RU2832568C1 - Data storage and transmission device with synchronized encryption system - Google Patents

Abstract

FIELD: data processing.

SUBSTANCE: invention relates to devices for storage and noise-immune covert transmission of encrypted data in the presence of noise using a finite set of noise-like signals. Device comprises storage device, communication lines, encryption and decryption key generators, encoder, decoder, control device, ensemble code generator, receiving device, data generator, programmer.

EFFECT: high security of data storage owing to synchronous time variation of encryption and decryption keys.

11 cl, 6 dwg

Description

Field of technology

The invention relates to the field of radio engineering, computing equipment, storage devices and noise-resistant covert transmission of encrypted data in the presence of noise using a finite set of noise-like signals (NLS).

State of the art

A data storage device is known [1] that contains a control unit, a memory unit, a switching unit, and a key circuit protection unit, and ensures the reliability and safety of data storage in the presence of dangerous external influences (static electricity). The disadvantage of the analogue is the lack of an encryption system and the ability to covertly transmit stored data to the user via a communication line (CL) in an optimal manner in the presence (against the background) of noise.

A coherent information transmission system is known [2]. A finite set of chaotic signals is used as a coherent information transmission system. The system contains transmitting and receiving parts. In the transmitting part, chaotic signals are formed, which are multiplied by information sequences so that each bit is transmitted once by its segment of the chaotic signal, while entering into synchronism of the transmitting and receiving parts is required. On the receiving side, copies of chaotic signals are formed to isolate the information sequence. The disadvantage of the analog is the need to ensure synchronism of chaotic signals in the receiving and transmitting parts, which requires the use of signals of a sufficient level, and this leads to the absence of energy secrecy of the system (there is secrecy of the signal structure). Ensuring synchronism requires time, which reduces the speed of the system (the wider the spectrum of the coherent information transmission system, the more time is spent). There is also no encryption system, storage device (SD) for storing data. Here, system coherence means the presence of synchronicity of signals in the transmitting and receiving parts and does not ensure optimal transmission and processing of signals (detection and discrimination) in the presence of noise.

As an analog, an encryption device is considered [3, p. 51, Fig. 2.5], in which input sequences of symbols are transformed into output sequences in accordance with the transformation key. The disadvantage of the device is the lack of a memory and the ability to transmit data.

The device selected as an analogue is [4], which contains a memory (non-volatile memory is specified), a communication line (wired or wireless data reception/transmission section is specified), a random number generator, which are keys for encryption/recovery of transmitted data, implemented in the form of one/several integrated circuits or a "smart card", a main control unit, which is a programmable integrated circuit based on software loaded in a special way. The disadvantage is the lack of the ability to covertly transmit encrypted data from the memory to the user via the LAN in an optimal way in the presence (against the background) of noise.

The prototype is a device [5] containing a memory, a communication line, an encryption key generator, an encryptor, a decoder, a control device, an ensemble code generator, a receiving device, a data former, and a decryption key generator. Input data are encrypted using encryption keys and recorded in the memory. Using control signals, data are read and transmitted via the communication line to the input of the receiving device. Then encrypted data are formed (recovered), which are decrypted using the decryption keys. A disadvantage is the lack of the ability to quickly, interval-by-interval vary encryption/decryption keys in order to increase the security of the data transfer operation to the user.

Brief summary of the nature and composition of the proposed device

Input data _X in , consisting of a set of bytes, each of which is a set of bits (combinations of logical ones "1" and zeros "0"), are fed to the input of the claimed data storage and transmission device with a synchronized encryption system (DSTDS). The task of the device is to save the input data in a form protected from unauthorized correction and to restore the data in the place required by the user at the required time, so that as a result X _out = X _in . Each byte corresponds to a numerical value and a certain symbol of the selected data encoding system. Before storing the numbers corresponding to the input bytes, their numerical values are changed (encrypted) to new values in accordance with the rule (encryption key) selected by the user. In work [3], methods of renumbering symbols are mentioned. Encryption by renumbering is carried out thanks to control signals, which are the result of comparing the bytes of the selected (reference) encoding system with the encryption keys. Bytes with new, renumbered values are stored in the memory. The task of transmitting data over the LAN for their reproduction in their original form in the place required by the user is implemented using an ensemble of coded signals related to the class of the SPS, using optimal processing devices. When transmitting data from the memory, each encrypted byte is transmitted by one of these signals of the ensemble. The task of restoring data in its original form is carried out by reverse replacement of the numerical values of the bytes stored in the memory with the original numbers (decryption) according to the rule for converting byte numbers (decryption key) specified by the user. Encryption and decryption are carried out in the encryptor and decoder. The encryption and decryption keys synchronously change (vary) in value at different time intervals specified by the user via the programmer. Encryption, storage, transmission and restoration of data are implemented within one time interval in which the specified keys are unchanged. Other encryption, storage, transmission and recovery cycles can be implemented within a different time interval, with changed keys. Key persistence intervals (slots) are chosen to be short enough, possible access to data on one of the slots does not mean the availability of access on other slots, the durations of which are not constant and are actually also coded.

The difference from the prototype [5] lies in the specification of the beginning and end of the intervals for storing and transmitting data, and in the repeated execution of the required operations when the user specifies different keys within these time intervals (slots).

Thus, input data can be stored, protected, secretly transmitted over the LAN in the presence (against the background) of noise by means of the SPS and processed in an optimal way, after which they can be restored in their original form. R-codes [6, 7] and signals based on them, for example, phase-shift keyed signals (PSK), are used.

Secrecy of signal transmission means [8, p. 8, 9] that it is necessary to use special methods and devices to detect the fact of signal transmission in the presence of noise, and it is also necessary to measure the main parameters of the signals. The larger the signal base, the higher the energy and parametric secrecy. Optimality of signal processing in the presence of noise remains valid in conditions of a wide range of interference (narrowband, pulse, structural) [8, p. 7].

Some information about R codes and ensembles

In control, communication and radar systems, the R-type signals [8] are widely used, which have certain advantages. A variety of the R-type signals are the BCS. They consist of a sequence of N radio pulses with the same frequency and amplitude (we assume it is equal to one). The sequence of radio pulses with different initial phases is characterized by a binary code sequence or simply a code G. In this case, the BCS based on these codes [6], in which the autocorrelation function (ACF) in the region of side peaks varies within ±R (0≤R≤N-1, R is an integer), are called signals of the R-type (RS-R). At the same time, a set of g codes G=G ^x _R,N (x=1,…,g), corresponding to such signals, is called R-codes (these are binary codes in which the ACF in the region of side peaks varies within ±R, that is, R is the largest permissible value of the side peaks of the ACF modulus).

For a few Barker codes R-1. The largest value, the peak of the ACF module of such N-element codes is designated u _m =N, the relative level of side peaks (RLSP) of the ACF is B ₁ =R/N. The base of the FMS is B=N. The sign of the noise-like nature of the signal is the correctness of the condition that the base is large (B >> 1) [8]. Pairs of codes are characterized by the largest value of the module of the mutual correlation function (MCF) W.

FMS-R based on binary R-codes are pulse signals. For optimal detection and differentiation of these codes and signals in the presence of noise, known methods and schemes (matched filters and correlators) are used [8].

Some sets of SPS have certain properties that allow them to be considered together as ensembles for constructing alphabets. The works [9-11] consider the issues of finding R-codes.

The symbol T denotes the duration of each of the N FMS-R radio pulses. The initial phases can be equal to 0 or π (180°), and the codes are usually represented by a sequence of coefficients, respectively (+1, -1), for example, (1, -1, -1, -1, -1, 1) for N = 6; R = 2. In the general case, the initial phases of the radio pulses can be equal to ϕ ₀ +0, when the code coefficient is equal to (+1), or ϕ ₀ +π, in the case when the code coefficient is equal to (-1), where ϕ ₀ is a fixed component of the specified initial phase (the main thing is that the phase difference is equal to 0 or π).

Further, signals based on binary codes are considered to be SPS consisting of radio pulses, the initial phases of which are equal to (ϕ ₀ +0) or (ϕ ₀ +π), and no restrictions are imposed on changes in the amplitudes and frequencies of radio pulses; requirements are introduced for the UBP ACF and VKF.

A set of binary pulse codes is presented, in which the UBP ACF and VCF satisfy certain requirements, in the form

Where - binary code;

j=1,…,N - coefficients of the x-th code of the ensemble; x - code numbering index, x=1,…,g;

g - the number of codes in the set or signals based on them;

R is the largest permissible value of the side peaks of the ACF module, 0≤R≤N-1, R is an integer;

N is the number of coefficients in codes and in signals based on them.

An ensemble is a set of codes with imposed restrictions on the UBP of the ACF and the VCF. For example, for codes with P ^x _j =±1, R=3,N=30, W≤29, g=256: G ¹ _3,30 =(1,1,-1,-1,-1,1...1),G ² _3,30 =(1,-1,-1,-1,-1,1…1),…, G ²⁵⁶ _3,30 =(1,-1,-1,-1,1,1…1).

The limitations on the UBP of the ACF and the VCF are formulated analytically [6, 7]. At moments t _k = k⋅T, where k = 1,…, N-1, counted from the beginning of the ACF (k = 0), the values of the ACF modulus take extreme or zero values and are equal to N at k = N.

The values of the modulus of the VCF of the ensemble code pairs with indices "x" and "y" are considered at moments t _k =k⋅T, counted from the beginning of the VCF. The ensemble codes with restrictions on the UBP of the ACF and the VCF according to [6,7,9-11] can be represented as inequalities with respect to the code coefficients:

where P ⁱ _j , P ⁱ _N+jk , j=1,…,N are the coefficients of the i-th code of the ensemble;

N is the number of coefficients in the ensemble codes or in signals based on them;

k is the index of numbering of the readings of the time moments of the autocorrelation function;

R is the permissible UBP of the ACF specified by the user, 0≤R≤N-1, R is an integer;

g - the number of codes in the ensemble or signals based on them;

where P ^x _j , P ^y _N+jk , j=1,…,N are the coefficients of the x-th and y-th codes of the ensemble;

x, y (x≠y) are indices of different codes in the ensemble, taking values from 1 to g;

g - the number of codes in the ensemble or signals based on them;

N is the number of coefficients in the ensemble codes or in signals based on them;

k is the index of numbering of the readings of the time moments of the mutual correlation function;

W - the permissible level of side peaks of the cross-correlation function specified by the user, N>W≥1,

g=g1 - the number of symbols in the data coding system.

Condition (3) establishes the relationship of each of the g codes in the ensemble and the signals based on them with all other (g-1) codes and signals. The ensemble codes are generated by the ensemble code generator. The parameters N, R, W and g are interdependent.

When transmitting data in informatics and computer technology, each byte corresponds to a specific symbol of the coding system. If each symbol and, accordingly, byte are assigned a code from the ensemble, then an alphabet will be obtained. When using the well-known ASCII coding system (American Standard Code for Information Interchange), consisting of g1=256 symbols, an ensemble of codes of the same number g=g1 is required [9, 10]. Symbols correspond to numerical values changing from 0 to 255, which, as is known, are represented by a set of eight bits that make up a byte.

In general, for a coding system of g1 symbols, it is necessary to use g2=log2 g1 elements (bits), so sets of g2 bits (not necessarily equal to eight) are called blocks. For a coding system of two symbols (g1=2), a block consists of a single bit (g2=1), which takes two values, an ensemble of two codes is needed.

The coding system can determine the correspondence of analog signal levels at certain moments in time and their code values in the form of blocks (bytes). Further, for clarity, the ASCII system is mentioned in the description.

Some terms used to simplify the description

An alphabet is a one-to-one correspondence between the elements of a coding system and the codes or signals that make up the ensemble.

An ensemble is a set of binary codes or pulse signals based on them, for which restrictions are imposed on the UBP of the ACF (R) and the VCF (W).

Signals based on binary codes are pulse signals consisting of radio pulses whose initial phases are equal to (ϕ ₀ +0) or (ϕ ₀ +π), where ϕ ₀ is a fixed component of the specified initial phase, and no requirements are imposed on changes in the amplitude and frequency of radio pulses; restrictions (2), (3) on the UBP of the ACF and the VCF are introduced for these signals. If the amplitudes and frequencies are constant, then there are FMS-R ensembles.

A block is a set of g2=log2 g1 elements (bits), where g1 is the number of symbols in the coding system, in which each symbol has a one-to-one correspondence to a specific set of bits.

