公开(公告)号：JPH02300784A

公开(公告)日：1990-12-12

申请号：JP11066090

申请日：1990-04-27

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIYUUZU ,  DENIIIZU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMETSUSHIYU KEI KAAN ,  AN BUI RI ,  PATORITSUKU JIEI MAKUKOOMATSUK ,  ROSUTEISUROO PURAIMATSUKU ,  JIYON DEII UIRUKINZU

IPC: G09C1/00 ,  G06F9/30 ,  G07B17/00 ,  H04L9/08

Abstract: PURPOSE: To obtain a cryptographic key managing method excellent in security protection of a cipher by inspecting the first and second fields of a candidate control vector so as to allow the restoration of the cryptographic key only when the execution of a ciphering function is permitted. CONSTITUTION: A first control vector inspecting means receives the first part of a related control vector, judges whether the execution of the ciphering function is permitted by using the cryptographic key and outputs a first permission signal. A second control vector inspecting means receives the second part of the related control vector, judges whether the execution of the ciphering function is permitted by using the cryptographic key and outputs a second permission signal. A cipher processing means starts the execution of the ciphering function by using cryptographic key in response to the first and second permission signals. Thereby a managing means excellent in the security protection and the maintainability of ciphers.

公开(公告)号：JPH02101491A

公开(公告)日：1990-04-13

申请号：JP21080289

申请日：1989-08-17

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  JIYURIAN TOOMASU ,  JIYON DEII UIRUKINZU ,  FUIRII SHIII JIEI

IPC: G09C1/00 ,  H04L9/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/32

Abstract: PURPOSE: To completely cipher a part of data and to cause a permitted receiver to decode the other part by combining control vectors giving the permission of the use of a data ciphering key and a key that the transmitter of the key intends for the ciphering of data. CONSTITUTION: A cipher mechanism 4 is characterized by a safety protection boundary 6. An example for restoring the cipher key from a cipher key storage mechanism 22 is to permit a control vector inspection mechanism 14 to output a permission signal for restoring the cipher key to a cipher processing mechanism 16 through a line 20 when a cipher instruction storage device receives a cipher service request obtaining the restoration of the cipher key through an input/output route 8. Thus, the cipher processing mechanism 16 receives the cipher key ciphered from the cipher key storage mechanism 22 in response to the permission key in the line 20 and restores the cipher key ciphered under a stored key being the AND of a related control vector and a master key stored in a master key storage mechanism 18.

公开(公告)号：JPH02106787A

公开(公告)日：1990-04-18

申请号：JP20711489

申请日：1989-08-11

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  UIRIAMU SHIII AANORUDO ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  SUTEIBU AARU HOWAITO ,  JIYON DEII UIRUKINZU

IPC: G09C1/00 ,  H04L9/08

Abstract: PURPOSE: To improve the management of a cipher key by forming a cipher by means of connecting it to a key in accordance with a ciphering procedure and preventing the key from being ciphered only when a control vector is precisely applied to cipher hardware. CONSTITUTION: A 64 bits key K is ciphered with the key ciphering key KK (constituted of 64 bits on the left half named as KKL and 64 bits on the right half named as KKR) of 128 bits and the 64 bits control vector C of a register 40'. In such a case, a register 46L exclusively OR-operates CL of a register 40L and KKL of a register 42L and sets KKL+CL. A register 46 exclusively OR-operates CR of a register 40R and KKR of a register 42R and sets KKL +CR. Namely, a method for using C where the left half bit part and the right half bit part are equal and the 64 bits control vector is obtained by reducing the method for using a 128 bits control vector. Thus, the control vector is doubled and the newly improved cipher can be obtained. Then, the improved method of cipher key management can be obtained.

公开(公告)号：JPH0299984A

公开(公告)日：1990-04-11

申请号：JP20711289

申请日：1989-08-11

Applicant: IBM

Inventor： SUTEIBUN EMU MACHIIISU ,  DENISU JIII ABURAHAMU ,  DONARUDO BIII JIYONSON ,  RAMESHIYU KEI KAAN ,  AN BUI RI ,  ROSUTEISUROO PURAIMATSUKU ,  JIYURIAN TOOMASU ,  JIYON DEII UIRUKINZU ,  FUIRII SHIII JIEI

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/00 ,  H04L9/08 ,  H04L9/10 ,  H04L9/32

Abstract: PURPOSE: To protect the cipher function and the safety of a stored or distributed key by permitting a cipher instruction storage device to execute a key management function with a cipher key, permitting a control vector inspection means to judge that the key management function is permitted, and permitting a cipher processing means to execute the requested key management function with the cipher key. CONSTITUTION: When a cipher instruction storage mechanism 10 receives a cipher service request for obtaining the restoration of the cipher key from a cipher key storage mechanism 22, the control vector inspection mechanism 14 outputs a permission signal showing that the function for restoring the cipher key is permitted to the cipher processing mechanism 16 through a line 20. Then, the cipher processing mechanism 16 receives the cipher key ciphered from the cipher key storage mechanism 22 and operates not to cipher the cipher key ciphered under a stored key being AND with a related control vector and a master key stored in a master key storage mechanism 18. Thus, practical and highly flexible key management technology can be obtained.

公开(公告)号：JPH05216409A

公开(公告)日：1993-08-27

申请号：JP24370692

申请日：1992-09-11

Applicant: IBM

Inventor： SUTEFUAN EMU MATEIASU ,  DONARUDO BII JIYONSON ,  AN BUI RE ,  UIRIAMU SHII MAATEIN ,  ROSUTEISUROO PURAIMATSUKU ,  UIRIAMU ESU ROORANDO ,  JIYON DEII UIRUKINSU

IPC: G09C1/00 ,  G06F9/30 ,  H04L9/08

Abstract: PURPOSE: To provide an improved method for managing the use of a public key and a secret key. CONSTITUTION: A ciphering mechanism 30 provided with an exchangeable master key of asymmetric algorithm is shown. The public key and the secret key stored outside the ciphering mechanism 30 are protected by an asymmetric master key pair (PUO and PRO) (ciphered for secrecy and authenticated). At the outside of the ciphering mechanism 30, all the public keys and secret keys are stored in key tokens. The public keys are stored in a public key token and the secret keys are stored in a secret key token. Both key tokens are stored in a ciphering key data set 32 managed by a ciphering system software or managed by a ciphering application job program (not shown in the figure) itself.

公开(公告)号：JPH03181245A

公开(公告)日：1991-08-07

申请号：JP28606390

申请日：1990-10-25

Applicant: IBM

Inventor： SUTEFUAN EMU MAACHIYASU ,  DENISU JII ABURAHAMU ,  DONARUDO BII JIYONSON ,  AN BUI RII ,  ROSUTEISUROO PURAIMATSUKU ,  JIYON DEE UIRUKINZU ,  FUIRU SHII JIEI

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/10

Abstract: PURPOSE: To safely and flexibly control keys by using control vectors in a different sort key delivery environment. CONSTITUTION: Mask vectors in a control vector transformation table are logically combined with specific control vectors C5, C6. When the mask vectors are carefully set up, a system operator can request the check of specific bits of respective control vectors C5, C6 for a certain specific value before permitting requested transformation. When the check has failed, the transformation of a key K from the vector C5 to the vector C6 is not executed. Thus the system operator can control key transformation also based on an attribute allocated to a key ciphering key which is a base for the transformation of the key K in addition to the values of the control vectors C5, C6 in the control vector transformation table.