-
41.发明专利
公开(公告)号:CA2071771A1
公开(公告)日:1993-05-01
申请号:CA2071771
申请日:1992-06-22
Applicant: IBM
Inventor: MATYAS STEPHEN M , JOHNSON DONALD B , LE AN V , PRYMAK ROSTISLAW , MARTIN WILLIAM C , ROHLAND WILLIAM S , WILKINS JOHN D
Abstract: CRYPTOGRAPHIC FACILITY ENVIRONMENT BACKUP/RESTORE AND REPLICATION IN A PUBLIC KEY CRYPTOSYSTEM A computer apparatus, program and method function in a data processing system to replicate a cryptographic facility. The system includes a first cryptographic facility containing a portable part which personalizes the first cryptographic facility. The system also includes a second cryptographic facility which is linked to the first cryptographic facility by a public key cryptographic system. The portable part of the first cryptographic facility is encrypted and transferred to the second cryptographic facility, where it is decrypted and used to personalize the second cryptographic facility to enable replication of the first cryptographic facility. In one application, personalization of the second cryptographic facility can be in response to the detection of a failure in the first cryptographic facility. In another application, multiple cryptographic facilities can be brought on-line for parallel operation in the data processing system.
-
公开(公告)号:CA2075329A1
公开(公告)日:1993-03-28
申请号:CA2075329
申请日:1992-08-05
Applicant: IBM
Inventor: MATYAS STEPHEN M , JOHNSON DONALD B , LE AN V , PRYMAK ROSTISLAW , MARTIN WILLIAM C , ROHLAND WILLIAM S , WILKINS JOHN D
Abstract: A data processing system, method and program are disclosed, for managing a public key cryptographic system. The method includes the steps of generating a first public key and a first private key as a first pair in the data processing system, for use with a first public key algorithm and further generating a second public key and a second private key as a second pair in the data processing system, for use with a second public key algorithm. The method then continues by assigning a private control vector for the first private key and the second private key in the data processing system, for defining permitted uses for the first and second private keys. Then the method continues by forming a private key record which includes the first private key and the second private key in the data processing system, and encrypting the private key record under a first master key expression which is a function of the private control vector. The method then forms a private key token which includes the private control vector and the private key record, and stores the private key token in the data processing system. At a later time, the method receives a first key use request in the data processing system, requiring the first public key algorithm. In response to this, the method continues by accessing the private key token in the data processing system and checking the private control vector to determine if the private key record contains a key having permitted uses which will satisfy the first request. The method then decrypts the private key record under the first master key expression in the data processing system and extracts the first private key from the private key record. The method selects the first public key algorithm in the data processing system for the first key use request and executes the first public key algorithm in the data processing system using the first private key to perform a cryptographic operation to satisfy the first key use request.
-
公开(公告)号:CA2007409A1
公开(公告)日:1990-10-27
申请号:CA2007409
申请日:1990-01-09
Applicant: IBM
Inventor: MATYAS STEPHEN M , ABRAHAM DENNIS G , JOHNSON DONALD B , KARNE RAMESH K , LE AN V , MCCORMACK PATRICK J , PRYMAK ROSTISLAW , WILKINS JOHN D
-
公开(公告)号:CA1249865A
公开(公告)日:1989-02-07
申请号:CA504803
申请日:1986-03-24
Applicant: IBM
Inventor: BASS WALTER E , MATYAS STEPHEN M , OSEAS JONATHAN
Abstract: A METHOD FOR ESTABLISHING USER AUTHENTICATION WITH COMPOSITE SESSION KEYS AMONG CRYPTOGRAPHICALLY COMMUNICATING NODES of the Invention A method for authenticating nodes/users and in protecting data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.
-
公开(公告)号:CA1166712A
公开(公告)日:1984-05-01
申请号:CA380298
申请日:1981-06-22
Applicant: IBM
Inventor: MATYAS STEPHEN M , MEYER CARL H
Abstract: CRYPTOGRAPHIC SYSTEM USING MULTIPLE ENCIPHERMENT Multiple encipherment under the DES algorithm is performed in three steps as an encipher/ decipher/ encipher sequence that gives the increased security of a longer key. The steps each use one of two keys of conventional length. When the two keys are the same, the operation is identical to a single encipherment under one key, and input quantities thus enciphered can be sent to a cryptographic facility that has only a single encipherment capability. The invention maintains compatability between users of multiple encipherment devices and users of single encipherment devices. The invention is particularly useful for enciphering keys and a detailed method and apparatus for this application is described.
-
Patent Agency Ranking
公开(公告)号:CA1121013A
公开(公告)日:1982-03-30
申请号:CA317142
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SAHULKA RICHARD J , TUCHMAN WALTER L
Abstract: A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
-
公开(公告)号:FR2414232A1
公开(公告)日:1979-08-03
申请号:FR7836585
申请日:1978-12-20
Applicant: IBM
Inventor: MATYAS STEPHEN M , MEYER CARL H W , TUCHMAN WALTER L
Abstract: A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.
-
公开(公告)号:DE19652295B4
公开(公告)日:2009-05-14
申请号:DE19652295
申请日:1996-12-16
Applicant: IBM
Inventor: KAUFMAN CHARLES W , OZZIE RAYMOND E , MATYAS STEPHEN M
Abstract: PROBLEM TO BE SOLVED: To obtain a ciphering system capable of safe communication by deciding a first partial key by means of an authorized person or a corporation and supplying information for enabling the decoding of a ciphered message by means of the acquirement of the first partial key. SOLUTION: The secret key is a random number and is generated at every message in ST10 so as to cipher the message in ST12. The one-way hash of the secret key is generated in ST14 in order to facilitate a suitable section work quantity system. The secret key and a salt are ciphered through the use of the open key of a prescribed receiver. The secret key is divided into at least two partial keys in ST18 so as to permit the authorized person or the corporation to decode the message. The partial keys, the hashed and the whole or a part of solts are ciphered by using the open key in ST20. The ciphered value is transmitted to the receiver together with the ciphered message and the ciphering secret key in ST22. The receiver decodes the ciphering secret key where the secret key is used in ST24.
-
公开(公告)号:DE69521977T2
公开(公告)日:2002-04-04
申请号:DE69521977
申请日:1995-11-28
Applicant: IBM
Inventor: HERZBERG AMIR , KRAWCZYK HUGO M , KUTTEN SHAY , VAN LE AN , MATYAS STEPHEN M , YUNG MARCEL M
Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
公开(公告)号:DE69230489T2
公开(公告)日:2000-06-15
申请号:DE69230489
申请日:1992-09-11
Applicant: IBM
Inventor: MATYAS STEPHEN M , JOHNSON DONALD B , LE AN V , PRYMAK ROSTISLAW , MARTIN WILLIAM C , ROHLAND WILLIAM S , WILKINS JOHN D
Abstract: Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. The certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signature dSigPRC on a representation of device A's public key PUMa, using the certification center's private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A's privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.
-
-
-
-
-
-
-
-
-
Search Results
61
records
(took 0.017 seconds)