L - data - blocks (bytes) of input data, renumbered in the encoder in accordance with the encryption keys, designated by the symbol L.

Data recording is the entry of encrypted block bits (L-data) into memory cells.

Data recovery is the transformation of ensemble codes transmitted via LAN into L-data and their subsequent decryption.

Linganum is a user-defined function (rule, formula, table) that defines a one-to-one correspondence between sets of numbers (0;1;…;g1-1) and a set of symbols of the selected coding system. ASCII is a special case of linganum.

Block (byte) renumbering is the change in the order of elements (bits), for example, logical ones and zeros, or positive and negative logical ones included in a block (byte) so that the numerical value determined by the elements of the block (byte) becomes equal to the assigned number (key).

The numerical values of the blocks are determined by a sequence of elements that are considered as digits of the binary system of calculation, and if positive and negative logical units are selected as elements, then when calculating the numerical values of the block, negative logical units are replaced by zeros.

A formula is a set of codes for which a one-to-one correspondence is specified between integers in order from 1 to g and codes of the ensemble (1), for example, (G ¹ _3.30 ;…;G ²⁵⁶ _3.30 ) for g=256.

Slot - a time interval during which the encryption and decryption keys remain unchanged.

Sorting is an operation of transforming one finite sequence of numerical values into another such that the indices of the ordinal numbers of the elements of the original sequence are reduced by one and change places with the values of the elements of this sequence, the ordinal numbers of the new numerical sequence are increased by one, and the elements of the resulting sequence with their changed ordinal numbers are arranged in ascending order of these numbers.

Sorting is used to determine the data recovery linganum and decryption keys based on the type of record linganum and encryption keys, which allows the same operations and schemes to be used for decryption as for encryption.

The sorting order is determined by the fact that the values of the original sequence must be replaced by new ones, and also take into account that these values and their indices differ by one (for example, in ASCII, indices vary as 1, 2, 3, …, and the numeric values of symbols change in ascending order 0, 1, 2, …). To do this, the indices of the original sequence are reduced by one before the specified replacement, and the indices of the new sequence must be increased by one.

Example of sorting: the initial sequence is given written taking into account the ordinal number and value of the elements, using the correspondence sign "→". That is (ordinal number (initial value → new value)): 1(0→5); 2(1→0); 3(2→3); 4(3→2); 5(4→1); 6(5→4). Another notation is possible: =(5 ₁ ;0 ₂ ; 3 ₃ ; 2 ₄ ; 1 ₅ ; 4 ₆ ). Sorting to determine the desired sequence : decreasing the index of the ordinal number by one - (5 ₀ ;0 ₁ ;3 ₂ ;2 ₃ ;1 ₄ ;4 ₅ ); swapping indices and values - (0 ₅ ;1 ₀ ;2 ₃ ;3 ₂ ;4 ₁ ;5 ₄ ); increasing the indices of the new sequence by one - (0 ₆ ;1 ₁ ;2 ₄ ,3 ₃ ;4 ₂ ;5 ₅ ); arranging elements in ascending order of indices - =(1 ₁ ;4 ₂ ,3 ₃ ;2 ₄ ;5 ₅ ;0 ₆ ). This can be rewritten using the correspondence sign to perform the check: 1(0→1); 2(1→4); 3(2→3); 4(3→2); 5(4→5); 6(5→0). The unambiguous relationship between the obtained result and the original sequence, presented above using the correspondence sign, renumbering ("→"), is visible.

Representation of the encryption operation by renumbering bytes. The variant is presented when the block corresponds to a byte. The encryption is carried out by replacing the numerical values of the bytes (by renumbering) on the slots. It is designated:

a sequence of variable values of the linganum of data recording in binary and decimal representation (the first two bytes and the last bytes are written out) for any of the d=1, 2, …, D slots, each value in brackets is one of the positive integers from 0 to (g1-1), used in compiling this sequence only once (g1 is the number of symbols in the data coding system, for example, g1=256);

t _d =t _d-1 +Λ _d - end of the d-th slot with duration Λ _d ≥0;

ψ=(Λ _d , d=1,2,…,D) is the sequence of encryption keys for slot durations;

t _D - the sum Λ _d of the durations of all D slots;

t ₀ , t _D - initial and final values of the first and last slots.

For the binary representation system, L _i,j,d take the values of logical "1" or "0" and specify the i-th bit of the j-th byte for the d-th slot. The values of L _d in formula (4) set the encryption keys. Slots of different durations are graphically represented in Fig. 1(a).

Input and encrypted data for each d-th slot are entered:

input data in binary and decimal systems (only the first two bytes are written);

data after encryption on the d-th slot in binary and decimal systems (only the first two bytes are written);

i, j, d - bit, byte, slot numbering indices.

When recording values in a table (Fig. 4, 6) index j is not introduced (its role is played by row numbers), the slot index in the table examples is not specified for their simplification. Renumbering of bytes (5) in expression (6) is carried out in the encoder and in the decoder (when restoring data) by performing the operation of checking the feasibility of certain conditions and performing the assignment operation:

encryption operation by replacing numerical values, where j=1, 2,…, d=1, 2, …, D are byte numbering indices and slot;

X _вхj,d - the value of the j-th byte of input data on the d-th slot;

- the value of the j-th byte after encryption on the d-th slot;

L _1,d ; L _2,d ; ..., L _g1,d - sequence of encryption key values on the d-th slot;

g1 - the number of symbols in the data coding system.

Note that if j>(g1-1), for example, j=1000, then "If" X _in1000 =0 "THEN" X° ₁₀₀₀ =L ₁ or "If" X _in1000 =1 "THEN" X° ₁₀₀₀ =L ₂ or … "If" X _in1000 =(g1-1) "THEN" X° ₁₀₀₀ =L _g1 , therefore expression (7) is applicable (the value is important, not the index). The slot index is not written for simplicity.

For any slot, the output data after recovery is designated:

output data in binary and decimal systems (the first two bytes are given).

Data recovery is performed during decryption by replacing the numerical values of bytes (renumbering) on all slots. Similar to expression (4), we have:

a sequence of variable values of the data recovery linganum in binary and decimal representation (the first two bytes and the last one are written out) for any of d=1, 2, …, D slot, each value in brackets is one of the positive integers from 0 to (g1-1), used in composing this sequence only once (g1 is the number of symbols in the data coding system, for example, g1=256);

t' _d =t' _d-1 +Λ _d - the time of the end of the d-th slot with duration Λ' _d ≥0;

ψ'=(Λ' _d , d=1,2,…,D) - the sequence of encryption keys for slot durations;

t' _D - the sum Λ' _d of the durations of all D slots;

t' ₀ , t' _D - initial and final values of the first and last slot.

For the binary representation system L' _i,j,d in expression (9) take the values of logical "1" or "0" and set the i-th bit of the j-th byte for the d-th slot. This decryption linganum is used as the decryption keys. In Fig. 1(b) slots of different lengths are graphically represented. For correct data recovery, the slots and encryption and decryption keys must match each other.

When restoring data, the values of X° from (6) are transformed into _X out from (8):

decryption operations by replacing numerical values,

where j=1, 2, …, d=1, 2, …, D are byte numbering indices and slot;

X° _j,d - the value of the j-th byte before decryption;

X _outj,d - the value of the j-th byte of output data;

L'_1,d;L'_2,d;…;L' _g1,d - sequence of decryption key values (data recovery linganum);

g1 - the number of symbols in the data coding system.

The values of L(t) in formula (4) and L'(t) in expression (9) are used to set the control signals for the operation of the inverter keys used to obtain logical functions (LF) that ensure the renumbering of data during encryption and decryption. Such LF are implemented, for example, on logical elements [12,13]. Encryption is carried out in accordance with the LF, which is constructed on the basis of the truth table. Inverters are used to implement the required inversions of the LF arguments. After the control signals for the inverters are formed, the UHPDShS is ready for operation.

The encryption key generator generates signals corresponding to the numerical values of the sequence (4). Sorting is used when restoring data, i.e. the sequence (9) of the recovery linganum is obtained after sorting the sequence (4) of the recording linganum. The decryption key generator generates signals corresponding to the values of the sequence (9).

To implement operations with data in the claimed UHPDShS, devices are used that have several inputs or outputs, for which the following numbering is introduced for the sake of convenience of presentation. Encoder - the first input is the UHPDShS input; the second input is the one that is connected to the output of the encryption key generator; storage device - the first input is the one that is connected to the output of the encoder; the second input is the one that is connected to the second output of the control device; control device - the first output is the one that is connected to the input of the ensemble code generator; the second output is the one that is connected to the second input of the storage device; decoder - the first input is the one that is connected to the output of the decryption key generator; the second input is the one that is connected to the output of the data former; encryption logical device - the first input is the one that is connected to the output of the encoder coupling device; the second input is the one that is connected to the output of the encryption key converter; decryption logical device - the first input is the one that is connected to the output of the decryption key converter; the second input is the one that is connected to the second input of the decoder; slot programmer - the first output is the one that is connected to the communication line of the encoder, the second is the one that is connected to the communication line of the decoder; slot generator - the first and second outputs are connected to the corresponding outputs of the slot programmer; synchronizer - the first output is connected to the input of the slot generator, the second output is connected to the second output of the slot programmer, the third output is connected to the first output of the slot programmer.

The essence of the invention

The task that the claimed invention is aimed at solving is to ensure additional protection of data from external influences during their storage and transmission.

The stated problem is solved due to the fact that in a data storage and transmission device with an encryption system, comprising a storage device, a communication line, an encryption key generator, an encryptor, a decoder, a control device, an ensemble code generator, a receiving device, a data generator, a decryption key generator, wherein the first input of the encryptor is connected to the input of the entire device, the second input of the encryptor is connected to the output of the encryption key generator, the output of the encryptor is connected to the first input of the storage device, the second input of the storage device is connected to the second output of the control device, the input of the control device is connected to the output of the storage device, the first output of the control device is connected to the input of the ensemble code generator, the output of the ensemble code generator is connected to the input of the communication line, and the output of the communication line is connected to the input of the receiving device, the output of the receiving device is connected to the input of the data generator, the output of which is connected to the second input of the decoder, the output of the decoder is the output of the entire device, the first input of the decoder is connected to the output of the decryption key generator, in addition, the ensemble code generator generates a set of codes (1) or signals based on them, the coefficients also satisfy relations (2), the codes of the ensemble satisfy constraints (3), the encoder communication line, the decoder communication line, and the slot programmer are introduced as new features, wherein the input of the encoder communication line is connected to the first output of the slot programmer, the output of the encoder communication line is connected to the input of the encryption key generator, the input of the decoder communication line is connected to the second output of the slot programmer, the output of the decoder communication line is connected to the input of the decryption key generator, the encoder generates signals X° _j,d , j=1, 2, …, d=1, 2, D based on conditions (7), the decoder generates signals X _outj,d , j=1, 2, …, d=1, 2, D based on conditions (10), the encryption key generator generates signals corresponding to the elements of the sequences L(t) of expression (4), the decryption key generator generates signals corresponding to the elements of the sequence L'(t) expressions (9), obtained so that the ordinal numbers jx of the elements of the encryption key sequence L _j,d, j=1, 2, …, g1 for d=1, 2, …, D of formula (4) are decreased by one and change places with the values of the elements of this sequence, the ordinal numbers of the new numerical sequence are increased by one and the elements of the obtained sequence with their changed ordinal numbers are arranged in ascending order of these numbers, forming L' _j,d , j=1, 2, …, g1, d=1, 2, …, D of formula (9), while

the slot programmer includes a slot generator and a synchronizer, the first output of the slot programmer is connected to the first output of the slot generator and the third output of the synchronizer, the second output of the slot programmer is connected to the second outputs of the slot generator and the synchronizer, the first output of which is connected to the input of the slot generator, synchronous operation of the generators on each d-th slot is ensured;

the encryptor contains an encryption key converter, an encryption logical device and an encryption device interface,

the input of the encryption key converter is the second input of the encryptor, and the output of the encryption key converter is connected to the second input of the encryption logical device, the first input of the encryption logical device is connected to the output of the interface device of the encryptor, the input of the interface device of the encryptor is the first input of the encryptor and the entire device, the output of the encryption logical device is the output of the encryptor;

the decoder comprises a decryption key converter, a decryption logical device and a decoder interface device,

the input of the decryption key converter is the first input of the decoder, the output of the decryption key converter is connected to the first input of the decryption logical device, the second input of the decryption logical device is the second input of the decoder, the output of the decryption logical device is connected to the input of the coupling device of the decoder, the output of which is the output of the decoder and the entire device;

the control device contains a trigger pulse generator and an address and mode generator, the output of the address and mode generator is the second output of the control device, the input of the trigger pulse generator is connected to the input of the control device, the output of the trigger pulse generator is connected to the first output of the control device.

