Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Cryptographic Key Distribution Method

IP.com Disclosure Number: IPCOM000061209D
Original Publication Date: 1986-Jul-01
Included in the Prior Art Database: 2005-Mar-09
Document File: 2 page(s) / 57K

Publishing Venue

IBM

Related People

Jones, MF: AUTHOR [+2]

Abstract

The method described in this article for initializing a cryptographic system via manual key distribution and entry takes advantage of diskette facilities and other system functions which already exist, to eliminate a human interface to enter a cryptographic key. Also described is an extension of the method for ultimately submitting encrypted keys (rather than clear keys) to the key generator in a host system remote from the site of initial entry of the key. Before encrypted data or transmissions may be exchanged between two parties using a symmetric cryptographic algorithm such as the Data Encryption Algorithm (DEA), at least one unique cryptographic key must be known to both of them. One of the fundamental difficulties in this situation is the exchange of that initial key.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Cryptographic Key Distribution Method

The method described in this article for initializing a cryptographic system via manual key distribution and entry takes advantage of diskette facilities and other system functions which already exist, to eliminate a human interface to enter a cryptographic key. Also described is an extension of the method for ultimately submitting encrypted keys (rather than clear keys) to the key generator in a host system remote from the site of initial entry of the key. Before encrypted data or transmissions may be exchanged between two parties using a symmetric cryptographic algorithm such as the Data Encryption Algorithm (DEA), at least one unique cryptographic key must be known to both of them. One of the fundamental difficulties in this situation is the exchange of that initial key. It can not be encrypted since no key is yet available to encrypt it; therefore, it must be distributed in the clear. The secrecy of this key during exchange and thereafter is paramount since the exchange of all other keys depends on the secure distribution of this initial key and if it is compromised at the outset, all other keys encrypted under this initial key are compromised and the system is left defenseless. A method to prevent such a compromise is to create the key in two different parts such that the two parts must be combined in some way to create the actual key. This is often called "dual custodianship" or "dual control". Each of those parts should be handled by different persons (custodians) and will eventually be combined (usually within the cryptographic apparatus) to form the actual key. It is assumed that physical security is present throughout this process. The cryptographic apparatus combines the two parts and securely stores the subject initial key. Since at no time will the two parts have been in the possession of one person, no one can later derive or recreate the key. This process of key initialization can be carried out by using...