Cryptographic communication and file security using terminals4386234Abstract A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphered under the master cipher key is transferred to the cryptographic apparatus storage means and the control means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions. Claims We claim: Description CROSS REFERENCE TO RELATED APPLICATIONS
__________________________________________________________________________
CATEGORY SECURITY CLASS
TYPE USE
__________________________________________________________________________
Key Encrypting
Keys
Primary System Key Host master
Key (KMH)
Encipher
Secondary
Secondary Terminal Master
Other
Communications
Key (KMT)
Keys Cryptographic
Private
Terminal Master
Keys
Key (KMTP)
Primary System
Communication
Session Key
Data Encrypting
Keys (KS) Encipher
Keys
Private Or
Session Key
(KSP) Decipher
(Operational
Keys) Primary Private Data
File Key File Key
(KFP)
__________________________________________________________________________
GENERATION, DISTRIBUTION AND INSTALLATION OF CRYPTOGRAPHIC KEYS Key generation is the process which provides for the creation of the cipher keys required by a cryptographic system. Key generation includes the specification of a system master key, primary and secondary communication keys and the primary file key. The system master key is the primary key encrypting key and is the only cipher key that needs to be present in the host cryptographic facility in clear form. Since the system master key does not generally change for long periods of time, great care must be taken to select this key in a random manner. This may be accomplished by using some random experiment such as coin tossing where bit values 0 and 1 are determined by the occurrence of heads and tails of the coin or by throwing dice where bit values 0 and 1 are determined by the occurrence of even or odd rolls of the dice, with the occurrence of each group of coins or dice being converted into corresponding parity adjusted digits. Since all other cipher keys stored in the host system are enciphered under the system master key then secrecy for such other cipher keys reduces to that of providing secrecy for the single system master key. This may be accomplished by storing the system master key in a non-volatile master key memory so that it need only be installed once. Once installed, the master key is used only by the cryptographic apparatus for internally deciphering enciphered keys which may then be used as the working key in a subsequent encipher/decipher operation. The terminal master key is a secondary key encrypting key and like the system master key, is the only key encrypting key that needs to be present in clear form in the terminal cryptographic facility. Since there may be numerous terminals associated with the data communication network, it may not be practical or prudent to have these keys generated by a human user using some type of random experiment. Therefore, to relieve the system administrator from the burden of creating cryptographic keys, except for the single system master key, the cryptographic apparatus of the host system can be used as a pseudo random generator for generating the required terminal master keys used by the various terminals of the network. The manner by which such host system generated random numbers are produced is described in detail in the co-pending application Ser. No. 857,532 filed Dec. 5, 1977 entitled "Cryptographic Communications Security for Single Domain Networks" by Ehrsam et al. In addition to the system generated terminal master keys, off line means may be used by end users to establish a private terminal master key. In either event, the terminal master key is retained in enciphered form at the host in a manner as described in the aforementioned patent application and the clear form of the system or private generated terminal master key is distributed in a secure manner to the authorized terminal users. This may be accomplished by transporting the key by courier, registered mail, public telephone, etc. The liklihood of an opponent obtaining the key during transit can be lessened by transmitting different portions of the key over independent paths and then combining them at the destination. Once having properly received a valid system or private generated terminal master key in clear form, it becomes necessary to maintain its secrecy. In the terminal master key approach of the present invention, this is accomplished by writing the terminal master key in a non-volatile master key memory, as in the case of the system master key. Once installed, the terminal master key is used only by the terminal cryptographic apparatus for internally deciphering system generated session keys which may then be used as the working key in a subsequent encipher/decipher operation. Installation of the system or private generated terminal master keys may be accomplished by a direct manual entry process using mechanical switches, dials, or a hand-held key entry device. Alternatively, an indirect entry method may be used in which case the master key may be entered from a non-volatile media such as a magnetic card or tape which is maintained in a secure location (safe, vault, etc.) accessible only to the security administrator. Another alternative indirect entry method may be to use a keyboard entry device though this method is subject to human error. In any event, whichever indirect method is chosen, during terminal initialization, the terminal master key may be read into and temporarily stored in the terminal memory and then transferred to the master key memory with the terminal memory entry being subsequently erased so that only one copy is present in the terminal and accessible only by the terminal cryptographic facility. System generated primary communication keys, such as the system session keys, are time variant keys which are dynamically generated for each communication session and are used to protect communicated data. Since there may be numerous communications sessions it is impractical to have these keys generated by a human user. Therefore, as in the case of the terminal master keys, the cryptographic apparatus of the host system may be used as a pseudo-random generator for generating, as each communication session is required, a pseudo-random number which may be defined as being an enciphered system session key. By a technique described in the aforementioned application, Ser. No. 857,532, the enciphered terminal master key and the enciphered session key are processed by a function which produces the session key enciphered under the terminal master key. This quantity is then communicated to the terminal where it is deciphered thereby allowing the host and terminal to communicate using the common session key. In addition to system generated session keys, end users may wish to communicate using a mutually agreed upon private session key. This key is loaded into the host system and the terminal as a common working key thereby allowing the host and terminal to communicate using the common private session key. In private cryptographic systems where the end users use a private protocol which is unknown to the system, communication and/or file security can be obtained by the use of private primary communication and/or private primary file keys. In such arrangements, key selection, management and data transfer operations are performed without system knowledge that cryptography is being performed. Thus, in single domain data communication networks where end user terminals are remote from the host system or in multiple domain data communication networks where the end user terminals are local to or remote from their respective host systems, the end users may define a private protocol using a mutually agreed upon primary communication key, i.e. a private session key. This key may be loaded directly into the respective end user terminals as a working key under control of a load key direct operation thereby allowing the end user terminals to cryptographically communicate with each other using the common private session key. With this end-to-end encryption