Controlled use of cryptographic keys via generating station established control values

US 4,850,017 A
Filed: 05/29/1987
Issued: 07/18/1989
Est. Priority Date: 05/29/1987
Status: Expired due to Term

First Claim

Patent Images

1. A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations by transmitting said cryptographic key with a control value specifying the use of said cryptographic key from the generating station which generates the cryptographic key to at least two designated using stations one of which may be the generating station, each of said generating and using stations having a cryptographic facility which securely stores a master key, said method comprising the steps of:

storing in a data base at a generating station a plurality of encrypted secret transport keys unique to each of said using stations and indexed by identifications of said using stations, said encrypted secret transport keys being encrypted under a variant of said master key;

generating a command for the generation and distribution of a cryptographic key with a controlled use to at least two designated using stations in said network; and

in response to said command, generating a random key in said cryptographic facility of the generating station as said cryptographic key;

accessing the encrypted secret transport keys for the designated using stations using the identification for the using stations;

decrypting in said cryptographic facility of the generating station the accessed secret transport keys for the designated using stations using said variant of said master key;

combining in said cryptographic facility of the generating station the decrypted secret transport keys with the generated cryptographic key to produce a combined function f₁ for each designated using station;

reading a control value for said cryptographic key for each said designated using station;

combining in said cryptographic facility of the generating station the generated cryptographic key with said control value for each said designated using station to produce a combined function f₂ ;

transmitting said combined functions f₁ and f₂ for each said designated using station to the corresponding designated using stations;

storing said encrypted secret transport key at a designated using station indexed by the identification of said using station;

requesting a cryptographic operation requiring the use of the cryptographic key generated by said generating station in combination with a control value;

accessing said encrypted secret transport key and temporarily storing in the cryptographic facility of said designated using station said encrypted secret transport key together with said control value and said combined functions f₁ and f₂ transmitted from said generating station; and

determining if said requested cryptographic operation at said designated using station is permitted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations is disclosed. A control value specifying the use of the cryptographic key is transmitted with a generated cryptographic key to at least two designated using stations one of which may be the generating station. Each of the generating and using stations have cryptographic facilities that securely store a master key. Two techniques are described for controlling the use of the cryptographic key. In the first, the key and the control value are authenticated via a special authentication code before use by the using station. In the second, the key and control value are coupled during key generation such that the key is recovered only if a correct control value is specified. In addition, two techniques are described for controlling who may use the cryptographic key. In the first, each using station has a unique secret transport key shared with the generating station which generates the key in such a way that it can be recovered or regenerated only by the designated using station possessing the correct secret transport key. In the second, secret transport keys are shared by pairs of using stations and cryptographic separation is achieved by using public or nonsecret values unique to each using station.

195 Citations

22 Claims

1. A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations by transmitting said cryptographic key with a control value specifying the use of said cryptographic key from the generating station which generates the cryptographic key to at least two designated using stations one of which may be the generating station, each of said generating and using stations having a cryptographic facility which securely stores a master key, said method comprising the steps of:
- storing in a data base at a generating station a plurality of encrypted secret transport keys unique to each of said using stations and indexed by identifications of said using stations, said encrypted secret transport keys being encrypted under a variant of said master key;
  
  generating a command for the generation and distribution of a cryptographic key with a controlled use to at least two designated using stations in said network; and
  
  in response to said command, generating a random key in said cryptographic facility of the generating station as said cryptographic key;
  
  accessing the encrypted secret transport keys for the designated using stations using the identification for the using stations;
  
  decrypting in said cryptographic facility of the generating station the accessed secret transport keys for the designated using stations using said variant of said master key;
  
  combining in said cryptographic facility of the generating station the decrypted secret transport keys with the generated cryptographic key to produce a combined function f₁ for each designated using station;
  
  reading a control value for said cryptographic key for each said designated using station;
  
  combining in said cryptographic facility of the generating station the generated cryptographic key with said control value for each said designated using station to produce a combined function f₂ ;
  
