专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US5103478A Secure management of keys using control vectors with multi-path checking 失效
标题翻译：使用多路径检查的控制向量来安全地管理密钥
公开(公告)号：US5103478A
公开(公告)日：1992-04-07
申请号：US596637
申请日：1990-10-12
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Patrick J. McCormack , Rostislaw Prymak , John D. Wilkins
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Patrick J. McCormack , Rostislaw Prymak , John D. Wilkins
IPC分类号： G07B17/00 , H04L9/08
CPC分类号： G07B17/00733 , H04L9/088 , G07B2017/00967 , H04L2209/12
摘要： A requested cryptographic function is validated for performance in conjunction with a cryptographic key, by inputting a first portion of an associated control vector into a first control vector checker, which outputs a first authorization signal if the requested cryptographic function has been authorized by the originator of the key. A second portion of the control vector is input to a second control vector checker, which outputs a second authorization signal if the requested cryptographic function has been authorized by the originator of the key. Both the first and the second authorization signals are applied to a cryptographic processor which initiates the execution of the requested cryptographic function.
摘要翻译：通过将相关联的控制向量的第一部分输入到第一控制向量检验器中，所请求的加密函数被验证用于与加密密钥相关的性能，如果所请求的密码功能已被发起者授权，则输出第一授权信号钥匙。控制向量的第二部分被输入到第二控制向量检验器，如果请求的密码函数已被密钥的发起者授权，则输出第二授权信号。第一和第二授权信号都被应用于启动所请求的密码功能的执行的密码处理器。

2. 发明授权

US4918728A Data cryptography operations using control vectors 失效
标题翻译：使用控制向量的数据加密操作
公开(公告)号：US4918728A
公开(公告)日：1990-04-17
申请号：US401486
申请日：1989-08-30
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
IPC分类号： G06F9/30 , H04L9/08
CPC分类号： G06F9/3885 , G06F9/30007 , G06F9/30018 , G06F9/3004 , G06F9/3895 , H04L9/0827 , H04L9/088 , H04L2209/12 , H04L2209/20 , H04L2209/38 , H04L2209/56
摘要： Data cryptography is achieved in an improved manner by associating with the data cryptography key, a control vector which provides the authorization for the uses of the key intended by the originator of the key. Among the uses specified by the control vector are limitations on encryption, decryption, authentication code generation and verification, translation of the user's data. Complex combinations of data manipulation functions are possible using the control vectors, in accordance with the invention. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Complex scenarios such as encrypted mail box, session protection, file protection, ciphertext translation center, peer-to-peer ciphertext translation, message authentication, message authentication with non-repudiation and many others can be easily implemented by a system designer using the control vectors, in accordance with the invention.
摘要翻译：通过与数据密码密钥相关联的控制向量来提供数据加密，该控制向量为密钥的发起者使用的密钥的使用提供授权。控制向量指定的用途是对加密，解密，认证码生成和验证，用户数据的翻译的限制。根据本发明，使用控制向量可以实现数据操作功能的复杂组合。系统管理员可以通过根据本发明选择适当的控制向量来灵活地改变其安全策略的实现。复杂场景如加密邮箱，会话保护，文件保护，密文翻译中心，点对点密文翻译，消息认证，具有不可否认性的消息认证等等可以很容易地由系统设计者使用控制向量，根据本发明。

