TWI287767B - Encryption device and method, decryption device and method, integrity authentication code generation device and method, integrity authentication code auxiliary device, integrity recognition device, and wireless communication device - Google Patents

Abstract

The present invention uses a hidden function f8 for generating a random number sequence to generate a random number sequence in advance, and saves it in a random number sequence memory unit (buffer). When data (message) has been inputted, the present invention could retrieve the saved random number sequence from the random number sequence memory unit, encrypt the data (message) in XOR logic and an operating circuit, and make cipher characters. When decrypting the data, the present invention could use the data hidden function f8 to generate a random number sequence in advance, and save it in the random number sequence memory unit (buffer). When the cipher characters have been inputted, the present invention could read the random number sequence from the random number sequence memory unit (buffer) in the XOR logic and the operating circuit, and then decrypt the data (message).

Description

^87767

FIELD OF THE INVENTION The present invention relates to a mobile phone or the like: an encryption device and a decoding device, a meta-authentication sub-generation device, an integrity authentication sub-addition device, a complete homing device, and a wireless communication device, in particular, a data hiding process and Integrity protection processing. Conventional Technology: Fig. 24 shows a conventional mobile telephone 5〇〇.

The conventional mobile phone 500 includes a terminal IF (interface) unit 5 10, a wireless communication control unit 520, and a wireless communication unit 530. The terminal IF unit 5 10 is an interface with a user of the mobile phone 500. The wireless communication control unit " can perform data conversion and data processing based on the communication control and communication protocol of the entire mobile phone 5". The wireless communication unit 530 can adjust the demodulated data to perform wireless communication. Among the seven communication layers defined by Open Systems Interconnection, the wireless communication unit 53 is a part that supports the lowermost layer, that is, the physical layer (first layer). The wireless communication unit 530 is provided with a hidden processing unit 540. The hidden processing unit 540 Encryption processing or decoding processing may be performed on the data of the physical layer processed by the wireless communication unit 530. By setting the concealment processing unit 54 0, it is possible to encrypt data that may be stolen while transmitting and receiving through the antenna, so based on The restriction that cannot be decoded makes the listener unable to obtain the desired information. The hidden processing unit 540 of the conventional mobile phone 500 is provided inside the wireless communication unit 530. Therefore, the data hidden as the hidden processing unit 540 is the physical layer. (first layer) of information. In the physical layer, not limited

2112-3909-1^^1(1 Page 4 1287767 V. Description of the invention (2) Whether the information is user data or control data, in the data transmitted by =, contains the manufacturer's information and (4) The second secret of the phone: it must be hidden according to the type of data or the integrity of the data according to the kind of shelling. As with the conventional structure, the importance of concealing: placed in the communication layer 1, due to the inability of the communication layer! J::5:, Jin can't hide the processing and integrity according to the type of data: In addition, the hidden processing of the knowledge is synchronized with the input data, and the data and random series are synchronized when the data is input. ^ = In addition, the conventional integrity protection process will generate an integrity certificate on each piece of data to check the integrity of the data on each piece of data. The object of the present invention is to hide at high speed by means of an embodiment suitable for the present invention. Processing and integrity protection processing. The purpose of the present invention is to provide an upper communication layer in the communication layer 2 (data link iayer) or more in the seven communication layers of the OSI through an embodiment of the present invention. The concealing process and the integrity protection process are performed. Further, the object of the present invention is to make the hidden processing and integrity protection process not burden the central processing unit and the bus bar through the embodiment of the present invention. The encryption device of the invention comprises an encryptor for generating a random number sequence; a random number column memory portion for memorizing the random number sequence generated by the above encryptor;

2112-3909-I^.ptd Page 5 1287767 Description of the invention (6) The information of the five rounds to the innocent " _ into the wireless communication department, the Ministry of Communications; and the wireless communication department, which is responsible for the delivery. S Μ: The data outputted by the system is transmitted and transmitted after the modulation is input. The above-mentioned hidden processing unit includes an encryptor, which is in a random* column of the encrypted data and outputs (9) a random number sequence generated; an operation unit for inputting data, calculating and controlling the secret number: and a random number sequence of the memory of the random number column, and the wireless communication device of the invention includes a terminal face, which is responsible for The communication control department is responsible for inputting the input of the terminal to the face. 7", {processing data according to the communication protocol and outputting; the integrity of the capture tank is responsible for inputting control signals and data from the wireless communication control unit: Whether it is subject to Xia, and then the processed data is transmitted after the modulation, the above-mentioned integrity protection processing unit leaves, the special wireless communication control unit centralized input and temporary storage system; two: 丄: from - Beaker use, Signal generation integrity authentication sub-u ^ complex integrity authentication sub. /, outputting a plurality of wireless communication devices of the present invention, comprising: wireless communication collection and demodulation data; a wireless communication control unit, which is responsible for receiving the demodulated data and processing the data according to the communication protocol Output

LIIH 2112-3909-PF.ptd $9 page 1287767 V. Description of invention (7) It is responsible for inputting control signals and data from the wireless communication control unit, according to the input control signal, the age of the needle is > ^ Μ η The data is encrypted at the end of the interface: the interface is rotated out to the wireless communication control unit; and the data is #β in the input and outputted by the wireless communication control unit. ί:, ί 2 The above hidden processing unit includes: encryption , basin: column; random number column memory, its random number encrypted in the material Ϊ::: machine sequence; transport,, its = = = = normal text, hidden in the random number column of the random number memory, and output Mingzhi's wireless communication is equipped with the money communication department / its negative connection to the demodulation data and processed according to the communication protocol = ; = pass = expected, according to the input control signal to complete = : = and the information is sneaked, And then outputting the processing jitter to the wireless communication control unit; and processing the data processed by the wireless communication control unit, and the data is processed in the second input and the integrity protection processing unit includes: integrity:: sub; =The story of the story Recall that a plurality of data use control signals: raw data and collectively output a plurality of integrity authenticators.  Authenticity authentication The encryption method of the present invention is characterized in that a random number sequence is generated at the input γ, and the generated I = 2 is opened.

After starting to generate a random number sequence, enter the normal text, J 2112-3909-PF.ptd Page 10 1287767 V. Invention Description (8) The input of the ordinary text and beforehand, but especially hidden in the random number of memory The random number of the part, and output the password text. 4 π π The decoding method of the present invention is characterized by ·· ^ ^ ^ ^ ^ ^ 汲 汲 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 在 随机 随机 随机 随机 随机 随机 随机 随机 随机 随机 随机 随机 随机After the sequence, enter the password text, calculate the ί ί! code text and the random number sequence stored in the memory of the random number column in advance, and output the normal text. rY>t=The integrity authentication sub-generation method is characterized in that: input data and one control signal data are memorized and stored in the data record. The X (four) data and the X control signals memorized by the data storage unit are: 22 Produce Dusheng for the integrity of the data, and then output X integrity certificates. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a configuration diagram of a mobile communication system. 2 is a configuration diagram of a wireless console (RNC) 12A. Circle 3 is a configuration diagram of a wireless terminal (MS) 1〇〇 of the implementation type 1. Fig. 4 is a view showing the construction of the hidden and integrity protection processing unit 40 of the first embodiment. Fig. 5 is a view showing the construction of the hidden and integrity protection processing unit 40 of the first embodiment. Fig. 6 is a view showing the construction of the hidden and integrity protection processing unit 40 of the first embodiment. FIG. 7 is a configuration of the hidden and integrity protection processing unit 40 of the first embodiment.

2112-3909-ff.ptd Page 11 1287767 V. Description of invention (9) Drawing. Circle 8 is a configuration diagram of the hidden and integrity protection processing unit 4 of the implementation type 1. FIG. 9 is a structural diagram of a wireless terminal (MS) 100 of the second embodiment. Fig. 10 is a structural diagram of the hidden and integrity protection processing unit 4 of the second embodiment. Fig. 11 is a view showing the construction of the hidden and integrity protection processing unit 40 of the second embodiment. Figure 12 shows an example of an encryption method and a decoding method. Fig. 13 is a view showing the construction of the hidden and integrity protection processing unit 4 of the second embodiment. · Figure 14 is a diagram shown in ARIB STD - T63 33. 1 02, 3G Security; Security Architecture, Section 6·3·. Figure 15 shows the ARIB STD - T63 33. 1 02, 3G Security;

Security Architecture, Figure 16b·. Figure 16 shows the ARIB STD-T63 33. 1 02, 3G Security;

Security Architecture, Figure 16·. Fig. 17 is a view showing the configuration of the encryption module 解码 decoding module 71 used in the encryption and decoding unit 421. , ° / Figure 18 shows the installation form of the cum integrity protection processing unit 4〇. Fig. 19 shows the case where the hidden and integrity protection processing unit 4 is implemented in software. Fig. 20 shows the operation mechanism of the application program 4 operating in the wireless communication control unit 20 to call the encryption program 47.

2112-3909 ptd Page 12 1287767

The circle 21 displays the data 92 in the RLC non-transparent mode, and the example 0 of Fig. 22 shows the specific example of the specific specification of the sound data as the transparent material 95, 93. Fig. 23 shows an example of the non-limiting digital data. 0 Transparent data 95, 96 Figure 24 shows a conventional mobile phone 5 〇〇. The circle 25 shows the encryption method and the decoding method of the hidden processing of the implementation type 3. Fig. 26 shows the integrity recognition method of the integrity protection processing unit of the implementation type 2. Fig. 27 is a structural diagram of the wireless communication control unit 2 and the hidden and integrity protection processing unit 40 of the second embodiment. u ~ 70 FIG. 28 is a configuration diagram of the hidden processing unit 420 of the second embodiment. FIG. 29 is a configuration diagram of the hidden processing unit 420 of the third embodiment. FIG. 30 is a configuration diagram of the hidden processing unit 460 of the third embodiment. Fig. 31 is a structural diagram of the integrity protection processing unit 43A of the third embodiment. Fig. 32 is a configuration diagram of the integrity protection processing unit 430 of the third embodiment. Fig. 33 is a structural diagram showing the encryption unit 422 of the third embodiment having a plurality of buffers. Fig. 34 is a diagram showing a configuration of a plurality of buffers in the encryption unit 422 of the third embodiment.