The presented set of essential features allows to obtain a technical result and to achieve the purpose of the invention, which consists in additional increase of security of data storage due to synchronous temporary change of encryption and decryption keys and in provision of energetically secret transmission of encrypted data to the user via the communication line, including in the presence of noise in an optimal way. The proposed device is illustrated by the diagram (Fig. 2).

List of graphic representation figures

Fig.1 - various encryption and decryption key slots.

Fig.2 - block diagram of data storage and transmission device with synchronized encryption system. Explanation of numerical designations: 1. Storage device. 2. Communication line. 3. Encryption key generator. 4. Encryptor. 5. Decryptor. 6. Control device. 7. Ensemble code generator. 8. Receiving device. 9. Data former. 10. Decryption key generator. 11. Decryptor communication line. 12. Slot programmer. 13. Encryptor communication line. 14. Encryption key converter. 15. Encryption logical device. 16. Encryptor interfacing device. 17. Trigger pulse former. 18. Address and mode generator. 19. Decryption key converter. 20. Decryption logical device. 21. Decryptor interfacing device. 22. Slot generator. 23. Synchronizer.

Fig.3 - table of binary values of the arguments of the encryption LF.

Fig.4 - table of binary values of encrypted data and encryption LF.

Fig.5 - table of decimal values of the linganum for recording and encrypting data.

Fig.6 - table of values of the ensemble code generator control function.

Information confirming the possibility of implementing the invention.

1. Used logical functions, sorting operation for decryption. LFs, on which the work of UHPDShS is based, are considered, the sorting operation used during decryption is analyzed.

1.1 LF for the logical device (LD) of encryption

To record the LF (as in the prototype [5]), a truth table is compiled, which specifies the numbers of symbols and bytes before encryption and after this operation based on the linganum of the record. If implicitly specified values of the linganum of the record (4) are entered into the truth table, then it is impossible to express the LF explicitly. Therefore, one of the possible variants of the linganum is given as an example, which allows writing the LF explicitly. This example is considered for the case when the blocks correspond to bytes, is true for any slot, therefore the slot index is not recorded.

The arguments of the sought encryption LF are the input bytes (5), and the values of the function are the encrypted bytes (6). Placing the input and output bytes in one table is difficult, so two tables are used. Fig. 3 shows the values of the table of arguments of the encryption LF for the selected lingamum record as an example. It does not contain the symbols of the coding system, but their ordinal numbers are given, the values of the binary digits and the decimal values of these binary numbers are indicated (the ordinal numbering starts with one, and the values start with zero). For example, the symbol "E" corresponds to the binary and decimal numbers 1000101 ₂ = 69 ₁₀ , the ordinal number in the table is 70. The first column contains the numbers in order, then eight columns with the bit values for all byte variants (binary representation of the number) and the last column contains the decimal values X ₁₀ (from 0 to 255 for g 1 = 256).

Fig. 4 shows the table of argument values and the truth table for the LF encryption, which allows using the correspondence sign "→" to write the operation of translating the numerical values of the arguments (Fig. 3) into certain function values. Then, using the example of linganum (4) for g1=256, we have: L=(L _j , j=1,2,…,256)=(0 ₁ ,1 ₂ ,…,169 ₇₀ ,…,184 ₈₅ ,…,11 ₁₂₂ ,…,255 ₂₅₆ ) we obtain: 1(0→0); 2(1→1); …; 70(69→169); …; 85(84→184); …, 122(121→11); …; 256(255→255).

The first column of the table in Fig. 4 is the byte numbers in order; the second is the new decimal values in accordance with the given linganum; columns 3…10 are encrypted binary values; columns 11…18 are new binary values in accordance with the linganum (they coincide with the values of columns 3…10, but are highlighted for the convenience of constructing the LF according to the rules [12, p. 31; 13, p. 18]).

Explanation of the notation. The encryption LF is a set of components, designated by F ⁰ _ij , i=1,…,8; j=1,…,256, which together with X _i,j are indexed row by row and by columns. The variation by index i is implemented by introducing columns for the LF components, and the variation by j in the component designation in the specified table of Fig. 4 is not shown, since it is carried out in accordance with the known rules for constructing the LF. That is, the encrypted data values in binary form of the j-th row are equal to the values of the components F° ₈ ,…,F° ₁ (the row index j is omitted). The inversion operation is designated by the symbol (…)*. The particular example of the tables in Fig. 4 shows the senior components of the encryption LF F° ₈ , F° ₇ , which are equal to:

The ellipsis in the sums means the possible presence of other terms (Fig. 4 shows a part of the rows of the complete table for all possible bytes). Other components of the LF are also composed. Examples of expressions define the LF of a record with encryption for any set of arguments - the numerical values of all possible bytes before encryption.

1.2 Sorting operation

When restoring data, the decryption linganum (9) is used, the numerical values of which are the result of sorting the recording linganum (4). As in the prototype [5], a variant of such an operation is considered using the example of the values of the table in Fig. 5 (an extended table is given in comparison with the table in Fig. 4).

Designations in the table: j is the index of numbering in the order of the numerical values of the symbols of the coding system; X ₁₀ are the decimal numerical values of the bytes of the coding system; L _j are the decimal numbers of the renumbering linganum (the new numerical value of the bytes that must be obtained after encryption). The following relationship is valid: j = 1 + X ₁₀ . For brevity of the example, only a part of the numerical values of the coding system for g1 = 256 is given in the specified table. For example, j = 111-th symbol of the coding system is described by a byte corresponding to the decimal number 110 ₁₀ , and in accordance with the recording linganum, the symbol is renumbered and corresponds to the decimal number 149 ₁₀ , and so on.

Based on the data in the table in Fig. 5, the linganum records look like this:

For example, the element j=55 is equal to the decimal number L ₅₅ =54 and is renumbered to the number 250.

Restoration by decryption occurs in the reverse order. It is necessary to swap the first and second numbers (or change the direction of the arrows of the correspondence sign "→"), sort (permutate, change the order of recording) these pairs of numbers so that the numbers that become the first after the permutation (left) increase.

Based on the previously described sorting procedure, we obtain step-by-step results of the operations for finding the required sequence L':

(0 ₀ ,1 ₁ ,2 ₂ ,…,250 ₅₄ ,…,169 ₆₉ ,…,178 ₇₈ ,…,179 ₇₉ ,…,183 ₈₃ ,…,184 ₈₄ ,…,149 ₁₁₀ ,…,11 ₁₂₁ ,…,160 ₁₈₈ ,…,254 ₂₅₄ , 255 ₂₅₅ ) - decreasing indices by one;

(0 ₀ ,1 ₁ ,2 ₂ ,…,54 ₂₅₀ ,…,69 ₁₆₉ ,…,78 ₁₇₈ ,…,79 ₁₇₉ ,…,83 ₁₈₃ ,…,84 ₁₈₄ ,…,110 ₁₄₉ ,…,121 ₁₁ ,…,188 ₁₆₀ ,…,254 ₂₅₄ , 255 ₂₅₅ ) - replacement of indices and values;

(0 ₁ ,1 ₂ ,2 ₃ ,…,121 ₁₂ ,…,110 ₁₅₀ ,…,188 ₁₆₁ ,…,69 ₁₇₀ ,…,78 ₁₇₉ ,…,79 ₁₈₀ ,…,83 ₁₈₄ ,…,84 ₁₈₅ ,…,54 ₂₅₁ ,…,254 ₂₅₅ , 255 ₂₅₆ ) - increasing the indices in the new sequence by one and arranging the elements in ascending order of indices.

Therefore, the recovery linganum that defines the decryption keys is:

The procedure for sorting the values of the record linganum to construct the data recovery linganum (13), which determines the decryption keys, is shown.

1.3 LF control of the ensemble code generator

For certainty, the ASCII system (g1=256) was chosen. The type of logical functions was considered n=1,…,g1, which must be used to obtain the pulses for starting the ensemble code generator. Since the memory stores L-data bytes (encrypted bytes of input data) i=1,…,8; j=1,2,…,256, then each of them corresponds to a decimal number, which is designated ŵ.

It is required to obtain an impulse (LF value is marked as "1") only on output of all available g1=256 outputs, and the remaining outputs should generate the value "0". The resulting signal allows further, using the ensemble code generator, to generate only ensemble code from all possible g1=256 variants. That is, if a byte of L data is extracted from the memory, which corresponds, for example, to the decimal number 184, then the considered command generator circuit creates a "1" pulse only on its output. This makes it possible to launch a device that generates exclusively the 185th code from the ensemble code formula.

Designated: (X° _i,j , i=1,…,8; j=1,2,…,256) - arguments, ( n=1,…,256) - LF from these arguments, and the value of LF is equal to "1" (Fig. 6) only for set of arguments and for the remaining variants the value is equal to "0". A truth table has been compiled (Fig. 6), and for simplicity only a few numerical values are indicated. The first column contains the numbers in order, and columns two through ten contain the decimal and binary numerical values of the bits corresponding to the symbols of the ASCII system. The remaining columns contain the required LF values.

If there is a signal at the first output of the device implementing the LF, then at all other outputs the function is equal to zero, if there is a signal at the second output, then at all others it is equal to zero, and so on ( only for the n-th byte, n=1,…,g1). Applying the known rules [12, p. 31; 13, p. 18], we obtain the required LFs. For example:

where n=g1=256, j=1, 2,… is the byte numbering index.

If we substitute binary values of numbers, sequentially, for example, for j=1, 185, 256 (A and ) from the table in Fig.6 to formula (14), we obtain, respectively, (other components are zero), (other components are zero), (other components are equal to zero). These values determine the LF of control of the generators of the SPS. In the general case of application of blocks, the LF contains g=g1 components. These values determine the LF of control of the generators of the ensemble codes as applied to any slot.

2. An example of a code form for the ensemble G ^x _R,N (N=30; R=3; W=29; x=1,…,g; g=256)

The ensemble presented in the prototype [5] can be applied; some of the codes are given.

1) 1,1,-1,1,1,1,1,1,-1,1,1,-1,-1,1,-1,-1,-1,1,1,1,- 1,1,-1,-1,1,-1,1,-1,1,1

2) 1,1,-1,1,1,1,1,-1,1,1,1,-1,-1,-1,-1,1,-1,-1,1,-1 ,1,1,1,-1,-1,-1,1,-1,1,1

…,

120) 1,-1,1,-1,-1,1,-1,1,-1,-1,-1,-1,-1,-1,-1,1,1,1,- 1,-1,-1,1,1,-1,-1,1,-1,-1,1,1

121) 1,-1,1,1,1,-1,-1,1,1,1,1,-1,1,-1,1,-1,1,1,-1,-1, 1,-1,-1,1,-1,1,1,1,1,1

254) 1,1,1,-1,1,1,1,1,-1,-1,-1,1,-1,-1,-1,1,1,-1,1,-1 ,-1,-1,-1,1,1,-1,1,-1,-1,-1

255) 1,1,1,-1,1,1,1,-1,-1,-1,-1,1,-1,-1,-1,1,1,-1,1,- 1,-1,-1,-1,1,1,-1,1,-1,-1,-1

256) 1,1,1,-1,1,-1,-1,1,1,1,1,-1,1,-1,-1,1,1,1,-1,1,1 ,1,1,-1,-1,-1,1,-1,-1,-1

The largest value of the VCF is always less than the largest value (peak) of the ACF, therefore for any set of codes W<N. Consequently, the codes of the presented form form an ensemble with parameters N, R, W and conditions (2), (3) are satisfied. This allows, by analyzing the UBP of the ACF and the VCF, to distinguish codes and signals based on them from each other and to restore encrypted data blocks transmitted via the LAN and the original input data after their storage in the memory. It is necessary to use ensembles of codes and signals based on them with the lowest possible values of the UBP of the ACF and the VCF [6, 7].

