An automobile door lock receiver module (30) and a plurality of keychain fob transmitter units (16) contain identification numbers, secret initial values, and secret feedback masks so as to authenticate encrypted messages from any of the assigned fobs, indicative of commands registered by closing switches on the fob. Each fob is synchronized with the receiving module by means of a truly random number concatenated with a secret initial value and encrypted, through a linear feedback shift register or other operations. A second secret initial value is encrypted and command bits are exclusive ORed into the low order bit positions; the two encrypted numbers are concatenated and encrypted to form a key word which is transmitted with the fob ID. synchronization includes decrypting to recover the truly random number and the secret initial value concatenated therewith; the truly random number is compared with previously received random numbers in order to avoid copying of recently transmitted synchronization commands. Successive lock-related commands utilize the number encrypted from the truly random number and the second secret initial value as starting values, employing a pseudorandom number of encryption iterations. A half-second delay between responses mitigates gaining access through numerical trials. An authenticated panic alarm command operates the headlights and horn of the vehicle but does not alter the synchronization.
|
1. A method of cryptographic authentication of transmissions from a transmitting unit to a receiving module, comprising, in said transmitting unit:
separately generating a plurality of pseudorandom numbers; concatenating said numbers to form a combined word; performing an encryption operation on said combined word; and transmitting a command word including a key portion derived from the result of said encryption operation; and comprising, in said receiving module: receiving said command word; performing a decryption operation on the key portion of said command word to recover said combined word; providing at least one number; and providing an authentication signal only if at least a portion of said at least one number is identical to a corresponding portion of said recovered combined word.
23. A method of cryptographically authenticating transmissions from any of a plurality of remote command transmitting units to a command performing receiving module, comprising:
providing a set of numbers in each of said transmitting units, each set corresponding to one of said transmitting units, each set including at least one secret initial value, each set essentially unique to the corresponding unit; providing in said receiving module, said set of numbers for each of said transmitters to which said receiving module is to respond; transmitting a command word from one of said transmitting units including a key portion derived at least in part from an encryption operation performed on said secret initial value; and authenticating said command word received at said receiving module utilizing the numbers in a corresponding set.
29. A method of synchronized cryptographic authentication of transmissions from a remote command transmitting unit to a command performing receiving module selectively responsive thereto comprising:
transmitting a command word including a key portion derived from at least one encrypted number generated in said transmitting unit and indicative of a command; receiving said command word and, in response thereto, comparing a number in said receiving module with a number decrypted from the key portion recovered from said command word, providing an authentication signal based at least in part on identity between said number in said receiving module and said number decrypted from the key portion recovered from said command word, selectively performing the command indicated thereby in response to said authentication signal; and rendering said receiving module unresponsive, following receipt of one command word, to receipt of an additional command word for a period of time on the order of one-half second, or more.
45. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:
providing a starting number in said transmitting unit and providing said starting number in said receiving module; in said transmitting unit: providing an iteration control signal which changes in a random manner in response to successive transmissions from said transmitting unit; performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal; transmitting a command word derived at least in part from the result of said encryption operation; and in said receiving module: receiving said command word; recovering the result of said encryption operation from said received command word; providing a second iteration control signal which changes, in the same random manner as said first iteration control signal, in response to successive receptions of command words by said receiving module; performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal; comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.
9. A method of cryptographically authenticating a transmission from a transmitting unit to a receiving module, comprising:
providing a starting number in said transmitting unit and providing said starting number in said receiving module; in said transmitting unit: providing an a first iteration control signal which changes in a pseudorandom manner in response to successive transmissions from said transmitting unit; performing a variable number of iterations of an iterative encryption operation on said starting number, said variable number determined by said iteration control signal; transmitting a command word derived at least in part from the result of said encryption operation; and in said receiving module receiving said command word; recovering the result of said encryption operation from said received command word; providing a second iteration control signal which changes, in the same pseudorandom manner as said first iteration control signal, in response to successive receptions of command words by said receiving module; performing a variable number of iterations of said iterative encryption operation on said starting number, said variable number determined by said second iteration control signal; comparing at least a portion of the result of said encryption operation performed in said receiving module with a corresponding portion of said recovered result; and providing an authentication signal only if said portion of said encryption operation performed in said receiving module is identical to said corresponding portion of said recovered result.
31. A method of selectively cryptographically authenticating transmissions, indicative of commands initiated by operating switches, from each of a plurality of transmitting units to a receiving module, comprising:
providing a set of numbers in each one of said transmitting units, each set corresponding to one of said transmitting units and identified by an identification number, each set including at least a pair of secret initial values; providing in said receiving module the one of said sets corresponding to each of said transmitting units to which said receiving module is to respond, the one of said sets having a first and second receiver secret initial value; in response to operation of said switches indicating a command other than a lock-related command in one of said transmitting units: providing a command bit; generating a random number; concatenating said random number with a first one of said secret initial values so as to provide a combined word; performing a first encryption operation on said combined word to provide a first number; performing a second encryption operation on a second one of said secret initial values to provide a second number; exclusive ORing a plurality of command bits indicative of said command with the corresponding bits of said second number to provide an altered word; performing a third encryption operation on the concatenation of said first number with said altered word to provide an encrypted key word; storing said first and second numbers as first and second pseudorandom numbers for future use in subsequent authentication; transmitting a command word including said encrypted key word, said command bit, and said identification number; in response to operation of said switches indicating a lock-related command in one of said transmitting units: performing a fourth encryption operation on said first number to provide a new first pseudorandom number; performing a fifth encryption operation on said second number to provide a new second pseudorandom number; exclusive ORing a plurality of command bits indicative of said lock-related command with the corresponding bits of said new second pseudorandom number to provide a new altered word; performing a sixth encryption operation on the concatenation of said new first pseudorandom number and said new altered word to provide a new encrypted key word; storing said new first and second pseudorandom numbers for future use in subsequent authentication in place of said first and second pseudorandom numbers; transmitting a command word including said new encrypted key word and said identification number; in said receiver, selectively, in response to receipt of said command word including said command bit: determining if said receiver has secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so: performing a first decryption operation on said key word portion of said received command word so as to recover said first number and said altered word; performing, on said recovered first number, a second decryption operation so as to recover said combined word, comparing said first receiver secret initial value to a corresponding portion of said recovered combined word and providing a first equal signal only in the event of identity therebetween; performing a seventh encryption operation on said second receiver secret initial value to provide said second number, comparing the non-command portion of said recovered altered word with the corresponding portion of said second number and providing a second equal signal only in response to identity therebetween; then, in response to the absence of either of said first and second equal signals, terminating all further response to said command word; or otherwise, in response to the presence of said first