  transmitting said combined functions f₁ and f₂ for each said designated using station to the corresponding designated using stations;
  
  storing said encrypted secret transport key at a designated using station indexed by the identification of said using station;
  
  requesting a cryptographic operation requiring the use of the cryptographic key generated by said generating station in combination with a control value;
  
  accessing said encrypted secret transport key and temporarily storing in the cryptographic facility of said designated using station said encrypted secret transport key together with said control value and said combined functions f₁ and f₂ transmitted from said generating station; and
  
  determining if said requested cryptographic operation at said designated using station is permitted.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method recited in claim 1 wherein the step of combining to produce the combined function f₁ is performed by encrypting said generated cryptographic key under the decrypted secret transport keys for each designated using station, and wherein the step of combining to produce the combined function f₂ is performed by first encrypting the control values for each said designated using station under said generated cryptographic key and then exclusive ORing the thus encrypted control values with the control values for each said designated using station.
  - 3. The method recited in claim 1 further comprising transmitting said control value for each said designated using station to the corresponding designated using stations.
  - 4. The method recited in claim 3 further comprising at a designated using station the steps of:
    - checking in the cryptographic facility of the using station said control value to determine if the requested operation is allowed by said control value;
      
      if the requested operation is allowed, then in the cryptographic facility of the using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said combined function f₁ using a combining function g₁ to recover said generated cryptographic key, combining the recovered cryptographic key with said control value to produce an authentication function f₂, comparing the temporarily stored combined function f₂ with said authenticating function f₂, and if said stored combined function f₂ and said authenticating function f₂ are equal, enabling said requested cryptographic operation;
      
      otherwise,aborting the requested cryptographic operation and erasing the temporarily stored values in the cryptographic facility of said using station.
  - 5. The method recited in claim 4 wherein said combining function g₁ is an inverse function of said function f₁.

6. A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations by transmitting said cryptographic key with a control value specifying the use of said cryptographic key from the generating station which generates the cryptographic key to at least two designated using stations one of which may be the generating station, each of said generating and using stations having a cryptographic facility which securely stores a master key and a nonsecret value unique to each using station, said method at a generating station comprising the steps of:
- storing in a first data base a plurality of encrypted secret transport keys unique to each pair of using stations in said network and indexed by identifications of pairs of using stations sharing a secret transport key, said encrypted secret transport keys being encrypted under a variant of said master key;
  
  storing in a second data base a plurality of nonsecret values unique to each using station in said network and indexed by identifications of said using stations;
  
  generating a command for the generation and distribution of a cryptographic key with a controlled use to at least two designated using stations in said network; and
  
  in response to said command, generating a random number in said cryptographic facility;
  
  accessing the encrypted secret transport keys shared by designated using stations using the identifications for the using station pairs sharing the encrypted secret transport keys;
  
  accessing the nonsecret values for the designated using stations using the identifications for the designated using stations;
  
  decrypting in said cryptographic facility of the generating station the accessed secret transport keys using said variant of said master key;
  
  combining in said cryptographic facility of the generating station the generated random number with the decrypted secret transport keys to produce a combined function f for each of the designated using stations;
  
  combining in said cryptographic facility of the generating station the decrypted secret transport key with said combined function f₃ to generate said cryptographic key;
  
  reading a control value for said cryptographic key for each said designated using station;
  
  for each said designated using station, combining the generated cryptographic key with the control value and the nonsecret value for the designated using station to produce a combined function f₄ for the designated using station; and
  
  transmitting said combined functions f₃ and f₄ for each said designated using station to the corresponding designated using stations.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method recited in claim 6 further comprising transmitting said control value for each said designated using station to the corresponding designated using stations.
  - 8. The method recited in claim 7 wherein the step of combining to produce the combined function f₃ is performed by encrypting said random number under said decrypted secret transport key for each of the designated using stations.
  - 9. The method recited in claim 7 wherein the step of combining to produce the combined function f₄ is performed by first encrypting said control values under said generated cryptographic key and then exclusive ORing the thus encrypted control values with said nonsecret values for each of said designated using stations.
  - 10. The method recited in claim 7 further comprising at a designated using station the steps of:
    - storing in a data base said encrypted secret transport key indexed by the identification of the using station pair sharing the secret transport key;
      
