-
公开(公告)号:CA1046942A
公开(公告)日:1979-01-23
申请号:CA243854
申请日:1976-01-20
Applicant: IBM
Inventor: EHRSAM WILLIAM F , MEYER CARL H , POWERS ROBERT L , SMITH JOHN L , TUCHMAN WALTER L
Abstract: PRODUCT BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering a block of data bits under control of a cipher key. The cipher device performs a ciphering process for the block of data by carrying out an operation in which the block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined nonlinear transformation and linear formation results in a product block cipher of the block of data.
-
公开(公告)号:CA1121013A
公开(公告)日:1982-03-30
申请号:CA317142
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SAHULKA RICHARD J , TUCHMAN WALTER L
Abstract: A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
-
公开(公告)号:CA1149483A
公开(公告)日:1983-07-05
申请号:CA316965
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is transferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.
-
公开(公告)号:CA1124812A
公开(公告)日:1982-06-01
申请号:CA317109
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , HOLLIS LLOYD L , LENNON RICHARD E , MATYAS STEPHEN M , MEYER CARL H W , OSEAS JONATHAN , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems. Ki977009
-
Patent Agency Ranking
公开(公告)号:CA1048935A
公开(公告)日:1979-02-20
申请号:CA243887
申请日:1976-01-20
Applicant: IBM
Inventor: EHRSAM WILLIAM F , MEYER CARL H , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering message blocks of data bits under control of a cipher key. The cipher device performs a ciphering process for the first half of the message block of data bits from a first store by carrying out an operation in which the block of data bits is expanded by duplicating predetermined ones of the data bits of the first half of the message block. The data bits of the expanded first half of said message block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different non-linear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution of data bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined non-linear transformation and linear transformation results in a product block cipher for the first half of the said message block. Then the second half of the message block from a second store is subjected to a linear transformation in accordance with the product block cipher to produce a set of bits representing a modified second half of said message block. Finally said modified second half of said message block is loaded into the first store and the first half of the message block from the first store is loaded into the second store concurrently with the modified second half of the message block being loaded into the first store to complete a first iteration operation of the cipher device.
-
公开(公告)号:FR2350011A1
公开(公告)日:1977-11-25
申请号:FR7705184
申请日:1977-02-18
Applicant: IBM
Inventor: EHRSAM WILLIAM F , MEYER CARL H W , SMITH JOHN L , TUCHMAN WALTER L
Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.
-
公开(公告)号:CA1124811A
公开(公告)日:1982-06-01
申请号:CA316967
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SMITH JOHN L , TUCHMAN WALTER L
IPC: H04L9/06 , G06F1/00 , G06F21/00 , G06F21/22 , G09C1/00 , H04L9/08 , H04L9/14 , H04L9/18 , H04L9/02
Abstract: A file security system for data files associated with a host data processing system. The host system includes a data security device which contains a secure host master key and is capable of performing a variety of cryptographic operations. At initialization time, the host system generates a series of file keys for the associated storage media and protects them by enciphering the file keys under a variant of the host master key. When a data file is to be created, a random number is generated and defined as an operational key enciphered under the file key of a designated storage media. The host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key under control of the host master key into a form which permits the operational key to be used for enciphering host data. The operational key enciphered under the file key of the designated storage media, as header information, together with the host data enciphered under the operational key is written on the storage media as an enciphered data file. When the data file is recovered, the host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key header information under control of the host master key into a form which permits the operational key to be used for deciphering the enciphered data file to obtain the file data in clear form.
-
公开(公告)号:CA1124810A
公开(公告)日:1982-06-01
申请号:CA316966
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR SINGLE DOMAIN NETWORKS A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations. At initialization time, a host-master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals. Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations. The host data security device, using the enciphered master key of the designated remote terminal, transforms the enciphered operational key under control of the host master key into a form in which the operational key is enciphered under the terminal master key of the designated remote terminal. The operational key enciphered under the terminal master key of the designated remote terminal is transmitted to the remote terminal to permit the enciphered operational key to be used at the remote terminal for enciphering or deciphering data operations. KI977007 -1-
-
公开(公告)号:CA1100588A
公开(公告)日:1981-05-05
申请号:CA275390
申请日:1977-03-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , MEYER CARL H , SMITH JOHN L , TUCHMAN WALTER L
Abstract: MESSAGE VERIFICATION AND TRANSMISSION ERROR DETECTION BY BLOCK CHAINING A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station. The sending station contains cryptographic apparatus operative in successive cycles of operation during each of which an input block of clear data bits is ciphered under control of an input set of cipher key bits to generate an output block of ciphered data bits for transmission to the receiving station. Included in the cryptographic apparatus of the sending station is means providing one of the inputs for each succeeding ciphering cycle of operation as a function of each preceding ciphering cycle of operation. As a result, each succeeding output block of ciphered data bits is effectively chained to all preceding cycles of operation of the cryptographic apparatus of the sending station and is a function of the corresponding input block of clear data -bits, all preceding input blocks of clear data bits and the initial input set of cipher key bits. KI9-74-013
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.015 seconds)
