 |
Claims  |
|
|
What is claimed is:
1. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, a first host system arrangement
for creating said data file comprising:
means providing a file recovery key for said data file for subsequent
recovery at said second host system representing a primary file key
enciphered under a file cross domain key for cross domain file
communication between said first and second host systems,
means providing first host system plaintext, and
means performing a cryptographic operation to encipher said first host
system plaintext under said primary file key to obtain first host system
ciphertext for said data file.
2. In a multiple domain data processing system as defined in claim 1
wherein said file recovery key is provided as header information for said
data file.
3. In a multiple domain data processing system as defined in claim 1
wherein said file recovery key is maintained as a private file recovery
key.
4. In a multiple domain data processing system as defined in claim 1
wherein said system further includes a second host system arrangement for
recovery of said data file comprising:
means providing said file recovery key at said second host system,
means operably responsive to said file recovery key to perform a
cryptographic operation for reeinciphering said primary file key from
encipherment under said cross domain file key to encipherment under a
first key encrypting key of said second host system,
means providing said data file of first host system ciphertext at said
second host system, and
means operably responsive to said primary file key enciphered under said
first key encrypting key of said second host system and said data file of
first host system ciphertext to perform a cryptographic operation
providing said first host system ciphertext in clear form at said second
host system.
5. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, a first host system arrangement
for creating said data file comprising:
means providing a primary file key enciphered under a first key encrypting
key of said first host system,
means providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
means operably responsive to said enciphered cross domain key and said
enciphered primary file key to perform a cryptographic operation providing
a file recovery key for subsequent recovery of said data file at said
second host system,
means providing first host system plaintext, and
means operably responsive to said primary file key enciphered under said
first key encrypting key and said first host system plaintext to perform a
cryptographic operation providing first host system ciphertext for said
data file.
6. In a multiple domain processing system as defined in claim 5 wherein
said file recovery key is said primary file key enciphered under said
cross domain key.
7. In a multiple domain processing system as defined in claim 6 wherein
said first host system ciphertext is said first host system plaintext
enciphered under said primary file key.
8. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, a first host system arrangement
for creating said data file comprising:
means providing a primary file key enciphered under a first key encrypting
key of said first host system,
means providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
means operably responsive to said enciphered cross domain key and said
enciphered primary file key to perform a cryptographic operation providing
said primary file key enciphered under said cross domain key as a file
recovery key for subsequent recovery of said data file at said second host
system,
means providing first host system plaintext, and
means operably responsive to said primary file key enciphered under said
first key encrypting key and said first host system plaintext to perform a
cryptographic operation providing said first host system plaintext
enciphered under said primary file key as first host system ciphertext for
said data file.
9. In a multiple domain data processing system as defined in claim 8
wherein said first key encrypting key is a first master key and said
second key encrypting key is a second master key.
10. In a multiple domain data processing system as defined in claim 9
wherein said second master key is a variant of said first master key.
11. In a multiple domain data processing system as defined in claim 8
wherein said file recovery key is provided as header information for said
data file.
12. In a multiple domain data processing system as defined in claim 8
wherein said file recovery key is maintained as a private file recovery
key.
13. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, a first host system arrangement
for creating said data file comprising:
means providing a primary file key enciphered under a first host system
master key,
means providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a variant of
said first host system master key,
means operably responsive to said enciphered cross domain key and said
enciphered primary file key to perform a cryptographic operation providing
said primary file key enciphered under said cross domain key as a file
recovery key for subsequent recovery of said data file at said second host
system,
means providing first host system plaintext, and
means operably responsive to said primary file key enciphered under said
first host system master key and said first host system plaintext to
perform a cryptographic operation providing said first host system
plaintext enciphered under said primary file key as first host system
ciphertext for said data file.