      storing said nonsecret value for the designated using station in the cryptographic facility of the designated using station;
      
      requesting a cryptographic operation requiring the use of the cryptographic key generated by said generating station in combination with a control value;
      
      accessing said encrypted secret transport key and temporarily storing in the cryptographic facility of said designated using station said encrypted secret transport key together with said control value and the combined functions f₃ and f₄ transmitted from said generating station;
      
      checking said control value to determine if the requested operation is allowed by said control value;
      
      if the requested operation is allowed, then in the cryptographic facility of the designated using station decrypting said encrypted secret transport key stored in said cryptographic facility of the designated using station using a variant of said master key, combining the decrypted secret transport key with said combined function f₃ using a combining function g₃ to recover said generated cryptographic key, combining the recovered cryptographic key with said control value and the nonsecret value for the designated using station to produce an authentication function f₄, comparing the temporarily stored combined function f₄ with the authenticating function f₄, and if said stored combined function f₄ and said authenticating function f₄ are equal, enabling said requested cryptographic operation;
      
      otherwise,aborting the requested cryptographic operation and erasing the temporarily stored values in said cryptographic facility.
  - 11. The method recited in claim 10 wherein the step of combining to produce the combined function f₃ is performed by making said combined function f₃ equal to said random number and wherein said combining function g₃ includes the steps of encrypting said random number under said decrypted secret transport key and then exclusive ORing the encrypted random number with the random number.
  - 12. The method recited in claim 10 wherein said combining function g₃ is an inverse function of said function f₃.

13. A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations by transmitting said cryptographic key with a control value specifying the use of said cryptographic key from the generating station which generates the cryptographic key to at least two designated using stations one of which may be the generating station, each of said generating and using stations having a cryptographic facility which securely stores a master key, said method at a generating station comprising the steps of:
- storing in a data base a plurality of encrypted secret transport keys unique to each of said using stations and indexed by indentifications of said using stations, said incrypted secret transport keys being encrypted under a variant of said master key;
  
  generating a command for the generation and distribution of a cryptographic key with a controlled use to at least two designated using stations in said network; and
  
  in response to said command, generating a random key in said cryptographic facility as said cryptographic key;
  
  accessing the encrypted secret transport keys for the designated using stations using the identification for the using stations;
  
  decrypting in said cryptographic facility of the generating station the accessed secret transport keys for the designated using stations using said variant of said master key;
  
  reading a control value for said cryptographic key for each said designated using station;
  
  combining in said cryptographic facility of the generating station the decrypted secret transport keys with the generated cryptographic key and the control value for each designated using station to produce a first combined function for each designated using station; and
  
  transmitting said combined function for each said designated using station to the corresponding designated using stations.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method recited in claim 13 further comprising the step of transmitting said control value for each said designated using station to the corresponding designated using stations.
  - 15. The method recited in claim 14 wherein the step of combining to produce the first combined function f₅ for each designated using station is performed by encrypting said generated cryptographic key under the control value for the corresponding designated using station to produce a first encrypted value and then encrypting said first encrypted value the decrypted secret transport key for the corresponding designated using station.
  - 16. The method recited in claim 14 further comprising at a designated using station the steps of:
    - storing said encrypted secret transport key indexed by the identification of said using station;
      
      requesting a cryptographic operation requiring the use of the cryptographic key generated by said generating station in combination with a control value;
      
      accessing said encrypted secret transport key and temporarily storing in the cryptographic facility of said designated using station said encrypted secret transport keys together with said control value and said first combined function transmitted from said generating station;
      
      checking said control value to determine if the requested operation is allowed by said control value;
      
      if the requested operation is allowed, then in the cryptographic facility of said designated using station decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said first combined function and said control value using a second combining function to recover said generated cryptographic key, and enabling said requested cryptographic operation;
      
      otherwise,aborting the requested cryptographic operation and erasing the temporarily stored values in said cryptographic facility.
  - 17. The method recited in claim 16 wherein said second combining function is an inverse function of said first combined function.

