Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors

US 5,142,578 A
Filed: 08/22/1991
Issued: 08/25/1992
Est. Priority Date: 08/22/1991
Status: Expired due to Term

First Claim

Patent Images

1. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, an apparatus for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:

a first storage means at a transmitting node in the system for storing a crypto variable which is to be transmitted to a receiving node in the system;

a second storage means at said transmitting node for storing control information to control said crypto variable after it is transmitted from said transmitting node said control information including a control vector to limit the uses of said crypto variable;

a third storage means at said transmitting node for storing a first key expression;

concatenating means at said transmitting node, coupled to said first and second storage means, for concatenating said crypto variable with said control information, forming a key block;

encryption means at said transmitting node, coupled to said third storage means and said concatenating means, for encrypting said key block with said first key expression, forming an encrypted key block;

transmitting means at said transmitting node coupled to said encryption means and coupled over a communications link to a receiving means at said receiving node, for transmitting said encrypted key block to said receiving node;

said transmitting means coupled to said second storage means, for transmitting a second copy of said control information to said receiving node;

fourth storage means at said receiving node, for storing a second key expression corresponding to said first key expression;

decryption means at said receiving node coupled to said receiving means and to said fourth storage means, for decrypting said encrypted key block using said second key expression, to obtain a recovered key block;

extraction means at said receiving node coupled to said decryption means, to extract said control information and said crypto variable from said recovered key block;

comparison means at said receiving node coupled to said extraction means and coupled to said receiving means for comparing said control information extracted from said recovered key block to said second copy of said control information, said comparison means having an enabling output for signaling when said comparison is satisfied;

control means coupled to said extraction means and having an enabling input coupled to said output of said comparison means, for controlling said crypto variable with said control information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The patent describes a method and apparatus for securely distributing an initial Data Encryption Algorithm (DEA) key-encrypting key by encrypting a key record (consisting of the key-encrypting key and control information associated with that key-encrypting key) using a public key algorithm and a public key belonging to the intended recipient of the key record. The patent further describes a method and apparatus for securely recovering the distributed key-encrypting key by the recipient by decrypting the received key record using the same public key algorithm and private key associated with the public key and re-encrypting the key-encrypting key under a key formed by arithmetically combining the recipient'"'"'s master key with a control vector contained in the control information of the received key record. Thus the type and usage attributes assigned by the originator of the key-encrypting key in the form of a control vector are cryptographically coupled to the key-encrypting key such that the recipient may only use the received key-encrypting key in a manner defined by the key originator.

The patent further describes a method and apparatus to improve the integrity of the key distribution process by applying a digital signature to the key record and by including identifying information (i.e., an originator identifier) in the control information of the key record. The integrity of the distribution process is enhanced by verifying the digital signature and originator identifier at the recipient node.

Citations

25 Claims

1. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, an apparatus for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- a first storage means at a transmitting node in the system for storing a crypto variable which is to be transmitted to a receiving node in the system;
  
  a second storage means at said transmitting node for storing control information to control said crypto variable after it is transmitted from said transmitting node said control information including a control vector to limit the uses of said crypto variable;
  
  a third storage means at said transmitting node for storing a first key expression;
  
  concatenating means at said transmitting node, coupled to said first and second storage means, for concatenating said crypto variable with said control information, forming a key block;
  
  encryption means at said transmitting node, coupled to said third storage means and said concatenating means, for encrypting said key block with said first key expression, forming an encrypted key block;
  
  transmitting means at said transmitting node coupled to said encryption means and coupled over a communications link to a receiving means at said receiving node, for transmitting said encrypted key block to said receiving node;
  
  said transmitting means coupled to said second storage means, for transmitting a second copy of said control information to said receiving node;
  
  fourth storage means at said receiving node, for storing a second key expression corresponding to said first key expression;
  
  decryption means at said receiving node coupled to said receiving means and to said fourth storage means, for decrypting said encrypted key block using said second key expression, to obtain a recovered key block;
  
  extraction means at said receiving node coupled to said decryption means, to extract said control information and said crypto variable from said recovered key block;
  
  comparison means at said receiving node coupled to said extraction means and coupled to said receiving means for comparing said control information extracted from said recovered key block to said second copy of said control information, said comparison means having an enabling output for signaling when said comparison is satisfied;
  
  control means coupled to said extraction means and having an enabling input coupled to said output of said comparison means, for controlling said crypto variable with said control information.
- View Dependent Claims (2)
- - 2. The apparatus of claim 1, which further comprises:
    - said first key expression being a public key issued by said receiving node and said second key expression being a private key corresponding to said public key.

