method and apparatus for the secure transfer of objects between
TRANSCRIPT
United States Patent [19] Smith, Sr. et al.
USOO6 144744A
[11] Patent Number: 6,144,744 [45] Date of Patent: *Nov. 7, 2000
[54] METHOD AND APPARATUS FOR THE SECURE TRANSFER OF OBJECTS BETWEEN CRYPTOGRAPHIC PROCESSORS
[75] Inventors: Ronald M. Smith, Sr., Wappingers Falls; Edward J. D’Avignon, Kingston, both of NY; Robert S. DeBellis, Raleigh, NC; Phil Chi-Chung Yeh, Poughkeepsie, NY.
[73] Assignee: International Business Machines Corporation, Armonk, NY.
[*] Notice: This patent issued on a continued pros ecution application ?led under 37 CFR 1.53(d), and is subject to the tWenty year patent term provisions of 35 U.S.C. 154(a)(2).
[21] Appl. No.: 08/885,612
“Efficient Methods for TWo Party Entity Authentication and Key Exchange in a High Speed Environment” by E. Basturk et al., IBM Technical Disclosure Bulletin, vol. 38, No. 03, Mar. 1995. “Message Replay Prevention Using a Previously Transmit ted Random Number To Sequence The Messages” by W. C. Martin, IBM Technical Disclosure Bulletin, vol. 27, No. 3, Aug. 1984. “Personal Veri?cation and Message Authentication Using Personal Keys” by R. E. Lennon et al., IBM Technical Disclosure Bulletin, vol. 24, No. 12, May 1982. “SNA Bind Security Enhancement” by R. E. Lennon et al., IBM Technical Disclosure Bulletin, vol. 26, No. 10A, Mar. 1984. “Transaction Incrementing Message Authentication Key” by W. D. Hopkins, IBM Technical Disclosure Bulletin, vol. 26, No. 1, Jun. 1983.
Primary Examiner—Thomas R. Peeso Assistant Examiner—Todd Jack Attorney, Agent, or Firm—William A. Kinnaman, Jr.
[57] ABSTRACT
[22] Flled: Jun‘ 30’ 1997 Objects such as master keys or object protection keys that [51] Int. c1.7 ..................................................... .. H04K 9/00 are kept in a Protected environment of n crypto module are [52] US. Cl. ............................ .. 380/45; 380/47; 380/257; Securely transferred between modules by means of transport
705/53; 705/54 keys. The transport keys are generated by public key pro [58] Field of Search ................................ .. 380/21 45 47 Cedures and are inaccessible Outside the modules‘ Master
380/257; 395/186; 705/53, 54; 413/150: keys are encrypted under the transport key Within the 153 protected environment of the source module, transmitted in
encrypted form to the target module, and decrypted With the [56] References Cited transport key Within the protected environment of the target
module. Object protection keys that are encrypted under a US- PATENT DOCUMENTS ?rst master key kept in the protected environment of the
4 405 829 9/1983 Rivest et a1‘ ' source module are decrypted With the ?rst master Within the 4j755:940 7/1988 Brachtl et aL _ protected environment of the source module before being 5,313,521 5/1994 Torii et al. .............................. .. 380/21 encrypted under the transport key- The Object Protection 5,572,590 11/1996 Chess _ keys are encrypted under a second master key Within the 5,796,830 8/1998 Johnson etal. ......................... .. 380/21 protected environment of the target module after being 5,850,444 12/1998 Rune ....................................... .. 380/21 decrypted With the transport key. The procedure is secure
OTHER PUBLICATIONS
“Applied Cryptography” Second Edition, Protocols, Algo rithms and Source Code in C, by B. Schneier, 1996, pp. 466—471.
CRYPTO MODULE 100 ____ ____|'/
since the transport key, the master keys and the object protection keys are never made available outside the pro tected environments of the crypto modules.
