Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Terminal Control of Encipher and Decipher Data Operations

IP.com Disclosure Number: IPCOM000052920D
Original Publication Date: 1981-Aug-01
Included in the Prior Art Database: 2005-Feb-12
Document File: 5 page(s) / 90K

Publishing Venue

IBM

Related People

Ehrsam, WF: AUTHOR [+3]

Abstract

In communication security applications where data is to be transmitted in a cryptographic session, between a host unit and a remote terminal controller unit, a data encrypting session key (KS) is required to be established in a form suitable for use at each unit. Data may then be enciphered under KS at one unit and transmitted to the other unit where it is deciphered under KS. A method is presently disclosed for pregenerating a table of enciphered static session keys (KS(i)) as a function of random numbers (RN(i)) in such a manner that the generation process is irreversible, thereby preventing anyone from recovering KS(i) in clear form or recreating the generation process to duplicate KS(i).

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 34% of the total text.

Page 1 of 5

Terminal Control of Encipher and Decipher Data Operations

In communication security applications where data is to be transmitted in a cryptographic session, between a host unit and a remote terminal controller unit, a data encrypting session key (KS) is required to be established in a form suitable for use at each unit. Data may then be enciphered under KS at one unit and transmitted to the other unit where it is deciphered under KS. A method is presently disclosed for pregenerating a table of enciphered static session keys (KS(i)) as a function of random numbers (RN(i)) in such a manner that the generation process is irreversible, thereby preventing anyone from recovering KS(i) in clear form or recreating the generation process to duplicate KS(i). In carrying out the communication session, an entry from the table is selected, with the corresponding enciphered KS(i) being retained at the host unit for the designated host application program and the corresponding RN(i) being transmitted to the designated controller unit. Recovery of KS(i) at the designated controller unit is managed by micro-code as a result of processing an ENCODE/DECODE macro.

Setup Scenario: During the initial key generation process, the following occurs: 1. n-random numbers RN(1) are generated using standard random number generating techniques. 2. Each random number is cryptographically processed for each defined controller master key (KMC) such that for each RN(i), an enciphered KS(i) is derived, i.e., enciphered under the host master key KMPhi (E(KMPhi)KS(i)) RN(i) and the corresponding enciphered KS(i) are then stored in a suitable host key table for each defined controller.

Referring to Fig. 1, an encipher master key (EMK) operation is first performed to encipher the defined controller master key under the host master key, i.e., E(KMPhi)KMC. Next, a decipher data (DCPH) operation is performed using the previously derived E(KMPhi)KMC and the associated random number RN to derive the output D(KMC)(RN(i)). Following this, a second EMK operation is performed to encipher the parameter D(KMC)(RN(i)) under the host master key, i.e., E(KMPhi)(D(KMC)(RN(i))). Next, a second DCPH operation is performed using the result of the previously derived second EMK operation and the associated random number RN(i) to derive an output which cannot be reversed to recreate RN(i). The derived output is defined as being the session key enciphered under the controller master key, i.e., E(KMC)KS(i). After this, a third DCPH operation is performed, using the results of the first EMK operation and the results previously derived from the second DCPH operation to derive the session key KS in clear form. The last cryptographic operation to be performed is to put KS(i) in a form usable by the host application program. This is accomplished by performing an EMK operation to encipher the session key under the host master key, i.e., E(KMPhi)KS(i) RN(i) and E(KM0)KS(i) are then stored as an entr...