Browse Prior Art Database

Method for Authenticating Key Data Set Records Using Message Authentication Codes

IP.com Disclosure Number: IPCOM000107296D
Original Publication Date: 1992-Feb-01
Included in the Prior Art Database: 2005-Mar-21
Document File: 5 page(s) / 227K

Publishing Venue

IBM

Related People

Le, AV: AUTHOR [+3]

Abstract

This article describes a method for authenticating key records stored in a key data set. Each key record contains an encrypted key and possibly other key-related information. Each key record is authenticated on the basis of a 32-bit cryptographic checksum, called a message authentication code (MAC), calculated on the key record with a secret data key, KD. To separate the processes of MAC generation and MAC verification, KD is stored in two encrypted forms, e*KM.C1(KD) and e*KM.C2(KD). KM.C1 and KM.C2 are variant keys formed as the Exclusive OR product of a secret master key, KM, and nonsecret control vectors, C1 and C2, respectively. KM is stored in clear form within the secure boundary of the cryptographic hardware.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 29% of the total text.

Method for Authenticating Key Data Set Records Using Message Authentication Codes

       This article describes a method for authenticating key
records stored in a key data set.  Each key record contains an
encrypted key and possibly other key-related information. Each key
record is authenticated on the basis of a 32-bit cryptographic
checksum, called a message authentication code (MAC), calculated on
the key record with a secret data key, KD.  To separate the processes
of MAC generation and MAC verification, KD is stored in two encrypted
forms, e*KM.C1(KD) and e*KM.C2(KD).  KM.C1 and KM.C2 are variant keys
formed as the Exclusive OR product of a secret master key, KM, and
nonsecret control vectors, C1 and C2, respectively.  KM is stored in
clear form within the secure boundary of the cryptographic hardware.
Encoded information in control vector C1, associated with the first
copy of the encrypted key (called a macgen key), permits KD to
generate message authentication codes.  Likewise, encoded information
in control vector C2, associated with the second copy of the
encrypted key (called a macver key), permits KD to verify message
authentication codes.

      The most obvious and straightforward method for implementing
the mentioned macgen and macver keys is:
1.   Provide a key generation function within the cryptographic
hardware to (a) generate a secret key KD and (b) encrypt it with
KM.C1 and KM.C2 to produce the macgen and macver key pair,
e*KM.C1(KD) and e*KM.C2(KD), respectively.
2.   The macgen key is then used to generate a MAC on each key record
stored in the key data set.  To prevent false MACs from being
generated on false key records, the encrypted macgen key must be kept
secret.  To accomplish this, the macgen key is stored off- line and
treated like a password.  In that case, MACs can be generated only
when the macgen key is reintroduced.  In another approach, the macgen
key is encrypted with a personal key, KP, and KP is stored off-line.
In that case, the macgen key can be decrypted and used only when KP
is specified to the system.
3.   When it is necessary for an encrypted key to be processed by the
cryptographic hardware, the key record containing the encrypted key
and its associated MAC are read from the key data set and
authenticated with the macver key.  An encrypted key is decrypted and
used only after the key record containing the key has been
authenticated.

      Fig. 1 illustrates an improved method, which achieves a higher
degree of authentication protection.  The cryptographic device is
designed to recognize two states: (a) secure state and (b) normal
state.  The cryptographic device is ordinarily in the normal state,
but can be placed in the secure state via activation of a physical
key-activated switch or via entry of a secret password.  A bit in the
control vector of the macver key (denoted S) indicates whether the
macver key is generated in the secure state or in the normal state....