approach, enciphered messages can be sent via networks of any type, private or public, without system knowledge that cryptography is being performed but providing communication security for such data transmissions. In single domain data processing systems where sensitive data is processed at an end user terminal for storage in a data file for subsequent recovery at a later time at the same or a different terminal associated with the host system or where the sensitive data processed at an end user terminal is stored in a data file on a portable storage media which is transported to another data processing system for subsequent recovery at a later time at a terminal associated with the other data processing system, a private protocol may be defined using a primary file key i.e., a private file key. At the time the file is to be created, this key may be loaded directly into the terminal used for creating the data file as a working key under control of a load key direct operation. With this approach, enciphered data may be created and stored in data files for prolonged periods of time or in portable storage media using normal system data processing and system storage techniques without system knowledge that cryptography is being performed but providing file security for data. At the time the file is to be recovered, the private file key may again be loaded directly into the terminal used for the data file recovery as a working key under control of a load key direct operation. The data file may then be obtained using normal system access means and be transmitted to the terminal for decipherment. TERMINAL DATA SECURITY DEVICE Modern day communication terminals take many forms which may include stand-alone terminals having a variety of data entry devices such as keyboards, magnetic stripe card readers, light pens, etc. as well as a variety of output devices such as displays and printers. In addition to the stand-alone type of communication terminal there are cluster type communication terminals having a control unit capable of controlling a cluster of input/output devices such as display stations and printers. While the particular manner in which a communication terminal is implemented is not critical to the present invention, FIG. 2 is a block diagram of a representative communication terminal 1 showing data flow and control relationships. The terminal 1 is generally modular in nature and includes a programmable processor 2 operationally connected to a memory 3 which provides storage for data and the programs which are utilized to control the terminal 1. The processor 2 contains the normal facilities for addressing memory, for fetching and storing data, for processing data, for sequencing program instructions and for providing operational and data transfer control of a single I/O device 4 which may be a display type of device having a keyboard entry unit 5 and/or magnetic stripe card reader entry unit 6, a single I/O device 7 which may be a printer type of device or a cluster of such display and printer type of devices. The collection of data and control lines connected between the processor 2 and the I/O device or devices is commonly referred to as the I/O interface providing an information format and signal sequence common to all the I/O devices. The I/O interface lines generally include a data bus out which is used to transmit device addresses, commands and data from the processor 2 to the I/O device; a data bus in which is used to transmit device identification, data or status information from the I/O device to the processor 2 and tag signal lines which are used to provide signals identifying an I/O operation, the nature of information on the data bus and parity condition. Since each I/O device has a unique electrical interface, device adapters such as adapters 8 and 9 are generally provided to allow device connection to the common I/O interface. All I/O data transfers between the processor and the attached adapters may be performed in a programmed input/output (PIO) mode on a 1 byte per I/O instruction basis. In addition to the device adapters, a communication adapter 10 is also generally provided to connect the communication terminal 1 via modems and a communication line to a host system. Into this organization of a general purpose communication terminal 1 is integrated a data security device of the present invention. The data security device (DSD) 11 includes a crypto device 12, a master key (MK) memory 13, a DSD adapter 14 which connects to the I/O interface and optionally a manual entry device 15 for manually loading a terminal master key into the MK memory 13. Either one of two methods can be used for writing a terminal master key into the MK memory 13. The first method for writing the terminal master key in the MK memory 13 is achieved under program control. In this method, an I/O device having a keyboard, magnetic stripe card reader or the like, may use such elements to cause the terminal master key to be stored in the terminal memory 3 as in the case of conventional data entry. Subsequently, under program control, the terminal master key may be read from the terminal memory 3 to the MK memory 13 of the DSD in a manner which will be described in greater detail hereafter. The other method of writing the terminal master key into the MK memory 13 consists of manually writing the terminal master key into the MK memory 13 by means of individual toggle or rotary switches wired to produce binary coded hex digits as will be described in greater detail hereafter. To enable master key writing into the MK memory 13 by either method, an enable write master key (EW) switch is provided which is initially turned on when a write master key operation is initiated and turned off at the end of write master key operation. To prevent the key from being changed by unauthorized persons, the EW switch operation may be activated by a physical key lock arrangement. The DSD adapter 14 serves a dual function namely, providing adapter functions for DSD connection to the I/O interface and control functions for the DSD. The I/O interface provides the DSD adapter 14 with overall direction, gives it cipher keys to be used, presents it with data to be processed and accepts the processed results. Over-all direction is achieved by use of operation commands which are decoded and subsequently provide control in properly timed sequences of signals to carry out each command. These signals are synchronized with the transfer of data in and out. The DSD adapter 14 also controls the placing of cipher keys in the crypto device 12 and directs the crypto device in the enciphering and deciphering operations. The MK memory 13 is a non-volatile 16.times.4 bit random access memory (RAM) which is battery powered to enable key retention when terminal power may not be present. The terminal master key consists of eight master key bytes (64 bits) each of which consists of seven key bits and one parity bit. The crypto device 12 is the heart of the DSD hardware for performing enciphering and deciphering operations. The crypto device 12 performs encipher/decipher operations on a block cipher basis in which a message block of 8 data bytes (64 bits) is enciphered/deciphered under control of a 56 bit cipher working key to produce an enciphered/deciphered message block of 8 data bytes. The block cipher is a product cipher function which is accomplished through successive applications of a combination of non-linear substitutions and transpositions under control of the cipher working key. Sixteen operation defined rounds of the product cipher are executed in which the result of one round serves as the argument of the next round. This block cipher function operation is more fully described in the aforementioned U.S. Pat. No. 3,958,081. A basic encipher/decipher operation of a message block of data starts with the loading of the cipher key from the terminal memory 3. This key is generally stored under master key encipherment to conceal its true value. Therefore, it is received as a block of data and deciphered under the master key to obtain the enciphering/deciphering key in the clear. The