Crytographic key notarization methods and apparatus

US 4,386,233 A
Filed: 09/29/1980
Issued: 05/31/1983
Est. Priority Date: 09/29/1980
Status: Expired due to Term

First Claim

Patent Images

1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys such that the data encryptor and intended decryptor are positively identified, the method comprising the step of:

encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic keys for a cryptographic function are notarized by encrypting the keys with the cryptographic function using a notarizing cryptographic key derived from identifier designations associated with the encryptor and intended decryptor, respectively, and an interchange key which is accessible only to authorized users of the cryptographic function. Preferably, the identity of a user of the cryptographic function is authenticated as a condition to access to an interchange key. Advantageously, authentication is accomplished by comparing a password designation supplied by the user with a prestored version thereof which has been notarized by having been encrypted with the cryptograpic function using a notarizing cryptographic key derived from the identifier designation of the corresponding authorized user and an interchange key. Signature properties similar to those provided by public key systems are provided for nonpublic keys by allowing a user to use a key for only encryption or decryption and not both. Preferably, this is attained through the use of user identifiers which are combined in predetermined combinations for data key notarization and notarized data key decryption in dependence on whether a key is to be used for encryption or decryption.

159 Citations

21 Claims

1. A method for notarizing a cryptographic key used in the encryption and decryption of data with a cryptographic function controlled by cryptographic keys such that the data encryptor and intended decryptor are positively identified, the method comprising the step of:
- encrypting the cryptographic key with the cryptographic function using a notarizing key, derived from an identifier designation associated with the encryptor, an identifier designation associated with the intended decryptor, and an interchange key which is accessible only to authorized users of the cryptographic function, as the key encrypting cryptographic key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising the step of:
    - authenticating the identity of the encryptor as a condition to the encryptor obtaining access to said interchange key.
  - 3. The method of claim 2 wherein said authenticating step comprises the step of comparing a password designation supplied by the encryptor with a prestored version thereof which has been notarized by having been encrypted with the cryptographic function using a further notarizing key, derived from said identifier designation of the encryptor and an interchange key which is accessible only to authorized users of the cryptographic function, as the password encrypting cryptographic key.
  - 4. The method of claim 3 wherein the interchange key used for notarizing cryptographic keys and the interchange key used for notarizing passwords are the same.
  - 5. The method of claim 3 wherein said password notarizing key is derived by concatenating the binary equivalent of the encryptor'"'"'s identifier designation with itself and logically combining the concatenated result with the interchange key.
  - 6. The method of claim 1 wherein said cryptographic key notarizing key is derived by concatenating the binary equivalent of the encryptor'"'"'s identifier designation with the binary equivalent of the decryptor'"'"'s identifier designation as an ordered pair and logically combining the concatenated result with the interchange key.
  - 7. The method of claim 5 or 6 wherein the concatenated result is exclusive-or'"'"'ed with the interchange key.
  - 8. The method of claim 7 wherein the DES function constitutes the cryptographic function;
    - the binary equivalents of the encryptor'"'"'s and decryptor'"'"'s identifier designations have a combined bit length of less than 57 bits;
      
      the interchange keys comprise 56 pseudorandomly generated bits and 8 parity bits determined by a parity formula; and
      
      the 56 bits of the concatenated result are exclusive-or'"'"'ed with the 56 pseudorandom bits of the interchange key and the 8 parity bits are set in accordance with the parity formula.

9. A method for generating a cryptographic data key for controlling data encryption and decryption using a cryptographic function comprising the steps of:
- encrypting an arbitrary initial value using the cryptographic function and a predetermined secret interchange key as the cryptographic key,combining the results of said encrypting step with the results of a previous encryption using the cryptographic function; and
  
  encrypting the results of said combining step using the cryptographic function and said interchange key as the cryptographic key to obtain the cryptographic data key.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9 further comprising the steps of:
    - combining the results of the first of said encrypting steps with the results of the second of said encrypting steps; and
      
      encrypting the results of the second of said combining steps using the cryptographic function and said interchange key as the cryptographic key to obtain said results of a previous encryption for use when the first of said combining steps is next performed.
  - 11. The method of claim 9 or 10 wherein the instantaneous value of a function generator constitutes said initial value.
  - 12. The method of claim 11 wherein a date-time generator constitues said function generator.

