Method to protect information on a computer storage device

US 5,677,952 A
Filed: 12/06/1994
Issued: 10/14/1997
Est. Priority Date: 12/06/1993
Status: Expired due to Fees

First Claim

Patent Images

1. A method, using a secret key, to protect information in a storage device of a computer, the secret key being derived from a password entered into the computer by an authorized user, comprising the steps of:

applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length that is equal to a portion of the storage device associated with the index; and

using the pseudorandom bit string to encrypt and decrypt data accesses to and from the portion of the storage device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, using a secret key, to protect information in a storage disk of a computer, where the secret key is derived from a password entered into the computer by an authorized user. The method begins by applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length that is a function of the size of a sector of the storage disk. The sector is associated or otherwise identified by the index used by the pseudorandom function to generate the pseudorandom bit string. The pseudorandom bit string is then used to encrypt and decrypt data accesses to and from the sector.

357 Citations

20 Claims

1. A method, using a secret key, to protect information in a storage device of a computer, the secret key being derived from a password entered into the computer by an authorized user, comprising the steps of:
- applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length that is equal to a portion of the storage device associated with the index; and
  
  using the pseudorandom bit string to encrypt and decrypt data accesses to and from the portion of the storage device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as described in claim 1 wherein the storage device is a hard disk and the portion is a sector of the hard disk.
  - 3. The method as described in claim 1 wherein the secret key is stored in a volatile memory of the computer and vanishes under one or more predetermined conditions.
  - 4. The method as described in claim 3 wherein the predetermined conditions include the authorized user turning off the computer, the authorized user logging off from the computer, the authorized user locking the computer, or expiration of a predetermined time period during which the computer is not used by the authorized user.
  - 5. The method as described in claim 1 wherein the step of applying the length-increasing pseudorandom function to the secret key includes the step of transforming the secret key into one or more tables of pseudorandom numbers to facilitate generation of the pseudorandom bit string given the index.

6. A method, using a secret key, to protect information in a storage disk Of a computer, the secret key being derived from a password entered into the computer by an authorized user, comprising the steps of:
- applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length equal to a sector of the storage disk associated with the index;
  
  combining a data block of the information with the pseudorandom bit string to generate a ciphertext; and
  
  storing the ciphertext in the sector to protect the data block against unauthorized disclosure.
- View Dependent Claims (7, 8)
- - 7. The method as described in claim 6 further including the step of using the pseudorandom function to encrypt and decrypt other storage device accesses while the authorized user is logged onto the computer.
  - 8. The method as described in claim 7 wherein the other storage device accesses are performed by evaluating the pseudorandom function at one or more sector indexes.

9. A method to protect information on a storage device of a computer, comprising the steps of:
- deriving a secret key from a password entered into the computer by an authorized user;
  
  applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length equal to a sector of the storage device associated with the index;
  
  encrypting a data block of the information with the pseudorandom bit string to generate a ciphertext; and
  
  storing the ciphertext in the sector to protect the data block against unauthorized disclosure.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method to protect information as described in claim 9 further including the step of:
    - retrieving the ciphertext stored at the physical location in response to a read request; and
      
      decrypting the ciphertext with the pseudorandom bit string to derive the data block.
  - 11. The method as described in claim 9 wherein the secret key is derived from the password and other information stored in the computer.
  - 12. The method as described in claim 11 wherein the other information includes a unique identifier for the computer.
  - 13. The method as described in claim 9 wherein a slow-to-compute function is applied to the password prior to deriving the secret key.

14. A computer, comprising:
- a storage device;
  
  means for processing a password entered by an authorized user to generate a secret key;
  
  means for using the secret key and an index to generate a pseudorandom bit string having a predetermined length; and
  
  means for encrypting and decrypting data accesses to and from the storage device using the pseudorandom bit string.
- View Dependent Claims (15, 16)
- - 15. The computer as described in claim 14 wherein the index is a file number identifying a file associated with the location in the storage device, and wherein the predetermined length of the pseudorandom bit string is made equal to the length of the file.
  - 16. The computer as described in claim 15 further including means for compressing and decompressing the file, such that the file is compressed prior to encryption and decompressed following decryption.

17. A method, using a secret key, to protect information on a computer having a disk, comprising the steps of:
- deriving a user key from a password entered into the computer from an authorized user;
  
  encrypting the secret key with the user key to generate a value that is stored along with information identifying the authorized user;
  
  recovering the secret key in response to subsequent entry of the password by the authorized user;
  
  applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length equal to a sector of the disk associated with the index; and
  
  using the pseudorandom bit string to encrypt and decrypt data accesses to and from the sector.
- View Dependent Claims (18)
- - 18. The method as described in claim 17 further including the step of replacing the value with a second value associated with a second password of the authorized user.

19. A method, using a secret key shared by a plurality of authorized users, to protect information on a computer having a disk, comprising the steps of:
- for each authorized user of the computer, deriving a user key from the authorized user'"'"'s password and encrypting the secret key with the user key to generate a value that is then stored along with an identifier for the user;
  
  recovering the secret key in response to subsequent entry of a password from one of the authorized users;
  
  applying a length-increasing pseudorandom function to the secret key and an index to generate a pseudorandom bit string having a length equal to a sector of the disk associated with the index; and
  
  using the pseudorandom bit string to encrypt and decrypt data accesses to and from the sector.

20. An article of manufacture, comprising:
- a computer-readable storage medium having a substrate; and
  
  computer program data encoded in the substrate of the computer-readable storage medium, wherein the computer program data comprises;
  
  means for applying a length-increasing pseudorandom function to a secret key and an index to generate a pseudorandom bit string having a length equal to a sector of the storage disk associated with the index; and
  
  means for using the pseudorandom bit string to encrypt data accesses to the sector of the storage disk and to decrypt data accesses from the sector of the storage disk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Rogaway, Phillip W., Blakley, George R. III
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/349,778
Time in Patent Office

1,043 Days
Field of Search

380/4, 380/9, 380/23, 380/25, 380/46, 380/49, 380/50, 380/28, 380/30, 380/37
US Class Current

713/189
CPC Class Codes

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/72   in cryptographic circuits

G06F 21/80   in storage media based on m...

G06F 21/85   interconnection devices, e....

G06F 2211/007   Encryption, En-/decode, En-...

H04L 2209/046   of operations, operands or ...

H04L 9/0656   Pseudorandom key sequence c...

Method to protect information on a computer storage device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

357 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method to protect information on a computer storage device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

357 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others