Browse Prior Art Database

INSURING MASTER KEY CONSISTENCY

IP.com Disclosure Number: IPCOM000009570D
Original Publication Date: 1999-Sep-01
Included in the Prior Art Database: 2002-Sep-03
Document File: 3 page(s) / 113K

Publishing Venue

Motorola

Related People

Mark Gonsalves: AUTHOR [+2]

Abstract

Devices like the KMF (Key Management Facility) that manage a database of keys, have the need to store sensitive parameters pertaining to these keys in an encrypted form within the database. This is done using one or more encryption modules connected to the device. The key used to encrypt this information is called the master key and it resides within the encryption module.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 50% of the total text.

Page 1 of 3

Developments Technical 0 M MOTOROLA

INSURING MASTER KEY CONSISTENCY

by Mark Gonsalves and Christopher Larson

BACKGROUND

  Devices like the KMF (Key Management Facility) that manage a database of keys, have the need to store sensitive parameters pertaining to these keys in an encrypted form within the database. This is done using one or more encryption modules connected to the device. The key used to encrypt this information is called the master key and it resides within the encryption module.

  The sensitive portion of the keys that are man aged within the KMF's database is called the "key data" and is the actual part of the key used to encrypt whatever the key is eventually going to be used for. With the result this key data is considered sensitive and secret. It is stored within the KMF's database, encrypted with the master key of encryp- tion module servicing that KMF.

  Before sending the managed key information to a targeted encryption capable device the correspond- ing key data must first be decrypted using the mas- ter key of the encryption module otherwise the key data will be useless to the targeted device. With the result it is important to insure that the same master key is used to encrypt/decrypt all key data within the database and the master key does not uninten- tionally change.

PROBLEM

  The possible problems here are twofold, which could render the KMF database corrupted:

  1. More than one encryption module may be used by a KMF to increase bandwidth of processing

encryption-related requests. This leads to the possi- bility that the master key may differ between encryption modules. With the result key data encrypted with an encryption module using one master key cannot be decrypted using an encryption module having a different master key.

  Since encryption modules may be used random- ly, there is a fair possibility that this key may be unusable.

  2. The other possibility is that a user may inad- vertently change the master key of an encryption module, again rendering the database corrupted.

  The obvious solution of mere comparing master keys between e...