公开(公告)号：DE69111556D1

公开(公告)日：1995-08-31

申请号：DE69111556

申请日：1991-09-25

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  MARTIN WILLIAM C ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/30 ,  H04L9/32

Abstract: A method and apparatus in a public cryptographic system, control the use of a public key, based on the level of integrity for the public key. The method and apparatus generate a control vector associated with the public key, having a first field. The public key and the control vector are transmitted from the location of generation over a communications link to a receiving location, using the selected one of a plurality of levels of integrity for the transmission. At the receiving location, the public key and the control vector are tested to determine the received level of integrity for the transmission. Then, a value is written into the first field of the control vector which characterizes the received level of integrity. Thereafter, cryptographic applications for the public key are limited by control vector checking, to only those applications which have a required level of integrity which is not greater than the received level of integrity characterized by the first field in the control vector.

公开(公告)号：CA769275A

公开(公告)日：1967-10-10

申请号：CA769275D

Applicant: IBM

Inventor： ROHLAND WILLIAM S

公开(公告)号：CA2071413A1

公开(公告)日：1993-05-01

申请号：CA2071413

申请日：1992-06-17

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  PRYMAK ROSTISLAW ,  MARTIN WILLIAM C ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F1/00 ,  G06F21/00 ,  H04L9/08 ,  H04L9/32

Abstract: Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. The certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signature dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.

公开(公告)号：CA2026739A1

公开(公告)日：1991-04-07

申请号：CA2026739

申请日：1990-10-02

Applicant: IBM

Inventor： ABRAHAM DENNIS G ,  ADEN STEVEN G ,  ARNOLD TODD W ,  NECKYFAROW STEVEN W ,  ROHLAND WILLIAM S

IPC: G06K19/073 ,  G06F12/12 ,  G06F21/00 ,  G06K17/00 ,  G07F7/10 ,  G11C5/00 ,  H04L9/32 ,  H04L29/06

Abstract: An improved security system is disclosed which uses especially an IC card to enhance the security functions involving component authentication, user verification, user authorization and access control, protection of message secrecy and integrity, management of cryptographic keys, and auditablity. Both the security method and the apparatus for embodying these functions across a total system or network using a common cryptographic architecture are disclosed. Authorization to perform these functions in the various security component device nodes in the network can be distributed to the various nodes at which they will be executed in order to personalize the use of the components.

公开(公告)号：CA726324A

公开(公告)日：1966-01-18

申请号：CA726324D

Applicant: IBM

Inventor： LOZIER WILLIAM B JR ,  ROHLAND WILLIAM S

公开(公告)号：CA645785A

公开(公告)日：1962-07-31

申请号：CA645785D

Applicant: IBM

Inventor： GREANIAS EVON C ,  ROHLAND WILLIAM S

公开(公告)号：CA596873A

公开(公告)日：1960-04-26

申请号：CA596873D

Applicant: IBM

Inventor： ROHLAND WILLIAM S ,  SOUTHARD CARL D ,  REYNOLDS ANDREW C JR ,  SHAFER ORVILLE B

公开(公告)号：DE69230489D1

公开(公告)日：2000-02-03

申请号：DE69230489

申请日：1992-09-11

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  PRYMAK ROSTISLAW ,  MARTIN WILLIAM C ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F1/00 ,  G06F21/00 ,  H04L9/08 ,  H04L9/32

Abstract: Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. The certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signature dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.

公开(公告)号：DE69230429D1

公开(公告)日：2000-01-20

申请号：DE69230429

申请日：1992-09-11

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  LE AN V ,  PRYMAK ROSTISLAW ,  MARTIN WILLIAM C ,  ROHLAND WILLIAM S ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/00 ,  H04L9/08

Abstract: A computer apparatus, program and method function in a data processing system to replicate a cryptographic facility. The system includes a first cryptographic facility containing a portable part which personalizes the first cryptographic facility. The system also includes a second cryptographic facility which is linked to the first cryptographic facility by a public key cryptographic system. The portable part of the first cryptographic facility is encrypted and transferred to the second cryptographic facility, where it is decrypted and used to personalize the second cryptographic facility to enable replication of the first cryptographic facility. In one application, personalization of the second cryptographic facility can be in response to the detection of a failure in the first cryptographic facility. In another application, multiple cryptographic facilities can be brought on-line for parallel operation in the data processing system.

公开(公告)号：CA2071413C

公开(公告)日：1999-01-05

申请号：CA2071413

申请日：1992-06-17

Applicant: IBM

Inventor： ROHLAND WILLIAM S ,  WILKINS JOHN D ,  JOHNSON DONALD B ,  LE AN V ,  MARTIN WILLIAM C ,  PRYMAK ROSTISLAW ,  MATYAS STEPHEN M

IPC: G09C1/00 ,  G06F1/00 ,  G06F21/00 ,  H04L9/08 ,  H04L9/32 ,  H04L9/30

Abstract: Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A s public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. The certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signature dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.