3. Description of the proposed device

The data storage and transmission device with an encryption and synchronization system is shown in the structural diagram in Fig. 2, the numerical designations of the circuit elements are decoded, and

the first input of the encoder 4 is connected to the input of the entire device, the second input of the encoder 4 is connected to the output of the encryption key generator 3, the output of the encoder 4 is connected to the first input of the storage device 1, the second input of which is connected to the second output of the control device 6, the input of the control device 6 is connected to the output of the storage device 1, the first output of the control device 6 is connected to the input of the ensemble code generator 7, the output of the ensemble code generator 7 is connected to the input of the communication line 2, and the output of the communication line 2 is connected to the input of the receiving device 8, the output of the decoder 5 is the output of the entire device, the first input of the decoder 5 is connected to the output of the decryption key generator 10, the output of the receiving device 8 is connected to the input of the data generator 9, the output of which is connected to the second input of the decoder 5,

the input of the communication line of the encoder 13 is connected to the first output of the programmer slot 12, the output of the communication line of the encoder 13 is connected to the input of the encryption key generator 3, the input of the communication line of the decoder 11 is connected to the second output of the programmer slot 12, the output of the communication line of the decoder 11 is connected to the input of the decryption key generator 10, at the same time

the programmer slot 12 includes the generator slot 22 and the synchronizer 23, the first output of the programmer slot 12 is connected to the first output of the generator slot 22 and the third output of the synchronizer 23, the second output of the programmer slot 12 is connected to the second output of the synchronizer 23, the first output of which is connected to the input of the generator slot 22, the encoder 4 contains the encryption key converter 14, the encryption logical device 15, the encoder coupling device 16,

the input of the encryption key converter 14 is the second input of the encryptor 4, and the output of the encryption key converter 14 is connected to the second input of the logical encryption device 15, the first input of the logical encryption device 15 is connected to the output of the coupling device of the encryptor 16, the input of which is the first input of the encryptor 4 and the entire device, the output of the logical encryption device 15 is the output of the encryptor 4;

control device 6 contains a trigger pulse generator 17 and an address and mode generator 18,

the output of the address and mode generator 18 is the second output of the control device 6, the input of the start pulse generator 17 is connected to the input of the control device 6, the output of the start pulse generator 17 is connected to the first output of the control device 6;

the decoder 5 comprises a decryption key converter 19, a decryption logical device 20 and a decoder coupling device 21, the input of the decryption key converter 19 is the first input of the decoder 5, the output of the decryption key converter 19 is connected to the first input of the decryption logical device 20, the second input of the decryption logical device 20 is the second input of the decoder 5, the output of the decryption logical device 20 is connected to the input of the decoder coupling device 21, the output of which is the output of the decoder 5 and the entire device.

4. Composition and operation of individual devices included in the claimed device

Devices 1, 3, 4, 6, 7 from the diagram in Fig. 2 are assigned to the storage part for convenience of presentation, and devices 5, 8, 9, 10, 16-18 are assigned to the recovery part, both parts are connected by LS 2 (the programmer is common) and make up the UHPDShS. The description of the devices is presented in relation to blocks in the form of bytes.

4.1 Storage device

The memory device 1 is intended for recording, storing and reproducing saved L-data at its output. The memory device 1 is non-volatile and can be repeatedly reprogrammed. These requirements are met, in particular, by solid-state integrated reprogrammable memory devices with electrical erasure (without removing the microcircuit from the contact pads) or EEPROM [14, p. 231, 233] and hard disks (with a large memory capacity for stationary use of the UHPDShS or small-sized ones for mobile use).

There is a matrix consisting of memory cells (MC), row and column selection decoders, address buses for recording and reading signals from the cells [14, p.237, 239]. Cell selection signals are supplied from control device 6 (Fig. 2). Operating modes: reading, writing, erasing.

In the operating mode, the L-data bytes are entered into the CAM. The sequence of writing and reading is regulated by the CAM address control signals and the operating mode. The signals are sent to the second input of the CAM 1 from the second output of the device 6. After the recording is complete, the encryption key generator 3 can be switched off (or disconnected from the entire device). When the power supply is disconnected from the entire device, the CAM 1 goes into storage mode. Data reading from the CAM 1 is implemented in a similar manner. Data deletion from the CAM 1 is possible by feeding identical signals (4) to the encryption key generator. All options allow obtaining the same technical result.

4.2 Communication line

LS 2 is intended for the implementation of the transmission of ensemble codes or signals based on them to that part of the claimed device where the data is restored (from contact G to H in Fig. 2). LS 2 is a set of technical means and a physical environment that ensure the distribution of data signals [15, p. 189]. Technical means may include a modulator (for example, a mixer with an amplifier), a transmitter (for example, amplifiers and antennas), a receiver (for example, a frequency converter with an amplifier), a demodulator. Physical environments: solid, liquid, gaseous, vacuum. A distinction is made between electrical communication lines (wire and radio), sound (acoustic) and light (optical) communication.

Data can be transmitted using electromagnetic waves propagating through wires, cables, waveguides, light guides, as well as in air and airless space. In particular, by means of twisted pair, fiber-optic cable (FOC), coaxial cable, radio channel of terrestrial or satellite communications [16].

An example of a solid physical medium are the sound lines of surface and volume acoustic waves made of, for example, piezoelectric quartz and lithium niobate. The length of the sound lines is small, but they are practically insensitive to external influences, excluding direct physical destruction. Devices on volume and surface acoustic waves for sound (acoustic) communication lines are presented in [17].

Sound (acoustic) communication lines in a liquid medium are considered in [18], where the features of underwater sound communication are indicated. Light (optical) communication lines are presented in [19].

When contacts G and H are directly connected (Fig. 2), communication line 2 consists of conductors of the circuit elements of the corresponding devices. Auxiliary equipment (converters, amplifiers, antennas, etc.) is not considered here. The above also applies to the LS of the encoder 13 and the LS of the decoder 11. All communication line variants provide the same technical result.

4.3 Encryption Key Generator

Generator 3 is intended for generating signals corresponding to the encryption linganum (4) for each slot. These signals represent a set of g1=g bytes for each slot, the numerical values of each of which correspond to the quantities L _j,d , j=1,2,…, g1, d=1,2,…,D in expression (4) and are shown in general form in Fig. 1, the sets of bytes consist of a set of bits, the parameters g, g1 are the number of codes in the ensemble and in the selected coding system. The device can be implemented on elements of discrete circuitry, for example, on shift registers with taps [8], so that inverters are connected to the corresponding taps, which allows the signals from all taps to be obtained on the adder, the required numerical combination of bits, i.e. the necessary bytes of the encryption keys.

A possible embodiment is a memory device in which all required signals of the slot sequence are recorded and from which they can be extracted. These signals are output for the encryption key generator 3.

The encryption key generator 3 can be implemented as a programmable logic integrated circuit (PLIC) [13, 14, pp. 494, 534] or its variety or a PLIC variant that can be created in the future. Control signals supplied to the PLIC allow the implementation of the required LFs, obtaining the required byte sequences. In any case, the same technical result is ensured.

4.4 Encryptor

Device 4 is designed to encrypt the input data by renumbering the bytes in accordance with the recording linganum (based on expression (4)) for any slot specified by encryption key generator 3.

For this purpose, LFs similar to expression (11) are used, the construction is given in the presented example. LFs can be implemented, for example, on logical elements "AND", "OR", "NOT" [12, 13]. The encoder includes an encryption key converter 14, an encryption LU 15 and an encoder coupling device 16.

Brief summary of the essence of encryption operations for an arbitrary slot (slot index omitted)

To implement the LF encryption, it is necessary to perform inversion operations (11), which is possible by means of inverters regulated by control signals. The operations are performed in the encryption LU 15, the said control signals are generated by the encryption key converter 14. The control signals depend on the results of comparison (according to a certain rule) of the bytes formed by the encryption key generator 3 (they are specified by the user for each slot), with the bytes of the selected coding system (they act as standards) on each slot.

The purpose of inverters is to perform the inversion (negation) operation of a binary variable (let's designate it "A") when exposed to an external control signal U. For example, variable A is converted to A* if U is equal to logical "1" and is not converted if U is equal to logical "0".

For example, an inverter can be constructed from two electronic switches (Cl. 1, 2) and a circuit that performs the inversion function "NOT". The general circuit consists of two parallel branches. Cl. 1 is located in the first, and the "NOT" element is located in the second, and Cl. 2 is connected in series with it. The inputs and outputs of the branches are also the inputs and outputs of the inverter. Cl. 1 opens when a positive signal U is applied to the control input of the switch (let's designate it as "+1"), and Cl. 2 closes when this signal is applied. In this case, the input variable A passes to the output through Cl. 2 and is inverted ("+1" - there is inversion). If the opposite control signal is applied (let's designate it as "0"), Cl. 1 closes and Cl. 2 opens. The input variable A passes to the output without inversion ("0" - no inversion). By changing the value of U, it is possible to obtain the LF arguments in the required invertible or non-invertible form. The LF for inverter control is defined as follows: the inverter control device has two inputs to which the logical values "B" and "C" are fed, then the control signal values are formed at the output in the form of the ratio U=C⋅B*. This LF takes a non-zero value only for the set of arguments (B;C)=(0;1).

Devices for controlling inverters using U signals can be implemented using AND and NOT logic elements [12,13].

Based on the established values of U (the value takes on a unit value only for a pair of arguments (0;1)) to perform the inversion operation, it is necessary to form the following set of values: the variable "C" (the value of the transformation function) is equal to "1", and the argument "B" (the input signal) is equal to "0".

Designated: F° _1,j ; F° _2,j ; …; F° _7,j ; F° _8,j - je components of the encryption LF, each of which is equal to the product of bits, some of which can be inverted. These values must be formed schematically, they correspond to the recording linganum. The encryption LF is a set of values F° ₁ ; F° ₂ ; …, F° ₇ ; F° ₈ , which are the sums of the indicated LF components for all values j=1,…,g1 (for example, g1=256).

In the relation U=C⋅B* we consider that the variable "C" is similar to the values of the encryption LF components and simultaneously to the values of the recording linganum (table in Fig. 4), and "B" is the argument of this function (table in Fig. 3). Then, to perform the inversion operation, the control signal U in the form of a logical "+1" will be created when "C" is equal to "+1" and "B" is equal to "0". For all other sets of variables (B;C), "0" will be formed at the output of the control signal generation circuit U. The signal U is determined according to the specified rule for each i-th bit of any j-th byte in relation to each function F° _k , k=1, …, 8 (Fig. 4). Consequently, the inverter control signals in general depend on the three specified indices (i, j, k) and are therefore designated U _i,j,k . That is, the value "C" (the components of the LF and the values of the linganum recording) is the enabling signal for inverting the value "B" (the arguments of the LF).

The encryption key converter 14, included in the encoder 4, generates control signals U _i,j,k for the inverters based on the linganum selected by the user, which is implemented in the form of signals from the encryption key generator 3, and the encryption LU 15 allows obtaining components and constructing the required encryption LF.

Scheme of implementation of encryption key converter 14 for any slot. In a possible scheme for forming U _i,j,k there is an input for the values of the linganum L(t), transmitted to the second input of the encoder 4 from the encryption key generator 3, and there is also a generator of bytes of the coding system. The bytes of the system are known and are unchanged for the selected coding system, for all slots. For g1=256, by analogy with (5), these bytes are designated (X' _i,j ,i=1,…,8;j=1,2,…,256)=[(X'_1,1;X'_2,1;…;Х' _8,1 ); (X'_1,2;X'_2,2;…;X' _8,2 ); …; (X'_1,256;X'_2,256;X' _8,256 )] - The quantities take on the values of whole decimal numbers from 0 to 255, and in the binary system of calculation they coincide with the numbers in the rows of the table in Fig. 3, 4 from the set (0,…,0) to (1,…,1)), play the role of standards. The byte generator X' _i,j of the coding system can be implemented on registers with weight taps and adders [8] or in the form of a memory device. This byte generator is started when the supply voltage is connected. The quantities X' _i,j are the values of the byte numbers (standards) used in the preparatory mode for obtaining the signals for setting the inverters in any slot (regulated by signals from the slot programmer via the communication line). The setting signals are then used in the encryption LU 15 for forming the encryption LF in the operating mode.

The circuits for implementing the LF U=C⋅B* and the byte generator of the coding system are part of the encryption key converter 14 and can be built on the logical elements "NOT", "AND" for all bits (i=1,…,8) of the j-th byte in any slot. Similar circuits are needed for all different values of j=1,…,g1 in order to create control voltages for all inverters, which allows obtaining the required encryption LF.

