrier signal for processing. Quadrature despreader 150 uses the appropriate PN signal to despread the signal from wireless terminal 124. Despreader 152 uses a private key signal to further despread the signal from wireless terminal 124. Walsh symbol demodulator 154 demodulates the signal with an appropriate Walsh function. Bit deinterleaver 156 rearranges the bits in the signal to undo an interleaving operation performed by wireless terminal 124. Channel decoder 158 uses error correction techniques to correct errors in the signal from wireless terminal 124. FIG. 6 is a block diagram of a wireless terminal indicated generally at 124 and constructed according to the teachings of the present invention. Wireless terminal 124 includes a reverse channel 160 for transmitting signals to a base station 112. Wireless terminal 124 also includes a forward channel 162 for receiving signals from a base station 112. Forward channel 162 includes a decryptor 164 that creates a key signal that is a nonlinear function of a private long code mask. Thus, forward channel 162 provides increased transmission privacy. Wireless terminal 168 includes an input/output (I/O) device 166. I/O device 166 may comprise a speaker and a microphone. Alternatively, I/O device 166 may comprise an appropriate data port. Reverse channel 160 includes a voice coder 168 coupled to I/O device 166. Voice coder 168 is coupled to the series combination of channel coder 170, bit interleaver 172, Walsh function modulator 174, spreader 176, quadrature spreader 178, quadrature carrier modulator 180, and RF transmitter 182. RF transmitter 182 is coupled to antenna 184. Reverse channel 162 includes the series combination of RF receiver 186, quadrature carrier demodulator 188, quadrature despreader 190, Walsh function demodulator 192, decryptor 164, bit deinterleaver 194, channel decoder 196 and voice decoder 198. Voice decoder 198 is coupled to I/O device 166. In operation, reverse channel 160 processes a signal from a user for transmission on antenna 184. Voice coder 168 codes a digital signal from I/O device 166. Channel coder 170 codes the signal for error correction after transmission. Bit interleaver 172 rearranges the order of the bits in the signal so as to minimize the impact of error bursts. Walsh function modulator 174 modulates the signal by multiplying the signal with a selected Walsh function. Spreader 176 uses a key signal to spread the signal from Walsh function modulator 174. Quadrature spreader 178 spreads the signal with a selected pseudo-noise (PN) code that is unique to the transmission between fixed terminal 122 and wireless terminal 124. Quadrature carrier modulator 180 modulates the signal for transmission by RF transmitter 182 on antenna 184. Forward channel 162 receives a signal from base station 112 at antenna 184 and receiver 186. Quadrature carrier demodulator 188 demodulates the signal from the carrier signal for processing. Quadrature despreader 190 uses the appropriate PN signal to despread the signal from base station 112. Walsh function demodulator 192 demodulates the signal with an appropriate Walsh function. Decryptor 164 uses a private key signal to descramble the signal from base station 112. Bit deinterleaver 194 rearranges the bits in the signal to undo an interleaving operation performed by base station 112. Channel decoder 196 uses error correction techniques to correct errors in the signal from base station 112. Voice decoder 198 decodes the signal for I/O device 166 to complete the transmission. FIG. 7 is an embodiment of an encryptor indicated generally at 130 for use in forward channel 126 of FIG. 5. Encryptor 130 generates a key signal with the series combination of a long code generator 200, a nonlinear scrambler 202 and a decimator 204. The output of decimator 204 is coupled to a first input of a modulo-2 adder 206. The second input of adder 206 is coupled to bit interleaver 134. In operation, long code generator 200 generates a sequence of bits from a private long code mask. Long code generator 200 may comprise the long code generator 22a of FIG. 3 such that the bits of the long code sequence depend linearly on the bits of the long code mask. Nonlinear scrambler 202 scrambles the bits of the long code sequence such that the output bits of nonlinear scrambler 202 have a nonlinear dependence on the bits of the long code mask. Exemplary embodiments of nonlinear scrambler 202 are described below with respect to FIGS. 9 through 15. The nonlinearity created by nonlinear scrambler 202 may vary in complexity. For example, nonlinear scrambler 202 may include a feedback loop. Alternatively, nonlinear scrambler 202 may comprise a simple combinational logic circuit that introduces a nonlinearity into the long code sequence. Thus, a system constructed according to the teachings of the present invention will increase the difficulty for an eavesdropper to successfully obtain the bits of the long code mask M. Decimator 204 selects bits output from nonlinear scrambler 202 with a known frequency. For example, decimator 204 may output 1 in 64 of the bits output by