Browse Prior Art Database

Isolation of Cryptographic Functions via Operation Sub Sets

IP.com Disclosure Number: IPCOM000052564D
Original Publication Date: 1981-Jun-01
Included in the Prior Art Database: 2005-Feb-11
Document File: 3 page(s) / 48K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+2]

Abstract

A technique is disclosed by which, with one master key installed in a cryptographic facility, n-number of sets of cryptographic operations can be defined with each set being totally independent of any other set. This is accomplished by deriving n-number of "alternate master keys" derived from a single master key stored in the protected memory of a cryptographic facility and involves performing a specific permutation of the bits of the master key in response to a cryptographic operation before any other logical manipulations of the master key occur. N-number of permutations may be defined, each corresponding to a particular sub-set of operations.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 3

Isolation of Cryptographic Functions via Operation Sub Sets

A technique is disclosed by which, with one master key installed in a cryptographic facility, n-number of sets of cryptographic operations can be defined with each set being totally independent of any other set. This is accomplished by deriving n-number of "alternate master keys" derived from a single master key stored in the protected memory of a cryptographic facility and involves performing a specific permutation of the bits of the master key in response to a cryptographic operation before any other logical manipulations of the master key occur. N-number of permutations may be defined, each corresponding to a particular sub-set of operations.

Fig. 1 illustrates the master key variant approach which involves applying a bit inversion algorithm to the master key during the time it is gated from the master key memory to the working key register. The bit pattern of the cryptographic operation code when interpreted by the hardware, results in the creation of either the first or second variant of the master key depending upon the cryptographic operation being called for to be performed by the cryptographic facility.

Fig. 2 illustrates the present technique in which the bit pattern of the cryptographic operation code is decoded by hardware to determine whether the operation code calls for an alternate master key and, if so, to invoke the appropriate permutation of the master key to derive the correct alternate master key, after which the operation code may be further decoded to determine whether the operation code is calling for a variant of the alternate master key or not, i.e., KM1' or KM2'. By this arrangement, a sub-set could be defined to include cryptographic operations which allow enciphers but not deciphers.

Alternativel...