Cryptographic file security for multiple domain networks

Abstract

A file security system for data files created at a first host system in one domain and recovered at a second host system in another domain of a multiple domain network. Each of said host systems contain a data security device provided with multiple host keys capable of performing a variety of cryptographic operations. Creation and recovery of a secure data file is accomplished without revealing the keys of either of the host systems to the other of the host systems. When the data file is to be created at the first host system, the first host system data security device provides a file recovery key for subsequent recovery of the data file at the second host system and enciphers first host system plaintext under a primary file key, which is related to the file recovery key, to obtain first host system ciphertext as the data file. The file recovery key is used as header information for the data file or maintained as a private file recovery key. When the data file is to be recovered at the second host system, the file recovery key is provided at the second host system and the second host system data security device performs a cryptographic operation to transform the file recovery key into a form which is usable to decipher the data file. The second host system data security device then uses the transformed file recovery key to perform a cryptographic operation to obtain the first host system ciphertext in clear form at the second host system.