MULTI-LEVEL DATA ENCRYPTION AND DECRYPTION SYSTEM AND METHOD THEREOF

US 20090323937A1
Filed: 09/30/2008
Published: 12/31/2009
Est. Priority Date: 06/27/2008
Status: Active Grant

First Claim

Patent Images

1. A multi-level data encryption method, comprising:

dividing a data into a plurality of sub-data blocks according to a plurality of levels, wherein each of the levels is corresponding to at least one user;

generating an encryption key for each of the levels according to a level generation key and a time key of each the level; and

respectively encrypting the sub-data blocks of the levels by using the encryption keys of the levels,wherein the level generation key and the time key of a lower level are generated according to the level generation key and the time key of an upper level, and the time keys are generated according to a time generation key and a time seed, wherein the time seed is periodically updated according to different encryption periods.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-level data encryption and decryption system and a method thereof are provided. The method includes dividing a data into a plurality of sub-data blocks corresponding to a plurality of user levels. The method also includes generating an encryption key for each level according to a level generation key and a time key of the level and encrypting the sub-data block of each level by using the encryption key of the level, wherein the level generation key and the time key of a lower level are generated based on the same of an upper level, the time key is generated according to a time generation key and a time seed, and the time seed is periodically updated according to different encryption periods. Thereby, the number of keys to be managed by a user is reduced while the read rights of different users are managed with forward and backward data security.

Citations

42 Claims

1. A multi-level data encryption method, comprising:
- dividing a data into a plurality of sub-data blocks according to a plurality of levels, wherein each of the levels is corresponding to at least one user;
  
  generating an encryption key for each of the levels according to a level generation key and a time key of each the level; and
  
  respectively encrypting the sub-data blocks of the levels by using the encryption keys of the levels,wherein the level generation key and the time key of a lower level are generated according to the level generation key and the time key of an upper level, and the time keys are generated according to a time generation key and a time seed, wherein the time seed is periodically updated according to different encryption periods.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The multi-level data encryption method according to claim 1, wherein the step of generating the encryption key for each of the levels according to the level generation key and the time key of each the level comprises generating the encryption key for each of the levels through a first function.
  - 3. The multi-level data encryption method according to claim 2, further comprising:
    - generating the level generation key of each of the levels according to a group key of the level and an identification code of a device node through a second function, wherein the sub-data blocks are encrypted by the device node, and generating the group key of a lower level according to the group key of an upper level through a third function, wherein the group key of the highest level is generated randomly; and
      
      generating the time key of the highest level according to the time generation key and the time seed through a fourth function, and generating the time key of a lower level according to the time key of an upper level through a fifth function.
  - 4. The multi-level data encryption method according to claim 3, further comprising generating the time generation key according to a primary key and the identification code of the device node through a sixth function.
  - 5. The multi-level data encryption method according to claim 4, further comprising generating the time seed according to the primary key and an identifier corresponding to the encryption period through a seventh function.
  - 6. The multi-level data encryption method according to claim 4, further comprising generating the primary key randomly.
  - 7. The multi-level data encryption method according to claim 5, further comprising respectively generating user keys of the users according to the primary key and identification codes of the users through an eighth function.
  - 8. The multi-level data encryption method according to claim 7, wherein the first function, the second function, the third function, the fourth function, the fifth function, the sixth function, the seventh function, and the eighth function respectively comprise an encryption function, a hash function, or an XOR function.
  - 9. The multi-level data encryption method according to claim 8, wherein the encryption function comprises an encryption function conforming to the advance encryption standard (AES) or an encryption function conforming to the data encryption standard (DES).
  - 10. The multi-level data encryption method according to claim 1, further comprising recording the sub-data blocks which are not encrypted by using the latest time seed.