3. 发明授权

US4941176A Secure management of keys using control vectors 失效
标题翻译：使用控制向量安全地管理密钥
公开(公告)号：US4941176A
公开(公告)日：1990-07-10
申请号：US231114
申请日：1988-08-11
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh
IPC分类号： G09C1/00 , G06F9/30 , H04L9/00 , H04L9/08 , H04L9/10 , H04L9/32
CPC分类号： G06F9/30076 , G06F9/30007 , G06F9/30018 , H04L9/0827 , H04L9/088 , H04L2209/12 , H04L2209/38
摘要： The invention is an apparatus and method for validating that key management functions requested for a cryptographic key by the program have been authorized by the originator of the key. The invention includes a cryptographic facility characterized by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instruction storage, for receiving control signals to initiate checking that the control vector authorizes the key management function which is requested by the cryptographic service request. The control vector checking unit has an authorization output connected to an input of the cryptographic processing means, for signalling that the key management function is authorized, the receipt of which by the cryptographic processing unit initiates the performance of the requested key management function with the cryptographic key. The invention enables the flexible control of many cryptographic key management functions in the generation, distribution and use of cryptographic keys, while maintaining a high security standard.
摘要翻译：本发明是用于验证由程序所请求的加密密钥的密钥管理功能已被密钥的发起者授权的装置和方法。本发明包括一个加密设施，其特征在于一个安全边界，通过该边界通过用于接收加密服务请求的输入路径，加密密钥及其相关控制向量，以及用于提供响应的输出路径。可以在边界内包括耦合到输入路径的加密指令存储器，耦合到指令存储器的控制向量检查单元和密码处理单元，以及耦合到处理装置的主密钥存储器，用于提供用于响应于所接收的服务请求执行密钥管理功能。加密指令存储器通过输入路径接收用于对加密密钥执行密钥管理功能的密码服务请求。控制向量检查单元具有耦合到输入路径的输入，用于接收与密码密钥相关联的控制向量和连接到密码指令存储器的输入，用于接收控制信号以启动检查控制向量授权密钥管理功能，被加密服务请求请求。控制向量检查单元具有连接到密码处理装置的输入的授权输出，用于发信号通知密钥管理功能被授权，密码处理单元接收密钥管理功能的密码管理功能的密码键。本发明能够灵活地控制密码密钥的生成，分发和使用中的许多加密密钥管理功能，同时保持高安全性的标准。

4. 发明授权

US4924515A Secure management of keys using extended control vectors 失效
标题翻译：使用扩展控制向量的密钥的安全管理
公开(公告)号：US4924515A
公开(公告)日：1990-05-08
申请号：US398299
申请日：1989-08-24
申请人： Stephen M. Matyas , Dennis G. Abraham , William C. Arnold , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Steve R. White , John D. Wilkins
发明人： Stephen M. Matyas , Dennis G. Abraham , William C. Arnold , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Steve R. White , John D. Wilkins
IPC分类号： H04L9/08
CPC分类号： H04L9/088 , H04L9/0643 , H04L2209/12
摘要： A method and apparatus are disclosed for use in a data processing system which executes a program which outputs cryptographic service requests for operations with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator to perform. The improved method and apparatus enable the use of control vectors having an arbitrary length. It includes a control vector register having an arbitrary length, for storing a control vector of arbitrary length associated with an N-bit cryptographic key. It further includes a control vector checking means having an input coupled to the control vector register, for checking that the control vector authorizes the cryptographic function which is requested by the cryptographic service request. It further includes a hash function generator having an input coupled to the control vector register and an N-bit output, for mapping the control vector output from the control vector register, into an N-bit hash value. A key register is included for storing the N-bit cryptographic key. It further includes a logic block having a first input coupled to the N-bit output of the hash function generator, and a second input connected to the key register, for forming at the output thereof a product of the N-bit key and the N-bit hash value. Finally, an encryption device is included having a first input for receiving a cleartext data stream and a key input coupled to the output of the logic block, for forming a ciphertext data stream at the output thereof from the cleartext data stream and the product. A decryption device can be substituted for the encryption device to perform decryption operations in a similar manner.
摘要翻译：公开了一种在数据处理系统中使用的方法和装置，该数据处理系统执行一个程序，该程序输出密码服务请求，该密码服务请求与密码密钥相关联，该控制向量定义每个密钥由其发起者允许执行的功能。改进的方法和装置使得能够使用具有任意长度的控制向量。它包括具有任意长度的控制向量寄存器，用于存储与N位加密密钥相关联的任意长度的控制向量。它还包括控制向量检查装置，其具有耦合到控制向量寄存器的输入，用于检查控制向量授权由密码服务请求请求的加密功能。它还包括具有耦合到控制向量寄存器的输入和用于将从控制向量寄存器输出的控制矢量映射到N位散列值的N位输出的散列函数发生器。包含密钥寄存器用于存储N位加密密钥。它还包括具有耦合到散列函数发生器的N位输出的第一输入和连接到键寄存器的第二输入的逻辑块，用于在其输出处形成N位键和N的乘积位散列值。最后，包括具有用于接收明文数据流的第一输入和耦合到逻辑块的输出的键输入的加密装置，用于在明文数据流和产品的输出处形成密文数据流。解密装置可以代替加密装置以类似的方式执行解密操作。

