-
公开(公告)号:DE2558206A1
公开(公告)日:1976-09-09
申请号:DE2558206
申请日:1975-12-23
Applicant: IBM
-
公开(公告)号:CA1111563A
公开(公告)日:1981-10-27
申请号:CA324076
申请日:1979-03-23
Applicant: IBM
Inventor: MATYAS STEPHEN M , MEYER CARL H W
IPC: G06F21/20 , G06F21/00 , G06Q20/34 , G06Q20/38 , G06Q20/40 , G07F7/10 , H04L9/00 , H04L9/32 , G06F3/00
Abstract: Secure hardware is provided for cryptographically generating a verification pattern which is a function of a potential computer user's identity number, the potential computer user's separately entered password, and a stored test pattern. The test pattern for each authorised computer user is generated at a time when the physical security of the central computer and its data can be assured, such as in a physically guarded environment with no teleprocessing facilities operating. Secure hardware for generating verification patterns during authentication processing and for generating test patterns during the secure run is disclosed which uses a variation of the host computer master key to reduce risk of compromise of total system security. The use of a variant of the host master key prevents system programmers and/or computer operators from compromising the integrity of the authentication data base by, for example, interchanging entries and/or inserting new entries.
-
公开(公告)号:DE2715631A1
公开(公告)日:1977-11-03
申请号:DE2715631
申请日:1977-04-07
Applicant: IBM
Inventor: EHRSAM WILLIAM FRIEDRICH , MEYER CARL H W , SMITH JOHN LYNN , TUCHMAN WALTER LEONARD
Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.
-
公开(公告)号:CA1292790C
公开(公告)日:1991-12-03
申请号:CA566675
申请日:1988-05-12
Applicant: IBM
Inventor: MATYAS STEPHEN M JR , MEYER CARL H W , BRACHTL BRUNO O
Abstract: KI9-85-015 A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations is disclosed. A control value specifying the use of the cryptographic key is transmitted with a generated cryptographic key to at least two designated using stations one of which may be the generating station. Each of the generating and using stations have cryptographic facilities that securely store a master key. Two techniques are described for controlling the use of the cryptographic key. In the first, the key and the control value are authenticated via a special authentication code before use by the using station. In the second, the key and control value are coupled during key generation such that the key is recovered only if a correct control value is specified. In addition, two techniques are described for controlling who may use the cryptographic key. In the first, each using station has a unique secret transport key shared with the generating station which generates the key in such a way that it can be recovered or regenerated only by the designated using station possessing the correct secret transport key. In the second, secret transport keys are shared by pairs of using stations and cryptographic separation is achieved by using public or nonsecret values unique to each using station.
-
公开(公告)号:CA1121013A
公开(公告)日:1982-03-30
申请号:CA317142
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SAHULKA RICHARD J , TUCHMAN WALTER L
Abstract: A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
-
Patent Agency Ranking
公开(公告)号:FR2414232A1
公开(公告)日:1979-08-03
申请号:FR7836585
申请日:1978-12-20
Applicant: IBM
Inventor: MATYAS STEPHEN M , MEYER CARL H W , TUCHMAN WALTER L
Abstract: A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.
-
公开(公告)号:CA1149483A
公开(公告)日:1983-07-05
申请号:CA316965
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is transferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.
-
公开(公告)号:CA1127258A
公开(公告)日:1982-07-06
申请号:CA338886
申请日:1979-10-31
Applicant: IBM
Inventor: MATYAS STEPHEN M , MEYER CARL H W , TUCKERMANN LOUIS B III
Abstract: METHOD AND APPARATUS FOR ENCIPHERING BLOCKS WHICH SUCCEED SHORT BLOCKS IN A KEY-CONTROLLED BLOCK-CIPHER CRYPTOGRAPHIC SYSTEM A method and apparatus for providing improved error-recovery and cryptographic strength when enciphering blocks which succeed short blocks in a Key-Controlled Block-Cipher Cryptographic System with chaining. Beginning with a pre-existing current chaining value (Y), the system determines whether a current input block (X) of data to be encrypted is a full block or a short block. Both in the previous system and in proposed improvement, if the block is a full block, the system first combines the chaining value (V) with said full block (X) by a reversible operation such as exclusive-or and then block-enciphers the result of said exclusive-or under control of the user's cryptographic key (K) to produce an output cipher full block (Y); but if the block is a short block, of length Ls then the system first block-enciphers the current chaining value (V) under control of the user's key(K), producing a result W, and then combines the short block(X) 9 in a reversible operation, with the left-most portion, of length Ls, of W to produce an output cipher short block (Y), of length L . In either case, in the proposed improvement, the system then sets a new chaining value (V') for the system, as being equal to the terminal full block's length of the concatenation of the current chaining-value (V) with the Y0978-009
-
公开(公告)号:CA1124812A
公开(公告)日:1982-06-01
申请号:CA317109
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , HOLLIS LLOYD L , LENNON RICHARD E , MATYAS STEPHEN M , MEYER CARL H W , OSEAS JONATHAN , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems. Ki977009
-
公开(公告)号:FR2350011A1
公开(公告)日:1977-11-25
申请号:FR7705184
申请日:1977-02-18
Applicant: IBM
Inventor: EHRSAM WILLIAM F , MEYER CARL H W , SMITH JOHN L , TUCHMAN WALTER L
Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.
-
-
-
-
-
-
-
-
-
Search Results
13
records
(took 0.016 seconds)
