Secure management of keys using control vectors

Assignee

• International Business Machines Corporation · US

Inventors

• Stephen M. Matyas · Manassas, US
• Dennis G. Abraham · Concord, US
• Donald B. Johnson · Manassas, US
• Ramesh K. Karne · Herndon, US
• An V. Le · Manassas, US
• Rostislaw Prymak · Dumfries, US
• Julian Thomas · Blooming Grove, US
• John D. Wilkins · Somerville, US
• Phil C. Yeh · Poughkeepsie, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/12
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

The invention is an apparatus and method for validating that key management functions requested for a cryptographic key by the program have been authorized by the originator of the key. The invention includes a cryptographic facility characterized by a secure boundary through which passes an input path for receiving the cryptographic service requests, cryptographic keys and their associated control vectors, and an output path for providing responses thereto. There can be included within the boundary a cryptographic instruction storage coupled to the input path, a control vector checking unit and a cryptographic processing unit coupled to the instruction storage, and a master key storage coupled to the processing means, for providing a secure location for executing key management functions in response to the received service requests. The cryptographic instruction storage receives over the input path a cryptographic service request for performing a key management function on a cryptographic key. The control vector checking unit has an input coupled to the input path for receiving a control vector associated with the cryptographic key and an input connected to the cryptographic instr…