To demonstrate an example, we will fix the slot number and cross it out of the designations, then, for example, L _1,j is successively multiplied by the inversions of the values Х' _1,j , X' _2,j , …, X' _8,j and the signals U _1,j,1 , U _2,j,1 , …, U _8,j,1 are obtained. If L _8,j is multiplied by X' _1,j , X' _2,j , …, X' _8,j , the resulting values are U _1,j,8 , U _2,j,8 , …, U _8,j,8 and so on for all bytes j=1, …, g1. For ASCII, the indices of the values U _i,j,k characterize: i=1, …, 8 - dependence on the bit number in a byte; j=1, …, 256 - subordination to the byte number; k=1, …, 8 - connectivity with the number of the LF components (F° _{1, j} ; …; F° _8,j ) of encryption. The inverters are numbered with the same indexes for the same purpose, i.e. I _i,j,k . In all values in general, it is necessary to enter the slot index, which does not affect the results and the order of the described actions.

Operation of encryption key converter 14. After connecting the power supply, the encryption key generator 3 and the coding system byte generator are started. In accordance with the specified rules, inverter control voltages U are created. As a result, the encryption key converter 14 transforms the encryption keys of a specific slot into control voltages for the encryption LU inverters 15 for this slot.

The encryption LU 15 is intended to perform the encryption operation of input bytes by renumbering them in accordance with the recording linganum, using the inverter control voltages. To implement this task, it is possible to use circuits for implementing the LF, similar to expression (11), using the logical elements "AND", "OR", "NOT" [12, 13].

In the structure of the LF of expression (11), we note the features that are true for any slot (the slot index is not written). Previously, the arguments were designated as X _{i, j} , i = 1, …, 8; j = 1, 2, …, and in the given example of expressions for F ° ₈ and F ° _7, single-index numbering is used X _i , i = 1, …, 8. This is due to the fact that each term in the LF corresponds to a certain index value], that is, the variation of this index is taken into account when constructing the LF, therefore, single-index numbering is introduced to simplify the entries. When constructing the LU encryption scheme 12, this circumstance is taken into account in that the scheme has two parts: one forms the components of the sums of different LFs, and the other combines them, forming as a result the required function as a whole.

Each of the specified LF is represented by the sum of the products of arguments (X _i,j , i=1,…,8; j=1,2,…), as in formula (11), some of them are inverted. The number of terms for g1=256 is equal to the number of rows in the tables of Figs. 3, 4. Depending on the type of recording linganum, some of the terms of the specified sum of products are equal to zero, therefore they are absent in (11). In the general case, for each of the eight components of the LF (a block of eight bits is considered), it is required to form all g1 terms (for example, g1=256) during their circuit implementation.

According to the rules [12, p. 31; 13, p. 18] of forming any LF, sets of arguments are allocated for which the function is equal to one (marked in Fig. 4 with the sign (*)). Inverters are used to invert zero values from this set of arguments. Inverters in each slot I _i,j,k are controlled by signals U _i,j,k generated by encryption key converters 14. In the preparatory mode, inverter control voltages are formed, in the operating mode, data bytes are fed to the inputs of the corresponding devices for further encryption, storage and recovery.

That is, the encryption LU 15 consists of the formers of the components F° _1,j ; F° _2,j ; …; F° _7,j ; F° _8,j of each j-th byte (this is the product of bits, some of which can be inverted) and the slot, as well as adders for obtaining the set of encryption LFs of the slot (F° ₁ ; F° ₂ ;…; F° ₇ ; F° ₈ ).

The composition of the circuits of one of the possible implementation options for component shapers for any slot may include inverters I _{i,j, k} , i=1, …, 8; j=1, …, g1 (for example, g1=256); k=1, …, 8 and binary signal multipliers (8-input AND elements). In the recording mode, the input data values (LF arguments) (X _1,j ,Х _2,j ,…,X _8,j ) are fed to the inputs of the component formers. At the output, there are the values of the LF components (F° _1,j ;F° _2,j ;…;F° _8,j ) for each value j=1,…,g1, where these components are products of the input data values (LF arguments) and some of them are inverted. As a result, terms are formed for the components of each LF, corresponding to all j=1,…,g1. Then, summation is performed over all values of the index j.

In the implementation circuit of the LF component generator there is also an input for the inverter control signals U _i,j,k (i is the index for changing the bits of the input bytes; j is the index of the variation of the input bytes; k is the index of the numbering of the LF components F° _1,j ; …; F° _8j ).

For example, the _{1st , 2nd} , …, 8th bits of the j-th byte of input data X 1,j , X 2 _{,j , …, X 8 ,j ,} as well as the write control signals U _1, j,1 ; U _{2,j,1 ; …, U 8,j,1 , are fed to the inverters I 1j,1} ; I _2,j,1 ; …, I _8,j,1 , which make it possible to obtain inverted or not input bits. As a result of multiplying the signals at the inverter outputs, the LF component F° _{1 ,j} is obtained. Other inverters are used in the same way, in particular, if the write control signals U _{1 , j,8} ; U _2,j,8 ; …, U _8,j,8 , then the component of the LF F° _{8, j} will be found. Such operations are carried out for all values of the index j=1,…,g1 (for example, g1=256). Schemes are applied for each specified value] separately, which differ in the state of the inverters (different control signals are given, depending on the linganum).

There are schemes for summing up the terms that make up the components of the LF for different j and schemes for forming a set of LFs. Let an example be expression (11) for one of the functions of the set, say F° ₈ . Signals from the generators of these components for different j are sent to each scheme for summing up the components (the "OR" elements). Components related to the same LF but for different values] are summed up on g1 - the input "OR" elements (for example, g1=256), which allows us to obtain the required LFs.

At the output of the component summation circuit there are values of the encryption LF set (F° ₁ ;F° ₂ ;…;F° ₈ ), which correspond to the digits of the bytes encrypted by renumbering (6). That is, the encoder 4 allows the implementation of operations of converting input data into encrypted bytes, which are stored in the memory 1.

All operations are implemented in any slot, the differences are in the values of the specified encryption keys.

The coupling device of the encoder 16 is intended for matching the encryption LU 15 with the transmission line through which input data is supplied to the UHPDShS, or for matching the form of data presentation or for applying known rules that must be implemented for the operability of the encryption LU 15.

The matching in the coupling device of the encoder 16 allows the input data to be transmitted to the encryption LU 15 in an energy-efficient and distortion-free manner. The function of matching the data form may consist, for example, in converting the serial transmission of bytes into a parallel sequence of bytes or in using certain protocols, standards for data transmission/reception.

In unmatched communication lines, data distortions are possible [14, pp. 29-32]. They can be reduced by using a matching device [14, pp. 32-40] or data input/output standards [14, pp. 43-53], which also refers to the function of the coupling device. It can be implemented on passive or active elements (transistors, microcircuits) or in the form of a universal serial bus USB as in [4]. All options provide the same technical result.

The operation of the encoder 4 on any slot (the slot index is not specified, since it is arbitrary) begins with the supply of input data bytes (X _1,j , X _2,j ,…, X _8,j are the digits of the binary numbers of the j-th row of the table in Fig. 3). The inverters are set by control signals in the preparatory mode, so the required encryption LFs are available. This allows us to assign a new number to each of the input symbols (input bytes) according to this encryption LF, which is what we need to obtain.

The schemes of the encoder 4 can be implemented on logical elements or in the form of an FPGA [13, 14, p. 494, 534] or on its variety or on such a variant of an FPGA that can be created in the future. All implementation options provide the same technical result.

4.5 Decryptor

The device 5 is intended for decrypting the data encrypted by renumbering bytes (according to the values of the recovery linganum) received from the memory 1, i.e. in accordance with the values (9) formed by the decryption key generator 10 for each slot. The circuits used and the LFs formed are similar to those intended for encryption and recording (an example is expression (11)), with the difference that the recovery linganum has a different form. The specified circuits can be implemented, for example, on the logical elements "AND", "OR", "NOT" [12, 13] or on the FPGA. The decryption operation is implemented using the decryption key converter 19, the decryption LU 20 and the interfacing device of the decoder 21.

The decryption key converter 19 is similar to the encryption key converter 14. The difference between the encryption and decryption keys is related to the differences in the linganums. The values L'(t) of formula (9), formed by the decryption key generator 10 for any slot, are obtained as a result of sorting the values of the signals of the encryption key generator 3 (an example is given, expressions (12), (13) are obtained).

Sorting allows achieving unification by using the same operations and schemes for decryption and encryption (the differences are in the inverter control signals). The compilation of the byte recovery LF by decryption is carried out in the same way as when implementing the encryption operation.

The operations performed for any slot are given, the slot indices are not specified, but are added to other indices. The notation V=V _i,j,k is introduced - the control signals of the decoder inverters used in the decoding LU 20, where i is the index for the bit numbering; j is the byte variation index; k is the LF component index.

The scheme of implementation of the decryption key converter 19. In this scheme for forming V=V _i,j,k there is an input for the values of the linganum of a specific slot L'(t), transmitted to the first input of the decoder 5 from the decryption key generator 10, and the byte generator of the coding system is also used. These pre-known bytes for g1=256 by analogy with (5) are designated (X' _ij , i=1,…,8; j=1,2,…,256)=[(X'_1,1;X'_2,1;…;Х' _8,1 ); (X'_1,2;X'_2,2;…;X' _8,2 ); …; (X'_1,256;X'_2,256;…;Х' _8,256 )]. The values of these bytes take on the values of whole decimal numbers from 0 to 255, and in the binary system of calculation they coincide with the numbers in the rows of the table in Figs. 3, 4 (from the set (0,…,0) to (1,…,1)). The generator of bytes X' _i,j of the coding system can be implemented on registers with weight taps and adders [8] or in the form of a memory device. This generator of bytes is started after changing the decryption keys of the slot. The values X' _i,j are the reference numerical values of the bytes used in the short preparatory mode at the beginning of any slot to obtain the signals V _i,j,k of setting the inverters, which are then used in the operating mode in the decryption LU 20. All generators are started simultaneously to synchronize the execution of operations on any slots by means of signals supplied from the corresponding outputs of the programmer 12.

Next, on the logical elements "NOT" and "AND", the LF V=C⋅B* is repeatedly implemented for all bits (i=1,…,8) of each j-th byte. Similar circuits for different values of j=1,…,g1 allow us to obtain the required LFs for the control signals of all inverters of the decoding LU 20.

The coupling device of the decoder 21 is intended for matching the resistances of the decoding LU 20 with the transmission line along which the output data are supplied from the UHPDShS or for matching the form of data presentation.

The matching provided by the coupling device of the decoder 21 allows for energy-efficient and distortion-free transmission of data to the output of the UHPDShS. Matching the data form may consist, for example, in converting the serial transmission of bytes into a parallel sequence of bytes or in using known protocols or standards for data transmission/reception.

In uncoordinated communication lines, data distortions are possible [14, pp. 29-32]. They can be reduced by using matching devices [14, pp. 32-40] or data input/output standards [14, pp. 43-53], which is also ensured by the coupling device 21. It can be implemented on passive or active elements (transistors, microcircuits) or in the form of a universal serial bus USB as in [4]. The same technical result is ensured for any option.

Operation of decryption key converter 19. After connecting the power supply, at the start of operation and when changing the slot, the decryption key generator 10 and the coding system byte generator are started. Then, the inverter control signals are set. As a result, the decryption key converter 19 transforms the slot decryption keys into control signals of the inverters located in the decryption LU 20.

The decryption LU 20 is intended to perform the decryption operation of encrypted bytes received from the memory 1 by renumbering them in accordance with the data recovery linganum for this slot, using the inverter control voltages in this slot. To implement this task, it is necessary to use circuits implementing the LF, previously considered using the example of expression (11). In terms of circuit design, the decryption LU 20 can be implemented on the logical elements "AND", "OR", "NOT" or on the FPGA.

Inverters I' _i,j,k , by means of which the required LF arguments are inverted according to the rules [12, 13], are controlled by signals V _i,j,k , generated by decryption key converters 19 in the preparatory mode on any slot. As a result of the preliminary setting, only the bits necessary for decrypting the data are inverted. In the operating mode, bytes of encrypted data (6) are fed to the inverter inputs.