clear key does not leave the crypto device 12 but is loaded back in as the working key. The message block of data to be enciphered/deciphered is then transferred to the crypto device 12 and the cipher function is performed, after which the resultant message block of enciphered/deciphered data is transferred from the crypto device 12 to the terminal memory 3. If subsequent encipher/decipher functions are to be performed using the same working key, there is no need to repeat the initial steps of loading and deciphering the working key as it will still be stored in the working key register. The crypto device 12 includes duplicate crypto engines operating in synchronism to achieve checking by 100% redundancy. Referring now to FIG. 3, one of the crypto engines is shown in simplified block form with a heavy lined border signifying a secure area. The crypto engine 16 contains a 64 bit input/output buffer register 17 divided into upper and lower buffer registers 18 and 19 of 32 bits each. The buffer register 17 is used in a mutually exclusive manner for receiving input data on a serial by byte basis from the bus in, termed an input cycle, and for providing output data in a serial by byte basis to the bus out, termed an output cycle. Thus, during each input cycle a message block of eight data bytes is written into the buffer register 17 from the terminal memory 3 while during each output cycle a message block of eight processed data bytes is read from the buffer register 17 to the terminal memory 3. Serial outputs of the buffer register 17 are also applied as serial inputs to the working key register 20 and a parity check circuit 21, the latter being controlled to be effective only when a 64 bit clear cipher key is to be loaded directly into the working key register 20 from the terminal memory 3 via the buffer register 17. Only 56 of the 64 bits are stored in the working key register 20, the 8 parity bits being used only in the parity check circuit 21. The buffer register 17 is also provided with parallel input and output paths from and to a 64 bit data register 22 also divided into upper and lower data registers 23 and 24 of 32 bits each. The upper and lower data registers 23 and 24 each possesses parallel outputs and two sets of parallel inputs. The parallel inputs to the lower data register 24 being from the lower buffer register 19 and the upper data register 23 while the parallel inputs to the upper data register being from the upper buffer register 18 and from the lower data register 24 after modification by the cipher function circuits 25. The 64 bit master key is inputted to the crypto engine 16 on a serial by byte basis with each byte being checked for correct parity by the parity check circuit 26. As in the case of the cipher key transfer from the buffer register 17 to the working key register 20, only 56 of the 64 bits are stored in the key register 20, the 8 parity bits being used only in the parity check circuit 26. During the loading process, the key register 20 is configured as seven 8-bit shift right registers to accommodate the eight 7-bit bytes received from the MK memory 13 (or the buffer register 16). When the working key is used for enciphering, the key register 20 is configured as two 28 bit recirculating shift left registers and the working key is shifted left, in accordance with a predetermined shift schedule, after each round of operation of the cipher function so that no set of key bits once used to perform a cipher operation is used again in the same manner. Twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the encipher operation. The shift schedule provided is such that the working key is restored to its initial beginning position at the end of the complete encipher operation. When the working key is used for deciphering, the key register 20 is configured as two 28 bit recirculating shift right registers and the working key is shifted right in accordance with a predetermined shift schedule, after each round of operation of the cipher function so that again no set of key bits is used again. As in the enciphering operation, twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the decipher operation. The shift schedule provided in this case is also such that the working key is restored to its initial beginning position at the end of the complete decipher operation. The cipher function circuits 24 perform a product cipher through successive application of a combination of non-linear substitutions and transpositions under control of the cipher working key. Sixteen rounds of the product cipher are executed in which the results of one round serves as the argument of the next round. Deciphering is accomplished by using the same key as for enciphering but with the shift schedule for shifting the key being altered so that the deciphering process is the reverse of the enciphering process, thus undoing in reverse order every step that was carried out during the enciphering process. During each round of the cipher function, the data contents of the upper data register 23, designated R, is enciphered under control of the working key, designated K, with the result being added modulo-2 to the contents of the lower data register 24, designated L, the operation being expressed as L f(R,K). At the end of the cipher round, the contents of the upper data register 23 is parallel transferred to the lower data register 24 while the output of the cipher function circuits 25 is parallel transferred to the upper data register 23 to form the arguments for the next round of the cipher function. After a total of sixteen rounds, which completes the total cipher function, the contents of the upper data register 23 is parallel transferred to the upper buffer register 18 while the output of the cipher function circuits 25 is parallel transferred to the lower buffer register 19. The transformed data contents of the buffer register 17 is then outputted via the bus out to the terminal memory 3. DSD COMMANDS AND ORDERS Input/output operations of an I/O device are generally directed by the execution of I/O instructions. In executing an I/O instruction, the processor generally provides an address field for addressing the I/O device, a command field for designating the operation to be performed and another address field for addressing the data field in memory from which data is fetched or to which data is stored. The data security device 11 of the present invention is responsive to seven types of commands from the processor as shown in the following table including the mnemonic and bit pattern of the command:
__________________________________________________________________________
COMMAND FORMAT
Command
Field
Name Mnemonic
0 1 2 3 4 5 6 7
__________________________________________________________________________
1. Reset Adaptor
RST --
-- --
-- 0 0 1 0
2. Set Basic Status
SET BS
--
-- --
-- 0 1 1 0
3. Reset Basic Status
RST BS
--
-- --
-- 0 1 0 0
4. Read Basic Status
RD BS --
-- --
-- 0 1 1 1
5. PIO Write Data
PIOW --
-- --
-- 1 1 0 0
6. PIO Read Data
PIOR --
-- --
-- 1 1 0 1
7. Write DSD Order
WR DSD
w x y z 1 1 1 0
__________________________________________________________________________
The following is a brief description of the function of each of the commands, the operation of which will be described in greater detail hereafter. 1. Reset Adapter (RST)--This command causes a reset signal to be created to reset all counters, flip-flops and latches in the adapter and control sections of the DSD. 2. Set Basic Status (SET BS)--This command causes those latches in a status register of the DSD that correspond to 1's in the data field to be set to 1. 3. Reset Basic Status (RST BS)--This command is similar to the SET BS command except that the status latches corresponding to 1's in the data field are set to 0. 4. Read Basic Status (RD BS)--This command causes the contents of the status latches to be applied via the data bus in to the processor. 5. PIOW Data (PIOW)--This command causes the data field to be loaded into the buffer register or the bits 0, 1, 2, and 3 of the data field to be stored in the MK memory depending on the operation to be performed. 6. PIOR Data (PIOR)--This command causes the contents of the buffer register, with correct parity, to be applied via the data bus in to the processor. 7. Write DSD Order (WR DSD)--This command uses the four high order bits of the command field to designate cipher key handling and data processing orders as shown in the following table including the mnemonic and bit pattern of the order field:
