公开(公告)号：CA1292790C

公开(公告)日：1991-12-03

申请号：CA566675

申请日：1988-05-12

Applicant: IBM

Inventor： MATYAS STEPHEN M JR ,  MEYER CARL H W ,  BRACHTL BRUNO O

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/00

Abstract: KI9-85-015 A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations is disclosed. A control value specifying the use of the cryptographic key is transmitted with a generated cryptographic key to at least two designated using stations one of which may be the generating station. Each of the generating and using stations have cryptographic facilities that securely store a master key. Two techniques are described for controlling the use of the cryptographic key. In the first, the key and the control value are authenticated via a special authentication code before use by the using station. In the second, the key and control value are coupled during key generation such that the key is recovered only if a correct control value is specified. In addition, two techniques are described for controlling who may use the cryptographic key. In the first, each using station has a unique secret transport key shared with the generating station which generates the key in such a way that it can be recovered or regenerated only by the designated using station possessing the correct secret transport key. In the second, secret transport keys are shared by pairs of using stations and cryptographic separation is achieved by using public or nonsecret values unique to each using station.