公开(公告)号：JPH07202878A

公开(公告)日：1995-08-04

申请号：JP20840692

申请日：1992-07-13

Applicant: IBM

Inventor： SUTEIIBUN EMU MATEIASU ,  DONARUDO BII JIYONSON ,  AN BUI RI ,  UIRIAMU SHII MAACHIN ,  ROSUCHISUROO PURIMAKU ,  UIRIAMU ESU ROORANDO ,  JIYON DEII UIRUKINZU

IPC: G06F21/20 ,  G06F9/30 ,  G09C1/00 ,  H04L9/08 ,  H04L9/06 ,  H04L9/14

Abstract: PURPOSE: To improve a data encryption algaritlon(DEA) key distribution method using a public key encryption system. CONSTITUTION: In order to prepare encryption variables for a key K to be sent from an encryption facility 30 to a receiving encryption facility, the key K is accessed from an encryption variable extracting means 40 and applied to a connection means 42. Control information is similarly accessed and applied to the means 42. The means 42 forms a key block 80 by combining the key K, a control vector and an environment identifier and applies the key block 80 to a PKA encryption means 44. The public key is accessed by the means 40 and applied to the key input of the means 44. An encryption key block 85 is formed from the key block 80 for transmission.

公开(公告)号：JPH0793148A

公开(公告)日：1995-04-07

申请号：JP21051093

申请日：1993-08-25

Applicant: IBM

Inventor： BAANAADO JIEE HARUTAA ,  ARUFUONSO EMU BURATSUKO ,  DONARUDO BII JIYONSON ,  AN BUI RI ,  SUTEFUAN EMU MATOYASU ,  ROTEISUROU PURIMATSUKU ,  JIEEMUSU DEII RANDOORU ,  JIYON DEII UIRUKINSU

IPC: G06F9/445 ,  G06F1/00 ,  G06F12/14 ,  G06F13/00 ,  G06F21/00 ,  G06F21/20 ,  G06F21/22 ,  G06F21/24 ,  G09C1/00 ,  H04L9/08 ,  G06F9/06 ,  G06F15/00

Abstract: PURPOSE: To provide a software distribution system whose safety protection function is enriched. CONSTITUTION: In a software distribution processor 10, respective plural software files are respectively ciphered by using file ciphering keys corresponding to them and then recorded on a CD-ROM for instance. In the case that a user processor 20 requires the execution of a specified software tile, a request is sent from the user processor 20 to the software distribution processor 10. In response to the request, the ciphered file ciphering key corresponding to the file in the request is returned to the user processor 20. In this case, the user processor 20 can decipher only the requested file on the CD-ROM. The other files on the CD-ROM are kept in a ciphered form as they are, and even when the file ciphering key received from the software distribution processor 10 is used, the files can not be deciphered.

公开(公告)号：JPH05224604A

公开(公告)日：1993-09-03

申请号：JP23128492

申请日：1992-08-06

Applicant: IBM

Inventor： SUTEIIBUN EMU MATEIASU ,  DONARUDO BII JIYONSON ,  AN BUI RI ,  UIRIAMU SHII MAATEIN ,  ROSUTEISUROO PURIMAKU ,  JIYON DEII UIRUKINZU

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/08 ,  H04L9/30

Abstract: PURPOSE: To make a user port public and private keys from a certain cipher system to another cipher system and improve security protection, by generating a pair of the public key and the private key from a path phrase first. CONSTITUTION: This device is provided with a cipher facility 30, a cipher key data set 32, a ciphering mechanism access program 24 and an application program 36. Then, the first pair of the public key and the private key is generated by using a first seed value known to the user and a first control vector for defining the first private use of the first pair of the public key and the private key is generated. Then, the second pair of the public key and the private key is generated by using a second seed value known to the user and a second control vector for defining the second private use of the second pair of the public key and the private key is generated. Then, the private use of the first pair of the public key and the private key is controlled by using the first control vector and the private use of the second pair of the public key and the private key is controlled by using the second control vector.

公开(公告)号：JPH02300784A

公开(公告)日：1990-12-12

申请号：JP11066090

申请日：1990-04-27

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIYUUZU ,  DENIIIZU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMETSUSHIYU KEI KAAN ,  AN BUI RI ,  PATORITSUKU JIEI MAKUKOOMATSUK ,  ROSUTEISUROO PURAIMATSUKU ,  JIYON DEII UIRUKINZU

IPC: G09C1/00 ,  G06F9/30 ,  G07B17/00 ,  H04L9/08

Abstract: PURPOSE: To obtain a cryptographic key managing method excellent in security protection of a cipher by inspecting the first and second fields of a candidate control vector so as to allow the restoration of the cryptographic key only when the execution of a ciphering function is permitted. CONSTITUTION: A first control vector inspecting means receives the first part of a related control vector, judges whether the execution of the ciphering function is permitted by using the cryptographic key and outputs a first permission signal. A second control vector inspecting means receives the second part of the related control vector, judges whether the execution of the ciphering function is permitted by using the cryptographic key and outputs a second permission signal. A cipher processing means starts the execution of the ciphering function by using cryptographic key in response to the first and second permission signals. Thereby a managing means excellent in the security protection and the maintainability of ciphers.

