公开(公告)号：US3256516A

公开(公告)日：1966-06-14

申请号：US20382362

申请日：1962-06-20

Applicant: IBM

Inventor： MELIA JOHN J ,  POPICK STEPHEN J ,  SIMPSON BENJAMIN E ,  TUCHMAN WALTER L

IPC: G06F3/023 ,  G06F3/048

CPC classification number: G06F3/04892

公开(公告)号：CA1103358A

公开(公告)日：1981-06-16

申请号：CA314677

申请日：1978-10-30

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  MEYER CARL H ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  H04L9/32 ,  H04L9/00

Abstract: DIGITAL SIGNATURE SYSTEM AND APPARATUS A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.

公开(公告)号：CA1046942A

公开(公告)日：1979-01-23

申请号：CA243854

申请日：1976-01-20

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  MEYER CARL H ,  POWERS ROBERT L ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06 ,  H04K1/00 ,  H04L9/02

Abstract: PRODUCT BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering a block of data bits under control of a cipher key. The cipher device performs a ciphering process for the block of data by carrying out an operation in which the block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined nonlinear transformation and linear formation results in a product block cipher of the block of data.

公开(公告)号：CA1121013A

公开(公告)日：1982-03-30

申请号：CA317142

申请日：1978-11-30

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  ELANDER ROBERT C ,  MATYAS STEPHEN M ,  MEYER CARL H W ,  SAHULKA RICHARD J ,  TUCHMAN WALTER L

IPC: G06F3/06 ,  G06F1/00 ,  G06F12/00 ,  G06F21/00 ,  G07F7/10 ,  H04L9/14 ,  H04L9/18 ,  G09C1/10

Abstract: A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.

公开(公告)号：FR2414232A1

公开(公告)日：1979-08-03

申请号：FR7836585

申请日：1978-12-20

Applicant: IBM

Inventor： MATYAS STEPHEN M ,  MEYER CARL H W ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  H04L9/32 ,  G09C1/04 ,  G06F7/02

Abstract: A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.

公开(公告)号：CA722828A

公开(公告)日：1965-11-30

申请号：CA722828D

Applicant: IBM

Inventor： POPICK STEPHEN J ,  MELIA JOHN J ,  SIMPSON BENJAMIN E ,  TUCHMAN WALTER L

公开(公告)号：CA1149483A

公开(公告)日：1983-07-05

申请号：CA316965

申请日：1978-11-28

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  ELANDER ROBERT C ,  MATYAS STEPHEN M ,  MEYER CARL H W ,  POWERS ROBERT L ,  PRENTICE PAUL N ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G06F12/00 ,  G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L9/02

Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptoghraphic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means. A load cipher key direct function can be performed whereby a working cipher key may be loaded directly into the cipher key register for use as a working cipher key in performing a cipher function. A decipher key function can be performed whereby the master cipher key is transferred to the cipher key register as a working cipher key after which an operational key enciphored under the master cipher key is transferred to the cryptographic apparatus storage means and the ?ontrol means causes the enciphered operational key to be deciphered to obtain the operational key in clear form as a working cipher key for subsequent encipher/decipher data functions.

公开(公告)号：CA1124812A

公开(公告)日：1982-06-01

申请号：CA317109

申请日：1978-11-30

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  ELANDER ROBERT C ,  HOLLIS LLOYD L ,  LENNON RICHARD E ,  MATYAS STEPHEN M ,  MEYER CARL H W ,  OSEAS JONATHAN ,  TUCHMAN WALTER L

IPC: H04L9/06 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L9/02

Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems. Ki977009

公开(公告)号：CA1048935A

公开(公告)日：1979-02-20

申请号：CA243887

申请日：1976-01-20

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  MEYER CARL H ,  POWERS ROBERT L ,  PRENTICE PAUL N ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06

Abstract: BLOCK CIPHER SYSTEM FOR DATA SECURITY A device for ciphering message blocks of data bits under control of a cipher key. The cipher device performs a ciphering process for the first half of the message block of data bits from a first store by carrying out an operation in which the block of data bits is expanded by duplicating predetermined ones of the data bits of the first half of the message block. The data bits of the expanded first half of said message block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different non-linear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution of data bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation. The combined non-linear transformation and linear transformation results in a product block cipher for the first half of the said message block. Then the second half of the message block from a second store is subjected to a linear transformation in accordance with the product block cipher to produce a set of bits representing a modified second half of said message block. Finally said modified second half of said message block is loaded into the first store and the first half of the message block from the first store is loaded into the second store concurrently with the modified second half of the message block being loaded into the first store to complete a first iteration operation of the cipher device.

公开(公告)号：FR2350011A1

公开(公告)日：1977-11-25

申请号：FR7705184

申请日：1977-02-18

Applicant: IBM

Inventor： EHRSAM WILLIAM F ,  MEYER CARL H W ,  SMITH JOHN L ,  TUCHMAN WALTER L

IPC: G09C1/00 ,  G06F21/22 ,  H04L9/06 ,  H04L12/22 ,  H04L3/02 ,  H04L9/00

Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.