5. 发明授权

US4924514A Personal identification number processing using control vectors 失效
标题翻译：使用控制向量进行个人识别号码处理
公开(公告)号：US4924514A
公开(公告)日：1990-05-08
申请号：US398300
申请日：1989-08-24
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh , Ronald M. Smith
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , Ramesh K. Karne , An V. Le , Rostislaw Prymak , Julian Thomas , John D. Wilkins , Phil C. Yeh , Ronald M. Smith
IPC分类号： G06F9/30 , G07F7/10 , H04L9/32
CPC分类号： G06F9/30018 , G06F9/30007 , G06Q20/3829 , G06Q20/4012 , G07F7/1016 , H04L9/0822 , H04L9/088 , H04L9/0894 , H04L9/3226 , H04L9/3271 , H04L2209/56
摘要： Cryptographic PIN processing is achieved in an improved manner by associating control vectors with the PIN generating (verification) keys and PIN encrypting keys which provide authorization for the uses of the keys intended by the originator of the keys. The originator may be the local cryptographic facility (CF) and a utility program under the control of a security administrator, or the originator may be another network node which uses the key management methods described in the above-referenced copending patent applications to distribute said keys.Among the uses specified by the control vector are limitations on the authority to use the associated key with certain PIN processing instructions, such as PIN generation, verification, translation and PIN block creation. Furthermore, the control vector may limit the authority of certain instructions to process clear PIN inputs (such as in PIN verification). The control vector may contain information identifying and, possibly restricting, PIN processing to a particular PIN format or particular processing algorithm.The control vector implementation provides a flexible method for coupling format, usage, and processing authorization to keys. The system administrator can exercise flexibility in changing the implementation of his security policy by selecting appropriate control vectors in accordance with the invention. Furthermore, a method is provided for the security administrator to restrict certain PIN format translations.
摘要翻译：通过将控制向量与PIN生成（验证）密钥和PIN加密密钥相关联来实现密码PIN处理，该密码提供对使用密钥发起者所期望的密钥的授权。发起者可以是本地加密设施（CF）和在安全管理员的控制下的实用程序，或者发起者可以是使用上述参考的未决专利申请中描述的密钥管理方法的另一个网络节点来分发所述密钥。由控制向量指定的用途之一是对使用相关密钥与某些PIN处理指令（例如PIN生成，验证，翻译和PIN块创建）的权限的限制。此外，控制向量可以限制某些指令的权限来处理明确的PIN输入（例如在PIN验证中）。控制向量可以包含识别并且可能限制对特定PIN格式或特定处理算法的PIN处理的信息。控制向量实现提供了一种用于将格式，使用和处理权限耦合到密钥的灵活方法。系统管理员可以通过根据本发明选择适当的控制向量来灵活地改变其安全策略的实现。此外，提供了一种用于安全管理员限制某些PIN格式转换的方法。

6. 发明授权

US4993069A Secure key management using control vector translation 失效
标题翻译：使用控制向量转换的安全密钥管理
公开(公告)号：US4993069A
公开(公告)日：1991-02-12
申请号：US443418
申请日：1989-11-29
申请人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , Phil C. Yeh
发明人： Stephen M. Matyas , Dennis G. Abraham , Donald B. Johnson , An V. Le , Rostislaw Prymak , John D. Wilkins , Phil C. Yeh
IPC分类号： G09C1/00 , H04L9/08 , H04L9/10
CPC分类号： H04L9/088 , H04L2209/04
摘要： A cryptographic system and method is provided which accepts a key K encrypted under a key formed by exclusive-ORing a key-encrypting key KK with a first control vector C5 and outputs the same key K encrypted under a key formed by exclusive-ORing KK with a second control vector C6. The set (C5, C6) represents a mapping of the type and usage of the key K defined by the control vector C5 to the type and usage defined by the control vector C6. The set of allowable control vector mappings, that is from C5 to C6, are defined in a control vector translation table, which is specified in advance by authorized installation personnel.