2112-3909-PF.ptd Page 13 1287767 V. The encryption unit 422 of the invention (π) has a plurality of buffers. FIG. 35 is an embodiment configuration diagram. Symbol Description: 1 0 0~Wireless Terminal; 1 2 0~Wireless Console; 12 Bu BTS IF Department; 1 23~MS Signal Control Department; 120~Wireless Console; '124~CN IF Department; 126~CN Signal control department; 1 3 0 ~ core network; 40 ~ hidden cum integrity protection 12 ~ data format conversion department 4 at 14 ~ sound encoding and decoding Qiu 1 ~ camera;, 34 ~ antenna; 11 0 ~ wireless base station ; 1 3 0~ core network; 1 2 2~ handover control unit; 1 2 8~ control unit; 1 2 9~ switch; 125~RNC IF unit; 12 7~ RNC signal control unit · 20~ wireless communication control Department; 'part; 1 0~ terminal IF part; '1 3~ terminal IF control part; 11~ each module IF part; 2~ video recorder;

332~down converter; 320~base frequency modulation demodulation unit 3 2 1~base frequency modulation unit; ~communication line editing 315~error correction solution 31 2~error correction

330~wireless unit; 331~upper converter; 322~baseband demodulation section; 31 4~ entity format conversion section; 3 0~wireless communication section; including interleaving); including deinterlace);

1287767 V. Invention Description (12) 31 1~Debugging Coding Unit; 41 1~Module; 421~Encryption and Decryption Department·Sexuality Department; 422~Encryption Department; 4 3 3~Integrity Confirmation Department; 4 6 2 to encryption unit; 481, 482 to data multiple unit 4 7 2 to encryption unit; 4 CPU; 5 5~ memory; 43-IT C0NT.; 4 7~ encryption program; 520~ wireless communication control unit; Hidden processing unit; 54 antenna. 316~debt part; 41 0~IF part; 40~hidden cum integrity protection processing unit; 431~integrity authentication sub-addition complete 420~hidden processing unit; 4 2 3~decoding unit; 430~integrity protection processing 4 3 2~integrity authentication sub-addition; 460~hidden processing unit; 4 6 3~decoding unit; 470~hiding processing unit; 4 7 3~decoding unit; 45~RAM; 42~ROM; 4 6~ Application; 51 0~ terminal IF section; 5 3 0~ wireless communication section; 500~ mobile telephone; Detailed description of the best implementation type: _ (Implementation type 1) Figure 1 is a mobile communication of the embodiment The overall structure of the system. The wireless terminal (M S ) 100 is an example of the wireless communication device of the present invention. The wireless terminal (MS) 100 can be a mobile phone. Wireless terminal

1287767 V. INSTRUCTIONS (13) - Wireless connection to a wireless base station (BTS). The wireless base station (BTS) 110 and the wireless console (RNC) 12 are connected. The Wireless Console (RNC) 120 is connected to other Radio Consoles (RNCs). In addition, a Radio Control Station (RNC) 120 is connected to the Core Network (CN) 13A and is connected to the other Radio Console (RNC) through the Core Network (CN) 130. One or both of the wireless base station (BTS) 110 and the wireless console (RNC) 12 are referred to as wireless stations. Fig. 2 is a configuration diagram of the same mobile communication system as Fig. 1, which particularly shows the internal configuration of the wireless console (RNC) 120. The BTS IF unit 121 is connected to a radio base station (BTS) 110. The handover control unit 122 controls the handover operation when the radio terminal (MS) 1 moves, between the radio base stations (BTS) 10. The MS 彳s number control unit 1 2 3 performs wireless communication control and data hiding processing/integrity protection processing with the wireless terminal (MS) 1 〇 。. The concealment processing and integrity protection processing of the radio terminal (MS) 100 described below is performed for the conceal processing and integrity protection processing of the MS signal control unit 123. That is, the data encrypted in the wireless terminal (MS) 1 is decoded in the MS nickname control unit 123. On the contrary, the data encrypted in the MS signal control unit 1 23 is decoded in the wireless terminal (MS) 1〇〇. Further, the authenticator attached to protect the integrity of the data in the wireless terminal (MS) 100 is subjected to the debt test in the MS ss number control unit 23. On the contrary, the authenticator added to protect the integrity of the data to the μ signal control unit 1 2 3 is detected in the wireless terminal (MS) 100. Here, the wireless terminal ()^)1〇() and the data hiding processing and data integrity protection processing by the signal control unit 1 2 3

2112-3909-PF.ptd Page 16 1287767 V. Description of the invention (14) is carried out in the second layer of the seven communication layers of OSI, namely the communication layer 2 (data communication layer, date li.nk). The CN IF unit 124 obtains an interface with the core network (CN) 130. The RNC IF unit 125 acquires an interface with another wireless console (rnch 2〇. Controls the CN signal control unit 和26 and the core network ((^)丨3〇. The RNC signal control unit 丨27 Control is performed with other wireless consoles (RNCs) 120. The control unit 128 controls the entire wireless console (RNC) 120. The switches 1 29 are controlled by the control unit 128 at the radio base station (BTS) 10. The control signal and the packet data are switched between the wireless console (rNc) 12〇 and the core network (cn) 130. That is, the data switched by the switch 丨29 is not

Only the packet data, it switches all the information including the sound, etc.' also switches the control signal. 3 is a structural diagram of a wireless terminal (jjs). The wireless terminal (?) 1 has a terminal 11, a wireless communication control unit 20, a wireless communication unit 30, and a hidden and integrity protection processing unit. Terminal u 10 and camera 1, video recorder 2, B/T (Blue T〇〇th) 3, lcd, 4, KEY 5 ^ LED 6 ^ USIM (Universal Subscriber Identity M〇dule) 7, RECEIVER 8, MIC M 〇HSJ (Head set jack)〇;:; Camera 1 to HSJ 0 and other equipment are responsible for processing and user (the interface of the machine to which the object is connected, the input or output user () or the machine to be connected is identifiable The terminal IF unit has a module "portion", a department 12, a terminal IF control unit 13, and a voice encoding and decoding unit in the internal IF unit. Each of the groups π is obtained by taking the camera π, 〇, etc. Various interfaces between equipment.

1287767 V. Description of the Invention (15) The format conversion unit 12 converts between various data formats processed by the cameras 1 to HSJ and the like and various data formats processed inside the wireless terminal (MS) 100. The terminal IF control unit 13 controls the operation of the terminal I f unit 1 . The sound encoding and decoding unit 14 encodes the sound electronic signal input from the MIC 9 as a sound. Further, the audio coding and decoding unit 14 decodes the encoded audio signal and outputs a sound electronic signal to the RECEIVER 8. The wireless communication control unit 20 performs overall charging of the wireless terminal (MS) 1〇〇. The wireless communication control unit 20 is provided with a hardware circuit or a software module including a CPU, R〇M, RAM, and the like. The wireless communication control unit processes the resource # between the terminal 1 = 1 and the test port wireless communication unit 3, and performs data conversion according to the regulation 15 or the communication protocol, in particular, processing of the communication layer 2 or higher, for example, data processing. The rationalization of the packet: according to the type of the data, the data is judged to be hidden; ^ The data processed by the county is good. 1 ^ t ^ t ^ ^ 11 ^ S ^ .4 « The data is the data that should be hidden. # / Unable to determine the information. (4) should be used for integrity protection processing. The wireless communication unit 30 is provided with communication line coding.

::;2ν//Λ33: ; I :;;;r r2 r:. r" ^7 ^ - Outside, part including weight body 2112-3909-PF.ptd Page 18 1287767 V. Invention description (16 ) ' and demodulation. The fundamental frequency modulation and demodulation unit 320 has a fundamental frequency modulation unit 321 and a fundamental frequency demodulation unit 322. The radio section 330 converts the signal of the fundamental band into a transmission & or converts the signal of the transmission band into a fundamental band. The wireless unit 33A has an up/down converter 331 and a down converter 332. The concealment and integrity protection processing unit 40 is connected to the radio communication control unit 2, and the concealment and integrity protection processing unit 40 receives the data from the radio communication control unit 2, and performs concealment processing. In addition, data integrity protection is performed. The hidden and integrity protection processing unit 4 inputs a control signal 9 for the concealment and integrity protection processing from the wireless communication control unit 2. Further, the hidden and integrity protection processing unit 4 inputs, from the wireless communication control unit 2, the data to be hidden processing in any of the communication layers on the communication layer 2 = and/or the data 92 as the object of the meta-protection processing. . The hidden and integrity protection processing unit 1 conceals the data 92 and/or the protection processing according to the input control signal 91, and outputs the data to the wireless communication control unit 2〇. Control ^91 contains optional parameters such as key, initial value, hidden processing, and integrity protection processing. FIG. 2 is a structural diagram of the hidden and integrity protection processing unit 4 。. The hidden and integrity protection processing unit 4 has an IF unit 41 and a module + module 411 for performing conceal processing and ^'s protection processing by the same circuit or the same algorithm. Whether the hidden processing or the integrity processing is performed is determined by the control signal 91.卞 Behind, this, the so-called hidden processing, refers to encrypting or decoding data. In addition, the treatment of ί ^ integrity protection refers to the processing of the falsification of the data or the addition of the Authenticator or by copying and comparing the Authenticator 2112-3909-PF.ptd Page 19 1287767 V. Invention Description (17) Whether the information has been tampered with. Since the hidden processing and the integrity protection processing can be performed using the same circuit, the same operation or the like, and the like, as shown in Fig. 4, the hidden processing and the integrity protection processing can be performed by one module 41 1 . In the case of Figure 4, the consumption of hardware resources and software resources can be reduced. The following modules may be implemented by a hardware-only module, a software-only module, or a combination of a hardware and a software. Specific examples of hidden processing and integrity protection processing for mobile phones. Figure 14 is shown in arib STD — T63 33· 1〇2, % Security;

Security Architecture, Section 6·3·. Figure 15 is a diagram shown in ARIB STD-T63 33. 1 02, 3G Security; Security Architecture, Figure 16b. Figure 16 is a diagram shown in ARIB STD-T63 33. 1 02, 3G Security; Security Architecture, Figure 16·. Figure 14 shows the encryption method on the radio. In Figure 4, the meaning of the symbol is as follows: CK: cipher key. F8 IK F9 data hiding function. Integrity key (message authentication key). Data integrity function. Mobile phone operators use the functions fl~f5 to perform authentication processing. The encryption key called CK and IK generated in this process is 128 bits.

