1. Field of the Invention
This invention relates to the use of cryptography within general purpose computers. More particularly, this invention relates to techniques for changing master keys which are used to encipher other keys using a data encryption algorithm.
2. Background Art
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecured communication lines. Because of the insecurity of communication lines, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmitted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
In a secure cryptographic system it is essential that no key appear in the clear outside the secure facility. Normally, it is impractical to keep all keys inside the secure facility. Rather, these keys are encrypted under a master key; then, only the master key need be maintained within the secure facility. In such a system there is a requirement to periodically change the master key without significant interruption to normal operation.
The action involved in changing the master key consists of several steps. The collection of these steps is called the conversion process. That moment in the conversion process at which the new master key becomes active is called the switchover.
As part of the conversion process, those keys which have been encrypted under the previous master key must be converted to be encrypted under the new master key. This conversion requires that both master keys be available inside the secure facility at the same time. Part of this conversion may occur before the switchover, and part after the switchover. Before the switchover, the two master keys involved are called the current-master key and the new-master key. After the switchover, they are called the old-master key and current-master key, respectively.
Since the time to reencipher keys is significant, it is desirable to perform as much of the conversion as possible in advance of the switchover. The majority of the keys to be converted in systems such as IBM's MVS/SP reside in a special data set, called the cryptographic key data set (CKDS). The keys on the CKDS can be reenciphered to a new version of the CKDS as a batch operation before the master key is changed. However, not all keys are kept in the CKDS and some application programs may have old copies of CKDS entries. There is no easy way to locate these keys and they must be converted after the switchover.
A "control vector" technique exists for controlling the usage of cryptographic keys. It is described in U.S. Pat. No. 4,924,514 by S. M. Matyas, et al., issued May 8, 1990; U.S. Pat. No. 4,924,515 by S. M. Matyas, et al., issued May 8, 1990; U.S. Pat. No. 4,918,728 by D. Abraham, et al., issued Apr. 17, 1990 and U.S. Pat. No. 4,941,176 by S. M. Matyas, et al., all assigned to the assignee of the present invention. These patents are incorporated herein by reference.