______________________________________
ORDER FORMAT
Order Command
Mne- Field Field
Name monic W X Y Z 4 5 6 7
______________________________________
Cipher Key Handling
1. Write Master Key
WMK 0 0 0 0 1 1 1 0
2. Load Key Direct
LKD 0 0 1 0 1 1 1 0
3. Decipher Key
DECK 0 1 1 1 1 1 1 0
Data Processing
1. Encipher ENC 1 0 0 0 1 1 1 0
2. Decipher DEC 1 0 1 0 1 1 1 0
______________________________________
DSD FUNCTIONS DSD cyptographic functions may be performed by combinations of the previously defined commands or by a combination of functions. These functions require an input to the cryptographic apparatus consisting of a key parameter of a data parameter. The notation used to describe these functions will be expressed as follows: FUNCTION[KEY PARAMETER].fwdarw.OUTPUT or FUNCTION[DATA PARAMETER].fwdarw.OUTPUT and when functions are combined, the notation used to describe the combined functions will be expressed as follows: FUNCTION[KEY PARAMETER, DATA PARAMETER].fwdarw.OUTPUT The salient characteristics of cryptographic functions are that (1) the key parameter, except in the case of the Load Key Direct function is always in enciphered form and therefore must be internally deciphered by the crypto engine before the clear key is used and that (2) no function allows keys to become available in clear form. The descriptions that follow describe what each function does and how it is performed. These functions will be described in greater detail hereafter but the general description of these functions or combination of functions are given at this point to provide a better understanding of how various security applications may be performed. The description may follow along with reference to FIG. 3 at times. In the diagrams which are referenced in the following, the cryptographic facility is shown in simplified block form for ease of understanding these operations and will be shown and described in greater detail hereafter. Before proceeding to the descriptions of the functions, a brief general description will be given on how the manual write key operation is performed. Referring now to FIG. 4, there is shown a simplified block diagram of a manual WMK operation. In the manual WMK operation, a EW switch is set on to enable writing into the MK memory 13 after which a MW switch is closed to enable manual writing and causing the current master key to be overwritten with whatever happens to be set in the data key entry switches. Following this, 16 sets of 4 bits (64 bits) are manually written into the MK memory 13 to complete the manual WMK operation. Referring now to FIG. 5, there is shown a simplified block diagram of a write master key (WMK) function. This function is carried out by the following sequence of commands: (1) WMK and (2) 16 PIOW's. In this operation, as in the manual WMK operation, the EW switch is previously set on to enable writing into the MK memory 13. The execution of this function causes the current master key in the master key memory 13 to be overwritten with whatever happens to be present as bits 0, 1, 2 and 3 on the bus in. Thereafter, the crypto engine controls are set to allow a 64 bit master key KM to be written as a key parameter into the MK memory 13 by means of 16 successive PIOW data commands with the bits 0, 1, 2 and 3 in the data fields associated with the 16 PIOW data commands constituting the new master key. The notation WMK[KM].fwdarw.KM is used to describe this operation whereby the term WMK indicates the function, the contents of the brackets indicate the key parameter input to the MK memory 13 and the arrow points to the result. Referring now to FIG. 6, there is shown a simplified block diagram of a load key direct (LKD) function. This function is carried out by the following sequence of commands: (1) LKD and (2) 8 PIOW's. The execution of this function sets the crypto engine controls to allow a 64 bit operational key KO to be loaded directly to a key parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW data commands constituting the new operational key. Within the crypto engine 16, the operational or data encrypting key is loaded into the buffer register 17 and then transferred to the working key register 20 as shown in FIG. 3. The notation LKD[KO].fwdarw.KO is used to describe this operation whereby the term LKD indicates the function, the contents of the bracket indicate the key parameter input to the crypto engine 16 and the arrow points to the result. Referring now to FIG. 7, there is shown a simplified block diagram of a decipher key DECK function. This function is carried out by the following sequence of commands: (1) DECK and (2) 8 PIOW's. The execution of this function sets the crypto engine controls to first allow the master key KM in the MK memory 13 to be transferred to the crypto engine 16 as the working key. After or during the master key transfer, a 64 bit data block, defined as an operational key enciphered under the master key, is loaded as a key parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the enciphered operational key. After the key parameter loading is completed, the crypto engine 16 performs a decipher operation to obtain the cipher key in clear form. The resultant clear cipher key does not leave the crypto engine 16 but is loaded back into the key register 20 of the crypto engine 16 replacing the master key as the working key. The notation DECK[E.sub.KM KO].fwdarw.KO is used to describe this operation whereby the term DECK indicates the function, the contents of the bracket indicate the key parameter which is inputted to the crypto engine 16 and the arrow points to the result. Referring now to FIG. 8, there is shown a simplified block diagram of an encipher (ENC) function. This function is carried out by the following sequence of commands: (1) ENC, (2) 8 PIOW's and (3) 8 PIOR's. The execution of this function sets the crypto engine controls to the encipher mode of operation and allows a 64 bit message block of data to be loaded as a data parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the message block of data to be enciphered. After the data parameter loading is completed, the crypto engine 16 performs an encipher operation to encipher the data parameter under the operational key presently stored in the working key register of the crypto device 16. The 64 bit enciphered result is transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated data fields of the terminal memory 3. The notation ENC[DATA].fwdarw.E.sub.KO DATA is used to describe this operation whereby the term ENC indicates the function, the contents of the bracket indicate the data parameter input to the crypto engine 16 and the arrow points to the result. Additionally, so long as the crypto engine controls remain set in the encipher mode of operation, then a message which consists of multiple 8 byte blocks of data may be enciphered by the crypto engine 16 by means of an encipher command followed by a series of successive 8 PIOW data commands and successive 8 PIOR data commands for each block of data. This message encipherment may be expressed by the notation: ENC[DATA.sub.1, DATA.sub.2 - - - - DATA.sub.N ].fwdarw.E.sub.KO (DATA.sub.1, DATA.sub.2 - - - - DATA.sub.N). Referring now to FIG. 9, there is shown a simplified block diagram of a decipher (DEC) function. This function is carried out by the following sequence of commands: (1) DEC, (2) 8 PIOW's and (3) 8 PIOR's. The execution of this function sets the crypto engine controls to a decipher mode of operation and allows a 64 bit message block of enciphered data to be loaded as a data parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the message block of enciphered data to be deciphered. After the data parameter loading is completed, the