WO1996038948A1 - Apparatus for key management in a secure cryptographic facility - Google Patents

Apparatus for key management in a secure cryptographic facility Download PDF

Info

Publication number
WO1996038948A1
WO1996038948A1 PCT/US1995/006802 US9506802W WO9638948A1 WO 1996038948 A1 WO1996038948 A1 WO 1996038948A1 US 9506802 W US9506802 W US 9506802W WO 9638948 A1 WO9638948 A1 WO 9638948A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
cryptographic
module
facility
data key
Prior art date
Application number
PCT/US1995/006802
Other languages
French (fr)
Inventor
Christopher James Holloway
Stephen Michael Matyas
Original Assignee
International Business Machines Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corporation filed Critical International Business Machines Corporation
Priority to AU38225/95A priority Critical patent/AU3822595A/en
Priority to PCT/US1995/006802 priority patent/WO1996038948A1/en
Priority to EP95936188A priority patent/EP0809904A1/en
Publication of WO1996038948A1 publication Critical patent/WO1996038948A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Definitions

  • the invention relates in general to security in data processing systems and, more particularly, to key management in secure cryptographic facilities for use in data processing systems.
  • secure hardware In general, data processing systems which employ cryptographic techniques as a means of security rely on the use of certain secure hardware whose integrity can be ensured by physical mean ⁇ .
  • Such secure hardware can take a variety of forms, but usually takes the form of a tamper-resistant module with a physically strong housing which is designed to destroy secret information contained therein when it is interfered with.
  • the portion of the cryptographic system located within such a secure boundary is often called the security module or cryptographic facility. An assumption is made that a certain level of trust exists within the secure boundary of the cryptographic facility.
  • Key secrecy can be achieved by encrypting one key with another according to a defined key hierarchy. For example, many different data-encrypting keys are encrypted with a lower number of different key-encrypting keys in order that they may be securely distributed from one communicating device or user to another. Each cryptographic facility may, in turn, have a single master key, under which all locally-stored keys, including data-encrypting keys and key-encrypting keys, are encrypted.
  • a common method of key usage control is to employ variant keys, for example by forming a variant key as the Exclusive OR product of a secret key and a non-secret control vector which contains a number of individual fields that collectively define the attributes and allowed uses of the key.
  • a variant key is a key-encrypting key
  • XD is a data encrypting key
  • C is a control vector associated with KD
  • eKKC(KD) would denote the encrypted 'form of KD where KKC is a variant key.
  • the variant key KKC formed by combining secret key value KK with non-secret control vector value C when used to encrypt KD cryptographically couples C to KD in such a way that KD cannot be correctly deciphered unless the correct control vector C is specified to the cryptographic facility.
  • the specified control vector C carries the information to allow the cryptographic facility to oversee and permit only the allowed uses of the key KD to be performed by the cryptographic facility.
  • Such an arrangement would enable, for example, a cryptographic product developed by a manufacturer in one country, for instance the USA, to implement cryptographic algorithms unique to another country or organisation in circumstances where the other country or organisation does not wish to have the particular cryptographic algorithms that it uses known outside its own organisation or frontiers.
  • This invention is directed to solving the problem of providing a secure cryptographic facility for use in a data processing system in which a structural separation can be maintained between a component responsible for performing the cryptographic algorithms themselves and other parts of the facility in such a manner that the functions required of the component responsible for performing the cryptographic algorithms are kept to a minimum.
  • the invention provides a secure cryptographic facility for use in a data processing system, the facility being of the type having a first secure boundary through which passes an input/output path for receiving cryptographic service requests, cryptographic keys and associated control vectors, and comprising a control mechanism within the first secure boundary for controlling the use of cryptographic keys in accordance with control vectors which are cryptographically bound thereto, characterised in that the facility comprises a module having a second secure boundary, the module comprising within the second secure boundary: means to store a secret key; decryption logic for decrypting a data key using the secret key; and logic for performing a cryptographic algorithm using the data key, and in that the control mechanism and the module are arranged to pass to one another on an input/output path passing through the second secure boundary a data key in an encrypted form such that the encrypted data key can only be decrypted using the secret key, so that the clear value of the data key is not available outside the module, the control mechanism being arranged to control the use of the data key in accordance with a control vector
