公开(公告)号：CA1046942A

公开(公告)日：1979-01-23

申请号：CA243854

申请日：1976-01-20

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  MEYER CARL H ,  POWERS ROBERT L ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06 ,  H04K1/00 ,  H04L9/02

Abstract: PRODUCT BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering a block of data bits under control of a cipher key. The cipher device performs a ciphering process for the block of data by carrying out an operation in which the block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined nonlinear transformation and linear formation results in a product block cipher of the block of data.

公开(公告)号：CA1124810A

公开(公告)日：1982-06-01

申请号：CA316966

申请日：1978-11-28

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  ELANDER ROBERT C ,  MATYAS STEPHEN M ,  MEYER CARL H W ,  POWERS ROBERT L ,  PRENTICE PAUL N ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: H04L9/00 ,  G06F21/22 ,  G09C1/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/18 ,  H04L9/02

Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR SINGLE DOMAIN NETWORKS A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations. At initialization time, a host-master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals. Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations. The host data security device, using the enciphered master key of the designated remote terminal, transforms the enciphered operational key under control of the host master key into a form in which the operational key is enciphered under the terminal master key of the designated remote terminal. The operational key enciphered under the terminal master key of the designated remote terminal is transmitted to the remote terminal to permit the enciphered operational key to be used at the remote terminal for enciphering or deciphering data operations. KI977007 -1-

公开(公告)号：CA1149483A

公开(公告)日：1983-07-05

申请号：CA316965

申请日：1978-11-28

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  ELANDER ROBERT C ,  MATYAS STEPHEN M ,  MEYER CARL H W ,  POWERS ROBERT L ,  PRENTICE PAUL N ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G06F12/00 ,  G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L9/02

Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is transferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.

公开(公告)号：CA1048935A

公开(公告)日：1979-02-20

申请号：CA243887

申请日：1976-01-20

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  MEYER CARL H ,  POWERS ROBERT L ,  PRENTICE PAUL N ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06

Abstract: BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering message blocks of data bits under control of a cipher key. The cipher device performs a ciphering process for the first half of the message block of data bits from a first store by carrying out an operation in which the block of data bits is expanded by duplicating predetermined ones of the data bits of the first half of the message block. The data bits of the expanded first half of said message block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different non-linear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution of data bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined non-linear transformation and linear transformation results in a product block cipher for the first half of the said message block. Then the second half of the message block from a second store is subjected to a linear transformation in accordance with the product block cipher to produce a set of bits representing a modified second half of said message block. Finally said modified second half of said message block is loaded into the first store and the first half of the message block from the first store is loaded into the second store concurrently with the modified second half of the message block being loaded into the first store to complete a first iteration operation of the cipher device.