Embedded cryptographic system

US 20020116624A1
Filed: 01/28/2002
Published: 08/22/2002
Est. Priority Date: 02/16/2001
Status: Abandoned Application

First Claim

Patent Images

1. A cryptographic system (1) comprising first cryptographic algorithm means (2) for enabling cryptographic operations, input/output means (3, 4) for receiving input streams and sending output streams wherein said input streams are transformed to said output streams by said cryptographic operations, at least one test plaintext P_iand for each test plaintext P_ia corresponding test ciphertext C_i, receiving means (5) for receiving a control stream which is including at least one apoptosis key K_i, checking means (6) for checking whether said at least one test ciphertext C_iis the enciphered image of the corresponding test plaintext P_iunder the cryptographic operation of said first cryptographic algorithm means (2) when using said apoptosis key K_i, switching means (7) for stopping said cryptographic operations with said first cryptographic algorithm means (2), wherein said stopping by said switching means (7) is triggered by said checking means (6).

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embedded cryptographic system comprises at least one test plaintext/ciphertext pair P_i, C_ifor which the key has been destroyed or stored at a very safe place. If at some later date, at least one apoptosis key K_iis presented to the cryptographic system which has the property that C_iis the enciphered image of P_iunder K_i,then the algorithm could be broken and should not be used any more. Instead a more conservative algorithm should be used. The method for changing the ciphering by an embedded cryptographic system includes the step of checking whether at least one test ciphertext C_iis the enciphered image of a corresponding test plaintext P_iunder a apoptosis key K_iand the step of switching off the used cryptographic mode or the step of switching to an other cryptographic mode in case of a positive checking result. In order to enable the step of checking a protocol has to define a control stream with at least one key to be checked. The checking will be done as soon as such a control stream is received by the cryptographic system. The advantage of this solution is the fact, that there is no need for controlling respectively trusting the manufacturer or a security service. The embedded cryptographic system can receive the key or a collection of keys {K_i} from anywhere.

Citations

13 Claims

1. A cryptographic system (1) comprising first cryptographic algorithm means (2) for enabling cryptographic operations, input/output means (3, 4) for receiving input streams and sending output streams wherein said input streams are transformed to said output streams by said cryptographic operations, at least one test plaintext P_iand for each test plaintext P_ia corresponding test ciphertext C_i, receiving means (5) for receiving a control stream which is including at least one apoptosis key K_i, checking means (6) for checking whether said at least one test ciphertext C_iis the enciphered image of the corresponding test plaintext P_iunder the cryptographic operation of said first cryptographic algorithm means (2) when using said apoptosis key K_i, switching means (7) for stopping said cryptographic operations with said first cryptographic algorithm means (2), wherein said stopping by said switching means (7) is triggered by said checking means (6).
- View Dependent Claims (2, 3, 4)
- - 2. System as claimed in claim 1, wherein said cryptographic system (1) includes at least one second cryptographic algorithm means (8) wherein said switching means (7) enables switching to said at least one second cryptographic algorithm means (8).
  - 3. System as claimed in claim 1, wherein said receiving means (5) is made for accepting control streams which include at least one plaintext P_i, for each plaintext P_ia corresponding ciphertext C_iand a corresponding apoptosis key K_iand said checking means (6) is made for trying to find a test plaintext P_iand a test ciphertext C_iequal to said received plaintext P_i, wherein said checking is done with said apoptosis key of said equal test plaintext P_iand said equal test ciphertext C_i.
  - 4. System as claimed in claim 1 further comprising a cascaded list of different cryptographic algorithm means.

5. A method for creating a cryptographic system (1) for carrying out cryptographic operations characterized by the steps of implementing within said cryptographic system (1) a first cryptographic algorithm enabling said cryptographic operations, selecting at least one test plaintext P_iand enciphering each test plaintext P_iwith said first cryptographic algorithm and with a corresponding apoptosis key K_ithereby generating a corresponding test ciphertext C_ifor each test plaintext P_i, implementing within said cryptographic system (1) said at least one test plaintext P_iand for each test plaintext P_isaid corresponding test ciphertext C_i, implementing within said cryptographic system (1) receiving means (5) for receiving a control stream which is including at least one apoptosis key K_i, implementing within said cryptographic system (1) checking means (6) for checking whether said at least one test ciphertext C_iis the enciphered image of the corresponding test plaintext P_iunder said first cryptographic algorithm when using said apoptosis key K_i, implementing within said cryptographic system (1) switching means (7) for stopping said cryptographic operations with said first cryptographic algorithm, wherein said stopping by said switching means (7) is triggered by said checking means (6).
- View Dependent Claims (6, 7)
- - 6. Method as claimed in claim 5, further comprising the step of implementing within said cryptographic system (1) at least one second cryptographic algorithm for said ciphering operations, and switching by said switching means (7) to said at least one second cryptographic algorithm.
  - 7. Method as claimed in claim 5, further comprising the step of publishing said at least one test plaintext P_iand for each test plaintext P_isaid corresponding test ciphertext C_i.

8. A method for operating a cryptographic system (1) for carrying out cryptographic operations characterized by the steps of providing a first cryptographic algorithm for enabling said cryptographic operations, receiving input streams and sending output streams wherein said input streams are transformed to said output streams by said cryptographic operations, receiving a control stream which is including at least one apoptosis key K_i, checking whether a test ciphertext C_iis the enciphered image of a corresponding test plaintext P_iunder said first cryptographic algorithm when using said apoptosis key K_i, stopping said cryptographic operations with said first cryptographic algorithm, if said test ciphertext C_iis the enciphered image of said corresponding test plaintext P_iunder said first cryptographic algorithm when using said apoptosis key K_i.
- View Dependent Claims (9, 10, 12, 13)
- - 9. Method as claimed in claim 8, further comprising the step of switching to one of said second cryptographic algorithms for said cryptographic operations after said stopping.
  - 10. Method as claimed in claim 8, wherein said receiving of a control stream includes for each apoptosis key K_ireceiving of a plaintext P_iand a corresponding ciphertext C_i, and said checking includes trying to find a test plaintext P_iand a test ciphertext C_iequal to said received plaintext P_i, and said received ciphertext C_iwherein said checking is done with said apoptosis key of said equal test plaintext P_iand said equal test ciphertext C_i.
  - 12. Computer software product as claimed in claim 10, wherein said instructions, when read by a computer, enable the computer to perform at least a second cryptographic algorithm and switch to said at least one second cryptographic algorithms for said cryptographic operations after said stopping.
  - 13. Computer program comprising program code means for performing the steps of any of the claims 8 to 10 when said program is run on a computer.

11. A computer software product for operating a cryptographic system (1) for carrying out cryptographic operations, said product is characterized by a computer-readable medium in which program instructions are stored, which instructions, when read by a computer, enable the computer to perform a first cryptographic algorithm that is enabling said cryptographic operations, receive input streams and send output streams wherein said input streams are transformed to said output streams by said cryptographic operations, receive a control stream which is including at least one apoptosis key K_i, check whether a test ciphertext C_iis the enciphered image of a corresponding test plaintext P_iunder said first cryptographic algorithm when using said apoptosis key K_i, stop said cryptographic operations with said first cryptographic algorithm, if said test ciphertext C_iis the enciphered image of said corresponding test plaintext P_iunder said first cryptographic algorithm when using said apoptosis key K_i.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Riordan, James F., Alessandri, Dominique

Application Number

US10/058,661
Publication Number

US 20020116624A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

H04L 9/0637 Modes of operation, e.g. ci...

H04L 9/16 the keys or algorithms bein...

Embedded cryptographic system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Embedded cryptographic system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links