Browse Prior Art Database

Control Vector Based Method for Controlling Export and Import of Cryptographic Keys

IP.com Disclosure Number: IPCOM000107971D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 4 page(s) / 191K

Publishing Venue

IBM

Related People

Johnson, DB: AUTHOR [+3]

Abstract

This article describes a control vector-based method for controlling the export and import of cryptographic keys. It is commonplace for cryptographic systems to impose a key hierarchy consisting of a system master key (KM), key encrypting keys (KEKs) and data keys (KDs). The master key is used to encrypt all KEKs and KDs stored locally; KEKs are used to encrypt KDs distributed to other devices; whereas KDs are used to encrypt data communications. However, emerging cryptographic systems can and will have many more types of keys, and finer granularity in the controlled export and import of these key types will be required. This finer control is achievable with control vectors.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 39% of the total text.

Control Vector Based Method for Controlling Export and Import of Cryptographic Keys

       This article describes a control vector-based method for
controlling the export and import of cryptographic keys.  It is
commonplace for cryptographic systems to impose a key hierarchy
consisting of a system master key (KM), key encrypting keys (KEKs)
and data keys (KDs).  The master key is used to encrypt all KEKs and
KDs stored locally; KEKs are used to encrypt KDs distributed to other
devices; whereas KDs are used to encrypt data communications.
However, emerging cryptographic systems can and will have many more
types of keys, and finer granularity in the controlled export and
import of these key types will be required.  This finer control is
achievable with control vectors.

      Associated with each key is a 128-bit control vector. The
control vector contains a key type field and other attributes for
controlling the usage of the key.  The control vector for a key
encrypting key also contains a list of key types specifying the key
types that are permitted to be encrypted with this key encrypting key
(i.e., the key types that can be exported or imported).

      Fig. 1 illustrates a cryptographic system consisting of a
cryptographic facility 1 capable of executing a set of cryptographic
instructions 2, a key storage 3, a cryptographic facility access
program (CFAP) 4, and an application program 5.  The cryptographic
facility contains a register for the storage of a secret system
master key (KM). All keys stored outside the cryptographic facility
are encrypted under KM.  The cryptographic instruction set 2 contains
a Reencipher From Master Key (RFMK) instruction for exporting keys, a
Reencipher To Master Key (RTMK) instruction for importing keys, and a
Generate Key Set (GKS) instruction for generating keys.

      Certain preliminary key generation and key distribution
functions are presumed to have been previously accomplished, e.g., as
part of a system initialization step.  The following is presumed to
have been performed:  A key encrypting key KEK1 with associated
control vector C1 has been generated and encrypted under the system
master key (KM) and stored in the key data set.  Likewise, a data key
KD2 with associated control vector C2 has been generated, encrypted
and stored in the key data set.

      Fig. 2 illustrates the steps necessary to export KD2 under
KEK1.  A request is made by an application program to export KD2
under the key encrypting key shared with another cryptographic
device.  Note that the encrypted form of KEK1 is e*KM.C1(KEK1) and in
this form it may be used as an EXPORTER key.  The encrypted form of
KD2 is e*KM.C2 (KD2). For the sake of discussion, assume that the
application holds e*KM.C2(KD2) and passes it and control vector C2 as
parameters to CFAP as part of the export request.  CFAP processes the
request as follows:  the encrypted value of KEK1 and its control
vector C1 are accessed...