nonlinear scrambler 202. Adder 206 adds (modulo-2) the signal from bit interleaver 134 with the signal from decimator 204. FIG. 8 is an embodiment of a decryptor indicated generally at 164 for use in forward channel 162 of FIG. 6. Decryptor 164 generates a key signal with the series combination of a long code generator 208, a nonlinear scrambler 210 and a decimator 212. The output of decimator 212 is coupled to a first input of a modulo-2 adder 214. The second input of adder 214 is coupled to Walsh function demodulator 192. In operation, decryptor 164 creates a key signal to decrypt a signal received from a base station 112. As such, decryptor 164 independently creates a key signal that is identical to the key signal created in encryptor 130. Thus, long code generator 208 generates a sequence of bits from a private long code mask. Long code generator 208 may comprise the long code generator 22a of FIG. 3 such that the bits of the long code sequence depend linearly on the bits of the long code mask. Nonlinear scrambler 210 scrambles the bits of the long code sequence such that the output bits of nonlinear scrambler 210 have a nonlinear dependence on the bits of the long code mask. Exemplary embodiments of nonlinear scrambler 210 are described below with respect to FIGS. 9 through 15. The nonlinearity created by nonlinear scrambler 210 may vary in complexity. For example, nonlinear scrambler 210 may include a feedback loop. Alternatively, nonlinear scrambler 210 may comprise a simple combinational logic circuit that introduces a nonlinearity into the long code sequence. Thus, a system constructed according to the teachings of the present invention will increase the difficulty for an eavesdropper to successfully obtain the bits of the long code mask M. Decimator 212 selects bits output from nonlinear scrambler 210 with a known frequency. For example, decimator 212 may output 1 in 64 of the bits output by nonlinear scrambler 210. Adder 214 adds the signal from Walsh function demodulator 192 with the signal from decimator 212. FIG. 9 is one embodiment of a nonlinear scrambler indicated generally at 202a and constructed according to the teachings of the present invention. It is noted that each circuit shown in FIGS. 9 through 15 can be used either in encryptor 130 or decryptor 164. For simplicity, FIGS. 9 through 15 are described only with respect to encryptor 130. Scrambler 202a comprises an Exclusive-OR gate 216, a shift register 218, a logic circuit 220 and a switch 222. The output of long code generator 200 and the output of logic circuit 220 are coupled to the inputs of Exclusive-OR gate 216. Exclusive-OR gate 216 provides an output to shift register 218 and to switch 222. Logic circuit 220 taps two or more cells of shift register 218. Finally, the output of long code generator 200 is also coupled to switch 222. In operation, scrambler 202a outputs a sequence of bits that are a nonlinear combination of the bits of the long code sequence by use of a feedback loop. Exclusive-OR gate 216 outputs bits to shift register 218. The bits shift through shift register 218 and are selectively combined in logic circuit 220. Logic circuit 220 may comprise a simple AND-gate. Alternatively, logic circuit 220 may comprise a more complicated combinational logic circuit. Logic circuit 220 provides a second input to Exclusive-OR gate 216 such that the bits entering shift register 218 ultimately depend on the current bit of the long code sequence and a logical combination of prior bits output by Exclusive-OR gate 216. Switch 222 may by-pass the effect of scrambler 202a by coupling long code generator 200 directly to decimator 204. A reset signal is also provided to clear shift register 218. FIG. 10 illustrates another embodiment of a nonlinear scrambler indicated generally at 202b constructed according to the teachings of the present invention. Scrambler 202b comprises a shift register 224 having 64 cells. Each cell of shift register 224 is coupled to an input of a multiplexer 226. Additionally, the cells labeled 0 through 5 of shift register 224 are coupled to selector inputs of multiplexer 226. It is noted that any six of the cells of shift register 224 could be used as the selector inputs for multiplexer 226. In operation, the bits of the long code sequence shift through shift register 224. The values in cells 0 through 5 of shift register 224 select one of the cells from shift register 224 to be passed as an output bit by multiplexer 226 to decimator 204. FIG. 11 illustrates another embodiment of a nonlinear scrambler indicated generally at 202c and constructed according to the teachings of the present invention. Scrambler 202c comprises a shift register 228 having 64 cells. N selected cells of shift register 228 are coupled to selector inputs of multiplexer 230. Additionally, 2.sup.N selected cells of shift register 228 are also coupled as inputs of multiplexer 230. In operation, the bits of the long code sequence shift through shift register 228. Multiplexer 230 selects a cell of shift register 228 based on the selector inputs from shift register 228. The value