专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US5214698A Method and apparatus for validating entry of cryptographic keys 失效
标题翻译：用于验证加密密钥的输入的方法和装置
公开(公告)号：US5214698A
公开(公告)日：1993-05-25
申请号：US672265
申请日：1991-03-20
申请人： Ronald M. Smith, Sr. , Phil C. Yeh , Randall J. Easter , Donald B. Johnson , An Van Le , Stephen M. Matyas , Julian Thomas , John D. Wilkins
发明人： Ronald M. Smith, Sr. , Phil C. Yeh , Randall J. Easter , Donald B. Johnson , An Van Le , Stephen M. Matyas , Julian Thomas , John D. Wilkins
IPC分类号： G09C1/00 , H04L9/08
CPC分类号： H04L9/088
摘要： A cryptographic facility implements a multiple key part import procedure. The installation manager can verify that a key part has been correctly entered and has not been compromised. The security requirement for the procedure is that no single party can subvert the system security by misusing the procedure. This is accomplished by the use of a control-vector-dependent verification pattern to indicate that each key part has been accepted by using the proper control vector and the use of different key switch positions to specify whether the key part is a master key part or an operational key part and whether the key part is a first part or a subsequent key part. The apparatus provides an automatic reset of the key part register at the completion of each key-entry instruction so that each key part can be imported only once. This prevents the same key part from being imported twice as different key part types. The apparatus also prevents a key part from being combined with itself to create a known key. The procedure is fail-safe so that the program cannot steal a key part from a previously failed procedure.
摘要翻译：密码工具实现了多重关键部分导入过程。安装管理员可以验证关键部件是否已正确输入，并且未被泄露。程序的安全要求是，没有一方可以通过滥用程序颠覆系统安全。这是通过使用控制向量相关的验证模式来实现的，以通过使用适当的控制向量来指示每个关键部分已被接受，并且使用不同的键开关位置来指定关键部分是主键部分还是主键部分操作键部分以及关键部分是第一部分还是随后的关键部分。该装置在完成每个键入指令时提供关键部分寄存器的自动复位，使得每个键部分只能被导入一次。这样可以防止相同的关键部分作为不同的关键部件类型被导入两次。该装置还防止关键部分与其自身组合以创建已知密钥。该过程是故障安全的，以便程序不能从以前失败的过程中窃取关键部分。

2. 发明授权

US5177791A Secure translation of usage-control values for cryptographic keys 失效
标题翻译：安全地翻译加密密钥的使用控制值
公开(公告)号：US5177791A
公开(公告)日：1993-01-05
申请号：US753245
申请日：1991-08-30
申请人： Phil C. Yeh , Dennis G. Abraham , Donald B. Johnson , An Van Le , Stephen M. Matyas , Rotislaw Prymak , Ronald M. Smith, Sr. , John D. Wilkins
发明人： Phil C. Yeh , Dennis G. Abraham , Donald B. Johnson , An Van Le , Stephen M. Matyas , Rotislaw Prymak , Ronald M. Smith, Sr. , John D. Wilkins
IPC分类号： H04L9/08
CPC分类号： H04L9/088 , H04L2209/08
摘要： A working key of a certain key type is to be transmitted from a first system (having a first usage-control value associated with keys of the certain type) and a second system (having a second usage-control value associated with keys of the certain type). A translation control value, associated with the certain key type, is generated, functionally relating the first and second usage-control values. The translation control value is used in a cryptographic function to send or receive the working key between systems, the cryptographic function being designed to produce valid results when the correct translation control value, and usage-control values, are employed, and unpredictable results otherwise. Effectively, the first usage-control value is translated to the second usage-control value.
摘要翻译：要从第一系统（具有与特定类型的密钥相关联的第一使用控制值）和第二系统（具有与特定密钥的密钥相关联的第二使用控制值）发送某个密钥类型的工作密钥类型）。产生与特定键类型相关联的翻译控制值，功能上与第一和第二使用控制值相关。翻译控制值用于加密功能中以在系统之间发送或接收工作密钥，加密功能被设计为当采用正确的翻译控制值和使用控制值时产生有效结果，否则将产生不可预测的结果。有效地，将第一使用控制值转换为第二使用控制值。