crypto engine 16 performs a decipher operation to decipher the data parameter under control of the operational key presently stored in the working key register of the crypto engine 16. The 64 bit deciphered result is transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated data fields of the terminal memory 3. The notation DEC[E.sub. KO DATA].fwdarw.DATA is used to describe this operation whereby the term DEC indicates the function, the contents of the bracket indicate the data parameter input to the crypto engine 16 and the arrow points to the results. Additionally, so long as the crypto engine controls remain set in the decipher mode of operation, then a message which consists of multiple blocks of enciphered data may be deciphered by the crypto engine 16 by means of a decipher command followed by a series of successive 8 PIOW data commands and successive 8 PIOR data commands for each block of enciphered data. This message decipherment may be expressed by the notation: DEC[E.sub.KO (DATA.sub.1, DATA.sub.2 - - - - DATA.sub.N)].fwdarw.DATA.sub.1, DATA.sub.2 - - - - DATA.sub.N. Referring now to FIG. 10, there is shown a simplified block diagram of an encipher data (ECPH) function. This function is a combination of the DECK function and the ENC function and is carried out by the following sequence of commands: (1) DECK, (2) 8 PIOW's, (3) ENC, (4) 8 PIOW's and (5) 8 PIOR's. Accordingly, in executing this function, the crypto engine controls are first set to the decipher key mode of operation by the DECK command causing the master key KM in the master key memory 13 to be transferred as the working key to the working key register of the crypto engine 16. After or during the master key loading, the key parameter of the function, consisting of an operational key enciphered under the master key, is loaded into the crypto engine 16 by means of 8 successive PIOW data commands. The crypto engine 16 then performs a decipher key operation to obtain the operational key in clear form which is then loaded back in as the working key of the crypto engine 16 replacing the previously loaded master key. The crypto engine controls are then set to an encipher mode of operation by the ENC command and the data parameter of the function, consisting of clear data, is loaded into the crypto engine 16 by means of 8 successive PIOW data commands. The crypto engine 16 then performs an encipher operation to encipher the data parameter under the present operational key. The enciphered result is then transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated fields of the terminal memory 3. The notation ECPH[E.sub.KM KO,DATA].fwdarw.E.sub.KO DATA is used to describe this operation whereby the term ECPH indicates the function, the contents of the bracket indicate the key parameter and data parameter inputs to the crypto engine and the arrow points to the results. Referring now to FIG. 11, there is shown a simplified block diagram of a decipher data (DCPH) function. This function is a combination of the DECK function and the DEC function and is carried out by the following sequence of commands: (1) DECK, (2) 8 PIOW's, (3) DEC, (4) 8 PIOW's and (5) 8 PIOR's. The first part of this function is identical to that for the encipher data function insofar as loading an operational key in clear form as the working key of the crypto engine 16. After the operational key loading is completed, the crypto engine controls are then set to a decipher mode of operation by the DEC command and the data parameter of the function, consisting of DATA enciphered under the operational key, is loaded into the crypto engine 16 by means of 8 successive PIOW data commands. The crypto engine 16 then performs the decipher operation to decipher the data parameter under control of the present operational key. The deciphered result is then transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated fields of the terminal memory 3. The notation DCPH[E.sub.KM KO,E.sub.KO DATA].fwdarw.DATA is used to describe this operation whereby the term DCPH indicates the function, the contents of the bracket indicate the key parameter and the data parameter inputs to the crypto engine and the arrow points to the result. COMMUNICATION AND FILE SECURITY APPLICATIONS The previous section provides a description of the various basic function, command and order capabilities of a terminal having a data security device capable of performing enciphering and deciphering operations. Accordingly, the following descriptions will provide an explanation of how such a terminal may be used in various communication and file security applications. While the diagrams used to illustrate these applications are simplified block diagrams, it should be understood that the networks represented by these diagrams are far more complex than that shown. However, this type of representation is used merely to simplify and aid in the understanding of the applications to be described. It should be further understood that the host system contains a full complement of known programming support including an operating system, application programs, a telecommunications access method which, in the case of single domain networks, directs the transmission of data between host application programs and terminals and, in the case of multiple domain networks, includes a multi system networking facility to permit cross domain communication, network control programs for routing data through the network(s) and a storage access method which directs storage and retrieval of data files. SESSION LEVEL COMMUNICATION SECURITY IN SINGLE DOMAIN NETWORKS Referring now to FIG. 12, there is shown a simplified block diagram of a single domain data communication network comprising a terminal 27 and a cluster type terminal 28, both of which contain data security devices, connected via communication lines to a host system 29, also having a data security device contained therein. The data security device of the host system 29 and the manner in which it is used to generate and manage cipher keys and perform encipher/decipher operations is more fully described in the aforementioned co-pending application Ser. No. 857,532. At host system initialization time, a primary key encrypting key KMH is generated in some random manner, as by coin or dice throwing, and then written into the MK memory of the host DSD. Following this, secondary communication key encrypting keys KEK.sub.1 and KEK.sub.2 are generated in clear form which, if system generated, are designated as terminal master keys KMT.sub.1 and KMT.sub.2 or, if privately generated, are designated as private terminal master keys KMTP.sub.1 and KMTP.sub.2. The clear system or private generated terminal master keys KEK.sub.1 and KEK.sub.2 are then distributed in a secure manner, as by courier, registered mail, public phone etc. to the authorized terminal users and retained at the host system in enciphered form. At the terminals 27 and 28, the first step of initializing the terminals for communication sessions is to secure the terminal master keys. This is accomplished by loading the KEK's into the MK memory of the respective terminal DSD's by manual or terminal control means as previously described. To establish a communication session between a terminal such as terminal 27 and the host system 29, the next step is to generate a primary communication operational or data encypting key as the common session key KS. This is initiated at terminal 27 by the authorized terminal user LOGON or SIGNON procedure which causes a message to be transmitted to the host system identifying itself and the application program with which it wishes to communicate and a request to initiate a communication session. The host system 29, in response thereto, communicates with the identified application program to determine whether it is available for a communication session with the requesting terminal 27. If available, the host system 29 causes a pseudo random number to be generated which is defined as being the system session key enciphered under the system master key. This is in keeping with the rule that no key shall ever appear in the