Cryptographic communication security for multiple domain networks4227253
Abstract
A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key fron encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems.
Claims
What is claimed is:
1. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key, an arrangement for establishing a common operational key for cryptographic operations between said host systems comprising:
means in said first host system cryptographic apparatus providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system,
means in said first host system cryptographic apparatus providing an operational key in protected form,
cipher means in said first host system cryptographic apparatus operably responsive to said enciphered cross domain key and said protected operational key to perform a cryptographic operation for providing said operational key enciphered under said cross domain key for transmission to said second host system,
means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and
cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received enciphered operational key to perform a cryptographic operation for providing said operational key enciphered under a second key encrypting key of said second host system cryptographic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.
2. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptograhic apparatus provided with a second master key, an arrangement for establishing a common operational key for cryptographic operations between said host systems comprising:
means in said first host system cryptographic apparatus providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system,
means in said first host system cryptographic apparatus providing an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus,
cipher means in said first host system cryptographic apparatus operably responsive to said enciphered cross domain key and said enciphered operational key to perform a cryptographic operation for reenciphering said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission to said second host system,
means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and
cipher means in said second host system cryptographic apparatus operably responsive to said second host system enciphered cross domain key and said received enciphered operational key to perform a cryptographic operation for reenciphering said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system cryptographic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.
3. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first key encrypting key of said first host system cryptographic apparatus is a variant of said first master key.
4. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.
5. In a multiple domain data communication network as defined in claim 2 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said second key encrypting key of said second host system cryptographic apparatus is said second master key.
6. In a multiple domain data communication network providing communication security for communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key where the cryptographic apparatus of each host system provides a cross domain key for cryptographic cross domain communication wit the other host system, an arrangement in said first host cryptographic apparatus for protecting the cross domain key provided by said first host system cryptographic apparatus comprising:
first host system working key storage means,
means storing a first key encrypting key of said first host system in said first host working key storage means as a working key,
means providing first input data representing said cross domain key provided by said first host system, and
cipher means operable in a first cipher function to encipher said input data under control of said working key to obtain ciphertext representing said cross domain key provided by said first host system enciphered under said first key encrypting key.
7. In a multiple domain data communication network as defined in claim 6 wherein said first key encrypting key is a variant of said first master key.
8. In a multiple domain data communication network as defined in claim 6 for further providing an arrangement in said first host system cryptographic apparatus for protecting the cross domain key provided by said second host system wherein said first host system cryptographic apparatus further includes:
means storing a second key encrypting key of said first host system in said working key storage means to replace said first key encrypting key as the present working key
said input means providing second input data representing said cross domain key provided by said second host system,
said cipher means operable in a second cipher function to encipher said second input data under control of said present working key to obtain ciphertext representing said cross domain key providing by said second host system enciphered under said second key encrypting key.
9. In a multiple domain data communication network as defined in claim 8 wherein said first and second key encrypting keys are first and second variants, respectively, of said first master key.
10. In a multiple domain communication network as defined in claim 6 for further providing an arrangement in said second host system cryptographic apparatus for protecting said cross domain key provided by said first host system cryptographic apparatus comprising:
second host system working key storage means,
means storing a first key encrypting key of said second host system in said second host system working key storage means as a second host working key,
means providing second host system input data representing said cross domain key provided by said first host system, and
second host system cipher means operable in a first cipher function to encipher said second host system input data under control of said second host working key to obtain ciphertext representing said cross domain key provided by said first host system enciphered under said first key encrypting key of said second host system.
11. In a multiple domain communication network as defined in claim 10 wherein said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.
12. In a multiple domain data communication network providing communication security for data communication sessions between a terminal associated with a first host system in one domain and an application program associated with a second host system in another domain where said terminal, said first host system and said second host system having cryptographic apparatus provided with a terminal master key, a first master key and a second master key, respectively, an arrangement for establishing a cryptographic cross domain communication session between said terminal and said application program comprising:
means in said first host system cryptographic apparatus providing said terminal master key enciphered under a first key encrypting key of said first host system cryptographic apparatus,
means in said first host system cryptographic apparatus providing an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus,
cipher means in said first host system cryptographic apparatus operably responsive to said enciphered terminal master key and said enciphered operational key for performing a first cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said terminal master key,
means in said first host system cryptographic apparatus providing a cross domain key enciphered under said first key encrypting key,
said cipher means operably responsive to said enciphered cross domain key and said operational key enciphered under said second key encrypting key for performing a second cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission with said operational key enciphered under said terminal master key to said second host system,
means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and
cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key for performing a cryptographic operation to reencipher said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system cryptographic apparatus for transmission with said operational key enciphered under said terminal master key to said application program,
said application program transmitting said operational key enciphered under said terminal master key to said terminal so that said operational key in enciphered form is commonly available at said terminal and said application program for subsequent cryptographic operations.
13. In a multiple domain data communication network as defined in claim 12 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first encrypting key of said first host system cryptographic apparatus is a variant of said first master key.
14. In a multiple domain data communication network as defined in claim 12 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first encrypting key of said second host system cryptographic apparatus is a variant of said second master key.
15. In a multiple domain communication network as defined in claim 12 wherein said terminal cryptographic apparatus is operably responsive to terminal plaintext and said operational key enciphered under said terminal master key for performing an encipher operation to obtain terminal ciphertext representing said terminal plaintext enciphered under said operational key for transmission to said second host system.
16. In a multiple domain communication network as defined in claim 15 wherein said second host system cryptographic apparatus is operably responsive to said terminal ciphertext and said operational key enciphered under said second key encrypting key of said second host system for performing a decipher operation to obtain said terminal plaintext at said second host system for use by said application program.
17. In a multiple domain communication network as defined in claim 12 wherein said second host system cryptographic apparatus is operably responsive to second host system plaintext and said operational key enciphered under said second key encrypting key of said second host system for performing an encipher operation to obtain second host system ciphertext representing said second host system plaintext enciphered under said operational key for transmission to said terminal.
18. In a multiple domain communication network as defined in claim 17 wherein said terminal cryptographic apparatus is operably responsive to said second host system ciphertext and said operational key enciphered under said terminal master key for performing a decipher operation to obtain said second host system plaintext at said terminal.
19. In a multiple domain data communication network providing communication security for data communication sessions between a first application program associated with a first host system in one domain and a second application program associated with a second host system in another domain where said first host system has cryptographic apparatus provided with a first master key and an application key associated with said first application program and said second host system has cryptographic apparatus provided with a second master key, an arrangement for establishing a cryptographic cross domain communication session between said application programs comprising:
means in said first host system cryptographic apparatus providing said application key enciphered under a first key encrypting key of said first host system cryptographic apparatus,
means in said first host system cryptographic apparatus providing an operational key enciphered under said application key,
cipher means in said first host system cryptographic apparatus operably responsive to said enciphered application key and said enciphered operational key for performing a first cryptographic operation to reencipher said operational key from encipherment under said application key to encipherment under a second key encrypting key of said first host system cryptographic apparatus,
means in said first host system cryptographic apparatus providing a cross domain key enciphered under a third key encrypting key of said first host system cryptographic apparatus,
said cipher means operably responsive to said enciphered cross domain key and said operational key enciphered under said second key encrypting key for performing a second cryptographic operation to reencipher said operational key from encipherment under said second key encrypting key to encipherment under said cross domain key for transmission with said operational key enciphered under said application key to said second host system,
means in said second host system cryptographic apparatus providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and
cipher means in said second host system cryptographic apparatus operably responsive to said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key for performing a cryptographic operation to reencipher said operational key from encipherment under said cross domain key to encipherment under a second key encrypting key of said second host system cryptographic apparatus for transmission with said operational key enciphered under said application key to second said application program,
said application program transmitting said operational key enciphered under said application key to said first application program, and said cipher means in said first host system cryptographic apparatus operably responsive to said application key enciphered under said first key encrypting key of said first host system and said received enciphered operational key for performing a third cryptographic operation to reencipher said operational key from encipherment under said application key to encipherment under said second key encrypting key of said first host system for use by said first application program so that said operational key in enciphered form is commonly available to said application programs for subsequent cryptographic operations.
20. In a multiple domain data communication network as defined in claim 19 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first and third key encrypting keys of said first host system cryptographic apparatus are first and second variants, respectively, of said first master key.
21. In a multiple domain data communication network as defined in claim 19 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.
22. In a multiple domain communication network as defined in claim 19 wherein said first host system cryptographic apparatus is operably responsive to first host system plaintext in accordance with said first application program and said operational key enciphered under said application key for performing an encipher operation to obtain first host system ciphertext representing said first host system plaintext enciphered under said operational key for transmission to said second host system.
23. In a multiple domain communication network as defined in claim 22 wherein said second host system cryptographic apparatus is operably responsive to said first host system ciphertext and said operational key enciphered under said second key encrypting key of said second host system for performing a decipher operation to obtain said first host system plaintext at said second host system for use by said second application program.
24. In a multiple domain communication network as defined in claim 19 wherein said second host system cryptographic apparatus is operably responsive to second host system plaintext and said operational key enciphered under said second key encrypting key of said second host system for performing an encipher operation to obtain second host system ciphertext representing said second host system plaintext enciphered under said operational key for transmission to said first host system.
25. In a multiple domain communication network as defined in claim 24 wherein said first host system cryptographic apparatus is operably responsive to said second host system ciphertext and said operational key enciphered under said second key encrypting key of said first host system for performing a decipher operation to obtain said second host system plaintext at said first host system for use by said first application program.
26. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key, the method of establishing a common operational key for cryptographic operations between said host systems comprising the steps of:
providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system
providing an operational key in protected form,
carrying out a cryptographic operation at said first host system cryptographic apparatus in accordance with said enciphered cross domain key and said protected operational key to provide said operational key enciphered under said cross domain key,
communicating said operational key enciphered under said cross domain key to said second host system,
providing said cross domain key enciphered under a first key encrypting key of said second host cryptographic apparatus, and
carrying out a cryptographic operation at said second host system cryptographic apparatus in accordance with said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key to provide said operational key enciphered under a second key encrypting key of said second host system cryptographic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.
27. In a multiple domain data communication network providing communication security for data communication sessions between a first host system in one domain having cryptographic apparatus provided with a first master key and a second host system in another domain having cryptographic apparatus provided with a second master key, the method for establishing a common operational key for cryptographic operations between said host systems comprising the steps of:
providing a cross domain key enciphered under a first key encrypting key of said first host system cryptographic apparatus for cross domain communication with said second host system,
providing an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus,
carrying out a cryptographic operation at said first host system cryptographic apparatus in accordance with said enciphered cross domain key and said enciphered operational key to provide said operational key enciphered under said cross domain key,
communicating said operational key enciphered under said cross domain key to said second host system,
providing said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus, and
carrying out a cryptographic operation at said second host system cryptographic apparatus in accordance with said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key to provide said operational key enciphered under a second key encrypting key of said second host system crypotgraphic apparatus which is usable by said second host system cryptographic apparatus to perform cryptographic operations with said first host system.
28. In a multiple domain data communication network providing communication security for data communication sessions between a terminal associated with a first host system in one domain and an application program associated with a second host system in another domain where said terminal, said first host system and said second host system have cryptographic apparatus provided with a terminal master key, a first master key and a second master key, respectively, the method of establishing a cryptographic cross domain communication session between said terminal and said application program comprising the steps of:
providing at said first host system said terminal master key enciphered under a first key encrypting key of said first host system cryptographic apparatus,
providing at said first host system an operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus,
carrying out a first cryptographic operation at said first host system cryptographic apparatus in accordance with said enciphered terminal master key and said enciphered operational key to provide said operational key enciphered under said terminal master key,
providing at said first host system a cross domain key enciphered under said first key encrypting key,
carrying out a second cryptographic operation at said first host system cryptographic apparatus in accordance with said enciphered cross domain key and said operational key enciphered under said second key encrypting key to provide said operational key enciphered under said cross domain key,
communicating said operational key enciphered under said terminal master key and said operational key enciphered under said cross domain key to said second host system,
providing at said second host system said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus,
carrying out a first cryptographic operation at said second host system cryptographic apparatus in accordance with said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key to provide said operational key enciphered under a second key encrypting key of said second host system cryptographic apparatus,
communicating said operational key enciphered under said second key encrypting key of said second host system and said operational key enciphered under said terminal master key to said application program, and
communicating said operational key enciphered under said terminal master key from said application program to said terminal so that said operational key in enciphered form is commonly available at said terminal and said application program for subsequent cryptographic operations.
29. In a multiple domain data communication network as defined in claim 28 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first key encrypting key of said first host system is a variant of said first master key.
30. In a multiple domain data communication network as defined in claim 28 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system is a variant of said second master key.
31. In a multiple domain data communication network as defined in claim 28 further providing a cryptographic data communication between said terminal and said application program comprising the further steps of:
providing terminal plaintext at said terminal,
carrying out a cryptographic operation at said terminal cryptographic apparatus to encipher said terminal plaintext in accordance with said operational key enciphered under said terminal master key to provide terminal ciphertext representing said terminal plaintext enciphered under said operational key,
communicating said terminal ciphertext to said second host system, and
carrying out a second cryptographic operation at said second host system cryptographic apparatus to decipher said terminal ciphertext in accordance with said operational key enciphered under said second key encrypting key of said second host system to provide said terminal plaintext for use by said application program.
32. In a multiple domain data communication network as defined in claim 28 further providing a cryptographic data communication between said application program and said terminal comprising the further steps of:
providing second host system plaintext in accordance with said application program,
carrying out a second cryptographic operation at said second host system cryptographic apparatus to encipher said second host system plaintext in accordance with said operational key enciphered under said second key encrypting key of said second host system to provide second host system ciphertext representing said second host system plaintext enciphered under said operational key,
communicating said second host system ciphertext from said application program to said terminal, and
carrying out a cryptographic operation at said terminal cryptographic apparatus to decipher said second host system ciphertext in accordance with said operational key enciphered under said terminal master key to provide said second host system plaintext for use by said terminal.
33. In a multiple domain data communication network providing communication security for data communication sessions between a first application program associated with a first host system in one domain and a second application program associated with a second host system in another domain where said first host system has cryptographic apparatus provided with a first master key and an application key associated with said first application program and said second host system has cryptographic apparatus provided with a second master key, the method of establishing a cryptographic cross domain communication session between said application programs comprising the steps of:
providing at said first host system said application key enciphered under a first key encrypting key of said first host system cryptographic apparatus,
providing at said first host system an operational key enciphered under said application key,
carrying out a first cryptographic at said first host system cryptographic apparatus in accordance with said enciphered application key and said enciphered operational key to provide said operational key enciphered under a second key encrypting key of said first host system cryptographic apparatus,
providing at said first host system a cross domain key enciphered under a third key encrypting key of said first host system cryptographic apparatus,
carrying out a second cryptographic operation at said first host system cryptographic apparatus in accordance with said enciphered cross domain key and said operational key enciphered under said second key encrypting key to provide said operation key enciphered under said cross domain key,
communicating said operational key enciphered under said application key and said operational key enciphered under said cross domain key to said second host system,
providing at said second host system said cross domain key enciphered under a first key encrypting key of said second host system cryptographic apparatus,
carrying out a first cryptographic operation at said second host system cryptographic apparatus in accordance with said cross domain key enciphered under said first key encrypting key of said second host system and said received operational key enciphered under said cross domain key to provide said operational key enciphered under a second key encrypting key of said second host system cryptographic apparatus,
communicating said operational key enciphered under said second key encrypting key of said second host system and said operational key enciphered under said application key to said second application program,
communicating said operational key enciphered under said application key from said second application program to said first application program, and
carrying out a third cryptographic operation at said first host system cryptographic apparatus in accordance with said application key enciphered under said first key encrypting key of said first host system and said received operational key enciphered under said application key to provide said operational key enciphered under said second key encrypting key of said first host system so that said operational key in enciphered form is commonly available to said application programs for subsequent cryptographic operations.
34. In a multiple domain data communication network as defined in claim 33 wherein said second key encrypting key of said first host system cryptographic apparatus is said first master key and said first and third key encrypting keys of said first host system cryptographic apparatus are first and second variants, respectively, of said first master key.
35. In a multiple domain data communication network as defined in claim 33 wherein said second key encrypting key of said second host system cryptographic apparatus is said second master key and said first key encrypting key of said second host system cryptographic apparatus is a variant of said second master key.
36. In a multiple domain data communication network as defined in claim 33 further providing a cryptographic data communication between said first application program and said second application program comprising the steps of:
providing first host system plaintext in accordance with said first application program,
carrying out a fourth cryptographic operation at said first host system cryptographic apparatus to encipher said first host system plaintext in accordance with said operational key enciphered under said second key encrypting key of said first host system to provide first host system ciphertext representing said first host system plaintext enciphered under said operational key,
communicating said first host system ciphertext to said second host system, and
carrying out a second cryptographic operation at said second host system cryptographic apparatus to decipher said first host system ciphertext in accordance with said operational key enciphered under said second key encrypting key of said second host system to provide said first host system plaintext for use by said second application program.
37. In a multiple domain data communication network as defined in claim 33 further providing a cryptographic data communication between said second application program and said first application program comprising the steps of:
providing second host system plaintext in accordance with said second application program,
carrying out a second cryptographic operation at said second host system cryptographic apparatus to encipher said second host system plaintext in accordance with said operational key enciphered under said second key encrypting key of said second host system to provide second host system ciphertext representing said second host system plaintext enciphered under said operational key,
communicating said second host system ciphertext to said first host system, and
carrying out a fourth cryptographic operation at said first host system cryptographic apparatus to decipher said second host system ciphertext in accordance with said operational key enciphered under said second key encrypting key of said first host system to provide said second host system plaintext for use by said first application program.
38. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus provided with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys, an arrangement for communicating a cryptographic operational key in protected form provided by one of said host systems to the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising:
means in said one of said host systems providing said operational key enciphered under a cross domain key for cross domain communication between said one of said host systems and said other of said host systems,
means in said other of said host systems providing said cross domain key enciphered under a first master key of said other of said host systems, and
means in said other of said host systems operably responsive to said enciphered cross domain key and said enciphered operational key received from said one of said host systems to perform a cryptographic operation providing said operational key enciphered under a second master key of said other of said host systems which is in usable form for carrying out cryptographic operational functions at said other of said host systems.
39. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus provided with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys, an arrangement for communicating a cryptographic operational key in protected form provided by one of said host systems to the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising:
means in said one of said host systems providing a cross domain key for cross domain communication between said one of said host systems and said other of said host systems enciphered under a first master key of said one of said host systems,
means in said one of said host systems providing said operational key enciphered under a second master key of said one of said host systems,
means in said one of said host systems operably responsive to said enciphered cross domain key and said enciphered operational key to perform a cryptographic operation providing said operational key enciphered under said cross domain key for transmission to said other of said host systems,
means in said other of said host systems providing said cross domain key enciphered under a first master key of said other of said host systems, and
means in said other of said host systems operably responsive to said cross domain key enciphered under said first master key of said other of said host systems and said enciphered operational key received from said one of said host systems to perform a cryptographic operation providing said operational key enciphered under a second master key of said other of said host systems which is in a usable form for carrying out cryptographic operational functions at said other of said host systems.
40. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus providing with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys where each host system has a logical unit associated therewith and a logical unit communication key, an arrangement for communicating a cryptographic operational key in protected form provided by one of said host systems to the logical unit associated therewith via the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising:
means in said one of said host systems providing said operational key enciphered under the logical unit communication key of the logical unit associated with said one of said host systems,
means communicating said enciphered operational key from said one of said host systems to said other of said host systems,
means communicating said received enciphered operational key from said other of said host systems to the logical unit associated with said other of said host systems, and
means communicating said enciphered operational key from the logical unit associated with said other of said host systems to the logical unit associated with said one of said host systems.
41. In a multiple domain data communication network as defined in claim 40 wherein said logical unit associated with said one of said host systems is a terminal and the logical unit associated with the other of said host systems is an application program.
42. In a multiple domain data communication network as defined in claim 40 wherein said logical units associated with said host systems are application programs.
43. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus provided with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys, the method of communicating a cryptographic operational key in protected form providing by one of said host systems to the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising the steps of:
providing at said one of said host systems said operational key enciphered under a cross domain key for cross domain communication between said one of said host systems and said other of said host systems,
providing at said other of said host systems said cross domain key enciphered under a first master key of said other of said host systems, and
carrying out a cryptographic operation at said second host system in accordance with said enciphered cross domain key and said enciphered operational key received from said one of said host systems to provide said operational key enciphered under a second master key of said other of said host systems which is in usable form for carrying out cryptographic operational functions at said other of said host systems.
44. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus provided with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys, the method of communicating a cryptographic operational key in protected form provided by one of said host systems to the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising:
providing at said one of said host systems a cross domain key for cross domain communication between said one of said host systems and said other of said host systems enciphered under a first master key of said one of said host systems,
providing at said one of said host systems said operational key enciphered under a second master key of said one of said host systems,
carrying out a cryptographic operation at said one of said host systems in accordance with said enciphered cross domain key and said enciphered operational key to provide said operational key enciphered under said cross domain key for transmission to said other of said host systems,
providing at said other of said host systems said cross domain key enciphered under a first master key of said other of said host systems, and
carrying out a cryptographic operation at said other of said host systems in accordance with said cross domain key enciphered under said first master key of said other of said host systems and said enciphered operational key received from said one of said host systems to provide said operational key enciphered under a second master key of said other of said host systems which is in a usable form for carrying out cryptographic operational functions at said other of said host systems.
45. In a multiple domain data communication network providing communication security for data communication sessions between a host system in one domain having cryptographic apparatus provided with multiple keys and a host system in another domain having cryptographic apparatus provided with multiple keys where each host system has a logical unit associated therewith and a logical unit communication key, the method of communicating a cryptographic operational key in protected form provided by one of said host systems to the logical unit associated therewith via the other of said host systems without revealing the multiple keys of either of said host systems to the other of said host systems comprising the steps of:
providing at said one of said host systems said operational key enciphered under the logical unit communication key of the logical unit associated with said one of said host systems for communication from said one of said host systems to said other of said host systems,
communicating said enciphered operational key from said other of said host systems to the logical unit associated with said other of said host systems, and
communicating said enciphered operational key from the logical unit associated with said other of said host systems to the logical unit associated with said one of said host systems.
46. In the method defined in claim 45 wherein said logical unit associated with said one of said host systems is a terminal and the logical unit associated with the other of said host systems is an application program.
47. In the method as defined in claim 45 wherein said logical units associated with said host systems are application programs.
Description
CROSS REFERENCE TO RELATED APPLICATIONS
This application is related to the following patent applications which are concurrently filed herewith and assigned to the same assignee as the patent application:
1. "Cryptographic Communication and File Security Using Terminals", Ser. No. 857,533, (Docket No. K19-77006), filed Dec. 5, 1977, by Ehrsam et al.
2. "Cryptographic Communication Security for Single Domain Networks", Ser. No. 857,532, (Docket No. K19-77007), filed Dec. 5, 1977, by Ehrsam et al.
3. "Cryptographic File Security for Single Domain Networks", Ser. No. 857,534, (Docket No. K19-77008), filed Dec. 5, 1977, by Ehrsam et al.
4. "Cryptographic File Security for Multiple Domain Networks", Ser. No. 857,535, (Docket No. K19-77014), filed Dec. 5, 1977, by Ehrsam et al.
5. "Cryptograhic Verification of Operational Keys Used in Communication Networks", Ser. No. 857,546, (Docket No. K19-77012), filed Dec. 5, 1977, by Lennon et al.
BACKGROUND OF THE INVENTION
This invention relates to cryptographic communication security techniques and, more particularly, to communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and associated communication terminals each having a data security device which permits cryptographic operations to be performed.
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecure communication lines. Because of the insecurity of communication lines, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmitted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data communication network may include a complex of communication terminals connected via communication lines to a single host system and its associated resources such as the host programs and locally attached terminals and data files. Within the data communication network, the domain of the host system is considered to be the set of resources known to and managed by the host system. Various single domain data communication networks have been developed in the prior art using cryptographic techniques for improving the security of data communication within the network. In such networks, a cryptographic facility is provided at the host system and at various ones of the remote terminals. In order for the host system and a remote terminal to perform a cryptographic communication, both must use the same cryptographic algorithm and a common operational cryptographic key so that the data enciphered by the sending station can be deciphered at the receiving station. In prior art cryptographic communication arrangements, the operational key to be used at the sending station is communicated by mail, telephone or courier to the receiving station so that a common operational key is installed at both stations to permit the cryptographic communications to be performed. Furthermore, the operational key was kept for a relatively long period of time. In order to present a "moving target" to an opponent, other prior art arrangements developed techniques which improved security by changing operational keys dynamically where the frequency of changing keys is done automatically by the system. One such tenchique is provided in the IBM 3600 Finance Communication System utilizing the IBM 3614 consumer transaction facility as remote terminals and is exemplified by U.S. Pat. No. 3,956,615 issued May 11, 1976.
As the size of data communication networks increases, other host systems may be brought into the network to provide multiple domain networks with each host system having knowledge of and managing its associated resources which make up a portion or domain of the network. By providing the proper cross domain data link between the domains of the network, two or more domains may be interconnected to provide a networking facility. Accordingly, as the size of the network increases and the number of communication lines interconnecting the domains of network increases, there is an increasing need to provide communication security for data transmitted over such communication lines connecting the domains of a multiple domain communication network.
Accordingly, it is an object of the invention to maintain communication security of data transmissions in a multiple domain network.
Another object of the invention is to establish cryptographic communication sessions between host systems in different domains of a multiple domain network without revealing the keys of each host system to the other host system.
A further object of the invention is to maintain communication security of data transmission between a terminal associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still another object of the invention is to maintain communication security of data transmissions between an application program associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still a further object of the invention is to provide a cross-domain key which allows communication sessions to be established between different domains of a multiple domain network.
Still another object of the invention is to provide a cross-domain key which is known by a sending and receiving host system in different domains of a multiple domain network.
Still a further object of the invention is to create cross-domain keys for cross-domain data communications between a host system in one domain and host systems in other domains of a multiple domain network.
Still another object of the invention is to create a cross-domain key for cross-domain data communications by generating a pseudo-random number which is defined as the cross-domain key.
Still a further object of the invention is to maintain the security of cross domain keys by protecting them under a host key encrypting key.
Still another object of the invention is to protect a cross domain key under a key encrypting key of a sending host system in one domain and under a different key encrypting key of a receiving host system in another domain of a multiple domain network.
Still a further object of the invention is to protect a cross domain key under a variant of the master key of a sending host system in one domain and under a different variant of the master key of a receiving host system in another domain of a multiple domain network.
Still another object of the invention is to protect cross-domain keys used for data transmissions from the host system in one domain to the host system in another domain by a first host key encrypting key and to protect cross domain keys used for data transmissions from the host system in the other domain to the host system in the one domain by a second host key encrypting key.
Still a further object of the invention is to establish a common operational key between host systems in different domains of a multiple domain network to permit cross domain cryptographic operations to be performed.
Still another object of the invention is to establish a common operational key for a terminal in one domain and an application program in another domain to permit cross domain cryptographic operations to be performed.
Still a further object of the invention is to provide an irreversible transformation function which uses a protected cross-domain key at a sending host system in one domain to encipher a session key for transmission to a receiving host system in another domain of a multiple domain network.
Still another object of the invention is to provide an irreversible transformation function at a receiving host system using a protected cross-domain key to reencipher a received session key from encipherment under a cross-domain key to encipherment under the master key of the receiving host system.
Still a further object of the invention is to reencipher a session key created at a host system in one domain from encipherment under a host master key to encipherment under a cross-domain key for transmission to the host system in another domain.
Still another object of the invention is to reencipher a session key created at a host system in one domain from encipherment under a host master key to encipherment under a terminal key encrypting key of a terminal associated with the host system in the one domain with which a communication session is to be established.
Still a further object of the invention is to dynamically create a session key by generating a pseudo random number defined as a session key enciphered under an application key.
Still another object of the invention is to create application keys for the application programs associated with a host system in a data communication network.
Still a further object of the invention is to protect application keys by enciphering them under a host key encrypting key.