26 Claims, 24 Drawing Sheets
'- ———————————————— -—g-—-—— 160 I AUTHORITIES ‘54 PCB ’/ r-m WORK SECURITY
PSEUDO I SWIoN OFFICER
1'35 0 156 RANDOM A] NUMBER SIGNATURE /REQUIREMENT/ GENERATOR
ARRAY (88A) AUTHORIZATION 134
9 REGISTERS r’
mm In “*3 ‘50 Inn “6 mmlisml 1n
/ / /
WORK SECURITY STATION OFFICER
A5 DIGITAL SIGNATURE VERIFIER
] 26 1 14 1 1 8
I___ ______________________ __
SIGNED UNSICNED UNSIGNED ‘247 REPLY REQUEST iREPLY I 16 COMMAND
l
U.S. Patent Nov. 7,2000 Sheet 2 0f 24 6,144,744
211 212 213 214 215 216 217
00 a 16 7 32140748 56' 63 210x
8 H 2 K114 ——'— QUERY IF (QID) (16 BYTES)
2.29 24
311 312 313 314 315 316 4 OO 8 16 7 32140 48 63
K310 8
CRYPTO MODULE ID (GMID)(16 BYTES) g)
24
CRYPTO MODULE SIGNATURE SN (16 BYTES) 3_
SIGNED 40 PORTION?
:: ORIGINAL QUERY MESSAGE (24 BYTES) :: IA)
64 K124
126~\ L ,L / REPLY TO QUERY /
Fl 3 _59
\208
126 ’ HASH SIGNATURE (128 BYTES) ::
336
U.S. Patent Nov. 7,2000 Sheet 3 0f 24 6,144,744
411 412 4137 414 415 416V” A 00 s 16 32340 48' 56' 63/410
8
CRYPTO MODULE lD (CMID)(16 BYTES) A»- 420
{ 24
120_\ TRANSACTION SERIAL NO. (TSN)(16 BYTES) /— 430
40 ,- 440
i COMMAND DATA :i
k m A» 118
:: HASH SIGNATURE (128 BYTEs) ::
m + 128
K116
U.S. Patent Nov. 7, 2000 Sheet 4 0f 24 6,144,744
gLTTEO 7/502 16 [504 32 1/506 48 [508 63 0 ASM ACM DXM DCM s
/ S|GNATURE~REQU|REMENT ARRAY (SRA) {8O BYTEST / 88 A
BYTE SIGNATURE-REQUIREMENT ARRAY (sRA) r156 O ENTRY 0, FOR LOAO AUTHORIZATION PUBLIC MODULUS (LAP) /—602
8 ENTRY 1, FOR LOAO PKSC CONTROL BLOCK (LCB) /~602
I6 ENTRY 2, FOR ZEROIZE DOMAIN (2O) "602
24 ENTRY 3, FOR LOAO ENVIRONMENT-CONTROL MASK (LEC)
32 ENTRY 4, FOR EXTRACT AND ENCRYPT MASTER KEY (xEM)
4O ENTRY 5, FOR LOAD KEY PART (LKP)
48 ENTRY 6, FOR EXTRACT AND ENCRYPT SMK OR RMK (XES OR xER)
7.
8,
9,
56 ENTRY FOR LOAD AND COMBINE SMK OR RMK (LCS OR LCR)
64 ENTRY FOR REENCIPHER TO SMK OR RMK (RTS OR RTR)
72 ENTRY FOR REENCIPHER FROM SMK OR RMK (RFS OR RFR)
FIG.6
SRA ENTRY 704
r C1 C2 C3 MAsK 1 MASK 2 MAsK 3
U.S. Patent Nov. 7, 2000 Sheet 5 0f 24 6,144,744
BIT 0 1s 32 63 BYTE _/802 I/8O4 0 SSM CSA :4 BYTES}
8 PCID 310 0115s; 806-—/'
24 F150
/ C88 4128 BYTES} f 152| -
\sos
Fl .8
411 412 413 414 415 416 417
BIT 07 8 816 Z 32? 40 Z48 zss?cs ’ BYTE . . . . . .
0 ‘00103’ ‘0088’ ‘30' SX ‘00' ‘00"’410 (CMID) r116
8 CRYPTO MODULE 10 /_ 116 was; 420
120\ 24 TRANSACTION SN (TSN) pm < 116 BYTES}
40 051311 PENDING 001111114110 10 /_44O (P010) {16 BYTES}
50/ HASH 510114110115 7-118 . {128 BYTES} I
0 184
FIG.9
U.S. Patent Nov. 7, 2000 Sheet 6 0f 24 6,144,744
ORIGINAL COMMAND
‘ /IOO2 CLEAR SIGNATURE SUMMARY MASK (SSM)
[I000 1004
SIGNATURE VERIFICATION
BIT SET ?