  • a key management scheme has been devised in which the architectural requirements for key secrecy and key usage control are separated, with the requirement for key secrecy for those keys associated with the component or components responsible for performing the cryptographic algorithms themselves being assigned to that part of the cryptographic facility and the requirement for key secrecy for those keys not associated with that part and for key usage control for all keys, including protected keys (e.g., encrypted keys) associated with such separate components being assigned to another part of the cryptographic facility.
  • protected keys e.g., encrypted keys
  • the first secure boundary comprises a tamper-resistant housing and the module consists of one or more microchips.
  • the control mechanism and the module are structurally separated by a physically secure boundary.
  • software techniques be used to create a virtual secure boundary between different software elements within a single component.
  • the decryption logic is arranged to use a symmetric cryptographic algorithm.
  • the secret key would be a universal master key common to all modules capable of communicating with each other.
  • the decryption logic is arranged to use a public key cryptographic algorithm, the module comprising encryption logic arranged to encrypt the data key for transmission to a second similar cryptographic facility using a public key corresponding to the secret key stored in the second cryptographic facility.
  • Fig 1 shows a secure cryptographic facility in an encryption mode
  • Fig 2 is a flow diagram showing a data encryption process
  • Fig 3 shows a secure cryptographic facility in a decryption mode
  • Fig 4 is a flow diagram showing a data decryption process.
  • FIG 1 there is shown in schematic block diagram form a cryptographic facility 10 for use in a communications system in which a plurality of cryptographic systems are interconnected in a data communications network. It will be appreciated that each cryptographic system in the network would include such a cryptographic facility, together with a cryptographic key data set for the storage of encrypted keys, and suitable software for controlling the use of the cryptographic facility.
  • the cryptographic facility is located within a tamper-resistant housing which forms a first secure boundary represented at 15.
  • Cryptographic facility 10 includes a module 20 in which is encapsulated the actual cryptographic algorithms employed by the facility 10.
  • Module 20 has a second secure boundary 25.
  • component 20 is in the form of a single microchip.
  • Such an implementation gives rise to a secure boundary 25 in view of the practical impossibility of reverse engineering the microchip to determine the algorithms embodied therein.
  • secure boundary 25 might be implemented using suitable programming techniques.
  • Module 20 includes suitably arranged logic 40 for performing a secret cryptographic algorithm and a non-volatile storage device 30 in which is stored a common secret master key M. It will be appreciated by those skilled in the art that there are many ways in which this key M could be 'burnt in' to a microchip during manufacture. This same key M would be stored in each cryptographic facility in the communications system.
  • the data keys used in encryption or decryption are encrypted with this master key.
  • the data keys are decrypted within component 20 only when they are expressly used in a cryptographic algorithm, such as to encrypt or decrypt data or generate message authentication codes. At all times when data keys are exposed outside component 20, they are encrypted with this master key.
  • the encrypted data keys can be freely exchanged and used on any cryptographic device in the system.
  • Cryptographic facility 10 also includes a key usage control mechanism 50 based on control vectors and a key hierarchy that makes use of a unique key-encrypting key (KK) shared between each pair of communicating devices and a unique master key KMc different from M (not shown) stored outside component 20.
  • the master key KMc is used to encrypt other keys so that they may be safely stored in a key table outside the cryptographic facility 10.
  • the use of the key hierarchy and the means used to distribute the key encrypting key KK are conventional and will be well understood by those skilled in the art, see for example US-A- 4,941,176 'Secure Management of Keys Using Control Vectors' the contents of which are incorporated herein by reference. Consequently, they will not be described in any further detail herein.
  • Fig 1 shows, for the sake of example, the cryptographic facility configured in a encryption mode to generate as output a ciphertext from an input plaintext.
  • the steps of the encryption process are shown in the flow diagram of Fig 2.
  • Other cryptographic functions are also supported by module 20, such as the generation and verification of message authentication code (MACs) and modification detection codes (MDCs).
  • MACs message authentication code
  • MDCs modification detection codes
  • a data key KD is generated in component 20 in step 200.
  • the input plaintext is encrypted in step 210 using an symmetric cryptographic algorithm stored within component 20 using data key KD.
  • the data key KD is encrypted under the master key M in step 220.
  • the data key need not as such be generated inside module 20.
  • a random number would be generated outside module 20, supplied to module 20 and defined to be eM(KD), ie the data key encrypted under the master key M. This quantity can then be decrypted within module 20 using M to obtain the data key KD for use in generating the ciphertext.
