Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Improved Key Generation Procedure

IP.com Disclosure Number: IPCOM000045283D
Original Publication Date: 1983-Feb-01
Included in the Prior Art Database: 2005-Feb-06
Document File: 1 page(s) / 12K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+3]

Abstract

This article discloses a technique that allows a secondary key encrypting key (K) to be enciphered under control of either a first variant (KW1) or a second variant (KM2) of the master key (KM0), on-line, without the need for a master key data set (MKDS) as a supporting function of the key generation process. The technique also includes an audit function which provides an indication that an unauthorized program/person was attempting to subvert the crypto system.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 1

Improved Key Generation Procedure

This article discloses a technique that allows a secondary key encrypting key
(K) to be enciphered under control of either a first variant (KW1) or a second variant (KM2) of the master key (KM0), on-line, without the need for a master key data set (MKDS) as a supporting function of the key generation process. The technique also includes an audit function which provides an indication that an unauthorized program/person was attempting to subvert the crypto system.

In carrying out host cryptographic operations, a data security device may be channel connected to the host system for performing the basic encrypting/decrypting functions in accordance with channel command words issued by the host system to the device. The data security device is provided with KMO for controlling the basic functions and the following elements to carry out the disclosed technique:
(1) a counter (CTR) which may be volatile,
(2) a physical key-lock to enable encrypting under KM1 or KM2,
(3) support for Encipher Under Master Key 1 (EMK1) and Encipher

Under Master Key 2 (EMK2) commands, and
(4) a read count command.

Prior to executing the key generator utility, the installed physical key-lock is set to the Enable position, causing the value in the CTR to be set to 0 and enabling the EMK1 and EMK2 functions. When the supporting software wishes to encrypt a secondary key-encrypting key K under control of either the first variant KM1 or second variant KM2, i.e.,...