and second equal signals, comparing the random number portion of said recovered combined word to a random number portion derived from a command word previously received from said transmitter and, in response to identity therebetween, terminating all further response to said command word, but otherwise, (a) storing said random number portion for future use in subsequent synchronization operations and (b) storing said second number and said recovered first number, as first and second pseudorandom numbers for future use in subsequent authentication operations; in said receiver, selectively, in response to receipt of said command word not including said command bit: determining if said receiver has first and second receiver secret initial values related to the received identification number, and if not, terminating all response to said received word, but if so: performing a third decryption operation on the key word portion of said received command word, so as to recover said new first pseudorandom number and said new altered word; performing an eighth encryption operation on said first pseudorandom number receiver secret initial value to provide a first new receiver pseudorandom number, and comparing said first new receiver pseudorandom number to said recovered new receiver first pseudorandom number and providing a third equal signal in response to identity therebetween; performing a ninth encryption operation on said second pseudorandom number receiver secret initial value to provide a second new receiver pseudorandom number and comparing the non-command portion of said recovered new altered word to a corresponding portion of said second new receiver pseudorandom number and providing a fourth equal signal only in response to identity therebetween; then, in the absence of either of said third or fourth equal signals, terminating all further response to receipt of said command word, but in the presence of both of said third and fourth equal signals, exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said second new receiver pseudorandom number, performing the command indicated by the result thereof, and storing said first new receiver pseudorandom number and said second new receiver pseudorandom number for future use in subsequent authentication operations.
37. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto;
said transmitting unit comprising: a source of signals for providing first and second seed signals indicative of respective secret pseudorandom number generator initial values and first, second and third mask signals indicative of respective secret feedback masks, each mask defining a respective feedback polynomial for linear feedback shift register pseudorandom number generation, said initial values and said polynomials being essentially unique to said transmitting unit; command switches operable to indicate a physical effect which is to be caused by said receiving module; and first signal processing means responsive to selected operation of said switches indicative of a synchronization command for providing a random signal indicative of a variable random number, for performing a first linear feedback shift register pseudorandom number generation operation, on a combined number consisting of the initial value defined by said first seed signal concatenated with the random number defined by said random signal, a given number of iterations on the order of the degree of said fist polynomial, or more, using the mask defined by said first mask signal, said first polynomial having a degree on the order of the degree of said combined word, for performing a second linear feedback shift register pseudorandom number generation operation, on a second word consisting of the initial value defined by said second seed signal, a fixed number of iterations on the order of the degree of said second polynomial, or more, using the mask defined by said second mask signal, said second polynomial having a degree on the order of the degree of said second initial value, for exclusive ORing a plurality of command bits indicative of said synchronization command with a corresponding plurality of bits of the result of said second generation operation to form an altered word, for storing, for future use in authenticating subsequent transmissions to said receiving module, first and second pseudorandom numbers respectively indicative of the results of said first and second generation operations, for performing a third linear feedback shift register pseudorandom number generation operation, on a word consisting of said first pseudorandom number concatenated with said altered word, a predetermined number of iterations on the order of the degree of said third polynomial, or more, using the mask defined by said third mask signal said third polynomial having a degree on the order of the summation of the degrees of said first pseudorandom number and said altered word, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion and including a command bit indicative of said synchronization operation; said first signal processing means responsive to selected operation of said switches indicative of a lock-related command for performing a fourth linear feedback shift register pseudorandom number generation operation, on said first pseudorandom number, a first determined number of iterations, using the mask defined by said first mask signal, to provide a new first pseudorandom number, for performing a fifth linear feedback shift register pseudorandom number generation operation, an said second pseudorandom number, a second determined number of iterations, using the mask defined by said second mask signal, to provide a new second pseudorandom number, for exclusive ORing a plurality of command bits indicative of said lock-related command with a corresponding plurality of bits of said new second pseudorandom number to form a new altered word, for performing a sixth linear feedback shift register pseudorandom number generation operation, on a word consisting of said new first pseudorandom number concatenated with said new altered word, said predetermined number of iterations, using the mask defined by said third mask signal, for storing said new first and second pseudorandom numbers for future use in authenticating subsequent transmissions to said receiving module, and for transmitting, to said receiving module, a command word signal having the result of said third generation operation as a key portion; said receiving module comprising a signal source for providing third and fourth seed signals respectively indicative of said initial values and fourth, fifth and sixth mask signals respectively indicative of said masks; and second signal processing means for receiving said command word signal and responsive to said command word including said command bit, for performing a first reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, for performing a second reverse linear feedback shift register pseudorandom number generation operation, on a portion of the result of said first reverse generation operation corresponding to said combined word, said given number of iterations, using the mask defined by said fourth mask signal, for comparing said initial value defined by said third seed signal with an equivalent portion of the result of said second reverse generation operation and providing a first equal signal only if they are identical, for performing a seventh linear feedback shift register pseudorandom number generation operation on a word consisting of the initial value defined by said fourth seed signal, said fixed number of iterations, using the mask defined by said fifth mask signal, for comparing a portion of the result of said seventh generation operation, corresponding to the unaltered portion of said altered word, with a corresponding portion of the result of said first reverse generation operation and providing a second equal signal only if they are identical, in response to said first and second equal signals, for storing, for subsequent use, the random number portion of the result of said second reverse operation and for comparing said random number portion with a similar random number portion, previously stored for subsequent use in response to prior performances of said second reverse operation, and for selectively storing third and fourth pseudorandom numbers respectively indicative of the result of said second reverse operation and said seventh generation operation, for future use in subsequent authentication of transmissions from said transmitting unit, only if said compared random portions are not equal; said second signal processing means responsive to said command word signal not including said command bit for performing a third reverse linear feedback shift register pseudorandom number generation operation, on said key portion of said command word signal, said predetermined number of iterations, using the mask defined by said sixth mask signal, to recover said new first pseudorandom number and said new modified word, for performing an eighth linear feedback shift register pseudorandom number generation operation, on said third pseudorandom number, said first determined number of iterations, using the mask defined by said fourth mask signal, to provide a third new pseudorandom number with said third new pseudorandom number and generating a third equal signal only if they are identical, for performing a ninth linear feedback shift register pseudorandom number generation operation, on said fourth pseudorandom number, said second determined number of iterations, using the mask defined by said fifth mask signal, to provide a fourth new pseudorandom number, for comparing the non-command portion of said recovered new altered word with a corresponding portion of said fourth new pseudorandom number and providing a fourth equal signal only if they are identical, and, in response to said first and second equal signals, for storing for future use in subsequent authentication of transmissions from said transmitting unit, said new third and fourth pseudorandom numbers indicative of the results of said eighth and ninth generation operations, for exclusive ORing the command portion of said recovered new altered word with the corresponding portion of said fourth new pseudorandom number to recover said plurality of command bits and for performing said lock-related command.