  • module 20 would not actually need the facility to encrypt data keys using M, but only to decrypt them.
  • the encrypted value eM(KD) is then passed out of component 20 and processed by control mechanism 50.
  • a control vector C is generated in step 230 and XOR'd with a key encrypting key KK to form a variant key KKC. It will be understood that the control vector C could be generated outside of and input to the cryptographic facility 10. In this case, some checking of the control vector would be required to ensure that a proper control vector has been specified.
  • Key encrypting key KK could be loaded into cryptographic facility 10 in clear form and stored inside cryptographic facility 10 in a table.
  • the control mechanism 50 could have its own Master key KMc and KK could be encrypted under KMc and stored in a key table outside the cryptographic facility 10.
  • the cryptographic software would present eKMc(KK) to cryptographic facility 10 when KK is needed.
  • the means for generating, encrypting and decrypting, storing and using key encrypting keys is well known in the art and will not be further described herein.
  • the control vector C contains a collection of individual fa ⁇ fe ⁇ ds that collectively define the attributes and allowed uses of a key, be it either a data key or another key-encrypting key, encrypted by this variant key.
  • the control vector might indicate, for example, that the data key is an encipher key or a decipher key or a MAC generate key or a MAC verify key.
  • the encrypted data key eM(KD) is then itself encrypted in step 240 u ⁇ ing KKC in order to cryptographically bind the data key KD to the control vector C. Finally the ciphertext, the control vector C and the encrypted data key eKKC(eM(KD)) are transmitted in step 250 to a receiving device.
  • encryption steps 210 and 220 must be carried out by a suitable cryptographic algorithm within module 20 to avoid exposing the data key KD outside module 20.
  • Encryption step 240 can be carried out outside module 20. It should be noted however that even though steps 210 and 220 must be carried out within module 20 the algorithms used in steps 210 and 220 need not be the same.
  • Fig 3 shows the cryptographic facility configured as a decryption device.
  • logic 40 is used to decrypt the ciphertext to regenerate a plaintext.
  • step 400 First the ciphertext, control vector C and encrypted data key eKKC(eM(KD)) are received in step 400.
  • the control vector C is checked in conventional fashion in step 410 to determine the permitted uses of data key KD.
  • the first stage of recovering data key KD is carried out in step 420 by decrypting the encrypted quantity eKKC(eM(KD)) to recover eM(KD). This step is carried out in the control mechanism 50 outside the boundary of module 20.
  • the recovered quantity eM(KD) is then passed to component 20 which recovers the data key KD using M in step 430 and using the recovered data key to decrypt the ciphertext in step 440.
  • the first level of encryption consists of encrypting the data key with a master key belonging to module 20. This is done to ensure privacy of data key KD.
  • the second level of encryption consists of encrypting the data key with a variant key produced as the Exclusive OR product of a key and a control vector. This is done for the purpose of key usage control.
  • the two levels of encryption are a logical equivalent of "tunnelling", ie the key-privacy mechanism/protocol is tunnelled in the key-usage-control mechanism/protocol.
  • each module 20 shares the same secret master key M. As long as this key is not revealed, the method remains secure. However, if an adversary could reverse engineer one module 20 and discover the secret master key M, then the protection mechanism would be defeated everywhere.
  • a public key algorithm in module 20 is used to protect the data key.
  • each module 20 comprises public/private key generation means for generating a unique public and private key pair for the module and logic for encrypting/decrypting data keys using a public key algorithm with the public and private keys, respectively.
  • the public key of each module 20 would be registered with a certification centre, which has its own public and private key pair.
  • the public key of the certification centre is installed in each module 20 using means not described here but well known in the art.
  • the certification centre produces a signed certificate for each of the public keys of each module 20.
  • Each cryptographic device can request the certificate for any other device with which it desires to communicate.
  • Each device could hold its own certificate or they could be stored in a central repository.
  • Module 20 must also have means to validate a certificate using the public key of the certification centre. Once a certificate has been validated, the public key of the desired receiving device can be used by module 20 to encrypt the data key.
  • a sending module 20 encrypts the data key under the public key of a receiving module 20 for transmission to that receiving module and decryption using the private key of that module.
  • the sending module encrypts the data key under its own public key for subsequent use in that module.
  • the data key KD can be stored in encrypted form outside module 20 without exposing the data key and only the sending and receiving modules 20 have access to the data key.
  • the invention is industrially applicable in the field of data processing and data communications.

