公开(公告)号：DE69119290D1

公开(公告)日：1996-06-13

申请号：DE69119290

申请日：1991-02-26

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  MARTIN WILLIAM CARL ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G06F21/22 ,  G09C1/00 ,  H04L9/08 ,  H04L9/32

公开(公告)号：CA2100234A1

公开(公告)日：1994-04-17

申请号：CA2100234

申请日：1993-07-09

Applicant: IBM

Inventor： ELANDER ROBERT C ,  HOLLOWAY CHRISTOPHER J ,  JOHNSON DONALD B ,  KELLY MICHAEL J ,  LE AN V ,  LUBOLD PAUL G ,  MATYAS STEPHEN M ,  RANDALL JAMES D ,  WILKINS JOHN D

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/30 ,  G09C5/00

Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.

公开(公告)号：CA2071413A1

公开(公告)日：1993-05-01

申请号：CA2071413

申请日：1992-06-17

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  PRYMAK ROSTISLAW ,  MARTIN WILLIAM C ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F1/00 ,  G06F21/00 ,  H04L9/08 ,  H04L9/32

Abstract: Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. The certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signature dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.

公开(公告)号：CA2036858A1

公开(公告)日：1991-10-10

申请号：CA2036858

申请日：1991-02-21

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  MARTIN WILLIAM C ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G06F21/22 ,  G09C1/00 ,  H04L9/08 ,  G06F9/445 ,  G06F9/00 ,  G06F9/44

公开(公告)号：DE69328334T2

公开(公告)日：2000-10-19

申请号：DE69328334

申请日：1993-09-08

Applicant: IBM

Inventor： ELANDER ROBERT C ,  HOLLOWAY CHRISTOPHER J ,  JOHNSON DONALD B ,  KELLY MICHAEL J ,  LE AN V ,  LUBOLD PAUL G ,  MATYAS STEPHEN M ,  RANDALL JAMES D ,  WILKINS JOHN D

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08

Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.

公开(公告)号：DE69130658D1

公开(公告)日：1999-02-04

申请号：DE69130658

申请日：1991-06-18

Applicant: IBM

Inventor： JOHNSON DONALD B ,  LE AN V ,  MATYAS STEPHEN M ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F12/14 ,  H04L9/00 ,  H04L9/08

公开(公告)号：DE69217428D1

公开(公告)日：1997-03-27

申请号：DE69217428

申请日：1992-07-10

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  MARTIN WILLIAM C ,  PRYMAK ROSTISLAW ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G06F21/20 ,  G06F9/30 ,  G09C1/00 ,  H04L9/08

Abstract: The patent describes a method and apparatus for securely distributing an initial Data Encryption Algorithm (DEA) key-encrypting key by encrypting a key record (consisting of the key-encrypting key and control information associated with that key-encrypting key) using a public key algorithm and a public key belonging to the intended recipient of the key record. The patent further describes a method and apparatus for securely recovering the distributed key-encrypting key by the recipient by decrypting the received key record using the same public key algorithm and private key associated with the public key and re-encrypting the key-encrypting key under a key formed by arithmetically combining the recipient's master key with a control vector contained in the control information of the received key record. Thus the type and usage attributes assigned by the originator of the key-encrypting key in the form of a control vector are cryptographically coupled to the key-encrypting key such that the recipient may only use the received key-encrypting key in a manner defined by the key originator. The patent further describes a method and apparatus to improve the integrity of the key distribution process by applying a digital signature to the key record and by including identifying information (i.e., an originator identifier) in the control information of the key record. The integrity of the distribution process is enhanced by verifying the digital signature and originator identifier at the recipient node.

公开(公告)号：DE68926076T2

公开(公告)日：1996-11-14

申请号：DE68926076

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  ARNOLD WILLIAM C ,  WHITE STEVE R ,  WILKINS JOHN D ,  YEH PHIL C ,  THOMAS JULIAN

IPC: H04L9/08

公开(公告)号：DE68926076D1

公开(公告)日：1996-05-02

申请号：DE68926076

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  ARNOLD WILLIAM C ,  WHITE STEVE R ,  WILKINS JOHN D ,  YEH PHIL C ,  THOMAS JULIAN

IPC: H04L9/08

公开(公告)号：DE69019593T2

公开(公告)日：1996-01-25

申请号：DE69019593

申请日：1990-03-28

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  MCCORMACK PATRICK J ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F9/30 ,  G07B17/00 ,  H04L9/08 ,  G07F7/10 ,  H04L9/32