2. A method according to
said step of providing at least one number comprises separately generating a second plurality of pseudorandom numbers; and said step of providing an authentication signal comprises providing said authentication signal only if at least a portion of each of said second plurality of pseudorandom numbers is identical to a corresponding portion of said recovered combined word.
3. A method according to
4. A method according to
5. A method according to
6. A method according to
7. A method according to
8. A method according to
10. A method according to
11. A method according to
12. A method according to
13. A method according to
the same secret initial value starting number is provided in said transmitting unit and in said receiving module; and said starting number is provided by performing said iterative encryption operation on a word derived at least in part from said secret initial value a number of iterations on the order of the degree of said word, or more.
14. A method according to
15. A method according to
providing a second starting number in said transmitting unit and providing said second starting number in said receiving module; in said transmitting unit: providing a third iteration control signal which changes in a pseudorandom fashion in response to successive transmissions from said transmitting unit; performing a changeable number of iterations of an iterative encryption process on said third second starting number, said changeable number determined by said third iteration control signal; transmitting said command word derived at least in part from the result of said encryption process; and in said receiving module: recovering the result of said encryption process from said received command word; providing a fourth iteration control signal which changes, in the same pseudorandom fashion as said third iteration control signal, in response to successive receptions of command words by said receiving module; performing a changeable number of iterations of said iterative encryption process on said starting number, said changeable number determined by said fourth iteration control signal; comparing at least a portion of the result of said encryption process performed in said receiving module with a corresponding portion of said recovered result of said encryption process; and providing an authentication signal only if said portion of said encryption process performed in said receiving module is identical to said corresponding portion of said recovered result of said encryption process.
16. A method according to
17. A method according to
18. A method according to
19. A method according to
20. A method according to
21. A method according to
22. A method according to
24. A method according to
said transmitting step comprises transmitting said command word including said identification number; and said authenticating step comprises performing a process to authenticate said received command word only in response to said command word containing an identification number which matches an identification number in one of the sets provided in said receiving module.
25. A method according to
26. A method according to
27. A method according to
30. The method according to
32. A method according to
33. A method according to
34. A method according to
35. A method according to
36. A method according to
38. A system according to
41. A system according to
42. A system according to
43. A system according to
44. A system according to
46. A method according to
47. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto,
the transmitting unit comprising a first signal generator for providing a plurality of number signals indicative of respective pseudorandom numbers; a signal processor for concatenating the plurality of number signals to form a combined word signal indicative of a combined word; an encrypter for encrypting the combined word signal to form an encrypted combined word signal; and transmission means for transmitting a command signal including a key portion derived from the encrypted combined word signal; and the receiving module comprising reception means for receiving the command signal; a decrypter for decrypting the key portion of the command signal to recover the combined word signal; a second signal generator for providing at least one number signal; and authentication means for providing an authentication signal only if at least a portion of said at least one number signal is identical to a corresponding portion of the recovered combined word signal. 48. A system according to said at least one number signal comprises a second plurality of number signals indicative of respective pseudorandom numbers; and the authentication means comprises means for providing an authentication signal only if at least a portion of each of the second plurality of number signals is identical to a corresponding portion of the recovered combined word signal. 49. A system according to claim 47 wherein the encrypter comprises means for performing a linear encryption operation. 50. A system according to claim 47 wherein the encrypter comprises means for performing a feedback shift operation. 51. A system according to claim 50 wherein the feedback shift operation is linear. 52. A system according to claim 51 wherein the linear feedback shift register operation employs a secret feedback mask. 53. A system according to claim 50 wherein the linear feedback shift register operation employs a secret feedback mask and the decrypter comprises means for performing a reverse CRC operation employing the same secret feedback mask as the CRC operation. 54. A system according to claim 53 wherein the linear feedback shift register operation comprises a number of iterations on the order of the degree of the combined word or more. 55. A cryptographically authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto, comprising means for providing a starting number signal in the transmitting unit and for providing the same starting number signal in the receiving module, the starting number signal indicative of a starting number; and comprising in the transmitting unit a first signal generator for providing a first iteration control signal which changes in a pseudorandom manner in response to successive transmissions from the transmitting unit; a first signal processor for iterating a variable number of times an iterative encryption operation on the starting number signal, the variable number determined by the first iteration control signal, and for providing a first resulting signal therefrom; transmission means for transmitting a command signal derived at least in part from the first resulting signal; and comprising in the receiving module: reception means for receiving the command signal; a signal conditioner for recovering the first resulting signal from the command signal; a second signal generator for providing a second iteration control signal which changes in the same pseudorandom manner as the first iteration control signal in response to successive receptions of command signals by the receiving module; a second signal processor for iterating a variable number of times an iterative encryption operation on the starting number signal, the variable number determined by the second iteration control signal, and for providing a second resulting signal therefrom; comparison means for comparing at least a portion of the first resulting signal with a corresponding portion of the second resulting signal; and authentication means for providing an authentication signal only if the portion of the first resulting signal is identical to the corresponding
