Generating and Securing Multiple Archive Keys

US 20090290707A1
Filed: 05/22/2008
Published: 11/26/2009
Est. Priority Date: 05/22/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a passphrase;

generating a plurality of values having a specified form;

enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys;

enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and

enciphering a plurality of data portions with respective archive keys of the plurality of archive keys.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for generating multiple keys for a set of archives or portions of a set of archives. The process includes receiving a passphrase from a user and an indicator of a set of archives to be modified or created. An archive key generation process can be based on a random value generation, an algorithm for generating keys with specific characteristics, an indexing scheme, a progressive enciphering scheme or a shared secret scheme. The generated keys are enciphered using an enciphering algorithm in combination with the passphrase. The archive keys are stored with the archives in their enciphered form. Other intermediate key information is also stored with the archive to enable deciphering of the set of archives using the passphrase as needed.

Citations

22 Claims

1. A computer-implemented method comprising:
- receiving a passphrase;
  
  generating a plurality of values having a specified form;
  
  enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys;
  
  enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and
  
  enciphering a plurality of data portions with respective archive keys of the plurality of archive keys.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, wherein the plurality of values have a form of prime numbers or primitive polynomials.
  - 3. The computer-implemented method of claim 1, further comprising:
    - storing the enciphered plurality of data portions with respective cipher key and enciphered archive key.
  - 4. The computer-implemented method of claim 1, wherein enciphering the passphrase further comprises:
    - enciphering the passphrase with each of the plurality of values in succession in an iterative process, each iteration to generate a separate cipher key.

5. A computer-implemented method comprising:
- receiving a passphrase;
  
  generating a plurality of archive keys and a plurality of linearly independent values;
  
  generating a linear combination of an archive key and at least one of the plurality of linearly independent values to form a cipher key;
  
  enciphering the passphrase with the cipher key to generate an enciphered passphrase; and
  
  enciphering the archive key with the enciphered passphrase.
- View Dependent Claims (6, 7)
- - 6. The computer-implemented method of claim 5, further comprising:
    - generating separate cipher keys from each archive key by combination with at least one of the plurality of linearly independent values.
  - 7. The computer-implemented method of claim 6, wherein the linearly independent values combined with each archive key are selected by a binary indexing scheme.

8. A computer-implemented method comprising:
- receiving a passphrase;
  
  generating a plurality of secret shares;
  
  enciphering the passphrase to generate an enciphered passphrase;
  
  enciphering a first archive key using the enciphered passphrase;
  
  generating a plurality of secrets by combination of the archive key and at least one of the plurality of secret shares; and
  
  enciphering a portion of data using one of the plurality of secrets.
- View Dependent Claims (9, 10)
- - 9. The computer-implemented method of claim 8, wherein the combination of the archive key and at least one of the plurality of secret shares is based on a binary indexing scheme.
  - 10. The computer-implemented method of claim 8, further comprising:
    - enciphering a plurality of portions of data each with a separate secret from the plurality of secrets.

11. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
- receiving a passphrase;
  
  generating a plurality of values having a specified form;
  
  enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys;
  
  enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and
  
  enciphering a plurality of data portions with respective archive keys of the plurality of archive keys.
- View Dependent Claims (12, 13)
- - 12. The machine readable storage medium of claim 11, wherein the plurality of values have a form of prime numbers or primitive polynomials.
  - 13. The machine readable storage medium of claim 11, having further instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
    - storing the enciphered plurality of data portions with respective cipher key and enciphered archive key.

14. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
- receiving a passphrase;
  
  generating a plurality of archive keys and a plurality of linearly independent values;
  
  generating a linear combination of an archive key and at least one of the plurality of linearly independent values to form a cipher key;
  
  enciphering the passphrase with the cipher key to generate an enciphered passphrase; and
  
  enciphering the archive key with the enciphered passphrase.
- View Dependent Claims (15, 16)
- - 15. The machine readable storage medium of claim 14, having further instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
    - generating separate cipher keys from each archive key by combination with at least one of the plurality of linearly independent values.
  - 16. The machine readable storage medium of claim 14, wherein the linearly independent values combined with each archive key are selected by a binary indexing scheme.

17. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
- receiving a passphrase;
  
  generating a plurality of secret shares;
  
  enciphering the passphrase to generate an enciphered passphrase;
  
  enciphering a first archive key using the enciphered passphrase;
  
  generating a plurality of secrets by combination of the archive key and at least one of the plurality of secret shares; and
  
  enciphering a portion of data using one of the plurality of secrets.
- View Dependent Claims (18, 19)
- - 18. The machine readable storage medium of claim 17, wherein the combination of the archive key and at least one of the plurality of secret shares is based on a binary indexing scheme.
  - 19. The machine readable storage medium of claim 17, having further instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
    - enciphering a plurality of portions of data each with a separate secret from the plurality of secrets.

20. A system comprising:
- a computer having a persistent storage device, the computer including,an archive management module to store and retrieve data, anda cipher module coupled to the archive management module, the cipher module to encipher and decipher stored data using a plurality of archive keys that are each distinct using a single passphrase that can be changed without changing the archive keys.
- View Dependent Claims (21, 22)
- - 21. The system of claim 20, wherein the cipher module forms archive keys from secret shares.
  - 22. The system of claim 20, wherein the cipher module forms archive keys based on binary indexing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James Paul

Granted Patent

US 8,694,798 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/45
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 2209/60   Digital content management,...

H04L 9/0662   with particular pseudorando...

H04L 9/16   the keys or algorithms bein...

Generating and Securing Multiple Archive Keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Generating and Securing Multiple Archive Keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links