Patents by Inventor Carl H. W. Meyer

Carl H. W. Meyer has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 4908861
    Abstract: A cryptographic method and apparatus are disclosed which transform a message or arbitrary length into a block of fixed length (128 bits) defined modification detection code (MDC). Although there are a large number of messages which result in the same MDC, because the MDC is a many-to-one function of the input, it is required that it is practically not feasible for an opponent to find them. In analyzing the methods, a distinction is made between two types of attacks, i.e., insiders (who have access to the system) and outsiders (who do not). The first method employs four encryption steps per DEA block and provides the higher degree of security. Coupling between the different DEA operations is provided by using the input keys also as data in two of the four encryption steps. In addition, there is cross coupling by interchanging half of the internal keys.
    Type: Grant
    Filed: August 28, 1987
    Date of Patent: March 13, 1990
    Assignee: International Business Machines Corporation
    Inventors: Bruno O. Brachtl, Don Coppersmith, Myrna M. Hyden, Stephen M. Matyas, Jr., Carl H. W. Meyer, Jonathan Oseas, Shaiy Pilpel, Michael Schilling
  • Patent number: 4850017
    Abstract: A method for controlling the use of a cryptographic key at a using station by a generating station in a network of generating and using stations is disclosed. A control value specifying the use of the cryptographic key is transmitted with a generated cryptographic key to at least two designated using stations one of which may be the generating station. Each of the generating and using stations have cryptographic facilities that securely store a master key. Two techniques are described for controlling the use of the cryptographic key. In the first, the key and the control value are authenticated via a special authentication code before use by the using station. In the second, the key and control value are coupled during key generation such that the key is recovered only if a correct control value is specified. In addition, two techniques are described for controlling who may use the cryptographic key.
    Type: Grant
    Filed: May 29, 1987
    Date of Patent: July 18, 1989
    Assignee: International Business Machines Corp.
    Inventors: Stephen M. Matyas, Jr., Carl H. W. Meyer, Bruno O. Brachtl
  • Patent number: 4500750
    Abstract: In a data communication network which includes terminals interconnected via a central switch, a process for verifying the identity of a terminal user who is provided with secret data associated with his identity. In carrying out the verification process, the secret data is first encrypted at the terminal under a transfer-in key for transmission to an associated data processing system. When it is determined that the terminal user maintains an account at the associated data processing system, a first translate operation is performed to translate the data from encryption under the transfer-in key to encryption under an authentication key, both of which keys are protected under other keys which are different from each other, thereby providing an authentication parameter which may be used to verify the identity of the terminal user.
    Type: Grant
    Filed: December 30, 1981
    Date of Patent: February 19, 1985
    Assignee: International Business Machines Corporation
    Inventors: Robert C. Elander, Richard E. Lennon, Stephen M. Matyas, Carl H. W. Meyer, Robert E. Shuck, Walter L. Tuchman
  • Patent number: 4386234
    Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: May 31, 1983
    Assignee: International Business Machines Corp.
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, Robert L. Powers, Paul N. Prentice, John L. Smith, Walter L. Tuchman
  • Patent number: 4238853
    Abstract: A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations. At initialization time, a host master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals. Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: December 9, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, Robert L. Powers, Paul N. Prentice, John L. Smith, Walter L. Tuchman
  • Patent number: 4238854
    Abstract: A file security system for data files associated with a host data processing system. The host system includes a data security device which contains a secure host master key and is capable of performing a variety of cryptographic operations. At initialization time, the host system generates a series of file keys for the associated storage media and protects them by enciphering the file keys under a variant of the host master key. When a data file is to be created, a random number is generated and defined as an operational key enciphered under the file key of a designated storage media. The host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key under control of the host master key into a form which permits the operational key to be used for enciphering host data.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: December 9, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, John L. Smith, Walter L. Tuchman
  • Patent number: 4229818
    Abstract: A method and apparatus for providing improved error-recovery and cryptographic strength when enciphering blocks which succeed short blocks in a Key-Controlled Block-Cipher Cryptographic System with chaining. Beginning with a pre-existing current chaining value (V), the system determines whether a current input block (X) of data to be encrypted is a full block or a short block. Both in the previous system and in proposed improvement, if the block is a full block, the system first combines the chaining value (V) with said full block (X) by a reversible operation such as exclusive-or and then block-enciphers the result of said exclusive-or under control of the user's cryptographic key (K) to produce an output cipher full block (Y); but if the block is a short block, of length L.sub.