portion of the second resulting signal. 56. A system according to claim 55 wherein the iterative encryption operation comprises a linear iterative encryption operation. 57. A system according to claim 55 wherein the iterative encryption operation comprises a feedback shift register operation. 58. A system according to claim 57 wherein the feedback shift register operation is linear. 59. A system according to claim 58 wherein the linear feedback shift register operation employs a secret feedback mask. 60. A system according to claim 59 wherein the linear feedback shift register operation employs the same secret feedback mask in the transmitting unit as in the receiving module. 61. A system according to claim 55 further comprising means for providing a secret initial value signal in the transmitting unit and the same secret initial value signal in the receiving unit; and further wherein the starting number signal is indicative of a word derived at least in part from the secret initial value signal, and is formed at least in part from a number of iterations of an iterative encryption operation on the order of the degree of the word. 62. A system according to claim 55 wherein the variable number is a fraction of the degree of the starting number. 63. A system according to claim 55 comprising: means for providing a second starting number signal in the transmitting unit and for providing the same second starting number signal in the receiving module, the starting number signal indicative of a starting number; and comprising in the transmitting unit a third signal generator for providing a third iteration control signal which changes in a pseudorandom fashion in response to successive transmissions from the transmitting unit; a third signal processor for iterating a changeable number of times an iterative encryption process on the second starting number signal, the changeable number determined by the third iteration control signal, and for providing a third resulting signal therefrom; transmission means for transmitting the command signal derived at least in part from the third resulting signal; and comprising in the receiving module fourth signal conditioning means for recovering the third resulting signal from the command signal; a fourth signal generator for providing a fourth iteration control signal which changes in the same pseudorandom fashion as the third iteration control signal, in response to successive receptions of command signals by the receiving module; a fourth signal processor for iterating a changeable number of times an iterative encryption operation on the starting number signal, the variable number determined by the fourth iteration control signal, and for providing a fourth resulting signal therefrom; comparison means for comparing at least a portion of the third resulting signal with a corresponding protion of the fourth resulting signal; and authentication means for providing an authentication signal only if the portion of the third resulting signal is identical to the corresponding portion of the fourth resulting signal. 64. A system according to claim 63 wherein the variable number is different from the changeable number. 65. A system according to claim 63 wherein the pseudorandom manner is different from the pseudorandom fashion. 66. A system according to claim 65 wherein the iterative encryption operation is the same as the iterative encryption process. 67. A system according to claim 55 wherein the iteration control signal changes in response to the value of a bit position of a changing number. 68. A system according to claim 67 wherein the changing number is the starting number. 69. A system according to claim 55 wherein the iteration control signal changes in response to the value of a plurality of bit positions of a changing number. 70. A system according to claim 69 wherein the changing number is the starting number. 71. A cryptographically authenticated remote control system in which any of a plurality of command transmitting units selectively causes a physical effect in a command receiving module rendered responsive thereto, comprising: transmitter memory for storing a set of numbers in each of the transmitting units, each set corresponding to one of the transmitting units, each set including at least one secret initial value, each set essentially unique to the corresponding unit; receiver memory for storing in the receiving module the set of numbers for each of the transmitters to which the receiving module is to respond; transmission means for transmitting to the receiving module from one of the transmitting units a command word including a key portion derived at least in part from an encryption operation performed on the secret initial value; and authentication means for authenticating the command word received at the receiving module utilizing the numbers in a corresponding set. 72. A system according to claim 71 wherein each set includes an identification number and the command word includes the identification number; and comprising authentication means for authenticating the command word received at the receiving modules utilizing the numbers in a corresponding set only in response to the command word containing an identification number which matches an identification number in one of the sets disposed in the receiving module. 73. A system according to claim 72 wherein the receiving module further comprises selection means for performing an authentication process using successive ones of the sets which have an identification number that matches the identification number included in the received command word until either authentication occurs or all of the sets have been used. 74. A system according to claim 71 wherein the receiving module further comprises selection means for performing an authentication process on the key portion using successive ones of the sets until either authentication occurs or all of the sets have been used. 75. A system according to claim 71 wherein each set includes at least one corresponding secret feedback mask, and the encryption operation comprises a feedback shift register pseudorandom number generation operation using the secret feedback mask. 76. A system according to claim 75 wherein the feedback shift register operation is linear. 77. A synchronized cryptographic authenticated remote control system in which a command transmitting unit selectively causes a physical effect in a command receiving module rendered responsive thereto comprising: transmission means for transmitting a command word including a key portion derived from at least one encrypted number generated in the transmitting unit and indicative of a command; reception means for receiving the command word and, in response thereto, for comparing a number in the receiving module with a number decrypted from the key portion recovered from the command word; authentication means for providing an authentication signal based at least in part on identity between the number in the receiving module and the number decrypted from the key portion recovered from the command word and for selectively performing the command indicated thereby in response to the authentication signal; and deactivation means for rendering the receiving module unresponsive, following receipt of one command word, to receipt of an additional command word for a period of time on the order of one-half second, or more. 78. A system according to claim 77 wherein the period of time commences on the conclusion of receipt of one of the command words. 79. An authentication system for generating an authentication signal upon the identity between two signals comprising first and second nonvolatile memory; a starting number stored in each of first and second nonvolatile memory; a first signal generator for providing a first iteration control signal which changes in a pseudorandom manner in response to successive operations of the authentication system; a first signal processor coupled to the first nonvolatile memory for iterating a variable number of times an iterative encryption operation on the starting number, the variable number determined by the first iteration control signal, and for providing a first resulting signal therefrom; reception means for receiving the first resulting signal; a second signal generator for providing a second iteration control signal which changes in a pseudorandom manner in response to successive receptions of the first resulting signal; a second signal processor coupled to the second nonvolatile memory for iterating a variable number of times an iterative encryption operation on the starting number, the variable number determined by the second iteration control signal, and for providing a second resulting signal therefrom; comparison means for comparing at least a portion of the first resulting signal with a portion of the second resulting signal; and authentication means for providing an authentication signal only if the portion of the first resulting signal is identical to the corresponding portion of the second resulting signal. 80. A system according to claim 79 wherein the iterative encryption operation comprises a linear iterative encryption operation. 81. A system according to claim 79 wherein the iterative encryption operation comprises a feedback shift register operation. 