1. Technical Field
The invention disclosed broadly relates to data processing systems and methods and more particularly relates to cryptographic systems and methods for use in data processing systems to enhance security.
2. Related Patent Applications
The following co-pending patent applications are related to this invention and are incorporated herein by reference.
B. Brachtl, et al., "Controlled Use of Cryptographic Keys Via Generating Stations Established Control Values," Ser. No. 55,502, filed March 1987, and assigned to the IBM Corporation, now U.S. Pat. No. 4,805,017.
S. M. Matyas, et al., "Data Authentication Using Modification Detection Codes Based on Public One Way Encryption Function," Ser. No. 90,633, filed Aug. 28, 1987, assigned to the IBM Corporation, now U.S. Pat. No. 4,908,861.
S. M. Matyas, et al., "Secure Management of Keys Using Control Vectors," Ser. No. 231,114, filed Aug. 11, 1988, assigned to the IBM Corporation, Now U.S. Pat. No. 4,941,176.
S. M. Matyas, et al., "Data Cryptography Operations Using Control Vectors," Ser. No. 401,486, filed Aug. 30, 1989, assigned to the IBM Corporation, now U.S. Pat. No. 4,918,728.
S. M. Matyas, et al., "Personal Identification Number Processing Using Control Vectors," Ser. No. 398,300, filed Aug. 24, 1989, assigned to the IBM Corporation, now U.S. Pat. No. 4,924,514.
S. M. Matyas, et al., "Secure Management of Keys Using Extended Control Logic," Ser. No. 398,299, filed Aug. 24, 1989, assigned to the IBM Corporation, now U.S. Pat. No. 4,924,515.
S. M. Matyas, et al., "Secure Management of Keys Using Control Vectors With Multi-Path Checking," Ser. No. 344,165, filed Apr. 27, 1989.
3. Background Art
The above referenced co-pending patent applications, which are incorporated herein by reference, describe a cryptographic architecture for validating that key management functions requested for a cryptographic key in a data processing system, have been authorized by the originator of the key. The above referenced co-pending patent applications describe a control vector checking unit within a cryptographic facility, which contains the entire repertoire of control vector checking code for the intended applications of the system. However, one can envision applications wherein the sequence of control vector checking steps might be modified, for example where security improvements are desired for a particular protected application. Other circumstances where one might envision the need for changing the control vector checking code within the control vector checking unit would include a crypto facility having a control vector checking unit with a relatively small storage capacity for control vector checking code. In that circumstance, where subsidiary applications are mutually exclusive, such as a banking application where a checking transaction is mutually exclusive of a loan application, a central repository such as the bank's CPU, could transmit to the control vector checking unit, only that amount of control vector checking code necessary to perform the particular subsidiary application. When a different subsidiary application is desired to be executed, the control vector checking unit would be programmed with a different control vector checking code sequence by the bank's CPU.