1006
SET SSM BIT OF ORIGINAL SIGNING AUTHORITY
‘I [1008 EXAMINE SRA ENTRY FOR ORIGINAL
COMMAND TO DETERMINE IF SIGNATURE REQUIREMENTS ARE SATISFIED
IOIO
SATISFIED
?
/IOI2 EXECUTE COMMAND
‘I /I O1 A REPLY To REQUESTOR
U.S. Patent
IG.11
Nov. 7, 2000 Sheet 7 0f 24 6,144,744
COSIGN COMMAND
/1102 COMPARE CSBFI FIELD OF REQUEST MESSAGE WITH
PCID IN PCR
I104
NO
YES /1 106
SET SSM BIT OF COSIGNING AUTHORITY
I 1108 EXAMINE SRA ENTRY FOR ORIGINAL
COMMAND TO DETERMINE IF SIGNATURE REQUIREMENTS ARE SATISFIED
EXECUTE COMMAND
‘I 11111r REPLY TO REQUESTOR
U.S. Patent Nov. 7,2000 Sheet 8 0f 24 6,144,744
211 212 213 214 215 216 217
BIT 07 8 216 Z 32? 411F423 ZSG?B BYTE . - - . - .
0 0002' ‘0018’ '00’ ‘0000' ‘00"’210 {-114
8 QUERY ID (QID) 116 BYTES; 2A)
24
£12
311 312 313 314 315 316
B1TO 8216 Z32Z40€48Z 63 BYTE I 1
0 ‘00"83’ ‘0150' ‘0000' ‘0002'
f 8 CRYPTO MODULE 10 (CMID) {16 BYTES; @
24 CRYPTO MODULE SlGNATURE SN H6 BYTES} _0
ORIGINAL QUERY MESSAGE 40/ £24 BYrES; j / ‘"124
128\ 1 64 CRYPTO CONFIGURATION CONTROL
(CCC) {16 BYTES; L02 350 80 CRYPTO MODULE PUBLIC MODULUS / (CMPM) £126 BYTES§ 1304/
208 / HASH SIGNATURE / l 1126 BYTES; 1_26 I
L 336
FIG.13
U.S. Patent Nov. 7, 2000 Sheet 9 0f 24 6,144,744
211 212 213 214 215 216 217
BIT O7 8 216 K 32? 40848 FSG?Is BYTE . . . . . .
0 ‘00"02’ ‘0018’ ‘01"00' Ox ‘OO’rZm F114
8 QUERY ID (QIO) 118 BYTES§ 2Q
24
FIG.14
311 312 315 314 315 316
8ITO 8W6 Z32Z4OZ48 Z 63 BYTE - I I v
0 ‘00"83’ ‘0150' ‘00"00’ ‘0002'
r 8 CRYPTO MODULE IO (CMID) 116 8YTES; __O
24 CRYPTO MODULE SIGNATURE SN {18 BYTES§ __0
ORIGINAL QUERY MESSAGE 40/ 124 BYTES§ @ / "124
128\ I 64 AUTHORIZATION PUBLIC MOOULUS
/ (APM) 1128 BYTES} 1502/ 350 192 TRANSAGTION SN
(TSN) §16 BYTES§ 1504 208 HASH SIGNATURE
/ 1128 BYTES§ 126 / l — J L 336
FIGJ 5
U.S. Patent Nov. 7,2000 Sheet 11 0f 24 6,144,744
MASTER KEY TRANSFER
T
ESTABLTSH TRANSPORT KEY 1702 ,/17OO
EXTRACT KEY PART FROM FIG.17 FIRST CRYPTO MODULE USING F1704
EXTRACT AND ENCRYPT MASTER KEY (XEM) COMMAND
T
LOAD KEY PARTAINTO SECOND CRYPTO MODULE USING LOAD "1706 KEY PART (LKP) COMMAND
SOURCE KEY CSB.F2
kpt=‘CLEAR’ T ‘ kpt=‘ENCRYPTED"
BTK_, etk2 HASH BTK._> d’ck
T T T
B B HP lNPUT E X X KEY PART
