METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING DATA

US 20090208019A1
Filed: 06/29/2007
Published: 08/20/2009
Est. Priority Date: 06/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting data (105) using a first key and multiple encryption keys (135) at least in part based on the first key (115), the method comprising:

encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys (135), each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, andencrypting each group by the respective associated encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method and apparatus for encrypting data (105) by means of a first key (115), and a method and apparatus for decrypting encrypted data by means of a second key (185). The present invention alleviates the need for exact key information by allowing encryption of data (105) by means of a first key (115) and subsequent decryption of the encrypted data by means of a second key (185) without the need for the first key (115), provided that the first key (115) and the second key (185) form a sufficient estimate of an encryption/decryption key pair. During encryption, multiple encryption keys (135), at least in part based on the first key (115), are used to encrypt a redundant representation (122) of the data (105). The encrypted data (124) may subsequently be decrypted by using multiple decryption keys (165) based on the second key (185), without the need for the first key (115), provided that the second key (185) forms a sufficient estimate of the first key (115).

36 Citations

View as Search Results

20 Claims

1. A method of encrypting data (105) using a first key and multiple encryption keys (135) at least in part based on the first key (115), the method comprising:
- encoding the data into a redundant representation by distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys (135), each encryption key being associated with at least one group, the redundant representation allowing recovery of the data in the absence of the groups associated with the at least one of the multiple encryption keys, andencrypting each group by the respective associated encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 20)
- - 2. The method of claim 1, wherein the redundant representation (122) at least allows recovery of the data (105) from the redundant representation in the absence of the groups associated with any single one of the multiple encryption keys (135).
  - 3. The method of claim 1, wherein the first key (115) comprises data from a noisy source of key information.
  - 4. The method of claim 1, wherein the data (105) is encrypted by using at least three encryption keys and the information content of the data is spread over the number of groups.
  - 5. The method of claim 1, wherein key information used to form the respective encryption keys is disjunctive.
  - 6. The method of claim 1, wherein the encryption is identity-based encryption.
  - 7. The method of claim 6, wherein key information used to form a respective one of the multiple encryption keys (135) comprises:
    - noisy identity information, andnoise-free identity information.
  - 8. The method of claim 6, wherein key information used to form each respective encryption key comprises:
    - noisy information, anda descriptor identifying the relationship of the noisy information with one or more sources of key information.
  - 9. The method of claim 1, wherein the encoding operation further comprises at least one of:
    - applying a secret sharing scheme wherein the shares are distributed among groups, andincorporating an error-detecting code in a group, the error-detecting code covering at least the information content of the data comprised in the group.
  - 10. The method of claim 1, wherein the encoding operation further comprises incorporating an error-correcting code in the redundant representation (122).
  - 11. The method of claim 10, wherein every group comprises multiple symbols, each multiple symbol of every group being part of a codeword of an error-correcting code, and every codeword comprising at most one symbol of a respective group.
  - 20. A computer program stored on a computer-readable medium for performing the method of claim 1 when said program is run on a computer.

12. A method of decrypting encrypted data, a first key and a second key (185) forming an estimate of an encryption/decryption key pair, comprising:
- decrypting the encrypted data using multiple decryption keys (165) based at least in part on the second key (185), at least one of the encryption keys including key information that is not present in the respective other encryption keys, each of the multiple decryption keys being associated with a respective one of the multiple encryption keys,decrypting at least one or more encrypted groups using the respective decryption key associated with the encryption key used to encrypt the group, anddecoding the data (105) from the at least one or more decrypted groups by extracting information content related to the data from at least one or more correctly decrypted groups.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the second key (185) comprises data from a noisy source of key information.
  - 14. The method of claim 12, wherein decoding the data (105) from the at least one or more decrypted groups (182) comprises extracting the information content related to the data from multiple correctly decrypted groups.
  - 15. The method of claim 14, wherein decoding the data (105) comprises at least one of:
    - using a secret sharing scheme on shares comprised in multiple decrypted groups, andverifying the validity of a group by verifying an error-detecting code incorporated in the decrypted group.
  - 16. The method of claim 12, wherein decoding the data (105) comprises:
    - error-correcting at least one or more decrypted groups by means of an error-correcting code, andextracting the information content related to the data (105) from the error-corrected decrypted groups.

17. An apparatus for encrypting data (105) using a first key and multiple encryption keys (135) at least in part based on the first key (115), the apparatus comprising:
- encoding means (121) arranged to encode the data into a redundant representation (122), the encoding means distributing the information content of the data among a number of groups, each group being associated with a respective encryption key of the multiple encryption keys (135), each encryption key being associated with at least one group, the redundant representation at least allowing recovery of the data from the redundant representation in the absence of the groups associated with an encryption key comprising key information that is not present in the respective other encryption keys, andencrypting means (123) arranged to encrypt each group using the respective associated encryption key.

18. An apparatus for decrypting encrypted data (124), a first key (115) and a second key (185) forming an estimate of an encryption/decryption key pair, wherein the encrypted data (124) is decrypted by using multiple decryption keys (165) based at least in part on the second key (185), and at least one of the encryption keys comprises key information that is not present in the respective other encryption keys, and each of the multiple decryption keys is associated with a respective one of the multiple encryption keys, the apparatus comprising decryption means (181) arranged to decrypt at least one or more encrypted group by decrypting the at least one or more encrypted group by means of the respective decryption key associated with the encryption key used to encrypt the group, anddecoding means (183) arranged to decode the data (105) from the at least one or more decrypted groups by extracting information content related to the data from at least one or more correctly decrypted groups.

19.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips N.V.
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Skoric, Boris, Celik, Mehmet Utku, Tuyls, Pim Theo

Granted Patent

US 9,276,739 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 63/0478   applying multiple layers of...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0861   Generation of secret inform...

METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR ENCRYPTING/DECRYPTING DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links