Abstract

A secure cryptographic facility is disclosed of the type having a first secure boundary (15). A control mechanism (50) within the first secure boundary controls the use of cryptographic keys in accordance with control vectors which are cryptographically bound thereto. The facility comprises a module (20) having a second secure boundary (25) and within the second secure boundary: means (30) to store a secret key; decryption logic for decrypting a data key using the secret key; and logic for performing a cryptographic algorithm using the data key. The control mechanism and the module are arranged to pass to one another on an input/output path passing through the second secure boundary a data key in an encrypted form such that the encrypted data key can only be decrypted using the secret key. The control mechanism being arranged to control the use of the data key in accordance with a control vector which is cryptographically bound to be encrypted data key. This enables a structural separation to be maintained between a component responsible for performing cryptographic algorithms and other parts of the facility so that the functions required of the component responsible for performing the cryptographic algorithms are kept to a minimum.

Description

Apparatus for Key Management in a Secure Cryptographic Facility
TECHNICAL FIELD
The invention relates in general to security in data processing systems and, more particularly, to key management in secure cryptographic facilities for use in data processing systems.
BACKGROUND ART
In general, data processing systems which employ cryptographic techniques as a means of security rely on the use of certain secure hardware whose integrity can be ensured by physical meanβ. Such secure hardware can take a variety of forms, but usually takes the form of a tamper-resistant module with a physically strong housing which is designed to destroy secret information contained therein when it is interfered with. The portion of the cryptographic system located within such a secure boundary is often called the security module or cryptographic facility. An assumption is made that a certain level of trust exists within the secure boundary of the cryptographic facility.
Mechanisms to maintain the secrecy of and control the usage of cryptographic keys in such data processing systems are well known in the art as fundamental ingredients of a well-founded cryptographic key management scheme. Each of these mechanisms can be achieved via encryption of the keys.
Key secrecy can be achieved by encrypting one key with another according to a defined key hierarchy. For example, many different data-encrypting keys are encrypted with a lower number of different key-encrypting keys in order that they may be securely distributed from one communicating device or user to another. Each cryptographic facility may, in turn, have a single master key, under which all locally-stored keys, including data-encrypting keys and key-encrypting keys, are encrypted.
A common method of key usage control is to employ variant keys, for example by forming a variant key as the Exclusive OR product of a secret key and a non-secret control vector which contains a number of individual fields that collectively define the attributes and allowed uses of the key. Thus, if KK is a key-encrypting key, XD is a data encrypting key, and C is a control vector associated with KD, then the quantity eKKC(KD) would denote the encrypted 'form of KD where KKC is a variant key. In effect, the variant key KKC formed by combining secret key value KK with non-secret control vector value C, eg via an exclusive-OR operation, when used to encrypt KD cryptographically couples C to KD in such a way that KD cannot be correctly deciphered unless the correct control vector C is specified to the cryptographic facility. In turn, the specified control vector C carries the information to allow the cryptographic facility to oversee and permit only the allowed uses of the key KD to be performed by the cryptographic facility. A cryptographic facility employing control vectors in this way is described in detail in US-A-4941176.
However, recently a need has arisen within such cryptographic facilities to maintain a structural separation between the part or parts of the device which performs the cryptographic algorithms themselves and the parts which perform other functions required of the device, such as key management etc. Such an arrangement is desirable in order that a device which is designed in accordance with a single common cryptographic architecture can be made to operate with hardware which contains secret cryptographic algorithms - algorithms that are not necessarily known even to the manufacturer of the cryptographic facility.
In such cases, it will be necessary to define a set of cryptographic keys and cryptographic variables to be associated with the cryptographic algorithms that must be managed by the cryptographic system yet must be kept secret everywhere, including to other portions of the cryptographic facility, except within the component or components specifically concerned with carrying out the cryptographic algorithms themselves. Nevertheless, there is still a necessity for the other parts of the cryptographic facility to process such keys.
Such an arrangement would enable, for example, a cryptographic product developed by a manufacturer in one country, for instance the USA, to implement cryptographic algorithms unique to another country or organisation in circumstances where the other country or organisation does not wish to have the particular cryptographic algorithms that it uses known outside its own organisation or frontiers.
DISCLOSURE OF THE INVENTION
This invention is directed to solving the problem of providing a secure cryptographic facility for use in a data processing system in which a structural separation can be maintained between a component responsible for performing the cryptographic algorithms themselves and other parts of the facility in such a manner that the functions required of the component responsible for performing the cryptographic algorithms are kept to a minimum. To achieve this the invention provides a secure cryptographic facility for use in a data processing system, the facility being of the type having a first secure boundary through which passes an input/output path for receiving cryptographic service requests, cryptographic keys and associated control vectors, and comprising a control mechanism within the first secure boundary for controlling the use of cryptographic keys in accordance with control vectors which are cryptographically bound thereto, characterised in that the facility comprises a module having a second secure boundary, the module comprising within the second secure boundary: means to store a secret key; decryption logic for decrypting a data key using the secret key; and logic for performing a cryptographic algorithm using the data key, and in that the control mechanism and the module are arranged to pass to one another on an input/output path passing through the second secure boundary a data key in an encrypted form such that the encrypted data key can only be decrypted using the secret key, so that the clear value of the data key is not available outside the module, the control mechanism being arranged to control the use of the data key in accordance with a control vector which is cryptographically bound to the encrypted data key.
