SECURE DATA RE-ENCRYPTION

US 20170085540A1
Filed: 09/22/2015
Published: 03/23/2017
Est. Priority Date: 09/22/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, wherein a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and wherein the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other;

decrypting, in the device, the second subset of encrypted data using the cryptographic device key associated with the device to produce second plain text;

encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and

encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes: decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, where a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and where the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; decrypting, in the device, the second subset of encrypted data using the cryptographic device key to produce second plain text; encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.

24 Citations

View as Search Results

29 Claims

1. A method comprising:
- decrypting, in a device, a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text, wherein a set of encrypted data comprises the first subset of encrypted data and a second subset of encrypted data, and wherein the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other;
  
  decrypting, in the device, the second subset of encrypted data using the cryptographic device key associated with the device to produce second plain text;
  
  encrypting, in the device, the first plain text using a first ephemeral key to produce first re-encrypted data; and
  
  encrypting, in the device, the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first ephemeral key is unique to the first subset of encrypted data.
  - 3. The method of claim 1, wherein the first subset of encrypted data comprises a plurality of blocks of encrypted data, wherein decrypting the first subset of encrypted data comprises decrypting each of the plurality of blocks of encrypted data separately, wherein the first plain text comprises a plurality of plain text blocks corresponding to the plurality of blocks of encrypted data, and wherein encrypting the first plain text comprises encrypting each of the plurality of plain text blocks using the first ephemeral key.
  - 4. The method of claim 1, further comprising:
    - determining, in the device, the first ephemeral key to use for encryption of the first plain text; and
      
      determining, in the device, the second ephemeral key to use for encryption of the second plain text.
  - 5. The method of claim 4, wherein determining the first ephemeral key comprises generating the first ephemeral key in hardware of the device.
  - 6. The method of claim 1, further comprising:
    - associating, in the device, the first re-encrypted data with the first ephemeral key; and
      
      associating, in the device, the second re-encrypted data with the second ephemeral key.
  - 7. The method of claim 6, wherein associating the first re-encrypted data with the first ephemeral key comprises storing data corresponding to the first re-encrypted data in association with the first ephemeral key, and wherein associating the second re-encrypted data with the second ephemeral key comprises storing data corresponding to the second re-encrypted data in association with the second ephemeral key.
  - 8. The method of claim 1, further comprising:
    - randomizing the first re-encrypted data by applying a first nonce to the first re-encrypted data to produce first randomized data;
      
      reversing the randomizing to produce reproduced first re-encrypted data using the first nonce and the first randomized data, wherein the reproduced first re-encrypted data match the first re-encrypted data;
      
      decrypting the reproduced first re-encrypted data using the first ephemeral key to produce third plain text;
      
      encrypting the third plain text using the cryptographic device key to produce a reproduced first subset of encrypted data;
      
      decrypting the reproduced first subset of encrypted data using the cryptographic device key to produce fourth plain text;
      
      encrypting the fourth plain text using the first ephemeral key to produce third re-encrypted data; and
      
      applying a second nonce, that is different from the first nonce, to the third re-encrypted data to produce second randomized data that are different from the first randomized data.
  - 9. The method of claim 8, wherein applying the first nonce to the first re-encrypted data comprises exclusive OR-ing the first nonce and the first re-encrypted data.

10. A device comprising:
- a memory; and
  
  a hardware cryptographic processor communicatively coupled to the memory and comprising;
  
  a decryption engine configured to;
  
  decrypt a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text; and
  
  decrypt a second subset of encrypted data using the cryptographic device key associated with the device to produce second plain text;
  
  wherein a set of encrypted data comprises the first subset of encrypted data and the second subset of encrypted data, and wherein the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; and
  
  an encryption engine communicatively coupled to the decryption engine and configured to;
  
  encrypt the first plain text using a first ephemeral key to produce first re-encrypted data; and
  
