RU2837327C1 - Method for cryptographic protection of data transmitted over open communication channel - Google Patents

Abstract

FIELD: network information systems.

SUBSTANCE: during interaction between protected network devices and a server, a set of keys is formed, a manipulation table is used, a range of used keys is set, to change the keys, a random number generator is used, the number of basic cycles of the microcomputer is unique for each device, the ND identifier is determined by the difference in the number of idle cycles required to execute fictitious encryption commands, message from client to server contains a client identifier and encrypted data, pre-supplemented with a random set of characters of a certain length, message encryption is carried out by permutation of message symbols within a sliding window, the size of which is associated with the size of the key used, wherein the permutation is carried out based on the values of the successively analysed bits of such a key from the least significant to the most significant: if a certain bit of the key has a value of one, the corresponding symbols in the message are interchanged, and the effect of each bit of the key on permutation of symbols is determined by a manipulation table formed on the basis of the identifier of the ND, wherein after performing the permutation within the sliding window in the form of enumeration of all bits of the key, the latter is shifted by one symbol towards its final symbol, and when the window reaches the final symbol of the message, the window moves to the beginning of the message, then the next key from the set is selected, after which the next permutation cycle is performed, wherein the number of permutation cycles is randomly selected by the ND, wherein ND does not report number of used keys to server, after which decryption of the message on the server side is carried out by reverse manipulations with the received message based on information on the number of keys applied to the original message and padding, wherein produced message is checked for correctness by re-encryption and control over number of microcomputer cycles.

EFFECT: improved cryptographic protection of information, ensuring validation of the received message.

1 cl, 2 dwg

Description

1. Field of technology

The invention relates to network information systems and can be used to ensure cryptographic protection of information during its transmission over open communication channels.

2. State of the art

Currently, counters, sensors and other devices using microcontrollers and connected to the network are widely used in industrial information systems. Data and signals from these devices can be used to control various technological processes, the violation of which can lead to negative consequences. However, often there is no information protection in the devices and in the network. Therefore, it is necessary to protect the information exchanged by these devices from substitution.

Encryption methods are known according to patents for inventions RU 2 542 880 C1, RU 2 691 253 C2.

A solution is known for patent RU 2 726 930 C1, according to which in the method, when performing the operation of recording and editing files of electronic documents at times t1, t2,…, tk, rows and columns containing metadata records are formed in the memory of the data processing system, over which cryptographic transformation operations are performed on subsets of keys, while an enlarged image (opens in a separate window) as a result of which the values of the signatures of the corresponding columns and rows are formed, over which concatenation operations are performed with subsequent records, after which these operations are performed similarly for all rows and columns.

Close to the proposed solution is a cryptographic method of authentication and identification with real-time encryption according to patent RU 2 584 500 C2, which method of protecting data and guaranteeing their origin contains the following stages: i) generating and storing an RSA key pair consisting of the first key (Sa) and the second key (Pa) for signing client certificates in the center; ii) generating and storing two RSA key pairs for the client device, consisting of the third key of the client device (Sc) and the fourth key of the client device (Pc), as well as the first key (St) for key encryption and the second key (Pt) for key encryption; iii) generating an encrypted key by encrypting the third key of the client device (Sc) with the second key (Pt) for key encryption, as well as generating a client certificate in the center; iv) transmitting the encrypted key and the client certificate to the client device; v) transmitting the first key encryption key (St) to the client device upon request by the client device; vi) decrypting the encrypted key with the first key encryption key (St) in the client device, whereby a third key of the client device (Sc) is obtained; vii) encrypting the reordered numerical sequence in the center with the fourth key of the client device (Pc); viii) transmitting the encrypted reordered numerical sequence; ix) decrypting the encrypted reordered numerical sequence in the client device; x) encrypting the first PIN code input in the client device with the third key of the client device (Sc) into a cipher; xi) sending the cipher and the client certificate to the center; xii) decrypting the cipher in the center with the fourth key of the client device (Pc), decrypting the first PIN code input.