Still another object of the invention is to reencipher a session key created at a host system in one domain from encipherment under an application key to encipherment under the master key of the host system.
Still a further object of the invention is to dynamically create a different operational key for each new communication session between the host systems in different domains of a multiple domain network.
Still another object of the invention is to provide different operational keys for each new communication session between a terminal associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still a further object of the invention is to provide host data security devices for host systems in different domains of a multiple domain network to permit cross-domain cryptographic data communication.
In accordance with the invention, a multiple domain data communication network is provided in which each domain includes a host system with an integrated data security device and associated host programs and communication terminals with integrated data security devices. The data security devices of the host systems and the communication terminals include a memory for storing a master key and cryptographic apparatus for ciphering input data under control of a cryptographic key to produce ciphered output data. For cross-domain communication between the host system in one domain and the host system in another domain, the host data security device of each host system generates a random number which is defined as a cross domain key for cross domain communication between the two host systems and is communicated in a secure manner to the other host system. The cross-domain key generated at each host system is protected at that host system by encipherment under a first key encrypting key and stored in enciphered form as a sending cross-domain key while the cross-domain key received at that host system from the other host system is protected by encipherment under a second key encrypting key and stored in enciphered form as a receiving cross-domain key. When a communication session is to be established between the host system in one domain and the host system in another domain, the host data security device of the originating host system generates a random number which is defined as being a session key enciphered under the host master key of the originating host system. The originating host data security device then performs a transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the originating host master key to encipherment under the sending cross-domain key for transmission to the host system of the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received enciphered session key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the host master key of the receiving host system. At this point, the common session key is available in useable form at both host systems without revealing the master keys of each host system to the other host system and so as to permit subsequent cryptographic operations to be performed between the two host systems.
Other arrangements are also provided which permit a variety of communication security applications in a multiple domain network. In one such arrangement, a communication session is established between a terminal associated with a host system in one domain and an application program associated with a host system in another domain. The host data security device of the sending host system, in addition to generating the cross-domain key, generates a series of random numbers each of which is defined as the terminal master key for a terminal associated with the host system and is communicated to each terminal user in a secure manner for loading into the data security device of the respective terminals. The host data security device then enciphers and stores each of the terminal master keys under the same host key encrypting key which protects the cross-domain key to maintain the terminal keys in a secure manner. When a communication session is to be established between one of the terminals and the host system in the other domain, the host data security device generates a pseudo random number which is defined as being a session key enciphered under the host master key. The host data security device then performs a first transformation function in accordance with the enciphered terminal master key of the terminal and the enciphered session key to reencipher the session key from encipherment under the host master key to encipherment under the terminal master key. The host data security device then performs a second transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the host master key to encipherment under the sending cross-domain key. The session key enciphered under the terminal master key and the session key enciphered under the sending cross-domain key are then transmitted to the host system in the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received session key enciphered under the sending cross-domain key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the host master key of the receiving host system which is in useable form to carry out subsequent cryptographic operations at the host system in the other domain. The receiving host system then transmits the received session key enciphered under the terminal master key to the terminal with which the session is to be established. At this point, the common session key is available in useable form at both the terminal of the host system in the one domain and the host system in the other domain without having revealed the master keys of each host system to the other host system so as to permit subsequent cryptographic data processing operations to be performed between the two units in the different domains.
In another arrangement, using similar architecture, a communication session is established between an application program associated with a host system in one domain and an application program associated with a host system in another domain. The host data security device of the host system in the one domain, in addition to generating the sending cross-domain key, generates a series of random numbers each of which is defined as the application key for an application program associated with the host system. The host data security device then enciphers and stores each of the application keys under a key encrypting key which is different than the one which protects the sending cross-domain key to maintain the application keys in a secure manner. When a communication session is to be established between the application programs in the different domains, the host data security device generates a pseudo random number which is defined as a session key enciphered under the application key of the application program of the sending host system. The host data security device then performs a first transformation function in accordance with the enciphered application key and the enciphered session key to reencipher the session key from encipherment under the application key to encipherment under the sending host master key. The host data security device then performs a second transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the sending host master key to encipherment under the sending cross-domain key. The session key enciphered under the application key and the session key enciphered under the sending cross-domain key are then transmitted to the host system in the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received session key enciphered under the sending cross-domain key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the receiving host master key which is in useble form to carry out subsequent cryptographic operations by the application program at the receiving host system. The receiving host system then transmits the received session key enciphered under the application key to the application program of the sending host system with which the session is to be established. The application program at the sending host system requests the host data security device to perform another transformation function in accordance with the enciphered application key stored at the sending host system and the received enciphered session key to reencipher the session key from encipherment under the application key to encipherment under the sending host master key. At this point, the common session key is available in useable form at both host systems without having revealed the master keys of each host system to the other host system so as to permit subsequent cryptographic data processing operations to proceed between the two application programs in the different domains.
In addition, the above arrangements may include the use of pre-defined private terminal keys, private application keys or private session keys made known to both host systems to permit private cryptographic operations to be performed.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of a preferred embodiment of the invention, as illustrated in the accompanying drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 is a block diagram illustrating a multiple domain data communication network.
FIG. 2 is a block diagram of a representative multiple domain network illustrating, in block form, the details of a host and terminal in such a network.
FIG. 3 is a block diagram of a cryptographic engine which performs cryptographic functions in a logically and physically secure manner.
FIG. 4 illustrates in block diagram form a manual WMK function.
FIG. 5 illustrates in block diagram form a host controlled WMK function.
FIG. 6 illustrates in block diagram form a DECK function.
FIG. 7 illustrates in block diagram form a ENC function.
FIG. 8 illustrates in block diagram form a DEC function.
FIG. 9 illustrates in block diagram form a GRN function.
FIG. 10 illustrates in block diagram form an EMK0 function.
FIG. 11 illustrates in block diagram form an EMK1 function.
FIG. 12 illustrates in block diagram form an EMK2 function.
FIG. 13 illustrates in block diagram form an ECPH function.
FIG. 14 illustrates in block diagram form a DCPH function.
FIG. 15 illustrates in block diagram form a RFMK function.
FIG. 16 illustrates in block diagram form a RTMK function.
FIG. 17 is a block diagram illustrating the basic concepts of cryptographic communication security in a multiple domain network.
FIG. 18 is a block diagram illustrating details of cryptographic communication security in a multiple domain network involving a terminal and an application program in different domains of the network using system generated keys.
FIG. 19 is a block diagram illustrating details of cryptographic communication security in a multiple domain network involving application programs in different domains of the network using system generated keys.
FIG. 20 is a block diagram illustrating details of cryptographic communication security in a multiple domain network involving a terminal and an application program in different domains of the network using a private terminal key.
FIG. 21 is a block diagram illustrating cryptographic communication security in a multiple domain network involving application programs in different domains of the network using a private application key.
FIG. 22 is a block diagram illustrating details of cryptographic communication security in a multiple domain network involving a terminal and an application program in different domains of the network using a private session key.
FIG. 23 is a block diagram illustrating details of cryptographic communication security in a multiple domain network involving application programs in different domains of the network using a private session key.
FIG. 24 illustrates the details of a clock circuit used in the data security device of the present invention.
FIG. 25 is a timing diagram explaining the operation of the clock circuit illustrated in FIG. 24.
FIG. 26 is a diagram of how FIGS. 26a1 through 26i2 may be placed to form a detailed schematic diagram.
FIGS. 26a1 through 26i2, taken together, comprise a detailed schematic diagram of the data security device of the present invention.
FIG. 27 is a timing diagram of the manual WMK operation.
FIG. 28 illustrates how FIGS. 28a and 28b may be placed to form a composite timing diagram.
FIG. 28a and 28b, taken together, comprise a timing diagram of the host controlled WMK operation.
FIG. 29 illustrates logic details of the crypto engine used in the data security device of the present invention.
FIG. 30 illustrates how FIGS. 30a to 30c may be placed to form a composite timing diagram.
FIGS. 30a to 30c, taken together, comprise a timing diagram of the DECK operation.
FIG. 31 illustrates how FIGS. 31a to 31d may be placed to form a composite timing diagram.
FIGS. 31a to 31d, taken together, comprise a timing diagram of the DEC/ENC operation.
FIG. 32 illustrates how FIGS. 32a to 32c may be placed to form a composite timing diagram.
FIGS. 32a to 32c, taken together, comprise a timing diagram of the GRN operation.
FIG. 33 illustrates how FIGS. 33a to 33c may be placed to form a composite timing diagram.
FIGS. 33a to 33c, taken together, comprise a timing diagram of the EMK operation.
FIG. 34 illustrates how FIGS. 34a to 34g may be placed to form a composite timing diagram.
FIGS. 34a to 34g, taken together, comprise a timing diagram of the RFMK operation.
FIG. 35 illustrates how FIGS. 35a to 35g may be placed to form a composite timing diagram.
FIGS. 35a to 36g, taken together, comprise a timing diagram of the RTMK operation.
GENERAL DESCRIPTION
INTRODUCTION
In a single domain data communication network, a complex of communication terminals are connected via a plurality of communication lines to a host data processing system and its associated resources such as host programs, and locally attached terminals and secondary storage files. Because of the complexity and increasing size of such networks other host systems may be brought into the network by providing the proper cross domain link between the multiple systems thereby providing a multiple domain network. However, with this increasing size of the network, the problem of transmitting data over unsecure communication lines becomes more acute and it is necessary to protect the data to maintain the confidentiality and integrity of the information represented by that data. Cryptography provides an effective data security measure for communication security in that it protects the confidentiality and integrity of the data itself rather than the medium over which it is transmitted. FIG. 1 illustrates a cryptographic arrangement in a representative multiple domain data communication network.