14. In a multiple domain data processing system as defined in claim 5
wherein said system further includes a second host system arrangement for
recovery of said data file comprising:
means providing said cross domain key enciphered under a first key
encrypting key of said second host system,
means providing said file recovery key at said second host system,
means operably responsive to said cross domain key enciphered under said
first key encrypting key of said second host system and said file recovery
key to perform a cryptographic operation providing said primary file key
enciphered under a second key encrypting key of said second host system,
means providing said data file of first host system ciphertext at said
second host system, and
means operably responsive to said primary file key enciphered under said
second key encrypting key of said second host system and said data file of
first host system ciphertext to perform a cryptographic operation
providing said first host system ciphertext in clear form at said second
host system.
15. In a multiple domain data processing system as defined in claim 14
wherein said key encrypting keys of said second host system as master keys
which are different from each other.
16. In a multiple domain data processing system as defined in claim 14
wherein said first key encrypting key of said second host system is a
variant of said second key encrypting key of said second host system.
17. In a multiple domain data processing system as defined in claim 14
wherein said file recovery key is provided as header information of said
data file.
18. In a multiple domain data processing system as defined in claim 14
wherein said file recovery key is provided as a private key.
19. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain wherein said data file consists of
header information comprising a primary file key enciphered under a cross
domain key provided by said first host system and first host system
plaintext enciphered under said primary file key, a second host system
arrangement for recovery of said data file comprising:
means providing said cross domain key enciphered under a first key
encrypting key of said second host system,
means providing said primary file key enciphered under said cross domain
key at said second host system,
means operably responsive to said cross domain key enciphered under said
first key encrypting key of said second host system and said primary file
key enciphered under said cross domain key to perform a cryptographic
operation providing said primary file key enciphered under a second key
encrypting key of said second host system,
means providing said data file of first host system plaintext enciphered
under said primary file key at said second host system, and
means operably responsive to said primary file key enciphered under said
second key encrypting key of said second host system and said data file of
first host system plaintext enciphered under said primary file key to
perform a cryptographic operation providing said first host system
plaintext at said second host system.
20. In a data processing system providing file security for a data file
created by a first host system in one domain for recovery at said first
system wherein said data file consists of header information comprising a
primary file key enciphered under a secondary file key and first host
system plaintext enciphered under said primary file key, a first host
system arrangement for replacing said header information with a file
recovery key for recovery of said data file at a second host system in
another domain comprising:
means providing said secondary file enciphered under a first key encrypting
key of said first host system,
means providing said header information at said first host system,
means operably responsive to said enciphered secondary file key and said
header information to perform a cryptographic operation providing said
primary file key enciphered under a second key encrypting key of said
second host system,
means providing a cross domain key for cross domain communication between
said first and second host systems enciphered under a third key encrypting
key of said first host system, and
means operably responsive to said enciphered cross domain key and said
primary file key enciphered under said second key encrypting key of said
first host system to perform a cryptographic operation providing said
primary file key enciphered under said cross domain key as said file
recovery key.
21. In a data processing system as defined in claim 20 wherein said file
recovery key is maintained as a private key for use at said second host
system.
22. In a multiple domain data processing system providing file security for
a private data file created by a first host system in one domain and
recovered by a second host system in another domain, a first host system
arrangement for creating said data file comprising:
means providing a primary file key enciphered under a private cross domain
key as a private file recovery key,
means providing said private cross domain key enciphered under a first key
encrypting key of said first host system,
means operably responsive to said enciphered private cross domain key and
said private recovery key to perform a cryptographic operation providing
said primary file key enciphered under a second key encrypting key of said
first host system,
means providing first host system plaintext, and
means operably responsive to said primary file key enciphered under said
second key encrypting key of said first host system and said first host
system plaintext to perform a cryptographic operation providing first host
system ciphertext for said data file.
23. In a multiple domain data processing system as defined in claim 22
wherein said system further includes a second host system arrangement for
recovery of said private data file comprising:
means providing said private cross domain key enciphered under a first key
encrypting key of said second host system,
means providing said private file recovery key at said second host system,
means operably responsive to said private cross domain key enciphered under
said first key encrypting key of said second host system and said private
file recovery key to perform a cryptographic operation providing said
primary file key enciphered under a second key encrypting key of said
second host system,
means providing said private data file of first host system ciphertext at
said second host system, and
means operably responsive to said primary file key enciphered under said
second key encrypting key of said second host system and said private data
file of first host system ciphertext to perform a cryptographic operation
providing said first host system ciphertext in clear form at said second
host system.
24. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, the method of creating said data
file at said first host system comprising the steps of:
providing a file recovery key for said data file for subsequent recovery at
said second host system representing a primary file key enciphered under a
file cross domain key for cross domain file communication between said
first and second host systems,
providing first host systems plaintext, and
carrying out a cryptographic operation to encipher said first host system
plaintext under said primary file key to obtain first host system
ciphertext for said data file.
25. In the method as defined in claim 24 wherein said file recovery key is
provided as header information for said data file.
26. In the method as defined in claim 24 wherein said file recovery key is
maintained as a private file recovery key.
27. In the method as defined in claim 24 which further includes the method
of recovery of said data file at said second host system comprising the
steps of:
providing said file recovery key at said second host system,
carrying out a cryptographic operation in accordance with said file
recovery key for reenciphering said primary file key from encipherment
under said cross domain file key to encipherment under a first key
encrypting key of said second host system,
providing said data file of first host system ciphertext at said second
host system, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said first key encrypting key of said second host
system and said data file of first host system ciphertext to provide said
first host system ciphertext in clear form at said second host system.
28. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, the method of creating said data
file at said first host system comprising the steps of:
providing a primary file key enciphered under a first key encrypting key of
said first host system,
providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
carrying out a cryptographic operation in accordance with said enciphered
cross domain key and said enciphered primary file key to provide a file
recovery key for subsequent recovery of said data file at said second host
system,
providing first host system plaintext and,
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said first key encrypting key and said first host
system plaintext to provide first host system ciphertext for said data
file.
29. In the method as defined in claim 28 wherein said file recovery key is
said primary file key enciphered under said cross domain key.
30. In the method as defined in claim 29 wherein said first host system
ciphertext is said first host system plaintext enciphered under said
primary file key.
31. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain, the method of creating said data
file at said first host system comprising the steps of:
providing a primary file key enciphered under a first key encrypting key of
said first host system,
providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
carrying out a cryptographic operation in accordance with said enciphered
cross domain key and said enciphered primary file key to provide said
primary file key enciphered under said cross domain key as a file recovery
key for subsequent recovey of said data file at said second host system,
providing first host system plaintext, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said first key encrypting key and said first host
system plaintext to provide said first host system plaintext enciphered
under said primary file key as first host system ciphertext for said data
file.
32. In the method as defined in claim 31 wherein said file recovery key is
provided as header information for said data file.
33. In the method as defined in claim 31 wherein said file recovery key is
maintained as a private file recovery key.
34. In the method as defined in claim 28 which further includes the method
of recovery of said data file at said second host system comprising the
steps of:
providing said cross domain key enciphered under a first key encrypting key
of said second host system,
providing said file recovery key at said second host system,
carrying out a cryptographic operation in accordance with said cross domain
key enciphered under said first key encrypting key of said second host
system and said file recovery key to provide said primary file key
enciphered under a second key encrypting key of said second host system,
providing said data file of first host system ciphertext at said second
host system, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said second key encrypting key of said second host
system and said data file of first host system ciphertext to provide said
first host system ciphertext in clear form at said second host system.
35. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain and recovered by
a second host system in another domain wherein said data file consists of
header information comprising a primary file key enciphered under a cross
domain key provided by said first host system and first host system
plaintext enciphered under said primary file key, the method of recovery
of said data file comprising the steps of:
providing said cross domain key enciphered under a first key encrypting key
of said second host system,
providing said primary file key enciphered under said cross domain key at
said second host system,
carrying out a cryptographic operation in accordance with said cross domain
key enciphered under said first key encrypting key of said second host
system and said primary file key enciphered under said cross domain key to
provide said primary file key enciphered under a second key encrypting key
of said second host system,
providing said data file of first host system plaintext enciphered under
said primary file key at said second host system, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said second key encyrpting key of said second host
system and said data file of first host system plaintext enciphered under
said primary file key to provide said first host system plaintext at said
second host system.
