This invention relates to cryptographic communication security techniques and, more particularly, to communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and associated communication terminals each having a data security device which permits cryptographic operations to be performed.
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecure communication lines. Because of the insecurity of communication lines, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmitted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data communication network may include a complex of communication terminals connected via communication lines to a single host system and its associated resources such as the host programs and locally attached terminals and data files. Within the data communication network, the domain of the host system is considered to be the set of resources known to and managed by the host system. Various single domain data communication networks have been developed in the prior art using cryptographic techniques for improving the security of data communication within the network. In such networks, a cryptographic facility is provided at the host system and at various ones of the remote terminals. In order for the host system and a remote terminal to perform a cryptographic communication, both must use the same cryptographic algorithm and a common operational cryptographic key so that the data enciphered by the sending station can be deciphered at the receiving station. In prior art cryptographic communication arrangements, the operational key to be used at the sending station is communicated by mail, telephone or courier to the receiving station so that a common operational key is installed at both stations to permit the cryptographic communications to be performed. Furthermore, the operational key was kept for a relatively long period of time. In order to present a "moving target" to an opponent, other prior art arrangements developed techniques which improved security by changing operational keys dynamically where the frequency of changing keys is done automatically by the system. One such tenchique is provided in the IBM 3600 Finance Communication System utilizing the IBM 3614 consumer transaction facility as remote terminals and is exemplified by U.S. Pat. No. 3,956,615 issued May 11, 1976.
As the size of data communication networks increases, other host systems may be brought into the network to provide multiple domain networks with each host system having knowledge of and managing its associated resources which make up a portion or domain of the network. By providing the proper cross domain data link between the domains of the network, two or more domains may be interconnected to provide a networking facility. Accordingly, as the size of the network increases and the number of communication lines interconnecting the domains of network increases, there is an increasing need to provide communication security for data transmitted over such communication lines connecting the domains of a multiple domain communication network.
Accordingly, it is an object of the invention to maintain communication security of data transmissions in a multiple domain network.
Another object of the invention is to establish cryptographic communication sessions between host systems in different domains of a multiple domain network without revealing the keys of each host system to the other host system.
A further object of the invention is to maintain communication security of data transmission between a terminal associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still another object of the invention is to maintain communication security of data transmissions between an application program associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still a further object of the invention is to provide a cross-domain key which allows communication sessions to be established between different domains of a multiple domain network.
Still another object of the invention is to provide a cross-domain key which is known by a sending and receiving host system in different domains of a multiple domain network.
Still a further object of the invention is to create cross-domain keys for cross-domain data communications between a host system in one domain and host systems in other domains of a multiple domain network.
Still another object of the invention is to create a cross-domain key for cross-domain data communications by generating a pseudo-random number which is defined as the cross-domain key.
Still a further object of the invention is to maintain the security of cross domain keys by protecting them under a host key encrypting key.
Still another object of the invention is to protect a cross domain key under a key encrypting key of a sending host system in one domain and under a different key encrypting key of a receiving host system in another domain of a multiple domain network.
Still a further object of the invention is to protect a cross domain key under a variant of the master key of a sending host system in one domain and under a different variant of the master key of a receiving host system in another domain of a multiple domain network.
Still another object of the invention is to protect cross-domain keys used for data transmissions from the host system in one domain to the host system in another domain by a first host key encrypting key and to protect cross domain keys used for data transmissions from the host system in the other domain to the host system in the one domain by a second host key encrypting key.
Still a further object of the invention is to establish a common operational key between host systems in different domains of a multiple domain network to permit cross domain cryptographic operations to be performed.
Still another object of the invention is to establish a common operational key for a terminal in one domain and an application program in another domain to permit cross domain cryptographic operations to be performed.
Still a further object of the invention is to provide an irreversible transformation function which uses a protected cross-domain key at a sending host system in one domain to encipher a session key for transmission to a receiving host system in another domain of a multiple domain network.
Still another object of the invention is to provide an irreversible transformation function at a receiving host system using a protected cross-domain key to reencipher a received session key from encipherment under a cross-domain key to encipherment under the master key of the receiving host system.
Still a further object of the invention is to reencipher a session key created at a host system in one domain from encipherment under a host master key to encipherment under a cross-domain key for transmission to the host system in another domain.
Still another object of the invention is to reencipher a session key created at a host system in one domain from encipherment under a host master key to encipherment under a terminal key encrypting key of a terminal associated with the host system in the one domain with which a communication session is to be established.
Still a further object of the invention is to dynamically create a session key by generating a pseudo random number defined as a session key enciphered under an application key.
Still another object of the invention is to create application keys for the application programs associated with a host system in a data communication network.
Still a further object of the invention is to protect application keys by enciphering them under a host key encrypting key.
Still another object of the invention is to reencipher a session key created at a host system in one domain from encipherment under an application key to encipherment under the master key of the host system.
Still a further object of the invention is to dynamically create a different operational key for each new communication session between the host systems in different domains of a multiple domain network.
Still another object of the invention is to provide different operational keys for each new communication session between a terminal associated with a host system in one domain and an application program associated with a host system in another domain of a multiple domain network.
