Encryption systems and methods for identifying and coalescing identical objects encrypted with different keys
First Claim
1. An object extraction method comprising:
- defining an ordered tuple that comprises;
a single cipher object that corresponds to an encryptable object; and
a list of ordered pairs, each ordered pair comprising a key identifier that is associated with a key, and an encrypted representation that has been encrypted with the key;
comparing at least some of the key identifiers of the list with a key identifier for which a match is desired; and
in the event a match is found, forming a second ordered tuple that comprises the single cipher object, and the list that corresponds to the key identifier for which the match was found;
1 Assignment
0 Petitions
Accused Products
Abstract
Cryptographic protocols and methods of employing the same are described. The described protocols advantageously enable two or more identical encryptable objects that are coded for encryption with different keys to be identified as identical without access to either the unencrypted objects or the keys that are used in the encryption process. Additionally, the protocols enable two or more identical encryptable objects to be processed with different encryption keys, yet be stored in a manner so that the total required storage space is proportional to the space that is required to store a single encryptable object, plus a constant amount for each distinct encryption key. In various embodiments, the encryptable objects comprise files and the cryptographic protocols enable encrypted files to be used in connection with single instance store (SIS) systems.
71 Citations
21 Claims
-
1. An object extraction method comprising:
defining an ordered tuple that comprises;
a single cipher object that corresponds to an encryptable object; and
a list of ordered pairs, each ordered pair comprising a key identifier that is associated with a key, and an encrypted representation that has been encrypted with the key;
comparing at least some of the key identifiers of the list with a key identifier for which a match is desired; and
in the event a match is found, forming a second ordered tuple that comprises the single cipher object, and the list that corresponds to the key identifier for which the match was found;
- View Dependent Claims (2, 3, 4, 5)
-
6. A data object embodied on a computer-readable medium comprising:
-
a single cipher object comprising an encryptable object that has been encrypted with a representation of the encryptable object; and
a list comprising at least one ordered pair, each ordered pair comprising;
a key identifier that is associated with a particular key; and
an encrypted representation that comprises the representation having been encrypted with the particular key that is associated with the key identifier. - View Dependent Claims (7, 8, 9)
-
-
10. A file system encryption method comprising:
-
computing representations of each of two or more identical files;
encrypting each of the files with its own representation, said encrypting defining a plurality of cipher objects each of which corresponds to a file;
encrypting each representation with one of a plurality of keys to provide a plurality of encrypted representations;
defining key identifiers for each of the plurality of keys;
forming a plurality of ordered pairs, each of which comprising;
an encrypted representation; and
a key identifier associated with a key that encrypted the encrypted representation of the ordered pair;
associating the ordered pairs with a single cipher object to provide a convergent cipher object. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A file system file extraction method comprising:
-
defining an ordered tuple that comprises;
a single cipher object that corresponds to a file; and
a list of ordered pairs, each ordered pair comprising a key identifier that is associated with a key, and an encrypted representation that has been encrypted with the key;
comparing at least some of the key identifiers of the list with a key identifier for which a match is desired; and
in the event a match is found, forming a second ordered tuple that comprises the single cipher object, and the list that corresponds to the key identifier for which the match was found. - View Dependent Claims (18, 19, 20, 21)
-
Specification