of the selected cell is passed as the output of scrambler 202c to decimator 204. FIG. 12 illustrates another embodiment of a nonlinear scrambler indicated generally at 202d constructed according to the teachings of the present invention. Scrambler 202d comprises a shift register 232 having 64 cells. Each cell of shift register 232 is coupled to an input of data encryption standard (DES) circuit 234. DES circuit 234 encrypts data according to Federal Information Processing Standards Publication 46 dated Jan. 15, 1977. A private key signal is provided to DES circuit 234. DES circuit 234 comprises 64 outputs that are coupled to a register 236. A selected cell of register 236 is provided as an output for scrambling circuit 202d. In operation, the bits of the long code sequence shift through shift register 232. DES circuit 234 encrypts the data in shift register 232 using the key signal and conventional DES techniques. DES circuit 234 provides an encrypted version of the data in shift register 232 to register 236. Scrambler 202d provides an output signal from register 236 to decimator 204. FIG. 13 illustrates another embodiment of a nonlinear scrambler indicated generally at 202e and constructed according to the teachings of the present invention. Scrambler 202e comprises a shift register 240 having 64 cells. N selected cells of shift register 240 are coupled to inputs of a nonlinear function 242. For example, nonlinear function 242 may comprise a two input AND-gate or other appropriate function for creating a nonlinear output. In operation, the bits of the long code sequence shift through shift register 240. Nonlinear function 242 generates an output signal based on the values of the N input cells of shift register 240. FIG. 14 is another embodiment of a nonlinear scrambler indicated generally at 202f and constructed according to the teachings of the present invention. Scrambler 202f comprises an Exclusive-OR gate 244, a shift register 246, a first logic circuit 248 and a second logic circuit 250. The output of long code generator 200 and the output of first logic circuit 248 are coupled to the inputs of Exclusive-OR gate 244. Exclusive-OR gate 244 is coupled to shift register 246. First logic circuit 248 taps two or more cells of shift register 246. Finally, second logic circuit 250 taps a second selected set of cells of shift register 246. Second logic circuit 250 comprises the output of scrambler 202f. A reset signal is also provided to clear shift registers 248 and 250. In operation, scrambler 202f outputs a sequence of bits that are a nonlinear combination of the bits of the long code sequence by use of a feedback loop. Exclusive-OR gate 244 outputs bits to shift register 246. The bits shift through shift register 246 and are selectively combined in first logic circuit 248. First logic circuit 248 may comprise a simple AND-gate. Alternatively, first logic circuit 248 may comprise a more complicated combinational logic circuit. First logic circuit 248 provides a second input to Exclusive-OR gate 244 such that the bits entering shift register 246 ultimately depend on the current bit of the long code sequence and a logical combination of prior bits output by Exclusive-OR gate 244. Second logic circuit 250 combines bits from selected cells of register 246 as output for scrambler 202f. FIG. 15 is another embodiment of a nonlinear scrambler indicated generally at 202g and constructed according to the teachings of the present invention. Scrambler 202g comprises an Exclusive-OR gate 252, a shift register 254, a first logic circuit 256 and a second logic circuit 258. The output of long code generator 200 and the output of first logic circuit 256 are coupled to the inputs of Exclusive-OR gate 252. Exclusive-OR gate 252 is coupled to shift register 254. First logic circuit 256 taps one or more cells of shift register 256. Additionally, a private key signal K.sub.1 may be provided to first logic circuit 256 for use in creating the encryption signal. Second logic circuit 258 taps a second selected set of cells of shift register 254. A second private key K.sub.2 may be provided to second logic circuit 258 for use in creating the encryption signal. Second logic circuit 258 comprises the output of scrambler 202g. A reset signal is also provided to clear shift registers 256 and 258. In operation, scrambler 202g outputs a sequence of bits that have a nonlinear dependence on a private sequence of bits. The private sequence of bits can be the long code mask as processed by long code generator 202, signal K.sub.1 or K.sub.2, or any appropriate combination thereof. Exclusive-OR gate 252 outputs bits to shift register 254. The bits shift through shift register 254 and are selectively combined with bits of signal K.sub.1 in first logic circuit 256. First logic circuit 248 may comprise a simple and-gate. Alternatively, first logic circuit 256 may comprise a more complicated combinational logic circuit. First logic circuit 256 provides a second input to Exclusive-OR gate 252 such that the bits entering shift register 254 ultimately depend on the current bit of the