ENCRYPTION AND AUTHENTICATION OF DATA AND FOR DECRYPTION AND VERIFICATION OF AUTHENTICITY OF DATA

US 20080172562A1
Filed: 01/12/2007
Published: 07/17/2008
Est. Priority Date: 01/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. Method for encryption and authentication of data, comprising:

generating from one or more plaintext data blocks ciphertext data blocks and corresponding authentication tags by means of authenticated encryption; and

generating a tag tree by means of the authentication tags.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for encryption and authentication of data. One or more plaintext data blocks ciphertext data blocks and corresponding authentication tags are generated by means of authenticated encryption. A tag tree is generated by means of the authentication tags. The ciphertext data blocks and the tag tree data of the tag tree are stored in an untrusted storage, and the root tag of the tag tree is stored in a trusted storage.

Citations

13 Claims

1. Method for encryption and authentication of data, comprising:
- generating from one or more plaintext data blocks ciphertext data blocks and corresponding authentication tags by means of authenticated encryption; and
  
  generating a tag tree by means of the authentication tags.
- View Dependent Claims (2, 3, 4)
- - 2. A method according to claim 1,wherein the tag tree comprises tag tree data and data representing a root authentication tag;
    - wherein the tag tree data are stored in an untrusted storage; and
      
      wherein the data representing the root authentication tag is stored in a trusted storage.
  - 3. A method according to claim 2, wherein the ciphertext data blocks are stored in the untrusted storage.
  - 4. A method according to claim 1, wherein the authenticated encryption is performed by AES using IAPM, OCB, or GCM.

5. A method for decryption and verification of authenticity of data, the method comprising:
- generating from one or more ciphertext data blocks and corresponding authentication tags from a tag tree plaintext data blocks and verification values by means of authenticated decryption;
  
  verifying the authentication tags by means of a root tag; and
  
  outputting the plaintext data blocks, if the verification values and the verification of the authentication tags confirm the authenticity of the data and the authentication tags.
- View Dependent Claims (6)
- - 6. A method according to claim 5, wherein the authenticated decryption is performed by AES, IAPM, OCB, or GCM.

7. A method for generating a tag authentication tree, the method comprising:
- generating from plaintext data blocks authentication tags by means of authenticated encryption;
  
  concatenating the authentication tags to concatenated authentication tags; and
  
  generating from the concatenated authentication tags encrypted authentication tags and authentication tags by means of authenticated encryption.
- View Dependent Claims (8)
- - 8. A method according to claim 7,wherein the encrypted authentication tags are stored in an untrusted storage;
    - andwherein the last generated authentication tag is stored in a trusted storage.

9. A method for decryption and verification of authenticity of encrypted authentication tags of a tag tree comprising:
- generating from the encrypted authentication tags and a parent authentication tags decrypted authentication tags and tag verification values by means of authenticated decryption;
  
  generating from one or more ciphertext data blocks plaintext data blocks and comparison tags by means of authenticated decryption; and
  
  outputting the plaintext data blocks, if the tag verification values and the verification of the comparison tags confirm the authenticity of the data and the decrypted authentication tags.
- View Dependent Claims (10, 11)
- - 10. A method according to claim 9, wherein the verification of one of the comparison tags includes comparing the comparison tag with the corresponding decrypted authentication tag.
  - 11. The method according to claim 9 further comprising using a storage which is structured in blocks as untrusted and/or trusted storage.

12. A computer program product embodied in a tangible media comprising:
- computer readable program codes coupled to the tangible media for encryption and authentication of data, the computer readable program codes configured to cause the program to;
  
  generate from one or more plaintext data blocks ciphertext data blocks and corresponding authentication tags by means of authenticated encryption; and
  
  generate a tag tree by means of the authentication tags.

13. An apparatus for encryption and authentication of data, the apparatus comprising:
- a generator for;
  
  generating from one or more plaintext data blocks ciphertext data blocks and corresponding authentication tags by means of authenticated encryption; and
  
  generating a tag tree by means of the authentication tags.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hurley, Paul T., Pletka, Roman A., Cachin, Christian

Application Number

US11/622,467
Publication Number

US 20080172562A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1416   by checking the object acce...

G06F 21/6218   to a system of files or obj...

G06F 21/64   Protecting data integrity, ...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3242   involving keyed hash functi...

H04L 9/50   using hash chains, e.g. blo...

ENCRYPTION AND AUTHENTICATION OF DATA AND FOR DECRYPTION AND VERIFICATION OF AUTHENTICITY OF DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

ENCRYPTION AND AUTHENTICATION OF DATA AND FOR DECRYPTION AND VERIFICATION OF AUTHENTICITY OF DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links