In other words, a key management scheme has been devised in which the architectural requirements for key secrecy and key usage control are separated, with the requirement for key secrecy for those keys associated with the component or components responsible for performing the cryptographic algorithms themselves being assigned to that part of the cryptographic facility and the requirement for key secrecy for those keys not associated with that part and for key usage control for all keys, including protected keys (e.g., encrypted keys) associated with such separate components being assigned to another part of the cryptographic facility.
In a preferred embodiment, the first secure boundary comprises a tamper-resistant housing and the module consists of one or more microchips. In this way, the control mechanism and the module are structurally separated by a physically secure boundary. However, the possibility is not excluded that software techniques be used to create a virtual secure boundary between different software elements within a single component.
In one embodiment, the decryption logic is arranged to use a symmetric cryptographic algorithm. In this case the secret key would be a universal master key common to all modules capable of communicating with each other. In an alternative embodiment, the decryption logic is arranged to use a public key cryptographic algorithm, the module comprising encryption logic arranged to encrypt the data key for transmission to a second similar cryptographic facility using a public key corresponding to the secret key stored in the second cryptographic facility.
BRIEF DESCRIPTION OF DRAWINGS
An embodiment of the invention will now be described by way of example only with reference to the accompanying drawings, wherein:
Fig 1 shows a secure cryptographic facility in an encryption mode;
Fig 2 is a flow diagram showing a data encryption process;
Fig 3 shows a secure cryptographic facility in a decryption mode; Fig 4 is a flow diagram showing a data decryption process.
BEST MODES FOR CARRYING OUT THE INVENTION
Referring to Fig 1 there is shown in schematic block diagram form a cryptographic facility 10 for use in a communications system in which a plurality of cryptographic systems are interconnected in a data communications network. It will be appreciated that each cryptographic system in the network would include such a cryptographic facility, together with a cryptographic key data set for the storage of encrypted keys, and suitable software for controlling the use of the cryptographic facility.
The cryptographic facility is located within a tamper-resistant housing which forms a first secure boundary represented at 15.
Cryptographic facility 10 includes a module 20 in which is encapsulated the actual cryptographic algorithms employed by the facility 10. Module 20 has a second secure boundary 25. In a preferred embodiment component 20 is in the form of a single microchip. Such an implementation gives rise to a secure boundary 25 in view of the practical impossibility of reverse engineering the microchip to determine the algorithms embodied therein. Of course, in other embodiments other means might be used to achieve this, such as the use of a second tamper-proof housing. It is also possible that, in some embodiments, secure boundary 25 might be implemented using suitable programming techniques.
Module 20 includes suitably arranged logic 40 for performing a secret cryptographic algorithm and a non-volatile storage device 30 in which is stored a common secret master key M. It will be appreciated by those skilled in the art that there are many ways in which this key M could be 'burnt in' to a microchip during manufacture. This same key M would be stored in each cryptographic facility in the communications system. The data keys used in encryption or decryption are encrypted with this master key. The data keys are decrypted within component 20 only when they are expressly used in a cryptographic algorithm, such as to encrypt or decrypt data or generate message authentication codes. At all times when data keys are exposed outside component 20, they are encrypted with this master key.
By encrypting the data keys with master key M, it is not possible for a clear data key to be intercepted. Consequently, it is not possible to carry out off-line attacks against intercepted encrypted data. All attacks must be on-line attacks, since the encrypted data key is operable only on a cryptographic device containing the master key. It will be understood that encryption via the master key does not prevent insider attacks, since an intercepted encrypted data key is in exactly the right form to be used at the cryptographic device.
Since the same secret master key M is implemented in component 20 of the cryptographic facility of every cryptographic device in the system, the encrypted data keys can be freely exchanged and used on any cryptographic device in the system.
Cryptographic facility 10 also includes a key usage control mechanism 50 based on control vectors and a key hierarchy that makes use of a unique key-encrypting key (KK) shared between each pair of communicating devices and a unique master key KMc different from M (not shown) stored outside component 20. The master key KMc is used to encrypt other keys so that they may be safely stored in a key table outside the cryptographic facility 10. The use of the key hierarchy and the means used to distribute the key encrypting key KK are conventional and will be well understood by those skilled in the art, see for example US-A- 4,941,176 'Secure Management of Keys Using Control Vectors' the contents of which are incorporated herein by reference. Consequently, they will not be described in any further detail herein.
Fig 1 shows, for the sake of example, the cryptographic facility configured in a encryption mode to generate as output a ciphertext from an input plaintext. The steps of the encryption process are shown in the flow diagram of Fig 2. Other cryptographic functions are also supported by module 20, such as the generation and verification of message authentication code (MACs) and modification detection codes (MDCs).
First, a data key KD is generated in component 20 in step 200. The input plaintext is encrypted in step 210 using an symmetric cryptographic algorithm stored within component 20 using data key KD. The data key KD is encrypted under the master key M in step 220.