36. In a data processing system providing file security for a data file
created by a first host system in one domain for recovery at said first
system wherein said data file consists of header information comprising a
primary file key enciphered under a secondary file key and first host
system plaintext enciphered under said primary file key, the method of
replacing said header information with a file recovery key for recovery of
said data file at a second host system in another domain comprising the
steps of:
providing said secondary file key enciphered under a first key encrypting
key of said first host system,
providing said header information at said first host system,
carrying out a cryptographic operation in accordance with said enciphered
secondary file key and said header information to provide said primary
file key enciphered under a second key encrypting key of said second host
system,
providing a cross domain key for cross domain communication between said
first and second host systems enciphered under a third key encrypting key
of said first host system, and
carrying out a cryptographic operation in accordance with enciphered cross
domain key and said primary file key enciphered under said second key
encrypting key of said first host system to provide said primary file key
enciphered under said cross domain key as said file recovery key.
37. In the method as defined in claim 36 wherein said file recovery key is
maintained as a private key for use at said second host system.
38. In a multiple domain data processing system providing file security for
a private data file created by a first host system in one domain and
recovered by a second host system in another domain, the method of
creating said data file comprising the steps of:
providing a primary file key enciphered under a private cross domain key as
a private file recovery key,
providing said private cross domain key enciphered under a first key
encrypting key of said first host system,
carrying out a cryptographic operation in accordance with said enciphered
private cross domain key and said private recovery key to provide said
primary file key enciphered under a second key encrypting key of said
first host system,
providing first host system plaintext, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said second key encrypting key of said first host
system and said first host system plaintext to provide first host system
ciphertext for said data file.
39. In a multiple domain data processing system as defined in claim 36
which further includes the method of recovery of said private data file
comprising the steps of:
providing said private cross domain key enciphered under a first key
encrypting key of said second host system,
providing said private file recovery key at said second host system,
carrying out a cryptographic operation in accordance with said private
cross domain key enciphered under said first key encrypting key of said
second host system and said private file recovery key to provide said
primary file key enciphered under a second key encrypting key of said
second host system,
providing said private data file of first host system ciphertext at said
second host system, and
carrying out a cryptographic operation in accordance with said primary file
key enciphered under said second key encrypting key of said second host
system and said private data file of first host system ciphertext to
provide said first host system ciphertext in clear form at said second
host system.
40. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain having
cryptographic apparatus provided with multiple keys and recovered by a
second host system in another domain having crytopgraphic apparatus
provided with multiple keys, an arrangement for creating said data file at
one of said host systems using a protected file key and recovering said
data file at the other of said host systems without revealing the multiple
keys of either of said host systems to the other of said host systems
comprising:
means providing a file recovery key for said data file at said first host
system for subsequent recovery at said second host system representing a
file key enciphered under a file cross domain key for cross domain file
communication between said first and second host systems,
means providing first host system plaintext,
means performing a cryptographic operation for enciphering said first host
system plaintext under control of said protected file key to obtain first
host system ciphertext for said data file,
means providing said file recovery key at said second host system,
means operably responsive to said file recovery key to perform a
cryptographic operation for reenicphering said file key from encipherment
under said cross domain file key to encipherment under a first key
encrypting key of said second host system,
means providing said data file of first host system ciphertext at said
second host system, and
means operably responsive to said file key enciphered under said first key
encrypting key of said second host system and said data file of first host
system ciphertext for performing a cryptographic operation to provide said
first host system ciphertext in clear form at said second host system.
41. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain having
cryptographic apparatus provided with multiple keys and recovered by a
second host system in another domain having cryptograhic apparatus
provided with multiple keys, an arrangement for creating said data file at
one of said host systems using a protected file key and recovering said
data file at the other of said host systems without revealing the multiple
keys of either of said host systems to the other of said host systems
comprising:
means providing a file key enciphered under a first key encrypting key of
said first host system,
means providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
means operably responsive to said enciphered cross domain key and said
enciphered file key to perform a cryptographic operation providing a file
recovery key for subsequent recovery of said data file at said second host
system,
means providing first host system plaintext,
means operably responsive to said file key enciphered under said first key
encrypting key and said first host system plaintext to perform a
cryptographic operation providing first host system ciphertext for said
data file,
means providing said cross domain key enciphered under a first key
encrypting key of said second host system,
means providing said file recovery key at said second host system,
means operably responsive to said cross domain key enciphered under said
first key encrypting key of said second host system and said file recovery
key to perform a cryptographic operation providing said file key
enciphered under a second key encrypting key of said second host system,
means providing said data file of first host system ciphertext at said
second host system, and
means operably responsive to said file key enciphered under said second key
encrypting key of said second host system and said data file of first host
system ciphertext to perform a cryptographic operation providing said
first host system ciphertext in clear form at said second host system.
42. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain having
cryptographic apparatus provided with multiple keys and recovered by a
second host system in another domain having cryptographic apparatus
provided with multiple keys, the method of creating said data file at one
of said host systems using a protected file key and recovering said data
file at the other of said host systems without revealing the multiple keys
of either of said host systems to the other of said host systems
comprising the steps of:
providing a file recovery key for said data file at said first host system
for subsequent recovery at said second host system representing a file key
enciphered under a file cross domain key for cross domain file
communication between said first and second host systems,
providing first host system plaintext,
carrying out a cryptographic operation to encipher said first host system
plaintext under control of said protected file key to obtain first host
system ciphertext for said data file,
providing said file recovery key at said second host system,
carrying out a cryptographic operation in accordance with said file
recovery key for reenciphering said file key from encipherment under said
cross domain file key to encipherment under a first key encrypting key of
said second host system,
providing said data file of first host system ciphertext at said second
host system, and
carrying out a crytographic operation in accordance with said file key
enciphered under said first key encrypting key of said second host system
and said data file of first host system ciphertext to provide said first
host system ciphertext in clear form at said second host system.
43. In a multiple domain data processing system providing file security for
a data file created by a first host system in one domain having
cryptographic apparatus provided with multiple keys and recovered by a
second host system in another domain having cryptographic apparatus
provided with multiple keys, the method of creating said data file at one
of said host systems using a protected file key and recovering said data
file at the other of said host systems without revealing the multiple keys
of either of said host systems to the other of said host systems
comprising:
providing a file key enciphered under a first key encrypting key of said
first host system,
providing a file cross domain key for cross domain file communication
between said first and second host systems enciphered under a second key
encrypting key of said first host system,
carrying out a cryptographic operation in accordance with said enciphered
cross domain key and said enciphered file key to provide a file recovery
key for subsequent recovery of said data file at said second host system,
providing first host system plaintext,
carrying out a cryptographic operation in accordance with said file key
enciphered under said first key encrypting key and said first host system
plaintext to provide first host system ciphertext for said data file,
providing said cross domain key enciphered under a first key encrypting key
of said second host system,
providing said file recovery key at said second host system,
carrying out a cryptographic operation in accordance with said cross domain
key enciphered under said first key encrypting key of said second host
system and said file recovery key to provide said file key enciphered
under a second key encrypting key of said second host system,
providing said data file of first host system ciphertext at said second
host system, and
carrying out a cryptographic operation in accordance with said file key
enciphered under said second key encrypting key of said second host system
and said data file of first host system ciphertext to provide said first
host system ciphertext in clear form at said second host system. |
|
 |
|
 |
Claims |
|
|
|
Description |
|
|
CROSS REFERENCE TO RELATED APPLICATIONS
This application is related to the following patent applications which are
concurrently filed herewith and assigned to the same assignee as the
present application:
1. "Cryptographic Communication and File Security Using Terminals", Ser.
No. 857,533, filed Dec. 5, 1977, by W. F. Ehrsam et al.
2. "Cryptographic Communication Security for Single Domain Networks", Ser.
