This invention relates to cryptographic communication security techniques in a single domain network and, more particularly, to a single domain network which includes a host and communication terminals each having a data security device which performs enciphering and deciphering operations using system or private keys to permit cryptographic communication security in a data processing network.
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be transmitted across unsecure communication lines. Because of the insecurity of communication lines, there is an increasing concern over the interception or alteration of sensitive data which must pass outside a controlled or protected environment or which may become accessible if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the medium over which it is transmitted or the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext in encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted for deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data communication network may include a complex of communication terminals connected via communication lines to a single host system and its associated resources such as the host programs and locally attached terminals and data files. Within the data communication network, the domain of the host system is considered to be the set of resources known to and managed by the host system. Various single domain data communication networks have been developed in the prior art using cryptographic techniques for improving the security of data communication within the network. In such networks, a cryptographic facility is provided at the host system and at various ones of the remote terminals. In order for the host system and a remote terminal to perform a cryptographic communication, both must use the same cryptographic algorithm and a common operational cryptographic key so that the data enciphered by the sending station can be deciphered at the receiving station. In prior art cryptographic communication arrangements, the operational key to be used at the sending station is communicated by mail, telephone or courier to the receiving station so that a common operational key is installed at both stations to permit the cryptographic communications to be performed. Furthermore, the operational key was kept for a relatively long period of time. In order to present a "moving target" to an opponent, other prior art arrangements developed techniques which improved security by changing operational keys dynamically where the frequency of changing keys is done automatically by the system. One such technique is provided in the IBM 3600 Finance Communication System utilizing the IBM 3614 consumer transaction facility as remote terminals and is exemplified by U.S. Pat. No. 3,956,615 issued May 11, 1976. In that system, an enciphered operational or data encrypting key is transmitted over the communication line from the host system to the remote communication terminal. The enciphered data encrypting key is deciphered and then used as the current data encrypting key for all data transmissions. However, with this type of arrangement, since the current data encrypting key must be readily available for the data transmissions it is stored in the clear at the remote terminal thereby making the system somewhat unsecure by the clear keys being susceptible to possible accessibility by unauthorized personnel. Additionally, with this type of system, when the current data encrypting key is to be changed, a new data encrypting key enciphered under the old data encrypting key is transmitted to the remote terminal where it is deciphered and then used as the new current data encrypting key. However, with this type of arrangement, since each new current data encrypting key is a function of the preceeding current data encrypting key, the system becomes unsecure if one current data encrypting key becomes accessible as it will permit the current ciphertext to be deciphered and will permit all succeeding data encrypting keys to be obtained thereby allowing all succeeding ciphertext to be deciphered.
Accordingly, it is an object of the invention to maintain the security of data transmissions in a data communication network.
Another object of the invention is to provide a host system having a data security device for enciphering/deciphering message blocks of data under control of a protected host cryptographic key.
A further object of the invention is to provide a host cryptographic facility in a data communication network without having to provide host cryptographic keys in the clear outside of the facility.
Still another object of the invention is to establish cryptographic communication sessions between a terminal and a host system in a data communication network in a secure manner.
Still a further object of the invention is to provide a common operational key for a terminal and the host in a data communication network to permit enciphering/deciphering operations to be performed using the common operational key.
Still another object of the invention is to dynamically create a common operational key by generating a pseudo random number defined as an enciphered operational key.
Still a further object of the invention is to create secondary communication keys for the secure terminals associated with the data communication network by generating pseudo random numbers each being defined as a secondary communication key.
Still another object of the invention is to maintain the security of secondary communication keys by enciphering them under a variant of the host master key.
Still a further object of the invention is to reencipher the enciphered operational key to an operational key enciphered under the secondary communication key.
Still another object of the invention is to provide the reenciphered operational key to the terminal with which a communication session is desired.
Still a further object of the invention is to dynamically create a different operational key for each new communication session between the host and a terminal in the data communication network.
Still another object of the invention is to provide a host cryptographic facility which is maintained in a logically and physically protected area.
Still a futher object of the invention is to provide a host data security device which includes a hardware implementation of the data encryption standard algorithm adopted as the United States Federal Data Processing Standard.
Still another object of the invention is to provide a host data security device having interfaces to which plaintext/ciphertext input data and operation requests are presented and from which ciphertext/plaintext output data is presented.
Still a further object of the invention is to provide a host cryptographic facility which includes cryptographic apparatus, a host master cryptographic key memory and a working key register whereby the contents of the host master key memory, the working key register and intermdiate results of the cryptographic operation are only accessible to the cryptographic apparatus.
Still another object of the invention is to provide a host cryptographic facility for performing a write master key function to selectively store a host cryptographic key used for encrypting/decrypting other cryptographic keys in a master key memory by manual or host control means.
Still a further object of the invention is to provide a host cryptographic facility having a battery powered host master key memory to allow host master key retention when system power is not present.