The closest in its technical essence to the claimed method is the method described in patent RU 2 141 729 C1, in which the cryptographic transformation of binary data blocks consists of dividing the data block into N≥2 sub-blocks, sequentially transforming the sub-blocks by performing on the sub-block at least one transformation operation that depends on the value of the input block, and the operation of permuting the bits of the sub-block is used as the operation that depends on the value of the input block.

The disadvantages of these methods are the difficulty of implementation in digital systems based on low-performance microcontrollers, as well as the possibility of compromising encryption keys when intercepting information (for example, listening to a communication channel) by a third-party device for the purpose of subsequent substitution of information.

3. Essence and disclosure of the invention

The technical result of the proposed solution (a method for ensuring cryptographic protection of information in a network information system that contains a data collection server (DCS) and protected network devices (NDS) consists in increasing the productivity of the encryption process and authentication of subscribers in a network information system (NIS).

The claimed method allows the recipient to ensure verification of the authenticity of the received message due to the fact that the original data, before sending, are combined with a randomly generated supplement known only to the sender, into a message on which a bit permutation operation is performed, wherein the permutation sequence is determined by the values of the bits of the iteration key, which changes after the completion of each full permutation cycle (the number of permutation subcycles - movements of the sliding window along the message - is determined by the size of the message in bits), and the number of permutation cycles is determined randomly by the sending device, depends on the content of the message and is not transmitted explicitly over the communication channel, which allows the transmitting device to increase the complexity of decrypting the message by the recipient in the event of a compromised session (participation in the exchange of data of an outside subscriber) by changing the amount of information on the number of decryption cycles.

The fact of session compromise is determined by calculating the sum of the complements of all messages transmitted within the session and transmitting the specified sum to the sending device for comparison of the values. In case of mismatch of values, the sender is able to change the complexity of decryption of the message by increasing the requirements for the computing resources of the receiving device due to the need to perform more decryption cycles and initiate a new session with the generation of a different set of keys. In case of confirmation of the integrity of the session, the sender switches to a simplified encryption mode based on the permutation table previously generated when using the normal encryption mode using a set of keys.

The method differs from the known ones in that it uses information unique to a specific hardware and/or software implementation of the algorithm for their generation (intentionally introduced errors, calculation inaccuracies and features of the microcomputer used) to generate keys, thereby preventing the generation of an identical set of keys using a different hardware platform or non-original software. Also, with a known set of keys (their compromise) and the order of their alternation within a session, a third-party device on that hardware architecture, having non-original software, is unable to replace the message so that it indicates the correct number of cycles spent on its encryption, which allows the receiver to determine the fact of compromise of the session.

For the purposes of this application, the terms "microcontroller" and "microcomputer" are used interchangeably.

The method for ensuring cryptographic protection of information in a network information system that contains a data collection server and protected network devices is characterized by the fact that:

A. The interaction between the protected network device (PD) and the server consists of three stages:

- Formation of a set of basic keys, agreement on the manipulation table, the range of keys used, the base value of the random number generator used to change keys, and authentication of the control system.

- Formation of an extended set of keys of the control system and their transmission to the server in encrypted form, combined with server authentication.

- Transfer of target data with device authenticity control.

B. Cryptographic transformation is performed only for messages transmitted from the control system to the server; messages in the opposite direction are transmitted in clear text.

B. The computing power required to decrypt a message from a client at the server authorization stage exceeds the computing power required to encrypt such a message, due to the need to select the correct number and perform a control encryption of the message to verify the correctness of its decryption during such selection.

G. On the SU side there is no possibility of decrypting any messages.

D. The number of basic microcomputer cycles required to encrypt the same message using the same set and number of keys is, with a high degree of probability, unique for each device, which is achieved by adding a random set of commands to the encryption function that do not affect the result of converting the original message, but require additional time for their execution.

E. The SU identifier is determined by the difference in the number of idle cycles (necessary to execute dummy commands) spent on encrypting the message on the client side and - similarly - on the server side. The additional identifier is calculated by the server; the client does not have the ability to calculate it.

