This invention relates to cryptographic communication and file security techniques using terminals and, more particularly, to a terminal having a data security device which performs enciphering and deciphering operations using system or private keys to permit cryptographic communications and file security in a data processing network.
With the increasing number of computer end users, sharing of a common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecure communication lines or be stored on portable media such as magnetic tapes or disks for prolonged periods of time. Because of the insecurity of communication lines, the portability of storage media and the long periods of time before data files may be recovered, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmitted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/dicipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data communication network may include a complex of communication terminals connected via communication lines to a single host system and its associated resources such as the host programs and locally attached terminals and data files. Within the data communication network, the domain of the host system is considered to be the set of resources known to and managed by the host system. Various single domain data communication networks have been developed in the prior art using cryptographic techniques for improving the security of data communication within the network. In such networks, a cryptographic facility is provided at the host system and at various ones of the remote terminals. In order for the host system and a remote terminal to perform a cryptographic communication, both must use the same cryptographic algorithm and a common operational cryptographic key so that the data enciphered by the sending station can be deciphered at the receiving station. In prior art cryptographic communication arrangements, the operational key to be used at the sending station is communicated by mail, telephone or courier to the receiving station so that a common operational key is installed at both stations to permit the cryptographic communications to be performed. Furthermore, the operational key was kept for a relatively long period of time. In order to present a "moving target" to an opponent, other prior art arrangements developed techniques which improved security by changing operational keys dynamically where the frequency of changing keys is done automatically by the system. One such technique is provided in the IBM 3600 Finance Communication System utilizing the IBM 3614 consumer transaction facility as remote terminals and is exemplified by U.S. Pat. No. 3,956,615 issued May 11, 1976. In that system, an enciphered operational or data encrypting key is transmitted over the communication line from the host system to the remote communication terminal. The enciphered data encrypting key is deciphered and then used as the current data encrypting key for all data transmissions. However, with this type of arrangement, since the current data encrypting key must be readily available for the data transmissions it is stored in the clear at the remote terminal thereby making the system somewhat unsecure by the clear keys being susceptible to possible accessibility by unauthorized personnel. Additionally, with this type of system, when the current data encrypting key is to be changed, a new data encrypting key enciphered under the old data encrypting key is transmitted to the remote terminal where it is deciphered and then used as the new current data encrypting key. However, with this type of arrangement, since each new current data encrypting key is a function of the preceeding current data encrypting key, the system becomes unsecure if one current data encrypting key becomes accessible as it will permit the current ciphertext to be deciphered and will permit all succeeding data encrypting keys to be obtained thereby allowing all succeeding ciphertext to be diciphered.
As the size of data communication networks increases, other host systems may be brought into the network to provide multiple domain networks with each host system having knowledge of and managing its associated resources which make up a portion or domain of the network. By providing the proper cross domain data link between the domains of the network, two or more domains may be interconnected to provide a networking facility. Accordingly, as the size of the network increases and the number of communication lines interconnecting the network increases and the number of data files sharing sensitive data increases, there is an increasing need to provide communication security for data transmitted over such communication lines and to provide file security for data stored in data files.
Accordingly, it is an object of the invention to provide a terminal capable of maintaining the security of data transmissions in a data communication network.
Another object of the invention is to provide a terminal having a data security device for enciphering/deciphering message blocks of data under control or a protected terminal cryptographic key.
A further object of the invention is to provide a terminal cryptographic facility in a data communication network without having to provide terminal cryptographic keys in the clear outside of the facility.
Still another object of the invention is to establish communication sessions between a terminal cryptographic facility and a host system in a data communication network in a secure manner.
Still a further object of the invention is to establish secure cryptographic communication sessions between a host and a terminal in a data communication network by providing the terminal with a data encrypting key enciphered under a secondary communication key for each new communication session.
Still another object of the invention is to provide a terminal cryptographic facility which is maintained in a logically and physically protected area of the terminal.
Still a further object of the invention is to provide a terminal data security device which includes a hardware implementation of the data encryption standard algorithm adopted as the United States Federal Data Processing Standard.
Still another object of the invention is to provide a terminal data security device having interfaces to which plaintext/ciphertext input data and operation requests are presented and from which ciphertext/plaintext output data is presented.
Still a further object of the invention is to provide a terminal cryptographic facility which includes cryptographic apparatus, a terminal master cryptographic key memory and a working key register whereby the contents of the terminal master key memory, the working key register and intermediate results of the cryptographic operation are only accessible to the cryptographic apparatus.
Still another object of the invention is to provide a terminal cryptographic facility for performing a write master key function to selectively store a terminal cryptographic key used for encrypting/decrypting other cryptographic keys in a master key memory by manual or terminal control means.
Still a further object of the invention is to provide a terminal cryptographic facility having a battery powered terminal master key memory to allow terminal master key retention when system power is not present.
Still another object of the invention is to provide a terminal cryptographic facility for performing a terminal master key overwrite function whenever a new terminal master key is to be used by the facility.
