-
公开(公告)号:JPH1041932A
公开(公告)日:1998-02-13
申请号:JP7150097
申请日:1997-03-25
Applicant: IBM
Inventor: JOHNSON DONALD B , KARGER PAUL A , KAUFMAN CHARLES W JR , MATYAS STEPHEN M JR , YUNG MARCEL M , ZUNIC NEVENKO
Abstract: PROBLEM TO BE SOLVED: To provide the key recovery system handling requests in contention of different entities by several persons by using each of a plurality of of common share keys with respect to a plurality of key recovery agents. SOLUTION: A PQR value 102 to consent to a secret value 102 referred to as a PQR for mutual communication is made up of P, Q values 104, 106 in m-bit and an R value 108 in m-bit. The P value 104 is used in common for a 1st key recovery agent of each country and the Q value 106 is used in common by a 2nd key recovery agent. The R value 108 is used in common between users. In order to generate a cryptographic key, the P value 104 and the Q value 106 are processed by an exclusive OR (XOR) and a resulting value (112) in 112-bits is generated. Then the resulting value 112 is linked with the R value 108 to generate an intermediate value 114 in 168 bits. The intermediate value 114 is hash-processed (116) and a final key value 118 is extracted.
-
公开(公告)号:DE69521977T2
公开(公告)日:2002-04-04
申请号:DE69521977
申请日:1995-11-28
Applicant: IBM
Inventor: HERZBERG AMIR , KRAWCZYK HUGO M , KUTTEN SHAY , VAN LE AN , MATYAS STEPHEN M , YUNG MARCEL M
Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
Patent Agency Ranking
公开(公告)号:CA2197915C
公开(公告)日:2002-12-10
申请号:CA2197915
申请日:1997-02-05
Applicant: IBM
Inventor: JOHNSON DONALD B , KARGER PAUL A , KAUFMAN CHARLES W JR , MATYAS STEPHEN M JR , YUNG MARCEL M , ZUNIC NEVENKO
Abstract: A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing fo r its recovery using one or more key recover agents. A plurality of m-bit shared k ey parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not share d with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R ) to generate an (m + n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to al l of the key recovery agents acting in concert, but has the effective work fac tor of an (m + n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the k ey recovery agents before permitting encrypted communications using the thus generated key.
-
公开(公告)号:CA2197915A1
公开(公告)日:1997-10-11
申请号:CA2197915
申请日:1997-02-05
Applicant: IBM
Inventor: JOHNSON DONALD B , KARGER PAUL A , KAUFMAN CHARLES W JR , MATYAS STEPHEN M JR , YUNG MARCEL M , ZUNIC NEVENKO
Abstract: A cryptographic key recovery system for generating a cryptographic key for use by a pair of communicating parties while simultaneously providing for its recovery using one or more key recover agents. A plurality of m-bit shared key parts (P, Q) are generated which are shared with respective key recovery agents, while an n-bit nonshared key part (R) is generated that is not shared with any key recovery agent. The shared key parts (P, Q) are combined to generate an m-bit value which is concatenated with the nonshared key part (R) to generate an (m + n)-bit value from which an encryption key is generated. The cryptographic system has the effective work factor of an n-bit key to all of the key recovery agents acting in concert, but has the effective work factor of an (m + n)-bit to any other combination of third parties. The quantity n is selected to make authorized key recovery feasible, but not so trivial as to permit routine decryption of intercepted communications, while the quantity m is selected to make decryption by unauthorized third parties infeasible. Means are provided for verifying that the shared key parts have been shared with the key recovery agents before permitting encrypted communications using the thus generated key.
-
公开(公告)号:DE69521977D1
公开(公告)日:2001-09-06
申请号:DE69521977
申请日:1995-11-28
Applicant: IBM
Inventor: HERZBERG AMIR , KRAWCZYK HUGO M , KUTTEN SHAY , VAN LE AN , MATYAS STEPHEN M , YUNG MARCEL M
Abstract: A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.
-
公开(公告)号:CA2059172C
公开(公告)日:1996-01-16
申请号:CA2059172
申请日:1992-01-10
Applicant: IBM
Inventor: BIRD RAYMOND F , GOPAL INDER S , JANSON PHILIPPE A , KUTTEN SHAY , MOLVA REFIK A , YUNG MARCEL M
Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement: A first challenge N1 is transmitted from a first user A to a second user B. In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2. In addition, f() and g() are selected such that the equation f'(S1,N1'....) = g(S2.N2) cannot be solved for N1' without knowledge of S1 and S2. f'() and N1' represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation f'(S, N1',D1',...) = f(S, N2, D1,...) cannot be solved for N1' without knowledge of S1 and S2. In this equation, D1' is the flow direction indicator of the message containing f'() on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.
-
公开(公告)号:CA2059172A1
公开(公告)日:1992-09-21
申请号:CA2059172
申请日:1992-01-10
Applicant: IBM
Inventor: BIRD RAYMOND F , GOPAL INDER S , JANSON PHILIPPE A , KUTTEN SHAY , MOLVA REFIK A , YUNG MARCEL M
Abstract: A arrangement of authenticating communications network users and means for carrying out the arrangement. A first challenge N1 is transmitted from a first user A to a second user B (300). In response to the first challenge, B generates and transmits a first response to the challenge and second challenge N2 to A. A verifies that the first response is correct. A then generates and transmits a second response to the second challenge to B, where the second response is verified. The first response must be of a minimum form and the second response must be of the minimum form S1 and S2 are shared secrets between A and B. S1 may or may not equal to S2, In addition, f() and g() are selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. f min () and N1 min represent expressions on a second reference connection. Preferably, the function f() may include the direction D1 of flow of the message containing f(), as in f(S1, N1, D1,...). In such a case, f() is selected such that the equation cannot be solved for N1 min without knowledge of S1 and S2. In this equation, D1 min is the flow direction indicator of the message containing f min () on the reference connection. Specific protocols satisfying this condition are protected from so-called intercept attacks.
-
-
-
-
-
-
Search Results
7
records
(took 0.018 seconds)
