FIELD: calculating; counting.
SUBSTANCE: invention relates to computer engineering. Disclosed is a method of providing transmission of encrypted data with change of encryption keys and imitation protection in a digital data transmission system comprising at least one computer sending security messages in form of a sequence of digital data frames through a data network and configured to generate data frames comprising a data field, 1-bit serving field B and a frame simulating field, encrypt frames, calculate simulate for frames; at least one computer receiving protected messages through a data transmission network and configured to decrypt frames, inspect imitation for frames; selecting number N > 0 of data frames encrypted on one key; selecting number K > 0 keys for encryption of data frames; (A) generating, on a computer sending security messages, and on a computer receiving secure messages, identical lists of encryption keys, the number of keys in which is K, wherein each key is associated with its serial number starting from 0; zeroing the value K1 of the used key on the computer sending the protected messages; zeroing the value K2 of the used key on the computer receiving the protected messages; zeroing, on the computer sending security messages, the number D of encrypted on this key frames; (B) processing the next data frame on the computer sending the protected messages, for this: on the computer sending the protected messages, comparing N to D, if D = N, then increasing the value K1 by 1, zeroing D; otherwise increase D by 1; on computer, sending protected messages, forming next data frame, recording in service field B minor bit of binary representation of value K1; data frame is encrypted on key with number K1 and simulation imitator is calculated on key with number K1; recording simulation imprint in frame imitation field; sending a frame to computers receiving protected messages; if K1 < K-1 or D is not N, then proceed to step B; if K1 = K-1 and D = N, then, if necessary, proceed to step A; (B) on each of computers receiving protected messages performing incoming data frames processing: receiving next frame; comparing the value B of the received frame with the value of the low-order bit of the binary representation of the value K2, if they are equal, then decoding the data frame using the key with the number K2 and checking the simulated value using the key number K2; if the message authentication code does not match, the frame is deleted; if message authentication code coincided, then sending frame of data for the purpose; if value B of received frame is not equal to value of least significant bit of binary representation of value K2, then calculating T = K2 + 1; if T = K, deleting frame; decrypting the data frame using the key with number T and checking imitation by key T, if message authentication code does not match, then frame is deleted; if message authentication code coincided, then assigning K2 = T, sending frame of data to destination; if necessary, proceed to stage B.
EFFECT: technical result is reduction of service data volume, which need to be transmitted to provide decryption of data and authentication of messages.
1 cl
Authors
Dates
2020-03-31—Published
2019-04-05—Filed