Browse Prior Art Database

Controlled Access to System Managed Data Keys via a Security Token

IP.com Disclosure Number: IPCOM000107967D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 5 page(s) / 246K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR [+2]

Abstract

This article describes a method for controlling user access to system-managed data keys via an application program-owned security token. The data keys are encrypted under a system master key and stored in a system-managed key data set. Application program access to an encrypted key is permitted only when the security token is presented by the application program to the cryptographic system software. The security token is implemented in such a way that the system-managed data keys are easily re-enciphered from encipherment under the current master key (KMC) to encipherment under a new master key (KMN) as part of a cut-over procedure whenever the master key is changed. Typically, a master key might be changed once a year.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 30% of the total text.

Controlled Access to System Managed Data Keys via a Security Token

       This article describes a method for controlling user
access to system-managed data keys via an application program-owned
security token.  The data keys are encrypted under a system master
key and stored in a system-managed key data set. Application program
access to an encrypted key is permitted only when the security token
is presented by the application program to the cryptographic system
software.  The security token is implemented in such a way that the
system-managed data keys are easily re-enciphered from encipherment
under the current master key (KMC) to encipherment under a new master
key (KMN) as part of a cut-over procedure whenever the master key is
changed.  Typically, a master key might be changed once a year.

      In a cryptographic system where encrypted data keys are held
and managed by individual application programs, possession of an
encrypted key represents the application program's right to use a
key.  However, when encrypted data keys are stored in a
system-maintained key data set, additional system-level access
control means are needed to control use of these keys by application
programs.  The security token fulfils this requirement.

      Fig. 1 illustrates a cryptographic system without security
tokens consisting of a cryptographic facility (CF) 1 capable of
executing a set of cryptographic instructions 2, a key storage 3, a
cryptographic facility access program (CFAP) 4, and application
programs (APPLs) 5. Examples of cryptographic instructions
implemented within the cryptographic facility are the KEYGEN,
ENCIPHER, DECIPHER and RTNMK instructions.  The KEYGEN instruction
generates a 64-bit data key by generating a random number, adjusting
the parity bit in each byte to ensure odd parity, and encrypting the
result under the master key.  The ENCIPHER instruction encrypts data
under a data key, where the data key is an input parameter to the
instruction in a form encrypted under the master key.  The DECIPHER
instruction decrypts data under a data key, where the data key is an
input parameter to the instruction in a form encrypted under the
master key.  The RTNMK (Re-encipher to New Master Key) instruction
transforms keys from encryption under the current master key to
encryption under a new master key.

      The cryptographic system implementation of Fig. 1 is such that
each application program takes possession of, and manages, its own
encrypted data keys.  That is, data keys generated by the
cryptographic facility are returned to the application program by the
CFAP.  Therefore, each application program is responsible for
protecting access to the encrypted key, since, if another application
program can gain access to the encrypted key, this encrypted key
value can be presented as an input to a DECIPHER instruction and
thereby used to decrypt data previously encrypted with that data key.
Thus, cryptographic security...