Method and apparatus for providing public key security control for a cryptographic processor

Assignee

• International Business Machines Corporation · US

Inventors

• Ronald M. Smith, Sr. · Wappingers Falls, US
• Edward J. D'Avignon · Kingston, US
• Robert S. DeBellis · Raleigh, US
• Randall J. Easter · Poughkeepsie, US
• Lucina L. Green · Verbank, US
• Michael J. Kelly · Staatsburg, US
• William A. Merz · Wappingers Falls, US
• Vincent A. Spano · Poughkeepsie, US
• Phil C. Yeh · Poughkeepsie, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/68
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Public key security control (PKSC) is provided for a cryptographic module by means of digitally signed communications between the module and one or authorities with whom it interacts. Authorities interact with the crypto module by means of unsigned queries seeking nonsecret information or signed commands for performing specified operations. Each command signed by an authority also contains a transaction sequence number (TSN), which must match a corresponding number stored by the crypto module for the authority. The TSN for each authority is initially generated randomly and is incremented for each command accepted from that authority. A signature requirement array (SRA) controls the number of signatures required to validate each command type. Upon receiving a signed command from one or more authorities, the SRA is examined to determine whether a required number of authorities permitted to sign the command have signed the command for each signature requirement specification defined for that command type. A command requiring multiple signatures is held in a pending command register (PCR) while awaiting the required cosignatures. The crypto module also stores a single crypto module sig…