clear. The enciphered session key is retained at the host system for encipher/decipher operations during the communication session. Additionally, in order to distribute the session key to the requesting terminal 27 the host system 29, using the enciphered terminal master key encrypting key and the enciphered session key, performs a transformation function which reenciphers the session key from encipherment under the system master key (primary key encrypting key) to encipherment under the terminal master key i.e. from E.sub.KMH KS to E.sub.KEK KS where KEK may be a system generated terminal master key KMT or a private generated terminal master key KMTP. A detailed description of this transformation function is provided in the aforementioned application Ser. No. 857,532. Since the session key is now enciphered under the terminal master key i.e. E.sub.KEK KS, it may be transmitted over the communication line to bind the requesting terminal 27 to the requested application program in host system 29 for a communication session. Now, having bound the session, whereby the requesting terminal 27 can communicate with the application program in host system 29, the terminal 27 may perform the following encipher data ECPH function: ECPH[E.sub.KEK KS, DATA.sub.T ].fwdarw.E.sub.KS DATA.sub.T In executing this function, a decipher key operation is first performed to obtain the session key in clear form as the working key, after which an encipher operation may be performed on the data to be transmitted over the communication line to the application program in host system 29. At the host system 29, the enciphered common session key is deciphered to obtain the session key in clear form for use as the working key, after which the enciphered data received from the terminal 27 may be deciphered to obtain the terminal data in clear form. Alternatively, host data may be enciphered under the session key at the host system 29 for transmission over the communication line to the terminal 27. In this case, the terminal 27 performs the following decipher data (DCPH) function to obtain the host data in clear form: DCPH [E.sub.KEK KS, E.sub.KS DATA.sub.H ].fwdarw.DATA.sub.H It should be noted that when the communication session is terminated, the terminal 27 must reinitiate a new request to the host system 29 for a new communication session and cause the host system 29 to generate a new session key enciphered under the terminal master key for establishing a new common operational key for the new communication session. This procedure provides increased security for the system since the primary communication keys are time variant and dynamically generated for each new communication session. It should be further noted that in the case of cluster type of terminals such as terminal 28 there may be multiple communication sessions concurrently in progress requiring more frequent operational key changes for the concurrent multiple communication sessions. Thus, in this arrangement, a different terminal master key KEK.sub.2 is loaded into the control unit C of the terminal 28. A terminal user at device A of terminal 28 uses session key KS.sub.2,1 to encipher/decipher data, the session key being generated at the host system 29 and communicated in enciphered form as E.sub.KEK.sbsb.2 KS.sub.2,1 to terminal 28. A terminal user at device B of terminal 28 uses a different session key KS.sub.2,2 to encipher/decipher data, this session key also being generated at the host system 29 and communicated in enciphered form as E.sub.KEK.sbsb.2 KS.sub.2,2 to terminal 28, with the session key KS.sub.2,2 replacing the previous session key KS.sub.2,1. Thus, it should be apparent that there will be frequent operational key changes for subsequent communications sessions thereby providing increased security for the system. PRIVATE LEVEL COMMUNICATION SECURITY IN SINGLE DOMAIN NETWORKS Referring now to FIG. 13, there is shown a simplified block diagram of a single domain data communication network comprising a terminal 30, containing a data security device, connected via a communication line to a host system 31 also having a data security device contained therein. There are many situations where it is desired to provide data transmissions through a data communication network using a private protocol and a private primary communication operational (data encrypting) key KSP. The private session key may be defined by the terminal user in a random manner, as by coin or dice throwing, and communicated in a secure manner to the authorized host user. The private session key may be loaded as the working key into the host system 31 and the terminal 30 by load key direct operations. A communication session may now be established between the terminal 30 and the host system 31 in the normal manner. After the session is bound, the terminal 30 may now encipher data to be transmitted to the host system 31 by means of the ENC function ENC[DATA.sub.T ].fwdarw.E.sub.KSP DATA.sub.T since the private session key KSP is already present as the working key. At the host system 31, the enciphered terminal data may be deciphered using the KSP working key to obtain the terminal data in clear form. Alternatively, host data may be enciphered under the private session key KSP at the host system 31 for transmission over the communication line to the terminal 30. In this case, the terminal 30 performs a DEC function DEC[E.sub.KSP DATA.sub.H ].fwdarw.DATA.sub.H to obtain the host data in clear form. It should be apparent that a similar application may be used where direct communication is desired between two crypto terminals each connected at opposite ends of a communication line. In this case, the pre-defined private session key KSP is loaded as the working key into both terminals so that data enciphered at one terminal by the ENC function and communicated over the communication line can be directly deciphered at the other terminal by the DEC function or visa versa. PRIVATE LEVEL COMMUNICATION SECURITY IN MULTIPLE DOMAIN NETWORKS Referring now to FIG. 14, there is shown a simplified block diagram of a multiple domain data communication network. Domain j of the network includes terminals 32 and 33, each containing a data security device, with the terminals 32 and 33 being locally attached or remotely, via communication lines, to the host system 34. Domain k of the network includes a terminal 35 containing a data security device connected locally or remotely, via a communication line, to the host system 36. With a multi-system networking facility in each of the host systems 34 and 36, cross domain communications may be established between the two host systems 34 and 36 which allow data communications between either of the terminals 32 or 33 in domain j and the terminal 35 in domain k. In multiple domain data communication networks, there are many instances where it is desirable to establish a private cryptrographic system which is independent of the cryptographic capabilities of the host systems in the network but which uses the data communication facilities of the network. In such an arrangement, where the end users use a private protocol unknown to the host systems, communication security is obtained by the use of a private session key KSP. The private session key KSP may be defined by the terminal user at terminal 32 in a random manner and communicated in a secure manner to the authorized terminal user at terminal 35. The private session key KSP may then be loaded as the working key in the respective terminals 32 and 35 by a load key direct operation. A cross domain communication session may then be established by the normal multi-system networking facilities of the respective host systems 34 and 36 to allow data communications between the respective terminals 32 and 35. Accordingly, after the session is bound, terminal 32 may then encipher data to be transmitted to terminal 35 by means of the ENC function ENC[DATA.sub.J ].fwdarw.E.sub.KSP DATA.sub. j since the private session key KSP is already present as the working key. At the terminal 35, the enciphered data received from terminal 32 may be deciphered using the KSP as the