13. Apparatus for generating a cryptographic data key for control of data encryption and decryption using a cryptographic function, said apparatus comprising:
- means for performing the cryptographic function using a predetermined interchange key as the cryptographic key;
  
  means for producing a variable output connected to the data input of said performing means;
  
  means for logically combining the present output of said performing means with a previous output thereof;
  
  means responsive to said variable output producing means for connecting the output of said combining means to the data input of said performing means such that the combining means output is not fed to said performing means in the presence of the output of said variable output producing means,means for actuating said variable output producing means and said performing means such that said performing means first encrypts the output of said variable output producing means and then repetitively encrypts the output of said combining means for a predetermined number of encryptions, the output of said performing means resulting from a predetermined one of the repetitive encryptions constituting the cryptographic data key.

14. Cryptographic apparatus comprising:
- means for performing a cryptographic function controlled by cryptographic keys, said performing means being selectively operable in an encrypt mode and in a decrypt mode;
  
  means for generating data keys for data encryption and decryption;
  
  means connected to said generating means for notarizing said data keys so as to identify the encrypting user generating a data key and the intended decrypting user of the encrypted data; and
  
  means connected to said performing means for loading data keys into said performing means as cryptographic keys such that only a data key generated by the user who is loading is operative when said performing means is being operated in said encrypt mode.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The cryptographic apparatus of claim 14 wherein said notarizing means comprises means for encrypting said data keys with said performing means using a notarizing key as the cryptographic key, said notarizing key being derived from a first combination of identifier designations corresponding to the generating user and intended decrypting user, respectively, arranged in an ordered pair.
  - 16. The cryptographic apparatus of claim 15 wherein said loading means comprises means for decrypting said notarized keys with said performing means using as the cryptographic key a decrypting key derived from a second combination of identifier designations formed by the user'"'"'s identifier designation and a second identifier designation supplied by the user arranged with respect to each other in a predetermined order in dependence on the mode in which said performing means is being operated, said order being such that when said performing means is being operated in said encrypt mode the user'"'"'s identifier designation has the same relative ordered position with respect to said second identifier designation as the generating user'"'"'s identifier designation has with respect to the intended decrypting user'"'"'s identifier designation in said first combination.
  - 17. The cryptographic apparatus of claim 15 or 16 further comprising means for authenticating the identity of the user and for controlling the operation of at least one of said other means such that only authorized users can encrypt and decrypt data.
  - 18. The cryptographic apparatus of claim 17 wherein said authenticating means comprises means for comparing a password designation supplied by a user with prestored versions of password designations for predetermined authorized users which have been notarized by having been encrypted with said performing means using a further notarizing key, derived from an identifier designation of the corresponding authorized user and an interchange key associated with said performing means, as the cryptographic key.
  - 19. The cryptographic apparatus of claim 18 further comprising means connected to said means for encrypting data keys and to said means for decrypting notarized keys for combining said first and second combinations, respectively, with said interchange key to derive said notarizing keys and said decrypting keys, respectively.
  - 20. The cryptographic apparatus of claim 16 further comprising means for selecting the operating mode of said performing means, and means responsive to said mode selecting means connected to said decrypting means for determining the order of identifier designations in said second combination.
  - 21. The cryptographic apparatus of claim 20 wherein said loading means comprises first and second storage means and means responsive to said mode selecting means connecting the inputs of said first and second storage means to said decrypting means and the outputs of said first and second storage means to said cryptographic key input of said performing means such that the output of said decrypting means is stored in said first storage means and the output of said first storage means is fed to said performing means when data is being encrypted, and the output of said decrypting means is stored in said second storage means and the output of said second storage means is fed to said performing means when data is being decrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Commerce United States of America As Represented By The Secretary of
Original Assignee
Commerce United States of America As Represented By The Secretary of
Inventors
Branstad, Dennis K., Smid, Miles E.
Primary Examiner(s)
Cangialosi, Sal

Application Number

US06/192,129
Time in Patent Office

974 Days
Field of Search

178/22.07, 178/22.08, 178/22.11, 178/22.13, 178/22.14
US Class Current

380/281
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/71   to assure secure computing ...

H04L 2209/12   Details relating to cryptog...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

Crytographic key notarization methods and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

159 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Crytographic key notarization methods and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links