The decryption LU 20 consists of the formers of the components F' _{1, j} ; F'_2,j;…;F' _8,j of each j-th byte (this is the product of bits, some of which can be inverted) and the adders of the specified components to obtain the set of decryption LF (F'₁;F'₂;…;F' ₈ ) for all values of j=1, …, g1 (for example, g1=256).

The essence of the operations of the decryption LU 20. The circuit of one of the possible variants of the implementation of the LF component generator consists of inverters I' _i,j,k , i = 1, ..., 8; j = 1, ..., g1 (for example, g1 = 256); k = 1, ..., 8 and binary signal multipliers (8 input "AND" elements for obtaining the product of eight bit values of each byte, some of which are inverted). In the data recovery mode, the values of the encrypted data received from the memory 1 are fed to the input of the LF component generators on any slot, which in this case are the input signals and arguments of the LF. The inverters, as in the case of encryption, have an input for control signals V _i,j,k (i is the index for changing the bits of the input bytes; j is the index of the variation of the input bytes; k is the index of the LF components). As a result, at the output of these circuits there are values of the components of the decryption function (F'_1,j;F'_2,j;…;F' _8,j ) for each slot.

To obtain a set of decryption LFs for any slot, these terms are summed over all possible values of the index j, which is implemented by component adders (OR circuits). Each of these circuits receives signals from the generators of these components, i.e., LF terms for different values of the index j. As a result, the components related to the same LF, but for different values of j, are summed on g1 - the input OR elements (for example, g1=256). After summing the components, a set of decryption LFs F'=(F'₁;F'₂;…;F' ₈ ) is generated, which in the operating mode correspond to the bits of the bytes (8) restored during decryption.

In the operating mode, at any slot, the control signals of the inverters V _i,j,k and encrypted data (6) are fed to the input of the decryption LU 20. In accordance with the decryption LF F', the operations of renumbering the encrypted L-bytes received from the memory 1 are implemented, as a result of which the data (8) is restored in its original form (X _out = X _in ).

The decoder circuits 5 can be implemented on logical elements or in the form of FPGA [13, 14, pp. 494, 534] or its variety. All implementation options provide the same technical result.

4.6 Control device

This device 6 is a generator of control signals for the following actions: operations of writing/reading encrypted data into the cells of the memory 1 or from them; the formation of pulses for starting the generator of codes of the ensemble 7. One of the possible variants of the implementation of the device 6 assumes the generation of the following signals: 1) pulses of the addresses of rows and columns of the memory unit ( m, n=1,2,… - signals for controlling the search through the numbers of rows and columns of the ZY matrix, into which L-data are entered byte by byte for storage in RAM 1 and their subsequent reading); 2) signals for setting the data recording/reading mode to/from RAM 1 (this signal is designated ). It controls the operation of writing encrypted data into the memory 1 and reading this data for its subsequent transmission to the restoring part of the UHPDShS (this occurs after the start of the operation of the decryption key converter 19 on each slot); 3) pulses for starting the code generator of the ensemble 7.

The device that generates the pulses for starting the ensemble code generator 7 is called the pulse former 17 (the pulses are fed to the first output of the control device 6). The device that creates the pulses for the row and column addresses and the signals for setting the modes is called the generator of addresses and modes 18 (the signals generated can be fed sequentially to the second output of the control device 6).

The address and mode generator 18 is standard. Writing, reading and control of these modes is carried out using bit buses connected to all ZYA. Signal generation possibly known methods and devices [12-14]. The device can operate in a self-oscillating mode, generating signals of such duration that determines the time intervals for recording and restoring data. The signal can be started, for example, manually by a switch connecting generator 18 to the power source. As a result, the process of data recovery related to the current slot begins. Generator 6 can be implemented as a storage device containing signals for starting intervals of writing and reading bytes from the memory block on all slots, and can be started simultaneously with all encryption and decryption keys. All options provide the same result. The address and mode signals are fed to the second input of memory 1 and are shown for simplicity in the diagram of Fig. 2 by a single line.

The input of the trigger pulse generator 17 is the input of the recording control device 6 and is connected to the output of the memory unit 1. The output of this generator 17 is a set of g1 outputs (for example, g1=256), which constitute the first output of the control device 6. When one of the possible bytes of L-data arrives from the memory unit 1, only at one of all these g1 outputs does a reaction signal (trigger pulse) appear, which is transmitted to output 1 of the control device 6 and then to the input of the ensemble code generator 7, which leads to the generation of the corresponding code or a signal based on this code.

The trigger pulse generator 17 implements the LF (14) and can be built, for example, on the logical elements "AND", "OR", "NOT" [12, 13]. The operating principle of the generator is similar to that used in the encoder 4 (one combination of input signals is transformed into another set of output values by using the LF). The trigger pulse generator 17 can be implemented as an FPGA [13, 14, pp. 494, 534] or on its variety or an FPGA variant that can be created in the future. All variants provide the same technical result.

In example (14), the LFs are the product of arguments that enter this product with or without inversion. Therefore, the trigger pulse generator circuit 17 must consist of g1 (for example, g1=256 - according to the number of LFs) eight input (according to the number of bits in the bytes of the input signals of this generator) multipliers, to which the input signals are transmitted directly or after inversion, depending on the value of the LF index n=1,…,g1. The connection of inverters to multipliers is performed during manufacturing and is constant; control signals are not required, unlike encryption and decryption operations.

Operation of control unit 6. Depending on the operating mode, the address and mode generator 18 generates pulses for writing, reading, and erasing bytes of memory unit 1. The bytes read from memory unit 1 are transformed into pulses for starting one of the ensemble codes. This is implemented by the start pulse generator 17. In the operating mode, various bytes of L-data from memory unit 1 are fed to its input. For example, if the first byte from the table in Fig. 6 is fed, then the first output will receive a start pulse (at other outputs - zero). In case of supplying the byte of the last row of the table in Fig. 6, we will receive a trigger pulse (other output signals are zeros) and so on. Each output of the trigger pulse generator is connected to the input of the corresponding ensemble code generator, which is part of the ensemble code generator 7. The trigger pulses allow the corresponding ensemble codes to be obtained and each byte of L-data from the memory 1 to be converted into a specific ensemble code from the form or a signal based on it.

4.7 Ensemble Code Generator

This device 7 is intended for the formation of ensemble codes or signals based on them with the same serial numbers from the form as the corresponding numerical values of the L-data bytes stored in the memory 1.

Generator 7 is a set of g ensemble code generators, which can be built on microcircuits [8, Fig. 3.11, p. 47 example for KB, p. 357] or in the form of devices on surface acoustic waves (SAW) [15, 17]. The sequence of alternating symbols in the codes (1) determines the geometric arrangement of the electrodes of the SAW converters in the specified devices. SAW devices allow the use of codes and signals based on them with coefficients (+1, -1) (1), which ensures high energy efficiency and microminiature size of the UHPDShS.

For the ensemble code generators there are individual inputs, which are collectively connected to the first output of the control device 6 (the number of such outputs is equal to the number of code generators g=g1, but for simplicity, one line at the output is shown in the diagram of Fig. 2). Accordingly, in the generator 7 there are g=g1 inputs. The outputs of the generator 7 generators are connected to the g-input adder, which combines the ensemble codes or signals based on them, then - the output of the code generator 7.

In the operating mode, one of the inputs of the code generator 7 shapers has a clock pulse for starting, transmitted from the first output of the control device 6, and there is no such pulse at all other inputs. Therefore, one of the shapers responds with a corresponding code (1), appearing at the output of the adder and the entire generator 7. As a result, each byte of data is assigned the required code of the ensemble or signal based on this code, presented in the form. The codes are transmitted via LS 2 for further conversion and data recovery operation.

SAW devices allow to immediately receive signals based on the selected ensemble codes. It is possible to first form the ensemble codes and then, using a modulator, generate signals based on the selected codes at the required carrier frequency suitable for a specific LS 2.

The code generator 7 can be implemented in the form of code and signal generators based on them and in the form of a carrier oscillation modulator for transmission over a communication channel, wherein these codes and signals are the modulating signals.

The same generator can be implemented as a memory device, in which all required signals are recorded and from which they can be extracted. These signals are output for the specified generator. The generator of codes of ensemble 7 can be implemented as an FPGA [13, 14, p. 494, 534] or its variety or a variant of an FPGA, which can be created in the future. Then the output signal is determined by the corresponding LF and control signals of each slot.

All implementation options provide the same technical result.

4.8 Receiving device

The receiving device (RD) 8 is intended for optimal (in the presence of noise) reception of ensemble codes or signals based on them, transmitted via LS 2. The optimal receiver is a set of matched filters (MF) or correlators [8, p. 26, 159]. Both options provide the same technical result. The option using MF is considered. Each of them is matched with one of the codes or signals formed by the ensemble code generator 7.

A possible version of the PU 8 circuit may consist of branches with parallel-connected inputs. Any branch includes a SF for one of the ensemble codes (1,2,…,g, for example g=256) from the form and a threshold device. The SFs in the branches are numbered in the same way as the codes themselves. The threshold device generates a signal when the output signal of the SF exceeds the set threshold value, which means that a code with a certain number from the form, matched with the SF of this branch, has arrived at the PU 8 input. These code recognition signals and PU 8 outputs are designated The output of each branch is one of the outputs of PU 8 (in Fig. 2 the outputs are shown for simplicity by a single line, there are g outputs in total, for example, g=256). For each byte of received data, one of the recognition signals is equal to, for example, "1", and all the others are equal to "0".

SF can be implemented on microcircuits [8, p. 48, Fig. 3.13, p. 366, Fig. 22.5] or on SAW devices [8, p. 357, Fig. 21], [15, 17]. The structure of interdigital SAW SF converters is associated with the alternation of "1" and "-1" in the codes of the ensemble (1).

The input of PU 8 is connected to LS 2 (Fig. 2), the outputs of PU 8 are connected to the inputs of data generator 9. During operation, an input signal from LS 2 (one of the possible codes (1) from the form or signals based on them) is fed to all parallel branches. At the output of the SF of the corresponding branch, the ACF signal of the code that was used to transmit the corresponding L-byte will be formed. The ACF is two areas of side peaks, between which there is a main peak with a high signal level. At all outputs of other SFs, there is a VCF signal, which can have several peaks, but the largest of them is always lower than the main peak of the ACF. It is necessary to use ensembles of codes with a low level of VCF peaks, which improves the quality of distinguishing one code from another, i.e., different symbols of the coding system. Then, in the threshold device, the signal received from the SF and the threshold level are compared. If it is exceeded, then a recognition pulse is formed ( for example, g=256) at the corresponding output of PU 8, which means acceptance of a specific form code (i.e. receipt of a very specific data symbol at the input due to the one-to-one correspondence of codes and bytes). All L-bytes are also accepted and distinguished.

A differential cascade circuit or a digital comparator can be used as a comparison device [13]. The threshold should be set above the level of the side peaks of the ACF and the largest value of W of all the VCF codes, but below the level of the main peak of the ACF of all codes in the ensemble. There should be a reaction only to the ACF peak, without a response to the VCF signals. As a result, in the operating mode, PU 8 distinguishes the codes of the form and then the received signals are transmitted to the data generator.

4.9 Data Generator

This device 9 is designed to convert codes received via LAN 2 in each slot into data bytes similar to those stored in memory 1. The operating option for any slot is presented, the slot index is omitted. The restored bytes and bits will be designated accordingly and if they work correctly, they are equal to the encrypted data X° _i,j , where i=1,…,8; j=1,2,…,g1 (for example, g1=256).

The composition of a possible variant of the scheme may include parallel branches, each of which consists of a byte former of the selected coding system. For example, the first branch consists of a former of the first byte with the numerical value zero, the second branch - of the second byte with the numerical value one, and so on up to the last 256th branch to form the 256th byte, corresponding to the number 255. The numerical values are presented in the binary system of calculation. Each branch is activated only by the recognition signal corresponding to this branch.

The input of the data generator 9 is the separate inputs of all branches, designated in Fig. 2 for simplicity by a single line. This input is connected to the output of the PU 8, from which the code recognition signals are received. The output of data generator 9 is connected to the second input of decoder 5, to which the recovered data bytes are transmitted. For simplicity of the circuit diagram in Fig. 2, the output of the data generator 9 is shown as a single line, along which all bits are transmitted. i=1,…,8; j=1,2… of each j -th recovered byte within one of the slots.

