Crytographic key notarization methods and apparatus
First Claim
1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys such that the data encryptor and intended decryptor are positively identified, the method comprising the step of:
- encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.
1 Assignment
0 Petitions
Accused Products
Abstract
Cryptographic keys for a cryptographic function are notarized by encrypting the keys with the cryptographic function using a notarizing cryptographic key derived from identifier designations associated with the encryptor and intended decryptor, respectively, and an interchange key which is accessible only to authorized users of the cryptographic function. Preferably, the identity of a user of the cryptographic function is authenticated as a condition to access to an interchange key. Advantageously, authentication is accomplished by comparing a password designation supplied by the user with a prestored version thereof which has been notarized by having been encrypted with the cryptograpic function using a notarizing cryptographic key derived from the identifier designation of the corresponding authorized user and an interchange key. Signature properties similar to those provided by public key systems are provided for nonpublic keys by allowing a user to use a key for only encryption or decryption and not both. Preferably, this is attained through the use of user identifiers which are combined in predetermined combinations for data key notarization and notarized data key decryption in dependence on whether a key is to be used for encryption or decryption.
159 Citations
21 Claims
-
1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys such that the data encryptor and intended decryptor are positively identified, the method comprising the step of:
encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. A method for generating a cryptographic data key for controlling data encryption and decryption using a cryptographic function comprising the steps of:
-
encrypting an arbitrary initial value using the cryptographic function and a predetermined secret interchange key as the cryptographic key, combining the results of said encrypting step with the results of a previous encryption using the cryptographic function; and encrypting the results of said combining step using the cryptographic function and said interchange key as the cryptographic key to obtain the cryptographic data key. - View Dependent Claims (10, 11, 12)
-
-
13. Apparatus for generating a cryptographic data key for control of data encryption and decryption using a cryptographic function, said apparatus comprising:
-
means for performing the cryptographic function using a predetermined interchange key as the cryptographic key; means for producing a variable output connected to the data input of said performing means; means for logically combining the present output of said performing means with a previous output thereof; means responsive to said variable output producing means for connecting the output of said combining means to the data input of said performing means such that the combining means output is not fed to said performing means in the presence of the output of said variable output producing means, means for actuating said variable output producing means and said performing means such that said performing means first encrypts the output of said variable output producing means and then repetitively encrypts the output of said combining means for a predetermined number of encryptions, the output of said performing means resulting from a predetermined one of the repetitive encryptions constituting the cryptographic data key.
-
-
14. Cryptographic apparatus comprising:
-
means for performing a cryptographic function controlled by cryptographic keys, said performing means being selectively operable in an encrypt mode and in a decrypt mode; means for generating data keys for data encryption and decryption; means connected to said generating means for notarizing said data keys so as to identify the encrypting user generating a data key and the intended decrypting user of the encrypted data; and means connected to said performing means for loading data keys into said performing means as cryptographic keys such that only a data key generated by the user who is loading is operative when said performing means is being operated in said encrypt mode. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
Specification