    Type: Grant
    Filed: December 29, 1978
    Date of Patent: October 21, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer, Louis B. Tuckerman, III
  • Patent number: 4227253
    Abstract: A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: October 7, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Lloyd L. Hollis, Richard E. Lennon, Stephen M. Matyas, Carl H. W. Meyer, Jonathan Oseas, Walter L. Tuchman
  • Patent number: 4218738
    Abstract: Secure hardware is provided for cryptographically generating a verification pattern which is a function of a potential computer user's identity number, the potential computer user's separately entered password, and a stored test pattern. The test pattern for each authorized computer user is generated at a time when the physical security of the central computer and its data can be assured, such as in a physically guarded environment with no teleprocessing facilities operating. Secure hardware for generating verification patterns during authentication processing and for generating test patterns during the secure run is disclosed which uses a variation of the host computer master key to reduce risk of compromise of total system security. The use of a variant of the host master key prevents system programmers and/or computer operators from compromising the integrity of the authentication data base by, for example, interchanging entries and/or inserting new entries.
    Type: Grant
    Filed: May 5, 1978
    Date of Patent: August 19, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer
  • Patent number: 4206315
    Abstract: A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.
    Type: Grant
    Filed: January 4, 1978
    Date of Patent: June 3, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer, Walter L. Tuchman
  • Patent number: 4074066
    Abstract: A message transmission system for the secure transmission of multi-block data messages from a sending station to a receiving station.The sending station contains cryptographic apparatus operative in successive cycles of operation during each of which an input block of clear data bits is ciphered under control of an input set of cipher key bits to generate an output block of ciphered data bits for transmission to the receiving station. Included in the cryptographic apparatus of the sending station is means providing one of the inputs for each succeeding ciphering cycle of operation as a function of each preceding ciphering cycle of operation. As a result, each succeeding output block of ciphered data bits is effectively chained to all preceding cycles of operation of the cryptographic apparatus of the sending station and is a function of the corresponding input block of clear data bits, all preceding input blocks of clear data bits and the initial input set of cipher key bits.
    Type: Grant
    Filed: April 26, 1976
    Date of Patent: February 14, 1978
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Carl H. W. Meyer, John L. Smith, Walter L. Tuchman
  • Patent number: 3962539
    Abstract: A device for ciphering a block of data bits under control of a cipher key. The cipher device performs a ciphering process for the block of data by carrying out an operation in which the block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation.
    Type: Grant
    Filed: February 24, 1975
    Date of Patent: June 8, 1976
    Assignee: International Business Machines Corporation
    Inventors: William Friedrich Ehrsam, Carl H. W. Meyer, Robert Lowell Powers, John Lynn Smith, Walter Leonard Tuchman
  • Patent number: 3958081
    Abstract: A device for ciphering message blocks of data bits under control of a cipher key. The cipher device performs an enciphering process for each message block of data by carrying out a predetermined number of iteration operations in the first of which a first half of the message block of data bits is first expanded by duplicating predetermined ones of the data bits. The data bits of the expanded message block are combined by modulo-2 addition with an equal number of cipher key bits, selected in accordance with an arbitrary but fixed permutation, to produce a plurality of multi-bit segments forming the arguments for a plurality of different nonlinear substitution function boxes. The substitution boxes perform a plurality of nonlinear transformation functions to produce a substitution set of bits which are equal in number to the number of data bits in the first half of the message block. The substitution set of bits is then subjected to a linear transformation in accordance with an arbitrary but fixed permutation.
    Type: Grant
    Filed: February 24, 1975
    Date of Patent: May 18, 1976
    Assignee: International Business Machines Corporation
    Inventors: William Friedrich Ehrsam, Carl H. W. Meyer, Robert Lowell Powers, Paul Norman Prentice, John Lynn Smith, Walter Leonard Tuchman