This invention relates to cryptographic file security techniques in a single domain network and, more particularly, to a single domain network which includes a host having a data security device which performs enciphering and deciphering operations using system or private keys to permit cryptographic file security for data to be stored and recovered from the data files.
With the increasing number of computer end users, sharing of common system resources such as files, programs and hardware and the increasing use of distributed systems and telecommunications, larger and more complex computer base information systems are being created. In such systems, an increasing amount of sensitive data may be stored on data files for long periods of time. Because of this fact, there is an increasing concern that such data files may become accessible to unauthorized persons if maintained for too long a period of time. Cryptography has been recognized as an effective data security measure in that it protects the data itself rather than the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or plaintext is encrypted or enciphered into unintelligible data called ciphertext and by which the ciphertext is decrypted or deciphered back into the plaintext. The encipherment/decipherment transformations are carried out by a cipher function or algorithm controlled in accordance with a cryptographic or cipher key. The cipher key selects one out of many possible relationships between the plaintext and the ciphertext. Various algorithms have been developed in the prior art for improving data security in data processing systems. Examples of such algorithms are described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat. No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm providing data security in data processing systems is described in U.S. Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the National Bureau of Standards as a data encryption standard (DES) algorithm and is described in detail in the Federal Information Processing Standards publication, Jan. 15, 1977, FIPS PUB 46.
A data processing network may consist of a single host system which includes a host processor, host memory, channel and its associated resources such as the host programs and locally attached terminals and data files. The domain of the host system is considered to be the set of resources known to and managed by the host system.
Cryptographic File Security in a data processing network is concerned with the protection of data while it is stored in a data file for a relatively long period of time or when it is stored in a portable storage media for transit outside the environment of the data processing network. In prior art cryptographic file security arrangements, a cryptographic facility is provided at the host system which, when sensitive data is to be stored in a data file, is invoked to encipher the data, using a cipher key known only to the user, after which the enciphered data is written to the data file. Since the enciphered data file must be read and deciphered for subsequent data processing operations, it is necessary to use the same cipher key for the decipher operation. Accordingly, file security is dependent solely on the security of the cipher key since obtaining a copy of the enciphered data file by unauthorized means or by theft of the data file by unauthorized persons will be of no avail to anyone unless he has knowledge of the cipher key used to encipher the data file. File Security, therefore, becomes dependent solely on the user's knowledge and his own actions in keeping the cipher key secret. If the stored information is shared between many users then the security of the data file is further weakened. If the cipher key is stored in the system, especially for long periods of time, a method of controlled access must be devised to assure its suitable protection. Furthermore, if the cipher key becomes known by an unauthorized person and the enciphered data file is stolen or a copy made, then total protection is lost and the data file may be recovered at any data processor which has a cryptographic facility.
Accordingly, it is an object of the invention to store data in data files associated with a single domain data processing network in a secure manner.
Another object of the invention is to maintain the security of data files for as long as the file exists.
A further object of the invention is provide a host cryptographic facility for creating and recovering data files in a secure manner.
Still another object of the invention is to provide a host data security device for enciphering/deciphering data files under control of a protected host master key.
Still a further object of the invention is to provide a cryptographic facility operating under control of a host master key for maintaining data files in a secure manner without the need for changing the data file when there is a change of the host master key.
Still another object of the invention is to create file keys for the data files associated with a data processing network by generating pseudo random numbers defined as the file keys.
Still a further object of the invention is to maintain the security of file keys by enciphering them under a variant of the host master key.
Still another object of the invention is to dynamically create an enciphered operational key by generating a pseudo random number defined as the operational key enciphered under a file key.
Still a further object of the invention is to dynamically create a different enciphered operational key for each new data file created.
Still another object of the invention is to perform a transformation function by which an operational key enciphered under a file key is transformed to the operational key enciphered under a host master key.
Still a further object of the invention is to decipher an operational key enciphered under a host master key to obtain the operational key in clear form for enciphering data for storage in data files.
Still another object of the invention is to store an operational key enciphered under a file key as header information along with enciphered data in a data file.
Still a further object of the invention is to retrieve an enciphered data file and perform a transformation function by which header information containing an operational key enciphered under a file key is transformed to the operational key enciphered under a host master key.
Still another object of the invention is to decipher an operational key enciphered under a host master key to obtain the operational key in clear form for deciphering enciphered data retrieved from a data file to obtain file data in clear form.
Still a further object of the invention is to provide a host data security device which transforms an enciphered data encrypting key used for enciphering/deciphering data files under selective control of a system or private key encrypting key.
Still another object of the invention is to provide a host data security device which performs data file enciphering/deciphering operations under control of a private data encrypting key.
In accordance with the invention, a data processing network is provided having a host with an integrated data security device and associated data files to permit cryptographic date transmissions between the host and the associated data files. The host data security device includes a memory for storing a host master key and cryptographic apparatus for ciphering input data under control of a cryptographic key to produce ciphered output data. The host data security device generates a series of random numbers each of which is defined as a file key for an associated data file in the network. The host data security device then enciphers and stores each of the file keys under a key encrypting key of the most master key to maintain the file keys in a secure manner. When a data file is to be created, the host data security device generates a pseudo random number which is defined as an operational key enciphered under the file key of the data file. The host data security device performs a transformation operation in accordance with the enciphered operational key and the enciphered file key to reencipher the operational key from encipherment under the file key to encipherment under the host master key as a file recovery key. The host data security device then deciphers the operational key enciphered under the host master key under control of the host master key to obtain the operational key, in clear form, for enciphering host plaintext to obtain host ciphertext for the data file. The file recovery key may be provided as header information or maintained as a private key for the data file. When the data file is to be recovered, the host data security performs a second transformation operation in accordance with the file key enciphered under the key encrypting key and the file recovery key obtained as header information or inputted as a private key to reencipher the operational key from encipherment under the file key to encipherment under the host master key. The host data security device then deciphers the operational key now enciphered under the host master key to obtain the operational key in clear form for deciphering the data file to obtain the host ciphertext in clear form.
Other arrangements are also provided which permit a variety of file security applications using a pre-defined private file key. Additionally a further arrangement is provided which permits a file security application using a pre-defined private data encrypting key.
The foregoing and other objects, features and advantages of the invention will be apparent from the following particular description of a preferred embodiment of the invention, as illustrated in the accompanying drawings.