  encrypt the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The device of claim 10, wherein the first ephemeral key is unique to the first subset of encrypted data.
  - 12. The device of claim 10, wherein the first subset of encrypted data comprises a plurality of blocks of encrypted data, wherein the decryption engine is configured to decrypt the first subset of encrypted data by decrypting each of the plurality of blocks of encrypted data separately, wherein the first plain text comprises a plurality of plain text blocks corresponding to the plurality of blocks of encrypted data, and wherein the encryption engine is configured to encrypt the first plain text by encrypting each of the plurality of plain text blocks using the first ephemeral key.
  - 13. The device of claim 10, wherein the decryption engine is configured to decrypt the second subset of encrypted data while the encryption engine encrypts the first plain text.
  - 14. The device of claim 10, wherein the decryption engine and the encryption engine are a first crypto-engine pair, the hardware cryptographic processor further comprising a second crypto-engine pair configured to operate concurrently with the first crypto-engine pair.
  - 15. The device of claim 10, wherein the hardware cryptographic processor further comprises an input queue communicatively coupled to the decryption engine and an output queue communicatively coupled to the encryption engine, wherein the decryption engine is configured to read the first subset of encrypted data and the second subset of encrypted data from the input queue, wherein the encryption engine is configured to write the first re-encrypted data and the second re-encrypted data to the output queue, wherein the input queue is configured to be read from only by the decryption engine, and wherein the output queue is configured to be written to only by the encryption engine.
  - 16. The device of claim 10, wherein the hardware cryptographic processor further comprises an ephemeral key engine configured to:
    - produce the first ephemeral key and the second ephemeral key; and
      
      provide the first ephemeral key and the second ephemeral key to the encryption engine;
      
      wherein the hardware cryptographic processor is configured to inhibit access to the first ephemeral key and the second ephemeral key from outside of the hardware cryptographic processor.
  - 17. The device of claim 16, wherein the ephemeral key engine comprises a random-number generator.
  - 18. The device of claim 10, wherein:
    - the encryption engine is further configured to perform randomization of the first re-encrypted data by applying a first nonce to the first re-encrypted data to produce first randomized data;
      
      the decryption engine is further configured to;
      
      reverse the randomization to produce reproduced first re-encrypted data using the first nonce and the first randomized data, wherein the reproduced first re-encrypted data match the first re-encrypted data; and
      
      decrypt the reproduced first re-encrypted data using the first ephemeral key to produce third plain text;
      
      the encryption engine is further configured to encrypt the third plain text using the cryptographic device key to produce a reproduced first subset of encrypted data;
      
      the decryption engine is further configured to decrypt the reproduced first subset of encrypted data using the cryptographic device key to produce fourth plain text; and
      
      the encryption engine is further configured to;
      
      encrypt the fourth plain text using the first ephemeral key to produce third re-encrypted data; and
      
      apply a second nonce, that is different from the first nonce, to the third re-encrypted data to produce second randomized data that are different from the first randomized data.
  - 19. The device of claim 18, wherein the hardware cryptographic processor further comprises a nonce engine configured to:
    - produce the first nonce and the second nonce; and
      
      provide the first nonce and the second nonce to the encryption engine;
      
      wherein the hardware cryptographic processor is configured to inhibit access to the first ephemeral key and the second ephemeral key from outside of the hardware cryptographic processor.
  - 20. The device of claim 10, wherein:
    - the decryption engine is further configured to decrypt source-encrypted data using a source cryptographic key to produce source plain text; and
      
      the encryption engine is further configured to encrypt the source plain text using the cryptographic device key to produce the first subset of encrypted data.