11. A multi-level data decryption method, comprising:
- sending encrypted sub-data blocks corresponding to a level of a user and other authorized levels of the user and corresponding to an encryption period to the user;
  
  generating encryption keys for the level and the other authorized levels according to level generation keys and time keys of the level and the other authorized levels; and
  
  respectively decrypting the encrypted sub-data blocks of the level and the other authorize levels by using the encryption keys of the level and the other authorized levels,wherein the level generation key and the time key of a lower level are generated according to the level generation key and the time key of an upper level, and the time keys are generated according to a time seed and a time generation key corresponding to the encrypted sub-data blocks, wherein the time seed is periodically updated according to different encryption periods.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The multi-level data decryption method according to claim 11, wherein the step of generating the encryption keys of the level and the other authorized levels according to the level generation keys and the time keys of the level and the other authorized levels comprises generating the encryption keys of the level and the authorized levels through a first function.
  - 13. The multi-level data decryption method according to claim 12, further comprising:
    - providing the time keys of the level and the other authorized levels to the user, wherein the time key of the highest level is generated according to the time generation key and the time seed through a fourth function, and the time key of a lower level is generated according to the time key of an upper level through a fifth function; and
      
      generating the level generation keys of the level and the other authorized levels according to group keys of the level and the other authorized levels and an identification code of a device node through a second function, wherein the encrypted sub-data blocks are encrypted by the device node and the group keys of the other authorized levels are generated according to the group key of the level through a third function.
  - 14. The multi-level data decryption method according to claim 13, further comprising generating the time generation key according to a primary key and the identification code of the device node through a sixth function.
  - 15. The multi-level data decryption method according to claim 14, further comprising generating the time seed according to the primary key and an identifier corresponding to the encryption period through a seventh function.
  - 16. The multi-level data decryption method according to claim 14, further comprising generating the primary key randomly.
  - 17. The multi-level data decryption method according to claim 15, further comprising authenticating the user according to a user key of the user, wherein the user key of the user is generated according to the primary key and an identification code of the user through an eighth function.
  - 18. The multi-level data decryption method according to claim 17, wherein the first function, the second function, the third function, the fourth function, the fifth function, the sixth function, the seventh function, and the eighth function respectively comprise an encryption function, a hash function, or an XOR function.
  - 19. The multi-level data decryption method according to claim 18, wherein the encryption function comprises an encryption function conforming to the AES or an encryption function conforming to the DES.
  - 20. The multi-level data decryption method according to claim 11, further comprising determining whether the encrypted sub-data blocks are encrypted according to the time seed corresponding to the encryption period.

21. A multi-level data encryption system, comprising:
- a data server, for grouping a plurality of users into a plurality of levels and generating a time generation key, a time seed, and a level generation key for each of the levels, wherein the data server generates different time seed according to different encryption periods and generates the level generation key of a lower level according to the level generation key of an upper level; and
  
  at least one encryption module, for receiving the time generation key, the time seed, and the level generation key of each of the levels, dividing a data into a plurality of sub-data blocks corresponding to the levels, generating an encryption key for each of the levels according to the level generation key and the time key of each the level, and encrypting the sub-data block of each of the levels by using the encryption key of each the level, wherein the encryption module generates the time key according to the time generation key and the time seed and generates the time key of a lower level according to the time key of an upper level.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The multi-level data encryption system according to claim 21, wherein the encryption module further generates the encryption key of each of the levels according to the level generation key and the time key of the each level through a first function.
  - 23. The multi-level data encryption system according to claim 21, wherein the data server stores the sub-data blocks encrypted by the encryption module.
  - 24. The multi-level data encryption system according to claim 22, wherein the data server generates a group key of the highest level randomly, generates the group key of a lower level according to the group key of an upper level through a second function, and generates the level generation key for each of the levels according to the group key of the level and an identification code of the encryption module through a third function, andthe encryption module generates the time key of the highest level according to the time generation key and the time seed through a fourth function and generates the time key of a lower level according to the time key of an upper level through a fifth function.
  - 25. The multi-level data encryption system according to claim 24, wherein the data server generates the time generation key according to a primary key and an identification code of a device node in which the encryption module is disposed through a sixth function.
  - 26. The multi-level data encryption system according to claim 25, wherein the data server generates the time seed according to the primary key and an identifier corresponding to the encryption period through a seventh function.
  - 27. The multi-level data encryption system according to claim 25, wherein the data server generates the primary key randomly.
  - 28. The multi-level data encryption system according to claim 26, wherein the data server respectively generates user keys the users according to the primary key and an identification code of the users through an eighth function.
  - 29. The multi-level data encryption system according to claim 28, wherein the first function, the second function, the third function, the fourth function, the fifth function, the sixth function, the seventh function, and the eighth function respectively comprise an encryption function, a hash function, or an XOR function.
  - 30. The multi-level data encryption system according to claim 29, wherein the encryption function comprises an encryption function conforming to the AES and an encryption function conforming to the DES.
  - 31. The multi-level data encryption system according to claim 21, wherein the data server records the sub-data blocks which are not encrypted by using the latest time seed.