Most practical cryptographic systems require two basic elements, namely, (1), a cryptographic algorithm which is a set of rules that specify the steps required to transform or encipher plaintext into ciphertext or to transform or decipher ciphertext back into plaintext and (2) a cipher key. The cipher key is used to select one out of many possible relationships between the plaintext and the ciphertext. Various cryptographic algorithms have been developed in the prior art for improving data security in data processing systems. One such algorithm is described in U.S. Pat. No. 3,958,081 issued May 18, 1976 and was recently adopted as a United States Federal Data Processing Standard as set forth in the aforesaid Federal Information Processing Standard publication. A hardware implementation of this algorithm is incorporated in the present invention. The cryptographic algorithm operates to transform or encipher a 64 bit block of plaintext into a unique 64 bit block of ciphertext under control of a 56 bit cipher key or to transform or decipher a 64 bit block of ciphertext back into an original 64 bit block of plaintext under control of the same 56 bit cipher key with the deciphering process being the reverse of the enciphering process. The effectiveness of this cipher process depends on the techniques used for the selection and management of the cipher key used in the cipher process. The only cipher key actually used in the cipher process to personalize the algorithm when encrypting or decrypting data or other keys is termed the working key and is accessible only by the cryptographic apparatus. All other keys hereafter discussed are used at different times as working keys depending upon the cipher operation to be performed.
There are basically two categories of cipher keys used in the cryptographic system, namely, operational keys (KO) and key encrypting keys (KEK) with operational keys being referred to and used as data encrypting keys. Data encrypting or operational keys are a category of keys used to encrypt/decrypt data while key encrypting keys are a category of keys used to encrypt/decrypt other keys.
Within the two basic categories, there are variously defined classes and types of cipher keys. Thus, in the data encrypting or operational class of cipher keys, the data encrypting or operational key which protects data during data communication sessions is a class of key called the primary communication key. One type of this class of keys is one which is a system generated, time variant, dynamically created key transmitted in enciphered form under a key encrypting key from a host system to a remote terminal. The key is deciphered at the terminal and then loaded into the working key register and used as the working key. The key exists only for the duration of the communication session and will be referred to as the system session key (KS). In private cryptographic systems which use a private protocol known to each end user but unknown to the system, a private key may be used as another type of primary communication key to provide communication security. The private key is loaded into the terminal working key register and then used as the working key. The key exists only for a time duration determined by the private protocol which may require the key to be changed for each communication, once an hour, once a week, etc. and will be referred to as the private session key (KSP).
Within the key encrypting category of cipher keys, there are two sub-categories, namely, the primary key encrypting key and the secondary key encrypting key. In the primary key encrypting key sub-category of cipher keys, the key encrypting key used in the host system to encipher other keys is a class of key called the system key. One type of this class of keys is one which is used to protect the system session keys actively used at the host and will be referred to as the host master key (KMH). In the secondary key encrypting key sub-category of cipher keys, there is a class of key called a secondary communication key which is used to protect other keys. Two types of this class of key are used to protect system session keys transmitted to a terminal and when system generated will be referred to as the terminal master key (KMT) and when provided as a pre-defined private key will be referred to as a private terminal master key (KMTP). Another type of this class of key is used to protect system session keys transmitted from the host system in one domain to a host system in another domain of a multiple domain communication network and will be referred to as a cross-domain key (KNC). Two additional types of this class of key are used to protect system session keys transmitted to an application program associated with a host system and when system generated will be referred to as the application key (KNA) and when provided as a pre-defined private application key will be referred to as a private application key (KNAP). The various cryptographic keys defined above are summarized in the following table by category, class, type and use:
__________________________________________________________________________
CATEGORY
SECURITY CLASS
TYPE USE
__________________________________________________________________________
Key Encrypting
Keys
Primary System Key Host Master
Key (KMH)
Encipher
Terminal Master
Key (KMT)
Other
Private
Secondary Terminal Master
Key (KMTP)
Secondary
Communication
Cross-Domain
Crytographic
Key (KNC)
Keys Application
Key (KNA)
Keys
Private
Application
Key (KNAP)
Data
Encrypting System Session
Encipher
Keys Key (KS) Or
Primary
(Operational
Communication
Private Session
Decipher
Keys) Keys Key (KSP)
Data
__________________________________________________________________________
GENERATION, DISTRIBUTION, INSTALLATION AND MANAGEMENT OF CRYPTOGRAPHIC KEYS
Key generation is the process which provides for the creation of the cipher keys required by a cryptographic system. Key generation includes the specification of a system master key and primary and secondary communication keys.
The host master key is the primary key encrypting key and is the only cipher key that needs to be present in the host cryptographic facility in clear form. Since the host master key does not generally change for long periods of time, great care must be taken to select this key in a random manner. This may be accomplished by using some random experiment such as coin tossing where bit values 0 and 1 are determined by the occurrence of heads and tails of the coin or by throwing dice where bit values 0 and 1 are determined by the occurrence of even or odd rolls of the dice, with the occurrence of each group of coins or dice being converted into corresponding parity adjusted digits. By enciphering all other cipher keys stored in or passed outside the host system, overall security is enhanced and secrecy for such other cipher keys reduces to that of providing secrecy for the single host master key. Secrecy for the host master key may be accomplished by storing it in a non-volatile master key memory so that the host master key need only be installed once. Once installed, the master key is used only by the cryptographic apparatus for internally deciphering enciphered keys which may then be used as the working key in a subsequent encipher/decipher operation.
Installation of the host master key may be accomplished by a direct manual entry process using mechanical switches, dials, or a hand-held key entry device. Alternately, an indirect entry method may be used in which case the host master key may be entered from a non-volatile media such as a magnetic card or tape which is maintained in a secure location (safe, vault, etc.) accessible only to the security administrator. Another alternative indirect entry method may be to use a keyboard entry device, though this method is subject to human error. In any event, whichever indirect method is chosen, during initialization, the host master key may be read into and temporarily stored in the host memory and then transferred to the master key memory with the host memory entry being subsequently erased so that only one copy is present and accessible only by the cryptographic facility.
The terminal master key is a secondary key encrypting key and like the system master key, is the only key encrypting key that needs to be present in clear form in the terminal cryptographic facility. Since there may be numerous terminals associated with a host system, it may not be practical or prudent to have these keys generated by a human user using some type of random experiment. Therefore, to relieve the system administrator from the burden of creating cryptographic keys, except for the single system master key, the cryptographic apparatus of the host system can be used as a pseudo random generator for generating the required terminal master keys used by the various terminals associated with the host system. The manner by which such host system generated random numbers are produced is described in detail hereafter. In addition to the system generated terminal master keys, off line means may be used by end users to establish a private terminal master key. In either event, the clear form of the system or private generated terminal master key is distributed in a secure manner to the authorized individuals. This may be accomplished by transporting the key by courier, registered mail, public telephone, etc. The liklihood of an opponent obtaining the key during transit can be lessened by transmitting different portions of the key over independent paths and then combining them at the destination. Once having properly received a valid system or private generated terminal master key in clear form, it becomes necessary to maintain its secrecy. At the terminal, this is accomplished by writing the terminal master key into a non-volatile master key memory, as in the case of the host system master key. Once installed, the terminal master key is used only by the terminal cryptographic apparatus for internally deciphering enciphered system generated primary communication keys which may then be used as the working key in a subsequent encipher/decipher operation.
The cross-domain key is a secondary key encrypting key which is used as a secondary communication key to allow a session key generated at the host system in one domain to be transmitted and recovered at the host system in another domain of a multiple domain communication network. The cryptographic apparatus of the sending host system used as a pseudo random generator, as in the case of generating terminal master keys, can also be used to generate the cross-domain key. Because there may be numerous host systems interconnected in the multiple domain communication network, it is necessary to generate a separate cross-domain key for each cross-domain communication between each host system and the other host systems of the network. As in the case of the terminal master keys, these cross-domain keys must be distributed from each host system to each of the other host systems in the network in a secure manner. This may be accomplished in a similar manner to that described for the distribution of terminal master keys. Once having properly received a valid cross-domain key in clear form at the receiving host system, it becomes necessary to maintain its secrecy. The manner in which this is accomplished will be described hereafter. However, once installed at the receiving host system in a protected form, the cross-domain key is used only by the receiving host system for internally transforming enciphered session keys transmitted by a sending host system into a form usable by the receiving host system to carry out cryptographic operations.
The application key is a secondary key encrypting key which is used as a secondary communication key to protect the session key generated at a sending host system of a multiple domain network. The session key protected by the application key is transformed into a form usable by the sending host system to carry out cryptographic operations. Since there may be numerous application programs associated with a host system, it is necessary to generate a separate application key for each application program. Therefore, the cryptographic apparatus of a host system may be used as a pseudo random generator, as in the case of generating terminal master keys and cross-domain keys, to generate the application keys for each of the application programs associated with the host system. In addition to the system generated application keys, off line means may be used by end users to define and establish a private application key for use in private communication arrangements. In either event, once having validly generated a system or private application key, it becomes necessary to maintain its secrecy. The manner in which this is accomplished will be described hereafter.