long code sequence and a logical combination of prior bits output by Exclusive-OR gate 252 and the signal K.sub.1. Second logic circuit 258 combines bits from selected cells of register 254 with bits of signal K.sub.2 as output for scrambler 202f. It is noted that nonlinear scrambler 202g can achieve increased privacy over conventional systems without use of long code generator 200. If long code generator 200 is omitted from encryptor 130, either K.sub.1, K.sub.2 or both must be private to increase privacy. Additionally, if either K.sub.1, K.sub.2 or both are private, long code generator 200 could create a long code sequence from a public long code mask M. It is also noted that either K.sub.1 or K.sub.2 may be omitted without departing from the teachings of the present invention. FIG. 16 is another embodiment of an encryptor indicated generally at 130a for use in the base station 112 of FIG. 5. Encryptor 130a generates a key signal with the series combination of a shift register 260 and, a nonlinear combiner 262 and a decimator 264. The output of decimator 264 is coupled to a first input of a modulo-2 adder 266. The second input of adder 266 is coupled to bit interleaver 134. A private long code mask, M, is provided to nonlinear combiner 262. In operation, ecryptor 130a generates a key signal with bits that are a nonlinear combination of the bits of the long code mask. Shift register 260 generates a sequence of bits from a publicly known quantity. Nonlinear combiner 262 combines the long code mask M with the output of shift register 260. Decimator 264 selects bits output from nonlinear combiner 262 with a known frequency. For example, decimator 264 may output 1 in 64 of the bits output by nonlinear combiner 262. Adder 266 adds (modulo-2) the signal from bit interleaver 134 with the signal from decimator 264. FIG. 17 is another embodiment of a decryptor indicated generally at 164a for use in the wireless terminal 124 of FIG. 6. Decryptor 164a generates a key signal with the series combination of a shift register 268, a nonlinear combiner 270 and a decimator 272. The output of decimator 272 is coupled to a first input of a modulo-2 adder 274. The second input of adder 274 is coupled to Walsh symbol demodulator 154. A private long code mask, M, is provided to nonlinear combiner 270. In operation, decryptor 164a generates a key signal with bits that are a nonlinear combination of the bits of the long code mask. Shift register 268 generates a sequence of bits from a publicly known quantity. Nonlinear combiner 270 combines the long code mask M with the output of shift register 268. Decimator 272 selects bits output from nonlinear combiner 270 with a known frequency. For example, decimator 272 may output 1 in 64 of the bits output by nonlinear combiner 270. Adder 274 adds (modulo-2) the signal from Walsh symbol modulator 154 with the signal from decimator 272. Although the present invention has been described in detail, it should be understood that various alterations, substitutions and changes can be made hereto without departing from the spirit and scope of the invention as defined by the appended claims. For example, the shift registers shown in FIGS. 9 through 15 are not limited to 64 cells. The number of cells may be varied without departing from the teachings of the present invention. The 64 cell registers are simply shown by way of example and not by way of limitation. Furthermore, the encryptors and decryptors described herein can be used without decimators. Alternatively, the function of decimator can be partially or fully incorporated into other circuitry. Scramblers 202a through 202g each includes one or more shift registers. It is emphasized that these shift registers are shown by way of example and not by way of limitation. The shift registers store input bits provided to the scrambler for use in creating subsequent output bits. To this end, the shift registers in FIGS. 9 through 15 can be replaced with any appropriate circuit for performing this same function. To ensure that the nonlinear scramblers constructed according to the teachings of the present invention in the base station and in the wireless terminal produce identical outputs when fed with identical long code sequence inputs during a transmission, the scramblers should start with the same internal state. Thus, any shift registers in the scramblers must start with identical contents. One means for accomplishing this is to reset any such shift registers with fixed initial values in response to a reset signal during the time of hand-off. The reset signals shown in FIGS. 9, 14 and 15 can be used to implement this feature. The registers may also be reset, for example, such as at the beginning of each new frame. It is noted that the Exclusive-OR gates specified in FIGS. 9, 14 and 15 can be implemented with any appropriate function that performs modulo-2 addition. It is also noted that the number of bits in the long code mask may be varied from 42 without departing from the spirit and scope of the teachings of the present invention.
|
Same subclass Same class Consider this |
||||||||||