-
公开(公告)号:DE3883287D1
公开(公告)日:1993-09-23
申请号:DE3883287
申请日:1988-05-11
Applicant: IBM
Abstract: A method of controlling the use of securely transmitted information in a network of stations in which each potentially cooperating station includes a cryptographic facility (10) which securely stores a master key and in which, for each transmission between a pair of stations, a cryptographic key result is provided for each station of the pair by a generating station which is either one of the pair or a station external to the pair under a cryptographic protocol common to the network, the cryptographic key results for the transmission having a random component notionally particular to the transmission, a master key variant component characteristic of the protocol and a target station component either particular to the stations individually or as a pair, wherein, in response to a generating command invoked in the generating station for establishing a controlled use secure transmission between a designated pair of stations, the generating station generates the cryptographic key result for each designated station, accesses the control value common to the system for the permitted operation for each of the stations for the particular transmission, combines the control value with the common key result or each individual key result and causes the appropriate combined key result to be established in each station of the pair for the transmission, and wherein the cryptographic facility (10) in each station is arranged, when an operating command is invoked to perform a designated operation with respect to such securely transmitted information, to automatically abort such operation unless it matches the control value.
-
-
公开(公告)号:DE2965420D1
公开(公告)日:1983-07-07
申请号:DE2965420
申请日:1979-04-05
Applicant: IBM
Inventor: MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ WILHELM
IPC: G06F21/20 , G06F21/00 , G06Q20/34 , G06Q20/38 , G06Q20/40 , G07F7/10 , H04L9/00 , H04L9/32 , G07C11/00 , G06F13/00
Abstract: This invention relates to a method for authenticating the identity of a user of an information system. A data communication system operating in accordance with an embodiment of the invention includes one or more terminals operatively coupled to a host data processing system each having cryptographic apparatus for cryptographic data communications. In order to authenticate the identity of terminal users of the system, a host system initialization process is first performed to provide a table of test patterns for use during subsequent authentication processing. This is accomplished by providing terminal user identification numbers and passwords and a predetermined number at the host data processing system. A first initialization operation is performed at the host data processing system in accordance with the terminal user identification numbers and passwords to obtain terminal user authentication patterns. A second initialization operation is performed at the host data processing system in accordance with the predetermined number and the terminal user identification numbers to obtain terminal user first verification patterns. A third initialization operation is performed at the host data processing system in accordance with the terminal user authentication patterns and the terminal user first verification patterns to obtain the table of terminal user test
-
公开(公告)号:DE2861957D1
公开(公告)日:1982-09-02
申请号:DE2861957
申请日:1978-12-05
Applicant: IBM
Inventor: EHRSAM WILLIAM FRIEDRICH , ELANDER ROBERT CARL , HOLLIS LLOYD LEE , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ WILHELM , OSEAS JONATHAN , TUCHMAN WALTER LEONARD
Abstract: This invention concerns a multiple domain data communication method and network. An embodiment of the invention provides communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system i, j, k and its associated resources of programs and communication terminals T. The host systems and communication terminals include data security devices 11, X each having a master key 13 which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the receives session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session may be established and cryptographic operations can proceed between the domains of the two host systems.
-
5.发明专利
公开(公告)号:DE2861905D1
公开(公告)日:1982-08-05
申请号:DE2861905
申请日:1978-12-05
Applicant: IBM
Inventor: LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ WILHELM , OSEAS JONATHAN , PRENTICE PAUL NORMAN , TUCHMAN WALTER LEONARD
Abstract: This invention concerns a process and apparatus for the verification of cryptographic operational keys used in data communication networks. In a data communication network providing communication security for communication sessions between a first station and a second station where each station has cryptographic apparatus provided with an operational key which should be common to both stations for cryptographic operations, an operational key verification arrangement is provided in which a first number provided at the first station is operated upon in accordance with the first station operational key to obtain cryptographic data for transmission to the second station, requiring the second station to perform an operation on the first station cryptographic data in accordance with the second station operational key to obtain cryptographic data for transmission back to the first station, and in which an operation is performed at the first station in accordance with the first number and the second station cryptographic data to verify that the second station is the source of second station cryptographic data only if the operational keys are identical.
-
Patent Agency Ranking
公开(公告)号:DE3277677D1
公开(公告)日:1987-12-17
申请号:DE3277677
申请日:1982-11-23
Applicant: IBM
-
公开(公告)号:DE2862311D1
公开(公告)日:1983-10-06
申请号:DE2862311
申请日:1978-12-05
Applicant: IBM
-
公开(公告)号:DE3883287T2
公开(公告)日:1994-03-17
申请号:DE3883287
申请日:1988-05-11
Applicant: IBM
Abstract: A method of controlling the use of securely transmitted information in a network of stations in which each potentially cooperating station includes a cryptographic facility (10) which securely stores a master key and in which, for each transmission between a pair of stations, a cryptographic key result is provided for each station of the pair by a generating station which is either one of the pair or a station external to the pair under a cryptographic protocol common to the network, the cryptographic key results for the transmission having a random component notionally particular to the transmission, a master key variant component characteristic of the protocol and a target station component either particular to the stations individually or as a pair, wherein, in response to a generating command invoked in the generating station for establishing a controlled use secure transmission between a designated pair of stations, the generating station generates the cryptographic key result for each designated station, accesses the control value common to the system for the permitted operation for each of the stations for the particular transmission, combines the control value with the common key result or each individual key result and causes the appropriate combined key result to be established in each station of the pair for the transmission, and wherein the cryptographic facility (10) in each station is arranged, when an operating command is invoked to perform a designated operation with respect to such securely transmitted information, to automatically abort such operation unless it matches the control value.
-
公开(公告)号:IT1163746B
公开(公告)日:1987-04-08
申请号:IT2824779
申请日:1979-12-20
Applicant: IBM
Inventor: MATYAS STEPHEN , MEYER CARL HEINZ WILHELM , TUCKERMAN LOUIS BRYANT
-
公开(公告)号:DE2862042D1
公开(公告)日:1982-11-04
申请号:DE2862042
申请日:1978-12-05
Applicant: IBM
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.02 seconds)