21. A device comprising:
- decryption means for;
  
  decrypting a first subset of encrypted data using a cryptographic device key associated with the device to produce first plain text; and
  
  decrypting a second subset of encrypted data using the cryptographic device key associated with the device to produce second plain text;
  
  wherein a set of encrypted data comprises the first subset of encrypted data and the second subset of encrypted data, and wherein the first subset of encrypted data and the second subset of encrypted data each contain less encrypted data than the set of encrypted data and are different from each other; and
  
  encryption means, communicatively coupled to the decryption means, for;
  
  encrypting the first plain text using a first ephemeral key to produce first re-encrypted data; and
  
  encrypting the second plain text using a second ephemeral key to produce second re-encrypted data, the second ephemeral key being different from the first ephemeral key.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The device of claim 21, wherein the first ephemeral key is unique to the first subset of encrypted data.
  - 23. The device of claim 21, wherein the first subset of encrypted data comprises a plurality of blocks of encrypted data, wherein the decryption means are configured to decrypt the first subset of encrypted data by decrypting each of the plurality of blocks of encrypted data separately, wherein the first plain text comprises a plurality of plain text blocks corresponding to the plurality of blocks of encrypted data, and wherein the encryption means are configured to encrypt the first plain text by encrypting each of the plurality of plain text blocks using the first ephemeral key.
  - 24. The device of claim 21, wherein the decryption means are configured to decrypt the second subset of encrypted data while the encryption means encrypt the first plain text.
  - 25. The device of claim 21, further comprising an input queue communicatively coupled to the decryption means and an output queue communicatively coupled to the encryption means, wherein the decryption means are further for reading the first subset of encrypted data and the second subset of encrypted data from the input queue, wherein the encryption means are further for writing the first re-encrypted data and the second re-encrypted data to the output queue, wherein the input queue is configured to be read from only by the decryption means, and wherein the output queue is configured to be written to only by the encryption means.
  - 26. The device of claim 21, further comprising ephemeral key means for:
    - producing the first ephemeral key and the second ephemeral key;
      
      providing the first ephemeral key and the second ephemeral key to the encryption means;
      
      associating data associated with the first re-encrypted data with data corresponding to the first ephemeral key; and
      
      associating data associated with the second re-encrypted data with data corresponding to the second ephemeral key.
  - 27. The device of claim 21, wherein:
    - the encryption means are further for performing randomization of the first re-encrypted data by applying a first nonce to the first re-encrypted data to produce first randomized data;
      
      the decryption means are further for;
      
      reversing the randomization to produce reproduced first re-encrypted data using the first nonce and the first randomized data, wherein the reproduced first re-encrypted data match the first re-encrypted data; and
      
      decrypting the reproduced first re-encrypted data using the first ephemeral key to produce third plain text;
      
      the encryption means are further for encrypting the third plain text using the cryptographic device key to produce a reproduced first subset of encrypted data;
      
      the decryption means are further for decrypting the reproduced first subset of encrypted data using the cryptographic device key to produce fourth plain text; and
      
      the encryption means are further for;
      
      encrypting the fourth plain text using the first ephemeral key to produce third re-encrypted data; and
      
      applying a second nonce, that is different from the first nonce, to the third re-encrypted data to produce second randomized data that are different from the first randomized data.
  - 28. The device of claim 27, further comprising nonce means for:
    - producing the first nonce and the second nonce; and
      
      providing the first nonce and the second nonce to the encryption means;
      
      associating the first nonce with data corresponding to the first re-encrypted data; and
      
      associating the second nonce with data corresponding to the second re-encrypted data.
  - 29. The device of claim 21, wherein:
    - the decryption engine is further configured to decrypt source-encrypted data using a source cryptographic key to produce source plain text; and
      
      the encryption engine is further configured to encrypt the source plain text using the cryptographic device key to produce the first subset of encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Avanzi, Roberto, Cammarota, Rosario, Keidar, Ron

Granted Patent

US 10,027,640 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0853   using an additional device,...

H04L 9/0877   using additional device, e....

H04W 12/02   Protecting privacy or anony...

H04W 4/70   Services for machine-to-mac...

SECURE DATA RE-ENCRYPTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE DATA RE-ENCRYPTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links