Method and apparatus for controlling the configuration of a cryptographic processor
摘要
The capabilities of a cryptographic module are controlled by a crypto configuration control (CCC) register that is initialized by one or more self-signed commands that are preformulated and signed with the digital signature key of the crypto module itself. The crypto module accepts a self-signed command only if the self-signature can be validated using the signature verification key of the module. In one implementation, the final configuration is determined by a single self-signed command. In another implementation, a first self-signed command is used to create an temporary configuration that allows one or more initialization authorities to issue additional commands fixing the final configuration. The self-signed commands are maintained separately from the crypto module and are distributed to the end user either physically or electronically. After the self-signed commands have been created and the secret exponent has been embedded in a particular crypto module, all copies of the secret exponent external to the crypto module are destroyed.
申请公布号
US6108425(A)
申请公布日期
2000.08.22
申请号
US19970884721
申请日期
1997.06.30
申请人
INTERNATIONAL BUSINESS MACHINES CORPORATION
发明人
SMITH, SR., RONALD M.;D'AVIGNON, EDWARD J.;DEBELLIS, ROBERT S.;EASTER, RANDALL J.;GREEN, LUCINA L.;KELLY, MICHAEL J.;SPANO, VINCENT A.;YEH, PHIL CHI-CHUNG