AUTOMATIC CHANGE OF SYMMETRICAL ENCRYPTION KEY

US 20100303241A1
Filed: 06/02/2009
Published: 12/02/2010
Est. Priority Date: 06/02/2009
Status: Active Grant

First Claim

Patent Images

1. A method for changing an encryption key, the method comprising:

encrypting data using a first encryption key; and

changing from the first encryption key to a second, different encryption key for encrypting subsequent data in response to an amount of data encrypted with the first encryption key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption system and a method for automatically changing an encryption key. The key is changed in response to an amount of data that has been encrypted. When the amount of data encrypted with a first key reaches or exceeds a byte count threshold, the first key is deactivated and a new key is generated and used for subsequent data encryption.

80 Citations

View as Search Results

20 Claims

1. A method for changing an encryption key, the method comprising:
- encrypting data using a first encryption key; and
  
  changing from the first encryption key to a second, different encryption key for encrypting subsequent data in response to an amount of data encrypted with the first encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 and further comprising counting bytes of the data in order to determine the amount of data encrypted with the first encryption key.
  - 3. The method of claim 2 wherein a byte count threshold for switching from the first encryption key to the second encryption key is determined in response to a byte count range between an upper byte count limit and a lower byte count limit.
  - 4. The method of claim 3 wherein the byte count threshold is determined by Data_min+((Data_max−
    - Data_min)/x_max)*x where Data_minis the lower byte count limit, Data_maxis the upper byte count limit, and x_maxε
      
      {N} where N is a set of natural numbers.
  - 5. The method of claim 1 wherein the encryption key is a symmetrical encryption key.
  - 6. The method of claim 1 wherein encrypting the data comprises performing one of a Data Encryption Standard or an Advanced Encryption Standard encryption.
  - 7. The method of claim 6 wherein an upper byte count limit is lower for the Data Encryption Standard encryption than an upper byte count limit for the Advanced Encryption Standard encryption.

8. A method for changing an encryption key, the method comprising:
- determining a maximum number of bytes to encrypt with a first encryption key;
  
  determining a minimum number of bytes to encrypt with the first encryption key;
  
  determining a byte count threshold between the minimum number of bytes and the maximum number of bytes;
  
  counting a number of bytes being encrypted by an encryption operation using the first encryption key; and
  
  inactivating the first key when the number of bytes being encrypted reaches a byte count threshold; and
  
  generating a second key for encrypting subsequent data.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 wherein generating the second key comprises generating a key identification, a key value, and a key type.
  - 10. The method of claim 8 wherein counting the number of bytes being encrypted comprises:
    - incrementing a byte count after each byte is encrypted; and
      
      comparing the byte count to a predetermined threshold.
  - 11. The method of claim 8 and further comprising storing a key identification of the first key with data encrypted using the first key.
  - 12. The method of claim 8 and further comprising determining a back-up policy that includes a source for secret data to be encrypted, a destination medium for encrypted data, and an encryption type.
  - 13. The method of claim 8 and further comprising performing the encryption operation on additional data using the second key.

14. An encryption system comprising:
- a back-up manager for managing back-up of secret data;
  
  a back-up medium coupled to the back-up manager, the back-up medium configured to store encrypted data;
  
  a host system coupled to the back-up manager, the host system configured to execute an encryption operation using an active encryption key such that the secret data is encrypted and stored on the back-up medium; and
  
  a key management module coupled to the host system and configured to compare a byte count to a threshold and deactivate a first encryption key and activate a second encryption key, to be used as the active encryption key, in response to the byte count being equal to or greater than the threshold.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The encryption system of claim 14 wherein the host system is coupled to the back-up manager over a network.
  - 16. The encryption system of claim 14 and further comprising a central database coupled to the back-up manager, the central database configured to store a back-up policy and inventory information.
  - 17. The encryption system of claim 14 wherein the key management module is further configured to comprise a key list and an encryption algorithm list.
  - 18. The encryption system of claim 17 wherein the key list comprises a key identification, a key value, a key status, and a byte counter.
  - 19. The encryption system of claim 17 wherein the encryption algorithm list comprises an encryption operation type, a byte counter upper limit, a byte counter lower limit, and a user input factor for each type of encryption algorithm.
  - 20. The encryption system of claim 14 wherein the back-up medium is configured to store a key identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Breyel, Oliver

Granted Patent

US 8,284,945 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 11/1458   Management of the backup or...

G06F 21/602   Providing cryptographic fac...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

AUTOMATIC CHANGE OF SYMMETRICAL ENCRYPTION KEY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

AUTOMATIC CHANGE OF SYMMETRICAL ENCRYPTION KEY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others