-
公开(公告)号:DE69328334D1
公开(公告)日:2000-05-18
申请号:DE69328334
申请日:1993-09-08
Applicant: IBM
Inventor: ELANDER ROBERT C , HOLLOWAY CHRISTOPHER J , JOHNSON DONALD B , KELLY MICHAEL J , LE AN V , LUBOLD PAUL G , MATYAS STEPHEN M , RANDALL JAMES D , WILKINS JOHN D
Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.
-
公开(公告)号:DE69328334T2
公开(公告)日:2000-10-19
申请号:DE69328334
申请日:1993-09-08
Applicant: IBM
Inventor: ELANDER ROBERT C , HOLLOWAY CHRISTOPHER J , JOHNSON DONALD B , KELLY MICHAEL J , LE AN V , LUBOLD PAUL G , MATYAS STEPHEN M , RANDALL JAMES D , WILKINS JOHN D
Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.
-
公开(公告)号:CA1149483A
公开(公告)日:1983-07-05
申请号:CA316965
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is transferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.
-
公开(公告)号:CA1124812A
公开(公告)日:1982-06-01
申请号:CA317109
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , HOLLIS LLOYD L , LENNON RICHARD E , MATYAS STEPHEN M , MEYER CARL H W , OSEAS JONATHAN , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems. Ki977009
-
公开(公告)号:CA2100234C
公开(公告)日:1999-01-19
申请号:CA2100234
申请日:1993-07-09
Applicant: IBM
Inventor: ELANDER ROBERT C , HOLLOWAY CHRISTOPHER J , JOHNSON DONALD B , RANDALL JAMES D , WILKINS JOHN D , KELLY MICHAEL J , LE AN V , LUBOLD PAUL G , MATYAS STEPHEN M
Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.
-
公开(公告)号:CA1121013A
公开(公告)日:1982-03-30
申请号:CA317142
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SAHULKA RICHARD J , TUCHMAN WALTER L
Abstract: A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.
-
公开(公告)号:CA2100234A1
公开(公告)日:1994-04-17
申请号:CA2100234
申请日:1993-07-09
Applicant: IBM
Inventor: ELANDER ROBERT C , HOLLOWAY CHRISTOPHER J , JOHNSON DONALD B , KELLY MICHAEL J , LE AN V , LUBOLD PAUL G , MATYAS STEPHEN M , RANDALL JAMES D , WILKINS JOHN D
Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.
-
公开(公告)号:CA1124811A
公开(公告)日:1982-06-01
申请号:CA316967
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , SMITH JOHN L , TUCHMAN WALTER L
IPC: H04L9/06 , G06F1/00 , G06F21/00 , G06F21/22 , G09C1/00 , H04L9/08 , H04L9/14 , H04L9/18 , H04L9/02
Abstract: A file security system for data files associated with a host data processing system. The host system includes a data security device which contains a secure host master key and is capable of performing a variety of cryptographic operations. At initialization time, the host system generates a series of file keys for the associated storage media and protects them by enciphering the file keys under a variant of the host master key. When a data file is to be created, a random number is generated and defined as an operational key enciphered under the file key of a designated storage media. The host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key under control of the host master key into a form which permits the operational key to be used for enciphering host data. The operational key enciphered under the file key of the designated storage media, as header information, together with the host data enciphered under the operational key is written on the storage media as an enciphered data file. When the data file is recovered, the host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key header information under control of the host master key into a form which permits the operational key to be used for deciphering the enciphered data file to obtain the file data in clear form.
-
公开(公告)号:CA1124810A
公开(公告)日:1982-06-01
申请号:CA316966
申请日:1978-11-28
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , MATYAS STEPHEN M , MEYER CARL H W , POWERS ROBERT L , PRENTICE PAUL N , SMITH JOHN L , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR SINGLE DOMAIN NETWORKS A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations. At initialization time, a host-master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals. Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations. The host data security device, using the enciphered master key of the designated remote terminal, transforms the enciphered operational key under control of the host master key into a form in which the operational key is enciphered under the terminal master key of the designated remote terminal. The operational key enciphered under the terminal master key of the designated remote terminal is transmitted to the remote terminal to permit the enciphered operational key to be used at the remote terminal for enciphering or deciphering data operations. KI977007 -1-
-
-
-
-
-
-
-
-