Cryptographic file security for multiple domain networks

Assignee

• International Business Machines Corporation · US

Inventors

• William F. Ehrsam · Hurley, US
• Robert C. Elander · Saugerties, US
• Stephen M. Matyas · Manassas, US
• Carl H. W. Meyer · Portage, US
• Richard J. Sahulka · Woodstock, US
• Walter L. Tuchman · Woodstock, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2153
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file recovery key is provided at the second host system and the second host system data security device performs a cryptographic operation to transform the file recovery key i…