Cryptography – Key management – Key distribution
Reexamination Certificate
1998-02-27
2001-01-30
Swann, Tod R (Department: 2767)
Cryptography
Key management
Key distribution
C713S153000, C713S171000
Reexamination Certificate
active
06181795
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a cryptographic key management system.
2. Description of the Related Art
Copending U.S. patent application of D. B. Johnson et al., Ser. No. 08/629,815 (U.S. Pat. No. 5,815,573), filed Apr. 10, 1996, entitled “Cryptographic Key Recovery System” (“Johnson et al. I”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes a key recovery system using multiple key recovery agents.
Copending application of D. B. Johnson et al., Ser. No. 08/681,679 (U.S. Pat. No. 5,796,830), filed Jul. 29, 1996, entitled “Interoperable Cryptographic Key Recovery System” (“Johnson et al. II”), assigned to the International Business Machines Corporation, is incorporated herein by reference. This cited patent application describes another key recovery system.
Copending provisional application of Sekar Chandersekaran and Sarbari Gupta, Ser. No. 60/047,499, filed May 23, 1997, and the copending regular patent application derived therefrom, Ser. No. 08/971,204, filed Nov. 14, 1997, entitled “FRAMEWORK-BASED”. CRYPTOGRAPHIC KEY RECOVERY SYSTEM”, assigned to the International Business Machines Corporation, is incorporated herein by reference.
BACKGROUND
In recent times, cryptography has come into widespread use in meeting multiple security needs, such as confidentiality, integrity, authentication and non-repudiation. When data is encrypted using a particular cryptographic algorithm, data is fed into a cryptographic engine along with key material and encryption parameters. When decryption occurs, a similar process must occur and the two keys must match (they must be identical in the case of symmetric encryption and be mathematically related in the case of asymmetric encryption).
Currently, when a key has to be transported across multiple systems and/or over a network connection, there exists no standard technique to guarantee that the relevant and necessary information is transmitted to guarantee a successful decryption. Application in distributed environments, in particular, have to make assumptions about the way that encryption was done. They also have to make assumptions about the format of key data that they receive. We define a technique by which we encode all the appropriate information into a “portable key” so that only the data and the contents of the portable key are needed to guarantee successful decryption using the appropriate cryptographic engine.
SUMMARY OF THE INVENTION
The invention is a method, system, and computer program to transport an encrypted key across multiple, diverse systems which provides the relevant and necessary information to guarantee a successful decryption of the key. The method prepares an ASN.1 encoding file at the sender which contains the key. The method begins by creating the ASN.1 format for portable key information. The ASN.1 compiler is run, feeding the platform-independent ASN.1 file as input, and generating platform-specific output files. Then platform-specific data values are created representing the portable key information based on the platform-specific data structure definitions just generated. Then, the platform-specific ASN.1 encoding functions are used to create the ASN.1 encoded protocol data unit (PDU) corresponding to the portable key information. The ASN.1 encoded protocol data unit (PDU) is then sent to the receiver node.
At the time of decryption, the receiver performs the method to decode the ASN.1 encoded file. The method begins by creating the ASN.1 format for portable key information. The ASN.1 compiler is run, by feeding the platform-independent ASN.1 file as input, and generating platform specific output files. Then platform-specific data values are created representing the portable key information based on the platform-specific data structure definitions just generated. Then, the platform-specific ASN.1 decoding functions are used to decode the ASN.1 encoded protocol data unit (PDU) to obtain the platform-specific key information. The platform-specific key information is then used at the receiving node for normal cryptographic operations. In this manner, only the data and the contents of the portable key are needed to guarantee successful decryption.
REFERENCES:
patent: 5263137 (1993-11-01), Anezaki et al.
patent: 5418963 (1995-05-01), Anezaki et al.
patent: 5649227 (1997-07-01), Anezaki et al.
patent: 5778360 (1998-07-01), Sugita et al.
patent: 5796830 (1998-08-01), Johnson et al.
patent: 5815573 (1998-09-01), Johnson et al.
patent: 5870749 (1999-02-01), Adusumilli
Telecommunication Standardization Sector of ITU, X509 Information Technology-Open Systems Interconnection-the Directory: Authentication Framework, Nov. 1993, Section 8.
Chandersekaran Sekar
Malik Sohail
Muresan Michael
Vasudevan Narayanan
International Business Machines - Corporation
Morgan & Finnegan , LLP
Sulpizio, Jr. Ronald F.
Swann Tod R
LandOfFree
Portable cryptographic key does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Portable cryptographic key, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Portable cryptographic key will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2453893