EXTRACT AND ENCRYPT MASTER KEY (XEM) LOAD KEY PART (LKP)
FIG.18 F|G.19
U.S. Patent Nov. 7,2000 Sheet 12 0f 24 6,144,744
BITO 8 16 32 40 48 56 63 BYTE 0 ‘0003' ‘0088’ ‘74' SX dx mkr
8 CRYPTO MODULE ID (CMID) {16 BYTEs;
24 TRANSACTION SN (TSN) {16 BYTEs;
CSB.F1 hp OF BASIC TRANSPORT KEY 40 hp(BTK) §16 BYTES} 56 / HASH SIGNATURE /
3128 BYTES; 184
mkr KEY TO BE EXTRACTED
1 MASTER KEY 2 AUX MASTER KEY
U.S. Patent Nov. 7, 2000 Sheet 13 0f 24
BITO 8 16 32 4O 48 56 63 BYTE O ‘00"03’ ‘OOCB’ ‘75’ sx dx kpt
8 CRYPTO MODULE ID (CMID) {16 BYTES§
24 TRANSACTION SN (TSN) {16 BYTEST
4O CSB.F1 hp OF BASIC TRANSPORT KEY hp(BTK) {16 BYTEST
56 CSB.F2 CLEAR/ENCRYPTED KEY PART KP / etk2(KP) {16 ems}
72 HASH SIGNATURE / ma ems;
200 l
BTKT" (-3
/ J
6,144,744
U.S. Patent Nov. 7,2000 Sheet 14 0f 24 6,144,744
T BTKT-> d BTKP’ d
T T
2502\\ AUTHENTICATION PARAMETER (AP)
/25OO 2504\\ ENCRYPTED OPI<
2506-\ PUBLIC PORTION
2508\\ PRIVATE PORTION
FIG.25
U.S. Patent Nov. 7,2000 Sheet 15 0f 24 6,144,744
ENCAPSULATED OBJECT TRANSFER
T
ESTABLISH PKA TRANSPORT KEY /—26Q2 PKT
DECRYPT ENCRYPTED OPK r2604 USING SOURCE PMK 2600
RFR OR T / RFS
REENCRYPT OPK UNDER /-—26Q6 TRANSPORT KEY PKT
l TRANSMIT REENCRYPTED OPK /-—2608
TO TARGET MODULE
T DECRYPT OPK USING TRANSPORT r26“;
KEY PTK RTR OR T RTS
ENCRYPT OPK UNDER r2612 TARGET PMK
FIG.26
U.S. Patent Nov. 7,2000 Sheet 16 0f 24 6,144,744
CSB.F2
K_, ded3
H927 INPUT KEY
V V HASH
PTK__> etk5 PATTERN (HP)
T } EPX PX HP
CSBFZ
PTK_> dtk?
H923 lNPUT KEY
T T HASH
K _, 6085 PATTERN
(HP)
EPX PX HP
U.S. Patent Nov. 7, 2000 Sheet 17 0f 24
IBIT O 8 16 32 4O 48 56 63 BYTE O ‘00' ‘03' ‘OOE8’ ‘79' SX dx pmr
8 CRYPTO MODULE ID (CMID) {16 BYTESZ
24 TRANSACTION SN (TSN) 316 BYTES}
4O CSBFI hp OF PKA TRANSPORT KEY hp(PTK) {16 MES;
56 CSBFZ ENCRYPTED OBJECT PROT. KEY e3*PMK(OPK) {4s BYTESI
104/ HASH SIGNATURE / I {128 BYTESI J
232
F|G.29
IBIT O 8 I6 32 4O 48 56 63 BYTE O ‘O0’ ‘O3’ ‘OOE8’ ‘78’ sx dx prnr
8 CRYPTO MODULE ID (CMID) I16 BYrEs;
24 TRANSACTION SN (TSN) :16 BYTESI
4O CSBFI hp OF PKA TRANSPORT KEY hp(PTK) {I6 BYTESI
56 CSB.F2 ENCRYPTED OBJECT PROT. KEY etk5(OPK) {4s BYTESI
104/ HASH SIGNATURE / 1 I128 BYTESI I
232
FIG.3O
6,144,744