METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION

US 20100215175A1
Filed: 03/11/2009
Published: 08/26/2010
Est. Priority Date: 02/23/2009
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented encryption method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:

using at least one processor for;

constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;

a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and

performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed that relate to encrypting data of a data item for storing in a data storage system comprising a plurality of disks having stripes. A blinding factor is constructed based on a stripe blind that is assigned to a stripe with which the data item is associated and a unique identifier associated with the data item. A first logic operation is performed between the blinding factor and an encryption key to create a blinded encryption key for the data item. The data item is decrypted by identifying the stripe blind with the unique identifier and recreating the data item'"'"'s blinding factor based on the stripe blind and the unique identifier. A second logic operation, which is selected based on the first logic operation, is performed between the blinding factor and the blinded encryption key to recreate the encryption key.

82 Citations

View as Search Results

21 Claims

1. A computer-implemented encryption method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:
- using at least one processor for;
  
  constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;
  
  a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and
  
  performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented encryption method of claim 1, further comprising performing a decryption method for decrypting the data item, the decryption method comprising:
    - identifying the stripe blind by using the unique identifier;
      
      recreating the blinding factor for the data item with a blinding factor recreation module, wherein the recreating is based on the stripe blind and the unique identifier; and
      
      performing a second logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein the second logic operation is selected based on the first logic operation.
  - 3. The method of claim 2, wherein the decryption method further comprises decrypting the data item with the recreated encryption key.
  - 4. The computer-implemented encryption method of claim 2, wherein the second logic operation is the inverse of the first logic operation.
  - 5. The computer-implemented encryption method of claim 1, wherein constructing a blinding factor further comprises:
    - assigning the stripe blind to a variable having a value;
      
      concatenating the unique identifier with the value of the variable;
      
      constructing a digest of the concatenation of the value of the variable and the unique identifier; and
      
      replacing the value of the variable with the digest.
  - 6. The computer-implemented encryption method of claim 5, wherein constructing a blinding factor further comprises repeating the concatenating, constructing a digest and replacing steps for a selected number of times.
  - 7. The computer-implemented encryption method of claim 1, wherein the first logic operation is an XOR operation.
  - 8. The computer-implemented encryption method of claim 2, wherein the first logic operation and the second logic operation are XOR operations.
  - 9. The computer-implemented encryption method of claim 1, further comprising storing the blinded encryption key in metadata associated with the stripe.
  - 10. The computer-implemented encryption method of claim 1, further comprising destroying the data item by destroying the blinded encryption key associated with the data item.
  - 11. The computer-implemented encryption method of claim 1, wherein the stripe blind is driven by a key derivation function from a common secret value.
  - 12. The computer-implemented encryption method of claim 1, wherein the stripe blind is distributed across a set of disks.
  - 13. The computer-implemented encryption method of claim 1, further comprising destroying the data item by destroying the set of disks.

14. A data storage encryption system for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, comprising:
- computer executable instructions operative on a cryptographic processor module for;
  
  constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;
  
  a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and
  
  performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.
- View Dependent Claims (15, 16)
- - 15. The system of claim 14, further comprising computer executable instructions for decrypting the data item, the decrypting further comprising:
    - identifying the stripe blind by using the unique identifier;
      
      recreating the blinding factor for the data item with a blinding factor recreation module, wherein the recreating is based on the stripe blind and the unique identifier; and
      
      performing a second logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein the second logic operation is selected based on the first logic operation.
  - 16. The system of claim 14, wherein the stripe blind is a shared value across a set of disks.

17. A computer program product comprising a computer usable medium having a computer readable program code embodied therein, the computer readable program code configured to be executed to implement a method for encrypting data of a data item for storing in a data storage system comprising a plurality of disks having a plurality of stripes, the method comprising:
- constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;
  
  a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and
  
  performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.
- View Dependent Claims (18)
- - 18. The computer program product of claim 17, wherein the computer readable program code is further configured to be executed to implement a decryption method for decrypting data of the encrypted data item, the decryption method further comprising:
    - identifying the stripe blind by using the unique identifier;
      
      recreating the blinding factor for the data item with a blinding factor recreation module, wherein the recreating is based on the stripe blind and the unique identifier; and
      
      performing a second logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein the second logic operation is selected based on the first logic operation.

19. An encryption apparatus having at least one cryptographic processor module for:
- constructing a blinding factor for the data item with a blinding factor construction module, wherein the blinding factor is based on;
  
  a stripe blind that is assigned to a stripe with which the data item is associated, anda unique identifier associated with the data item; and
  
  performing a first logic operation between the blinding factor and an encryption key associated with the data item to create a blinded encryption key for the data item.
- View Dependent Claims (20)
- - 20. The encryption apparatus of claim 19, further comprising a decryption module for decrypting the data item, the decrypting further comprising:
    - identifying the stripe blind by using the unique identifier;
      
      recreating the blinding factor for the data item with a blinding factor recreation module, wherein the recreating is based on the stripe blind and the unique identifier; and
      
      performing a second logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein the second logic operation is selected based on the first logic operation.

21. A decryption method of decrypting data of a data item encrypted using an encryption key and stored in a data system comprising a plurality of disks having a plurality of stripes, the encrypted data having a blinded encryption key, and the decryption method comprising:
- identifying a stripe blind that is assigned to a stripe with which the encrypted data item is associated by using a unique identifier associated with the encrypted data item;
  
  creating a blinding factor for the encrypted data item with a blinding factor creation module, wherein the blinded factor is created based on the stripe blind and the unique identifier; and
  
  performing a logic operation between the blinding factor and the blinded encryption key to recreate the encryption key, wherein second logic operation is selected based on a blinding logic operation that had been used to create the blinded encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Autonomy Incorporated (HP Inc.)
Original Assignee
Iron Mountain Incorporated
Inventors
Newson, Robert S., Beaman, Peter D., Tran, Tuyen M.

Application Number

US12/402,470
Publication Number

US 20100215175A1
Time in Patent Office

Days
Field of Search
US Class Current

380/44
CPC Class Codes

G06F 11/1471   involving logging of persis...

G06F 11/2094   Redundant storage or storag...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

82 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR STRIPE BLIND ENCRYPTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links