Data former 9 consists of g1 formers of all possible bytes, each of the byte formers is connected to the corresponding input of data former 9. Each byte former is a pulse sequence generator. The sequences consist of logical "1" or "0" and form sets of bits of each bytes of data restored after transmission over the communication line, j=1, 2, …, (the relationship between the index] and the set of bits of the bytes is presented in the tables of Figs. 3, 4). These generators can be implemented on elements of discrete circuitry, for example, on shift registers with taps [8]. Inverters are connected to the corresponding taps, which makes it possible to obtain the required combination of signals on the adder of signals from all taps. The data generator 9 can be a permanent memory device containing the values of all bytes, each of which is extracted when code recognition signals appear

In the operating mode, a code recognition signal is sent from PU 8 to one of the inputs of data generator 9, for example, the h-th. It starts the pulse generator of this branch, which forms one set of bits corresponding to the h-th byte of the recovered data. These bytes follow in the same order in which they were written into the memory 1. The recovered L-data have the same form as was at the output of the encoder 4, that is, i=1,…,8; j=1, 2… (6). Then the bytes are transmitted to the input of the decoder 5.

The data generator 9 can be implemented as a memory device containing all the required signals and from which they can be extracted by the corresponding input control signals. The data generator 9 can be implemented as a FPGA [13, 14, pp. 494, 534] or its variety or a FPGA variant that can be created in the future. The control signals supplied to the FPGA allow the necessary LFs to be implemented and the required byte sequences to be obtained. All implementation options provide the same technical result.

4.10 Decryption Key Generator

This generator 10 is intended to form signals corresponding to the decryption linganum (9) on any slot. Its signals represent a set of g1=g bytes, the numerical values of each of which correspond to the j-th element in expression (9), represented in the binary system (g, g1 - the number of codes in the ensemble and in the selected coding system).

Generator 10 can be implemented on discrete circuit elements, for example, on shift registers with taps [8]. Inverters are connected to the corresponding taps, which allows signals from all taps to be received on the adder, corresponding to the required numerical combination of bits (the necessary bytes of the decryption linganum). Generator 10 can be implemented as a storage device, in which all the required signals are recorded and from which they can be extracted.

The decryption key generator 10 can be implemented as a FPGA [13, 14, p. 494, 534] or its variety or a variant of FPGA that can be created in the future. Control signals supplied to the FPGA allow the implementation of the required LF for any slot, obtaining the required byte sequences. All implementation options provide the same technical result.

4.11 Slot programmer

This device 12 generates pulse signals, which are intended to determine the order of execution of actions and operating modes required to control the operation of the declared device. The programmer 12 contains a slot generator 22 and a synchronizer 23.

The blocking mode (until the end of the data reception/transmission time interval) can be implemented by shifting the encryption and decryption slots so that they do not intersect. This is possible by sending a pulse through one of the LS 12, 13 to pause the formation of one of the key types for a certain period of time. In another blocking option, keys consisting of identical values are sent.

In the operating mode, when the key generators are implemented as storage devices with encryption and decryption keys recorded in them, synchronizer 23 simultaneously generates start pulses at outputs 2 and 3, i.e. t ₀ = t' ₀ (Fig. 1). They are transmitted to outputs 1, 2 of slot programmer 12, then via LS 11, 13 they arrive at generators 3, 10 and simultaneously, synchronously, keys for the corresponding slots begin to be generated, the operations described earlier are implemented. Various FMS not included in the form can be used as control pulses. Signals for setting up reference coding systems for performing encryption and decryption are generated. Generator slot 22 generates keys for transmission to generators 3, 10.

The mode when the variation of encryption and decryption keys is suspended, i.e. the keys are fixed for a certain period, is also operational. This may be due to the need to transfer larger volumes of data, which requires a long-term slot. In this case, the operation of generators 3, 10 is suspended by sending the corresponding signals, but the control voltage and the states of the inverters in the encoder 4 and decoder 5 do not change.

Similarly, the mode of synchronization of the start of playback of the slot can be periodically implemented so that the encryption and decryption slots coincide in time. When the object on which the receiving part of the UHPDShS is installed moves, the required mode of synchronization of the slot is also implemented if necessary.

An operating variant is possible in which the key generators 3,10 are implemented in the form of, for example, registers with taps and inverters (p.4.3, 4.10, [8]). Then the slot generator 22 forms a sequence of code characters that are transmitted from the outputs 1, 2 of the programmer to the specified generators, which form the keys themselves.

Encryption and decryption keys may be in the form of repeating sets of keys defined for a limited set of slots.

Generator slot 22 and synchronizer 23 can be implemented on elements of discrete circuitry, FPGA, or in the form of a memory device (depending on the purpose and operating modes). All implementation options provide the same technical result.

5. Operation of the declared device

At the preparatory stage, for each slot, the control voltages of the inverters of the logical devices of the encoders and decoders are set based on the coding systems operating on the slot, and the control signals of the switch units and switches are set. In the operating mode, the input units are renumbered in accordance with the encryption keys and transmitted via the communication line to the receiving side of the declared device, where the decoding and restoration of the output signals identical to the input data is implemented.

Using texts as an example, we consider the operations of recording, storing and restoring data implemented on the given slots. We apply a version of the linganum of recording from the table in Fig. 5 for two single-word texts with the words yES and NOT. In the complete table of the coding system, the symbol "y" corresponds to the number 121 (the term code is used in [20]) with the ordinal number j=122. It follows from the table in Fig. 5 that the specified symbol is renumbered as the number 11. For the symbol "y" we have the correspondence 121→11. Similarly for other symbols: "E" - 69→169; "S" - 83→183; "N" - 78→178; "O" - 79→179; "T" - 84→184.

When restoring data using a randomly selected from all possible variants of the data recovery linganum (decryption codes), we will apply, for example, the one in which the values follow in ascending order (Fig. 5), without sorting. Encrypted symbols with values 121, 69, 83 will be decrypted as characters with values 11,169,183 (in numerical order, these are symbols 12,170, 184). It was noted that the number and index in the tables differ by one. As a result, instead of the text yES, the symbols will be obtained Letters with values 78, 79, 84 (text NOT) will be decoded as symbols with values 178, 179, 184 (in numerical order these are 179, 180, 185), that is [20]. Using a false linganum results in distorted data recovery. In the case of using the correct recovery linganum, as shown earlier (expression (13)), the data are reproduced without distortion.

Operation of the claimed device on any slot begins with the preparatory stage and the user setting the values of the recording linganum (4) (all bits of each of the g1 bytes) in the encryption key generator 3 (p.4.3). This allows, in the encryption key converter 14 included in the encoder 4, to determine the values of the inverter control signals U _i,j,k (i is the index of the numbering of the bits of the input bytes; j is the index of the variation of the input bytes; k is the index of the numbering of the components of the encryption LF), according to which the operating modes of the inverters (all bits of each byte and for all LFs) of the encryption LU 15 (p.4.4) are established. In the operating mode of recording and storing, data (5) are fed to the input of the encoder 4, which are encrypted (6) and written to the memory 1 (p.4.1).

Data recovery also begins with the user specifying in the decryption key generator 10 (p.4.10) the values of the recovery linganum (keys) (9) (all the bits of each of the g1 bytes, obtained previously as a result of the sorting operation (13)). At the preparatory stage in the decryption key converter 19, which is part of the decoder 5 (p.4.5), the values of the control signals for the decoder inverters V _i,j,k are determined (i is the bit index of each byte; j is the byte variation index; k is the LF component numbering index), according to which the operating modes of the inverters I' _{i,j, k} (all the bits of any byte, for each decryption LF) are set.

Next, in control device 6, mode setting signals are generated. to start reading data from memory 1 (p.4.6), the address pulse generator is started, controlling the reading of bytes from the RAM (p.4.1). The signals are sent to the second input of memory 1 from the second output of control device 6. After the end of reading, the process is completed until the next signal arrives which is intended to start the data recovery procedure at the output of the UHPDShS and can be created in various ways. For example, the required signal can be started manually by the user receiving the output data (by shifting the switch), manually by the UHPDShS administrator, or by using a mode signal generator operating in self-oscillating mode and setting the frequency of data recovery, for example, every minute, hour, day, etc.

After reading the data from the memory 1, the control device 6 (section 4.6) generates pulses for starting the ensemble code generator 7 (section 4.7), which make it possible to generate ensemble codes with the same serial numbers from the form as the corresponding numerical values of the L-data bytes stored in the memory 1. The received codes are sent to the LS 2 (from contact G to H, Fig. 2) and then to the input of the control unit 8 (section 4.8), which generates ensemble code recognition signals, which are then fed to one of the inputs of the data generator 9 (section 4.9). The generator reproduces the structure of the bytes stored in the memory 1 and redirects the bytes to the input of the decoder 5 (section 4.5). The encrypted data (6) are recreated in the decoder in its original form (8) and are sent to the output (Fig. 2). The data recovery operation is completed on each slot.

It should be noted that after the formation of the necessary control signals, the generators of encryption keys 3 and decryption keys 10 can be switched off. When the power supply of the entire UHPDShS is switched off, the inverter setup signals are not saved and without entering the encryption and decryption keys, it is impossible to use the claimed device in the operating mode (only Z-data are saved in the non-volatile memory 1), unauthorized access is excluded. The inverter settings can be reset by setting the encryption (decryption) keys, which are equal to the same value.

The 13 and 18 interface devices can operate on the USB standard or any other faster standard that may be created in the future.

6. Justification for achieving the technical result

The technical result, consisting in ensuring the energetically covert transmission of encrypted data to the user via LS 2, is ensured by transmitting ensemble codes at a level below the noise level (ρ ² << 1, where ρ ² is the ratio of the powers of the NPS and interference) [8]. The signal-to-noise ratio at the output of the SF or correlator at optimal reception is 2⋅B times greater than at the input [8, p. 6]. It is necessary to use ensemble codes with a base B >> 1 (codes with B = N = 30 are presented), since the larger the base, the greater the excess over noise and the higher the secrecy [8, p. 9]. In case of unauthorized access, it will be necessary to use special methods and devices to resolve the issue of whether any signals are transmitted or there is only noise [8, p. 6]. In addition, the use of a receiving device consisting of a set of SFs for each ensemble code allows for optimal detection and discrimination of signals in the presence of noise [8].

7. Security of the claimed device from unauthorized access

The number of linganum variants that can be used for encryption/decryption is determined by the number of permutations (g1)! on each slot. Unauthorized access can only be achieved by enumerating all possible variants of byte number conversion and selecting the version of the SPS, as well as analyzing the results obtained. For each variant, it is necessary to spend a time interval determined by the factorial function of g1 (for g1=256 this is a significant value) to establish the presence of informative significance in the obtained data (to determine whether they make sense), which requires a high-speed intelligent system, which increases the time costs. Statistical methods for finding decryption keys are not applicable in this case. For any set of decryption keys, output data will be obtained, they are correct only for a single set of decryption keys.

The slot durations must be less than the estimated time interval required to try all the options and perform unauthorized decryption, taking into account the available computing capabilities. Therefore, to achieve the required data security, it is always possible to select a sufficiently short slot duration. It has been proven that in the case where a one-time key is used for each message symbol (in our case, a block), the system is unbreakable (ideal) [3, p. 66]. However, it is also necessary to take into account the required time durations in specific cases when solving the entire problem of storing and transmitting data.

Preventing unauthorized access increases the security of information transfer from the source to the user. Encryption keys must be kept secret, updated frequently, and it is advisable to make the encryption and decryption key generators disconnectable from the power supply.

8. Some application options of the claimed device

1. To collect and transmit data about the far side of the Moon. The satellite, located above the invisible side of the Moon, receives data from sensors, video cameras and stores them in the memory. When flying over the visible side, the data in encrypted form, secretly, in the best possible way is transmitted to the repeater or to Earth. The slot duration is selected equal to the duration of a full revolution (half for collecting and transmitting data). For each revolution, keys are set that vary from slot to slot. The duration of all slots is selected equal to the maximum estimate of the satellite's operating time. Unlike correlation systems, data transmission is possible immediately after the satellite enters the visible part, which allows transmitting a larger volume of data. It is advisable to load the slots on Earth and synchronously launch them in the orbit of the Moon.

2. To collect and transmit data about a part of space from which it is impossible or undesirable (so as not to unmask the location) to transmit data to the user. For example, a mine, an underwater area, an anomalous part of land. Then the data is accumulated in the storage device, and then from the area of space from which data can be transmitted via the LAN (on the surface of the earth, above water, in a safe space), the encrypted data is secretly transmitted in an optimal way directly to the user or through a repeater. To conceal the coordinates of the transmission location, it is possible to place single-use or multiple-use chaotic signal transmitters at some distance from the data transmission location, which additionally masks the sending of useful signals. The keys can be recorded for the entire period of operation (years, until an updated version of the device appears).

