Browse Prior Art Database

Handshake Protocol for Data Privacy Keys

IP.com Disclosure Number: IPCOM000107982D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2005-Mar-22
Document File: 4 page(s) / 190K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR

Abstract

This article describes a handshake protocol between two cryptographic devices, A and B, who share a common privacy key KD. A privacy key is a key used to encrypt and decrypt data. The handshake protocol authenticates each device to the other, thus ensuring that each device is in communication with a valid counterpart device possessing the same privacy key KD. The key may have usage attributes permitting it to encrypt data only (E=1, D=0), decrypt data only (E=0, D=1), or both (E=1, D=1). The described handshake protocol operates regardless of whether the usage attributes associated with A's copy of KD and B's copy of KD are the same or different. For example, A's copy of KD might have an encrypt-only attribute (E=1, D=0) and B's copy of KD might have a decrypt-only attribute (E=0, D=1).

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 37% of the total text.

Handshake Protocol for Data Privacy Keys

       This article describes a handshake protocol between two
cryptographic devices, A and B, who share a common privacy key KD.  A
privacy key is a key used to encrypt and decrypt data.  The handshake
protocol authenticates each device to the other, thus ensuring that
each device is in communication with a valid counterpart device
possessing the same privacy key KD.  The key may have usage
attributes permitting it to encrypt data only (E=1, D=0), decrypt
data only (E=0, D=1), or both (E=1, D=1).  The described handshake
protocol operates regardless of whether the usage attributes
associated with A's copy of KD and B's copy of KD are the same or
different.  For example, A's copy of KD might have an encrypt-only
attribute (E=1, D=0) and B's copy of KD might have a decrypt-only
attribute (E=0, D=1).

      Handshake protocols described in prior art assume that A and B
possess a privacy key with like key usage attributes.  For example, a
cryptographic handshake protocol in which A's copy of KD and B's copy
of KD have encrypt and decrypt capabilities (E=1 and D=1) is
described in (1).  A cryptographic handshake protocol in which A's
copy of KD and B's copy of KD have encrypt capabilities only (E=1,
D=0) is described in (2).

      However, new and improved key management designs permit A and B
to share privacy keys such that A's copy of KD and B's copy of KD
have different usage attributes.  For example, A's key may possess
only a decrypt attribute (E=0, D=1) and B's key may possess only an
encrypt attribute (E=1, D=0).  Thus, a handshake protocol capable of
supporting such new key management designs is needed.

      Fig. 1 illustrates a network of cryptographic systems (system
A, system B, etc.) that communicate over a communications link 50.
Each cryptographic system consists of a cryptographic facility (CF) 1
capable of executing a set of cryptographic instructions 2, a key
storage 3, a cryptographic facility access program (CFAP) 4, and
application programs 5.  CFAP 4 supports a set of cryptographic
functions, including an ENCIPHER function, which permits data to be
encrypted, a DECIPHER function, which permits data to be decrypted,
and an MDC GENERATE function, which permits modification detection
codes (MDCs) to be generated on data.  The ENCIPHER, DECIPHER, and
MDC GENERATE functions are accessed via the application programs at
interface 8.  CF 1 supports a set of cryptographic instructions 2,
including Encipher Data (ENCI) and Decipher Data (DECI), which are
accessed via CFAP 4 at interface 9. Data privacy keys, as well as
other keys, are electronically distributed from one system to another
via key distribution utility 6.  Fig. 1 depicts a data privacy key KD
that has been initialized at cryptographic systems A and B using key
distribution utility 6.  At system A, KD is encrypted under variant
key KM.C1, where KM.C1 is formed as the Exclusive -OR product of
master...