公开(公告)号：CA2241745C

公开(公告)日：2003-04-29

申请号：CA2241745

申请日：1996-12-27

Applicant: IBM

Inventor： KAUFMAN CHARLES W ,  ELDRIDGE ALAN D

IPC: G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G06F21/24 ,  G06F17/30

Abstract: In a system in which encrypted information can be protected and maintained b y multiple users using passwords in concert, a file with secure data contains both an unencrypted header and an encrypted data portion. The data portion contains both the secured data and a list of hashed passwords and is encrypt ed with a single file key. The unencrypted file header contains two tables. The first table is a list of passwords, where each password is cryptographically hashed using a second, different hashing technique than the hashed passwords in the data portion of the file. The second table is a list of cryptographically hashed combinations of cryptographically hashed passwords, where the combinations correspond to authorized user quorums and the passwor ds are hashed using the same technique as the passwords stored in the data portion of the file. Each hashed combination on the list is also used as a password key to encrypt the file key. During use of the system, an authorize d user must enter a password which, when hashed, can be found in the first table. If the entered password is found in the first table, a check is made to determine if enough authorized users have entered passwords to form a quorum . If there is a quorum, then passwords of the users in the quorum are hashed with the first hashingtechnique, combined and hashed again to form a passwor d key. The file key can be decrypted with the password key and used to decrypt the file. The hashed passwords in the protected portion of the file can then be used to maintain the password lists.

公开(公告)号：DE19652295B4

公开(公告)日：2009-05-14

申请号：DE19652295

申请日：1996-12-16

Applicant: IBM

Inventor： KAUFMAN CHARLES W ,  OZZIE RAYMOND E ,  MATYAS STEPHEN M

IPC: H04L9/00 ,  H04L9/08 ,  H04L9/30

Abstract: PROBLEM TO BE SOLVED: To obtain a ciphering system capable of safe communication by deciding a first partial key by means of an authorized person or a corporation and supplying information for enabling the decoding of a ciphered message by means of the acquirement of the first partial key. SOLUTION: The secret key is a random number and is generated at every message in ST10 so as to cipher the message in ST12. The one-way hash of the secret key is generated in ST14 in order to facilitate a suitable section work quantity system. The secret key and a salt are ciphered through the use of the open key of a prescribed receiver. The secret key is divided into at least two partial keys in ST18 so as to permit the authorized person or the corporation to decode the message. The partial keys, the hashed and the whole or a part of solts are ciphered by using the open key in ST20. The ciphered value is transmitted to the receiver together with the ciphered message and the ciphering secret key in ST22. The receiver decodes the ciphering secret key where the secret key is used in ST24.

公开(公告)号：AT298436T

公开(公告)日：2005-07-15

申请号：AT96945639

申请日：1996-12-27

Applicant: IBM

Inventor： ELDRIDGE ALAN D ,  KAUFMAN CHARLES W

IPC: G06F12/14 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G06F21/24

Abstract: A system in which an encrypted data file can be protected, accessed, and maintained by a plurality of users using cryptographically hashed passwords. The system provides for the creation in memory for each authorized user of a cryptographically hashed password as an entry in an unencrypted header file. The system compares an authorized user's cryptographically hashed password against a corresponding set of cryptographically hashed passwords in memory to determine whether the user is allowed access to the protected data file. The passwords are cryptographically one-way hashed with a "salt" value in such a way as to make reconstruction of original passwords by an unintended party virtually impossible, because the passwords never exist in memory in an unhashed state. Furthermore, the passwords are cryptographically "one-way" hashed so as not to be reconstructible. Upon successful authorization of a user, based on successful comparison of the user's hashed password with those in memory, the user gains access to the encrypted data file.