3. 发明授权

US4918728A Data cryptography operations using control vectors 失效
标题翻译：使用控制向量的数据加密操作
公开(公告)号：US4918728A
公开(公告)日：1990-04-17
申请号：US401486
申请日：1989-08-30
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
IPC分类号： G06F9/30 , H04L9/08
CPC分类号： G06F9/3885 , G06F9/30007 , G06F9/30018 , G06F9/3004 , G06F9/3895 , H04L9/0827 , H04L9/088 , H04L2209/12 , H04L2209/20 , H04L2209/38 , H04L2209/56
摘要： Data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorization for the uses of the key intended by the originator of the key. Among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data. Complex combinations of data manipulation functions are possible using the control vectors, in accordance with the invention. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Complex scenarios such as encrypted mail box, session protection, file protection, ciphertext translation center, peer-to-peer ciphertext translation, message authentication, message authentication with non-repudiation and many others can be easily implemented by a system designer using the control vectors, in accordance with the invention.
摘要翻译：通过与数据密码密钥相关联的控制向量来提供数据加密，该控制向量为密钥的发起者使用的密钥的使用提供授权。控制向量指定的用途是对加密，解密，认证码生成和验证，用户数据的翻译的限制。根据本发明，使用控制向量可以实现数据操作功能的复杂组合。系统管理员可以通过根据本发明选择适当的控制向量来灵活地改变其安全策略的实现。复杂场景如加密邮箱，会话保护，文件保护，密文翻译中心，点对点密文翻译，消息认证，具有不可否认性的消息认证等等可以很容易地由系统设计者使用控制向量，根据本发明。

4. 发明授权

US4941176A Secure management of keys using control vectors 失效
标题翻译：使用控制向量安全地管理密钥
公开(公告)号：US4941176A
公开(公告)日：1990-07-10
申请号：US231114
申请日：1988-08-11
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
IPC分类号： G09C1/00 , G06F9/30 , H04L9/00 , H04L9/08 , H04L9/10 , H04L9/32
CPC分类号： G06F9/30076 , G06F9/30007 , G06F9/30018 , H04L9/0827 , H04L9/088 , H04L2209/12 , H04L2209/38
摘要： The invention is an apparatus and method for validating that key management functions requested for a cryptographic key by the program have been authorized by the originator of the key. The invention includes a cryptographic facility characterized by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorizes the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorization output connected to an input of the cryptographic processing means, for signalling that the key management function is authorized, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.
摘要翻译：本发明是用于验证由程序所请求的加密密钥的密钥管理功能已被密钥的发起者授权的装置和方法。本发明包括一个加密设施，其特征在于一个安全边界，通过该边界通过用于接收加密服务请求的输入路径，加密密钥及其相关控制向量，以及用于提供响应的输出路径。可以在边界内包括耦合到输入路径的加密指令存储器，耦合到指令存储器的控制向量检查单元和密码处理单元，以及耦合到处理装置的主密钥存储器，用于提供用于响应于所接收的服务请求执行密钥管理功能。加密指令存储器通过输入路径接收用于对加密密钥执行密钥管理功能的密码服务请求。控制向量检查单元具有耦合到输入路径的输入，用于接收与密码密钥相关联的控制向量和连接到密码指令存储器的输入，用于接收控制信号以启动检查控制向量授权密钥管理功能，被加密服务请求请求。控制向量检查单元具有连接到密码处理装置的输入的授权输出，用于发信号通知密钥管理功能被授权，密码处理单元接收密钥管理功能的密码管理功能的密码键。本发明能够灵活地控制密码密钥的生成，分发和使用中的许多加密密钥管理功能，同时保持高安全性的标准。