82. A system according to claim 81 wherein the feedback shift register operation is linear. 83. A system according to claim 82 wherein the linear feedback shift register operation employs a secret feedback mask. 84. A system according to claim 83 wherein the linear feedback shift register operation employs the same secret feedback mask in the transmitting unit as in the receiving module. 85. A system according to claim 79 further comprising means for providing a secret initial value signal in the transmitting unit and the same secret initial value signal in the receiving unit; and further wherein the starting number signal is indicative of a word derived at least in part from the secret initial value signal, and is formed at least in part from a number of iterations of an iterative encryption operation on the order of the degree of the word. 86. A system according to claim 79 wherein the variable number is a fraction of the degree of the starting number. 87. A remote control lock system comprising a transmitter having a first pseudorandom number generator for generating a first pseudorandom number, and a second pseudorandom number generator for generating a second pseudorandom number; a first signal processor for concatenating the first and second pseudorandom numbers to form a combined word; a plurality of command switches indicative of respective lock commands; a second signal processor responsive to the plurality of command switches for generating a combined signal derived at least in part from the combined word and indicative of a lock command; and transmission means for transmitting the combined signal to a receiver responsive thereto; and a receiver having recovery means for recovering the combined word and the lock command from the combined signal; a third pseudorandom number generator for generating a third pseudorandom number and a fourth pseudorandom number generator for generating a fourth pseudorandom number; a third signal processor for concatenating the third and fourth pseudorandom numbers to form an authentication word; and comparison means for comparing the combined word and the authentication word, for generating an authentication signal in response to identity therebetween, and for authorizing the performance of the lock command upon the generation of the authentication signal. 88. The system of claim 87 in which the first, second, third, and fourth pseudorandom number generators employ a feedback shift register. 89. A remote control lock system comprising a transmitter and a receiver, the transmitter comprising at least one transmitter register having a plurality of bit positions indicative of binary states, wherein the binary state of at least one of the bit positions determines the number of iterations of an iterative encryption algorithm performed on the contents of the transmitter register. 90. The system of claim 89 wherein the receiver comprises at least one receiver register having a plurality of bit positions indicative of binary states, wherein the binary state of at least one of the bit positions determines the number of iterations of an iterative encryption algorithm performed on the contents of the receiver register; and comparison means for comparing the contents of a number derived at least in part from the contents of the transmitter register with a number derived at least in part from the contents of the receiver register to provide an authentication signal upon identity therebetween. 91. The system of claim 90 wherein the iterative encryption algorithm is a feedback shift register algorithm. 92. The system of claim 91 wherein the feedback shift resister algorithm is linear. 93. The system of claim 92 comprising command switches on the transmitter indicative of a plurality of lock related commands; a signal processor responsive to the command switches for concatenating any one of the lock related commands with a number derived at least in part from the contents of the transmitter register; and the comparison means comprising means for communicating a signal representative the lock related command from the transmitter to the receiver, and authorization means for authorizing performance of the lock related command on the condition that at least a portion of the contents of the transmitter register is identical to a corresponding portion of the contents of the receiver register. |
This invention relates to pseudorandom numbers and cryptographically encoded transmissions, such as the type involved with an automobile key chain fob transmitter which opens the automobile door locks or trunk in response to transmissions from the fob.
The art of encoding transmissions so that the transmissions may be authenticated at a receiving module must meet criteria for technical viability (security) as well as low cost and convenience. The cost and convenience criteria result in an inability to use any encoding with polynomials of excessive degree (such as binary numbers of hundreds of bits). Furthermore, cryptographic processing must require less than one second for acceptability by the user. Cost and weight constraints can limit the size and sophistication of a microprocessor or other signal processing equipment used in the system.
An example of such a system is disclosed in commonly owned U.S. Pat. No. 5,191,610 to Hill and Finn. That system utilizes linear feedback shift register pseudorandom number generation having the same seed number and the same, fixed feedback mask in the receiver as in the transmitter. The number of iterations of linear feedback shift register pseudorandom number generation are counted in both the receiver and the transmitter, there being one additional iteration each time that a command is sent. Should the receiver not recognize one of the transmissions (because the transmitter was inadvertently activated at a great distance from the receiver, or otherwise), the receiver is allowed a moderate number of catch-up iterations in which it attempts to match the received transmission. Should that fail, the transmitter tells the receiver how many iterations from the seed it should perform in order to recreate a new current pseudorandom number in order to resynchronize the receiver to the transmitter pseudorandom number.
The aforementioned system requires that a receiver and a transmitter be wired or loaded with a binary feedback mask at the factory and sold as a pair. It also precludes matching a replacement transmitter with an existing receiver without the involvement of dealership personnel, which could compromise security. The pseudorandom number generators of the Hill and Finn patent use one iteration per encrypted message. This saves time but results in a certain level of correlation between successive samples, so that the samples are less random-like. In other pseudorandom number applications, the speed advantage of the aforementioned system could be useful but for the inherent correlation.
Any such system, except one that uses a truly random number of infinite degree, can be compromised either by analysis of a succession of intercepted signals, or by a brute force, exhaustive numerical trial approach which simply tries every number possible as the authentication word (the code or key).
Coded keypads used for unlocking vehicles have inherent security features. The generation of the code word by pressing keys can be shielded from view, and is certainly not capable of being determined beyond a line of sight. Furthermore, there would be great risk for an intruder entering every possible number into a keypad in an attempt to replicate the code (unless, of course, the automobile were parked in an unobservable area, such as a private or otherwise vacant garage). Thus, the keypad cannot be breached by analysis, and is not likely to be breached by numerical trial.
In contrast, lock systems which employ remote transmissions are enormously subject to security tampering because the surveillance of the transmissions may be carried out in another vehicle, without attracting any attention whatsoever. Therefore, it is possible to record many transmissions to a given vehicle, such as in a reserved workplace parking space (which commonly contains expensive cars), as well as providing an unobservable opportunity to attempt the breach of a security system (or even several systems at one time) by broadcasting huge volumes of random numbers, in parking lots where vehicles remain for long periods of time, such as at airports.
