Cryptographic file security for single domain networks

Assignee

• International Business Machines Corporation · US

Inventors

• William F. Ehrsam · Hurley, US
• Robert C. Elander · Saugerties, US
• Stephen M. Matyas · Manassas, US
• Carl H. W. Meyer · Portage, US
• John L. Smith · Woodstock, US
• Walter L. Tuchman · Woodstock, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/125
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A file security system for data files associated with a host data processing system. The host system includes a data security device which contains a secure host master key and is capable of performing a variety of cryptographic operations. At initialization time, the host system generates a series of file keys for the associated storage media and protects them by enciphering the file keys under a variant of the host master key. When a data file is to be created, a random number is generated and defined as an operational key enciphered under the file key of a designated storage media. The host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key under control of the host master key into a form which permits the operational key to be used for enciphering host data. The operational key enciphered under the file key of the designated storage media, as header information, together with the host data enciphered under the operational key is written on the storage media as an enciphered data file. When the data file is recovered, the host data security device, using the enciphered file key of the designated storage …