SECURE DISTRIBUTED STORAGE SYSTEM AND METHOD

US 20110197056A1
Filed: 01/06/2011
Published: 08/11/2011
Est. Priority Date: 01/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting information, comprising:

defining a plaintext message to be encrypted;

extracting a set of digital information from the plaintext message in a pseudorandom order;

constructing a keystream for the plaintext message with an initialization vector formed from at least the extracted set of digital information, wherein the initialization vector is not constrained to a predetermined length; and

encrypting the plaintext with the set of digital information extracted with the keystream into a ciphertext.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Moving from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. The Data Division and Out-of-order keystream Generation technique provides a cryptographic method to protect data in the distributed storage environments. In the technique, the Treating the data as a binary bit stream, our self-encryption (SE) scheme generates a keystream by randomly extracting bits from the stream. The length of the keystream depends on the user'"'"'s security requirements. The bit stream is encrypted and the ciphertext is stored on the mobile device, whereas the keystream is stored separately. This makes it computationally not feasible to recover the original data stream from the ciphertext alone.

Citations

21 Claims

1. A method of encrypting information, comprising:
- defining a plaintext message to be encrypted;
  
  extracting a set of digital information from the plaintext message in a pseudorandom order;
  
  constructing a keystream for the plaintext message with an initialization vector formed from at least the extracted set of digital information, wherein the initialization vector is not constrained to a predetermined length; and
  
  encrypting the plaintext with the set of digital information extracted with the keystream into a ciphertext.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according claim 1, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 3. The method according to claim 2, wherein the ciphertext is divided into multiple blocks, which are stored.
  - 4. The method according to claim 2, wherein at least part of the information defining the keystream is communicated remotely, and the information defining the keystream is communicated locally for decryption only after authentication of a user requesting decryption.
  - 5. The method according to claim 2, wherein the plaintext is provided in a mobile communication device, the ciphertext is stored in the mobile communication device, and the extracted set of digital information is stored remotely from the mobile communication device.
  - 6. The method according to claim 1, wherein the keystream is generated by extracting bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 7. The method according to claim 1, wherein the keystream is stored separately from the ciphertext.

8. An apparatus for encrypting information, comprising:
- a memory adapted to store a plaintext message to be encrypted and an encrypted ciphertext;
  
  a processor, adapted to extract a pseudorandomly defined set of digital information from the plaintext message, and construct a keystream for the plaintext message with an initialization vector formed from at least the extracted set of digital information, and encrypt the plaintext with the set of digital information extracted with the keystream into the ciphertext; and
  
  an interface between the processor and the memory.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus according claim 8, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 10. The apparatus according to claim 9, wherein the ciphertext is divided into multiple blocks, which are stored.
  - 11. The apparatus according to claim 9, further comprising a communication port, adapted to transmit at least part of the information defining the keystream remotely, and receive the information defining the keystream from a remote memory only after authentication of a user requesting decryption.
  - 12. The apparatus according to claim 9, wherein the plaintext is provided in a mobile communication device, the ciphertext is stored in the mobile communication device, and the extracted set of digital information is stored remotely from the mobile communication device.
  - 13. The apparatus according to claim 8, wherein the keystream is generated by extracting bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 14. The apparatus according to claim 8, wherein the keystream is stored separately from the ciphertext.

15. A computer readable medium, storing therein instructions for controlling a processor to encrypt information, according to the steps of:
- defining a plaintext message to be encrypted;
  
  extracting a set of digital information from the plaintext message in a pseudorandom order;
  
  constructing a keystream for the plaintext message with an initialization vector formed from at least the extracted set of digital information, wherein the initialization vector is not constrained to a predetermined length; and
  
  encrypting the plaintext with the set of digital information extracted with the keystream into a ciphertext.

16. A method of decrypting information, comprising:
- defining a ciphertext message to be decrypted;
  
  receiving information defining a set of digital information pseudorandomly extracted from a corresponding plaintext message;
  
  constructing a keystream with an initialization vector formed from at least the extracted set of digital information;
  
  decrypting the ciphertext with the keystream into an extracted plaintext;
  
  restoring the extracted set of digital information to produce the plaintext.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method according claim 16, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 18. The method according to claim 17, wherein at least part of the information defining the keystream received from a remote storage medium, dependent on authentication of a user requesting decryption.
  - 19. The method according to claim 17, wherein the ciphertext is provided in a mobile communication device, and the extracted set of digital information is stored remotely from the mobile communication device.
  - 20. The method according to claim 16, wherein the keystream is generated by extracting bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 21. The method according to claim 16, wherein the keystream is stored separately from the ciphertext.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Research Foundation for The State University of New York (State University of New York)
Original Assignee
The Research Foundation for The State University of New York (State University of New York)
Inventors
Chen, Yu

Granted Patent

US 8,862,900 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 9/0668   producing a non-linear pseu...

H04L 9/3228   One-time or temporary data,...

SECURE DISTRIBUTED STORAGE SYSTEM AND METHOD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DISTRIBUTED STORAGE SYSTEM AND METHOD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links