公开(公告)号：DE69129778T2

公开(公告)日：1999-03-11

申请号：DE69129778

申请日：1991-07-31

Applicant: IBM

Inventor： GREEN LUCINA LI-NIEN ,  KELLY MICHAEL JAMES ,  SMITH RONALD MORTON ,  THOMAS JULIAN ,  YEH PHIL CHI-CHUNG

IPC: G09C1/00 ,  G06F12/14 ,  H04L9/08

Abstract: A facility for making dynamic changes to a system master key without stopping the system, and without loss of integrity to ongoing cryptographic operations. A version number is generated and associated with the current master key. A dynamic change is made to the master key, resulting in the then current master key becoming the old master key, and a "new" current master key (with a new version number) being placed into operation. Subsequent cryptographic requests using a supplied key enciphered under the old master key are identified by means of a supplied version number associated with the supplied key. This identification triggers a reencipher operation, reenciphering the supplied key under the now current master key - after which the cryptographic operation proceeds. Unique patterns are generated to verify the contents of the master key registers, and to authorize normal use of the cryptographic facility, and issuers of key-change operations.

公开(公告)号：DE69129778D1

公开(公告)日：1998-08-20

申请号：DE69129778

申请日：1991-07-31

Applicant: IBM

Inventor： GREEN LUCINA LI-NIEN ,  KELLY MICHAEL JAMES ,  SMITH RONALD MORTON ,  THOMAS JULIAN ,  YEH PHIL CHI-CHUNG

IPC: G09C1/00 ,  G06F12/14 ,  H04L9/08

Abstract: A facility for making dynamic changes to a system master key without stopping the system, and without loss of integrity to ongoing cryptographic operations. A version number is generated and associated with the current master key. A dynamic change is made to the master key, resulting in the then current master key becoming the old master key, and a "new" current master key (with a new version number) being placed into operation. Subsequent cryptographic requests using a supplied key enciphered under the old master key are identified by means of a supplied version number associated with the supplied key. This identification triggers a reencipher operation, reenciphering the supplied key under the now current master key - after which the cryptographic operation proceeds. Unique patterns are generated to verify the contents of the master key registers, and to authorize normal use of the cryptographic facility, and issuers of key-change operations.