Browse Prior Art Database

Multiple Master Keys

IP.com Disclosure Number: IPCOM000099227D
Original Publication Date: 1990-Jan-01
Included in the Prior Art Database: 2005-Mar-14
Document File: 4 page(s) / 119K

Publishing Venue

IBM

Related People

Coppersmith, D: AUTHOR [+2]

Abstract

This article describes a method of deriving a of master keys within a cryptographic facility from a key stored in the cryptographic facility. Each key of 16 hexadecimal digits. The dependent master are derived from the given master key at the time the master key is initialized in the cryptographic (Fig. 1).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Multiple Master Keys

       This article describes a method of deriving a of master
keys within a cryptographic facility from a key stored in the
cryptographic facility.  Each key of 16 hexadecimal digits.  The
dependent master are derived from the given master key at the time
the master key is initialized in the cryptographic (Fig. 1).

      These different master keys permit the user of the device to
isolate and cryptographically key management functions performed in
support of a set of network devices from a set of network devices.
Thus, keys stored under of a first master key in support of a first
set devices could not be used beneficially with the functions in
support of a second set of whose keys are stored enciphered under a
second key, and vice versa.

      For any given master key, the method of deriving the master
keys from the given master key is such
1. The derived master keys are all different and are
   different from the master key from which they are
   derived.
2. None of the derived master keys is one of the weak or
   semiweak keys listed in Fig. 2.
3. No variant key produced from one of the derived master
   keys (obtained by Exclusive ORing an 8-byte mask
   mmmmmmmm consisting of a single byte, m, repeated eight
   times) is equal to a variant key produced from another
   derived master key or the original master key (obtained
   by Exclusive ORing the same or a different 8-byte mask
   with the second key).
4. No variant key produced from one of the derived master
   keys is weak or semiweak (Fig. 1).
5. Provided that no variant mask is the complement of any
   other variant mask, then no variant key produced from
   one of the derived master keys is a complement of a
   variant key produced from the same derived master key,
   a different derived master key, or the given master
   key.

      The method has the advantage that the original master from
which the dependent master keys are derived can be key.  The original
master key need not be checked or to determine that it is suitable as
a key for the said dependent master keys.  Thus, existing key
...