1. Field of the Invention
This invention relates to computers and computer system complexes capable of performing cryptographic operations. More particularly, this invention describes a secure mechanism for translating usage-control values for cryptographic keys, for example - to exchange the keys between systems which use incompatible key usage-control values for enforcing key separation.
2. Background Art
In computer-based cryptographic systems known in the prior art, it is conventional to employ key-encrypting-keys (KEKs) to encipher other keys. To enforce "key separation" (i.e., to ensure that a key is used for a particular purpose (e.g., enciphering other keys) and not for another purpose (e.g., enciphering data)), a permutation of the KEK is known to be used for, and associated with, a particular key usage (or key type). Termed a KEK "variant" in some systems (when a fixed variant constant is Exclusive ORed with the KEK to produce the KEK permutation), or a KEK derivative in control vector based systems (when the value used in the Exclusive ORing process is a meaning-significant bit pattern), the process of applying and unapplying the necessary KEK permutations is a simple one when a single permutation scheme is used on one system, or across systems. In this case, there is one set of variant constants, or one set of control vectors. However, if communicating systems use different sets of variant constants and/or control vectors to enforce key separation, then applying and unapplying the permutations is a more complex process.
In the subsequent discussion, the term "usage-control value" is used to mean either a variant constant or a control vector, or an equivalent parameter. Also, the term "KEK derivative" or "derivative of the KEK" is used to mean the result of Exclusive ORing the KEK with a usage-control value.
One method for dealing with this problem is to install a shared KEK between the two systems, where the value of the KEK installed in one of the systems is adjusted to compensate for the difference between the usage-control values used in the two systems. This method adds complexity to the key installation process and increases the number of keys which must be installed since a different key must be installed for each type of key to be transmitted between the two systems.
Another mechanism for dealing with this problem is described in U.S. Pat. No. 4,993,069, "Secure Key Management Using Control Vector Translation", by Matyas et al., dated Feb. 12, 1991, and assigned to the same assignee as the present invention. The mechanism described in that patent was designed for a control vector based system to accommodate key exchanges with systems using incompatible control vectors, and (in keeping with the philosophy of control vector systems, where the bit positions in the constant carry significance) that mechanism entailed "control vector checking" function to assure security. The description of key separation using control vectors is generally described in U.S. Pat. No. 4,941,176, "Secure Management of Keys Using Control Vectors", by Matyas, et al., dated Jul. 10, 1990, and assigned to the assignee of the present invention. It is incorporated herein by reference.
It is an object of the present invention to provide for secure key exchange between systems with incompatible usage-control mechanisms--be those mechanisms control vector schemes, or key-encrypting key variant schemes.
Another object of this invention is to provide for secure translation of a key type between one usage-control value and another usage-control value on the same system.
It is a further object of this invention to improve usability of the interface that allows the security administrator to specify translation control information.
It is a further object of this invention to provide for secure key exchange between systems with incompatible usage-control mechanisms with minimal complexity. This includes removal of extensive checking, redundancy of translation control information, and additional key types required in the prior art.
It is still a further object of this invention to provide for secure key exchange between systems with incompatible usage-control mechanisms, with only minor modifications to known functions. The functions provided for conversion of key types are patterned closely after known functions for translation of PIN's, cipher text, and keys.