Method and apparatus for validating entry of cryptographic keys

Assignee

• International Business Machines Corporation · US

Inventors

• Ronald M. Smith, Sr. · Wappingers Falls, US
• Phil C. Yeh · Poughkeepsie, US
• Randall J. Easter · Poughkeepsie, US
• Donald B. Johnson · Manassas, US
• An Van Le · Manassas, US
• Stephen M. Matyas · Manassas, US
• Julian Thomas · Blooming Grove, US
• John D. Wilkins · Somerville, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/088
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cryptographic facility implements a multiple key part import procedure. The installation manager can verify that a key part has been correctly entered and has not been compromised. The security requirement for the procedure is that no single party can subvert the system security by misusing the procedure. This is accomplished by the use of a control-vector-dependent verification pattern to indicate that each key part has been accepted by using the proper control vector and the use of different key switch positions to specify whether the key part is a master key part or an operational key part and whether the key part is a first part or a subsequent key part. The apparatus provides an automatic reset of the key part register at the completion of each key-entry instruction so that each key part can be imported only once. This prevents the same key part from being imported twice as different key part types. The apparatus also prevents a key part from being combined with itself to create a known key. The procedure is fail-safe so that the program cannot steal a key part from a previously failed procedure.