公开(公告)号：JPH04240888A

公开(公告)日：1992-08-28

申请号：JP15963291

申请日：1991-06-04

Applicant: IBM

Inventor： DONARUDO BII JIYONSON ,  AN BUI RI ,  SUTEIIBUN EMU MATOYASU ,  ROSUCHISURAU PURIMAKU ,  JIYON DEII UIRUKINSU

IPC: G09C1/00 ,  G06F12/14 ,  H04L9/00 ,  H04L9/08

Abstract: PURPOSE: To improve the security of control vector enforcement by generating, taking out or selecting a control vector within the security boundary of a ciphering facility. CONSTITUTION: An instruction storing means 94 includes a storage means for a group of executable routines and each routine includes a code necessary for processing one ciphering facility instruction. The instruction processor 96 of a cipher conversion means 36 fetches a routine code from the instruction storage means 94 corresponding to an optional code 50 received from an information selecting means through a channel 42 and executes it. The instruction processor 96 fetches a proper executable code through a processing parameter 52 from input information selected through the channel 42.

公开(公告)号：JPH02101491A

公开(公告)日：1990-04-13

申请号：JP21080289

申请日：1989-08-17

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  JIYURIAN TOOMASU ,  JIYON DEII UIRUKINZU ,  FUIRII SHIII JIEI

IPC: G09C1/00 ,  H04L9/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/32

Abstract: PURPOSE: To completely cipher a part of data and to cause a permitted receiver to decode the other part by combining control vectors giving the permission of the use of a data ciphering key and a key that the transmitter of the key intends for the ciphering of data. CONSTITUTION: A cipher mechanism 4 is characterized by a safety protection boundary 6. An example for restoring the cipher key from a cipher key storage mechanism 22 is to permit a control vector inspection mechanism 14 to output a permission signal for restoring the cipher key to a cipher processing mechanism 16 through a line 20 when a cipher instruction storage device receives a cipher service request obtaining the restoration of the cipher key through an input/output route 8. Thus, the cipher processing mechanism 16 receives the cipher key ciphered from the cipher key storage mechanism 22 in response to the permission key in the line 20 and restores the cipher key ciphered under a stored key being the AND of a related control vector and a master key stored in a master key storage mechanism 18.

公开(公告)号：JPH02106787A

公开(公告)日：1990-04-18

申请号：JP20711489

申请日：1989-08-11

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  UIRIAMU SHIII AANORUDO ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  SUTEIBU AARU HOWAITO ,  JIYON DEII UIRUKINZU

IPC: G09C1/00 ,  H04L9/08

Abstract: PURPOSE: To improve the management of a cipher key by forming a cipher by means of connecting it to a key in accordance with a ciphering procedure and preventing the key from being ciphered only when a control vector is precisely applied to cipher hardware. CONSTITUTION: A 64 bits key K is ciphered with the key ciphering key KK (constituted of 64 bits on the left half named as KKL and 64 bits on the right half named as KKR) of 128 bits and the 64 bits control vector C of a register 40'. In such a case, a register 46L exclusively OR-operates CL of a register 40L and KKL of a register 42L and sets KKL+CL. A register 46 exclusively OR-operates CR of a register 40R and KKR of a register 42R and sets KKL +CR. Namely, a method for using C where the left half bit part and the right half bit part are equal and the 64 bits control vector is obtained by reducing the method for using a 128 bits control vector. Thus, the control vector is doubled and the newly improved cipher can be obtained. Then, the improved method of cipher key management can be obtained.

公开(公告)号：JPH02105192A

公开(公告)日：1990-04-17

申请号：JP21154689

申请日：1989-08-18

Applicant: IBM

Inventor： SUTEIBUN EMU MATEIISU ,  DENIIZU JIII ABARAHAMU ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROOSUTEISUROO PURAIMAKU ,  JIYURIAN TOOMASU ,  JIYON DEII UIRUKINZU ,  FUIRU SHIII II ,  RONARUDO EMU SUMISU

IPC: G09C1/00 ,  G07F7/10 ,  H04L9/00 ,  H04L9/32

Abstract: PURPOSE: To provide a flexible method for key-connecting a format, use and processing permission by correlating a control vector permitting key use, which the setter of the key intends, to the generation key of a personal identification number(PIN) and the ciphering key of PIN. CONSTITUTION: Restriction for the permission of the related key is contained in use designated by the control vector with several PIN processing instructions such as the generation, verification and conversion of PIN and PIN block generation. The control vector restricts the permission of the several instructions for processing clear sentence PIN input at the time of PIN verification and the like. Furthermore, the control vector identifies the PIN processing for specified PIN format or specified processing algorithm and contains information for restriction according to circumstances. Thus, the flexible method for connecting the format, use and processing permission to the key is obtained by introducing such control vector.

公开(公告)号：JPH0299984A

公开(公告)日：1990-04-11

申请号：JP20711289

申请日：1989-08-11

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  JIYURIAN TOOMASU ,  JIYON DEII UIRUKINZU ,  FUIRII SHIII JIEI

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/32

Abstract: PURPOSE: To protect the cipher function and the safety of a stored or distributed key by permitting a cipher instruction storage device to execute a key management function with a cipher key, permitting a control vector inspection means to judge that the key management function is permitted, and permitting a cipher processing means to execute the requested key management function with the cipher key. CONSTITUTION: When a cipher instruction storage mechanism 10 receives a cipher service request for obtaining the restoration of the cipher key from a cipher key storage mechanism 22, the control vector inspection mechanism 14 outputs a permission signal showing that the function for restoring the cipher key is permitted to the cipher processing mechanism 16 through a line 20. Then, the cipher processing mechanism 16 receives the cipher key ciphered from the cipher key storage mechanism 22 and operates not to cipher the cipher key ciphered under a stored key being AND with a related control vector and a master key stored in a master key storage mechanism 18. Thus, practical and highly flexible key management technology can be obtained.