It will be appreciated that the data key need not as such be generated inside module 20. In an alternative embodiment, a random number would be generated outside module 20, supplied to module 20 and defined to be eM(KD), ie the data key encrypted under the master key M. This quantity can then be decrypted within module 20 using M to obtain the data key KD for use in generating the ciphertext. In this case, it will be observed that module 20 would not actually need the facility to encrypt data keys using M, but only to decrypt them.
The encrypted value eM(KD) is then passed out of component 20 and processed by control mechanism 50. A control vector C is generated in step 230 and XOR'd with a key encrypting key KK to form a variant key KKC. It will be understood that the control vector C could be generated outside of and input to the cryptographic facility 10. In this case, some checking of the control vector would be required to ensure that a proper control vector has been specified.
Key encrypting key KK could be loaded into cryptographic facility 10 in clear form and stored inside cryptographic facility 10 in a table. Alternatively, the control mechanism 50 could have its own Master key KMc and KK could be encrypted under KMc and stored in a key table outside the cryptographic facility 10. In this case the cryptographic software would present eKMc(KK) to cryptographic facility 10 when KK is needed. The means for generating, encrypting and decrypting, storing and using key encrypting keys is well known in the art and will not be further described herein.
The control vector C contains a collection of individual faβfeϊds that collectively define the attributes and allowed uses of a key, be it either a data key or another key-encrypting key, encrypted by this variant key. The control vector might indicate, for example, that the data key is an encipher key or a decipher key or a MAC generate key or a MAC verify key.
The encrypted data key eM(KD) is then itself encrypted in step 240 uβing KKC in order to cryptographically bind the data key KD to the control vector C. Finally the ciphertext, the control vector C and the encrypted data key eKKC(eM(KD)) are transmitted in step 250 to a receiving device.
As described, encryption steps 210 and 220 must be carried out by a suitable cryptographic algorithm within module 20 to avoid exposing the data key KD outside module 20. Encryption step 240 can be carried out outside module 20. It should be noted however that even though steps 210 and 220 must be carried out within module 20 the algorithms used in steps 210 and 220 need not be the same.
Fig 3 shows the cryptographic facility configured as a decryption device. In this case logic 40 is used to decrypt the ciphertext to regenerate a plaintext.
The steps of this process are shown in the flow diagram of Fig. 4.
First the ciphertext, control vector C and encrypted data key eKKC(eM(KD)) are received in step 400. The control vector C is checked in conventional fashion in step 410 to determine the permitted uses of data key KD. The first stage of recovering data key KD is carried out in step 420 by decrypting the encrypted quantity eKKC(eM(KD)) to recover eM(KD). This step is carried out in the control mechanism 50 outside the boundary of module 20. The recovered quantity eM(KD) is then passed to component 20 which recovers the data key KD using M in step 430 and using the recovered data key to decrypt the ciphertext in step 440.
It will be recognised by those skilled in the art that, notwithstanding the fact the data key KD is not exposed outside module 20, the need to trust the cryptographic facility 10 is not eliminated, since it functions to restrict the use of the data key to any of the allowed possibilities and therefore has the means to misuse its "authority," e.g., in giving more rights to a key then intended by the application program creating the key.
It can be seen that two levels of encryption are used. The first level of encryption consists of encrypting the data key with a master key belonging to module 20. This is done to ensure privacy of data key KD. The second level of encryption consists of encrypting the data key with a variant key produced as the Exclusive OR product of a key and a control vector. This is done for the purpose of key usage control. In effect, the two levels of encryption are a logical equivalent of "tunnelling", ie the key-privacy mechanism/protocol is tunnelled in the key-usage-control mechanism/protocol. By keeping these two mechanisms logically separate and independent, it allows module 20 and the rest of the cryptographic facility to be developed independently according to the design goals of each respective part, and only brought together in the final product.
In the above described embodiment each module 20 shares the same secret master key M. As long as this key is not revealed, the method remains secure. However, if an adversary could reverse engineer one module 20 and discover the secret master key M, then the protection mechanism would be defeated everywhere.
Therefore in an improved embodiment, a public key algorithm in module 20 is used to protect the data key.
In this enhanced embodiment, each module 20 comprises public/private key generation means for generating a unique public and private key pair for the module and logic for encrypting/decrypting data keys using a public key algorithm with the public and private keys, respectively.
The public key of each module 20 would be registered with a certification centre, which has its own public and private key pair. The public key of the certification centre is installed in each module 20 using means not described here but well known in the art. The certification centre produces a signed certificate for each of the public keys of each module 20.
Each cryptographic device can request the certificate for any other device with which it desires to communicate. Each device could hold its own certificate or they could be stored in a central repository. Module 20 must also have means to validate a certificate using the public key of the certification centre. Once a certificate has been validated, the public key of the desired receiving device can be used by module 20 to encrypt the data key.
In this case, two encrypted copies of the data-key are made. First, a sending module 20 encrypts the data key under the public key of a receiving module 20 for transmission to that receiving module and decryption using the private key of that module. Secondly the sending module encrypts the data key under its own public key for subsequent use in that module. In this way, the data key KD can be stored in encrypted form outside module 20 without exposing the data key and only the sending and receiving modules 20 have access to the data key.
INDUSTRIAL APPLICABILITY
The invention is industrially applicable in the field of data processing and data communications.

