Generating and Securing Multiple Archive Keys
First Claim
1. A computer-implemented method comprising:
- receiving a passphrase;
generating a plurality of values having a specified form;
enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys;
enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and
enciphering a plurality of data portions with respective archive keys of the plurality of archive keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for generating multiple keys for a set of archives or portions of a set of archives. The process includes receiving a passphrase from a user and an indicator of a set of archives to be modified or created. An archive key generation process can be based on a random value generation, an algorithm for generating keys with specific characteristics, an indexing scheme, a progressive enciphering scheme or a shared secret scheme. The generated keys are enciphered using an enciphering algorithm in combination with the passphrase. The archive keys are stored with the archives in their enciphered form. Other intermediate key information is also stored with the archive to enable deciphering of the set of archives using the passphrase as needed.
-
Citations
22 Claims
-
1. A computer-implemented method comprising:
-
receiving a passphrase; generating a plurality of values having a specified form; enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys; enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and enciphering a plurality of data portions with respective archive keys of the plurality of archive keys. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
receiving a passphrase; generating a plurality of archive keys and a plurality of linearly independent values; generating a linear combination of an archive key and at least one of the plurality of linearly independent values to form a cipher key; enciphering the passphrase with the cipher key to generate an enciphered passphrase; and enciphering the archive key with the enciphered passphrase. - View Dependent Claims (6, 7)
-
-
8. A computer-implemented method comprising:
-
receiving a passphrase; generating a plurality of secret shares; enciphering the passphrase to generate an enciphered passphrase; enciphering a first archive key using the enciphered passphrase; generating a plurality of secrets by combination of the archive key and at least one of the plurality of secret shares; and enciphering a portion of data using one of the plurality of secrets. - View Dependent Claims (9, 10)
-
-
11. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
-
receiving a passphrase; generating a plurality of values having a specified form; enciphering the passphrase with each of the plurality of values to generate a plurality of cipher keys; enciphering a plurality of archive keys with respective cipher keys from the plurality of cipher keys; and enciphering a plurality of data portions with respective archive keys of the plurality of archive keys. - View Dependent Claims (12, 13)
-
-
14. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
-
receiving a passphrase; generating a plurality of archive keys and a plurality of linearly independent values; generating a linear combination of an archive key and at least one of the plurality of linearly independent values to form a cipher key; enciphering the passphrase with the cipher key to generate an enciphered passphrase; and enciphering the archive key with the enciphered passphrase. - View Dependent Claims (15, 16)
-
-
17. A machine readable storage medium, having a set of instructions stored therein, which when executed cause the machine to perform a set of operations comprising:
-
receiving a passphrase; generating a plurality of secret shares; enciphering the passphrase to generate an enciphered passphrase; enciphering a first archive key using the enciphered passphrase; generating a plurality of secrets by combination of the archive key and at least one of the plurality of secret shares; and enciphering a portion of data using one of the plurality of secrets. - View Dependent Claims (18, 19)
-
-
20. A system comprising:
a computer having a persistent storage device, the computer including, an archive management module to store and retrieve data, and a cipher module coupled to the archive management module, the cipher module to encipher and decipher stored data using a plurality of archive keys that are each distinct using a single passphrase that can be changed without changing the archive keys. - View Dependent Claims (21, 22)
Specification