5. 发明授权

US4924514A Personal identification number processing using control vectors 失效
标题翻译：使用控制向量进行个人识别号码处理
公开(公告)号：US4924514A
公开(公告)日：1990-05-08
申请号：US398300
申请日：1989-08-24
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh , Ronald M. Smith
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh , Ronald M. Smith
IPC分类号： G06F9/30 , G07F7/10 , H04L9/32
CPC分类号： G06F9/30018 , G06F9/30007 , G06Q20/3829 , G06Q20/4012 , G07F7/1016 , H04L9/0822 , H04L9/088 , H04L9/0894 , H04L9/3226 , H04L9/3271 , H04L2209/56
摘要： Cryptographic PIN processing is achieved in an improved manner by associating control vectors with the PIN generating (verification) keys and PIN encrypting keys which provide authorization for the uses of the keys intended by the originator of the keys. The originator may be the local cryptographic facility (CF) and a utility program under the control of a security administrator, or the originator may be another network node which uses the key management methods described in the above-referenced copending patent applications to distribute said keys.Among the uses specified by the control vector are limitations on the authority to use the associated key with certain PIN processing instructions, such as PIN generation, verification, translation and PIN block creation. Furthermore, the control vector may limit the authority of certain instructions to process clear PIN inputs (such as in PIN verification). The control vector may contain information identifying and, possibly restricting, PIN processing to a particular PIN format or particular processing algorithm.The control vector implementation provides a flexible method for coupling format, usage, and processing authorization to keys. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Furthermore, a method is provided for the security administrator to restrict certain PIN format translations.
摘要翻译：通过将控制向量与PIN生成（验证）密钥和PIN加密密钥相关联来实现密码PIN处理，该密码提供对使用密钥发起者所期望的密钥的授权。发起者可以是本地加密设施（CF）和在安全管理员的控制下的实用程序，或者发起者可以是使用上述参考的未决专利申请中描述的密钥管理方法的另一个网络节点来分发所述密钥。由控制向量指定的用途之一是对使用相关密钥与某些PIN处理指令（例如PIN生成，验证，翻译和PIN块创建）的权限的限制。此外，控制向量可以限制某些指令的权限来处理明确的PIN输入（例如在PIN验证中）。控制向量可以包含识别并且可能限制对特定PIN格式或特定处理算法的PIN处理的信息。控制向量实现提供了一种用于将格式，使用和处理权限耦合到密钥的灵活方法。系统管理员可以通过根据本发明选择适当的控制向量来灵活地改变其安全策略的实现。此外，提供了一种用于安全管理员限制某些PIN格式转换的方法。

6. 发明授权

US4993069A Secure key management using control vector translation 失效
标题翻译：使用控制向量转换的安全密钥管理
公开(公告)号：US4993069A
公开(公告)日：1991-02-12
申请号：US443418
申请日：1989-11-29
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , Phil C. Yeh
IPC分类号： G09C1/00 , H04L9/08 , H04L9/10
CPC分类号： H04L9/088 , H04L2209/04
摘要： A cryptographic system and method is provided which accepts a key K encrypted under a key formed by exclusive-ORing a key-encrypting key KK with a first control vector C5 and outputs the same key K encrypted under a key formed by exclusive-ORing KK with a second control vector C6. The set (C5, C6) represents a mapping of the type and usage of the key K defined by the control vector C5 to the type and usage defined by the control vector C6. The set of allowable control vector mappings, that is from C5 to C6, are defined in a control vector translation table, which is specified in advance by authorized installation personnel.

7. 发明授权

US5265164A Cryptographic facility environment backup/restore and replication in a public key cryptosystem 失效
标题翻译：加密设施环境在公钥密码系统中备份/恢复和复制
公开(公告)号：US5265164A
公开(公告)日：1993-11-23
申请号：US786237
申请日：1991-10-31
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
IPC分类号： G09C1/00 , G06F9/30 , H04L9/00 , H04L9/08 , H04K1/00
CPC分类号： G06F9/30003 , G06F9/30043 , H04L9/088 , H04L9/3247 , H04L9/3263
摘要： A computer apparatus, program and method function in a data processing system to replicate a cryptographic facility. The system includes a first cryptographic facility containing a portable part which personalizes the first cryptographic facility. The system also includes a second cryptographic facility which is linked to the first cryptographic facility by a public key cryptographic system. The portable part of the first cryptographic facility is encrypted and transferred to the second cryptographic facility, where it is decrypted and used to personalize the second cryptographic facility to enable replication of the first cryptographic facility. In one application, personalization of the second cryptographic facility can be in response to the detection of a failure in the first cryptographic facility. In another application, multiple cryptographic facilities can be brought on-line for parallel operation in the data processing system.