Still another object of the invention is to provide a host cryptographic facility for performing a host master key overwrite function whenever a new host master key is to be used by the facility.
Still a further object of the invention is to provide a host cryptographic facility having a working key register for storing a host cryptographic key used to personalize the encrypting/decrypting operation of the host cryptographic facility.
Still another object of the invention is to provide a host cryptographic facility for performing a decipher key function to decipher a data encrypting key enciphered under a host master key to obtain the data encrypting key in clear form for storage in a working key register.
Still a further object of the invention is to provide a host cryptographic facility for performing an encipher function for enciphering input plaintext under control of a data encrypting key stored in a working key register to produce output ciphertext.
Still another object of the invention is to provide a host cryptographic facility for performing a decipher function for deciphering input ciphertext under control of a data encrypting key stored in a working key register to produce output plaintext.
Still another object of the invention is to provide a host cryptographic facility for performing a decipher function for deciphering a data encrypting key enciphered under a host master key to obtain the data encrypting key in clear form within the facility for use in enciphering input cleartext into output ciphertext.
Still a further object of the invention is to provide a host cryptographic facility for performing a decipher function for deciphering a data encrypting key enciphered under a host master key to obtain the data encrypting key in clear form within the facility for use in deciphering ciphertext enciphered under the data encrypting key into cleartext.
Still another object of the invention is to provide a host data security device which deciphers an enciphered data encrypting key used for data enciphering/deciphering operations under selective control of a system or private key encrypting key to permit cryptographic data transmissions in a data communication network.
Still a further object of the invention is to provide a host data security device which performs data enciphering/deciphering operations under control of a private data encrypting key to permit private cryptographic data transmissions in a data communication network.
In accordance with the invention, a data communication network is provided having a host with an integrated data security device and associated terminals each having an integrated data security device to permit cryptographic data transmissions between the host and the associated terminals. The host data security device includes a memory for storing a host master key, cryptographic apparatus for ciphering input data under control of a cryptographic key stored in a working key register to produce ciphered output data and an interface adapter to which operation requests are presented and plaintext/ciphertext are presented for application as input data to the cryptographic apparatus and from which ciphertext/plaintext data is presented as applied from the ciphered output data of the cryptographic apparatus. The host master key may be loaded into the master key memory by manual means or under host control by a write master key operation request to the interface adapter. The host data security device then generates a series of random numbers each of which is defined as the terminal master key for an associated terminal in the network and communicated to each terminal user in a secure manner for loading into the data security device of the respective terminals. The host data security device then enciphers and stores each of the terminal master keys under a variant of the host master key to maintain the terminal keys in a secure manner. When communication is desired between the host and one of the associated terminals, the host data security device generates a pseudo random number which is defined as an operational key enciphered under the host master key. The host data security device then performs a transformation function which reenciphers the operational key enciphered under the host master key to the operational key enciphered under the terminal master key by using the previously produced enciphered operational key and the enciphered terminal master key. The operational key enciphered under the terminal master key is then transferred as key synchronizing data to the terminal over the communication line connecting the host and the terminal. The terminal is key synchronized with the host system by reception and deciphering of the synchronizing data from the host system. This is accomplished by deciphering the synchronizing data under control of the terminal master key to obtain the operational key, in clear from, which is loaded into the working key register replacing the terminal master key previously stored therein. Encipher operation requests may then proceed to encipher terminal plaintext under control of the operational key in the working key register to produce terminal ciphertext for transmission to the host. At the host, upon receipt of the terminal ciphertext, a decipher operation request causes the host cryptographic apparatus to decipher the enciphered operational key under control of the host master key to obtain the operational key, in clear form, which is loaded into the working key register replacing the host master key previously stored therein. The ciphertext received from the terminal i.e. terminal data enciphered under the operational key, is then deciphered under control of the operational key presently in the working key register to produce the terminal plaintext. In a similar manner, plaintext at the host is enciphered under the operational key at the host and transmitted to the terminal where it is deciphered under control of the common operational key now stored at the terminal.
Other arrangements are also provided which permit a variety of communication security applications using a pre-defined private terminal master key. Additionally a further arrangement is provided which permits a communication security application using a pre-defined private data encrypting key. At the terminal, the private data encrypting key can be loaded directly into the working key register by a load key direct function. At the host, after the private data encrypting key has been received in a secure manner and loaded into the host, an encipher operation is performed to encipher the private key under the host master key in order to maintain it in a secure manner. Then, when communication is to be had between the host and the terminal, the host deciphers the enciphered private data encrypting key and loads it as the working key in the host working key register. With the private data encrypting key now present in the key registers of the host and terminal, subsequent encipher/decipher operations can proceed under control of the common private data encrypting key.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of a preferred embodiment of the invention, as illustrated in the accompanying drawings.