Cryptographic key management apparatus and methods
First Claim
1. Cryptographic key management apparatus for a communication domain enabling secure communication among a plurality of domain members comprising:
- a plurality of Keys for use in said apparatus comprising Master Keys and Working Keys;
said Master Keys comprising a Domain Master Key shared by all domain members and a Member Master Key unique to each said domain member;
said Working Keys comprising Domain Vector Keys and Member Vector Keys;
said Domain Vector Keys being public keys for use by said domain members and having control information therein defining said Domain Vector Keys for encryption and verification;
each said Member Vector Key being a private key for use by an associated domain member and having control information therein defining said Member Vector Key for decryption and message sealing;
each said Member Vector Key having a cryptographic key value encrypted therein using the associated Member Master Key;
said Domain Master Key being a public key shared by all domain members and used for protecting said Domain Vector Keys;
each said Domain Vector Key having a cryptographic key value encrypted therein using the Domain Master Key;
each said Member Master Key being a private key for use by an associated domain member;
each said Member Vector Key having a cryptographic key value encrypted therein using the associated Member Master Key;
a directory accessible by all domain members, with at least one Domain Vector Key and one Member Vector Key being provided for each said domain member to provide a Pair of Vector Keys, with each said Pair of Vector Keys having the same said cryptographic key value therein;
each said domain member including;
a vector key processor and a cryptographic processor;
said vector key processor receiving said Working Keys for controlling said data encryption and data decryption; and
said cryptographic processor performing said encryption and decryption.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides for a cryptographic key management method and apparatus in which the cryptographic keys are provided as vector keys in that they comprise a key value and control information for specifying the use to which the key can be put by members of a communications domain. Each domain member is associated with at least one pair of vector keys and the keys in each pair share the same key value. One of the keys in each pair is provided as a public key and specified for encrypting, or verifying the seal of, messages sent from the domain member associated therewith and the other is provided as a private key and specified for decrypting, or generating a seal for, messages sent to the domain member associated therewith.
-
Citations
5 Claims
-
1. Cryptographic key management apparatus for a communication domain enabling secure communication among a plurality of domain members comprising:
-
a plurality of Keys for use in said apparatus comprising Master Keys and Working Keys; said Master Keys comprising a Domain Master Key shared by all domain members and a Member Master Key unique to each said domain member; said Working Keys comprising Domain Vector Keys and Member Vector Keys; said Domain Vector Keys being public keys for use by said domain members and having control information therein defining said Domain Vector Keys for encryption and verification; each said Member Vector Key being a private key for use by an associated domain member and having control information therein defining said Member Vector Key for decryption and message sealing; each said Member Vector Key having a cryptographic key value encrypted therein using the associated Member Master Key; said Domain Master Key being a public key shared by all domain members and used for protecting said Domain Vector Keys; each said Domain Vector Key having a cryptographic key value encrypted therein using the Domain Master Key; each said Member Master Key being a private key for use by an associated domain member; each said Member Vector Key having a cryptographic key value encrypted therein using the associated Member Master Key; a directory accessible by all domain members, with at least one Domain Vector Key and one Member Vector Key being provided for each said domain member to provide a Pair of Vector Keys, with each said Pair of Vector Keys having the same said cryptographic key value therein; each said domain member including; a vector key processor and a cryptographic processor; said vector key processor receiving said Working Keys for controlling said data encryption and data decryption; and said cryptographic processor performing said encryption and decryption. - View Dependent Claims (2, 3)
-
-
4. A method of managing a plurality of cryptographic Keys by domain members in a communication domain, with said Keys including Master Keys and Working Keys, with said Master Keys including Domain Master Keys and Member Master Keys, and with said Wording Keys including Domain Vector Keys and Member Vector Keys, said method comprising the steps of:
-
(a) providing the Domain Master Key and the Domain Vector Key as public keys; (b) keeping the Member Master Key and the Domain Vector Key as private keys for use by an associated domain member; (c) performing data encryption and data seal verification on a vector key processor for said public keys; and
performing data decryption and seal generation on a cryptographic processor for said private keys(d) grouping a Domain Vector Key and a Member Vector Key as a Key Pair and sharing the same cryptographic key value, with at least one Key Pair being associated with each domain member; (e) storing said Key Pairs in a directory, and (f) sealing said Key Pairs with associated Master Keys to provide protection against vector substitution.
-
-
5. A method of managing a plurality of cryptographic Keys by domain members in a communication domain, with said Keys including Master Keys and Working Keys, with said Master Keys including Domain Master Keys and Member Master Keys, and with said Working Keys including Domain Vector Keys and Member Vector Keys, said method comprising the steps of:
-
(a) providing the Domain Master Key and the Domain Vector Key as public keys; (b) keeping the Member Master Key and the Domain Vector Key as private keys for use by an associated domain member; (c) performing data encryption and data seal verification on a vector key processor for said public keys; and
performing data decryption and seal generation on a cryptographic processor for said private keys(d) grouping a Domain Vector Key and a Member Vector Key as a Key Pair and sharing the same cryptographic key value, with at least one Key Pair being associated with each domain member; (e) storing said Key Pairs in a directory; (f) sealing said Key Pairs with associated Master Keys to provide protection against vector substitution; and (g) carrying out message encryption and decryption in said cryptographic processor into which the Key Pairs are loaded from said vector key processor.
-
Specification