working key to obtain the enciphered data from terminal 32 in clear form. Alternatively, data may be enciphered under the private session key KSP at terminal 35 and transmitted through the communication network to the terminal 32. In this case, terminal 32 performs a DEC function DEC[E.sub.KSP DATA.sub.k ].fwdarw.DATA.sub.k to obtain the enciphered data from terminal 35 in clear form. It should be noted that a similar type of private cryptographic data communication arrangement may be established between terminals 32 and 33 within the single domain j, where the terminals are remote from the host system 34 or at least one is remote and the terminals wish to communicate with one another using a private protocol and the private primary communication key KSP. By loading the pre-defined private session key KSP as the working key in the respective terminals, data enciphered at one terminal by the ENC function and communicated over the network can be deciphered at the other terminal by the DEC function or visa versa. PRIVATE LEVEL FILE SECURITY IN SINGLE DOMAIN NETWORKS Referring now to FIG. 15, there is shown a simplified block diagram of a single domain data processing network comprising terminals 37 and 38, each containing a data security device, with the terminals 37 and 38 being locally attached (or remotely) to a host system 39. Also locally attached to the host system 39 is a storage media 40 such as a magnetic tape or disc for storing data files. Private cryptographic systems are finding increasing use where sensitive data generated by data processing systems is stored in data files on secondary storage media for prolonged periods of time. In such systems, file security may be obtained by the use of a private primary file key KFP. Thus, at the time a data file is to be created, the private file key KFP may be defined by the terminal user at, for example, terminal 37 in a random manner. The private file key KFP may then be loaded into the terminal 37 data security device as a working key by a load key direct operation. Following this, data which is to be stored in the data file may be enciphered by means of the ENC operation ENC[DATA.sub.T ].fwdarw.E.sub.KFP DATA.sub.T. The enciphered data may then be transmitted to the host system 39 for storage as a private data file on the storage media 40. Thus, by maintaining the data file in enciphered form on the storage media, file security is provided for sensitive data even though the data file is not recovered for a prolonged period of time. Subsequently, when the data file is to be recovered, the user which created the file may again load the private file key KFP into the same terminal 37 or the other terminal 38 as a working key by means of a load key direct operation. The host system 30 may then read the enciphered data file and transmit it to the terminal at which recovery is desired. At the requesting terminal, recovery may be accomplished by performing the decipher operation DEC[E.sub.KFP DATA.sub.T ].fwdarw.DATA.sub.T to obtain the data in the data file in clear form. PRIVATE LEVEL FILE SECURITY IN MULTIPLE DOMAIN NETWORKS Terminals are frequently used to generate sensitive data for storage in a portable data file which may subsequently be transported from one domain through an unprotected environment for recovery at a terminal in another domain. Because of the fact that the sensitive data file is transported through an unprotected environment, it becomes necessary to provide file security for such a portable data file. By using terminals having ciphering capabilities, a private cryptographic system can be provided, using a private protocol which is unknown to the host systems in the multiple domains, to obtain file security by the use of a private primary file key KFP. Referring now to FIG. 16, there is shown a simplified block diagram of a multiple domain data processing network. Domain j of the network includes a host system 41 having associated therewith a terminal 42 containing a data security device and a storage media 43 for storing a data file. Domain k of the network also includes a host system 44 having associated therewith a terminal 45 containing a data security device and a storage device 46 for a storage media. Thus, at the time the data file is to be created, the private file key KFP may be defined by the terminal user at terminal 42, in a random manner, which may then be loaded into the data security device of the terminal as a working key by a load key direct operation. Following this, the data which is to be stored in the data file may be enciphered by means of the ENC operation ENC [DATA].fwdarw.E.sub.KFP DATA. The enciphered data may then be transmitted to the host system 41 for storage as a private data file on the storage media 43. Thus, by maintaining the data file in enciphered form on the storage media, file security is provided for sensitive data even though it may be subsequently transported from domain j to domain k. Subsequently, the portable storage media 43 in which the data file is contained is transported by an authorized person or by teleprocessing means for installation in the storage device associated with the host system 44 in the domain k. When the data file is to be recovered, the user which created the file or one to whom he has communicated the private file key KFP may load this key into the terminal 45 as a working key by means of a load key direct operation. The host system 44 may then read the enciphered data file from the storage media 43 and transmit it to the terminal 45 for recovery. At the terminal 45, recovery may be accomplished by performing the decipher function DEC[E.sub.KFP DATA].fwdarw.DATA to obtain the data in the data file in clear form. DETAILED DESCRIPTION--TERMINAL DATA SECURITY DEVICE TERMINAL CLOCK Referring now to FIG. 17, there is shown the logic details of a clock pulse generator 100 used in the terminal of the present invention. The primary input is a square wave oscillator whose nominal repetition rate is 4 MHz, having approximately a 50% duty cycle. The oscillator 102 effectively drives a ring counter made up of two D-type flip-flops 108 and 110 which are used for controlling other logic circuits within the clock 100. The clock 100 produces a clock signal -C derived from the flip-flop 100 and additionally produces four basic clock pulses from a ring counter and the oscillator pulses on the phase 1, -phase 1, -phase 1 late, phase 3 late and phase 4 lines, each being nominally 125 ns in duration and having the relationships shown in FIG. 18. More specifically, the flip-flops 108 and 110 are initially in an off state with the flip-flop 110 applying a positive signal to one input of the AND circuit 130 and to condition the flip-flop 108 for being turned on. The leading edge of a pulse from the oscillator 102 is applied via inverters 104 and 106 to turn on the flip-flop 108 which, in being turned on, applies a positive signal to a second input of the AND circuit 130 and to condition the flip-flop 110 for being turned on. At the trailing edge of the first oscillator pulse, a positive signal is applied from the inverter 104 to render the AND circuit 130 effective to apply a positive pulse on the .0.3L line having a 125 ns duration. The leading edge of the next oscillator pulse is applied via the inverters 104 and 106 to turn on the conditioned flip-flop 110 which, in being turned on, applies a positive signal to condition the AND invert circuit 134 and to turn on the .0.4 latch 132. The latch 132, in being turned on, applies a positive signal to render the AND invert circuit 134 effective to apply a negative pulse on the -.0.4 line and, via inverter 136, a positive pulse on the .0.4 line, both pulses being of 125 ns duration. The flip-flop 110 in being turned on also applies a negative signal to condition the flip-flop 108 for being turned off and to render the AND invert circuit 120 effective to apply a positive signal to the -C line. The leading edge of the next oscillator pulse is effective via the inverters 104 and 106 to turn off the flip-flop 108 which, in being turned off, applies a positive signal to condition