Whenever a transmitter is newly assigned to be used with an existing receiver, it is not sufficient to allow the new fob to identify itself and become authorized, without limiting that activity to a time when there is authorized access to the receiver through other than the transmitter itself (that is, within the vehicle itself). Thus, access to the vehicle by means of a traditional key or the like assures the safety of matching a newly assigned transmitter to an existing receiver. In the case of loss of synchronization between the transmitter and the receiver, simply allowing the receiver to synchronize to a particular pseudorandom number provided thereto by the transmitter makes it too easy for a surreptitious breach of security based on the analysis of a few transmissions, and synchronizing thereafter to one of the previous transmissions, utilizing numbers expected to be successful based upon analysis. Mere obfuscation of the resynchronizing code could be compromised by analysis of successful resynchronizations, and determination of the obfuscation function. The danger is not just that a single car might be broken into, but that a sophisticated capability might be developed and thereafter utilized extensively to breach the security of a large number of automobiles of a similar type.
Objects of the invention include provision of an improved remote operating system, the security of which is extremely difficult to breach by analysis, in which analysis of transmitted signals provides essentially no assistance in reducing the amount of numbers required for a numerical trial breach of security, and in which numerical trial breach of security requires, at a minimum, a prohibitively long time, rendering the vehicle essentially secure to brute force numerical trial attack, and which is useful only on a per vehicle basis. Other objects include rapid pseudorandom number generation with minimal correlation.
This invention is predicated on our observation that introducing non-linearities into the Galois field operation of linear feedback shift register pseudorandom numbers can render a code very difficult to breach by or with aid from numerical analysis. The invention is further predicated on the fact that time constraints on authentication can render the numerical trial approach essentially useless. The invention is predicated in part on the reversibility characteristic of the well-known exclusive OR operation, and on the reversibility of encryption such as encryption involving linear feedback shift register operations.
According to the present invention, an encryption, such as a linear feedback shift register pseudorandom number generation operation, is performed on a word comprising a pair of concatenated, independently generated numbers, which may themselves be encrypted (such as pseudorandom numbers) and the result transmitted to a receiving module where a decryption, such as a reverse pseudorandom number generation operation, recovers the concatenated numbers for cryptographic authentication. In accordance further with the invention, the encryption and decryption are performed with a secret mask essentially unique to the transmitter. According further to the invention, an encrypted number, such as a pseudorandom number, used for cryptographic authentication contains command bits exclusive ORed into at least a portion thereof.
According to the invention, a number utilized in authentication of command transmissions is generated by an iterative encryption process, such as a linear feedback shift register pseudorandom number generation operation, which has a variable number of iterations per authentication, the number varying in response to a pseudorandom event. According further to the invention, a pair of pseudorandom the art that the foregoing and various other changes, omissions and additions may be made therein and thereto, without departing from the spirit and scope of the invention.
Finn, Alan M., Koopman, Jr., Philip J.
Patent | Priority | Assignee | Title |
6438432, | Aug 24 1996 | Robert Bosch GmbH | Process for the protection of stored program controls from overwriting |
6580908, | Jul 16 1997 | Generic number cellular telephone | |
6617961, | Nov 15 1999 | Strattec Security Corporation | Security system for a vehicle and method of operating same |
6823070, | Mar 28 2000 | SHENZHEN XINGUODU TECHNOLOGY CO , LTD | Method for key escrow in a communication system and apparatus therefor |
7003111, | Oct 11 2001 | TWITTER, INC | Method, system, and program, for encoding and decoding input data |
7113592, | Jun 05 1996 | Deutsche Telekom AG | Method and device for loading input data into a program when performing an authentication |
7228471, | Jun 14 2004 | Malikie Innovations Limited | System and method for testing a data storage device without revealing memory content |
7500160, | Jun 14 2004 | Malikie Innovations Limited | System and method for testing a data storage device without revealing memory content |
7634699, | Jun 14 2004 | Malikie Innovations Limited | System and method for testing a data storage device without revealing memory content |
7743409, | Jul 08 2005 | SanDisk Technologies, Inc | Methods used in a mass storage device with automated credentials loading |
7748031, | Jul 08 2005 | SanDisk Technologies, Inc | Mass storage device with automated credentials loading |
7865440, | Oct 11 2001 | International Business Machines Corporation | Method, system, and program for securely providing keys to encode and decode data in a storage cartridge |
7934049, | Sep 14 2005 | SanDisk Technologies LLC | Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory |
8085245, | Oct 11 2005 | Delta Electronics, Inc. | Display device, keypad thereof and method for activating display device |
8108691, | Feb 07 2005 | SanDisk Technologies LLC | Methods used in a secure memory card with life cycle phases |
8220039, | Jul 08 2005 | SanDisk Technologies LLC | Mass storage device with automated credentials loading |
8321686, | Feb 07 2005 | SanDisk Technologies LLC | Secure memory card with life cycle phases |
8416951, | Apr 10 2006 | France Telecom | Method and a device for generating a pseudorandom string |
8423788, | Feb 07 2005 | SanDisk Technologies LLC | Secure memory card with life cycle phases |
