Cryptographic labeling of electronically stored data
First Claim
1. A method of cryptographically labeling a data file of electronically stored nonexecutable data, comprising:
- generating a file label comprising a first field containing control variables for encrypting and decrypting said data file;
prefixing said label to the file; and
encrypting the file in accordance with the control variables in said first field.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of cryptographically labeling electronically stored data is provided as part of a security system for personal computers. In protecting sensitive files of data, the labeling method utilizes a plurality of key streams, which are long, relatively prime-length sequences of random-like bytes. The key streams are related in some way to individual user and machine identifiers. Protected files of data are encrypted and decrypted by combining the key streams with the data using a reversible function, such as Exclusive OR. Each protected file has a label prefixed to it as part of the file. The label contains information necessary for encrypting and decrypting the file, controlling access to the file, and verifying integrity of the label and file. The label is permanently prefixed to the protected file but is encrypted and decrypted separately from encryption and decryption of the file.
212 Citations
12 Claims
-
1. A method of cryptographically labeling a data file of electronically stored nonexecutable data, comprising:
-
generating a file label comprising a first field containing control variables for encrypting and decrypting said data file; prefixing said label to the file; and encrypting the file in accordance with the control variables in said first field. - View Dependent Claims (2, 3)
-
-
4. A method of labeling and encrypting data file of electronically stored non-executable data, comprising:
-
generating a file label comprising a first field containing control variables for encrypting and decrpyting the file and a second field containing control variables for encrypting and decrypting said label; providing a key stream for encrypting and decrypting the file and said label; prefixing said label to the file; encrypting the file by combining said key stream with file data using a reversible function in accordance with control variables in said first field of said label; and encrypting said first field of said label in accordance with instructions in said second field of said label. - View Dependent Claims (5, 6)
-
-
7. A method of labeling and controlling access to a file of electronically stored data, comprising:
-
generating a file label having fields containing control variables for encrypting and decrypting the file and said label, said fields including a label size, a key mix, an access check, an initialization vector, and a checksum; prefixing said label to the file; providing identifiers for identifying a computer and each user logged-on to said computer; deriving said access check from a combination of said identifiers corresponding to a creator of the file; generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file; providing a mandatory key stream for encrypting and decrypting the file and said label; obtaining an initial point for each of said key streams from said initialization vector; encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector; encrypting said key mix, said access check, and said initialization vector using said mandatory key stream initiated at a point designated by said checksum; storing said encrypted file and encrypted label in said computer; decrypting said key mix, said access check, and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer; deriving an access code from said identifiers corresponding to said user; comparing said access check of said label to said access code of said user; and decrypting the file using said initialization vector, said reversible function, and said key streams designated by said key mix only if said access check of said label equals said access code of said user. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification