Browse Prior Art Database

Dual Control of Equipment Master Keys

IP.com Disclosure Number: IPCOM000038628D
Original Publication Date: 1987-Feb-01
Included in the Prior Art Database: 2005-Jan-31
Document File: 3 page(s) / 46K

Publishing Venue

IBM

Related People

Smith, PR: AUTHOR

Abstract

This article describes a solution to the problem that an equipment master key must be known to a key distributer in order to generate useful enciphered keys for presentation on the key input bus. An equipment master key is a cryptographic key held in a secure module for the purpose of eciphering other keys. The secure module contains means for performing cryptographic functions, the cryptographic keys to be used in performing these functions are held in insecure storage outside of the secure module enciphered under the equipment master key (or a variant thereof). The enciphered keys are passed to the secure module together with the data required to perform a given function. The secure module uses a means of decipherment to produce a working key from the enciphered value presented at its enciphered key input.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Dual Control of Equipment Master Keys

This article describes a solution to the problem that an equipment master key must be known to a key distributer in order to generate useful enciphered keys for presentation on the key input bus. An equipment master key is a cryptographic key held in a secure module for the purpose of eciphering other keys. The secure module contains means for performing cryptographic functions, the cryptographic keys to be used in performing these functions are held in insecure storage outside of the secure module enciphered under the equipment master key (or a variant thereof). The enciphered keys are passed to the secure module together with the data required to perform a given function. The secure module uses a means of decipherment to produce a working key from the enciphered value presented at its enciphered key input. The key used in this initial operation is the equipment master key, or a variant generated by a predetermined method. The equipment master key is entered by key-loading means and can not be examined once entered; i.e., no means are provided to examine the equipment master key. Cryptographic keys for use with the secure module are distributed enciphered under the equipment master key. In order to produce such a key it is necessary for the key distributer to know the value of the equipment master key; knowledge of the equipment master key enables an attacker to decipher the enciphered cryptographic keys and thus decipher the output of the secure module. Consider for example a secure module which provides one function - namely, to encipher data. The secure module has a means of entering a master key in which the key valve is set onto switches and means provided to load the value to the master key register. Once loaded, the switches are changed to reflect a value which is not the master key value. No means are provided to examine the master key register. In order to encipher data, the unit requires a key to be presented on a key input bus and data on a data input bus. The unit will present the data enciphered under a working key at an output bus. The working key is formed by deciphering the key input to the working key register. The ciphering is achieved using a coding technique such a...