Because the ciphering algorithm used is not secret, the degree of protection that can be derived from a cryptographic system ultimately depends upon the security of the cryptographic keys. Therefore, the objectives of key mangement are: (1) cryptographic keys should never occur in clear form outside the cryptographic device, except under secure conditions during the period when keys are originally distributed and installed or when stored in a secure place such as a safe, vault or similar location for backup or recovery and (2) no cryptographic operation, or combination thereof, using any cryptographic quantities which are routinely stored or routed through the system, or derived therefrom, should permit clear keys to be recoverable outside the cryptographic device. Therefore, if the system generated terminals keys are to be stored at the host system they must be protected from being exposed in clear form. This can be accomplished by having the terminal keys enciphered under another key. Accordingly, a dual master key approach is adapted, by the present invention, in which a variant (KMH1) of the host master key (KMH.phi.) is used to encipher the terminal master keys by an Encipher Master Key function (EMK1), which will be described in greater detail hereafter. In the embodiment of the present invention, only the host master key resides in clear form within the cryptographic device. Accordingly, when an EMK1 function is to be performed, the host master key is read out of the master key memory and by selected inversion of certain bits of the host master key the variant KMH1 is derived for use in enciphering the terminal master key. By enciphering the terminal master keys under the variant of the host master key, the enciphered terminal keys now in protected form may be stored in a cryptographic data set until required for use in a cryptographic operation.
In the case of multiple domain networks, a cross-domain key generated at a host system in one domain for cross domain communication with a host system in another domain of the network is communicated in a secure manner to the host system in the other domain and visa versa so that a pair of cross-domain keys is shared between the two host systems. Thus, the cross-domain key generated at the host system in the one domain is designated as the sending cross-domain key for the one domain and as the receiving cross-domain key in the other domain whereas the cross-domain key generated at the host system in the other domain is designated as the sending cross-domain key for the other domain and as the receiving cross-domain key in the one domain. Therefore, each host system must store two cross-domain keys for cross domain communications between itself and another host system of the network, one being the cross-domain key it generated and designated as the sending cross-domain key and the other being a cross-domain key it received from the other host system and designated as the receiving cross-domain key. Since, these pairs of keys are to be stored at each host system, they must also be protected from being exposed in clear form. This can be accomplished, as in the case of terminal master keys, by having them enciphered under another key.
A sending cross-domain key in a sending host system is used in a transformation process, termed an RFMK function which will be described in greater detail hereafter, to reencipher a session key from encipherment under the host master key to encipherment under the sending cross-domain key for transmission, in this protected form, over a communication line to the receiving host system. At the receiving host system, the receiving cross-domain key is used in a different type of transformation process, termed an RTMK function which will be described in greater detail hereafter, to reencipher the received session key from encipherment under the sending cross-domain key to encipherment under the receiving host master key. In order to achieve cryptographically strong key management, these transform processes should be unidirectional i.e. the transform process should be irreversible at the sending host system and decipherable only at the receiving host system. Unidirectionality is achieved in the present invention by a multiple master key technique in which a first variant (KMH1) of the sending host master key (KMH.phi.) is used to encipher the sending cross-domain key by the Encipher Master Key function (EMK1) and a second variant (KMH2) of the sending host master key (KMH.phi.) is used to encipher the the receiving cross-domain key by an Encipher Master Key function (EMK2), which will be described in greater detail hereafter. The EMK2 function is similar to the EMK1 function in that the master key of the associated host system is read out and by selected inversion of certain bits, different from those inverted by the EMK1 function, of the host master key, the variant KMH2 is derived for use in enciphering the receiving cross-domain key. By enciphering the sending cross-domain key under the first variant of the host master key and by enciphering the receiving cross-domain key under the second variant of the host master key, the enciphered cross-domain keys, now in protected form, may be stored in a cryptgraphic data set until required for use in the transform processes.
Unidirectionality is made possible because the output of the sending RFMK transformation function, the session key enciphered under the sending cross-domain key, is usable only by the receiving RTMK transformation function. Thus, the sending host system can reencipher the session key from encipherment under the sending host master key to encipherment under the sending cross-domain key because the sending cross-domain key enciphered under the first variant of the sending host master key is available at the sending host system, but it cannot reencipher the session key from encipherment under the first variant of the sending cross-domain key to encipherment under the sending host master key because the sending cross-domain key enciphered under a second variant of the sending host master key is not available at the sending host system. Inversely, the receiving host system can reencipher the session key from encipherment under the sending cross-domain key to encipherment under the receiving host master key because the sending cross-domain key enciphered under the second variant of the receiving host master key is available at the receiving host system, but it cannot reencipher the session key from encipherment under the receiving host master key to encipherment under the sending cross-domain key because the sending cross-domain key is not available at the receiving host system.
In a multiple domain network where cross domain communication is to be established between an application program in one domain with an application program in another domain, an RTMK transformation function is required to reencipher the session key from encipherment under the application key of the application program associated with the sending host system to encipherment under the sending host master key, as will be described in greater detail hereafter. To perform this transform process the application key enciphered under the second variant of the sending host master key must be available at the sensing host system. Accordingly, the application keys of the application programs associated with each host system are enciphered under the second variant of the associated host system master key to permit this transform process to be performed. The EMK2 function may be used to encipher the application keys under the second variant of the host master key and the enciphered application keys, now in protected form, may also be stored in the cryptographic data set until required for use in the transformation process.
System generated primary communication keys, i.e. session keys, are time variant keys which are dynamically generated for each communication session and are used to protect communicated data. Since there may be numerous communications sessions it is impractical to have these keys generated by a human user. Therefore, the cryptographic apparatus of the host system may be used as a pseudo-random generator for generating, as each communication session is required, a pseudo-random number which, in keeping with the objective that cryptographic keys should never occur in the clear, may be defined as being a session key enciphered under the host key encrypting key. In a multiple domain network when cross domain communication is to be established between a terminal associated with a host system in one domain and an application program associated with a host system in another domain, the generated random number is defined as being the session key enciphered under a host master key. On the other hand, when cross domain communication is to be established between an application program in one domain and an application program in another domain, the generated random number is defined as being the session key enciphered under the application key associated with the application program of the sending host system.
In some private cryptographic systems involving multiple domain networks, end users may wish to use a mutually agreed upon private secondary communication key i.e. a private terminal master key or a private application key. These keys must be protected by encipherment under the appropriate variant of the associated host master key.
Where limited key management facilities are used with a private end user protocol, it may be necessary to write the enciphered private secondary communication key to an output device, such as a printer, and store the printer output in a secure manner, e.g. in a physically protected vault, until such time as the communication session is desired. At that time, the enciphered private secondary communication key is brought out and loaded into the host system. In the case of a private terminal master key the terminal user loads the private key into the terminal master key memory and the communication session may then be initiated.
In other private cryptographic systems involving multiple domain networks, where the end users use a private protocol which is unknown to the system, key selection, management and data transfer operations are performed without system knowledge that cryptography is being performed. In such arrangements, the end users may define a private protocol using a mutually agreed upon private primary communication key, i.e. a private session key. In order to meet the objective that no cryptographic key appear in clear form, the private session key must also be protected. This is accomplished, in this case, by enciphering the private session key under the host master key by an Encipher Master Key function (EMK.phi.), which will be described in greater detail hereafter. With this end-to-end encryption approach, enciphered messages can be sent via networks of any type, private or public, without system knowledge that cryptography is being performed but providing communication security for such data transmissions.
The following table summarizes the protection provided for the various cryptographic keys used at a representative host system in a multiple domain communication network by the multiple master key arrangement which uses variants of the host master key.
KEY TABLE
______________________________________
EXPLANATORY
NAME KMH1 KMH2 NOTE
______________________________________
Term 1 E.sub.KMH1 KMT.sub.1
. . Outboard
. .
Term i E.sub.KMH1 KMT.sub.i Terminal Keys
. .
. .
Term n E.sub.KMH1 KMT.sub.n
Appl 1 E.sub.KMH2 KNA.sub.1
. .
. . Inboard
Appl i E.sub.KMH2 KNA.sub.i
. . Application Keys
. .
Appl n E.sub.KMH2 KNA.sub.n
Host j E.sub.KMH1 KNC.sup.jk
E.sub.KMH2 KNC.sup.kj
. E.sub.KMH1 KNC.sup.jl
E.sub.KMH2 KNC.sup.lj
Sending and Receiving
.
. Cross-Domain Keys
Host k E.sub.KMH1 KNC.sup.kj
E.sub.KMH2 KNC.sup.jk
For Sending And
.
. E.sub.KMH1 KNC.sup.kl
E.sub.KMH2 KNC.sup.lk
Receiving
.
Host 1 E.sub.KMH1 KNC.sup.lj
E.sub.KMH2 KNC.sup.jl
To/From Other
E.sub.KMH1 KNC.sup.lk
E.sub.KMH2 KNC.sup.kl
Host Systems
______________________________________
While it is efficient to use variants of a host master key to provide protection for the various cryptographic keys used in the system, it is well within the skill of the art to provide separate master keys instead of variants of a single master key. This could be accomplished by providing separate master key memories each being loaded with a master key which is different from each other and being accessed when needed. While this is a viable alternative, it would substantially increase the cost of the host data security device as opposed to using a single master key memory and obtaining variants as needed.