3. In a processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
  
  storing control information to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
  
  storing a first key expression at said transmitting node;
  
  concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
  
  encrypting said key block with said first key expression, forming an encrypted key block at said transmitting node;
  
  transmitting said encrypted key block to said receiving node;
  
  transmitting a second copy of said control information to said receiving node;
  
  storing a second key expression corresponding to said first key expression, at said receiving node;
  
  decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
  
  extracting said control information and said crypto variable from said recovered key block, at said receiving node;
  
  comparing said control information extracted from said recovered key block with said second copy of said control information and generating an enabling signal when the compare is satisfied;
  
  controlling said crypto variable with said control information when said enabling signal has been generated.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 4. The method of claim 3, which further comprise:
    - said first key expression and said second key expression being symmetric keys.
  - 5. The method of claim 3, which further comprises:
    - said first key expression being a public key issued by said receiving node and said second key expression being a private key corresponding to said public key.
  - 6. The method of claim 3, which further comprises:
    - said control information includes a received control vector which defines limitations on uses of said crypto variable.
  - 7. The method of claim 6, which further comprises:
    - storing a reference control vector characterizing required uses of said crypto variable at said receiving node;
      
      storing said received control vector extracted from said recovered key block, at said receiving node;
      
      comparing said reference control vector with said received control vector, and outputting an acceptance signal if the comparison succeeds, at said receiving node;
      
      storing said crypto variable extracted by said extraction means if said acceptance signal is received from said compare means, at said receiving node.
  - 8. The method of claim 7, which further comprises:
    - storing a master key at said receiving node;
      
      forming an exclusive OR product of said master key and said received control vector, forming a product key expression, at said receiving node;
      
      encrypting said crypto variable under said master key, forming an encrypted crypto variable, at said receiving node;
      
      storing said encrypted crypto variable, at said receiving node.
  - 9. The method of claim 8, which further comprises:
    - receiving a request from a user for using said crypto variable, at said receiving node;
      
      checking said received control vector to determine if said requested uses are permitted, at said receiving node;
      
      outputting an enabling signal if said requested uses are permitted, at said receiving node;
      
      receiving said enabling signal and in response thereto, forming an exclusive OR product of said master key and said received control vector, forming a product key expression, at said receiving node;
      
      inputting said product key expression, and decrypting said encrypted crypto variable under said master key, recovering said crypto variable, at said receiving node.
  - 10. The method of claim 7, which further comprises:
    - storing a master key at said receiving node;
      
      forming an exclusive OR product of said master key and said reference control vector, forming a product key expression, at said receiving node;
      
      inputting said product key expression, and encrypting said crypto variable under said master key, forming an encrypted crypto variable, at said receiving node;
      
      storing said encrypted crypto variable, at said receiving node.
  - 11. The method of claim 10, which further comprises:
    - receiving a request from a user for using said crypto variable, at said receiving node;
      
      checking said reference control vector to determine if said requested uses are permitted, at said receiving node;
      
      outputting an enabling signal if said requested uses are permitted, at said receiving node;
      
      receiving said enabling signal and in response thereto, forming an exclusive OR product of said master key and said reference control vector, forming a product key expression, at said receiving node;
      
      decrypting said encrypted crypto variable under said master key, recovering said crypto variable, at said receiving node.
  - 12. The method of claim 11, wherein said reference control vector is received from said transmitting node.
  - 13. The method of claim 12, which further comprises:
    - said received control vector is a first hashed product of said reference control vector, received from said transmitting node;
      