Page 20 I face 2112-3909-PF.ptd 1287767

It is passed to the data hiding function using the function 欢® - + k a U ) and the Bellow integrity function (f9). Figure 15 shows the meaning of encryption on the radio as follows: ΘPlus method. In Fig. 15, the symbol f8: a data hiding function. CK: cipher key. MESSAGE: The pre-encrypted text that the sender, user, data, and signal information wants to pass to the recipient.

COUNT-C: Displays the value of the total number of times of sending and receiving. Add 1 for every one sent and received. A BEARER: The bit used to identify the logical channel. DIRECTION··The bit used to distinguish the direction in which the encrypted text is transmitted. LENGTH: The bit length of MESSAGE or encrypted text. As shown in Fig. 15, the data is encrypted and decoded based on the random number sequence created by the data hiding function f8. % Figure 16 shows the message authentication sub-generation method. In Figure 16. The meaning of the symbol is as follows: U μ f 9 : Function for data integrity. IK: integrity key (message certification gold wheel). C0UNT-I : Displays the numerical data of the total number of times of transmission and reception. Add 1 for each send and receive. MESSAGE · User, data and signal information, etc. The pre-encrypted text to be transmitted to the recipient. DIRECTION······················· FRESH: The random number generated by the user each time.

1287767 V. INSTRUCTIONS (19) MAC-I: message authentication code for integrity (message authentication message calculated by the transmitter). XMAC-I: expected message authentication code for integrity (receiver's calculated message authentication sub). As shown in Figure 16. The integrity of the data can be confirmed by comparing the two message authenticators on the receiver side. Next, the operation will be explained. In order to perform encrypted communication between the terminal and the network in the wireless network, a so-called authentication process is required, that is, in exchange

One of the two parties confirms the legitimacy of the other party or both parties confirm the legitimacy of the other party as the communication partner. As shown in Fig. 14, by a series of authentication processes, the terminal and the network use five functions called functions fl~f5. This function generates various 128-bit elements on both the terminal and the network while performing the proof: = (decipher key) and message authentication key (IK=integrity key). These two gold records can maintain the mutual authentication of the terminal and the network as the same thing, and are used in the two functions f8 and f9 described later. These two keys are not in the same way and there is no regularity between them. Heart, after communication is "being

In addition, although the mechanism (communication protocol) to be handled in this certificate is standardized, functions such as fl~f5 used for authentication processing are not processed, and it is necessary for the operator to decide. π# + After the end of the authentication process, the data confidentiality technique used to make the F丨 丨 减 丨 丨 丨 β β β β β

2112-3909-PF.ptd 1287767 V. Invention Description (20) Data integrity technology to protect data security The first data hiding technology is to encrypt user data containing sounds on a wireless network or Signal information and techniques to prevent eavesdropping. In order to implement the two data hiding processes, a function called a data hiding function (not called f 8 ) is used. In the case of hiding or exchanging the data shown in Fig. 15, the sender uses the encryption key (CK) generated at the time of authentication. Furthermore, in 丨8, in addition to ck, a random number sequence is generated by inputting the bit length of the encrypted/decoded data, the DIRECTION, the counter (C0UNT-c), and the logic (BEARER). The header is transmitted to the base station counter. It means that the encrypted text is added once and used to identify the mutually exclusive logic and the CK is used. However, only CK is in the file, so it is not even CK is not able to produce

/ 卜逅结 ... ·Λ a...w gossip terminal; ^ and P or bits transmitted from the base station to the terminal. Display the total number of times of sending and receiving. On the counter, a specific value. The counter is used to defend against later delivery:: . In addition, the so-called logical channel identification, the light plus the bit of the logical channel. The random number sequence and the encrypted resource generate the encrypted text, the transmission number information 纟 the parameter is not encrypted and the sender

The process of authentication processing is generated and received, and the receiver needs to transmit. The parameters of the same side of the blower are passed to the third party, and the random number of the encrypted text is interpreted. Second, the secret time is J.

Page 23 1287767

Have the security of sfL interest. On the receiver side, a random sequence is generated, summed, and the original message is decoded using the transmitted parameters and the previously held CK to transfer the encrypted text and the exclusive logic, which is a variant of the OFB (〇utput feedback) mode. That is, one of the usage patterns of block ciphers defined in ISO/IEC 1 0116. Even if the interfering signals generated on the transmission line are mixed in the encrypted characters, the 〇FB mode does not expand these interference signals at the time of decoding, so it is often used in the case of audible communication. _ ” +

The first negative material integrity technique detects the presence or absence of tampering with signal information by attaching a message authenticator (integrity authenticator) to the signal on the radio. Also known as message authentication technology. In order to achieve 7G uniformity of the data, a data integrity function (hereinafter referred to as U) is used. In the core part of f 9 , the same cryptographic algorithm as F 8 is also used. First, the message authentication key generation function f4 is used at the time of authentication to generate a message authentication key (IK), which is transmitted to f9. As shown in FIG. 16, in f9, in addition to the message authentication key, the input data (MESSAGE), the up/down link (DIRECTION), the counter (COlJNT-C), and the random number generated by the user each time (FRESH) At the same time, a message authentication sub-agent (MAC-I * XMAC - 丨) is also generated.

These parameters are also loaded into the unencrypted data format area and transmitted from the sender to the recipient. Even if these parameters are passed to a third party, when the message authentication key is confidential, the security protection is the same as when hiding the data. The sender attaches this message authenticator (MAC_丨) to the data and transmits it to the recipient. Similarly, the receiver uses f 9 to calculate the message authenticator.

1287767

When they are the same, you can confirm

(XMAC - I). Comparing MAC-I and xmac ~I has not been tampered with. In addition, regarding the detection of tampering, the following is a processing example. ο) Asking the other party to retransmit the information and confirm the message received again. The authenticator is correct. (2) The right side has been detected several times in succession, and the tampering has been detected. According to the 3 G pp specification (refer to http://www.3gpp. 〇rg/About — 3GPP/3gpp· htm for details), the encryption and decoding module is shown in Figure 15, which has the function of encryption. The plain text (the text to be encrypted) is the encrypted text (encrypted text) and outputs it and decodes the encrypted text into plain text and outputs it. According to the 3Gpp specification, the above COUNT/BEARER/DIRECTION/CK/LENGTH exactly corresponds to the specific example of the control signal 91 in FIG. Further, as a specific example of the data 92, 93 of Fig. 3, as shown in Fig. 21, "may be "MACSDU" or "RLCPDU (datapart)". Here, the term "RLCPDU (datapart)" refers to a portion after deleting the upper 10ct or 20ct (1 byte or 2 bytes) of the RLCPDU (the portion of "DATA FOR CIPHERING" in Fig. 21). "MACSDU" or "RLCPDU (da tap art)" is an example of MESS AGE in Figure 15. In addition, the MACSDU is a Media Access Control Service Data Unit 〇 RLCPDU is a Radio Link Control Protocol Data Unit. Each message in the message stream is deleted from the RLC header and then installed in the communication layer 3.

2112-3909-PF.ptd Page 25 1287767 V. Invention Description (23) " 'One-to-one in the RLC PDU exists with or outside the hidden object, but the entire RLCPDU is input to the hidden cum integrity protection The processing unit 4 does not perform 10 ct or 2 〇 in the hidden cum integrity protection processing unit 40 (the hidden processing is performed, except that the entire data unit (RLCpDU) that performs the concealing processing is eliminated from the hidden object of 1 〇 ct or 20 ct. In part, the load occurring in the wireless communication control unit 20 is reduced by performing a shift processing of 10 ct or 20 ct in the wireless communication control unit 2A. Fig. 5 shows another example of the hidden cum integrity protection processing unit 〇.

The feature of the circle 5 is that the 'hidden processing unit 42' and the integrity protection processing unit 430 are separate devices. An encryption/decoding unit 421 is provided inside the concealment processing unit 42. The integrity protection processing unit 4 3 is provided with an integrity authentication sub-addition and integrity verification unit 431. The encryption and decoding unit 421 displays the case where the same module is used for encryption and decoding. The integrity authentication sub-addition and integrity verification unit 4 3 1 shows the case where the same module is used to attach the integrity authenticator and confirm the integrity. In the case shown in Figure 5, this encryption and decoding uses the same function and the integrity of the authenticator and the complete validation process using the same function construct. Compared with the case shown in Fig. 6, in the case shown in Fig. 5, the consumption of hardware resources and software resources can be reduced. Fig. 6 shows another configuration of the hidden cum integrity protection processing unit.

Fig. 6 is characterized in that an encryption unit 42 2 and a decoding unit 4 2 3 are provided in the concealment processing unit 42 分别. Further, the integrity authentication sub-addition unit 432 and the integrity confirming unit 433 are provided in the integrity protection processing unit 430, respectively. In the case shown in Figure 6, this system uses the same or different functions and the integrity authentication sub- and complete acknowledgment processing using the same or different functions.

