A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
A public key extension to the common Cryptographic Architecture
IBM Systems Journal
| Hi-index | 0.00 |
A procedure is described for securely initializing cryptographic variables in a large number of network terminals. Each terminal has a cryptographic facility which performs all necessary cryptographic functions. A key distribution center is established, and a public and secret key pair is generated for the key distribution center. Each terminal in the network is provided with a terminal identification known to the key distribution center. The terminal identification and the public key of the key distribution center are stored in the cryptographic facility of each terminal. A terminal initializer is designated for each terminal, and the terminal initializer is notified of two expiration times for the purpose of registering the terminal's cryptovariable with the key distribution center. The cryptovariable is generated by the terminal using its cryptographic facility. Prior to the first expirations time, a registration request is prepared and transmitted to the key distribution center. The registration request includes the terminal identification and the cryptovariable. When the key distribution center receives this request, the cryptovariable is temporarily registered and that fact is acknowledged to the requesting terminal. After the expiration of the second time, the registration is complete. Provisions are also made for invalidating a terminal identification if more than one registration is attempted for a given terminal identification or an intended registration was not made in time.