      forming a second hash product of said reference control vector, at said receiving node;
      
      comparing said first hashed product with said second hashed product and outputting a second acceptance signal when the comparison is satisfied, at said receiving node.
  - 14. The method of claim 3, which further comprises:
    - said control information includes a hashed control vector which represents limitations on uses of said crypto variable.
  - 15. The method of claim 14, wherein said control means further comprises:
    - receiving from said transmitting node and storing a reference control vector characterizing required uses of said crypto variable at said receiving station, at said receiving node;
      
      storing said hashed control vector extracted from said recovered key block, at said receiving node;
      
      forming a hash product of said reference control vector, at said receiving node;
      
      comparing said hash product with said hashed control vector, and outputting an acceptance signal if the comparison succeeds, at said receiving node;
      
      storing said crypto variable extracted by said extraction means if said acceptance signal is hashed from said compare means, at said receiving node.
  - 16. The method of claim 15, which further comprises:
    - storing a master key at said receiving node;
      
      forming an exclusive OR product of said master key and said hashed control vector, forming a product key expression, at said receiving node;
      
      inputting said product key expression, and encrypting said crypto variable under said master key, forming an encrypted crypto variable, at said receiving node;
      
      storing said encrypted crypto variable, at said receiving node.
  - 17. The method of claim 16, which further comprises:
    - receiving a request from a user for using said crypto variable, at said receiving node;
      
      checking said reference control vector to determine if checking said reference said requested uses are permitted, at said receiving node;
      
      outputting an enabling signal if said requested uses are permitted, at said receiving node;
      
      receiving said enabling signal and in response thereto, forming an exclusive OR product of said master key and said hashed control vector, forming a product key expression, at said receiving node;
      
      inputting said product key expression, and decrypting said encrypted crypto variable under said master key, recovering said crypto, variable, at said receiving node.
  - 18. The method of claim 3, which further comprises:
    - said control information includes a transmitting node environment identification which characterizes the identity of said transmitting node.
  - 19. The method of claim 18, which further comprises:
    - storing a receiving node environment identification, at said receiving node;
      
      storing said transmitting node environment identification extracted from said recovered key block, at said receiving node;
      
      comparing said receiving node environment identification and said transmitting node environment identification and outputting an acceptance signal if the comparison fails, at said receiving node;
      
      storing said crypto variable extracted by said extraction means if said acceptance signal is received from said compare means, at said receiving node.

20. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptograpic communications, a program for execution on the data processing system for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- said program controlling the data processing system for storing a crypto variable which is to be transmitted to a receiving node in the system, at a transmitting node;
  
  said program controlling the data processing system for storing control information to control said crypto variable after it is transmitted from said transmitting node, at said transmitting node said control information including a control vector to limit the uses of said crypto variable;
  
  said program controlling the data processing system for storing a first key expression at said transmitting node;
  
  said program controlling the data processing system for concatenating said crypto variable with said control information, forming a key block, at said transmitting node;
  
  said program controlling the data processing system for encrypting said key block with said first key expression, forming an encrypted key block, at said transmitting node;
  
  said program controlling the data processing system for transmitting said encrypted key block to said receiving node;
  
  said program controlling the data processing system for transmitting a second copy of said control information to said receiving node;
  
  said program controlling the data processing system for storing a second key expression corresponding to said first key expression, at said receiving node;
  
  said program controlling the data processing system for decrypting said encrypted key block using said second key expression, to obtain a recovered key block, at said receiving node;
  
  said program controlling the data processing system for extracting said control information and said crypto variable from said recovered key block, at said receiving node;
  
  said program controlling the data processing system for comparing said control information extracted from said recovered key bock with said second copy of said control information and generating an enabling signal when the compare is satisfied;
  
  said program controlling the data processing system for controlling said crypto variable with said control information when said enabling signal has been generated.
- View Dependent Claims (21)
- - 21. The program of claim 20, which further comprises:
    - said first key expression being a public key issued by said receiving node and said second key expression being a private key corresponding to said public key.

22. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications an apparatus for enabling a first ode of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- a storage means at a transmitting node in the system for storing a crypto variable which is to be transmitted to a receiving node in the system;
  
  said storage means storing control information including a control vector to control said crypto variable after it is transmitted from said transmitting node;
  
  said storage means for storing a first key expression;
  
  concatenating means at said transmitting node, coupled to said storage means, for concatenating said crypto variable with said control information, forming a key block;
  
  encryption means at said transmitting node, coupled to said storage means and said concatenating means, for encrypting said key block with said first key expression, forming an encrypted key block; and
  
  transmitting means at said transmitting node coupled to said encryption means and coupled over a communications link to a receiving means at said receiving node, for transmitting said encrypted key block to said receiving node.

23. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, an apparatus for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- a storage means at a transmitting node in the system for storing a crypto variable which is to be transmitted to a receiving node in the system;
  
  said storage means storing control information including a control vector to control said crypto variable after it is transmitted from said transmitting node;
  
  said storage means storing a first key expression;
  
  concatenating means at said transmitting node, coupled to said storage means, for concatenating said crypto variable with said control information, forming a key block;
  
  encryption means at said transmitting node, coupled to said storage means and said concatenating means, for encrypting said key block with said first key expression, forming an encrypted key block; and
  
  transmitting means at said transmitting node coupled to said encryption means and coupled over a communications link to a receiving means at said receiving node, for transmitting said encrypted key block to said receiving node.second storage means at said receiving node, for storing a second key expression corresponding to said first key expression;
  
  decryption means at said receiving node coupled to said receiving means and to said second storage means for decrypting aid encrypted key block using said second key expression, to obtain a recovered key block;
  
  extraction means at said receiving node coupled to said decryption means, to extract said control information and said crypto variable from said recovered key block;
  
  validating means at aid receiving node coupled to said extraction means for validating said control information extracted from aid recovered key block, said validating means having an enabling output for signaling when said control information is valid;
  
  control means coupled to said extraction means and having an enabling input coupled to said output of said validating means, for controlling said crypto variable with said control information.

24. Apparatus for generating and distributing a Data Encryption Algorithm (DEA) key in a communications network, comprising:
- a) sending means for generating and producing at least two copies of a key-encrypting key (K-ek), and control information including a control vector for permitted uses of the k-ek;
  
  b) means included in the sending means for encrypting one copy of the k-ek under the public key of a receiving means and transmitting the public key encrypted k-ek to the receiving means in association with said control information;
  
  c) means further included in the sending means for encrypting another copy of the k-ek under a master key of the sending means;
  
  d) means further included in the sending means for storing the master key encrypted k-3k as a common distributing key for other encrypted keys used in the network, in association with said control information;
  
  e) control means included in the sending means, to limit uses of the k-ek to said permitted uses in response to said control information.

25. In a data processing system having a plurality of communicating nodes, at least a pair of nodes in the system exchanging cryptographic communications, a method for enabling a first node of the pair to control a crypto variable after its transmission from the first node to a second node of the pair, comprising:
- concatenating a crypto variable with control information including a control vector to control said crypto variable after it is transmitted from said transmitting node, forming a key block, at said transmitting node;
  
  encrypting said key block with a first key expression, forming an encrypted key block, at said transmitting node;
  
  transmitting said encrypted key block to said receiving node;
  
  decrypting said encrypted key block using a second key expression, to obtain a recovered key block, at said receiving node;
  
  extracting said control information and said crypto variable from said recovered key block, at said receiving node;
  
  validating said control information extracted from said recovered key block and generating an enabling signal;
  
  controlling said crypto variable with said control information when said enabling signal has been generated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Johnson, Donald B., Martin, William C., Matyas, Stephen M., Prymak, Rostislaw, Le, An V., Wilkins, John D., Rohland, William S.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/748,407
Time in Patent Office

369 Days
Field of Search

380/21, 380/25, 380/30, 380/49
US Class Current

380/280
CPC Class Codes

G06F 9/30003   Arrangements for executing ...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links