2112-3909-PF.ptd Page 26 1287767

Made. In the case of FIG. 6, 'encryption, decoding, integrity test sub-addition, and integrity check can be performed separately, and the data to be transmitted and received can be simultaneously subjected to hidden processing or meta-consistency thinning processing. Chemical. FIG. 7 shows a case where a plurality of encryption sections 422 and a plurality of decoding sections 423 are provided in the concealment processing section 420. Further, the integrity protection processing section 430 is also provided with a plurality of integrity authentication sub-addition sections 432 and a plurality of * In the case of the integrity check unit 433, "When the wireless terminal (ms) operates, there is a case where it is necessary to simultaneously process a plurality of channels. For example, in the case of simultaneous transmission of both voice and fax data, at least two channels need to be processed simultaneously: information. In this case, the audio material can be encrypted in the encryption unit 1, and the fax data can be encrypted in the encryption unit 2. Further, in the case of decoding, the number of the data of the plurality of channels, the encryption unit 422, the decoding unit 423, the integrity authentication sub-addition unit 432, and the integrity confirmation unit 433 can be simultaneously decoded (in FIG. All in the same way, the number of each part can be determined in the wireless terminal (MS) 1〇〇 according to the number of channels to be processed simultaneously. Alternatively, instead of the number of channels, there is a large amount of data on a certain channel to be processed at a high speed. In the case of using a plurality of encryption units to process a large amount of data allocated to the single channel. In other words, the number of parts of the encryption unit 422, the decoding unit 423, the integrity authentication sub-addition unit 432, and the integrity verification unit 433 may be based on Further, it is necessary to simultaneously process the number and/or the amount of data. Further, the maximum number of the encryption unit 422 and the maximum number of the decoding unit 423 may be different. Further, the maximum number and integrity of the integrity authentication sub-addition unit 432. The maximum number of the confirmation units 4 3 3 may be different.

1287767 V. Description of the Invention (25) The 圏8 is shown in the case where the plurality of encryption/decoding units 421 are provided in the concealment processing unit 420. Further, it is also shown that the integrity processing unit 430 is provided with a plurality of integrity authentication sub-addition and integrity checking units 41. The circle 8 is a case where the encryption/decoding unit 421 and the integrity authentication sub-addition and integrity verification unit 431 shown in Fig. 5 are pluralized. Fig. 8 shows a case where a plurality of encryption and decoding sections 421 are provided for a plurality of channels in the case where the encryption and decoding are the same function. Similarly, in the case where the integrity authentication sub-attachment and integrity confirmation are the same function, a plurality of integrity authentication sub-addition and integrity verification sections 431 are set for a plurality of channels. Compared with the case of the circle 7, the case of Fig. 8 can reduce the consumption of hardware resources and software resources.

4 to 8 show the case where the hidden and integrity protection processing unit 4 has both the hidden processing unit 420 and the integrity protection processing unit 430, but the hidden and integrity protection processing unit 40 may only have the hidden processing unit 42 and One of the integrity protection processing sections 430. When the hidden and integrity protection processing unit 4 has only one of the hidden processing unit 420 and the integrity protection processing unit 43, the processing for the other device can be performed by no: communication. (Embodiment 2) FIG. 9 is a diagram showing the construction of another example of the wireless terminal (MS). The difference between FIG. 9 and FIG. 3 is that the terminal 11 is hidden and the cum is hidden. The processing unit 40 performs input/output of data; ,:; and the hidden cum integrity protection processing unit 4 is output. In Fig. 9, the non-transparent material 97 is an input for ordering Becco. In addition, transparent capital, 96 is the sound f material, 4 non = fixed non-quantity information

2112.3909-ff.ptd Page 28 1287767 V. Description of invention (26) 1 j Ming information. The so-called "transparent information" is a communication in the state of the United States. On the other hand, the so-called two = Cheng or a communication layer of the child ® φ you 铨 丨丨 , , , 叶 叶 叶 叶 叶 叶 叶 叶 叶 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某 某For example, at the communication layer 2

In the sublayer of Dat 3 1夂C〇ntr〇1), when the SDU (Service Umt) and the PDU (Protoc〇i Data UnU) are different, the material is non-transparent data, and the communication layer 2 is ^(:(" (11&'

In the sublayer of Control, when the SDU and pDU are = in the case shown in Figure 9, in the case of the wireless communication part = is transparent:

H data is not processed, transmitted to terminal IF two: one? The sub-voice is #, which is regarded as the transparent information, and the information of the communication layer 1 output from the wireless communication unit 30 must be processed. An example of such data is regarded as non-transparent data. To handle. ; digit ==Λ=95,96 Although all transparent data previously separated by voice data and unqualified i L can be divided into units defined between communication layer 1 and communication layer 2 (Transp〇rt Bi〇ck),

Since the data of the Transport Block partition is transparent, it is equivalent to MACPDU (and MACSDU) as described above, so the data divided by Transp〇rt B1 ock uses the same hidden unit. Exhibition:: Also?曰The data is the user data, the user data is in the RLC sub-layer: also the transparent data 'force is used as the serial interface in this transmission type, when it is the ARTB-defined MT (Mobile Terminal:)_TA (Teriminal 2112-3909- PF.ptd第29页

In Fig. 22 and Fig. 23), it becomes a transmission type which can directly perform a concealing process for the sequence format of μτ-τλ I/F. On the eve of this, the non-transparent data 97 of FIG. 9 is used as a specific example, and the non-transparent data can be divided into communication layer 1 and communication layer 2 as defined. Unit (Transp〇rt B1〇ck) The hidden and integrity protection processing unit 4 shown in Fig. 9 selectively hides the non-transparent data between it and the wireless communication control unit 20

The integrity and integrity protection processing also performs necessary concealment processing on the transparent data input and output between the terminal unit F and the wireless communication unit 30. The hidden and integrity protection processing unit 40 does not perform integrity protection processing on transparent data. If there is data in the transparent data that the user does not want to hide, the wireless communication control unit 20 may not input the transparent data that the user does not want to perform the hidden processing into the hidden and integrity protection processing unit 4 and input it into the wireless device. Communication control unit 20. Alternatively, the user may enter the hidden and integrity protection processing unit 4 with the transparent information that the user does not wish to perform the concealing process, and use the signal from the wireless communication control unit 20 to avoid hiding the transparent data. Fig. 10 is a structural diagram of the hidden cum integrity protection processing unit 4A.

The difference between FIG. 10 and FIG. 5 is that the hidden processing unit 460 is provided in many cases. The encryption processing unit 460 is provided with an encryption unit 462 and a decoding unit 463. The encryption unit 462 inputs the transparent material 95 from the terminal IF unit 10, encrypts the input information 'becomes transparent data 96' and outputs it to the wireless communication unit 3A. On the other hand, the decoding unit 461 inputs the transparent material 906 from the wireless communication unit 30, and then becomes the transparent material 95 after being decoded, and then outputs it to the terminal IF unit 10. These processes of the concealment processing unit 460 are performed based on the control signal 99 from the IF unit 410.

2112.3909-H7.ptd Page 30 1287767 V. INSTRUCTION DESCRIPTION (28) ~ Control signal 99 is a control signal generated from control signal 91. Next, the concealment unit 460 performs concealment processing based on the control signal from the radio communication control unit 2A. In Figure 10, the data 92 uses a parallel interface through the busbar for wheeling in and out. On the other hand, the transparent data 95 and 96 are input and output to the conceal processing unit 460 through the serial interface. Thus, Fig. 1A shows a case where the concealment and integrity protection processing unit 40 has an input interface of two systems of a parallel interface and a serial interface. Lutu 11 shows a case where the hidden processing unit 460 is added to the structure of the hidden and integrity protection processing unit 4 shown in Fig. 7. The configuration of the conceal processing unit 460 shown by the circle is as shown in Fig. 12, and is an effective configuration in the case of generating a key value stream and acquiring mutually exclusive logic. Fig. 11 shows the case where the transparent data 95, 96 is input/output through the sequence interface to the hidden processing unit 460. Further, Fig. 1A shows the case where the data of the plurality of channels in the sequence data input and output through the serial interface is multiplexed. For example, in the case where the data of the channel 2 is input as the sequence data as the data of the channel ', the key value stream is generated from the encryption unit 1 corresponding to the channel 1, and the output to the data multiplex unit 481' corresponds to the channel frequency 2 The encryption unit 2 generates a key value stream, which is output to the data multiplication unit 481. In the data multiplication unit 481, the data 95 of the input key value stream is multiplexed in the same format as the data series. The mutually exclusive logical sum of the data series of the multiple key steam and the input data 95 is operated by the mutually exclusive logic and circuit. These operations of the concealment processing unit 46 are performed based on the control signal 99, that is, the control signal 91 transmitted from the radio communication control unit 22. According to the construction of the frame, the delay of the sequence data can be processed at high speed by only the operation of the exclusive logic AND circuit 48 3 .

2112-3909-ΙΨ.ρΙ(1 Page 31 1287767

5. Description of the Invention (29) Fig. 13 shows a case where the conceal processing unit 420 and the concealment processing unit 46 of Fig. 10 are combined into one concealment processing unit 407. The hidden processing unit 470 processes the data input from the parallel interface and the data 95 and 96 which are input and output from the serial interface. Since the concealing unit 47 0 combines the concealment processing unit 420 and the concealment processing unit 46 “ as one place, the consumption of hardware resources can be reduced. In the concealment processing unit 4 / 〇 $ : switching between transparent data and non-transparent data The processing operation is based on the control signal 99', that is, the control signal 91 output from the wireless communication control unit 20. (Embodiment 3: 25). FIG. 25 shows the decoding device of the left side of the embodiment 3 The phase between 1 and 5), the random number of the random number sequence is output by the function f 8 and the output of the random number is output (normal text) (plain text) display receiving a picture 2 5 and the part (buffer function f 8 is produced by data hiding random number trainer sequence, the memory is in the input message column. The hidden processing is sent to one of the different points, the column memory can be. Random number of random numbers, data hidden in The random number sequence will be encrypted and decoded into the device at the same time. The right side of Figure 2 5 has a random number of memory. The memory can be memorized in advance by the data hiding memory unit. That is, when the production function f8 is used to start generating the memory unit, the random number column temporarily stores the random number sequence, and the stored random number is on the other hand, in the case of decoding, when the information used to generate the random number sequence is aligned , data hiding with the function f8 began to generate random numbers, will follow

1287767

The machine number column (such as the hidden action sequence of the hidden text in the ordinary text will be outputted to the random text) and will be output at the same time. The left function f 8 of Fig. 25 generates the action system, and the right function f of Fig. 25 The 8 generation system stores the memory portion in the password column by the non-synchronous function f 8 before the random number sequence of the input is recorded, and the random number shown on the side of the random number synchronization shown on the memory side is recorded. The motion of the random encrypted column is temporarily guaranteed to proceed to the decoding column. The text precedes the random random number to store a random number sequence. The operation and operation of the device. The operation and operation of the device, that is, the production of the series of records, in the input of the Mihu feature, by the capital calculation of the cipher text and the reliance feature, by the multiplication of the information and the random number ,, characterized by: The capital system produces random numbers and the Department of Amnesia.

