1. Field of the Invention
This invention relates generally to cryptographic coprocessors employed in server computer systems, and more particularly to providing a method, article, and system for the effective implementation for securely transferring symmetric encryption keys to remote devices, such as Automated Teller Machines (ATMs), PIN entry devices, and point of sale terminals. It may also be used to transfer symmetric keys to another cryptographic system of any type, such as a Host Security Module (HSM) in a computer server.
2. Description of the Related Art
Automated Teller Machines (ATMs), PIN entry devices, and point of sale terminals have become a central feature of modern life and have become quite prevalent in and out of the work environment. For example, during the course of the day, a user may utilize an ATM to conduct financial transactions, purchase gas for an automobile from a point of sale terminal in the form of a fuel pump via a credit or debit card, and purchase food at the grocery store in a checkout line with a point of sale terminal also with a credit or debit card. In all these instances, security is a prime concern, and an individual's data (card number, passwords, account numbers, etc.) must be kept secure and out of reach from unintended parties. In addition, access to controls and machine settings must be secured. The securing of sensitive data is normally accomplished through the use of encryption or encoding of the data. Encrypted data is only supposed to be accessible to an intended party with use of an encryption key to decipher the encoded information. The widespread use of electronic transaction processing applications has increased the demands for improved features, ease of use, and improved security.
Remote Key Loading refers to the process or loading symmetric encryption keys to a remotely located device, such as an ATM, from a central administrative site. The process encompasses two phases of key distribution:                1. Distribution of initial key encrypting keys (KEKs) to a newly installed device. A KEK is a type of symmetric encryption key that is used to encrypt other keys so they can be securely transmitted over unprotected paths.        2. Distribution of operational keys or replacement KEKs, enciphered under a IEK currently installed in the device.        
A new ATM, when it is delivered from the manufacturer and being put into operation, has none of the affiliated bank's or service provider's security keys pre-installed. The process of getting the first key securely loaded in the ATM is a difficult one. Loading the first KEK into each ATM manually, in multiple cleartext key parts has typically been the security key loading process. In this process, two separate people must carry key part values to the ATM, and load them manually. Once inside the ATM, they are combined to form the actual KEK. In this manner, neither of the two people has the entire key, protecting the key value from disclosure or misuse. This method is labor-intensive and error-prone, making it expensive for the banks or service providers.
When an ATM is in operation, the bank or service provider can install new keys as needed by sending them enciphered under a KEK it installed at an earlier time. This is straightforward in concept, but the cryptographic architecture in the ATMs is often different from that of the host system sending the keys, and it is difficult to export the keys in a form understood by the ATM. For example, cryptographic architectures often enforce key usage restrictions, in which a key is bound to data describing limitations on how it can be used. The encoding of these restrictions and the method used to bind them to the key itself differs among cryptographic architectures, and it is often necessary to translate the format to that understood by the target device before a key can be transmitted. It is difficult to do this without reducing security in the system by making it possible to arbitrarily change key usage restrictions. The reduction in the level of security could potentially introduce holes that could permit misuse of the key management functions to attack the system.
The present invention is directed to addressing, or at least reducing the effects of, one or more of the problems set forth above, through the introduction of a new secure data structure called a trusted block. This disclosure describes a new and novel method for providing the necessary cryptographic functions to create and manage the special key forms needed for remote key distribution of this type. The invention described here also provides a mechanism through which the system owner can securely control these translations, preventing the majority of attacks that could be mounted by modifying usage restrictions.
Glossary
Access Control—A mechanism for regulating access to resources, data or services based on the role and identity of individual users.
AND—When capitalized in this fashion, refers to the “AND” boolean operation.
API Function—Application programming interface is the interface that a computer system, library, or application provides in order to allow requests for services to be made of it by other computer programs, and/or to allow data to be exchanged between them.
BER encoding—Basic Encoding Rules for ASN.1 (Abstract Syntax Notation One, defined in the X.208 standard). ASN.1 is a flexible notation that allows one to define a variety of data types, from simple types such as integers and bit strings to structured types such as sets and sequences, as well as complex types defined in terms of others. BER describes how to represent or encode values of each ASN.1 type as a string of eight-bit octets.CBC—Cipher Block Chaining mode of encryption.CCA—The Common Cryptographic Architecture, a cryptographic architecture and related APIs developed by IBM and used in many IBM cryptographic products.CCA token—A key structure used to carry CCA keys in various formats. The token can be either an internal token or an external token as defined below.Cleartext—The form of a message or data that is transferred or stored without cryptographic protection.Confounder—A bit string that is used to initialize the encryption-block chaining value so that the encrypted result is different each time a data value is encrypted.Control vector, or CV—That portion of a CCA key token that describes how the key may be used. This information is defined in published IBM documentation: IBM PCI Cryptographic Coprocessor CCA Basic Services Reference and Guide.CVG—The Control Vector Generate service. This service generates a CV based on a key type.DES—Data Encryption Standard—DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal digits. To do the encryption, DES uses “keys” where are also apparently 16 hexadecimal digits long, or apparently 64 bits long. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, 64 bits (16 hexadecimal digits) is the round number upon which DES is organizedDouble length CV—A control vector that is 16 bytes in length.Double length Key—A DES key that is 16 bytes in length.DSV service—The Digital Signature Verify service. This service performs a digital signature verification using the public key found within the trusted block.EDE—Encrypt, Decrypt, Encrypt. This describes a method of implementing Triple DES.Exporter key—A type of transport key, which is used to wrap a key that will be used at a different node.External key—A key that is for exchange with another cryptographic device. This key is encrypted with a transport key, also called a key-encrypting key (KEK). The KEK is shared with the other device to which the key may be transmitted.IMP-PKA—A limited authority importer KEK (key encrypting key) used to protect PKA (public-key algorithm) structures when they are in external form.Importer key—A type of transport key, which is used to unwrap a key that will be used at a node.IV—Initial vector. This is a value used in CBC mode encryption.Input block—A trusted block token, which gets updated during the trusted block creation process.Internal key—A key that is for use on the local cryptographic device. This key is encrypted with a master key associated with the cryptographic device.Key encrypting key (KEK)—A symmetric key that is used to encrypt a key for transport to another device. Both devices must have the same KEK key value so that one can encrypt a key with it, and the other can decrypt the key after it is received. Also called a Transport key.Keyword—An option that will direct the specific processing of a process or routine.KVP—A Key Verification Pattern. This is a cryptographically-calculated hash of a key's cleartext value, which can be used to verify that the correct key value is used, without disclosing any information about any bits of the key itself.Label—A string which can be used to reference a key token that has been stored in a file or other repository.MAC—A Message Authentication Code. This is a cryptographically-computed checksum, which uses a cryptographic key to produce a fixed-length hash of a variable-length message string. The MAC will change if any portion of the message is changed, or if the wrong key is used.MAC key—A key designated for the purpose of computing a MAC (Message Authentication Code).Master key—A key stored in a secure cryptographic device for the purpose of encrypting keys to be used in that device which are stored externally in unprotected storage.MDC-2—The 2-encryption per stage version of the Modification Detection Code hashing algorithm discussed in the CCA Basic Services Reference and Guide (available from IBM Corporation, Armonk, N.Y., and at www.ibm.com/security/cryptocards).MKVP—Master key verification pattern.PKA Master Key—Public Key Algorithm master key—a master key used to encrypt keys for public-key algorithms such as RSA.PKCS 1.0—Digital Signature Hash Block 1 Formatting Method described in the PKCS #1 v2.0 standard at website: www.rsasecurity.com/rsalabs/pkcs.PKCS 1.1—Digital Signature Hash Block 0 Formatting Method described in the PKCS #1 v2.0 standard at website: www.rsasecurity.com/rsalabs/pkcs.PKCS 1.2—A method of formatting keys described in the PKCS #1 v2.0 standard at website: www.rsasecurity.com/rsalabs/pkcs.PKI service—The Public Key Import service. This service converts an RSA key or trusted block from external form to internal form. The PKI service is used to implement the Trusted Block Import service.RKX service—The Remote Key Export service is a method of secured transport of DES keys from a security module (e.g. the 4764 Cryptographic Coprocessor) to a remote device, e.g. Automated Teller Machine or vise versa, using asymmetric or symmetric techniques. The DES keys to be transported are either key encrypting keys that are generated within the 4764, or alternately, operational keys or replacement KEKs enciphered under a KEK currently installed in a remote device. This service accepts as input parameters: a public key certificate, a transport key, a rule ID to identify the appropriate rule section to be used within a trusted block, an importer key, a source key, optional extra data that can be used as part of the OAEP key wrapping process, and key check parameters that are required to calculate the key check value. This service outputs a symmetric encrypted key, an optional asymmetric encrypted key, and an optional key check value.RKX token, or RKX key token—A data structure used to encase a key that is generated, or exported by the RKX service. The RKX token contains: a length field indicating the size of the data it contains, an 8 byte confounder, an encrypted key that is either 8, 16, or 24 bytes in size, a rule ID identifying the trusted block rule that was used to create the RKX token, and a MAC value. The MAC value is an ISO-16609 TDES CBC mode MAC that is computed over the RKX token starting at offset zero in the token and including all fields up to but not including the MAC value field itself.RSA OAEP—A method of formatting a key for secure transport described in the PKCS #1 v2.0 standard at website: www.rsasecurity.com/rsalabs/pkcs.Single Length Key—A DES key that is 8 bytes in length.Single Length CV—A control vector that is 8 bytes in lengthTBC service—Trusted Block Create service. This service creates a trusted block in external form under dual or multiple control.TDES—Triple DESTriple DES—A mode of the DES encryption algorithm in which each block of data is encrypted three times with either two or three different eight-byte keys in order to provide increased security.TLV—Acronym for “Tag Length Value”. This refers to a data structure design in which there exists: a tag field identifying the data structure as a particular type; a length field of the entire structure including the tag, length, and value fields; and a value field which may be any number of bytes long.Token—A data structure representing a series of bytes that are to be treated as an entity. The structure can contain cryptographic key material, control vectors or other data related to the key.Transport key—See Key encrypting key.Triple Length Key—A DES key that is 24 bytes in length.Trusted Block—A data structure protected by a MAC that typically contains an RSA public key and optional information (rules) to control export of other keys associated with the device(s) that use that public key. For remote key distribution, the public key will be the root certification key for the remote device vendor, and it will be used to verify the signature on public key certificates for individual remote devices. In this case, the Trusted Block will also contain Rules that will be used to generate or export DES keys for the ATM or other remote devices. It is also possible for the Trusted Block to be used simply as a trusted public key container, and in this case the Public Key in the block will be used in CCA functions such as Digital Signature Verify. In summary, the trusted block is a data structure formatted to contain (1) zero or one trusted public key section, (2) zero or more rule sections, (3) zero or one trusted block label section, (4) one trusted block information section, and (5) zero or one application defined data section.Variant—A value used to modify a key value. The variant is generally a binary string of the same length as the key, and it is exclusive-ORed with the key value to produce a variant key that is used for some cryptographic operation.XOR—This refers to the “exclusive OR” Boolean operation.