8. 发明授权

US5201000A Method for generating public and private key pairs without using a passphrase 失效
标题翻译：没有使用PASSPHRASE产生公共和私人关键对的方法
公开(公告)号：US5201000A
公开(公告)日：1993-04-06
申请号：US766533
申请日：1991-09-27
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins
IPC分类号： G09C1/00 , G06F9/30 , H04L9/08 , H04L9/30
CPC分类号： G06F9/30003 , H04L9/088 , H04L9/302 , H04L2209/26
摘要： A data processing system, program and method are disclosed for managing a public key cryptographic system which includes a public key, private key pair generator. The method includes the step of generating a first public key, private key pair using a first seed value known to a user, the first seed value being generated from a passphrase. A first random number is generated using the first seed value and applied to generating the first key pair. The method then generates a first control vector defining a first use of the first public key, private key pair.The method then continues with the step of generating a second public key, private key pair using a second seed value unknown to the user, the second seed value being a true random number. The second random number is generated using the second seed value in a pseudorandom number generator and applied to generating the second key pair. The method generates a second control vector defining a second use of the second public key, private key pair.The method then controls the use of the first public key, private key pair using the first control vector and controls the use of the second public key, private key pair with the second control vector.

9. 发明授权

US5142578A Hybrid public key algorithm/data encryption algorithm key distribution method based on control vectors 失效
标题翻译：基于控制向量的混合公钥算法/数据加密算法密钥分配方法
公开(公告)号：US5142578A
公开(公告)日：1992-08-25
申请号：US748407
申请日：1991-08-22
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , William C. Martin , William S. Rohland
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , William C. Martin , William S. Rohland
IPC分类号： G06F21/20 , G06F9/30 , G09C1/00 , H04L9/08
CPC分类号： G06F9/30003 , H04L9/088 , H04L9/0894 , H04L9/14
摘要： The patent describes a method and apparatus for securely distributing an initial Data Encryption Algorithm (DEA) key-encrypting key by encrypting a key record (consisting of the key-encrypting key and control information associated with that key-encrypting key) using a public key algorithm and a public key belonging to the intended recipient of the key record. The patent further describes a method and apparatus for securely recovering the distributed key-encrypting key by the recipient by decrypting the received key record using the same public key algorithm and private key associated with the public key and re-encrypting the key-encrypting key under a key formed by arithmetically combining the recipient's master key with a control vector contained in the control information of the received key record. Thus the type and usage attributes assigned by the originator of the key-encrypting key in the form of a control vector are cryptographically coupled to the key-encrypting key such that the recipient may only use the received key-encrypting key in a manner defined by the key originator.The patent further describes a method and apparatus to improve the integrity of the key distribution process by applying a digital signature to the key record and by including identifying information (i.e., an originator identifier) in the control information of the key record. The integrity of the distribution process is enhanced by verifying the digital signature and originator identifier at the recipient node.

10. 发明授权

US5200999A Public key cryptosystem key management based on control vectors 失效
标题翻译：基于控制向量的公钥关键CRYPTOSYSTEM密钥管理
公开(公告)号：US5200999A
公开(公告)日：1993-04-06
申请号：US766260
申请日：1991-09-27
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
IPC分类号： G09C1/00 , G06F9/30 , H04L9/08
CPC分类号： H04L9/0844 , G06F9/30007 , G06F9/30018 , H04L9/088 , H04L2209/12 , H04L2209/38
摘要： A data processing system, method and program are disclosed, for managing a public key cryptographic system. The method includes the steps of generating a first public key and a first private key as a first pair in the data processing system, for use with a first public key algorithm and further generating a second public key and a second private key as a second pair in the data processing system, for use with a second public key algorithm. The method then continues by assigning a private control vector for the first private key and the second private key in the data processing system, for defining permitted uses for the first and second private keys. Then the method continues by forming a private key record which includes the first private key and the second private key in the data processing system, and encrypting the private key record under a first master key expression which is a function of the private control vector. The method then forms a private key token which includes the private control vector and the private key record, and stores the private key token in the data processing system.At a later time, the method receives a first key use request in the data processing system, requiring the first public key algorithm. In response to this, the method continues by accessing the private key token in the data processing system and checking the private control vector to determine if the private key record contains a key having permitted uses which will satisfy the first request. The method then decrypts the private key record under the first master key expression in the data processing system and extracts the first private key from the private key record. The method selects the first public key algorithm in the data processing system for the first key use request and executes the first public key algorithm in the data processing system using the first private key to perform a cryptographic operation to satisfy the first key use request.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式