Still a further object of the invention is to provide host data security devices for host systems in different domains of a multiple domain network to permit cross-domain cryptographic data communication.
In accordance with the invention, a multiple domain data communication network is provided in which each domain includes a host system with an integrated data security device and associated host programs and communication terminals with integrated data security devices. The data security devices of the host systems and the communication terminals include a memory for storing a master key and cryptographic apparatus for ciphering input data under control of a cryptographic key to produce ciphered output data. For cross-domain communication between the host system in one domain and the host system in another domain, the host data security device of each host system generates a random number which is defined as a cross domain key for cross domain communication between the two host systems and is communicated in a secure manner to the other host system. The cross-domain key generated at each host system is protected at that host system by encipherment under a first key encrypting key and stored in enciphered form as a sending cross-domain key while the cross-domain key received at that host system from the other host system is protected by encipherment under a second key encrypting key and stored in enciphered form as a receiving cross-domain key. When a communication session is to be established between the host system in one domain and the host system in another domain, the host data security device of the originating host system generates a random number which is defined as being a session key enciphered under the host master key of the originating host system. The originating host data security device then performs a transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the originating host master key to encipherment under the sending cross-domain key for transmission to the host system of the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received enciphered session key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the host master key of the receiving host system. At this point, the common session key is available in useable form at both host systems without revealing the master keys of each host system to the other host system and so as to permit subsequent cryptographic operations to be performed between the two host systems.
Other arrangements are also provided which permit a variety of communication security applications in a multiple domain network. In one such arrangement, a communication session is established between a terminal associated with a host system in one domain and an application program associated with a host system in another domain. The host data security device of the sending host system, in addition to generating the cross-domain key, generates a series of random numbers each of which is defined as the terminal master key for a terminal associated with the host system and is communicated to each terminal user in a secure manner for loading into the data security device of the respective terminals. The host data security device then enciphers and stores each of the terminal master keys under the same host key encrypting key which protects the cross-domain key to maintain the terminal keys in a secure manner. When a communication session is to be established between one of the terminals and the host system in the other domain, the host data security device generates a pseudo random number which is defined as being a session key enciphered under the host master key. The host data security device then performs a first transformation function in accordance with the enciphered terminal master key of the terminal and the enciphered session key to reencipher the session key from encipherment under the host master key to encipherment under the terminal master key. The host data security device then performs a second transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the host master key to encipherment under the sending cross-domain key. The session key enciphered under the terminal master key and the session key enciphered under the sending cross-domain key are then transmitted to the host system in the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received session key enciphered under the sending cross-domain key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the host master key of the receiving host system which is in useable form to carry out subsequent cryptographic operations at the host system in the other domain. The receiving host system then transmits the received session key enciphered under the terminal master key to the terminal with which the session is to be established. At this point, the common session key is available in useable form at both the terminal of the host system in the one domain and the host system in the other domain without having revealed the master keys of each host system to the other host system so as to permit subsequent cryptographic data processing operations to be performed between the two units in the different domains.
In another arrangement, using similar architecture, a communication session is established between an application program associated with a host system in one domain and an application program associated with a host system in another domain. The host data security device of the host system in the one domain, in addition to generating the sending cross-domain key, generates a series of random numbers each of which is defined as the application key for an application program associated with the host system. The host data security device then enciphers and stores each of the application keys under a key encrypting key which is different than the one which protects the sending cross-domain key to maintain the application keys in a secure manner. When a communication session is to be established between the application programs in the different domains, the host data security device generates a pseudo random number which is defined as a session key enciphered under the application key of the application program of the sending host system. The host data security device then performs a first transformation function in accordance with the enciphered application key and the enciphered session key to reencipher the session key from encipherment under the application key to encipherment under the sending host master key. The host data security device then performs a second transformation function in accordance with the enciphered sending cross-domain key and the enciphered session key to reencipher the session key from encipherment under the sending host master key to encipherment under the sending cross-domain key. The session key enciphered under the application key and the session key enciphered under the sending cross-domain key are then transmitted to the host system in the other domain. At the receiving host system in the other domain, the receiving host data security device performs a transformation function in accordance with the enciphered receiving cross-domain key stored at the receiving host system and the received session key enciphered under the sending cross-domain key to reencipher the session key from encipherment under the sending cross-domain key to encipherment under the receiving host master key which is in useble form to carry out subsequent cryptographic operations by the application program at the receiving host system. The receiving host system then transmits the received session key enciphered under the application key to the application program of the sending host system with which the session is to be established. The application program at the sending host system requests the host data security device to perform another transformation function in accordance with the enciphered application key stored at the sending host system and the received enciphered session key to reencipher the session key from encipherment under the application key to encipherment under the sending host master key. At this point, the common session key is available in useable form at both host systems without having revealed the master keys of each host system to the other host system so as to permit subsequent cryptographic data processing operations to proceed between the two application programs in the different domains.
In addition, the above arrangements may include the use of pre-defined private terminal keys, private application keys or private session keys made known to both host systems to permit private cryptographic operations to be performed.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of a preferred embodiment of the invention, as illustrated in the accompanying drawings.