Encryption apparatus and method for providing an encrypted file system

US 7,428,306 B2
Filed: 04/18/2006
Issued: 09/23/2008
Est. Priority Date: 04/18/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method, in a data processing system, for encrypting a sequence of data, comprising:

receiving the sequence of data;

processing blocks of data in the sequence of data using at least two encryption mechanisms to generate an encrypted sequence of data; and

outputting the encrypted sequence of data, wherein processing blocks of data in the sequence of data using the at least two encryption mechanisms comprises alternating between the at least two encryption mechanisms at each block of data in the sequence of data, wherein the at least two encryption mechanisms comprise a first encryption mechanism implementing a first encryption algorithm of a first encryption type and a second encryption mechanism implementing a second encryption algorithm of a second encryption type, and wherein the first encryption type and the second encryption type are different from each other, wherein alternating between the at least two encryption mechanisms at each block of data in the sequence of data comprises;

encrypting a first block of data, in the sequence of data, using the first encryption mechanism;

encrypting a second block of data, in the sequence of data, using the second encryption mechanism, wherein the encryption of the second block of data by the second encryption algorithm is dependent upon one of an input or an output of the first encryption mechanism; and

encrypting a third block of data, in the sequence of data, using the first encryption mechanism, wherein the encryption of the third block of data by the first encryption mechanism is dependent upon one of an input or an output of the second encryption mechanism, and wherein;

the first encryption mechanism implements a Cipher Block Chaining (CBC) encryption methodology and the second encryption mechanism implements a Plaintext Block Chaining (PBC) encryption methodology,the first encryption mechanism utilizes a cipher generated for a previous block of data in the sequence of data to generate a first key for the CBC encryption methodology,the second encryption mechanism utilizes plaintext data for a previous block of data in the sequence of data to generate a second key for the PBC encryption methodology,the first encryption mechanism utilizes the cipher generated for the previous block of data to generate the first key by logically combining the cipher with a first encryption key,the second encryption mechanism utilizes the plaintext data for the previous block of data to generate the second key by logically combining the plaintext data with a second encryption key, andthe second encryption key is one of the same as or different from the first encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption apparatus and method for providing an encrypted file system are provided. The encryption apparatus and method of the illustrative embodiments uses a combination of encryption methodologies so as to reduce the amount of decryption and re-encryption that is necessary to a file in the Encrypted File System in the event that the file needs to be modified. The encryption methodologies are interleaved, or alternated, with regard to each block of plaintext. In one illustrative embodiment, Plaintext Block Chaining (PBC) and Cipher Block Chaining (CBC) encryption methodologies are alternated for encrypting a sequence of blocks of data. The encryption of a block of plaintext is dependent upon the plaintext or a cipher generated for the plaintext of a previous block of data in the sequence of blocks of data so that the encryption is more secure than known Electronic Code Book encryption methodologies.

Citations

7 Claims

1. A method, in a data processing system, for encrypting a sequence of data, comprising:
- receiving the sequence of data;
  
  processing blocks of data in the sequence of data using at least two encryption mechanisms to generate an encrypted sequence of data; and
  
  outputting the encrypted sequence of data, wherein processing blocks of data in the sequence of data using the at least two encryption mechanisms comprises alternating between the at least two encryption mechanisms at each block of data in the sequence of data, wherein the at least two encryption mechanisms comprise a first encryption mechanism implementing a first encryption algorithm of a first encryption type and a second encryption mechanism implementing a second encryption algorithm of a second encryption type, and wherein the first encryption type and the second encryption type are different from each other, wherein alternating between the at least two encryption mechanisms at each block of data in the sequence of data comprises;
  
  encrypting a first block of data, in the sequence of data, using the first encryption mechanism;
  
  encrypting a second block of data, in the sequence of data, using the second encryption mechanism, wherein the encryption of the second block of data by the second encryption algorithm is dependent upon one of an input or an output of the first encryption mechanism; and
  
  encrypting a third block of data, in the sequence of data, using the first encryption mechanism, wherein the encryption of the third block of data by the first encryption mechanism is dependent upon one of an input or an output of the second encryption mechanism, and wherein;
  
  the first encryption mechanism implements a Cipher Block Chaining (CBC) encryption methodology and the second encryption mechanism implements a Plaintext Block Chaining (PBC) encryption methodology,the first encryption mechanism utilizes a cipher generated for a previous block of data in the sequence of data to generate a first key for the CBC encryption methodology,the second encryption mechanism utilizes plaintext data for a previous block of data in the sequence of data to generate a second key for the PBC encryption methodology,the first encryption mechanism utilizes the cipher generated for the previous block of data to generate the first key by logically combining the cipher with a first encryption key,the second encryption mechanism utilizes the plaintext data for the previous block of data to generate the second key by logically combining the plaintext data with a second encryption key, andthe second encryption key is one of the same as or different from the first encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein all odd numbered blocks of data in the sequence of data are encrypted using the first encryption mechanism that implements the CBC encryption methodology and all even numbered blocks in the sequence of data are encrypted using the second encryption mechanism that implements the PBC encryption methodology.
  - 3. The method of claim 1, wherein outputting the encrypted sequence of data comprises storing the encrypted sequence of data as a file in an Encrypted File System (EFS).
  - 4. The method of claim 1, further comprising:
    - receiving the encrypted sequence of data;
      
      identifying a block of data, in the sequence of data, to be modified;
      
      determining an encryption methodology used to encrypt the block of data to be modified;
      
      decrypting the block of data based on the determined encryption methodology used to encrypt the block of data;
      
      modifying the block of data to be modified; and
      
      re-encrypting the block of data to be modified following modification.
  - 5. The method of claim 4, wherein decrypting the block of data based on the determined encryption methodology comprises:
    - decrypting a previous block of data in the sequence of data, that is just prior to the block of data to be modified in the sequence of data, using a cipher for a block of data that is just prior to the previous block of data to obtain plaintext data for the previous block of data; and
      
      decrypting the block of data to be modified based on the obtained plaintext data for the previous block of data.
  - 6. The method of claim 4, wherein re-encrypting the block of data to be modified following modification comprises re-encrypting up to two additional blocks of data following the block of data to be modified in addition to the block of data to be modified.
  - 7. The method of claim 4, wherein decrypting the block of data based on the determined encryption methodology comprises decrypting up to one block of data prior to the block of data to be modified, in the sequence of data, in addition to the block of data to be modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shankar, Ravi A., Mullen, Shawn P., Conklin, William C., Celikkan, Ufuk
Primary Examiner(s)
Moise; Emmanuel I
Assistant Examiner(s)
Popham; Jeffrey D

Application Number

US11/406,184
Publication Number

US 20070253549A1
Time in Patent Office

889 Days
Field of Search

380/42, 380/28, 380/37, 380/277
US Class Current

380/28
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 9/0637   Modes of operation, e.g. ci...

Encryption apparatus and method for providing an encrypted file system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption apparatus and method for providing an encrypted file system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links