8423794, | Dec 28 2006 | SanDisk Technologies LLC | Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications |
8861725, | Jul 10 2012 | Infineon Technologies AG | Random bit stream generator with enhanced backward secrecy |
8879733, | Jul 10 2012 | Infineon Technologies AG | Random bit stream generator with guaranteed minimum period |
8966284, | Sep 14 2005 | SanDisk Technologies, Inc | Hardware driver integrity check of memory card controller firmware |
9317720, | Oct 11 2001 | International Business Machines Corporation | Method, system, and program for securely providing keys to encode and decode data in a storage cartridge |
Patent | Priority | Assignee | Title |
3622991, | |||
3654604, | |||
3665162, | |||
4133974, | Nov 05 1976 | Datotek, Inc. | System for locally enciphering prime data |
4319273, | Oct 26 1979 | L-3 Communications Corporation | Television signal with encoded synchronizing signals |
4322577, | Dec 21 1977 | Cryptosystem | |
4418275, | Dec 07 1979 | NCR Corporation | Data hashing method and apparatus |
4424414, | May 01 1978 | Board of Trustees of the Leland Stanford Junior University | Exponentiation cryptographic apparatus and method |
4435826, | Sep 05 1980 | Hitachi, Ltd. | Frame synchronizer |
4509093, | Sep 07 1982 | HULSBECK & FURST GMBH & CO KG | Electronic locking device having key and lock parts interacting via electrical pulses |
4595985, | Aug 25 1982 | Omron Tateisi Electronics Co. | Electronic cash register |
4596985, | Nov 27 1982 | KIEKERT AKTIENGESELLSCHAFT A JOINT-STOCK COMPANY | Radio-controlled lock method with automatic code change |
4612413, | Jul 29 1983 | De La Rue Cartes et Systemes SAS | Authentication system between a card reader and a pay card exchanging data |
4613980, | Sep 04 1984 | Conoco Inc. | System for high accuracy remote decoding |
4630201, | Feb 14 1984 | International Security Note & Computer Corporation; INTERNATIONAL SECURITY NOTE AND COMPUTER CORPORATION 33 AVENIDA FEDERICO BOYD, APARTADO 951 PANAMA CITY,PANAMA | On-line and off-line transaction security system using a code generated from a transaction parameter and a random number |
4654480, | Nov 26 1985 | MAGNALINK COMMUNICATIONS CORPORATION, A DE CORP | Method and apparatus for synchronizing encrypting and decrypting systems |
4667301, | Jun 13 1983 | Control Data Corporation | Generator for pseudo-random numbers |
4691291, | Sep 23 1985 | RTPC CORPORATION; TM PATENTS, L P | Random sequence generators |
4733215, | Nov 13 1985 | Delta Elettronica S.p.A. | Remote control apparatus for a property protection device |
4734680, | Feb 06 1986 | Emhart Industries, Inc. | Detection system with randomized transmissions |
4736419, | Dec 24 1984 | American Telephone and Telegraph Company, AT&T Bell Laboratories | Electronic lock system |
4758835, | Aug 21 1985 | VDO Adolf Schindling AG | System for the locking and/or unlocking of a security device |
4771463, | Dec 05 1986 | SIEMENS TRANSMISSION SYSTEMS, INC , A CORP OF DE | Digital scrambling without error multiplication |
4797921, | Nov 13 1984 | Hitachi, Ltd. | System for enciphering or deciphering data |
4800590, | Jan 14 1985 | HIGGINS, WILLIS E | Computer key and computer lock system |
4825210, | Aug 21 1986 | SIEMENS AKTIENGESELLSCHAFT, A GERMANY CORP ; BAYERISCHE MOTORENWERKE AKTIENGESELLSCHAFT, A GERMAN CORP | Electronic locking system having a lock and a method for re-synchronization |
4847614, | Oct 29 1986 | Wilhelm Ruf Kg | Electronic remote control means, especially for centrally controlled locking systems in motor vehicles |
4853884, | Sep 11 1987 | Motorola, Inc. | Random number generator with digital feedback |
4853962, | Dec 07 1987 | DEUTSCHE BANK AG NEW YORK BRANCH | Encryption system |
4870682, | Feb 25 1987 | HOUSEHOLD DATA SERVICES HDS , A CORP OF VA | Television scrambling system |
4876718, | Mar 12 1987 | Zenith Electronics Corporation | Secure data packet transmission system and method |
4881148, | May 21 1987 | TRW INC , A CORP OF OH | Remote control system for door locks |
4892098, | Jun 26 1985 | LSI Solutions, Inc | Tubular tissue welding device without moving parts |
4905176, | Oct 28 1988 | International Business Machines Corporation | Random number generator circuit |
4912463, | Aug 09 1988 | Princeton Technology Corporation | Remote control apparatus |
4928098, | Mar 30 1984 | Siemens Aktiengesellschaft | Method for code protection using an electronic key |
4942393, | May 27 1988 | QUINTRAS FOUNDATION AG L L C | Passive keyless entry system |
4980108, | Feb 29 1988 | Teijin Limited | Process for forming a polyurethane coated biaxially oriented polyester film |
5001754, | Feb 01 1990 | The Trustees of Princeton University | Encryption system and method |
5007016, | Dec 21 1987 | SOCIETE ANONYME DITE : COMPAGNIE GENERALE D ELECTRICITE | Fractal-type periodic temporal signal generator |
5048086, | Jul 16 1990 | Hughes Electronics Corporation | Encryption system based on chaos theory |
5054067, | Feb 21 1990 | GENERAL INSTRUMENT CORPORATION GIC-4 | Block-cipher cryptographic device based upon a pseudorandom nonlinear sequence generator |
5055701, | Aug 16 1988 | Nissan Motor Company, Limited | Operator responsive keyless entry system with variable random codes |
5060265, | Jul 23 1990 | Motorola, Inc. | Method of protecting a linear feedback shift register (LFSR) output signal |
5103221, | Dec 06 1988 | DELTA ELETTRONICA S P A , A COMPANY OF ITALY | Remote-control security system and method of operating the same |
5105162, | Jun 20 1991 | Lear Automotive Dearborn, Inc | Electrically tuned RF receiver, apparatus and method therefor |
5109152, | Jul 13 1988 | Matsushita Electric Industrial Co., Ltd. | Communication apparatus |
5113441, | Apr 21 1989 | Pioneer Electronics Corporation | Method for scrambling a television signal and method and apparatus for descrambling a scrambled television signal |
5115236, | Nov 18 1987 | U S PHILIPS CORPORATION, A DE CORP | Remote control system using a wake up signal |
5136642, | Jun 01 1990 | Kabushiki Kaisha Toshiba | Cryptographic communication method and cryptographic communication device |
5144667, | Dec 20 1990 | Delphi Technologies, Inc | Method of secure remote access |
