Method and apparatus for performing strong encryption or decryption data using special encryption functions

US 6,333,983 B1
Filed: 12/16/1997
Issued: 12/25/2001
Est. Priority Date: 12/16/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data, said cryptographic functions including (a) an encryption function for encrypting an input block under a key in accordance with a predetermined encryption procedure to produce an output block comprising said input block encrypted under said key, said encryption procedure being a symmetric encryption procedure having a corresponding decryption procedure for decrypting said output block using said key to regenerate said input block, and (b) a reencryption function for reencrypting under a second key in accordance with said procedure an input block comprising an original plaintext block that has been encrypted under a first key in accordance with said procedure to produce an output block comprising said original plaintext block encrypted under said second key, said procedure having at least one key pair with the property that successive encryption of a block under the keys of said pair in accordance with said procedure regenerates said block in clear form, a method for decrypting a ciphertext block comprising an original plaintext block that has been encrypted under a predetermined key in accordance with said procedure, comprising the steps of:

invoking said reencryption function with said ciphertext block supplied as an input block, said predetermined key supplied as a first key, and one of said key pair supplied as a second key to produce a first output block comprising said original plaintext block encrypted under said one of said key pair; and

invoking said encryption function with said first output block supplied as an input block and the other of said key pair supplied as a key to produce a second output block comprising said original plaintext block successively encrypted under the keys of said key pair, thereby to regenerate said original plaintext block in clear form.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for decrypting an input block encrypted under a predetermined key in a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data. The cryptographic functions include an encryption function for encrypting a block under a predetermined key and a transformation function for transforming a block encrypted under a first key to the same block encrypted under a second key. The cryptographic functions have at least one key pair with the property that successive encryption of a block under the keys of the pair regenerates the block in clear form. The input block is first transformed into an intermediate block encrypted under one of the key pair using the transformation function. The intermediate block is then further encrypted under the other of the key pair using the encryption function to generate an output block successively encrypted under the keys of pair, thereby to regenerate the input block in clear form. The invention is useful in cryptographic systems in which the decryption function being emulated by the transformation and encryption functions is unavailable for export control or other reasons.

111 Citations

View as Search Results

22 Claims

1. In a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data, said cryptographic functions including (a) an encryption function for encrypting an input block under a key in accordance with a predetermined encryption procedure to produce an output block comprising said input block encrypted under said key, said encryption procedure being a symmetric encryption procedure having a corresponding decryption procedure for decrypting said output block using said key to regenerate said input block, and (b) a reencryption function for reencrypting under a second key in accordance with said procedure an input block comprising an original plaintext block that has been encrypted under a first key in accordance with said procedure to produce an output block comprising said original plaintext block encrypted under said second key, said procedure having at least one key pair with the property that successive encryption of a block under the keys of said pair in accordance with said procedure regenerates said block in clear form, a method for decrypting a ciphertext block comprising an original plaintext block that has been encrypted under a predetermined key in accordance with said procedure, comprising the steps of:
- invoking said reencryption function with said ciphertext block supplied as an input block, said predetermined key supplied as a first key, and one of said key pair supplied as a second key to produce a first output block comprising said original plaintext block encrypted under said one of said key pair; and
  
  invoking said encryption function with said first output block supplied as an input block and the other of said key pair supplied as a key to produce a second output block comprising said original plaintext block successively encrypted under the keys of said key pair, thereby to regenerate said original plaintext block in clear form.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 in which the keys of said key pair are the same.
  - 3. The method of claim 1 in which the keys of said key pair are different.
  - 4. The method of claim 1 in which said reencryption function transforms a key encrypted under a first key-encrypting key to said key encrypted under a second key-encrypting key, said step of invoking said reencryption function comprising the steps of:
5. The method of claim 4 in which said first key-encrypting key is an importer key and said second key-encrypting key is an exporter key.
6. The method of claim 1 in which said reencryption function transforms a PIN block encrypted under a first PIN-encrypting key to said PIN block encrypted under a second PIN-encrypting key, said step of invoking said reencryption function comprising the steps of:
- establishing said predetermined key as said first PIN-encrypting key;
  