If there is a risk of interception of the declared device, it is advisable to place some devices included in the receiving part directly at the data user. Without knowledge of the decryption keys, slot durations, and initial start-up time, it is difficult to reproduce data from the memory. At the same time, the legitimate user implements this thanks to the corresponding signals of the programmer. The possibility of blocking the declared device upon loss of control over it is indicated (p. 4.11).

3. The claimed device can be used in remote control systems for objects intended for movement and execution of required operations in various physical environments at a designated time. The objects can be, for example, robotic systems, aircraft and swimming apparatus.

When designing, it is convenient to measure the slot size in terms of the number of blocks (taking into account transient processes) that can be written (read) on each slot.

Contacts G and H (Fig. 2) can be connected directly (direct connection of the storage and recovery parts for data transfer after storage). Then the communication line 2 are the connecting conductors of the output of the final element of the ensemble code generator circuit 7 and the input conductors of the PU circuit 8.

9. Power supply, connectors

Power supply can be provided by stationary sources and small-sized batteries. The types of connectors depend on the connectors of the input and output data sources, the type of communication lines (USB-type connectors, plugs, high-frequency connectors with shielding and grounding).

Bibliographic list

1. Patent RU No. 2506633, "Data storage device"; IPC G06F 12/14, G11C 16/22, G06F 21/60; published 10.02.2014, Bulletin No. 4.

2. Patent RU No. 2326500, "Coherent system for transmitting information by chaotic signals"; IPC H04L 9/00; published 10.06.2008, Bulletin No. 16.

3. Romanets Yu.V., Timofeev P.A., Shan'gin V.F. Information security in computer systems and networks. - M.: Radio and communication, 2001. - 376 p.

4. Patent RU No. 2342697, "Portable data storage device with encryption system"; IPC G06F 12/14; published 27.12.2008, Bulletin No. 36.

5. Patent RU No. 2791560, "Data storage and transmission device with an encryption system"; SPK H04L 9/00 (2022.08); H04L 9/12 (2022.08); published 10.03.2023, Bull. No. 7.

6. Cheprukov Yu.V., Sokolov M.A. Synthesis of phase-shift keyed signals with the required level of side peaks of the ACF// Radio Engineering. 1991. No. 5. P. 68-70.

7. Cheprukov Yu.V., Sokolov M.A. Binary R2 codes, their characteristics and application// Information and control systems. 2014. No. 1. P. 76 - 82.

8. Varakin L.E. Communication systems with noise-like signals. - M.: Radio and communication, 1985. - 384 p.

9. Cheprukov Yu.V., Sokolov M.A. Correlation characteristics and application of some binary R3 codes // Information and control systems. 2014. No. 3. pp. 93-102.

10. Cheprukov Yu.V., Sokolov M.A. Correlation characteristics of some binary R4 codes and signal ensembles based on them // Information and control systems. 2014. No. 5. P. 87-96.

11. Cheprukov Yu.V. Synthesis of binary R-codes // Information and control systems. 2015. No. 1. P. 59-67.

12. Boyko V.I. et al. Circuitry of electronic systems. Digital devices. - SPb: BHV-Petersburg, 2004.-512 p.

13. Lekhin S.N. Computer circuitry. - SPb: BHV-Petersburg, 2010. - 672 p.

14. Ugryumov E.P. Digital circuit design. - St. Petersburg: BHV-Petersburg, 2004. - 800 p.

15. Electronics. Encyclopedic Dictionary. Edited by V.G. Kolesnikov, - M. Sov. Encyclopedia, 1991, - 688 p.

16. Olifer V.G., Olifer N.A. Computer networks. Principles, technologies, protocols. - St. Petersburg: Piter, 2002. - 672 p.

17. Bugaev A.S., Dmitriev V.F., Kulakov S.V. Devices on surface acoustic waves: textbook / A.S. Bugaev, V.F. Dmitriev, S.V. Kulakov. - St. Petersburg: GUAP, 2009. - 188 p.

18. https://www.booksite.ru/fulltext/1 /001 /008/045/201.htm, 03/28/2023.

19. https://www.booksite.rU/fulltext/1/001/008/084/692.htm, 03/28/2023.

20. https://www.industrialnets.ru/files/misc/ascii.pdf, 31.03.2023.

Claims (57)

1. A data storage and transmission device with a synchronized encryption system, comprising a storage device, a communication line, an encryption key generator, an encryptor, a decoder, a control device, an ensemble code generator, a receiving device, a data generator, a decryption key generator, wherein the first input of the encryptor is connected to the input of the entire device, the second input of the encryptor is connected to the output of the encryption key generator, the output of the encryptor is connected to the first input of the storage device, the second input of the storage device is connected to the second output of the control device, the input of the control device is connected to the output of the storage device, the first output of the control device is connected to the input of the ensemble code generator, the output of the ensemble code generator is connected to the input of the communication line, and the output of the communication line is connected to the input of the receiving device, the output of the receiving device is connected to the input of the data generator, the output of which is connected to the second input of the decoder, the output of the decoder is the output of the entire device, the first input of the decoder is connected to the output of the decryption key generator, in addition, the code generator forms a set g of pulse codes or signals based on them, satisfying such conditions that the level of the side peaks of the autocorrelation function of each of them does not exceed a positive number R, where R<u _m is the greatest value of the modulus of the autocorrelation functions of these codes or noise-like signals, and the level of the side peaks of the mutual correlation function of each code or noise-like signal based on them with all other (g-1) generated codes or signals also does not exceed a positive number W, where W<u _m , characterized by the fact that additionally introduced an encoder communication line, a decoder communication line, a slot programmer, wherein the input of the encoder communication line is connected to the first output of the slot programmer, the output of the encoder communication line is connected to the input of the encryption key generator, the input of the decoder communication line is connected to the second output of the slot programmer, the output of the decoder communication line is connected to the input of the decryption key generator, the encoder generates signals X° _j,d , j=1,2,…, d=1,2,…,D based on the conditions: "If" X _inj,d =0 "THEN" X° _j,d =L _1,d or "If" X _{in xj,d} =1 "THEN" X° _j,d =L _2,d or "If" X _вxj,d =2 "THEN" X° _j,d =L _3,d or... "If" X _{in xj,d} = (g1-1) "THEN" X° _j,d = L _g1,d , where j=1, 2,…, d=1, 2, …, D are byte numbering indices and slot; X _вхj,d - the value of the j-th byte of input data on the d-th slot; X° _j,d - the value of the j-th byte after encryption on the d-th slot; L _1,d ; L _2,d ; …, L _g1,d - sequence of encryption key values on the d-th slot; g1 is the number of symbols in the data coding system, where g1=g, the decoder generates signals X _{out j,d} , j=1,2,…, d=1,2,…, D based on the conditions; "If" X° _j,d =0 "THEN" X _outj,d =L' _1,d or "If" X° _j,d =1 "THEN" X _{off j,d} =L' _2,d or "If" X° _j,d =2 "THEN" X _{off j,d} =L' _3,d or … "If" X ⁰ _j,d =(g1-1) "THEN" X _outj,d =L' _g1,d , where j=1,2,…, d=1,2,…, D are byte numbering indices and slot; X° _j,d - the value of the j-th byte before decryption; X _outj,d - the value of the j-th byte of output data; L' _1,d , L'_2,d;…;L' _g1,d - sequence of decryption key values on the d-th slot; g1 is the number of symbols in the data coding system, the encryption key generator generates signals corresponding to the elements of the encryption key sequences for each slot: where j=1, 2,…, d=1,2,…, D are byte numbering indices and slot; g1 - the number of symbols in the data coding system; t _d =t _d-1 +Λ _d - end of the d-th slot of duration Λ _d , Λ _d ≥0; ψ=(Λ _d , d=1,2,…, D) is the sequence of encryption keys of slot durations, where each value of the sequence element is one of the positive integers from 0 to (g1-1), used in composing this sequence only once, The decryption key generator generates signals corresponding to the elements of the decryption key sequences for each slot: where j=1, 2, …, d=1,2,…, D are byte numbering indices and slot; g1 - the number of symbols in the data coding system; t' _d =t' _d-1 +Λ _d - the end of the d-th slot of duration Λ _d , Λ _d ≥0; ψ'=(Λ _d , d=1,2,…,D) is the sequence of encryption keys of slot durations, t' _D is the sum Λ _d of the durations of all D slots; t' ₀ , t' _D - the initial and final values of the first and last slot, together with this, the elements of the decryption key sequence are obtained so that the ordinal numbers jx of the elements of the encryption key sequence of each slot L(t)=L _i,j,d , i=1,…,8; j=1,2,…, g1 are decreased by one and change places with the values of the elements of this sequence, the ordinal numbers of this newly created numerical sequence are increased by one and the elements of the obtained sequence with their changed ordinal numbers are arranged in ascending order of these numbers. 2. The device according to item 1, characterized in that the encryptor comprises an encryption key converter, a logical encryption device and an encryption device interface, the input of the encryption key converter is connected to the second input of the encryptor, and the output of the encryption key converter is connected to the second input of the logical encryption device, the first input of the logical encryption device is connected to the output of the coupling device of the encryptor, the input of the coupling device of the encryptor is connected to the first input of the encryptor and the entire device, the output of the logical encryption device is connected to the output of the encryptor; the encoder is implemented on logical elements or programmable logic matrices; The coupling device of the encoder is made on passive elements, or on transistors, or on microcircuits, or in the form of a universal serial bus USB. 3. The device according to item 1, characterized in that the decoder comprises a decoder coupling device, a decryption key converter and a logical decryption device, the input of the decryption key converter is the first input of the decoder, the output of the decryption key converter is connected to the first input of the decryption logical device, the second input of the decryption logical device is the second input of the decoder, the output of the decryption logical device is connected to the input of the coupling device of the decoder, the output of which is connected to the output of the decoder and the entire device; the decoder is made on logical elements or programmable logic matrices; The decoder interface device is made on passive elements or on transistors or on microcircuits or as a universal serial bus USB. 4. The device according to item 1, characterized in that the control device contains an address and mode generator, a trigger pulse generator, the output of the address and mode generator is connected to the second output of the control device, the input of the trigger pulse generator is connected to the input of the control device, the output of the trigger pulse generator is connected to the first output of the control device; The trigger pulse generator is implemented on logical elements or programmable logic matrices. 5. The device according to claim 1, characterized in that the communication lines are a set of technical means such as a modulator, a transmitter, a receiver, a demodulator and a physical medium such as a gas or liquid or a solid or a vacuum; the communication line is a wired electrical communication line or a radio communication line, or a sound acoustic communication line, or a light optical communication line; communication lines are made in the form of conductors of circuit elements, or fiber-optic cable, or coaxial cable, or waveguide, or sound conductor, or twisted pair, or radio channel of terrestrial or satellite communication. 6. The device according to item 1, characterized in that the encryption key generator is implemented on discrete circuit elements or in the form of a storage device or on programmable logic matrices. 7. The device according to item 1, characterized in that the ensemble code generator is made in the form of devices on surface acoustic waves or elements of discrete circuitry or in the form of a memory device or on programmable logic matrices for direct transmission over a communication channel; the ensemble code generator is made in the form of devices for generating codes and signals based on them and in the form of a modulator of carrier oscillations for transmission over a communication channel, wherein these codes and signals are the modulating signals. 8. The device according to item 1, characterized in that the receiving device is designed in the form of a functional group of matched filters or correlators for each code of the ensemble code generator or each signal based on them. 9. The device according to item 1, characterized in that the data generator is implemented on discrete circuit elements or in the form of a storage device or on programmable logic matrices. 10. The device according to item 1, characterized in that the decryption key generator is implemented on discrete circuit elements or in the form of a storage device or on programmable logic matrices. 11. The device according to item 1, characterized in that the slot programmer contains a slot generator and a synchronizer, the first output of the synchronizer is connected to the input of the slot generator, the second output of the synchronizer is connected to the second output of the slot generator and to the second output of the slot programmer, the third output of the synchronizer is connected to the first output of the slot generator and to the first output of the slot programmer; The slot programmer is made on logical elements or programmable logic matrices or in the form of a storage device.