Ё. The formation of the main set of keys on the side of the control system and the server is carried out on a hardware and software platform identical for both devices and is based on the result of measuring the number of basic microcomputer cycles spent on performing mathematical operations with a set of random numbers, which is formed on the server side and transmitted to the client in open form.

G. The message transmitted by the client to the server consists of:

- the primary client identifier transmitted in clear text,

- encrypted payload data, pre-supplemented with a random set of characters of a certain length known to the client and server,

- a field that contains the number of basic cycles of the client's microcomputer spent on encrypting the message, taking into account the execution of fictitious commands,

- a field that contains the value of the hash function of the order of the characters in the message after its encryption (permutation), presented in numerical form,

- command field - a request from the server for a session control number, a request to open a new session, a command to switch to a simplified encryption scheme,

- encryption of a message consisting of useful data supplemented with a random sequence of symbols (padding) is performed on the CS side by permuting the message symbols (bits or bytes) within a sliding window, the size of which is related to the size of the key used, with the permutation being performed based on the values of sequentially analyzed bits of such a key from the least significant to the most significant - if a certain bit of the key has a value of one, the corresponding symbols in the message are swapped. The influence of each bit of the key on the permutation of certain symbols of the message within the sliding window is determined by the manipulation table formed on the basis of the CS identifier. After performing the permutation within the sliding window (enumerating all the bits of the key), the latter is shifted along the message by one symbol towards its final symbol, and when the window reaches the final symbol of the message, the window moves to the beginning of the message, then the next key is selected from the set, after which the next permutation cycle is performed. The number of permutation cycles is selected randomly by the CS, while the CS does not report the number of keys used to the server.

3. The change of keys is carried out when encrypting a message using a pseudo-random number sequence generator, the base value of which is agreed upon at the stage of opening the information exchange session, and synchronization of the SU and server generators occurs when the SU message is encrypted and decrypted by the server based on information about the number of keys used.

I. The message is decrypted on the server side by reverse manipulations with the received message based on information about the number of keys applied to the original message (and supplement), which are contained in the corresponding field of the message, while reverse permutations of symbols in the received message are performed for each number of used keys from the range specified in the message, and the correctness of the message decryption (the correctness of the choice of the number of used keys from the range specified in the message) is checked by re-encrypting it with subsequent checking of the hash function value from the final order of symbols in the message, calculated by the server and a similar value specified in the corresponding field of the received message, as well as checking the number of cycles spent on encrypting the message with an adjustment for the additional client identifier for compliance with the value specified in the received message. Upon confirmation of the correct decryption of the message and the authenticity of the SU, a record is added to the server's permutation table containing the order of symbols in the encrypted message and the corresponding hash function value. The server changes keys when decrypting a message in the reverse order to encryption.

K. The formation of an additional set of keys is performed by the control system based on its local hardware random number generator and is transmitted to the server in encrypted form using the basic set of keys.

L. Authentication (authenticity check) of the CS (stage 1) is performed by the CS forming a request from the server to encrypt a random message transmitted together with such request in clear text, and sending the CS in response to such request the encrypted value of the hash function of the contents of the area of its RAM used by the encryption function on the client side, of the size requested by the server starting from the address specified in the request. The server on its side performs similar actions with such a message and compares the value of the hash function obtained as a result of its manipulations and the decrypted value of the hash function contained in the CS response. If these values match, the CS is considered authorized (the originality of its hardware and software platform is confirmed) and it is assigned an identifier representing the arithmetic difference between the number of microcomputer cycles spent on encrypting the message on the server side and a similar one on the CS side (in accordance with paragraph 5, they will be different). The identifier is used by the server to confirm the authenticity of the client at all stages of information exchange.

M. The server periodically randomly generates fictitious messages on behalf of the control system with which data is exchanged, and the potential interceptor of the message will have the order of application of keys (synchronization) violated.

H. Verification of the correct decryption of a message by the server is carried out by comparing the value of the hash function calculated from the original data of the message with a similar value received from the server after it has successfully decrypted such a message.