The encryption device and the decoding device of Fig. 25 perform encryption and decoding in the 〇FB (〇 utput feedback) mode, and are defined as one of the blocks of IS〇/IEC1〇U6 and the use mode of the code. The deformation mode of this mode can also be used. Alternatively, you can use a pattern that produces random numbers without plain text or password text. However, the encryption device and the decoding device of Fig. 25 generate a random number sequence before the plain text and the ciphertext are not present, so that it is impossible to use the mode in which the ciphertext is input to generate a random number sequence. In addition, the so-called ordinary text refers to the material used for encryption, without limitation

For the text that ordinary people use to read and write. For example, text data and text data are ordinary text. In addition, sound data, video data, coded data, compressed data, etc., if used for encryption, can be called ordinary text. In addition, the so-called Mi Ma Wenzi refers to the encrypted data. Character data

1287767 V. Description of invention (31) ' --- (^eXt, text data, sound data, video data, coded data, compression p, etc. are all data forms of ordinary text before encryption. Figure 26 shows no implementation type The integrity processing method of the integrity protection processing unit of the third. μ The difference between Fig. 26 and Fig. 16 is preceded by the data integrity function f9: data memory buffer (buffer) is provided. To input and memorize X ( X ^ 2 ) data and one control signal data. Data integrity uses function f 9 to input X data and one control signal data stored in the data memory to generate X data. One integrity authentication sub-input, output X integrity authentication sub-categories.

In the case where the message authentication key (I κ ) can be used in total for X pieces of data, as shown in FIG. 26, the 'message authentication key (IK) can be directly input to the data integrity function 丨9 without being memorized in the data memory unit. . When the message authentication key (ΙΚ) is different for each data, other control signal data can be stored in the data memory unit. Specific examples of the conceal processing unit and the integrity protection processing unit shown in Fig. 25 will be described below with reference to the drawings. Fig. 27 shows a wireless communication control unit 2 and a hidden and integrity protection processing unit 40 of the third embodiment.

The configuration of the other portions is the same as that of the wireless terminal 100 shown in the second embodiment. Therefore, the CPU 29 is provided inside the different wireless communication control unit 20, which is described below with reference to Fig. 27. Further, the inside of the hidden cum integrity protection processing section 40 is provided with a hidden place having a parallel interface.

1287767 V. Description of the Invention (32) The 420 and the hidden processing unit 46 and the integrity protection processing unit 430 having a sequence interface. The encryption processing unit 420 is provided with an encryption unit 422 and a decoding unit 423. The concealment processing unit 460 is provided with an encryption unit 462 and a de-emphasis unit 463. The integrity protection processing unit 430 is provided with an integrity authentication sub-addition unit 432 and an integrity confirmation unit 433. The wireless communication control unit 20 and the hidden and integrity protection processing unit 4 are connected via the bus bar 90. The bus bar 90 is connected to the internal CPU 29 of the wireless communication control unit 2, the hidden processing unit 4200, the hidden processing unit 406, and the integrity protection processing unit 4 3〇 in the hidden cum integrity protection processing unit 4 to transmit Control 彳§91, data92 and other information. The CPU 29 controls the processing of the entire wireless communication control unit 20 by reading and executing a program stored in a recording medium such as a read-only memory. The bus bar 90 is a general bus bar, and is disposed in the internal or external portion of the non-communication control unit 20 and the hidden and integrity-protection processing unit 4, and is connected to other processing units (not shown). Fig. 28 is a detailed diagram of the encryption unit 422 and the decoding unit 423 of the concealment processing unit 420. The encryption unit 422 is composed of an encryptor 610, a buffer 62, and a mutually exclusive logical sum calculating unit 630. The decoding unit 423 is composed of a decoder 611, a buffer 621, and a repulsive logical sum operation unit 631. The encryptor 61 is equivalent to the data hiding function f8 of the one in the map. The buffer 62 is equivalent to the random number column memory of the transmitting side in Fig. 25. Here, the buffer 62 uses advanced memory. The mutually exclusive logical sum operation unit 630 simultaneously performs a mutual exclusion logical sum operation of 64 bits of parallel resources. The decoder 611 corresponds to the data hiding function f8 of the receiving side in Fig. 25. The buffer 621 corresponds to the receiving random number column memory unit in the map. Mutually exclusive logic sum operation unit 631 simultaneously performs 64 bits 1287767

Mutually exclusive logic and operations of parallel data.

The concealment processing unit 420 inputs the control signal 91 from the CPU 29 via the bus bar 90. At this time, ordinary text 950 has not been input. The CPU 29 can know the control signal 91 in advance, and transmits the control signal 91 from the cpu2 to the hidden processing unit 420 before the normal character 95. The control signal 91 contains at least an encrypted gold record (ck), and in addition to CK in this example, it also contains the bit length of the encrypted decoding target data (LENGTH, and FIG. 28 shows the case where the bit length = 256 bits) , DIRECTION, counter (COUNT - C), logical channel identifier (BEARER). Encryption key (CK), bit length of encrypted decoding target data (LENGTH, Figure 28 shows bit length = 256 bits), up/down link (DIRECTION), counter (C0UNT-c), logical channel identifier (BEARER) is input to the encryption unit 422 or the decoding unit 423 as the control signal 60 0 or the control signal 6〇1. In the encryptor 61, when the control signal 6 is input, 'starting to generate a random number sequence, and outputting the random number sequence in the buffer 61. Here, the encryptor 610 generates a random number sequence in 64 bits. In this case, a random number sequence of 64 bits is output from the encryptor 610 and temporarily stored in the buffer 620. As described above, when the bit length (LENGTH) of the encrypted object data is 256 bits, the 'encryptor βίο generates four 64-bit random numbers, which are sufficiently long with the length of the encrypted object data (2 56 bits). Random number column (64 bit X 4 ).

Fig. 28 shows a case where four random numbers of 64-bit lengths are stored in the buffer 620. Next, the CPU 29 transmits the plain text 950 of 256-bit length to the encryption unit 422 via the bus bar 9 in units of 64 bits. Mutually exclusive logic

2112-3909-PF.ptd Page 36 1287767

When the arithmetic unit 630 inputs the normal character 95〇 in units of 64 bits το, the buffer 62 依 sequentially outputs a 64-bit random number sequence 65 〇. The mutually exclusive logical sum operation unit 63 performs a mutually exclusive logical AND operation of the ordinary character 95〇 and the random number column 65〇 with 64 = element == bit, and generates a ciphertext 96〇 in units of 64 bits. The password text 96 0 is passed back to the CPU 29. The operation of the decoding unit 423 is the same as the operation of the encryption unit 422 except that it is a ciphertext input to the multiplexed logic and calculation unit 631 and is output as a normal character, and thus the description thereof will be omitted. In addition, the 'mutual exclusion logic sum operation unit 630 may input the normal character 950 instead of storing four (2 56-bit) random number columns in the buffer 66, or may store more than one 64-bit random number in the buffer 620. In the case of a sequence, the exclusive exclusion logic sum operation unit 63 starts the operation of the exclusive logic sum. In this case, when the encryptor 610 generates a random number sequence, the mutually exclusive logical sum operation unit 63 同步 synchronizes the mutual exclusion logical sum operation in a parallel manner. The encryptor 61 inputs the next control signal 60A during the mutual exclusion logic sum operation of the normal character 950 in the mutually exclusive logical sum operation unit 63 0, and generates a random number sequence for the next ordinary character 950 to be input. The buffer 620 is preceded by a random number sequence of ordinary characters. In this case, the encryption unit 422 stores the random number sequence in the buffer 620 immediately after the normal character 95 is input from the CPU 29, so that it is not necessary to wait for the operation in the mutually exclusive logical sum operation unit 630. The time can be further encrypted at a high speed. For the same reason, decoding can be performed at a high speed in the decoding unit 423. Further, the size of the buffers 6 2 0 and 6 21 can be in the encryptor 6

2112-3909-PF.ptd Page 37 1287767 V. Description of the Invention (35) The decoder 611 will output a random number of units above the unit size, but it is preferable to specify the bit length of the encryption/decoding target data for this system (LENGTH). ) the maximum value or more. For example, the encryptor 610 and the decoder 611 will output a random number column having a unit size of 64 bits, and the maximum length of the bit length (LENGTH) of the encryption/decoding target data is 5114 bits, and the buffers 620, 621 The size should be above 5120 (64x 80). Further, in the example, the mutually exclusive logical sum operation unit 631 performs 64-bit mutually exclusive logical AND operations, and can perform parallel data processing of other bit sizes such as 32-bit and 128-bit. Further, although the case where the unit size of the random number sequence to be outputted by the encryptor 61 and the decoder 61 1 is 64 bits has been described, it is also possible to output other bit units such as 3 2 bits and 1 2 8 bits. A random number of sizes. Further, the encryptor 610 and the decoder 611 may differentiate the unit size of the output random number sequence, the read/write size of the buffer 6 2 0, 6 2 1 , and the parallel data bit size of the mutually exclusive logical sum operation unit 631. Fig. 29 shows another example of the wireless communication control unit 2 and the hidden processing unit 420. The difference between Fig. 29 and Fig. 28 is that the mutual exclusion logic sum calculation unit 63 0 and the exclusive logic sum calculation unit 631 are provided in the radio communication control unit 20 without being provided in the concealment processing unit 420. The CPU 29 reads the random number sequence for the normal character 950 from the buffer "o (as concentrated as possible) via the bus bar 90, and supplies it to the mutually exclusive logical sum operation unit 630. In the mutually exclusive logical sum operation unit 63, ordinary The mutually exclusive logical sum operation of the text 950 and the random number column 6 50 produces a cipher text 9 60.