MULTIPLE DOMAIN COMMUNICATION NETWORKS
Modern day data communication networks may include a complex of communication terminals connected via communication lines to a single host and its associated resources such as the host programs and locally attached terminals and data files. As the size of a data communication network increases other host systems may be brought into the network to provide multiple domain networks with each host system having knowledge of and managing its associated resources which make up a portion or domain of the network. By providing the proper cross domain link between the domains of the network, two or more domains may be interconnected to provide a networking facility. A representative multiple domain network is shown in FIG. 1 with a representative one of the host systems and its associated resources shown in block form and a representative one of the plurality of remote communication terminals associated with a host system also shown in block form. The terminal and its integrated data security device and the manner in which the data security device performs cryptographic operations is described in detail in the co-pending application Ser. No. 857,533, filed Dec. 5, 1977 entitled "Cryptographic Communication and File Security Using Terminals" by Ehrsam et al. While the particular manner in which the host is implemented is not critical to the present invention, the block diagram of the host in FIG. 2 shows the data flow and control relationships of a representative host arrangement. The host includes a programmable processor 1 operationally connected to a memory 2 which provides storage for data and the programs which are utilized to control the system and a channel 3 which controls the transfer of data between input/output devices and the processor 1. Channel 3 is connected to the processor 1 and memory 2 and via a channel I/O Interface, with control units such as control unit 4 capable of controlling a cluster of input/output devices which may be display or printer type of devices, control unit 5 capable of controlling a plurality of magnetic tape units or control unit 6 capable of controlling a plurality of disk files. Communication controller 7 is a two-direction control unit that links the host to communication lines connected to remote terminals such as communication terminals 8, 9 and 10 and host systems H.sup.j and H.sup.i each of which is similar to Host .sup.k and also have a plurality of terminals associated therewith. One of the terminals associated with Host .sup.j is shown in block form and is representative of the type of terminal used in the network. Such terminals and the manner in which they perform cryptographic operations is fully described in the aforementioned application Ser. No. 857,533. While not shown, communication lines require a modem at each end of the line to convert binary signals to analog signals (modulation) for transmission over the communication line and for reconverting (demodulation) analog signals back to binary signals at the other end of the line.
The collection of data and control lines connected between the channel and I/O control units is commonly referred to as the channel I/O interface providing an information format and signal sequence common to all the I/O control units. The I/O interface lines generally include a data bus out which is used to transmit device addresses, commands and data from the channel 3 to the I/O control unit; a data bus in which is used to transmit device identification, data or status information from the I/O control unit to the channel 3 and tag signal lines which are used to provide signals identifying an I/O operation, the nature of information on the data bus and parity condition. Since each I/O control unit has a unique electrical interface, device adapters are generally provided to allow device connection to the common I/O interface. All I/O data transfers between the processor and the attached control units may be performed in a programmed input/output (PIO) mode on a 1 byte per I/O instruction basis.
Into this organization of a general purpose host system is integrated a data security device of the present invention. The data security device (DSD) 11 includes a crypto device 12, a master key (MK) memory 13, a DSD adapter 14 which connects to the I/O interface and a manual entry device 15 for manually loading a terminal master key into the MK memory 13. Either one of two methods can be used for writing a host master key into the MK memory 13. The first method for writing the host master key into the MK memory 13 is achieved under program control. In this method, an I/O device having a keyboard, magnetic stripe card reader or the like, may use such elements to cause the host master key to be stored in the host memory 2 as in the case of conventional data entry. Subsequently, under program control, the host master key may be read from the host memory 2 to the MK memory 13 of the DSD in a manner which will be described in greater detail hereafter. The other method of writing the host master key into the MK memory 13 consists of manually writing the host master key into the MK memory 13 by means of individual toggle or rotary switches wired to produce binary coded hex digits as will be described in greater detail hereafter. To enable master key writing into the MK memory 13 by either method, an enable write key (EW) switch is provided which is initially turned on when a write master key operation is initiated and turned off at the end of write master key operation. To prevent the key from being changed by unauthorized persons, the EW switch operation may be activated by a physical key lock arrangement.
The DSD adapter 14 serves a dual function namely, providing adapter functions for DSD connection to the I/O interface and control functions for the DSD.
The I/O interface provides the DSD adapter 14 with overall direction, gives it cipher keys to be used, presents it with data to be processed and accepts the processed results. Overall direction is achieved by use of operation commands which are decoded and subsequently provide control in properly timed sequences of signals to carry out each command. These signals are synchronized with the transfer of data in and out. The DSD adapter 14 also controls the placing of cipher keys in the crypto device 12 and directs the crypto device in the enciphering and deciphering operations.
The MK memory 13 is a non-volatile 16.times.4 bit random access memory (RAM) which is battery powered to enable key retention when host power may not be present. The host master key consists of eight master key bytes (64 bits) each of which consists of seven key bits and one parity bit.
The crypto device 12 is the heart of the DSD hardware for performing enciphering and deciphering operations. The crypto device 12 performs encipher/decipher operations on a block cipher basis in which a message block of 8 data bytes (64 bits) is enciphered/deciphered under control of a 56 bit cipher working key to produce an enciphered/deciphered message block of 8 data bytes. The block cipher is a product cipher function which is accomplished through successive applications of a combination of non-linear substitutions and transpositions under control of the cipher working key. Sixteen operation defined rounds of the product cipher are executed in which the result of one round serves as the argument of the next round. This block cipher function operation is more fully described in the aforementioned U.S. Pat. No. 3,958,081. A basic encipher/decipher operation of a message block of data starts with the loading of the cipher key from the host memory 2. This key is generally stored under master key encipherment to conceal its true value. Therefore, it is received as a block of data and deciphered under the master key to obtain the enciphering/deciphering key in the clear. The clear key does not leave the crypto device 12 but is loaded back in as the working key. The message block of data to be enciphered/deciphered is then transferred to the crypto device 12 and the cipher function is performed, after which the resultant message block of enciphered/deciphered data is transferred from the crypto device 12 to the host memory 3. If subsequent encipher/decipher functions are to be performed using the same working key, there is no need to repeat the initial steps of loading and deciphering the working key as it will still be stored in the working key register.
The crypto device 12 includes duplicate crypto engines operating in synchronism to achieve checking by 100% redundancy. Referring now to FIG. 3, one of the crypto engines is shown in simplified block form with a heavy lined border signifying a secure area. The crypto engine 16 contains a 64 bit input/output buffer register 17 divided into upper and lower buffer registers 18 and 19 of 32 bits each. The buffer register 17 is used in a mutually exclusive manner for receiving input data on a serial by byte basis from the bus in, termed an input cycle, and for providing output data in a serial by byte basis to the bus out, termed an output cycle. Thus, during each input cycle a message block of eight data bytes is written into the buffer register 17 from the host memory 2 while during each output cycle a message block of eight processed data bytes is read from the buffer register 17 to the host memory 2. Serial outputs of the buffer register 17 are also applied as serial inputs to the working key register 20 and a parity check circuit 21, the latter being controlled to be effective only when a 64 bit clear cipher key is to be loaded directly into the working key register 20 from the host memory 2 via the buffer register 17. Only 56 of the 64 bits are stored in the working key register 20, the 8 parity bits being used only in the parity check circuit 21. The buffer register 17 is also provided with parallel input and output paths from and to a 64 bit data register 22 also divided into upper and lower data registers 23 and 24 of 32 bits each. The upper and lower data registers 23 and 24 each possesses parallel outputs and two sets of parallel inputs. The parallel inputs to the lower data register 24 being from the lower buffer register 19 and the upper data register 23 while the parallel inputs to the upper data register being from the upper buffer register 18 and from the lower data register 24 after modification by the cipher function circuits 25. The 64 bit master key is inputted to the crypto engine 16 on a serial by byte basis with each byte being checked for correct parity by the parity check circuit 26. As in the case of the cipher key transfer from the buffer register 17 to the working key register 20, only 56 of the 64 bits are stored in the key register 20, the 8 parity bits being used only in the parity check circuit 26. During the loading process, the key register 20 is configured as seven 8-bit shift right registers to accommodate the eight 7-bit bytes received from the MK memory 13 (or the buffer register 17).
When the working key is used for enciphering, the key register 20 is configured as two 28 bit recirculating shift left registers and the working key is shifted left, in accordance with a predetermined shift schedule, after each round of operation of the cipher function so that no set of key bits once used to perform a cipher operation is used again in the same manner. Twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the encipher operation. The shift schedule provided in such that the working key is restored to its initial beginning position at the end of the complete encipher operation.
When the working key is used for deciphering, the key register 20 is configured as two 28 bit recirculating shift right registers and the working key is shifted right in accordance with a predetermined shift schedule, after each round of operation of the cipher function so that again no set of key bits is used again. As in the enciphering operation, twenty-four parallel outputs from each of the two shift registers (48 bits) are used during each round of the decipher operation. The shift schedule provided in this case is also such that the working key is restored in its initial beginning position at the end of the complete decipher operation.
The cipher function circuits 25 perform a product cipher through successive application of a combination of non-linear substitutions and transpositions under control of the cipher working key. Sixteen rounds of the product cipher are executed in which the results of one round serves as the argument of the next round. Deciphering is accomplished by using the same key as for enciphering but with the shift schedule for shifting the key being altered so that the deciphering process is the reverse of the enciphering process, thus undoing in reverse order every step that was carried out during the enciphering process. During each round of the cipher function, the data contents of the upper data register 23, designated R, is enciphered under control of the working key, designated K, with the result being added modulo-2 to the contents of the lower data register 24, designated L, the operation being expressed as L.sym.f(R,K). At the end of the cipher round, the contents of the upper data register 23 is parallel transferred to the lower data register 24 while the output of the cipher function circuits 25 is parallel transferred to the upper data register 23 to form the arguments for the next round of the cipher function. After a total of sixteen rounds, which completes the total cipher function, the contents of the upper data register 23 is parallel transferred to the upper buffer register 18 while the output of the cipher function circuits 25 is parallel transferred to the lower buffer register 19. The transformed data contents of the buffer register 17 is then outputted via the bus out of the host memory 2.
