Secure management of keys using extended control vectors.

摘要

Arrangements are disclosed for use in a data processing system which executes a program which outputs cryptographic service requests for operations with cryptographic keys which are associated with control vectors defining the functions which each key is allowed by its originator to perform. The control vectors having an arbitrary length. A control vector register having an arbitrary length stores a control vector of arbitrary length associated with an N-bit cryptographic key. Control vector checking means having an input coupled to the control vector register checks that the control vector authorises the cryptographic function which is requested by the cryptographic service request. A hash function generator having an input coupled to the control vector register and an N-bit output maps the control vector output from the control vector register, into an N-bit hash value. A key register stores the N-bit cryptographic key. A logic block having a first input coupled to the N-bit output of the hash function generator, and a second input connected to the key register, forms at the output thereof a product of the N-bit key and the N-bit hash value. An encryption device having a first input for receiving a cleartext data stream and a key input coupled to the output of the logic block, forms a ciphertext data stream at the output thereof from the cleartext data stream and the product. A decryption device can be substituted for the encryption device to perform decryption operations in a similar manner.