Database encryption and decryption circuit and method using subkeys
First Claim
1. A method for encryption of a data record consisting of a plurality of fields, fi, and for decryption of a field, fi, from the encrypted record, comprising the steps of:
- choosing a read key, di, and write key, ei, corresponding to each field, i, such that each di is a prime number, D is the product of all di and each ei is chosen such that ei =1 modulo di, and ei =0 modulo dj for all j≠
i;
multiplying each of said plurality of fields by said corresponding key field, ei, to yield an intermediate product;
summing all of said intermediate products modulo D to yield an encrypted version of said data record;
decrypting a field fi from said encrypted version of said data record by dividing said encrypted version of said data record by said read key di corresponding to said field fi to yield a decrypted version of said field fi ;
concatenating each of said plurality of fields, fi, with a randomly chosed number prior to multiplication by said corresponding key field; and
removing said randomly chosen number from said decrypted version of said field fi after decryption.
1 Assignment
0 Petitions
Accused Products
Abstract
An encryption and decryption circuit and method using subkeys which is therefore particularly useful for the encryption and decryption of database information. Each data field has a corresponding write key and a different read key. A database record is encrypted by multiplying each field by its corresponding write key and adding up all such products modulo the product of all read keys. The read keys must be prime numbers and the write keys must satisfy a certain relationship with respect to the read keys. A database record may have a single field decrypted by dividing the encrypted record by the read key for that field and taking the remainder. The security of each field may thereby be individually controlled without compromising the security of the entire record.
-
Citations
2 Claims
-
1. A method for encryption of a data record consisting of a plurality of fields, fi, and for decryption of a field, fi, from the encrypted record, comprising the steps of:
-
choosing a read key, di, and write key, ei, corresponding to each field, i, such that each di is a prime number, D is the product of all di and each ei is chosen such that ei =1 modulo di, and ei =0 modulo dj for all j≠
i;multiplying each of said plurality of fields by said corresponding key field, ei, to yield an intermediate product; summing all of said intermediate products modulo D to yield an encrypted version of said data record; decrypting a field fi from said encrypted version of said data record by dividing said encrypted version of said data record by said read key di corresponding to said field fi to yield a decrypted version of said field fi ; concatenating each of said plurality of fields, fi, with a randomly chosed number prior to multiplication by said corresponding key field; and removing said randomly chosen number from said decrypted version of said field fi after decryption.
-
-
2. A method for encryption of a data record consisting of a plurality of fields, fi, and for decryption of a field, fi, from the encrypted record, comprising the steps of:
-
choosing a read key, di, and write key, ei, corresponding to each field, i, such that each di is a prime number, D is the product of all di and each ei is chosen such that ei =1 modulo di, and ei =0 modulo dj for all j≠
i;multiplying each of said plurality of fields by said corresponding key field, ei, to yield an intermediate product; summing all of said intermediate products modulo D to yield an encrypted version of said data record; decrypting a field fi from said encrypted version of said data record by dividing said encrypted version of said data record by said read key di corresponding to said field fi to yield a decrypted version of said field fi ; concatenating each of said plurality of fields, fi, with a signature field prior to multiplication by said corresponding key field; and
removing said signature field from said decrypted version of said field fi after decryption.
-
Specification