Encryption system with key recovery

US 10,148,437 B2
Filed: 08/10/2016
Issued: 12/04/2018
Est. Priority Date: 09/21/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method performed by a computing device where the computing device includes at least a processor for executing instructions from a memory, the method comprising:

analyzing, via at least the processor, an encrypted data item to recover a site key value for decrypting the encrypted data item, wherein the analyzing comprises identifying a header of the encrypted data item and identifying from within the header at least a bin number and a hash table index, wherein;

the bin number is derived from a first portion of the site key value,the hash table index is derived from the site key value, andthe site key value includes at least the first portion and a second portion;

recovering, via at least the processor, the site key value at least in part by;

performing a bin recovery process on the bin number to recover the first portion of the site key value,performing an iterative filter matching process using at least the first portion and a site key filter to recover the second portion of the site key value, andperforming an iterative index matching process using at least the second portion and the hash table index to recover the site key value; and

controlling, using the site key value, a decryption process to decrypt the encrypted data item as a decrypted data item to provide access to the decrypted data item.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and other embodiments associated with the recovery of a lost site key value used in encryption are described. In one embodiment, site key recovery logic is configured to analyze an encrypted data item to identify a bin number and a hash table index within a header of the encrypted data item. The bin number is derived from a first portion of the site key value and the hash table index is derived from the site key value. The site key value includes at least the first portion and a second portion. A bin recovery process is performed on the bin number to recover the first portion. A filter matching process is performed using the first portion and a site key filter to recover the second portion. An index matching process is performed using the second portion and the hash table index to recover the site key value.

13 Citations

View as Search Results

20 Claims

1. A computer-implemented method performed by a computing device where the computing device includes at least a processor for executing instructions from a memory, the method comprising:
- analyzing, via at least the processor, an encrypted data item to recover a site key value for decrypting the encrypted data item, wherein the analyzing comprises identifying a header of the encrypted data item and identifying from within the header at least a bin number and a hash table index, wherein;
  
  the bin number is derived from a first portion of the site key value,the hash table index is derived from the site key value, andthe site key value includes at least the first portion and a second portion;
  
  recovering, via at least the processor, the site key value at least in part by;
  
  performing a bin recovery process on the bin number to recover the first portion of the site key value,performing an iterative filter matching process using at least the first portion and a site key filter to recover the second portion of the site key value, andperforming an iterative index matching process using at least the second portion and the hash table index to recover the site key value; and
  
  controlling, using the site key value, a decryption process to decrypt the encrypted data item as a decrypted data item to provide access to the decrypted data item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising transmitting, via at least the processor, the encrypted data item and the site key value, as recovered, to the decryption process to control decryption of the encrypted data item.
  - 3. The computer-implemented method of claim 1, further comprising storing the site key value, as recovered, in a data cache via network communications between the computing device and the data cache.
  - 4. The computer-implemented method of claim 1, wherein the site key filter is derived from the second portion of the site key value via a hashing function.
  - 5. The computer-implemented method of claim 1, wherein the bin recovery process includes at least one un-mixing function and at least one reverse hashing look-up table.
  - 6. The computer-implemented method of claim 1, wherein the iterative filter matching process includes a hashing function.
  - 7. The computer-implemented method of claim 1, wherein the iterative index matching process includes a hashing function.
  - 8. The computer-implemented method of claim 1, wherein a length in bytes of the first portion is half of a length in bytes of the site key value, and wherein a length in bytes of the second portion is three-fourths of the length in bytes of the site key value.
  - 9. The computer-implemented method of claim 1, wherein a length in bytes of the bin number is half of a length in bytes of the site key value, and wherein a length in bytes of the hash table index is one-fourth of the length in bytes of the site key value.
  - 10. The computer-implemented method of claim 1, wherein a length in bytes of the site key filter is one-fourth of a length in bytes of the site key value.

11. A computer system, comprising:
- a processor connected to memory; and
  
  a module stored on a non-transitory computer readable medium and configured with instructions that when executed by the processor cause the processor to;
  
  store at least records of encrypted data items;
  
  read an encrypted data item from the data cache and analyze the encrypted data item to recover a site key value for decrypting the encrypted data item, wherein the analyzing comprises identifying a header of the encrypted data item and identifying from within the header at least a bin number and a hash table index, wherein;
  
  the bin number is derived from a first portion of the site key value,the hash table index is derived from the site key value, andthe site key value includes at least the first portion and a second portion;
  
  perform a bin recovery process on the bin number to recover the first portion of the site key value;
  
  perform an iterative filter matching process using at least the first portion and a site key filter to recover the second portion of the site key value;
  
  perform an iterative index matching process using at least the second portion and the hash table index to recover the site key value; and
  
  control, using the site key value, a decryption process to decrypt the encrypted data item as a decrypted data item to provide access to the decrypted data item.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer system of claim 11, wherein the instructions comprise instructions that cause the processor to store the site key value, as recovered, in the data cache.
  - 13. The computer system of claim 11, wherein the bin recovery process includes at least two un-mixing functions and at least four reverse hashing look-up tables.
  - 14. The computer system of claim 11, wherein the iterative filter matching process includes a hashing function.
  - 15. The computer system of claim 11, wherein the iterative index matching process includes a hashing function.
  - 16. The computer system of claim 11, wherein the instructions comprise instructions that cause the processor to provide a graphical user interface that controls at least user selection of the encrypted data item stored in a record of the data cache.
  - 17. The computer system of claim 16, further comprising a display screen configured to display and facilitate user interaction with at least the graphical user interface.

18. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors of a computing device, cause the computing device to at least:
- control an analyzing of an encrypted data item to recover a site key value for decrypting the encrypted data item, wherein the analyzing comprises identifying a header of the encrypted data item and identifying from within the header at least a bin number and a hash table index, wherein;
  
  the bin number is derived from a first portion of the site key value,the hash table index is derived from the site key value, andthe site key value includes at least the first portion and a second portion;
  
  control a recovering of the site key value at least in part by;
  
  performing a bin recovery process on the bin number to recover the first portion of the site key value,performing an iterative filter matching process using at least the first portion and a site key filter value to recover the second portion of the site key value, andperforming an iterative index matching process using at least the second portion and the hash table index to recover the site key value; and
  
  control, using the site key value, a decryption process to decrypt the encrypted data item as a decrypted data item to provide access to the decrypted data item.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computing device to at least control a transmitting of the encrypted data item and the site key value, as recovered, to the decryption process to control decryption of the encrypted data item.
  - 20. The non-transitory computer-readable medium of claim 18, wherein the instructions further comprise instructions that, when executed by the one or more processors, cause the computing device to at least control a storing of the site key value, as recovered, in a data cache via network communications between the computing device and the data cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Pogmore, George R., Pandey, Pradip K.
Primary Examiner(s)
Smithers, Matthew

Application Number

US15/232,864
Publication Number

US 20170085377A1
Time in Patent Office

846 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3236   using cryptographic hash fu...

Encryption system with key recovery

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption system with key recovery

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links