Cryptographic communication security for multiple domain networks

Assignee

• International Business Machines Corporation · US

Inventors

• William F. Ehrsam · Hurley, US
• Robert C. Elander · Saugerties, US
• Lloyd L. Hollis · Cary, US
• Richard E. Lennon · Saugerties, US
• Stephen M. Matyas · Manassas, US
• Carl H. W. Meyer · Portage, US
• Jonathan Oseas · Hurley, US
• Walter L. Tuchman · Woodstock, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/125
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the se…