the AND invert circuit 124, to turn on the .0.1 latch 122 and to one input of the AND invert circuit 128 and also applied a negative signal to condition the flip-flop 110 for being turned off. The latch 122 in being turned on applies a positive signal to render the AND invert circuit 124 effective to apply a negative pulse to the .0.1 line and, via the inverter 126, a positive pulse to the .0.1 line, both being of 125 ns duration. The flip-flop 110 still being on applies a positive signal to a second input of the AND invert circuit 128. Accordingly, at the trailing edge of the third oscillator pulse, a positive signal is applied from inverter 104 to render the AND invert circuit 128 effective to apply a negative pulse on the .0.1L line having a duration of 125 ns. The trailing edge of the third oscillator pulse is also effective via the inverter 106 to apply a negative pulse to reset the latch 122. The leading edge of the fourth oscillator pulse is effective, via the inverters 104 and 106, to reset the flip-flop 110 which returns the ring counter back to its initial condition. The flip-flop 110 in being reset applies a positive signal to one input of the AND invert circuit 120 and after a delay provided by the inverters 112, 114, 116 and 118 to render the AND invert circit 120 effective to apply a negative signal on the -C line. At the end of the fourth oscillator cycle, the clock 100 is back at the initial condition to repeat the generation of the various clock pulses in successive phase times as shown in FIG. 18. MANUAL WRITE MASTER KEY (WMK) OPERATION The write master key operation consists of manually writing 16 half-bytes (4 bits) constituting the master key into the master key (MK) memory via 4 bit lines. Enable write (EW) and manual write (MW) switches are provided to initialize and control the 16 cycles needed for loading the individual half-bytes into the MK memory. Bit switches are also provided for producing the binary coded numbers 0 through F with all outputs being low for 0 and high for F. The master key is pre-generated, in a random manner, as 16 hexadecimal numbers to be written into the 16 locations of the MK memory. The following is a generalized step-by-step procedure of manually writing the master key into the MK memory. Step 1: Set the EW switch to the on or enable write master key (EWMK) position. Step 2: Press the MW switch once to reset the MK memory address counter to 0 and to overwrite the master key presently stored in the MK memory. Step 3: Set the bit switches to the half-byte to be written into the MK memory location 0. Step 4: Press the MW switch once. Step 5: Set the bit switches to the next half-byte to be written into the next succeeding location of the MK memory. Step 6: Press the MW push button once. Steps 7-34: Repeat Steps 5 and 6 in succession until the last half-byte has been written into the last location of the MK memory. Step 35: Set the EW switch to the off position. At any time during the execution of this procedure, as when there is uncertainty that it has been correctly done, a restart can be accomplished by doing Step 35 and beginning again with Step 1. Referring now to FIG. 19c1 and the timing diagram of FIG. 20, a more detailed description of the manual WMK operation will be given in the following. To initiate this operation, the Enable Write (EW) switch, which may be a SPDT switch activated by a physical key lock to prevent the key from being changed by unauthorized persons, is set to the ON position. Following this, the Manual Write (MW) switch, which may be a push-button switch, may be pressed to the MWNO position causing a negative pulse to be applied to turn on the MW latch 138. The latch 138 in being turned on applies a negative signal via the -MW line to turn on the MK BUS SELECT latch 140 and the manual write half byte (MWHB) control latch 154. The latch 140 in being turned on applies a positive signal to condition the AND circuits 164 in FIG. 19d1 for passing a half byte (4 bits) from the bit switches SW0-SW3. When the MW switch is released, it returns to the MWNC position causing a negative signal to be applied to reset the MW latch 138. The MW latch 138 in being reset applies a positive signal on the -MW line which together with the positive signal from the latch 140 renders the AND invert circuit 142 effective to apply a negative signal to turn on the ENABLE MAN RST latch 144. At .0.1 time of the next clock cycle, a .0.1 clock pulse together with the positive signal now on the -MW line and a positive signal from the latch 154 render the AND invert circuit 156 effective to apply a negative signal to the inverter 160 where it is inverted to a positive signal on the MWHB line. The positive signal on the MWHB line is applied to condition the AND invert circuits 152 and 158. The AND invert circuit 158 is effective to maintain the positive signal on the MWHB line until the next .0.1 time when a -.0.1 clock pulse is applied to decondition the AND invert circuit 158 causing the positive signal on the MWHB line to be terminated thereby providing a 1 microsecond positive signal on the MWHB line. The AND invert circuit 152 is rendered effective by a .0.4 clock pulse in the present clock cycle for resetting the MWHB CTRL latch 154. Referring now to FIG. 19c2, the positive signal on the MWHB line is inverted to a negative signal by inverter 162 to decondition the AND circuit 380 causing a negative signal to be applied to the -W ENABLE line and to decondition the AND inverter 376 which, in turn, applies a positive signal to the inverter 378 where it is inverted to a negative signal on the -M ENABLE line. Signals on the -M ENABLE and -W ENABLE lines are used to enable the MK memory for writing and reading operations. The MK memory 700 shown in block form in FIGS. 19e1 and 19e2 is a 16 word by 4 bit CMOS random access memory (RAM) which is used for storing the master key. The MK memory 700 is addressed by a 4-bit value on the address lines -ADR1, -ADR2, -ADR3 and -ADR4 from the setting of the address counter 390 in FIG. 19d2. When negative signals are applied to both the -W ENABLE and -M ENABLE lines, the information present on the 4 bit input lines 0, 1, 2 and 3 is written into the MK memory 700 at the designated address. A transistor switch 139 is provided in series with the -W ENABLE line to control writing into the MK memory 700. The potential at the base of this switch is controlled by the setting of the EW switch. Accordingly, when the EW switch is set on and a negative signal is applied to the -W ENABLE line, the transistor 139 is turned on to produce a negative signal on the -W ENABLE line to enable writing into the MK memory 700 whereas when the EW switch is set OFF the transistor switch 139 is biased off causing a positive signal to be maintained on the -W ENABLE line to prevent writing into the MK memory 700. Addressing of the MK memory 700 for reading is accomplished in the same manner as that for writing. When a positive signal is applied to the -W ENABLE line and a negative signal is applied to the -M ENABLE line, the information which was written into the designated address of the MK memory 700 is read out in inverted form to the 4 bit output lines of the MK memory 700 and applied to a buffer register consisting of the 4 shift registers 702. Referring now to FIGS. 19c1 and 19c2, during .0.3 time, a positive .0.3L clock pulse together with positive signals from the latches 144 and 146 render the AND invert circuit 148 effective to apply a negative signal to turn on the MAN RST latch 150 which remains set until the next clock cycle when a -.0.1L clock pulse is applied to reset latch 150 thereby providing a negative signal on the MAN RST line from .0.3L time to .0.1L time. The MAN RST latch 150 in being turned on applies a negative signal via the -MAN RST line to reset the latch 146, to decondition the AND circuit 382, and to turn on the master key overwrite (MK OVW) latch 276 and the KEY INVALID latch 278 in FIG. 19c3. The AND circuit 382 in being deconditioned is effective to apply a negative signal to the reset inputs of the address counter 390 resetting the | ||||||