No. 857,532, filed Dec. 5, 1977, by W. F. Ehrsam et al.
3. "Cryptographic File Security for Single Domain Networks", Ser. No.
857,534, filed Dec. 5, 1977, by W. F. Ehrsam et al.
4. "Cryptographic Communication Security for Multiple Domain Networks",
Ser. No. 857,531, filed Dec. 5, 1977, by W. F. Ehrsam et al.
5. "Cryptographic Verification of Operational Keys Used in Communication
Networks", Ser. No. 857,546, filed Dec. 5, 1977, by W. F. Ehrsam et. al.
BACKGROUND OF THE INVENTION
This invention relates to cryptographic file security techniques in a
multiple domain data processing system and, more particularly, to a file
security system for data files created at a first host system in one
domain and recovered at a second host system in another domain of a
multiple domain data processing system where each host system includes a
data security device which permits crytographic operations to be performed
in the creation and recovery of a data file.
With the increasing number of computer end users, sharing of common system
resources such as files, programs and hardware and the increasing use of
distributed systems and telecommunications, larger and more complex
computer base information systems are being created. In such systems, an
increasing amount of sensitive data may be stored on data files for long
periods of time. Because of this fact, there is an increasing concern that
such data files may become accessible to unauthorized persons if
maintained for too long a period of time. Cryptography has been recognized
as an effective data security measure in that it protects the data itself
rather than the media on which it is stored.
Cryptography deals with methods by which message data called cleartext or
plaintext is encrypted or enciphered into unintelligible data called
ciphertext and by which the ciphertext is decrypted or deciphered back
into the plaintext. The encipherment/decipherment transformations are
carried out by a cipher function or algorithm controlled in accordance
with a cryptographic or cipher key. The cipher key selects one out of many
possible relationships between the plaintext and the ciphertext. Various
algorithms have been developed in the prior art for improving data
security in data processing systems. Examples of such algorithms are
described in U.S. Pat. No. 3,796,830 issued Mar. 12, 1974 and U.S. Pat.
No. 3,798,359 issued Mar. 19, 1974. Another more recent algorithm
providing data security in data processing systems is described in U.S.
Pat. No. 3,958,081 issued May 18, 1976. This algorithm was adopted by the
National Bureau of Standards as a data encryption standard (DES) algorithm
and is described in detail in the Federal Information Processing Standards
publication, Jan. 15, 1977, FIPS PUB 46.
A data processing system may consist of a single host system which includes
a host processor, host memory, channel and its associated resources such
as the host programs and locally attached terminals and data files. The
domain of the host system is considered to be the set of resources known
to and managed by the host system.
Cryptographic File Security in a data processing system is concerned with
the protection of a data file which is stored in a storage media for a
relatively long period of time or when stored in a portable storage media
for transporting outside the environment of the data processing system. In
prior art cryptographic file security arrangements, when sensitive data is
to be stored in a storage media, a cryptographic facility provided at the
host system is invoked to encipher the data, using a cipher key known only
to the user, after which the enciphered data file is written to the
storage media. Since the enciphered data file must be read and deciphered
for subsequent data processing operations, it is necessary to use the same
cipher key for the decipher operation. Accordingly, file security is
dependent solely on the security of the cipher key since obtaining a copy
of the enciphered data file by unauthorized means or by theft of the data
file by unauthorized persons will be of no avail to anyone unless he has
knowledge of the cipher key used to encipher the data file. File Security,
therefore, becomes dependent solely on the user's knowledge and his own
actions in keeping the cipher key secret. If the stored information is
shared between many users then the security of the data file is further
weakened. If the cipher key is stored in the system, especially for long
periods of time, a method of controlled access must be devised to assure
its suitable protection. Furthermore, if the cipher key becomes known by
an unauthorized person and the enciphered data file is stolen or a copy
made, then total protection is lost and the data file may be recovered at
any data processor which has a cryptographic facility.
