Encryption systems and methods for identifying and coalescing identical objects encrypted with different keys
First Claim
1. An encryption method comprising:
- computing a representation for each of two or more encryptable objects;
encrypting each of the encryptable objects using its own representation as an encryption key, said encrypting defining a plurality of cipher objects each of which corresponds to an encryptable object;
ascertaining from the cipher objects whether the corresponding encryptable objects are identical; and
further comprising;
encrypting each representation with a different key to provide a plurality of encrypted representations;
defining individual key identifiers;
associating each of the key identifiers with an individual key; and
building a plurality of ordered tuples, each of which comprises;
a single cipher object that represents all of the two or more encryptable objects;
at least one key identifier; and
at least one encrypted representation each of which being associated with a corresponding key identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
Cryptographic protocols and methods of employing the same are described. The described protocols advantageously enable two or more identical encryptable objects that are coded for encryption with different keys to be identified as identical without access to either the unencrypted objects or the keys that are used in the encryption process. Additionally, the protocols enable two or more identical encryptable objects to be processed with different encryption keys, yet be stored in a manner so that the total required storage space is proportional to the space that is required to store a single encryptable object, plus a constant amount for each distinct encryption key. In various embodiments, the encryptable objects comprise files and the cryptographic protocols enable encrypted files to be used in connection with single instance store (SIS) systems.
67 Citations
37 Claims
-
1. An encryption method comprising:
-
computing a representation for each of two or more encryptable objects; encrypting each of the encryptable objects using its own representation as an encryption key, said encrypting defining a plurality of cipher objects each of which corresponds to an encryptable object; ascertaining from the cipher objects whether the corresponding encryptable objects are identical; and
further comprising;encrypting each representation with a different key to provide a plurality of encrypted representations; defining individual key identifiers; associating each of the key identifiers with an individual key; and building a plurality of ordered tuples, each of which comprises; a single cipher object that represents all of the two or more encryptable objects; at least one key identifier; and at least one encrypted representation each of which being associated with a corresponding key identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to:
-
compute hashes of each of a plurality of identical objects; encrypt each of the identical objects with its hash; encrypt each hash with a different key; and form at least one ordered tuple each of which comprising; a single encrypted object that represents all of the identical objects; and a list that contains information about each of the different keys, wherein the instructions cause the computer to; form multiple ordered tuples; and determine whether objects that correspond to the multiple ordered tuples appear to be identical by comparing at least the single encrypted objects for each ordered tuple. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. An encryption method comprising:
-
computing representations of each of two or more identical encryptable objects; encrypting each of the encryptable objects with its own representation, said encrypting defining a plurality of cipher objects each of which corresponds to an encryptable object; encrypting each representation with one of a plurality of keys to provide a plurality of encrypted representations; defining key identifiers for each of the plurality of keys; forming a plurality of ordered pairs, each of which comprising; an encrypted representation; and a key identifier associated with a key that encrypted the encrypted representation of the ordered pair; associating the ordered pairs with a single cipher object to provide a convergent cipher object. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. One or more computer-readable media having computer-readable instructions thereon which, when executed by a computer, cause the computer to:
-
compute hashes of each of two or more identical encryptable objects; encrypt each of the encryptable objects with its own hash, said encrypting defining a plurality of cipher objects each of which corresponds to an encryptable object; encrypt each hash with one of a plurality of different keys to provide a plurality of encrypted hashes; form a plurality of ordered pairs, each of which comprising; an encrypted representation; and a key identifier associated with a key that encrypted the encrypted representation of the ordered pair; define key identifiers for each of the plurality of keys; associate the ordered pairs with a single cipher object to provide a convergent cipher object. - View Dependent Claims (27, 28)
-
-
29. A file system encryption method comprising:
-
computing representations of two or more files; encrypting each of the files with its own representation, said encrypting defining a plurality of cipher objects each of which corresponds to a file; ascertaining from the cipher objects whether the corresponding files are identical; and
further comprising;encrypting each representation with a different key to provide a plurality of encrypted representations; defining individual key identifiers; associating each of the key identifiers with an individual key; and building a plurality of ordered tuples, each of which comprises; a single cipher object that represents all of the two or more files; at least one key identifier; and at least one encrypted representation each of which being associated with a corresponding key identifier. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
Specification