1. Field of the Invention
This invention relates to a method and apparatus for performing strong encryption or decryption of data using special encryption functions of a cryptographic facility. More particularly, the invention relates to a method and apparatus for performing 56-bit DES encryption of data for financial processing or other purposes using a cryptographic facility whose data encryption and decryption functions have been degraded to conform with export limitations.
2. Description of the Related Art
SET (Secure Electronic Transaction) is a protocol developed jointly by VISA International, MasterCard, and other companies for safeguarding payment card purchases made over open networks. The SET protocol specifies the use of DES (Data Encryption Standard) encryption and decryption using an 8-byte DES encryption key for the protection of purchase information and payment card information. A key length shorter than eight bytes is not allowed.
The U.S. Government regulates the export of products providing general purpose strong encryption. The use of DES with encryption keys longer than 40 bits for data encryption/decryption is not allowed on most machines shipped outside the U.S. Such machines are configured in the manufacturing environment so that hardware-implemented DES encryption or decryption is not enabled for invocation by software. SET itself is exportable. Products which implement the SET protocol currently do so via a software implementation. This implementation is not as secure as a hardware-based implementation because cryptographic keys appear in the clear in main storage.
The problem being solved is how to meet the SET protocol standards which require the use of DES encryption/decryption with an 8-byte DES encryption key in a secure manner (i.e., without disclosing keys in the clear) on a machine which does not have 56-bit DES enabled for software use.