A. Server authentication (stage 2) is performed as part of its exchange of additional keys with the CS, and consists of the client consistently reducing the complexity of decrypting the message by the server from the maximum (upper limit of the key range) to the minimum (lower limit of the key range) each time the server confirms the correctness of the message decryption, which is controlled by the client by comparing the hash value of the original message and the similar value sent by the server in response. In the absence of such a response from the server, or in the event of an incorrect response, the client initiates a new data exchange session with a change of keys.

P. Confirmation of the server authorization session is performed by the CS forming a request for the server to transmit a control number, which is the arithmetic sum of the complements of all messages received by it within the session. The CS compares the control number received from the server with the similar number calculated on its side and, in case of their discrepancy, initiates a new session. Otherwise, the CS initiates the transition to a simplified encryption scheme, indicating the corresponding command in the corresponding field of the next message.

R. The exchange of useful data between the authenticated CS and the server (stage 3) is performed using a simplified encryption scheme using a permutation table generated at the server authentication stage, each element of which consists of a structure describing the order of symbols in the encrypted message and the corresponding hash function value. The permutation table contains eight elements and is updated during the message exchange by using additional permutations using keys, with a new table element generated as a result of encrypting the last sent message replacing the oldest one. When encrypting the next message, the client selects a random entry from its permutation table, permutes the symbols in the message in accordance with the order of their sequence specified in such entry, after which it performs an additional permutation of symbols in the message using several (from one to three) keys and writes the hash function value of the used permutation and the exact number of keys used for encryption in the corresponding field of the message. The server performs a reverse permutation using the number of keys specified in the message, after which it sorts the symbols in the message in ascending order of their numbers, assuming that the order of the symbols in the encrypted message corresponds to that specified in the permutation table for the corresponding hash function value contained in the message. The resulting message is checked for correctness by re-encrypting it and monitoring the number of microcomputer cycles spent on this procedure. This solution makes it possible to identify and/or neutralize interference in the session (sessions) of information exchange, eliminates the need to transmit encryption keys over an unprotected communication channel, manages the complexity of message decryption, and increases the reliability and speed of message encryption and decryption in the absence of interference in the session, which is especially important when transmitting video and audio streams.

For the purposes of this application, unless otherwise expressly stated, the terms and abbreviations “protected network device”, “network device” and “CS” are completely equivalent.

4. Implementation of the invention

The invention is based on the use of features of the hardware and software implementation of the key generation algorithm and the encryption algorithm.

The set task is achieved by the fact that:

Message sender:

1. Sends a request to open a session to the message recipient and receives confirmation (automatic or personally performed) for such opening from the recipient, after which it generates a session set of encryption keys at the beginning of the information exchange session based on the information received from the message recipient in response to the request to open a session, namely, the starting value for the local random number generator (RNG1) and a certain set of numbers, while the keys are generated based on the number of computing cycles of the sender's microcomputer (or its software equivalent) spent on performing a number of pre-agreed mathematical operations with these numbers, due to which the keys are unique for devices with a specific hardware and software implementation of the key generation algorithm. No keys are transferred between the sender and the recipient of messages. A zero value is written to register S1 . The number X is selected randomly in a given range. The permutation table T is cleared. The F flag is reset. The session control request flag Y is reset.

2. Performs encryption of the original data, which is carried out as follows:

2.1. Based on the value of the local random number generator (RNG2), a complement of a predetermined size is formed. The complement value is accumulated in register S1 .

2.2. The original data and the generated supplement are combined into a single bit sequence - a message with a total length of len .

2.3. If the permutation table T contains a multiple of eight elements, the F flag is set, the Y flag is set, and the transition to point 2.13 is made.

2.4. Based on the value of the RNG1 generator, the minimum number of permutation cycles N1 is selected.

2.5. Based on the value of RNG1, one key is selected from the set of session keys.

2.6. A section of the message (window) is selected, the size of which is determined by the length of the key, starting from the least significant bit.