5146215, | Sep 08 1987 | VIPER BORROWER CORPORATION, INC ; VIPER HOLDINGS CORPORATION; VIPER ACQUISITION CORPORATION; DEI SALES, INC ; DEI HOLDINGS, INC ; DEI INTERNATIONAL, INC ; DEI HEADQUARTERS, INC ; POLK HOLDING CORP ; Polk Audio, Inc; BOOM MOVEMENT, LLC; Definitive Technology, LLC; DIRECTED, LLC | Electronically programmable remote control for vehicle security system |
5161190, | Sep 10 1987 | Computer Security Corp.; COMPUTER SECURITY CORPORATION, A CORP OF DE | System for encryption and identification |
5179592, | Sep 30 1988 | NEC Corporation | Data scrambler and descrambler capable of preventing continuous bit zeros or ones |
5191610, | Feb 28 1992 | Lear Automotive Dearborn, Inc | Remote operating system having secure communication of encoded messages and automatic re-synchronization |
5195136, | Sep 30 1991 | MOTOROLA SOLUTIONS, INC | Method and apparatus for data encryption or decryption |
5220606, | Feb 10 1992 | Cryptographic system and method | |
5220616, | Feb 27 1991 | INDEPENDENCE MANZANAR LLC | Image processing |
5222141, | Mar 25 1992 | Motorola Mobility, Inc | Apparatus and method for encoding data |
5224161, | May 06 1988 | Laboratoir Europeen de Recherches Electroniques Avancees, Societe en Nom | Method of scrambling and of unscrambling composite video signals, and device for implementation |
5231667, | Dec 10 1990 | Sony Corporation | Scrambling/descrambling circuit |
5241598, | May 22 1991 | Ericsson, Inc | Rolling key resynchronization in cellular verification and validation system |
5243650, | Mar 23 1990 | Televerket | Method and apparatus for encryption/decryption of digital multisound in television |
5243653, | May 22 1992 | Motorola Mobility, Inc | Method and apparatus for maintaining continuous synchronous encryption and decryption in a wireless communication system throughout a hand-off |
5272755, | Jun 28 1991 | Matsushita Electric Industrial Co., Ltd.; MATSUSHITA ELECTRIC INDUSTRIAL CO , LTD A CORP OF JAPAN | Public key cryptosystem with an elliptic curve |
5276738, | Dec 17 1992 | Bull HN Information Systems Inc.; BULL HN INFORMATION SYSTEMS INC | Software data protection mechanism |
5280267, | Jul 01 1991 | Passive action antitheft device | |
5313491, | Dec 31 1992 | GTE Government Systems Corporation | Acquisition method for DSSS communications |
5313530, | Mar 05 1991 | CANON KABUSHIKI KAISHA, A CORP OF JAPAN | Calculating apparatus and method of encrypting/decrypting communication data by using the same |
5317639, | Oct 04 1989 | Northrop Grumman Systems Corporation | Non-linear block substitution devices derived by constructive corruption |
5319364, | May 27 1988 | Delphi Technologies, Inc; LECTRON PRODUCTS, INC | Passive keyless entry system |
5319710, | Aug 22 1986 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method and means for combining and managing personal verification and message authentication encrytions for network transmission |
5365225, | May 18 1989 | Siemens Aktiengesellschaft | Transmitter-receiver system with (re-)initialization |
5369706, | Nov 05 1993 | LEAR CORPORATION EEDS AND INTERIORS | Resynchronizing transmitters to receivers for secure vehicle entry using cryptography or rolling code |
5377270, | Jun 30 1993 | LEAR CORPORATION EEDS AND INTERIORS | Cryptographic authentication of transmitted messages using pseudorandom numbers |
5398284, | Nov 05 1993 | LEAR CORPORATION EEDS AND INTERIORS | Cryptographic encoding process |
5412379, | May 27 1988 | QUINTRAS FOUNDATION AG L L C | Rolling code for a keyless entry system |
5420925, | Mar 03 1994 | Delphi Technologies, Inc | Rolling code encryption process for remote keyless entry system |
5434806, | May 12 1992 | Telefonaktiebolaget LM Ericsson | Apparatus and method for random number generation |
5436901, | Dec 21 1992 | Otis Elevator Company | Synchronous time division multiplexing using jam-based frame synchronization |
5442341, | Apr 10 1992 | TRW Inc. | Remote control security system |
5479511, | Nov 05 1991 | Thomson Consumer Electronics S.A. | Method, sender apparatus and receiver apparatus for modulo operation |
5511124, | Jul 20 1989 | SIEMENS AKTIENGESELLSCHAFT, MUNICH, A GERMAN CORP | Cryptographic equipment |
5517189, | Dec 21 1990 | Siemens Aktiengesellschaft | Closure system with adjustable sensitivity |
5528230, | Jan 06 1992 | SAMSUNG ELECTRONICS CO , LTD | Remote control transmitter/receiver system |
5554977, | Jan 07 1993 | FORD GLOBAL TECHNOLOGIES, INC A MICHIGAN CORPORATION | Remote controlled security system |
5555303, | Sep 14 1993 | Secure transaction system and method utilized therein | |
5563600, | Jun 30 1993 | CODE SYSTEMS, INC | Data transmission for remote-controlled security system |
5588058, | Mar 31 1993 | U S PHILIPS CORPORATION | Method and device for scrambling and descrambling of a specific television broadcast |
5598476, | Apr 20 1995 | LEAR CORPORATION EEDS AND INTERIORS | Random clock composition-based cryptographic authentication process and locking system |
5604488, | Apr 10 1992 | TRW Inc. | Remote control security system |
5619475, | Mar 30 1994 | Schlumberger Technology Corportion | Method of predicting mechanical failure in formation utilizing stress derivatives which measure formation nonlinearity |
DE3225754, | |||
EP304733, | |||
GB2144564, | |||
RE33189, | May 09 1988 | Comsat Corporation | Security system for SSTV encryption |
Date | Maintenance Fee Events |
May 07 2002 | M184: Payment of Maintenance Fee, 8th Year, Large Entity. |
Jun 20 2002 | ASPN: Payor Number Assigned. |
May 08 2006 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Apr 06 2002 | 4 years fee payment window open |
Oct 06 2002 | 6 months grace period start (w surcharge) |
Apr 06 2003 | patent expiry (for year 4) |
Apr 06 2005 | 2 years to revive unintentionally abandoned end. (for year 4) |
Apr 06 2006 | 8 years fee payment window open |
Oct 06 2006 | 6 months grace period start (w surcharge) |
Apr 06 2007 | patent expiry (for year 8) |
Apr 06 2009 | 2 years to revive unintentionally abandoned end. (for year 8) |
Apr 06 2010 | 12 years fee payment window open |
Oct 06 2010 | 6 months grace period start (w surcharge) |
Apr 06 2011 | patent expiry (for year 12) |
Apr 06 2013 | 2 years to revive unintentionally abandoned end. (for year 12) |