Claims

1. A secure cryptographic facility for use in a data processing system, the facility being of the type having a first secure boundary through which passes a path for receiving cryptographic service requests, cryptographic keys and associated control vectors, and comprising a control mechanism (50) within the first secure boundary for controlling the use of cryptographic keys in accordance with control vectors which are cryptographically bound thereto,
characterised in that
the facility comprises a module (20) having a second secure boundary, the module (20) comprising within the second secure boundary:
means (30) to store a secret key;
decryption logic for decrypting a data key using the secret key;
and logic (40) for performing a cryptographic algorithm using the data key,
and in that the control mechanism (50) and the module (20) are arranged to pass to one another on an input/output path passing through the second secure boundary a data key in an encrypted form such that the encrypted data key can only be decrypted using the secret key, so that the clear value of the data key is not available outside the module (20), the control mechanism (50) being arranged to control the use of the data key in accordance with a control vector which is cryptographically bound to the encrypted data key.
2. A cryptographic facility as claimed in claim 1 wherein the control mechanism (50) and the module (20) are structurally separated.
3. A cryptographic facility as claimed in claim 2 wherein the first secure boundary (15) comprises a tamper-resistant housing and the module (20) consists of one of more microchips.
4. A cryptographic facility as claimed in any of claims 1 to 3 wherein the decryption logic is arranged to use a symmetric cryptographic algorithm.
5. A cryptographic facility as claimed in any of claims 1 to 3 wherein the decryption logic is arranged to use a public key cryptographic algorithm, the module (20) comprising encryption logic arranged to encrypt the data key for transmission to a second similar cryptographic facility using a public key corresponding to the secret key stored in the second cryptographic facility.
PCT/US1995/006802 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facility WO1996038948A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU38225/95A AU3822595A (en) 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facil ity
PCT/US1995/006802 WO1996038948A1 (en) 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facility
EP95936188A EP0809904A1 (en) 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facility