2.7. Analyzing the key bits, starting with its least significant bit, the encryption machine, in accordance with a pre-agreed order, swaps the message bits in the window if the corresponding key bit contains a logical one and does not perform any operation if the corresponding key bit contains a logical zero. The operation is performed for all key bits.

2.8. Next, the next section of the message is selected (the window is shifted) so that the beginning of the window is shifted by one bit towards the most significant bit of the message.

2.9. Points 2.7 - 2.8 are executed until further shifting of the window becomes impossible - the most significant bit of the window will correspond to the most significant bit of the message.

2.10. Points 2.5 - 2.9 are performed until a specified number of permutation cycles N1 is performed and until the arrangement of bits in the message satisfies the message balancing condition:

(1)

, big eight

N2 - the number of additional permutation cycles required to satisfy condition (1)

2.11. The order of bits in the encrypted message, represented as a number Z , as well as the hash function of this number H1, is stored in the permutation table T in the format “Z-H1”.

2.12. Proceed to point 2.15.

2.13. A random element K is selected from the permutation table T.

2.14. The bits in the message are permuted in accordance with the order specified in the permutation table for element K , and the hash value for this element is assigned to H1 .

2.15. The message is supplemented with a valueH1, hash functionH2from the number of computing cycles of the sender's microcomputer or its software equivalent spent on performing operations according to paragraphs 2.5 - 2.10 in the case of a reset flagFand operations under paragraph 2.14 in the event that the flagFis set, as well as the value of the remainder from the divisionDtotal number of permutation cyclesN1+N2on the numberXAnd the number itselfXin case the flagFnot set, and also the session control request flagY.

2.16. The message is transmitted via the communication channel.

2.17. If a session control request Y was sent in the message, the sender expects to receive the control number S2 from the recipient.

2.18. The number S2 is compared with the value of register S1 , and if they are not equal, the transition to step 1 is performed. If they are equal, the flag Y is reset and the transition to step 2.1 is performed to encrypt the new message.

In turn, the recipient of the message carries out:

1. Formation of a session set of encryption keys upon receipt of a request from the sender using the hardware and software equivalent of the sender's microcomputer. Sending data to form session keys to the sender.

2. Decryption of the message, during which:

2.1. If there is a hash function value in the permutation table T that matches the received value H1, the bits in the received message are permuted in ascending order of their numbers (sorting), taking into account that their initial order corresponds to that specified in the table (fast decryption). The flag F is set. Upon completion of the permutation, the transition to point 2.9 is performed.

2.2. Selecting a minimum number M that has not been previously used in the current decryption, the remainder of which when divided by the number X , the value of which is indicated in the received packet, corresponds to the received number D.

2.3. Based on the random number generator (RNG1), a key is found that corresponds to the last encryption cycle on the sender's side, in accordance with the expected cycle number M (it will be the first decryption key on the recipient's side).

2.4. A section of the message (window) is selected, the size of which is determined by the length of the key, starting from the most significant bit.

2.5. Analyzing the key bits, starting with its most significant bit, the decryption machine, in accordance with a pre-agreed order, swaps the message bits in the window if the corresponding key bit contains a logical one and does not perform any operation if the corresponding key bit contains a logical zero. The operation is performed for all key bits.

2.6. Next, the next section of the message is selected (the window is shifted) so that the beginning of the window is shifted by one bit towards the least significant bit of the message.

2.7. Points 2.4 - 2.5 are executed until further shifting of the window becomes impossible - the least significant bit of the window will correspond to the least significant bit of the message.

2.8. Points 2.3 - 2.6 are performed until the number of decryption cycles M is completed.

2.9 The message is divided into data E and complement A .

2.10. When the F flag is set, the transition to point 2.14 occurs.

2.11. The message is encrypted in the same way as the sender encrypted it, using the received initial key number (final for decryption) and the encryption cycle number M. The keys are searched in the reverse order of decryption.

2.12. The value of the hash function from the resulting message encryption of the final bit order, presented as a set of integers, is compared with the value H1 received in the packet.

