Abstract
A method is presented for controlling cryptographic key usage based on control vectors. Each cryptographic key has an associated control vector that defines the permitted uses of the key within the cryptographic system. At key generation, the control vector is cryptographically coupled to the key by way of a special encryption process. Each encrypted key and control vector are stored and distributed within the cryptographic system as a single token. Decryption of a key requires respecification of the control vector. As part of the decryption process, the cryptographic hardware verifies that the requested use of the key is authorized by the control vector. This article focuses mainly on the use of control vectors in cryptosystems based on the Data Encryption Algorithm.
Article PDF
Similar content being viewed by others
References
American National Standard X3.92–1981, Data Encryption Algorithm, American National Standards Institute, New York (December 31, 1981).
J. B. Dennis and E. C. VanHorn, Programming semantics for multiprogrammed computations, Communications of the Association for Computing Machinery, 9(3), 143–155 (1966).
G. S. Graham and P. J. Denning, Protection—principles and practice, Proceedings of the Spring Joint Computer Conference, Vol. 40, AFIPS Press, Montvale, N.J., 1972, pp. 417–429.
A. K. Jones, Protection in Programmed Systems, Ph.D. thesis, Department of Computer Science, Carnegie-Mellon University, Pittsburgh, Pa., 1973.
B. W. Lampson, Protection, Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, Princeton University, March 1971, pp. 437–443.
M. A. Harrison, W. L. Ruzzo, and J. D. Ullman, Protection in operating systems, Communications of the Association for Computing Machinery, 19(8), 461–471 (1976).
J. K. Iliffe and J. G. Jodeit, A dynamic storage allocation system, Computer Journal, 5, 200–209 (1962).
J. K. Iliffe, Basic Machine Principles, Elsevier/MacDonald, New York, 1st edn. 1968, 2nd edn. 1972.
M. E. Smid, Notarization System for Computer Networks, NBS Special Publication 500–54, U.S. Department of Commerce, National Bureau of Standards, Washington, D.C., October 1979.
Computer Associates, CA-ACF2, Computer Associates International, Incorporated, Garden City, New York, 1988.
IBM Corporation, Resource Access Control Facility (RACF) General Information Manual (GC28-0722), IBM Corporation, 1988.
W. F. Ehrsam, S. M. Matyas, C. H. Meyer, and W. L. Tuchman, A cryptographic key management scheme for implementing the Data Encryption Standard, IBM Systems Journal, 17(2), 106–125 (1978).
S. M. Matyas and C. H. Meyer, Generation, distribution and installation of cryptographic keys, IBM Systems Journal, 17(2), 126–137 (1978).
R. E. Lennon, Cryptography architecture for information security, IBM Systems Journal, 17(2), 138–150 (1978).
American National Standard X9.17–1985, American National Standard for Financial Institution Key Management (Wholesale), American Bankers Association, Washington, D.C., 1985.
International Standard ISO 8732, Banking—Key Management (Wholesale), International Organization for Standardization, ISO Central Secretariat, Geneva, 15 November 1988.
R. W. Jones, Some techniques for handling encipherment keys, ICL Technical Journal, 3(2), 175–188 (1982).
D. W. Davies and W. L. Price, Security for Computer Networks, 2nd edn., J. Wiley, New York, 1989, pp. 154–157.
C. H. Meyer and S. M. Matyas, Cryptography—A New Dimension in Computer Data Security, Wiley, New York, 1982, pp. 421–423.
A. J. Van de Goor, Computer Architecture & Design, Addison-Wesley, Reading, Mass., 1989, pp. 3–17.
American National Standard X9.9–1986, American National Standard for Financial Institution Message Authentication (Wholesale), American Bankers Association, Washington, D.C., 1986.
D. Coppersmith, S. Pilpel, C. H. Meyer, S. M. Matyas, M. M. Hyden, J. Oseas, B. Brachtl, and M. Schilling, Data Authentication Using Modification Detection Codes Based on a Public One Way Encryption Function, U.S. Patent No. 4,908,861 (March 13, 1990).
C. H. Meyer and M. Schilling, Secure program load with modification detection code, Proceedings of the Fifth Worldwide Congress on Computer and Communications Security and Protection (SECURICOM 88—SEDEP), 8, Rue de la Michodiere, 75002 Paris, pp. 111–130.
American National Standard X9.23–1988, American National Standard for Financial Institution Encryption of Wholesale Financial Messages, American Bankers Association, Washington, D.C., 1988.
B. Brachtl, S. M. Matyas, and C. H. Meyer, Controlled Use of Cryptographic Keys Via Generating Station Established Control Values, U.S. Patent No. 4,850,017 (July 18, 1989).
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Matyas, S.M. Key processing with control vectors. J. Cryptology 3, 113–136 (1991). https://doi.org/10.1007/BF00196792
Received:
Revised:
Issue Date:
DOI: https://doi.org/10.1007/BF00196792