-
公开(公告)号:DE2862042D1
公开(公告)日:1982-11-04
申请号:DE2862042
申请日:1978-12-05
Applicant: IBM
-
公开(公告)号:DE2861447D1
公开(公告)日:1982-02-11
申请号:DE2861447
申请日:1978-12-05
Applicant: IBM
Inventor: EHRSAM WILLIAM FRIEDRICH , ELANDER ROBERT CARL , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM , SAHULKA RICHARD JOHN , TUCHMAN WALTER LEONARD
IPC: G06F3/06 , G06F1/00 , G06F12/00 , G06F21/00 , G07F7/10 , H04L9/14 , H04L9/18 , H04L9/02 , G06F13/00
Abstract: This invention concerns a method and apparatus for cryptographic data file security in multiple domain data processing systems. An embodiment of the invention provides a file security system for data files created at a first host system (j) in one domain and recovered at a second host system (k or l) in another domain of a multiple domain network. Each of the host systems contain a data security device (11) provided with multiple host master keys and capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the master keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained separately as a private file recovery key. When the data file is to be recovered at the second host system, the file recovery key is provided at the second host system and the second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
-
公开(公告)号:DE2861422D1
公开(公告)日:1982-01-28
申请号:DE2861422
申请日:1978-12-05
Applicant: IBM
Inventor: EHRSAM WILLIAM FRIEDRICH , ELANDER ROBERT CARL , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ WILHELM , POWERS ROBERT LOWELL , PRENTICE PAUL NORMAN , SMITH JOHN LYNN , TUCHMAN WALTER LEONARD
Abstract: The invention concerns a data processing terminal. … In an embodiment of the invention a data processing terminal coupled via a communication line to a remote host system includes data security device 11 which includes storage means 13 for storing a master cipher key, cryptographic apparatus 12 for performing cryptographic operations, and control means 14 for controlling the writing of a master cipher key into the storage means 13, controlling the transfer of the master cipher key to the cryptographic apparatus 12 and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means 13, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus 23 of the data security device 11 includes data storage means BR17 and DR22, a working key storage means 20, and cipher means 25 for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the storage means 20, the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the working key storage means 20 for use as a working cipher key in performing a cipher function. A decipher key function also can be performed whereby the master cipher key from 13 is transferred to the working key storage means 20 as a working cipher key after which an operational key enciphered under the master cipher key (received from the remote host system) is transferred to the cryptographic apparatus storage means and the control means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions by the cipher means 25.
-
公开(公告)号:CZ300144B6
公开(公告)日:2009-02-25
申请号:CZ20012673
申请日:2000-01-26
Applicant: IBM
Inventor: MATYAS STEPHEN MICHAEL , PEYRAVIAN MOHAMMAD
Abstract: Klícove závislé vzorkování biometrické charakteristiky se provádí na klientovi (110), aby se tak vytvorily klícove závislé biometrické datové vzorky.Klícove závislé biometrické datové vzorky se potom prenesou z klienta (110) na server (112). Ovzorkováním biometrických charakteristik na klientu (110) klícove závislým zpusobem mohou být klícove závislé biometrické datové vzorky prenášeny z klienta(110) na server (112) bez potreby prídavného šifrování a/nebo podepisování. Klíc se prednostne prenáší ze serveru (112) na klienta (110). Klíc se potom použije k provedení klícove závislého vzorkování biometrické charakteristiky na klientovi (110). Klícove závislé vzorkování muže být provedeno vzorkováním biometrické charakteristiky na vzorkovacímkmitoctu, který je funkcí klíce. Alternativne lzeklíc aplikovat na vzorkovaná biometrická data, címž se vytvorí klícove závislé biometrické datové vzorky, které jsou funkcí klíce. Klíc se prednostnepoužije k provedení nelineárního klícove závislého vzorkování biometrické charakteristiky na klientovi (110), napríklad s použitím klíce k urcení vzorkovacího kmitoctu a také s použitím klíce k aplikaci nelineární funkce na vzorkovaná biometrická data. Není nutné provádet další šifrování biometrických dat a/nebo používat podpis s biometrickými daty. Rešení se dále týká systému klienta (110) pro bezpecný prenos biometrických datových vzorku, systému serveru (112) pro zpracování biometrických data produktu pocítacového programu pro bezpecný prenos biometrických dat.
-
Patent Agency Ranking
公开(公告)号:AU3822595A
公开(公告)日:1996-12-18
申请号:AU3822595
申请日:1995-05-30
Applicant: IBM
Inventor: HOLLOWAY CHRISTOPHER JAMES , MATYAS STEPHEN MICHAEL
IPC: H04L9/08
-
公开(公告)号:DE3682309D1
公开(公告)日:1991-12-12
申请号:DE3682309
申请日:1986-03-21
Applicant: IBM
Inventor: BASS WALTER ERNST , MATYAS STEPHEN MICHAEL , OSEAS JONATHAN NMN
Abstract: A method for authenticating nodes/users and in protecting .data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.
-
公开(公告)号:DE3481739D1
公开(公告)日:1990-04-26
申请号:DE3481739
申请日:1984-08-29
Applicant: IBM DEUTSCHLAND
Inventor: BRACHTL BRUNO , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM , OSEAS JONATHAN
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
-
-
-
-
-
Search Results
29
records
(took 0.019 seconds)