  establishing said one of said key pair as said second PIN-encrypting key; and
  
  transforming said input block as a PIN block, using said reencryption function, from encryption under said predetermined key as a first PIN-encrypting key to encryption under said one of said key pair as a second PIN-encrypting key.
7. The method of claim 6 in which said first key-encrypting key is an input PIN key and said second key-encrypting key is an output PIN key.
8. The method of claim 1 in which said reencryption function comprises a first transformation function for transforming said block from encryption under said first key to encryption under a master key and a second transformation function for transforming said block from encryption under said master key to encryption under said second key, said step of invoking said reencryption function comprising the steps of:
- transforming said block from encryption under said predetermined key to encryption under said master key using said first transformation function; and
  
  transforming said block from encryption under said master key to encryption under said one of said key pair using said second transformation function.
9. The method of claim 1 in which said encryption function comprises a master key encryption function for encrypting said block under a master key and a master key transformation function for transforming said block from encryption under said master key to encryption under said other of said key pair, said step of invoking said encryption function comprising the steps of:
- encrypting said first output block under said master key using said master key encryption function, and transforming said first output block from encryption under said master key to encryption under said other of said key pair using said master key transformation function.
10. The method of claim 1 in which said encryption function comprises a message authentication function for generating a message authentication code on an message block, said step of invoking said encryption function comprising the step of:
- generating a message authentication code on said input block using said message authentication function.

11. In a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data, said cryptographic functions including (a) an encryption function for encrypting an input block under a key in accordance with a predetermined encryption algorithm to produce an output block comprising said input block encrypted under said key, said encryption procedure being a symmetric encryption procedure having a corresponding decryption procedure for decrypting said output block using said key to regenerate said input block, and (b) a reencryption function for reencrypting under a second key in accordance with said procedure an input block comprising an original plaintext block that has been encrypted under a first key in accordance with said procedure to produce an output block comprising said original plaintext block encrypted under said second key, said procedure having at least one key pair with the property that successive encryption of a block under the keys of said pair in accordance with said procedure regenerates said block in clear form, apparatus for decrypting a ciphertext block comprising an original plaintext block that has been encrypted under a predetermined key in accordance with said procedure, comprising:
- means for invoking said reencryption function with said ciphertext block supplied as an input block, said predetermined key supplied as a first key, and one of said key pair supplied as a second key to produce a first output block comprising said original plaintext block encrypted under said one of said key pair; and
  
  means for invoking said encryption function with said first output block supplied as an input block and the other of said key pair supplied as a key to produce a second output block comprising said original plaintext block successively encrypted under the keys of said key pair, thereby to regenerate said original plaintext block in clear form.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The apparatus of claim 11 in which said reencryption function transforms a key encrypted under a first key-encrypting key to said key encrypted under a second key-encrypting key, said means for invoking said reencryption function comprising:
13. The apparatus of claim 11 in which said reencryption function transforms a PIN block encrypted under a first PIN-encrypting key to said PIN block encrypted under a second PIN-encrypting key, said means for invoking said reencryption function comprising:
- means for establishing said predetermined key as said first PIN-encrypting key;
  
  means for establishing said one of said key pair as said second PIN-encrypting key; and
  
  means for transforming said input block as a PIN block, using said reencryption function, from encryption under said predetermined key as a first PIN-encrypting key to encryption under said one of said key pair as a second PIN-encrypting key.
14. The apparatus of claim 11 in which said reencryption function comprises a first transformation function for transforming said block from encryption under said first key to encryption under a master key and a second transformation function for transforming said block from encryption under said master key to encryption under said second key, said means for invoking said reencryption function comprising:
- means for transforming said block from encryption under said predetermined key to encryption under said master key using said first transformation function; and
  
  means for transforming said block from encryption under said master key to encryption under said one of said key pair using said second transformation function.
15. The apparatus of claim 11 in which said encryption function comprises a master key encryption function for encrypting said block under a master key and a master key transformation function for transforming said block from encryption under said master key to encryption under said other of said key pair, said means for invoking said encryption function comprising:
- means for encrypting said first output block under said master key using said master key encryption function; and
  
  means for transforming said first output block from encryption under said master key to encryption under said other of said key pair using said master key transformation function.
16. The apparatus of claim 11 in which said encryption function comprises a message authentication function for generating a message authentication code on an message block, said means for invoking said encryption function comprising:
- means for generating a message authentication code on said input block using said message authentication function.

17. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for decrypting a ciphertext block comprising an original plaintext block that has been encrypted under a predetermined key in accordance with a predetermined encryption procedure in a cryptographic system having a cryptographic facility providing cryptographic functions for transforming blocks of data, said cryptographic functions including (a) an encryption function for encrypting an input block under a key in accordance with said procedure to produce an output block comprising said input block encrypted under said key, said encryption procedure being a symmetric encryption procedure having a corresponding decryption procedure for decrypting said output block using said key to regenerate said input block, and (b) a reencryption function for reencrypting under a second key in accordance with said procedure an input block comprising an original plaintext block that has been encrypted under a first key in accordance with said procedure to produce an output block comprising said original plaintext block encrypted under said second key, said procedure having at least one key pair with the property that successive encryption of a block under the keys of said pair in accordance with said procedure regenerates said block in clear form, said method steps comprising:
- invoking said reencryption function with said ciphertext block supplied as an input block, said predetermined key supplied as a first key, and one of said key pair supplied as a second key to produce a first output block comprising said original plaintext block encrypted under said one of said key pair; and
  
  invoking said encryption function with said first output block supplied as an input block and the other of said key pair supplied as a key to produce a second output block comprising said original plaintext block successively encrypted under the keys of said key pair, thereby to regenerate said original plaintext block in clear form.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The program storage device of claim 17 in which said reencryption function transforms a key encrypted under a first key-encrypting key to said key encrypted under a second key-encrypting key, said step of invoking said reencryption function comprising the steps of:
19. The program storage device of claim 17 in which said reencryption function transforms a PIN block encrypted under a first PIN-encrypting key to said PIN block encrypted under a second PIN-encrypting key, said step of invoking said reencryption function comprising the steps of:
- establishing said predetermined key as said first PIN-encrypting key;
  
  establishing said one of said key pair as said second PIN-encrypting key; and
  
  transforming said input block as a PIN block, using said reencryption function, from encryption under said predetermined key as a first PIN-encrypting key to encryption under said one of said key pair as a second PIN-encrypting key.
20. The program storage device of claim 17 in which said reencryption function comprises a first transformation function for transforming said block from encryption under said first key to encryption under a master key and a second transformation function for transforming said block from encryption under said master key to encryption under said second key, said step of invoking said reencryption function comprising the steps of:
- transforming said block from encryption under said predetermined key to encryption under said master key using said first transformation function; and
  
  transforming said block from encryption under said master key to encryption under said one of said key pair using said second transformation function.
21. The program storage device of claim 17 in which said encryption function comprises a master key encryption function for encrypting said block under a master key and a master key transformation function for transforming said block from encryption under said master key to encryption under said other of said key pair, said step of invoking said encryption function comprising the steps of:
- encrypting said first output block under said master key using said master key encryption function; and
  
  transforming said first output block from encryption under said master key to encryption under said other of said key pair using said master key transformation function.
22. The program storage device of claim 17 in which said encryption function comprises a message authentication function for generating a message authentication code on an message block, said step of invoking said encryption function comprising the step of:
- generating a message authentication code on said input block using said message authentication function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Enichen, Margaret C., Smith, Ronald M. Sr., Yeh, Phil Chi-Chung
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Seal, James

Application Number

US08/991,916
Time in Patent Office

1,470 Days
Field of Search

380/38, 380/273
US Class Current

380/273
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0822   using key encryption key

H04L 9/088   Usage controlling of secret...

H04L 9/50   using hash chains, e.g. blo...

Method and apparatus for performing strong encryption or decryption data using special encryption functions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

111 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for performing strong encryption or decryption data using special encryption functions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links