Cryptography – Key management
Patent
1997-06-30
2000-08-22
Swann, Tod R.
Cryptography
Key management
380274, H04L 930
Patent
active
061084255
ABSTRACT:
The capabilities of a cryptographic module are controlled by a crypto configuration control (CCC) register that is initialized by one or more self-signed commands that are preformulated and signed with the digital signature key of the crypto module itself. The crypto module accepts a self-signed command only if the self-signature can be validated using the signature verification key of the module. In one implementation, the final configuration is determined by a single self-signed command. In another implementation, a first self-signed command is used to create an temporary configuration that allows one or more initialization authorities to issue additional commands fixing the final configuration. The self-signed commands are maintained separately from the crypto module and are distributed to the end user either physically or electronically. After the self-signed commands have been created and the secret exponent has been embedded in a particular crypto module, all copies of the secret exponent external to the crypto module are destroyed.
REFERENCES:
patent: 4405829 (1983-09-01), Rivest et al.
patent: 4755940 (1988-07-01), Brachtl et al.
patent: 5142578 (1992-08-01), Matyas et al.
patent: 5297208 (1994-03-01), Schlafly et al.
patent: 5572590 (1996-11-01), Chess
patent: 5724425 (1998-03-01), Chang et al.
patent: 5825880 (1998-10-01), Sudia et al.
"Applied Cryptography" Second Edition, Protocols, Algorithms and Source Code in C, by B. Schneier, 1996, pp. 466-471.
"Efficient Methods for Two Party Entity Authentication and Key Exchange in a High Speed Environment" by E. Basturk et al., IBM Technical Disclosure Bulletin, vol. 38, No. 03, Mar. 1995.
"Message Replay Prevention Using A Previously Transmitted Random Number To Sequence The Messages" by W. C. Martin, IBM Technical Disclosure Bulletin, vol. 27, No. 3, Aug. 1984.
"Personal Verification and Message Authentication Using Personal Keys" by R. E. Lennon et al., IBM Technical Disclosure Bulletin, vol. 24, No. 12, May 1982.
"SNA Bind Security Enhancement" by R. E. Lennon et al., IBM Technical Disclosure Bulletin, vol. 26, No. 10A, Mar. 1984.
"Transaction Incrementing Message Authentication Key" by W. D. Hopkins, IBM Technical Disclosure Bulletin, vol. 26, No. 1, Jun. 1983.
"Efficient Methods for Two Party Entity Authentication . . . " vol. 38, No. 03, Mar. 1995.
"Applied Cryptography" by Bruce Schneier 1996.
D'Avignon Edward J.
DeBellis Robert S.
Easter Randall J.
Green Lucina L.
Kelly Michael J.
International Business Machines - Corporation
Jack Todd
Kinnaman Jr. William A.
Swann Tod R.
LandOfFree
Method and apparatus for controlling the configuration of a cryp does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for controlling the configuration of a cryp, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for controlling the configuration of a cryp will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-590092