2112-3909-PF.ptd Page 1287767 (36) Similarly, in the mutually exclusive logical sum operation unit 631, the cpu 29 reads the random number sequence 651 from the buffer 621 via the bus bar 90, and performs the ciphertext 96 其. Mutually exclusive logic and operation, output ordinary text 95〇. In the case of FIG. 29, the CPU 29 reads only the random number sequence from the buffer 62, and the normal character 95 0 and the password word 96 〇 do not need to travel to and from the bus bar 9 ' 'The amount of data flowing through the bus bar 90 can be Figure 2 shows the structure below 1 / 2 below. In addition, the waiting time of the busbar 9 can be reduced, and the card content competition of the busbar 90 can be reduced.

Further, in either case of FIG. 28 and the circle 29, the mutually exclusive logical sum operation unit 630 and the mutually exclusive logical sum operation unit 631 can be realized by hardware, by software, or by a combination of hardware and software. to realise. Fig. 30 is a detail view showing an encryption unit 462 and a decoding unit 463 having a hidden interface unit 46 of the sequence interface. The difference between Fig. 30 and Fig. 28 is that a mutual exclusion logic sum operation unit 632 is provided which performs a mutually exclusive logical AND operation of the 1-bit sequence data instead of the exclusive logic and arithmetic unit 63 of the parallel arithmetic data. Further, it has a mutually exclusive logical sum operation unit 633 which performs mutual exclusion logic and operation of 1-bit sequence data to replace the mutually exclusive logical sum operation unit 631 of the parallel operation data. In the mutually exclusive logical sum operation unit 632, the transparent material 95 is input, and a mutually exclusive logical AND operation of a bit 70-bits and a random number sequence 65〇 is performed in a sequence manner, and the encrypted transparent data 96 is output. On the other hand, in the mutually exclusive logical sum operation unit 633, the transparent material 96 is input, and a mutually exclusive logical sum operation of one bit by one bit and a random number column 651 is performed in a sequence manner, and the decoded transparent data is output. .

1287767 V. Inventive Description (37) In the case shown in FIG. 30, since the random number sequence is generated in the buffer 620 and the buffer 621 in advance, the mutual exclusion logic sum operation unit 632 and the exclusive circuit sum operation unit 633 do not Waiting time is generated, and mutual exclusion logic and operations can be performed at high speed. Further, in the case of Fig. 30, the mutually exclusive logical sum calculating unit 633 and the mutually exclusive logical sum calculating unit 633 can be realized by hardware, realized by software, or by a combination of hardware and software. Further, the exclusive exclusion logical sum calculation unit 632 and the exclusive exclusion logical sum operation unit 633 may be provided outside the concealment processing unit 460. Fig. 31 shows details of the integrity protection processing section 430, the integrity authentication sub-addition section 423, and the integrity confirming section 433. The integrity authentication sub-addition unit 432 is provided with a buffer wo, a integrity authentication sub-generator 60 7 and an integrity authentication sub-adder 6 8 。. The integrity confirmation unit 433 includes a buffer 61, an integrity authentication sub-generator 6 7 j and an integrity validator 681. Buffer 660 and buffer 661 are FIFOs. The buffer 660 and the buffer 616 are equivalent to the data memory of Fig. 26. The integrity authentication sub-generator 6 7 and the integrity authentication sub-generator 6 7 j are equivalent to the data integrity function of the circle 26 using the function f9. The integrity authentication sub-adder 680 appends an integrity authenticator to the data. The integrity validator 681 compares the integrity authenticator processed by the transmitting party with the integrity authenticator generated at the receiving party, and confirms the integrity of the data when they are identical. In Fig. 31, the CPU 29 collects four pieces of data 92 for the integrity and sub-addition for the integrity authentication sub-addition unit 432. In addition, cpU29 centrally transmits four control signals 91, which correspond to the four to be protected.

1287767 V. INSTRUCTIONS (38) Information on integrity 92. The control signal 91 contains at least a message authentication key (Ικ), and further has a DIRECT ION, a counter (COUNT-C), and a random number (FRESH) generated by the user each time. The cpu 29 treats the upper/lower link (direction), the counter (C0UNT-C), and the random number (FRESH) generated by the user as the control signal 91, and sends the four resources to the buffer 66 0 . In addition, in the case of the message authentication key (ΙΚ), the four message authentication keys (ΙΚ) corresponding to the four materials can also be transmitted to ! : : 6 6 0 'in the message authentication key (j κ ) The common authentication key (ΙΚ) for the four data may be placed in the input integrity authentication sub-generator 67 without being memorized in the buffer 66. Letter No. 9:!: The control signal line through the busbar 90 serves as a control signal. :=.隹 two and four data - from the transmission, or another transmission ί PU29 centralized transmission of four data or four controls; Γ "by transmitting instructions to transmit four data or four control two, nine for distributed processing To make two uniforms: two or ""For a number of objects without deduction: CPU29 or the burden of each processor is a large order"" can be done without decentralized processing - in order to enter a plurality of objects, can be reduced Bus 90 or each transmission 4: J to transmit or output the number of transmissions. (not shown in the drawing). The transmission buffer 6 60 enables the resource to be generated. The integrity authentication sub-generation H = number corresponds to the memory corresponding to the corresponding student 15 670 input corresponding data, according to the control letter 2112-3909- 1^^1(1 Page 41 1287767 V. Inventive Note (39) The integrity of the generated data is verified. The integrity verification sub-generator 67 uses the established algorithm to generate four integrity from four corresponding data. The authenticator 'is centrally output to the integrity authentication sub-adder 680. The integrity authentication sub-generator 670 generates four 32-bit length integrity authenticators. The integrity authentication sub-adder 6 8 0 is on each data. Four integrity authentication sub-assemblies are transmitted to the CPU 29 according to a transfer instruction. In the case where the integrity authentication sub-addition unit 43 2 inputs four pieces of data of 256-bit length, the integrity authentication sub-addition unit 432 will The data of (256 + 32) X 4 bits is transmitted back to the CPU 29. On the other hand, the data of the four additional integrity authenticators are collectively input into the integrity confirmation unit 43 3 . In addition, the four control signals 91 are also concentrated. Input. As mentioned above, the message The authentication key (IK) can be stored in the buffer 661 or directly input into the integrity authentication sub-generator 61. The buffer 6 61 associates the four data and memorizes the corresponding data. The generator 671 reads the four algorithms of the corresponding data stored in the buffer 66 1 and the integrity authentication sub-generator 67 of the transmitting side to generate four integrity authenticators. The integrity validator 681 compares the additions respectively. The four integrity authenticators and the four integrity authenticators generated by the integrity authentication sub-generators 671 on the four data, when they are consistent, can confirm their integrity and will respond normally. In the case of the integrity disc recognition section 4 3 3 input four 256-bit length data and four 32-bit length integrity authenticators ((256 + 32) bits x 4) The integer integrity 1 § 681 transmits the response of the 1-bit X 4 to the CPU 29. Generally, the data is from the CPU 29 to the integrity protection processing unit 43.

2112-3909-PF.ptd Page 42 1287767

The data is transmitted. In contrast, as shown in Fig. 31, since the four materials are collectively transferred one at a time, the use efficiency of the bus bar 90 is improved. That is, the waiting time of the bus bar 90 can be reduced. In addition, it can reduce the 9-bit competition of the bus. Figure 31 below shows the case where four materials are collected together, and the number is not limited to four. In addition, the data storage of the buffer is not limited to four. In addition, the bit length of the data is not limited to 2 56 bits. For example, it can be 51 2 bits or 5114 bits. In addition, the size of the buffer 66 〇, 661 can be data

More than twice the sum of the bit length and the length of the control signal bit. That is, more than two corresponding materials can be memorized. For example, when the maximum length of the data bit length specified by the system is 5114 bits, the sizes of the buffers 660, 661 are preferably (5 1 1 4 bits + bit length of the control signal) χ 2. Fig. 3 2 shows another example of the wireless communication control unit 2 and the integrity protection processing unit 43 3 . The integrity protection processing unit 43A shown in Fig. 32 has integrity authentication sub-generation sections 434, 435. ’,

The difference between FIG. 3 and FIG. 3 is that the integrity authentication sub-adder 6 8 and the integrity validator 681 are not provided in the integrity protection processing unit 43, and the generator 670 is disposed in the wireless communication control. Department 2 inside. In the case of Fig. 32, the integrity authentication sub-generator 67 transmits four integrity authenticators to the integrity authentication sub-adder 61 by a single transfer instruction from the CPU 29. On the other hand, the integrity authentication sub-generator 671 transmits four integrity authenticators to the integrity validator (9) 1 by a single transfer instruction from the CPU 29. In the case of Figure 32, from the integrity authentication sub-generator 6 7 to the complete

