公开(公告)号：DE2861957D1

公开(公告)日：1982-09-02

申请号：DE2861957

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  HOLLIS LLOYD LEE ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  OSEAS JONATHAN ,  TUCHMAN WALTER LEONARD

IPC: H04L9/06 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L11/26 ,  H04L9/02

Abstract: This invention concerns a multiple domain data communication method and network. An embodiment of the invention provides communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system i, j, k and its associated resources of programs and communication terminals T. The host systems and communication terminals include data security devices 11, X each having a master key 13 which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the receives session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session may be established and cryptographic operations can proceed between the domains of the two host systems.

公开(公告)号：DE2862311D1

公开(公告)日：1983-10-06

申请号：DE2862311

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  SMITH JOHN LYNN ,  TUCHMAN WALTER LEONARD

IPC: H04L9/06 ,  G06F1/00 ,  G06F21/00 ,  G06F21/22 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  G06F13/00 ,  H04L9/02

公开(公告)号：DE2862042D1

公开(公告)日：1982-11-04

申请号：DE2862042

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  POWERS ROBERT LOWELL ,  PRENTICE PAUL NORMAN ,  SMITH JOHN LYNN ,  TUCHMAN WALTER LEONARD

IPC: H04L9/00 ,  G06F21/22 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/18 ,  H04L9/02

公开(公告)号：DE2861447D1

公开(公告)日：1982-02-11

申请号：DE2861447

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  SAHULKA RICHARD JOHN ,  TUCHMAN WALTER LEONARD

IPC: G06F3/06 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G07F7/10 ,  H04L9/14 ,  H04L9/18 ,  H04L9/02 ,  G06F13/00

Abstract: This invention concerns a method and apparatus for cryptographic data file security in multiple domain data processing systems. An embodiment of the invention provides a file security system for data files created at a first host system (j) in one domain and recovered at a second host system (k or l) in another domain of a multiple domain network. Each of the host systems contain a data security device (11) provided with multiple host master keys and capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the master keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained separately as a private file recovery key. When the data file is to be recovered at the second host system, the file recovery key is provided at the second host system and the second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.

公开(公告)号：DE2861422D1

公开(公告)日：1982-01-28

申请号：DE2861422

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  POWERS ROBERT LOWELL ,  PRENTICE PAUL NORMAN ,  SMITH JOHN LYNN ,  TUCHMAN WALTER LEONARD

IPC: G06F12/00 ,  G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L9/02

Abstract: The invention concerns a data processing terminal. … In an embodiment of the invention a data processing terminal coupled via a communication line to a remote host system includes data security device 11 which includes storage means 13 for storing a master cipher key, cryptographic apparatus 12 for performing cryptographic operations, and control means 14 for controlling the writing of a master cipher key into the storage means 13, controlling the transfer of the master cipher key to the cryptographic apparatus 12 and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means 13, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus 23 of the data security device 11 includes data storage means BR17 and DR22, a working key storage means 20, and cipher means 25 for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the storage means 20, the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the working key storage means 20 for use as a working cipher key in performing a cipher function. A decipher key function also can be performed whereby the master cipher key from 13 is transferred to the working key storage means 20 as a working cipher key after which an operational key enciphered under the master cipher key (received from the remote host system) is transferred to the cryptographic apparatus storage means and the control means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions by the cipher means 25.

公开(公告)号：DE2715631A1

公开(公告)日：1977-11-03

申请号：DE2715631

申请日：1977-04-07

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  MEYER CARL H W ,  SMITH JOHN LYNN ,  TUCHMAN WALTER LEONARD

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06 ,  H04L12/22 ,  H04L9/02

Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.