METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION
First Claim
1. A computer-implemented encryption method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:
- using at least one processor for;
constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;
a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and
performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed that relate to encrypting data of a data item for storing in a data storage system comprising a plurality of disks having stripes. A blinding factor is constructed based on a stripe blind that is assigned to a stripe with which the data item is associated and a unique identifier associated with the data item. A first logic operation is performed between the blinding factor and an encryption key to create a blinded encryption key for the data item. The data item is decrypted by identifying the stripe blind with the unique identifier and recreating the data item'"'"'s blinding factor based on the stripe blind and the unique identifier. A second logic operation, which is selected based on the first logic operation, is performed between the blinding factor and the blinded encryption key to recreate the encryption key.
82 Citations
21 Claims
-
1. A computer-implemented encryption method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:
using at least one processor for; constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on; a stripe blind that is assigned to a stripe with which the data item is associated, and a unique identifier associated with the data item; and performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
14. A data storage encryption system for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, comprising:
computer executable instructions operative on a cryptographic processor module for; constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on; a stripe blind that is assigned to a stripe with which the data item is associated, and a unique identifier associated with the data item; and performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item. - View Dependent Claims (15, 16)
-
17. A computer program product comprising a computer usable medium having a computer readable program code embodied therein, the computer readable program code configured to be executed to implement a method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:
-
constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on; a stripe blind that is assigned to a stripe with which the data item is associated, and a unique identifier associated with the data item; and performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item. - View Dependent Claims (18)
-
-
19. An encryption apparatus having at least one cryptographic processor module for:
-
constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on; a stripe blind that is assigned to a stripe with which the data item is associated, and a unique identifier associated with the data item; and performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item. - View Dependent Claims (20)
-
-
21. A decryption method of decrypting data of a data item encrypted using an encryption key and stored in a data system comprising a plurality of disks having a plurality of stripes, the encrypted data having a blinded encryption key, and the decryption method comprising:
-
identifying a stripe blind that is assigned to a stripe with which the encrypted data item is associated by using a unique identifier associated with the encrypted data item; creating a blinding factor for the encrypted data item with a blinding factor creation module, wherein the blinded factor is created based on the stripe blind and the unique identifier; and performing a logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein second logic operation is selected based on a blinding logic operation that had been used to create the blinded encryption key.
-
Specification