公开(公告)号：CA2007409C

公开(公告)日：1998-10-06

申请号：CA2007409

申请日：1990-01-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D ,  MCCORMACK PATRICK J ,  LE AN V

IPC: G06F9/00 ,  G06F9/46

Abstract: An apparatus and method are disclosed for validating that a cryptographic function requested to be performed with a cryptographic key has been authorized by the originator of the key. The invention is used in a data processing system which processes cryptographic service requests for the performance of cryptographic functions with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator to perform. The invention includes a cryptographic facility characterized by a secure boundary through which passes an I/O path for receiving a cryptographic key and its associated control vector, and for providing a response thereto, there being included within the boundary a cryptographic processing means coupled to the I/O path and a master key storage coupled to the processing means, for providing a secure location to execute a cryptographic function with the cryptographic key. In accordance with the invention, a first control vector checking means has an input to receive at least a first portion of the associated control vector and to receive a cryptographic service request to perform the cryptographic function with the cryptographic key, for performing a first check of the first portion of the associated control vector to determine if the cryptographic function is authorized to be performed by the cryptographic key. The first control vector checking means has a first authorization output coupled to the cryptographic processing means, for outputting a first authorization signal that the cryptographic function is authorized to be performed by the cryptographic key. Further in accordance with the invention, a second control vector checking means has an input to receive at least a second portion of the associated control vector and to receive a cryptographic service request to perform the cryptographic function with the cryptographic key, for performing a second check of the second portion of the associated control vector to determine if the cryptographic function is authorized to be performed by the cryptographic key. The second control vector checking means has a second authorization output coupled to the cryptographic processing means, for outputting a second authorization signal that the cryptographic function is authorized to be performed by the cryptographic key. The cryptographic processing means initiates the execution of the cryptographic function with the cryptographic key in response to receiving the first and second authorization signals. In this manner, distributed control vector checking operations are enabled for multiprocessing, remote terminal, smart card and multiprogramming applications.

公开(公告)号：DE68926200D1

公开(公告)日：1996-05-15

申请号：DE68926200

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C

IPC: G06F9/30 ,  G06F9/302 ,  G06F9/38 ,  H04L9/00

公开(公告)号：CA2007409A1

公开(公告)日：1990-10-27

申请号：CA2007409

申请日：1990-01-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  MCCORMACK PATRICK J ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G06F9/00 ,  G06F9/46

公开(公告)号：DE68926200T2

公开(公告)日：1996-10-17

申请号：DE68926200

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C

IPC: G06F9/30 ,  G06F9/302 ,  G06F9/38 ,  H04L9/00

公开(公告)号：DE68926005D1

公开(公告)日：1996-04-25

申请号：DE68926005

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C ,  SMITH RONALD M ,  WHITE STEVE R ,  ARNOLD WILLIAM C

IPC: G07F7/10 ,  H04L9/00 ,  H04L9/08 ,  H04L9/32

Abstract: Arrangements are disclosed for validating that key management functions requested for a cryptographic key by the program have been authorised by the originator of the key. The invention includes a cryptographic facility characterised by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorises the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorisation output connected to an input of the cryptographic processing means, for signalling that the key management function is authorised, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.

公开(公告)号：CA1317677C

公开(公告)日：1993-05-11

申请号：CA602904

申请日：1989-06-15

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/32

Abstract: MA988-011 of the Invention SECURE MANAGEMENT OF KEYS USING CONTROL VECTORS The invention is an apparatus and method for validating that key management functions requested for a cryptographic key by the program have been authorized by the originator of the key. The invention includes a cryptographic facility characterized by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorizes the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorization output connected to an input of the cryptographic processing means, for signalling that the key management function is authorized, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.

公开(公告)号：DE68926005T2

公开(公告)日：1996-10-17

申请号：DE68926005

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C ,  SMITH RONALD M ,  WHITE STEVE R ,  ARNOLD WILLIAM C

IPC: G07F7/10 ,  H04L9/00 ,  H04L9/08 ,  H04L9/32

Abstract: Arrangements are disclosed for validating that key management functions requested for a cryptographic key by the program have been authorised by the originator of the key. The invention includes a cryptographic facility characterised by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorises the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorisation output connected to an input of the cryptographic processing means, for signalling that the key management function is authorised, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.

公开(公告)号：DE68922884D1

公开(公告)日：1995-07-06

申请号：DE68922884

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  JOHNSON DONALD B ,  ABRAHAM DENNIS G ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  THOMAS JULIAN ,  WILKINS JOHN D ,  YEH PHIL C ,  SMITH RONALD M

IPC: G06F9/30 ,  G07F7/10 ,  H04L9/32 ,  H04L9/00

公开(公告)号：DE69019593D1

公开(公告)日：1995-06-29

申请号：DE69019593

申请日：1990-03-28

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  MCCORMACK PATRICK J ,  PRYMAK ROSTISLAW ,  WILKINS JOHN D

IPC: G09C1/00 ,  G06F9/30 ,  G07B17/00 ,  H04L9/08 ,  G07F7/10 ,  H04L9/32

公开(公告)号：DE68926076T2

公开(公告)日：1996-11-14

申请号：DE68926076

申请日：1989-08-09

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  ABRAHAM DENNIS G ,  JOHNSON DONALD B ,  KARNE RAMESH K ,  LE AN V ,  PRYMAK ROSTISLAW ,  ARNOLD WILLIAM C ,  WHITE STEVE R ,  WILKINS JOHN D ,  YEH PHIL C ,  THOMAS JULIAN

IPC: H04L9/08