DSD COMMANDS AND ORDERS
Input/output operations of an I/O device are generally directed by the execution of I/O instructions. In executing an I/O instruction, the channel generally provides an address field for addressing the I/O device, a command field for designating the operation to be performed and another address field for addressing the data field in memory from which data is fetched or to which data is stored. The data security device 11 of the present invention is responsive to seven types of commands from the processor as shown in the following table including the mnemonic and bit pattern of the command:
______________________________________
COMMAND FORMAT
Command
Field
Name Mnemonic 0 1 2 3 4 5 6 7
______________________________________
1. Reset Adapter
RST -- -- -- -- 0 0 1 0
2. Set Basic Status
SET BS -- -- -- -- 0 1 1 0
3. Reset Basic Status
RST BS -- -- -- -- 0 1 0 0
4. Read Basic Status
RD BS -- -- -- -- 0 1 1 1
5. PIO Write Data
PIOW -- -- -- -- 1 1 0 0
6. PIO Read Data
PIOR -- -- -- -- 1 1 0 1
7. Write DSD Order
WR DSD w x y z 1 1 1 0
______________________________________
The following is a brief description of the function of each of the commands, the operation of which will be described in greater detail hereafter.
1. Reset Adapter (RST)--This command causes a reset signal to be created to reset all counters, flip-flops and latches in the adapter and control sections of the DSD.
2. Set Basic Status (SET BS)--This command causes those latches in a status register of the DSD that correspond to 1's in the data field to be set to 1.
3. Reset Basic Status (RST BS)--This command is similar to the SET BS command except that the status latches corresponding to 1's in the data field are set to 0.
4. Read Basic Status (RD BS)--This command causes the contents of the status latches to be applied via the data bus in to the processor.
5. PIOW Data (PIOW)--This command causes the data field to be loaded into the buffer register or the bits 0, 1, 2, and 3 of the data field to be stored in the MK memory depending on the operation to be performed.
6. PIOR Data (PIOR)--This command causes the contents of the buffer register, with correct parity, to be applied via the data bus in to the processor.
7. Write DSD Order (WR DSD)--This command uses the four high order bits of the command field to designate cipher key handling and data processing orders as shown in the following table including the mnemonic and bit pattern of the order field:
______________________________________
ORDER FORMAT
Order Command
Field Field
Name Mnemonic W X Y Z 4 5 6 7
______________________________________
Cipher Key Handling
1. Write Master Key
WMK 0 0 0 0 1 1 1 0
2. Decipher Key
DECK 0 1 1 1 1 1 1 0
3. Generate Random
GRN 1 1 1 1 1 1 1 0
Number
4. Encipher Master Key .phi.
EMK.phi. 1 1 0 0 1 1 1 0
5. Encipher Master Key 1
EMK1 1 1 0 1 1 1 1 0
6. Encipher Master Key 2
EMK2 1 1 0 1 1 1 1 0
7. Reencipher From
RFMK 0 1 0 1 1 1 1 0
Master Key
8. Reencipher To
RTMK 0 1 1 0 1 1 1 0
Master Key
Data Processing
1. Encipher ENC 1 0 0 0 1 1 1 0
2. Decipher DEC 1 0 1 0 1 1 1 0
______________________________________
DSD FUNCTIONS
DSD cryptographic functions may be performed by combinations of the previously defined commands or by a combination of functions. These functions require an input to the cryptographic apparatus consisting of a key parameter or a data parameter. The notation used to describe these functions will be expressed as follows:
FUNCTION[KEY PARAMETER].fwdarw.OUTPUT
or
FUNCTION[DATA PARAMETER].fwdarw.OUTPUT
and when functions are combined, the notation used to describe the combined functions will be expressed as follows:
FUNCTION[KEY PARAMETER, DATA PARAMETER].fwdarw.OUTPUT
The salient characteristics of host cyrptographic functions are that (1) the key parameter, is always in enciphered form and therefore must be internally deciphered by the crypto engine before the clear key is used and that (2) no function allows keys to become available in clear form. The descriptions that follow describe what each function does and how it is performed. These functions will be described in greater detail hereafter but the general description of these functions or combination of functions are given at this point to provide a better understanding of how various security applications may be performed. The descriptions may follow along with reference to FIG. 3 at times. In the diagrams which are referenced in the following, the cryptographic facility is shown in simplified block form for ease of understanding these operations and will be shown and described in greater detail hereafter.
Before proceeding to the descriptions of the functions, a brief general description will be given of how the manual write key operation is performed. Referring now to FIG. 4, there is shown a simplified block diagram of a manual WMK operation. In the manual WMK operation, an EW switch is set on to enable writing into the MK memory 13 after which a MW switch is closed to enable manual writing and causing the current master key to be overwritten with whatever happens to be set in the data key entry switches. Following this, 16 sets of 4 bits (64 bits) are manually written into the MK memory 13 to complete the manual WMK operation.
Referring now to FIG. 5, there is shown a simplified block diagram of a write master key (WMK) function. This function is carried out by the following sequence of commands: (1) WMK and (2) 16 PIOW's. In this operation, as in the manual WMK operation, the EW switch is previously set on to enable writing into the MK memory 13. The execution of this function causes the current master key in the master key memory 13 to be over-written with whatever happens to be present as bits 0, 1, 2 and 3 on the bus in. Thereafter, the crypto engine controls are set to allow a 64 bit master key KM to be written as a key parameter into the MK memory 13 by means of 16 successive PIOW data commands with the bits 0, 1, 2 and 3 in the data fields associated with the 16 PIOW data commands constituting the new master key. The notation WMK[KM].fwdarw.KM is used to describe this operation whereby the term WMK indicates the function, the contents of the brackets indicate the key parameter input to the MK memory 13 and the arrow points to the result.
Referring now to FIG. 6, there is shown a simplified block diagram of a decipher key DECK function. This function is carried out by the following sequence of commands: (1) DECK and (2) 8 PIOW's. The execution of this function sets the crypto engine controls to first allow the master key KM in the MK memory 13 to be transferred to the crypto engine 16 as the working key. After or during the master key transfer, a 64 bit data block, defined as an operational key enciphered under the master key, is loaded as a key parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the enciphered operational key. After the key parameter loading is completed, the crypto engine 16 performs a decipher operation to obtain the cipher key in clear form. The resultant clear cipher key does not leave the crypto engine 16 but is loaded back into the key register of the crypto engine 16 replacing the master key as the working key. The notation DECK[E.sub.KM KO].fwdarw.KO is used to describe this operation whereby the term DECK indicates the function, the contents of the bracket indicate the key parameter which is inputted to the crypto engine 16 and the arrow points to the result.
Referring now to FIG. 7, there is shown a simplified block diagram of an encipher (ENC) function. This function is carried out by the following sequence of commands: (1) ENC (2) 8 PIOW's and (3) 8 PIOR's. The execution of this function sets the crypto engine controls to the encipher mode of operation and allows a 64 bit message block of data to be loaded as a data parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the message block of data to be enciphered. After the data parameter loading is completed, the crypto engine 16 performs an encipher operation to encipher the data parameter under the operational key presently stored in the working key register of the crypto device 16. The 64 bit enciphered result is transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated data fields of the host memory 2. The notation ENC[DATA].fwdarw.E.sub.KO DATA is used to describe this operation whereby the term ENC indicates the function, the contents of the bracket indicate the data parameter input to the crypto engine 16 and the narrow arrow points to the result. Additionally, so long as the crypto engine controls remain set in the encipher mode of operation, then a message which consists of multiple 8 byte blocks of data may be enciphered by the crypto engine 16 by means of an encipher command followed by a series of successive 8 PIOW data commands and successive 8 PIOR data commands for each block of data. This message encipherment may be expressed by the notation: ENC[DATA.sub.1, DATA.sub.2 - - - DATA.sub.N ].fwdarw.E.sub.KO (DATA.sub.1, DATA.sub.2 - - - DATA.sub.N).
Referring now to FIG. 8, there is shown a simplified block diagram of a decipher (DEC) function. This function is carried out by the following sequence of commands: (1) DEC (2) 8 PIOW's and (3) 8 PIOR's. The execution of this function sets the crypto engine controls to a decipher mode of operation and allows a 64 bit message block of enciphered data to be loaded as a data parameter into the crypto engine 16 by means of 8 successive PIOW data commands with the successive data fields associated with the 8 PIOW commands constituting the message block of enciphered data to be deciphered. After the data parameter loading is completed, the crypto engine 16 performs a decipher operation to decipher the data parameter under control of the operational key presently stored in the working key register of the crypto engine 16. The 64 bit deciphered result is transferred by a series of 8 PIOR commands from the crypto engine 16 for storage in designated data fields of the host memory 2. The notation DEC[E.sub.KO DATA].fwdarw.DATA is used to describe this operation whereby the term DEC indicates the function, the contents of the bracket indicate the data parameter input to the crypto engine 16 and the arrow points to the results. Additionally, so long as the crypto engine controls remain set in the decipher mode of operation, then a message which consists of multiple blocks of enciphered data may be deciphered by the crypto engine 16 by means of a decipher command followed by a series of successive 8 PIOW data commands and successive 8 PIOR data commands for each block of enciphered data. This message decipherment may be expressed by the notation:
DEC[E.sub.KO (DATA.sub.1, DATA.sub.2 - - - DATA.sub.N)].fwdarw.DATA.sub.1,DATA.sub.2 - - - DATA.sub.N.
Referring now to FIG. 9, there is shown a simplified block diagram of a generate random number (G |