7. 发明授权

US5200999A Public key cryptosystem key management based on control vectors 失效
标题翻译：基于控制向量的公钥关键CRYPTOSYSTEM密钥管理
公开(公告)号：US5200999A
公开(公告)日：1993-04-06
申请号：US766260
申请日：1991-09-27
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , Rostislaw Prymak , William C. Martin , William S. Rohland , John D. Wilkins
IPC分类号： G09C1/00 , G06F9/30 , H04L9/08
CPC分类号： H04L9/0844 , G06F9/30007 , G06F9/30018 , H04L9/088 , H04L2209/12 , H04L2209/38
摘要： A data processing system, method and program are disclosed, for managing a public key cryptographic system. The method includes the steps of generating a first public key and a first private key as a first pair in the data processing system, for use with a first public key algorithm and further generating a second public key and a second private key as a second pair in the data processing system, for use with a second public key algorithm. The method then continues by assigning a private control vector for the first private key and the second private key in the data processing system, for defining permitted uses for the first and second private keys. Then the method continues by forming a private key record which includes the first private key and the second private key in the data processing system, and encrypting the private key record under a first master key expression which is a function of the private control vector. The method then forms a private key token which includes the private control vector and the private key record, and stores the private key token in the data processing system.At a later time, the method receives a first key use request in the data processing system, requiring the first public key algorithm. In response to this, the method continues by accessing the private key token in the data processing system and checking the private control vector to determine if the private key record contains a key having permitted uses which will satisfy the first request. The method then decrypts the private key record under the first master key expression in the data processing system and extracts the first private key from the private key record. The method selects the first public key algorithm in the data processing system for the first key use request and executes the first public key algorithm in the data processing system using the first private key to perform a cryptographic operation to satisfy the first key use request.

8. 发明授权

US5073934A Method and apparatus for controlling the use of a public key, based on the level of import integrity for the key 失效
标题翻译：根据密钥的导入完整性级别控制公钥使用的方法和装置
公开(公告)号：US5073934A
公开(公告)日：1991-12-17
申请号：US602989
申请日：1990-10-24
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , William C. Martin , Rostislaw Prymak , William S. Rohland , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , William C. Martin , Rostislaw Prymak , William S. Rohland , John D. Wilkins
IPC分类号： G09C1/00 , H04L9/08 , H04L9/10 , H04L9/30
CPC分类号： H04L9/088 , H04L2209/26 , H04L2209/38
摘要： A method and apparatus in a public crypto system, control the use of a public key, based on the level of import integrity for the public key. The method and apparatus generate a control vector associated with the public key, having a history field. The public key and the control vector are transmitted from the location of generation over a communications link to a receiving location, using the selected one of a plurality of levels of import integrity for the transmission. At the receiving location, the public key and the control vector are tested to determine the actual level of import integrity for the transmission. Then, a value is written into the history field of the control vector which characterizes the actual level of import integrity. Thereafter, cryptographic applications for the public key are limited by control vector checking, to only those applications which have a required level of integrity which is not greater than the actual level of import integrity characterized by the history field in the control vector.

