User functions for the generation and distribution of encipherment keys

Abstract

It is generally accepted that data encipherment is needed for secure distributed data processing systems. It is accepted, moreover, that the enciphering algorithms are either published or must be assumed to be known to those who wish to break the security. Security then lies in the safe keeping of the encipherment keys, which must be generated and stored securely and distributed securely to the intending users. At an intermediate level of detail of a system it may be useful to have functions which manipulate keys explicitly but which hide some of the details of key generation and distribution, both for convenience of use and so that new underlying techniques can be developed. This paper offers a contribution to the discussion. It proposes key manipulation functions which are simple from the user’s point of view. It seeks to justify them in terms of the final secure applications and discusses how they may be implemented by lower level techniques described elsewhere. The relationship of the functions to telecommunication standards is discussed and a standard form is proposed for encipherment key information.