Abstract: Public key security control (PKSC) is provided for a cryptographic module by means of digitally signed communications between the module and one or more authorities with whom it interacts. Authorities interact with the crypto module by means of unsigned queries seeking nonsecret information or signed commands for performing specified operations. Each command signed by an authority also contains a transaction sequence number (TSN), which must match a corresponding number stored by the crypto module for the authority. The TSN for each authority is initially generated randomly and is incremented for each command accepted from that authority. A signature requirement array (SRA) controls the number of signatures required to validate each command type. Upon receiving a signed command from one or more authorities, the SRA is examined to determine whether a required number of authorities permitted to sign the command have signed the command for each signature requirement specification defined for that command type.

Abstract: Public key security control (PKSC) is provided for a cryptographic module by means of digitally signed communications between the module and one or authorities with whom it interacts. Authorities interact with the crypto module by means of unsigned queries seeking nonsecret information or signed commands for performing specified operations. Each command signed by an authority also contains a transaction sequence number (TSN), which must match a corresponding number stored by the crypto module for the authority. The TSN for each authority is initially generated randomly and is incremented for each command accepted from that authority. A signature requirement array (SRA) controls the number of signatures required to validate each command type. Upon receiving a signed command from one or more authorities, the SRA is examined to determine whether a required number of authorities permitted to sign the command have signed the command for each signature requirement specification defined for that command type.

Abstract: Public key security control (PKSC) is provided for a cryptographic module by means of digitally signed communications between the module and one or authorities with whom it interacts. Authorities interact with the crypto module by means of unsigned queries seeking nonsecret information or signed commands for performing specified operations. Each command signed by an authority also contains a transaction sequence number (TSN), which must match a corresponding number stored by the crypto module for the authority. The TSN for each authority is initially generated randomly and is incremented for each command accepted from that authority. A signature requirement array (SRA) controls the number of signatures required to validate each command type. Upon receiving a signed command from one or more authorities, the SRA is examined to determine whether a required number of authorities permitted to sign the command have signed the command for each signature requirement specification defined for that command type.

Abstract: Objects such as master keys or object protection keys that are kept in a protected environment of a crypto module are securely transferred between modules by means of transport keys. The transport keys are generated by public key procedures and are inaccessible outside the modules. Master keys are encrypted under the transport key within the protected environment of the source module, transmitted in encrypted form to the target module, and decrypted with the transport key within the protected environment of the target module. Object protection keys that are encrypted under a first master key kept in the protected environment of the source module are decrypted with the first master within the protected environment of the source module before being encrypted under the transport key. The object protection keys are encrypted under a second master key within the protected environment of the target module after being decrypted with the transport key.

Abstract: The capabilities of a cryptographic module are controlled by a crypto configuration control (CCC) register that is initialized by one or more self-signed commands that are preformulated and signed with the digital signature key of the crypto module itself. The crypto module accepts a self-signed command only if the self-signature can be validated using the signature verification key of the module. In one implementation, the final configuration is determined by a single self-signed command. In another implementation, a first self-signed command is used to create an temporary configuration that allows one or more initialization authorities to issue additional commands fixing the final configuration. The self-signed commands are maintained separately from the crypto module and are distributed to the end user either physically or electronically.

Abstract: Pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by combining a time-dependent value with a secret value and passing the result through a one-way hash function to generate a hash value from which a random number is generated. The secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates an updated secret value as a one-way function of the current secret value and the time-dependent value. In addition, the secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates an updated secret value as a one-way function of the current secret value, the time-dependent value and an externally supplied value.

Abstract: Pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by combining a time-dependent value with a secret value and passing the result through a one-way hash function to generate a hash value from which a random number is generated. The secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates an updated secret value as a one-way function of the current secret value and the time-dependent value. In addition, the secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates an updated secret value as a one-way function of the current secret value, the time-dependent value and an externally supplied value.

Abstract: Pseudorandom numbers are generated in a cryptographic module in a cryptographically strong manner by combining a time-dependent value with a secret value and passing the result through a one-way hash function to generate a hash value from which a random number is generated. The secret value is continually updated whenever the cryptographic module is idle by a first feedback function that generates an updated secret value as a one-way function of the current secret value and the time-dependent value. In addition, the secret value is updated on the occurrence of a predetermined external event by a second feedback function that generates an updated secret value as a one-way function of the current secret value, the time-dependent value and an externally supplied value.