The present invention relates to cryptographic keys, and more specifically, to cryptographic keys in the common cryptographic architecture (CCA) services.
The CCA is often used in financial services such as payment card services to protect financial data such as user account data and verification codes. The CCA specifies a byte array of key control information called a control vector (CV) that is bound to a cryptographic key such as a data encryption standard (DES) key that is secured using a physically secure hardware security module (HSM). The CV is used in both the management of the key and to control the key usage.
Bits in the CV represent, for example, a key type that identifies broad capabilities of the key such as whether the key may encipher and/or decipher data, wrap or unwrap keys, computing or verifying message authentication codes (MACs), encrypting or decrypting personal identification number (PIN) information, and generating or verifying PIN information. The CV bits may also represent a key sub-type that is a restriction on key capability within actions supported by the key type, such as limiting the key to be used for either encrypting or decrypting, but not both. The CV bits may include key management indicators that control whether the key may be distributed, and if so, whether the key is exportable when wrapped in a key block. The key usage may also be represented in the CV bits. Key usage controls how the key may be used beyond limits imposed by the key type and key sub-type, such as, for example, limits on the types of data that may be processed by the key or types of keys that may be wrapped with the key.
The CV is usually an 8 Byte or 16 Byte quantity matching the length of a DES key to which it is bound. The CV is usually included in a CCA data structure called a key token that also includes a wrapped version of the key. The wrapping process cryptographically binds the CV to the key such that changing the CV will alter the resultant value of the key when unwrapped, rendering the key useless.