Cryptographic labeling of electronically stored data

US 4,864,616 A
Filed: 10/15/1987
Issued: 09/05/1989
Est. Priority Date: 10/15/1987
Status: Expired due to Fees

First Claim

Patent Images

1. A method of cryptographically labeling a data file of electronically stored nonexecutable data, comprising:

generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;

prefixing said label to the file; and

encrypting the file in accordance with the control variables in said first field.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of cryptographically labeling electronically stored data is provided as part of a security system for personal computers. In protecting sensitive files of data, the labeling method utilizes a plurality of key streams, which are long, relatively prime-length sequences of random-like bytes. The key streams are related in some way to individual user and machine identifiers. Protected files of data are encrypted and decrypted by combining the key streams with the data using a reversible function, such as Exclusive OR. Each protected file has a label prefixed to it as part of the file. The label contains information necessary for encrypting and decrypting the file, controlling access to the file, and verifying integrity of the label and file. The label is permanently prefixed to the protected file but is encrypted and decrypted separately from encryption and decryption of the file.

212 Citations

12 Claims

1. A method of cryptographically labeling a data file of electronically stored nonexecutable data, comprising:
- generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;
  
  prefixing said label to the file; and
  
  encrypting the file in accordance with the control variables in said first field.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - encrypting said first field of said label in accordance with further control variables in a second field of said label.
  - 3. The method of claim 1, further comprising:
    - providing a key stream for encrypting and decrypting the data file, wherein said encrypting is accomplished by combining said key stream with said data using a reversible function.

4. A method of labeling and encrypting data file of electronically stored non-executable data, comprising:
- generating a file label comprising a first field containing control variables for encrypting and decrpyting the file and a second field containing control variables for encrypting and decrypting said label;
  
  providing a key stream for encrypting and decrypting the file and said label;
  
  prefixing said label to the file;
  
  encrypting the file by combining said key stream with file data using a reversible function in accordance with control variables in said first field of said label; and
  
  encrypting said first field of said label in accordance with instructions in said second field of said label.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, further comprising:
    - providing identifiers for identifying a computer and an individual user logged-on to the computer; and
      
      placing in said first field of said label a combination of said indentifiers.
  - 6. The method of claim 5, further comprising:
    - receiving a request for access to the data file from a subsequent user;
      
      decrypting said first field of said label in accordance with control variables in said second field of said label upon receipt of said request for access;
      
      generating an access code from a combination of subsequent identifiers corresponding to said subsequent user;
      
      comparing said access code to the combination of said identifiers in said first field of said label; and
      
      decrypting the file in accordance with the control variables in said first field of said label only if said access code matches the combination of said identifiers in said first field.

7. A method of labeling and controlling access to a file of electronically stored data, comprising:
- generating a file label having fields containing control variables for encrypting and decrypting the file and said label, said fields including a label size, a key mix, an access check, an initialization vector, and a checksum;
  
  prefixing said label to the file;
  
  providing identifiers for identifying a computer and each user logged-on to said computer;
  
  deriving said access check from a combination of said identifiers corresponding to a creator of the file;
  
  generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file;
  
  providing a mandatory key stream for encrypting and decrypting the file and said label;
  
  obtaining an initial point for each of said key streams from said initialization vector;
  
  encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector;
  
  encrypting said key mix, said access check, and said initialization vector using said mandatory key stream initiated at a point designated by said checksum;
  
  storing said encrypted file and encrypted label in said computer;
  
  decrypting said key mix, said access check, and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer;
  
  deriving an access code from said identifiers corresponding to said user;
  
  comparing said access check of said label to said access code of said user; and
  
  decrypting the file using said initialization vector, said reversible function, and said key streams designated by said key mix only if said access check of said label equals said access code of said user.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the step of providing identifiers comprises:
    - providing a machine ID for uniquely identifying said computer;
      
      providing a configuration ID for identifying said computer configured in a computer network;
      
      providing a primary ID for uniquely identifying each file creator and user; and
      
      providing a secondary ID for identifying each file creator and user as a member of a particular group.
  - 9. The method of claim 7, further comprising:
    - providing a plurality of reversible functions for combining said key streams with the file data; and
      
      providing in said initialization vector a designation of one of said plurality of reversible functions for encrypting and decrypting the file.
  - 10. The method of claim 7, further comprising:
    - deriving said checksum from said label size, said key mix, said access check, and said initialization vector;
      
      obtaining after decryption a sum of said label size, said key mix, said access check, and said initialization vector; and
      
      comparing said sum to said checksum to verify integrity of said label when said sum equals said checksum.
  - 11. The method of claim 8, further comprising:
    - setting a label-is-present flag in said key mix when said key mix designates at least one of said ID key streams for encryption of the file.
  - 12. The method of claim 11, further comprising:
    - removing said label-is-present flag from said label of said encrypted file;
      
      transferring the encrypted file to a second computer having the same configuration ID, wherein said transfer is accomplished without further encryption by said second computer; and
      
      resetting said label-is-present flag after transferring said encrypted file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micronyx, Inc.
Original Assignee
Micronyx, Inc.
Inventors
Woodall, Bruce A., Watson, John D., Goode, George E., Pond, Eugene W., Goode, Walter M., Rush, Jeffrey R.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/108,769
Time in Patent Office

691 Days
Field of Search

380/23, 380/24, 380/25, 380/45-47, 380/49-50
US Class Current

713/165
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2153   Using hardware token as a s...

Cryptographic labeling of electronically stored data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

212 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic labeling of electronically stored data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

212 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links