18. A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations by transmitting said cryptographic key with a control value specifying the use of said cryptographic key from the generating station which generates the cryptographic key to at least two designated using stations one of which may be the generating station, each of said generating and using stations having a cryptographic facility which securely stores a master key and a nonsecret value for each of said using stations, said method at a generating station comprising the steps of:
- storing in a first data base a plurality of encrypted secret transport keys unique to each pair of using stations in said network and indexed by identifications of pairs of using stations sharing a secret transport key, said encrypted secret transport keys being encrypted under a variant of said master key;
  
  storing in a second data base a plurality of nonsecret values unique to each using station in said network and indexed by identifications of said using stations;
  
  generating a command for the generation and distribution of a cryptographic key with a controlled use to at least two designated using stations in said network; and
  
  in response to said command, generating a random key in said cryptographic facility as said cryptographic key;
  
  accessing the encrypted secret transport keys shared by designated using stations using the identifications for the using station pairs sharing the encrypted secret transport keys;
  
  accessing the nonsecret values for the designated using stations using the identifications for the designated using stations;
  
  decrypting in said cryptographic facility of the generating station the accessed secret transport keys using said variant of said master key;
  
  reading a control value for said cryptographic key for each said designated using station;
  
  combining in said cryptographic facility of the generating station the generated cryptographic key with the decrypted secret transport key, control value and nonsecret value for each designated using station to produce a combined function f₆ for each of the designated using stations; and
  
  transmitting said combined function f₆ for each said designated using station to the corresponding designated using stations.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method recited in claim 18 further comprising transmitting said control value for each said designated using station to the corresponding designated using stations.
  - 20. The method recited in claim 19 wherein the step of combining to produce the combined function f₆ is performed by encrypting said cryptographic key under said control value for the designated using station to produce a first encrypted value, encrypting said first encrypted value under said nonsecret value for the designated using station to produce a second encrypted value, and encrypting said second encrypted value under said decrypted secret transport key for the designated using station.
  - 21. The method recited in claim 19 further comprising at a designated using station the steps of:
    - storing in a data base said encrypted secret transport key indexed by the identification of the using station pair sharing the secret transport key;
      
      storing said nonsecret value for the designated using station in the cryptographic facility of the designated using station;
      
      requesting a cryptographic operation requiring the use of the cryptographic key generated by said generating station in combination with a control value;
      
      accessing said encrypted secret transport key and said nonsecret value and temporarily storing in the cryptographic facility of said designated using station said encrypted secret transport key together with said control value and combined function f₆ transmitted from said generating station;
      
      checking said control value to determine if the requested operation is allowed by said control value;
      
      if the requested operation is allowed, then decrypting said encrypted secret transport key stored in said cryptographic facility using a variant of said master key, combining the decrypted secret transport key with said control value, said nonsecret value and said combined function f₆ using a combining function g₆ to recover said generated cryptographic key, and enabling said requested cryptographic operation;
      
      otherwise,aborting the requested cryptographic operation and erasing the temporarily stored values in said cryptographic facility.
  - 22. The method recited in claim 21 wherein said combining function g₆ is an inverse function of said function f₆.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Brachtl, Bruno O., Matyas, Stephen M. Jr., Meyer, Carl H. W.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/055,502
Time in Patent Office

781 Days
Field of Search

380/21, 380/25, 380/45, 380/47
US Class Current

380/280
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/0844   with user authentication or...

H04L 9/088   Usage controlling of secret...

Y04S 40/20   Information technology spec...

Controlled use of cryptographic keys via generating station established control values

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

195 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Controlled use of cryptographic keys via generating station established control values

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

195 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links