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US1995/006802 WO1996038948A1 (en) 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facility

Publications (1)

Publication Number Publication Date
WO1996038948A1 true WO1996038948A1 (en) 1996-12-05

Family

ID=22249204

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1995/006802 WO1996038948A1 (en) 1995-05-30 1995-05-30 Apparatus for key management in a secure cryptographic facility

Country Status (3)

Country Link
EP (1) EP0809904A1 (en)
AU (1) AU3822595A (en)
WO (1) WO1996038948A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4941176A (en) * 1988-08-11 1990-07-10 International Business Machines Corporation Secure management of keys using control vectors

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4941176A (en) * 1988-08-11 1990-07-10 International Business Machines Corporation Secure management of keys using control vectors

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
S.M.MATYAS ET AL.: "A KEY-MANAGEMENT SCHEME BASED ON CONTROL VECTORS", IBM SYSTEMS JOURNAL, vol. 30, no. 2, ARMONK, NEW YORK US, pages 175 - 191, XP000234623 *

Also Published As

Publication number Publication date
EP0809904A1 (en) 1997-12-03
AU3822595A (en) 1996-12-18

Similar Documents

Publication Publication Date Title
EP0576224B1 (en) Cryptographic key management apparatus and method
CA2100234C (en) Commercial data masking
US4386233A (en) Crytographic key notarization methods and apparatus
EP0292790B1 (en) Controlling the use of cryptographic keys via generating station established control values
US6907127B1 (en) Hierarchical key management encoding and decoding
US6456716B1 (en) Apparatus and method for establishing a crytographic link between elements of a system
EP0539727B1 (en) Cryptographic facility environment backup/restore and replication in a public key cryptosystem
US5787172A (en) Apparatus and method for establishing a cryptographic link between elements of a system
US5109152A (en) Communication apparatus
JP4409946B2 (en) Interactive protocol for remote management to control access to scrambled data
NO179160B (en) Field upgradable security system for processing signals
TWI517653B (en) An electronic device and method for cryptographic material provisioning
CN1954540A (en) Multi-protocol network encryption system
CN112368974A (en) Method for securing data exchange in a distributed infrastructure
US6144744A (en) Method and apparatus for the secure transfer of objects between cryptographic processors
EP1258796A2 (en) Copy protection method and system for a field-programmable gate array
CA2186699C (en) Encryption system for mixed-trust environments
US6975728B1 (en) Hierarchical key management
CA2341689C (en) Method for the secure, distributed generation of an encryption key
CN114679270A (en) Data cross-domain encryption and decryption method based on privacy calculation
Smid Integrating the Data Encryption Standard into computer networks
Meadows Representing partial knowledge in an algebraic security model
EP0809904A1 (en) Apparatus for key management in a secure cryptographic facility
CN1232067C (en) Data encryption transmission and exchange method in self-cycle balance state and soft-closed management system
JPH0491531A (en) Confidential data transferring method using ic card

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AM AU BG BR BY CA CN CZ EE FI GE HU JP KG KP KR KZ LT LV MD MN MX NO NZ PL RO RU SI SK TJ TT UA US UZ

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE

ENP Entry into the national phase

Ref country code: US

Ref document number: 1997 564166

Date of ref document: 19970130

Kind code of ref document: A

Format of ref document f/p: F

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1995936188

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1995936188

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: CA

WWR Wipo information: refused in national office

Ref document number: 1995936188

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1995936188

Country of ref document: EP