2.13. If these values do not match, proceed to paragraph 2.1.

2.14. If the values match, a comparison is made of the hash function value from the number of microcomputer cycles spent on encrypting the message with the F flag cleared or on fast decryption with the F flag set with the accepted value H2. If the values do not match and the F flag is cleared, a transition is made to point 2.1.

2.15. Supplement A is accumulated in the recipient's register S1 .

2.16. The order of the bits in the encrypted message and the hash value of it are stored in the permutation table.

2.17. The data from the message is considered correct and is sent for processing.

2.18. When the session control flag Y is set, the value of register S1 is sent to the message source.

The specified operations and sequences are illustrated by Figures 1 and 2 (the sender's block diagram and the receiver's block diagram, respectively).

The protection of data transmitted over an open communication channel thus increases, as does the difficulty of decrypting the message.

The proposed procedure for performing actions guarantees users high protection of data transmitted through open communication channels, as well as a mechanism for flexible adjustment of the degree of such protection depending on the presence or absence of signs of attempts to violate it.

Claims (28)

A method for ensuring cryptographic protection of data in a network information system that contains a data collection server and protected network devices, characterized in that: A) interaction between protected network devices and the server consists of three stages: - formation of a set of basic keys, agreement on the manipulation table, the range of keys used, the base value of the random number generator used to change keys, and authentication of protected network devices, - formation of an extended set of keys for each protected network device and their transmission to the server in encrypted form, combined with server authentication, - transmission of target data with device authentication control; B) cryptographic transformation is performed only for messages transmitted from network devices to the server; messages in the opposite direction are transmitted in clear text; B) the computing power required to decrypt the message from the client at the server authorization stage exceeds the computing power required to encrypt such a message, due to the need to select the correct number and perform a control encryption of the message to verify the correctness of its decryption during such selection; D) on the control system side there is no possibility of decrypting any messages; D) the number of basic microcomputer cycles required to encrypt the same message using the same set and number of keys is unique for each device, which is achieved by adding a random set of commands to the encryption function that do not affect the result of converting the original message, but require additional time for their execution; E) the identifier of the control system is determined by the difference in the number of idle cycles required to execute dummy commands spent on encrypting the message on the client side and similarly on the server side, while the additional identifier is calculated by the server, and the client does not have the ability to calculate it; Ё) the formation of the main set of keys on the control system and server side is performed on a hardware and software platform that is identical for both devices and is based on the result of measuring the number of basic microcomputer cycles spent on performing mathematical operations with a set of random numbers that is formed on the server side and transmitted to the client in open form; G) the message transmitted by the client to the server consists of: - the primary client identifier transmitted in clear text, - encrypted payload data, pre-supplemented with a random set of characters of a certain length known to the client and server, - a field that contains the number of basic cycles of the client's microcomputer spent on encrypting the message, taking into account the execution of fictitious commands, - a field that contains the value of the hash function of the order of the characters in the message after its encryption, presented in numerical form, - a command field for requesting a session control number from the server, a request to open a new session, a command to switch to a simplified encryption scheme, 3) encryption of a message consisting of useful data supplemented with a random sequence of symbols is performed on the CS side by permuting the message symbols within a sliding window, the size of which is related to the size of the key used, with the permutation being performed based on the values of sequentially analyzed bits of such a key from the least significant to the most significant: if a certain bit of the key has a value of one, the symbols corresponding to it in the message are swapped, with the influence of each bit of the key on the permutation of certain symbols of the message within the sliding window being determined by a manipulation table formed on the basis of the CS identifier, with after performing the permutation within the sliding window in the form of enumerating all the bits of the key, the latter is shifted along the message by one symbol towards its final symbol, and when the window reaches the final symbol of the message, the window is moved to the beginning of the message, then the next key is selected from the set, after which the next permutation cycle is performed, with the number of permutation cycles being randomly selected by the CS, with the CS not reporting the number of keys used to the server; I) the change of keys during message encryption is performed using a pseudo-random number sequence generator, the base value of which is agreed upon at the stage of opening the information exchange session, and synchronization of the SU and server generators occurs during the encryption of the SU message and its decryption by the server based on data on the number of keys used; K) decryption of the message on the server side is performed by reverse