File encryption method and file cryptographic system
First Claim
1. A file encryption method for use in an information processing system having a hierarchically arranged upper rank apparatus and an external storage device, which method controls transmission and reception of data between said storage device and said upper rank apparatus, comprising the steps of:
- performing in said external storage device at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus, using an algorithm controlled by a data key; and
performing generation, encryption and decryption of said data key in said upper rank apparatus.
1 Assignment
0 Petitions
Accused Products
Abstract
In an information processing system having an upper rank apparatus and an external storage device which performs transmission and reception of data between the storage device and the upper rank apparatus, at least one of encryption and decryption of the data by use of an algorithm controlled by a desired data key is performed in the external storage device, while generation, encryption and decryption of the data key are performed on the upper rank apparatus side. By this configuration, the burden of the upper rank apparatus is largely reduced and the secrecy of data stored in the external storage device can be surely kept without spoiling the throughput of the whole system.
263 Citations
15 Claims
-
1. A file encryption method for use in an information processing system having a hierarchically arranged upper rank apparatus and an external storage device, which method controls transmission and reception of data between said storage device and said upper rank apparatus, comprising the steps of:
-
performing in said external storage device at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus, using an algorithm controlled by a data key; and performing generation, encryption and decryption of said data key in said upper rank apparatus.
-
-
2. A file cryptographic system comprising:
-
an upper rank apparatus; a cryptographic device connected to said upper rank apparatus; and an external storage device, said external storage device including means for performing at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus; in which said cryptographic device performs encryption and decryption of a raw data key, and said means in said external storage device performs encryption and decryption of data based on said raw data key received from said upper rank apparatus. - View Dependent Claims (3, 4, 5)
-
-
6. A file cryptographic system comprising:
-
an upper rank apparatus; a cryptographic device connected to said upper rank apparatus; and an external storage device, said external storage device including means for performing at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus; in which, when decryption of said raw data key is performed in said cryptographic device, incomplete decryption is performed to an extent that the decrypted raw data key is breakable by the function of decryption in said external storage device, so that final decryption of said raw data key is performed in said cryptographic device.
-
-
7. A file cryptographic system comprising:
-
an upper rank apparatus; an upper rank apparatus; a cryptographic device connected to said upper rank apparatus; and an external storage device, said external storage device including means for performing at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus; in which, when said data transmitted from said upper rank apparatus is encrypted and recorded, the encryption is performed after data compression processing.
-
-
8. A file cryptographic system comprising:
-
an upper rank apparatus; a cryptographic device connected to said upper rank apparatus; and an external storage device, said external storage device including means for performing at least one of encryption of data received from said upper rank apparatus for storage in said external storage device and decryption of data stored in said external storage device and requested by said upper rank apparatus; in which a data key encrypted by the cryptographic device provided at said upper rank apparatus side and ordinary data encrypted by said data key are stored in the same recording medium.
-
-
9. A method of effecting secure storage of data in an external storage device by an upper rank apparatus via a storage controller, comprising the steps of:
-
(a) generating a raw data key and encrypting the raw data key in said upper rank apparatus; (b) transferring the raw data key and the encrypted raw data key to said storage controller; (c) storing the raw data key in said storage controller and said encrypted raw data key in a selected storage location in said external storage device; (d) transferring raw data from said upper rank apparatus to said storage controller; (e) encrypting said raw data in said storage controller using the raw data key stored therein and storing said encrypted raw data in said selected storage location in said external storage device; and (f) erasing the raw data key stored in said storage controller. - View Dependent Claims (10)
-
-
11. A method for an upper rank apparatus to access encrypted data stored with an encrypted data key in a storage location of an external storage device via a storage controller, comprising the steps of:
-
(a) transferring the encrypted data key from said storage location of said external storage device to said upper rank apparatus via said storage controller in response to a request by said upper rank apparatus; (b) decrypting the encrypted data key to produce a decrypted data key in said upper rank apparatus; (c) transferring the decrypted data key to said storage controller; (d) transferring said encrypted data from said storage location to said storage controller and decrypting said encrypted data to produce raw data based on decrypted data key in said storage controller; and (e) transferring said raw data to said upper rank apparatus. - View Dependent Claims (12, 13, 14, 15)
-
Specification