2112-3909-PF.ptd Page 43 1287767 V. INSTRUCTIONS (41) The bus 90 transmission amount of the sex authentication sub-adder 680 is 32 bits χ 4. Further, the bus 9 data of the integrity authentication sub-generator 671 is 32 bits χ 4. The data transfer amount from the integrity protection processing unit 43 to the wireless communication control unit 2 of FIG. 32 is not required to be transmitted from the integrity authentication sub-generator 670 to the integrity authentication sub-appendator 68 as shown in FIG. Therefore, the amount of data transferred has been greatly reduced. Further, the integrity verification generating unit 434 and the integrity authentication sub-generating unit 435 of the integrity protection processing unit 43 shown in Fig. 32 have the same configuration, and the combination is one. Further, Fig. 31 and Fig. 32 show the data transfer processing of the bus bar 9〇, the input/output processing of the buffers 660, 661, the authentication sub-generating unit 67〇, the authentication sub-generation processing of the 61, 71, and the integrity authentication sub-addition. The authentication processing of the authentication sub-addition processing and the integrity validator 861 is a "central processing" of a plurality of data. From the viewpoint of the use efficiency of the CPU 29 and the bus 90, it is preferable that the data transmission of the bus 90 is performed. At least one of the processing or the data receiving processing performs the processing by "one instruction" or "the unified processing is performed without dispersing the plurality of objects". Further, in one of the cases of FIG. 31 and FIG. 32, the integrity confirmation sub-generator 66, the integrity confirmation sub-generator 671, the integrity confirmation sub-adder 680, and the integrity confirmation sub-adder 681 are permeable. Hardware implementation, through software, or through a combination of hardware and software. FIG. 33 shows another configuration of the encryption unit 422. Figure 3 3 shows the setting of multiple buffers and switching with the switch g ψ

2112-3909-PF.ptd Page 44 1287767 V. Description of invention (42) -- Condition. The switch SW can be switched by a logical channel identifier. That is, when the logical channel is n, by setting 0 buffers, a random sequence can be prepared in advance on each logical channel. Figure 34 shows the case where ^ buffers are set and n mutually exclusive logics and tombs are set. Figure 35 shows the setting of „buffers and setting a plurality of ciphers. Thus, by preparing a plurality of buffers, each channel can be hidden at high speed on each logical channel. Further, 'not shown in the circle' decoding As shown in Fig. 33, Fig. 34 and Fig. 35, a plurality of buffers can also be arranged on each channel. As shown in Fig. 33, Fig. 34 and Fig. 35, it is also possible to further improve the integrity, 4.32 And a plurality of buffers are set on each channel in the integrity confirmation unit 433

Si?. The configuration of the implementation type 3 is not limited to the one shown in FIG. 27, for example, the circle 5, the figure 6, the figure 7, the figure 8, the circle 10, the figure U, etc. Hidden processing and complete:] Processing. In addition, encryption and de-encryption can be performed by a module. In addition, integrity authentication can be performed by a module. Sexual confirmation. In addition, each module can be set in plural. In addition to the complete f, when the buffers 620, 621, 66〇, 661 are stored from the cpu29 'can be accessed by the memory address or by the input and output address, in addition, the encryption described in the implementation mode 3 Device, decoding device

2112-3909-PF.ptd Page 45! 287767 A """ 1 V. Invention Description (43) -- , Authenticity Certification Sub-Addition (Device), Integrity Confirmation (Device), Integrity The authentication sub-generation unit (device) is not limited to use in a wireless communication device, and may be used in other electrical devices such as a wired communication device and a computer. The aforementioned hidden and integrity protection processing unit 4 can be configured by hardware. For example, it can be implemented by an FPGA or a custom LSI. Further, the hidden cum integrity processing unit 40 is also composed of software. When the hidden and integrity protection processing unit 40 is implemented in a software program, the software program can be executed by the CPU in the wireless communication control unit 2A. In addition, the 'hidden and integrity protection processing unit 4' can be implemented by combining software and hardware, for example, by DSP (Digital Signal)

Processor) and microprograms and firmware programs executed by the DSP. Specific examples will be described below using FIGS. 17 to 200. Fig. 17 is a view showing the configuration of the encryption module 51 (or the decoder board group 71) used in the encryption and decoding unit 420. The encryption module 51 has a key scheduling unit 511 and a data randomizing unit 512. The gold record scheduling unit 511 inputs a gold remainder κ, and produces n amplification keys ExtiH to ExtKn. The data random portion 512 generates a random number by the function F and the X0R circuit. The function F inputs the amplification key and performs nonlinear data conversion. In the cryptographic module 51, various block cryptographic algorithms can be used, for example: (1) DES (Data Encryption Standard) 〇 (2) International Publication No. W097/9705 (U.S. Patent Application Serial No. 08/83640) The block cryptographic algorithm jo STY.

2112-3909-H^ptd Page 46 The hidden and integrity protection processing unit 4 described below can be implemented by the encryption program ο. The encryption program 47 is stored in the ROM (Read 〇nly MemQiey) 42 (an example of a recording medium). The encryption program 4 7 can also be stored in 1287767. The invention description (44) (3) The 64-bit block password based on the above block cryptographic algorithm MISTY is determined as the international standard code for the new generation mobile phone (IMT2000). Block MM algorithm kasuMI. (4) The block cipher algorithm Came ^ ia and the like described in Japanese Patent Application No. 2〇〇〇_646 14 (application date: March 9, 2000). In addition, block cryptographic algorithms such as DES, MISTY, Kasumi or Camellia can also be used in the decoding module. Fig. 18 shows the mounting form of the aforementioned hidden and integrity protection processing unit. Fig. 18 shows the case where the aforementioned concealment and integrity protection processing unit 40 is realized in an FPGA or an I C or an LSI. That is, the aforementioned hidden and integrity protection processing section 40 can be implemented by hardware. Further, although not shown, it can also be realized by printing a circuit board. Fig. 19 shows the case where the aforementioned concealment and integrity protection processing section 40 is realized by hardware. MMUandom Access Memory) or other recording media such as floppy or hard disk. In addition, the encryption program 47 can also be downloaded from a servo computer. Encryption 47 operates as a subroutine. By means of the subroutine, the encryption program is called and executed from the application 46 stored in the RAM 45. Alternatively, the encryption program 47 can also be activated by the card bit processed by the card slot control unit 43. Is part of RAM 45. Application 46, encryption program

V

2112-3909-1^^1 (1 page 47 1287767 V. Description of the invention (45) is a program executed by the CPU 41. Fig. 20 shows an application program 46 that is operated by the wireless communication control unit 2 to call out the encryption program. The mechanism of the program 46 applies the Jin Yu K, the initial value IV, the normal text μ, and the password text c as parameters to call the encryption program 47. The encryption program 47 inputs the key κ, the initial value IV, and the normal text Μ, and then transmits The password cipher text c. When the encryption program 47 and the decoding program 47 are the same, the key κ, the initial value IV, the cipher text c, and the normal text Μ are used as parameters to call the encryption program ο. Further, although not shown, The encryption program 47 can also be implemented by a digital signal processor and a program that is read and executed using the digital signal processor. That is, the encryption program 47 can also be implemented by combining hardware and software. Fig. 20 mainly illustrates the case of encryption, and can also be decoded in the same manner. The embossed type and the decoded type shown in Fig. 8 and Fig. 19 can be worn according to the type of machine. For example, it can be installed on an individual. Computer, fax device, action, recording and playback All the electrochemical devices such as video cameras, digital cameras, and television cameras. In particular, features such as decoding data from a plurality of channels can be utilized, or data of several users can be effectively used in a random type. The state arrives and is crowned, or, there may be = the user's data is generated in a random pattern and is less than the number of devices that are to be encrypted and decoded, that is, ... to encrypt and decode: valid. For example, many must be supported The base of the user's computer receives and transmits information from a variety of mobile telephones. 2112-3909-PF.ptd Page 48 1287767, invention description (46) Port circuit controller, etc. The above encryption method and decoding method are very effective. Furthermore, the foregoing examples show the case of connecting in parallel interfaces, wherein the parallel interface passes through the wireless communication control unit 20 and the hidden and integrity protection process 40' but a sequence interface can also be used. Further, although the terminal IF 4 1 is shown 0 and the hidden and integrity protection processing unit 4 and the wireless communication unit 3 and the hidden integrity protection processing unit 4 are connected by a serial interface, in order to For the processing of the horse speed, the parallel interface 0 may be used without using the sequence interface. In addition, FIG. 9 and FIG. 1 show that the hidden processing unit 46 is disposed inside the hidden and complete processing unit 40, but the hidden processing is performed. The unit 46〇 is independent from the hidden and το integrity protection processing unit 4, and the hidden processing unit 46 can be connected between the terminal IF unit 1 and the wireless communication unit 3 。. Industrial availability: In the foregoing implementation mode, 'the use of buffers to handle the billet', the high-speed conceal processing and integrity guarantees - the data transmission used for the concealment processing and the integrity protection processing - the number of people is reduced, Therefore, the burden on the CPU and the bus bar can be alleviated. In addition to the above-described embodiment, a plurality of hidden processing units and J number of uniformity protection processing units can be provided in the processing unit according to the number of channels and the amount of data, and high-speed parallel synchronization can be performed. .

2112-3909-PF.ptd第49页

Claims (1)

i^ZZ67 正Μ 曰it correction car, patent application scope 1 · An encryption device, including: a central processing device for inputting and outputting control signals and ordinary characters for generating random numbers; Receiving the control output from the central processing device and generating a random sequence according to the control signal; the random number column memory portion memorizing the logarithmic column generated by the encryptor; and the '^ computing unit receiving the The normal text output from the central processing unit 'calculates the normal text and the random text stored in the random number column memory unit' to generate and output the milma text, wherein: the central processing device outputs the Before the normal text, the loose signal is output first, and the following::: The device starts to produce the P-red red before the computing unit turns the ordinary text, and the AP 呎哆 encryptor generates the random number sequence, 逆 inverse & The machine number memory unit estimates the random number*, re-establishes the soil {general text and the random number of the floods, and makes the operation The program of the machine sequence, and;: 'start the program of the i-machine sequence of the top-up, and then start the operation of storing the 13⁄4 of the memory of the ^^ column memory. 丨 Execute the random number column and the capital meter 2 · For example, the fee device of the i-th application of the patent scope inputs at least an encryption key and a common obscuration device, wherein the length of the digits corresponding to the length of the normal text is used to memorize the memory of the random number column using the encryption key. .&, the random number generated is listed as ' § ordinary text input into the operation unit % Army's revised replacement page 9〇1 Sharp: a" ____ __ 6. When applying for a patent range, the random number column memory unit has a buffer for outputting the stored random number sequence. 3. The encryption device of claim 1, wherein the upper computing unit can input normal characters for a plurality of channels; the encryptor can input channel identification information for identifying frequency, and generate a production machine on each channel. a plurality of columns; the random number column memory unit may memorize a random number sequence generated by the encryptor on each of the channels; and the operation unit may input a random number sequence corresponding to a channel for inputting normal characters from the random number list and encrypt the ordinary text 4: A decoding device, comprising: a central processing device 'for outputting a random number and a password text; and a code=, receiving the control signal outputted from the central processing device, and according to the control signal Generate random number sequence; random number column memory part, note ώ μ, +, μ _ number column; and ° has L, the random and year Ϊ 部 part generated by the above decoder, 、 ί 输入 input password text, input by operation The password text is outputted: the random number of the ΓΓ ί ΐ ΓΓ , , , , , , , ' ' ' ' ' ' ' ' ' ' ' ' ' 中央 中央 中央 中央 中央 中央 中央 中央 中央The control is followed by: ί: the device starts to generate before the input of the password text by the computing unit, and the 3H central processing device causes the decoder to generate the random number sequence, so that 2112-3909-PF4.ptc Page 51 6 6 y is replacing page I 12877 (曰修正6, patent application scope ί Ϊ : ί : memory section stores the random number column ―, ^ ^ Ι ί ί ί ί ί Γ 随机 随机 随机 随机 随机 随机 随机Previously, first: the calculation unit executes the program of the machine sequence, and then starts the operation of the operation of the operation of the data storage unit. The execution of the random number sequence and the data " the decoding device of the fourth scope of the patent range... The horse state to > rounds the decoding key and the ciphertext, /, the length of the random number column of the length of the cipher text generated by the above solution, and uses the decoding key to recall the random number column memory; the randomness generated by the face 丄The sequence of the above-mentioned random number memory has: win: code; word in the operation of the unit. ^ ° has 'study of the random number of the series 6 · as claimed in the fourth paragraph of the patent application The password text can be input to a plurality of channels ' Γ , the above input input 靡 = machine number can be transferred from the above random number column memory::; enter the password number of the channel of the random number and decode the secret text 7 * — Complete The authentication sub-generating device comprises: a central processing device; a bus bar; a data storage unit for rotating and memorizing χ (χ) control signal data; and) a beta and X integrity authentication sub-generator, Used to enter the above information memory department on page 52 2112-3909-PF4.ptc ‘ 、 车 ^ ^ Λ 修正 correction 1287767 f^· VI. X data of the patent application scope and X integrity certificates of X control, 'generate corresponding to one data: Among them, X integrity certificate is output in the sub-set; And the integrity certification is connected with the central processing device, and the stalking of the scorpion is separated from the X data and the X control signal data by the 玄 汇 流 藉 藉 藉 藉 藉 藉 藉The integrity authentication sub-generator is output to the central processing device by the reconciliation authentication subset. ° 乂 乂 乂 · · · · 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性 完整性A complete authentication sub-generator for inputting X data and X control signal data stored in the data storage unit, generating X integrity authenticators for each data, and collecting X integrity certificates And an integrity authentication sub-adder for inputting X integrity authenticators outputted by the above-mentioned integrity authentication sub-generator to add X integrity authenticators to X data, and outputting additional X data of X integrity authenticators; wherein: the data storage unit and the integrity authentication sub-adder are connected to the central processing device by a bus bar, and the data storage unit is from the center by the bus bar The processing device inputs the X data and the X control signal data, 2112-3909-PF4.ptc第53页 The integrity authentication sub-adder outputs the X pieces of data of the X integrity authenticators to the central processing device by the bus bar. The present invention comprises: Processing device; bus bar; data storage unit, which is used to wheel and memorize one piece of data and one control signal data added with χ (χ S 2 ) yuan integrity 5 tortuous syndrome; It is used to input the X data and X control signal data recalled by the above data storage unit, generate a complete integrity authenticator for each data, and output X integrity authenticators in a centralized manner; and integrity confirmation And the X integrity authenticators output by the above-mentioned integrity authentication sub-generator, respectively comparing the input integrity authenticators and the integrity authentications added to the X data To confirm the integrity of the X data; wherein: ...a the data storage unit and the integrity validator are connected by the central processing device by the bus, /' the data storage unit is connected by the bus , The central processing unit of the X-th input data and control signals χ data, which confirm the integrity of nine lines by the bus controller, the integrity of the data is indeed a case of χ result dataset is output to the central processing unit. a wireless communication device comprising: a terminal interface, which is responsible for inputting data; and, a wireless communication control unit, which is responsible for inputting data that is wheeled in the terminal's face and then processing the data according to the communication protocol and outputting; a processing unit that is responsible for inputting a control letter from the wireless communication control unit Apply for the patent May 曰6 revision number and information, root ruling age λ i, 妒% receive the control signal of the field to carry out the concealment processing of the encrypted data, and then the processed cautious wireless communication department, Gan = output to the wireless a communication control unit; f ϋ π # > β /, is responsible for inputting the output from the wireless communication control unit and transmitting the data after the modulation, the wireless communication control Α , number; 4 outputting before outputting the data The control processing unit includes: an encryption device, which is configured to generate a random number sequence generated by a random number of encrypted data before the input of the number of rounds + m 4 and "+ is input; 'random number column memory Part, the random number sequence of the output of the direct A times; and the data and memory of the wireless communication control unit in the data of the upper and the number y of the cryptographic device before the beading is inserted;;;;歹: And encrypting the data, wherein: the random number column memory unit stores the random number sequence: the slave serial number, the ordinary text and the budget of the random number are saved, and the operation unit executes the program for generating the random number sequence, And the heart, first start the program of the serializer of the cipher, and then open the storage of the second stack of the memory. Then, the transporting unit executes the random number sequence and the data communication device, including: a terminal interface, which is responsible for inputting data; and a wireless communication control unit, the basin is responsible for processing, and then processing the resource according to the communication protocol. The integrity protection processing unit input by the interface is input, and the output is controlled by the wireless communication control unit. 2112-3909-PF4.ptc第55页 6. Applying for the scope of patents The signals and data are processed according to the input control signals, that is, whether the data detected by the input data is output to the wireless communication control unit; and '? 'The wireless communication unit is then responsible for inputting the data from the wireless communication control and transmitting the data after the modulation, wherein the above-mentioned integrity protection processing unit of the output includes: a data storage unit, and the communication control unit is collectively input. Temporarily storing a plurality of control signals and a secondary wireless integrity authentication sub-generator, which generates an integrity authenticator for the data storage unit to memorize and use the control signal, and concentrates on ... 1 number of asset authentication sub-to Wireless communication control unit. W is a complete wireless communication device, comprising: a wireless communication unit that is responsible for receiving and demodulating data; a wireless communication control unit that is responsible for inputting the wireless communication of the data and processing the data according to the communication protocol and then outputting the data 7 demodulation hidden processing unit, which is responsible for the hidden processing of the signal control data from the wireless communication control unit number and the data according to the input control signal for the round=^, and then the processed information processing control unit And the ..., the line through the terminal face, which is responsible for inputting and outputting wirelessly passed data, which is characterized by: control. The wireless communication control unit rotates the control signal before outputting the data. The hidden processing unit includes: a decoder that generates and outputs the input information before the data is input. 2112-3909-PF4.ptc page 56 random number sequence of material decoding; random number column memory part, which is temporarily outputted before the data is input; and sub-decoder operation unit, which is used to input poor material, operation The random number sequence input to the random number column memory unit, and the input=, beta and memory=line communication control unit cause the decoder to generate the random G text, and the machine number memory unit stores the random number sequence, and causes the random number sequence to be stored. Before the calculus of the text and the random number sequence, the 3 (4) of the ordinary random number sequence is executed first, and the random number; the = sequence, and then the operation unit executes the random number sequence and the sum. 1 3 - A wireless communication device, comprising: a wireless communication unit that is responsible for receiving and demodulating data; a communication control unit that is responsible for inputting a solution by the wireless communication unit, and processing the data according to the protocol for further output; σBeam signal and data 蔓二=二'Second: From the wireless communication control department, the input control data is also for the input surface measurement data: 4氕: the processed poor material is output to the wireless communication control unit; and ",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 2112-3909-PF4.ptc Page 57 1287767 $日修X)正换页^110108273 . . 曰 Amendment 6. Applying for patent scope integrity authentication sub-generator, which controls the use of multiple data stored in the data memory unit The signal generates an integrity authenticator and collectively outputs a plurality of integrity authenticators to the wireless communication control unit. 2112-3909-PF4.ptc Page 58 1287ψθ^] 08273^, A^W^TFI disk March 21 revision replacement page ί year; month > / day correction / correction / supplementary correction period: 94.3.21 CPU h new choice ii / ί reading knee 逡燊 S it 92 孅 28 face, 960: 辕漓Η啭 {256 translation it} ^ β§β^ 64泠.^ wrestling dance 溲 B4佥itlt icon 烊 plastic macro food ^ Holding a dance vrtIJ 64Q 1 630 ο Γ · Prayer face sp 64食^浑象鎿涅谇64谇it琢烊湮F 0 64食itlt象肄湟K620 : f ^ 二641—^ \ 621 :麟游H,610 瑭扉岭\611 \i心22 xi \423 9 0 : Ancestral 91 (psUNTtc, BEARER, DIRECTION, LENGTH) ί§ "I change the II replacement January 2·3 open 94.. isL 77 ..8 :2 -I move 29 paintings