manipulations with the received message based on information about the number of keys applied to the original message and the complement, which are contained in the corresponding field of the message, while reverse permutations of symbols in the received message are performed for each number of used keys from the range specified in the message, and control of the correctness of the decryption of the message, i.e. the correctness of the choice of the number of keys used from the range specified in the message, is performed by re-encrypting it with subsequent control of the hash function value from the final order of symbols in the message, calculated by the server, and a similar value specified in the corresponding field of the received message, as well as control of the number of cycles spent on encrypting the message with an adjustment for the additional client identifier for compliance with the value specified in the received message, while upon confirmation of the correct decryption of the message and the authenticity of the SU, a record is added to the server's permutation table containing the order of symbols in the encrypted message and the corresponding hash function value, while the change of keys When decrypting a message, the server performs the decryption in the reverse order of encryption; L) the formation of an additional set of keys is performed by the control system based on its local hardware random number generator and is transmitted to the server in encrypted form using the basic set of keys; M) authentication of the control system of stage 1 is performed by the control system generating a request from the server to encrypt a random message transmitted together with such request in clear text, and sending the control system in response to such request an encrypted value of the hash function of the contents of the area of its operational memory used by the encryption function on the client side, of the size requested by the server starting from the address specified in the request, whereby the server on its side performs similar actions with such a message and compares the value of the hash function obtained as a result of its manipulations and the decrypted value of the hash function contained in the control system response, whereby if these values coincide, the control system is considered authorized and is assigned an identifier representing the arithmetic difference between the number of microcomputer cycles spent on encrypting the message on the server side and a similar one on the control system side, after which the identifier is used by the server to confirm the authenticity of the client at all stages of the information exchange; H) the server periodically randomly generates fictitious messages on behalf of the control system with which data is exchanged, while the sequence of key application will be violated for a potential interceptor of the message; O) verification of the correct decryption of the message by the server is performed by comparing the value of the hash function calculated from the original data of the message with a similar value received from the server after it has successfully decrypted such a message; P) authentication of the stage 2 server is carried out within the framework of its exchange of additional keys with the CS and consists of the client successively reducing the complexity of decrypting the message by the server from the maximum, which is the upper limit of the key range, to the minimum, which is the lower limit of the key range, each time the server confirms the correctness of the decryption of the message, which is controlled by the client by comparing the hash value of the original message and the similar value sent by the server in response, and in the absence of such a response from the server or in the event of an incorrect response, the client initiates a new data exchange session with a change of keys; P) confirmation of the server authorization session is carried out by means of the formation by the control system of a request for the server to transmit a control number, which is the arithmetic sum of the complements of all messages received by it within the session, while the control system compares the control number received from the server with a similar number calculated on its side and, in the event of a discrepancy, initiates a new session, and in the event of a match, the control system initiates a transition to a simplified encryption scheme, indicating the corresponding command in the corresponding field of the next message; C) the exchange of useful data between the authenticated CS and the server in step 3 is performed using a simplified encryption scheme using a permutation table generated at the server authentication step, each element of which consists of a structure describing the order of the symbols in the encrypted message and the corresponding hash function value, where the permutation table contains eight elements and is updated during the message exchange process by using additional permutations using keys, wherein a new table element generated as a result of encrypting the last sent message replaces the oldest one, and when encrypting the next message, the client selects a random entry from its own permutation table, permutes the symbols in the message in accordance with the order of their sequence specified in such entry, after which it performs an additional permutation of the symbols in the message using one to three keys and writes the hash function value of the permutation used and the exact number of keys used for encryption in the corresponding field of the message, and the server performs a reverse permutation using the number of keys specified in the message, after which it sorts the symbols in the message in ascending order of their numbers, assuming that the order of the characters in the encrypted message corresponds to that specified in the permutation table for the corresponding hash value contained in the message, T) the resulting message is checked for correctness by re-encrypting it and checking the number of microcomputer cycles spent on this procedure.