32. A multi-level data decryption system, comprising:
- a data server, for storing a plurality of encrypted sub-data blocks; and
  
  a decryption module, for reading encrypted sub-data blocks corresponding to a level of a user and other authorized levels of the user and corresponding to an encryption period from the data server, generating encryption keys for the level and the other authorized levels according to level generation keys and time keys of the level and the other authorized levels, and decrypting the encrypted sub-data blocks by using the encryption keys of the level and the other authorized levels, wherein the level generation key and the time key of a lower level are generated according to the level generation key and the time key of an upper level,wherein the data server generates and provides the time key corresponding to the level and the encryption period according to a time seed and a time generation key corresponding to the encrypted sub-data blocks to the decryption module, wherein the time seed is generated according to different encryption periods.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 33. The multi-level data decryption system according to claim 32, wherein the decryption module further generates the encryption keys for the level and the other authorized levels according to the level generation keys and the time keys of the level and the other authorized levels through a first function.
  - 34. The multi-level data decryption system according to claim 33, wherein the data server generates the time key of the highest level according to the time generation key and the time seed through a fourth function and generates the time key corresponding to the level through a fifth function.
  - 35. The multi-level data decryption system according to claim 34, wherein the decryption module generates the time keys of the other authorized levels according to the time key of the level through the fifth function, andthe decryption module generates the level generation keys of the level and the other authorized levels according to group keys of the level and the other authorized levels and an identification code of a device node through a second function, wherein the encrypted sub-data blocks are encrypted by the device node and the group keys of the other authorized levels are generated according to the group key of the level through a third function.
  - 36. The multi-level data decryption system according to claim 35, wherein the data server generates the time generation key according to a primary key and the identification code of the device node through a sixth function.
  - 37. The multi-level data decryption system according to claim 36, wherein the data server generates the time seed according to the primary key and an identifier corresponding to the encryption period through a seventh function.
  - 38. The multi-level data decryption system according to claim 36, wherein a key generation unit of the data server generates the primary key randomly.
  - 39. The multi-level data decryption system according to claim 37, wherein the data server authenticates the user according to a user key of the user, wherein the user key of the user is generated according to the primary key and an identification code of the user through an eighth function.
  - 40. The multi-level data decryption system according to claim 39, wherein the first function, the second function, the third function, the fourth function, the fifth function, the sixth function, the seventh function, and the eighth function respectively comprise an encryption function, a hash function, or an XOR function.
  - 41. The multi-level data decryption system according to claim 40, wherein the encryption function comprises an encryption function conforming to the AES and a function conforming to the DES.
  - 42. The multi-level data decryption system according to claim 32, wherein the data server determines whether the encrypted sub-data blocks are encrypted by using the time seed corresponding to the encryption period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industrial Technology Research Institute, Chunghwa Picture Tubes Limited (Tatung Co., Ltd.)
Original Assignee
Industrial Technology Research Institute
Inventors
Huang, Shih-I, Teng, Po-Yuan

Granted Patent

US 8,090,106 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/36
CPC Class Codes

H04L 2209/80   Wireless

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0833   involving conference or gro...

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0433   Key management protocols

MULTI-LEVEL DATA ENCRYPTION AND DECRYPTION SYSTEM AND METHOD THEREOF

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

MULTI-LEVEL DATA ENCRYPTION AND DECRYPTION SYSTEM AND METHOD THEREOF

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links