Still a further object of the invention is to provide a terminal cryptographic facility having a working key register for storing a terminal cryptographic key used to personalize the encrypting/decrypting operation of the terminal cryptographic facility.
Still another object of the invention is to provide a terminal cryptographic facility for performing a load key direct function to directly store a terminal data encrypting key in a working key register of the terminal cryptographic facility.
Still a further object of the invention is to provide a terminal cryptographic facility for performing a decipher key function to decipher a data encrypting key enciphered under a terminal master key to obtain the data encrypting key for storage in a working key register.
Still another object of the invention is to provide a terminal cryptographic facility for performing an encipher function for enciphering input plaintext under control of a data encrypting key stored in a working key register to produce output ciphertext.
Still a further object of the invention is to provide a terminal cryptographic facility for performing a decipher function for deciphering input ciphertext under control of a data encrypting key stored in a working key register to produce output plaintext.
Still another object of the invention is to provide a terminal cryptographic facility for performing a decipher function for deciphering a data encrypting key enciphered under a terminal master key to obtain the data encrypting key within the facility for use in enciphering input cleartext into output ciphertext.
Still a further object of the invention is to provide a terminal cryptographic facility for performing a decipher function for deciphering a data encrypting key enciphered under a terminal master key to obtain the data encrypting key within the facility for use in deciphering ciphertext enciphered under the data encrypting key into cleartext.
Still another object of the invention is to provide a terminal having a data security device which deciphers an enciphered data encrypting key used for data enciphering/deciphering operations under selective control of a system or private key encrypting key to permit cryptographic data transmissions in a data communication network.
Still a further object of the invention is to provide a terminal having a data security device which performs data enciphering/deciphering operations under control of a private data encrypting key to permit private cryptographic data transmissions in a data communication network.
Still another object of the invention is to provide terminals having data security devices associated with different domains of a multiple domain communication network with the terminal associated with one domain performing data enciphering/deciphering operations under control of a private data encrypting key and the terminal associated with another domain performing enciphering/deciphering operations under control of the same private data encrypting key to permit cross domain cryptographic data transmissions in the multiple domain communication network.
Still a further object of the invention is to provide a terminal capable of maintaining the security of data for storage in a private file or a data processing system.
Still another object of the invention is to provide a terminal having a data security device for enciphering message blocks of data under control of a private data encrypting key for secure storage in a private file of a data processing system.
Still a further object of the invention is to provide a terminal having a data security device for deciphering message blocks of enciphered data recovered from a private file of a data processing system under control of the same private data encrypting key which was used to create the enciphered data file.
Still another object of the invention is to provide terminals having data security devices associated with different data processing systems with the terminal associated with one system enciphering data under control of a private data encrypting key for secure storage in a private portable file which is transported to and installed in another system where the terminal associated with that system can decipher the enciphered data recovered from the private data file under control of the same private data encrypting key which was used to create the enciphered data file.
In accordance with the invention, a terminal is provided to permit cryptographic data transmissions in a data communication network. The terminal has an integrated data security device which includes a memory for storing a terminal master key acting as a key encrypting key, cryptographic apparatus for ciphering input data under control of a cryptographic key stored in a working key register to produce ciphered output data and an interface adapter to which operation requests are presented and plaintext/ciphertext are presented for application as input data to the cryptographic apparatus and from which ciphertext/plaintext data is presented as applied from the ciphered output data of the cryptographic apparatus. The terminal master key may be loaded into the master key memory by manual means or under terminal control by a write master key operation request to the interface adapter. Additionally, the terminal is key synchronized with the host system by reception and deciphering of synchronizing data from the host system consisting of a data encrypting key enciphered under the terminal master key. This is accomplished by accessing the terminal master key memory for transferring the master key to the working key register and by applying the synchronizing data as input data to the cryptographic apparatus. The cryptographic apparatus then deciphers the synchronizing data under control of the terminal master key to obtain the synchronizing data encrypting key which is then loaded into the working key register replacing the terminal master key previously stored therein. Encipher/decipher operation requests may then proceed to encipher plaintext under control of the data encrypting key in the working key register to produce ciphertext for transmission to the host system or to decipher ciphertext received from the host system under control of the data encrypting key in the working key register to produce plaintext.
The terminal data security device also provides an arrangement which permits a variety of applications using a pre-defined private data encrypting key. With a load key direct operation request to the interface adapter the private data encrypting key may be directly loaded into the working key register as the working key. This allows subsequent encipher/decipher operations to proceed under control of the private data encrypting key. In a data processing system where portable data files are created, secure storage and later recovery of data files may be accomplished by directly loading a private data encrypting key into the working key register and enciphering the data to be stored under control of the private data encrypting key when the data file is to be created and using the same private data encrypting key in the working key register when the enciphered data file is later recovered and is to be deciphered.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of a preferred embodiment of the invention, as illustrated in the accompanying drawings.