Method and apparatus for protecting widely distributed digital information
First Claim
1. A method of file system operation in a computer comprising:
- receiving a request through a computer operating system to read a unitary file of data, said unitary file comprising a plurality of non-encrypted segments interspersed with at least two encrypted segments, all stored on a single storage medium;
determining which of said file segments is encrypted;
reading the encrypted segment and decrypting same;
reading the non-encrypted segments;
assembling the non-encrypted segments with the decrypted segment to produce an original unitary file of data; and
providing the assembled unitary file of data in response to said request;
wherein at least one encrypted segment is encrypted using a first encryption procedure and a second encrypted segment is encrypted using a second encryption procedure, different than the first encryption procedure.
2 Assignments
0 Petitions
Accused Products
Abstract
To facilitate protected distribution of digital data files, the files are segmented, and each segment (e.g. disk sector) is encrypted separately. Some segments can be left unencrypted, speeding access since less decryption is required. Different segments can utilize different encryption techniques, increasing protection against unauthorized decryption. A table stored in association with the encrypted data provides authorized users with data identifying the encrypted segments, and the form of encryption used. Decryption is accomplished with a layered set of operating system software that operates in conjunction with said table. Specialized APIs aren'"'"'t used; applications programs are provided with unencrypted data using conventional APIs. Internal interfaces, invisible to the APIS, intercept normal processing calls (e.g READs) and direct them to internal decryption software that returns decrypted data back to the APIs.
-
Citations
38 Claims
-
1. A method of file system operation in a computer comprising:
-
receiving a request through a computer operating system to read a unitary file of data, said unitary file comprising a plurality of non-encrypted segments interspersed with at least two encrypted segments, all stored on a single storage medium; determining which of said file segments is encrypted; reading the encrypted segment and decrypting same; reading the non-encrypted segments; assembling the non-encrypted segments with the decrypted segment to produce an original unitary file of data; and providing the assembled unitary file of data in response to said request; wherein at least one encrypted segment is encrypted using a first encryption procedure and a second encrypted segment is encrypted using a second encryption procedure, different than the first encryption procedure. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of encrypting and storing an original, unitary file of data comprising:
-
dividing the unitary file into a plurality of segments; allocating to each of said segments a corresponding portion of a single physical storage medium; storing a first of said segments in a corresponding portion of the single physical storage medium without encryption; encrypting a second of said segments; and storing the encrypted segment in a corresponding portion of the single physical storage medium; wherein at least one of the encrypted segments is encrypted with a different encryption procedure than another of the encrypted segments. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer-readable storage medium having stored therein instructions capable of causing a computer to perform the following method:
-
receiving a request through a computer operating system to read a unitary file of data, said file comprising a plurality of non-encrypted segments interspersed with at least two encrypted segments on a single storage medium; determining which of said file segments is encrypted; reading the encrypted segment and decrypting same; reading the non-encrypted segments; assembling the non-encrypted segments with the decrypted segment to produce an original unitary file of data; and providing the assembled file of data in response to said request; wherein some of the encrypted segments are encrypted with different encryption procedures than others of the encrypted segments.
-
-
31. A computer-readable storage medium having stored therein instructions capable of causing a computer to perform the following method:
-
dividing a unitary file into a plurality of segments; allocating to each of said segments a corresponding portion of a single physical storage medium; storing a first of said segments in a corresponding portion of the single physical storage medium without encryption; encrypting a second of said segments using a first encryption technique; encrypting a third of said segments using a second encryption technique; and storing the encrypted segment in a corresponding portion of the single physical storage medium.
-
-
32. A computer system including a microprocessor and a software program, the software program utilizing an application program interface to request services from a windowed operating system, the requested services relating to transparent sector-based encryption and decryption of information stored on a single storage medium in a file system of a computer operating system, wherein file data is protected from unauthorized use, yet is transparently available to a user without delay associated with decrypting, the application program interface including a separate command to request each of the following services:
-
identifying one or more keys useful for decrypting a unitary file written as a plurality of non-encrypted segments interspersed with at least two encrypted segments that are encrypted using different encryption techniques; and reading a unitary file of data, said file comprising a plurality of non-encrypted segments interspersed with at least two encrypted segments using one or more decryption procedures. - View Dependent Claims (33)
-
-
34. A computer system including a microprocessor and a software program, the software program utilizing an application program interface to request services from a windowed operating system, the requested services relating to transparent sector-based encryption and decryption of information stored on a single storage medium in a file system of a computer operating system, wherein file data is protected from unauthorized use, yet is transparently available to a user without delay associated with decrypting, the application program interface including a separate command to request each of the following services:
-
identifying one or more encryption procedures used to encrypt a unitary file of original information; and writing a unitary file of data, said file written as a plurality of non-encrypted segments interspersed with at least two encrypted segments using at least two encryption procedures. - View Dependent Claims (35)
-
-
36. A method of file system operation in a computer comprising:
-
receiving a request through a computer operating system to read a unitary file of data, said unitary file comprising a plurality of non-encrypted segments interspersed with at least one encrypted segments; determining which of said file segments is encrypted; reading the encrypted segment and decrypting same; reading the non-encrypted segments; assembling the non-encrypted segments with the decrypted segment to produce an original unitary file of data; and providing the assembled unitary file of data in response to said request; wherein the unitary file of data cannot be used without a decryption key. - View Dependent Claims (37)
-
-
38. A computer system including a microprocessor and a software program, the software program utilizing an application program interface to request services from a windowed operating system, the requested services relating to transparent sector-based encryption and decryption of information stored on a single storage medium in a file system of a computer operating system, wherein file data is protected from unauthorized use, yet is transparently available to a user without delay associated with decrypting, the application program interface including a separate command to request each of the following services:
-
identifying one or more keys useful for decrypting a unitary file written as a plurality of non-encrypted segments interspersed with at least one encrypted segments; and reading a unitary file of data, said file comprising a plurality of non-encrypted segments interspersed with the at least one encrypted segments using one or more decryption procedures; wherein the unitary file is not usable when it contains the at least one encrypted segments, without a decryption key.
-
Specification