As the size of data processing systems increases, other host systems may be
joined to form a multiple domain processing system with each host system
having knowledge of and managing its associated resources which make up a
portion or domain of the processing system. With the increasing size of
such systems, greater use is being made of portable storage media where a
data file created at a host system in one domain is transported for
recovery at a host system in another domain of the multiple domain
processing system. Because of the fact that an increasing number of such
portable storage media is being transported from one domain to another,
there is an increasing need to provide file security for such data files.
Accordingly, it is an object of the invention to provide file security for
data files created in one domain and recovered in another domain of a
multiple domain data processing system.
Another object of the invention is to maintain the security of data files
created by a first host system and recovered by a second host system.
A further object of the invention is to provide a host system cryptographic
facility for creating a data file for recovery at another host system in a
secure manner.
Still another object of the invention is to provide a host system
cryptographic facility operating under control of secure host keys for
creating a data file for recovery at another host system without the need
for revealing the host keys of the creating host system to the other host
system.
Still a further object of the invention is to provide a cross domain key
which allows cross domain file communication of data files between host
systems in different domains of a data processing system.
Still another object of the invention is to provide a cross domain key
which is known by a host system which creates a data file and the host
system which recovers the data file.
Still a further object of the invention is to maintain the security of
cross domain keys by protecting them under a host key encrypting key.
Still another object of the invention is to protect a cross domain key
under a key encrypting key of a host system which creates a data file and
under a different key encrypting key of a host system which recovers the
data file.
Still a further object of the invention is to protect the cross domain key
used when creating a data file for recovery at another host system by a
first host key encrypting key used when recovering a data file created at
another host system by a first host key encrypting key and to protect the
cross domain key used when recovering a data file created at the other
host system by a second host key encrypting key.
Still another object of the invention is to create a secure data file in
one domain of a multiple domain data processing system which is only
recoverable at a specific other domain of the system.
Still a further object of the invention is to provide a file recovery key
for a secure data file created in one domain of a multiple domain data
processing system which permits recovery of the secure data file at
another domain of the system.
Still another object of the invention is to provide a file recovery key as
header information for a secure data file.
Still a further object of the invention is to maintain a file recovery key
for a secure data file as a private key.
Still another object of the invention is to encipher file data under an
operational key to obtain a secure data file and to provide a file
recovery key for the secure data file which consists of the operational
key enciphered under a cross domain key known at different domains of a
multiple domain data processing system.
Still a further object of the invention is to provide an irreversible
transformation function for creating a file recovery key for a secure data
file created at a host system in one domain to permit recovery of the
secure data file at a host system in another domain of a multiple domain
data processing system.
Still another object of the invention is to recover a file recovery key
used for recovery of a secure data file at a host system in one domain and
replace it with a file recovery key used for recovery of the data file at
a host system in another domain of a multiple domain data processing
system.
Still a further object of the invention is to provide a private cross
domain key which allows cross domain file communication of a private data
file between host systems in different domains of a data processing
system.
In accordance with the invention, a multiple domain data processing system
is provided in which each domain includes a host system with an integrated
data security device and associated data files to permit cryptographic
data transmissions between the host and the associated data files. The
data security devices of the host systems include a memory for storing a
master key and cryptographic apparatus for ciphering input data under
control of a cryptographic key to produce ciphered output data. For
cross-domain file communication between the host system in one domain and
the host system in another domain, the host data security device of each
host system generates a random number which is defined as a cross domain
key for cross domain file communication between the two host systems and
is communicated in a secure manner to the other host system. The
cross-domain key generated at each host system is protected at that host
system by encipherment under a first key encrypting key and stored in
enciphered form as a sending cross-domain key while the cross-domain key
received at that host system from the other host system is protected by
encipherment under a second key encrypting key and stored in enciphered
form as a receiving cross-domain key. When a data file is to be created at
the host system in one domain and recovered at the host system in another
domain, the host data security device of the originating host system
generates a random number which is defined as being a primary file key
enciphered under the host master key of the originating host system. The
originating host system data security device then performs a
transformation operation in accordance with the enciphered sending
cross-domain key and the enciphered file key to reencipher the file key
from encipherment under the originating host master key to encipherment
under the sending c | | |