9. 发明授权

US5319705A Method and system for multimedia access control enablement 失效
标题翻译：多媒体访问控制功能的方法和系统
公开(公告)号：US5319705A
公开(公告)日：1994-06-07
申请号：US964324
申请日：1992-10-21
申请人： Bernard J. Halter , Alphonse M. Bracco , Donald B. Johnson , An V. Le , Stephen M. Matyas , Rostislaw Prymak, deceased , James D. Randall , John D. Wilkins
发明人： Bernard J. Halter , Alphonse M. Bracco , Donald B. Johnson , An V. Le , Stephen M. Matyas , Rostislaw Prymak, deceased , James D. Randall , John D. Wilkins
IPC分类号： G06F9/445 , G06F1/00 , G06F12/14 , G06F13/00 , G06F21/00 , G06F21/20 , G06F21/22 , G06F21/24 , G09C1/00 , H04L9/08 , H04L9/00
CPC分类号： H04L9/0894 , G06F21/10 , H04L9/0637 , H04L9/0822 , H04L2209/56 , H04L2209/605
摘要： A method and system are disclosed for securely distributing a plurality of software files from a software distribution processor to a user processor, while selectively enabling the user processor to only use a subset of a lesser plurality of the software files. This is achieved by employing a customer key which includes a clear customer number and a derived portion derived from the customer number. The customer key is transformed into a second customer key which serves as a key expression for encrypting a file encryption key specifically intended for a respective one of the plurality of files. A plurality of software files can be stored together, for example on a CD-ROM, with each file encrypted under a corresponding file encryption key. The CD-ROM can be distributed to many user processors. When a specific user processor needs to run one of the software files, a request will be transmitted from the user processor to the software distribution processor. In response to that request, an encrypted file encryption key specific for the requested file, will be transmitted to the user processor. This will enable the user processor to decrypt only the requested file from the CD-ROM. All other files on the CD-ROM remain in their encrypted form and cannot be decrypted and used by the file encryption key received from the software distribution processor.
摘要翻译：公开了一种用于将多个软件文件从软件分发处理器安全地分发到用户处理器的方法和系统，同时选择性地使得用户处理器仅使用较少多个软件文件的子集。这是通过采用客户密钥来实现的，客户密钥包括清除客户号码和从客户号码导出的派生部分。客户密钥被转换成第二客户密钥，其作为用于加密专门针对多个文件中的相应文件的文件加密密钥的关键表达。可以将多个软件文件一起存储在例如CD-ROM上，每个文件在相应的文件加密密钥下被加密。 CD-ROM可以分发给许多用户处理器。当特定用户处理器需要运行其中一个软件文件时，将从用户处理器向软件分发处理器发送请求。响应于该请求，特定于所请求文件的加密文件加密密钥将被发送到用户处理器。这将使用户处理器只能从CD-ROM解密所请求的文件。 CD-ROM上的所有其他文件保持加密形式，不能被从软件分发处理器接收的文件加密密钥解密和使用。

10. 发明授权

US5007089A Secure key management using programable control vector checking 失效
标题翻译：使用可编程控制向量检查实现安全密钥管理
公开(公告)号：US5007089A
公开(公告)日：1991-04-09
申请号：US506319
申请日：1990-04-09
申请人： Stephen M. Matyas , Donald B. Johnson , An V. Le , William C. Martin , Rostislaw Prymak , John D. Wilkins
发明人： Stephen M. Matyas , Donald B. Johnson , An V. Le , William C. Martin , Rostislaw Prymak , John D. Wilkins
IPC分类号： G06F21/22 , G09C1/00 , H04L9/08
CPC分类号： H04L9/088
摘要： The invention includes a control vector checking code respository located either within the same system as the crytographic facility or alternately remotely from the system containing the cryptographic facility. The control vector checking code repository will be linked to the cryptographic facility by one of several means. A first means for linking the repository to the cryptographic facility would include a physically secure data communications link. A second means for connecting the repository to the cryptographic facility would be by using an insecure channel with authentication, wherein either a modification detection code or alternately a message authentication code would be transmitted to the cryptographic facility and then the desired control vector checking code would be transmitted over the link. The cryptographic facility will include a code authorization mechanism to compare the transmitted MAC or MDC with a corresponding value computed from the received control vector checking code. If the two values of the MDC or the MAC compare, then the control vector checking code is authenticated and loaded into the control vector checking unit for carrying out the control vector checking operations desired. The control vector checking code repository can be located in a remote system connected by means of the communications link to the crypto facility, or alternately the repository can reside in the same system as the crypto facility. This provides for the dynamic updating of control vector checking code, where improvements or alterations are made to the control vector checking sequence. This also provides for a reduced memory size in the crypto facility, being sufficiently large to accommodate subsidiary control vector checking applications, with alternate control vector checking applications requiring the reloading of the control vector checking unit from the repository.

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式