Encryption apparatus and method for providing an encrypted file system
First Claim
1. A method, in a data processing system, for encrypting a sequence of data, comprising:
- receiving the sequence of data;
processing blocks of data in the sequence of data using at least two encryption mechanisms to generate an encrypted sequence of data; and
outputting the encrypted sequence of data, wherein processing blocks of data in the sequence of data using the at least two encryption mechanisms comprises alternating between the at least two encryption mechanisms at each block of data in the sequence of data, wherein the at least two encryption mechanisms comprise a first encryption mechanism implementing a first encryption algorithm of a first encryption type and a second encryption mechanism implementing a second encryption algorithm of a second encryption type, and wherein the first encryption type and the second encryption type are different from each other, wherein alternating between the at least two encryption mechanisms at each block of data in the sequence of data comprises;
encrypting a first block of data, in the sequence of data, using the first encryption mechanism;
encrypting a second block of data, in the sequence of data, using the second encryption mechanism, wherein the encryption of the second block of data by the second encryption algorithm is dependent upon one of an input or an output of the first encryption mechanism; and
encrypting a third block of data, in the sequence of data, using the first encryption mechanism, wherein the encryption of the third block of data by the first encryption mechanism is dependent upon one of an input or an output of the second encryption mechanism, and wherein;
the first encryption mechanism implements a Cipher Block Chaining (CBC) encryption methodology and the second encryption mechanism implements a Plaintext Block Chaining (PBC) encryption methodology,the first encryption mechanism utilizes a cipher generated for a previous block of data in the sequence of data to generate a first key for the CBC encryption methodology,the second encryption mechanism utilizes plaintext data for a previous block of data in the sequence of data to generate a second key for the PBC encryption methodology,the first encryption mechanism utilizes the cipher generated for the previous block of data to generate the first key by logically combining the cipher with a first encryption key,the second encryption mechanism utilizes the plaintext data for the previous block of data to generate the second key by logically combining the plaintext data with a second encryption key, andthe second encryption key is one of the same as or different from the first encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
An encryption apparatus and method for providing an encrypted file system are provided. The encryption apparatus and method of the illustrative embodiments uses a combination of encryption methodologies so as to reduce the amount of decryption and re-encryption that is necessary to a file in the Encrypted File System in the event that the file needs to be modified. The encryption methodologies are interleaved, or alternated, with regard to each block of plaintext. In one illustrative embodiment, Plaintext Block Chaining (PBC) and Cipher Block Chaining (CBC) encryption methodologies are alternated for encrypting a sequence of blocks of data. The encryption of a block of plaintext is dependent upon the plaintext or a cipher generated for the plaintext of a previous block of data in the sequence of blocks of data so that the encryption is more secure than known Electronic Code Book encryption methodologies.
-
Citations
7 Claims
-
1. A method, in a data processing system, for encrypting a sequence of data, comprising:
-
receiving the sequence of data; processing blocks of data in the sequence of data using at least two encryption mechanisms to generate an encrypted sequence of data; and outputting the encrypted sequence of data, wherein processing blocks of data in the sequence of data using the at least two encryption mechanisms comprises alternating between the at least two encryption mechanisms at each block of data in the sequence of data, wherein the at least two encryption mechanisms comprise a first encryption mechanism implementing a first encryption algorithm of a first encryption type and a second encryption mechanism implementing a second encryption algorithm of a second encryption type, and wherein the first encryption type and the second encryption type are different from each other, wherein alternating between the at least two encryption mechanisms at each block of data in the sequence of data comprises; encrypting a first block of data, in the sequence of data, using the first encryption mechanism; encrypting a second block of data, in the sequence of data, using the second encryption mechanism, wherein the encryption of the second block of data by the second encryption algorithm is dependent upon one of an input or an output of the first encryption mechanism; and encrypting a third block of data, in the sequence of data, using the first encryption mechanism, wherein the encryption of the third block of data by the first encryption mechanism is dependent upon one of an input or an output of the second encryption mechanism, and wherein; the first encryption mechanism implements a Cipher Block Chaining (CBC) encryption methodology and the second encryption mechanism implements a Plaintext Block Chaining (PBC) encryption methodology, the first encryption mechanism utilizes a cipher generated for a previous block of data in the sequence of data to generate a first key for the CBC encryption methodology, the second encryption mechanism utilizes plaintext data for a previous block of data in the sequence of data to generate a second key for the PBC encryption methodology, the first encryption mechanism utilizes the cipher generated for the previous block of data to generate the first key by logically combining the cipher with a first encryption key, the second encryption mechanism utilizes the plaintext data for the previous block of data to generate the second key by logically combining the plaintext data with a second encryption key, and the second encryption key is one of the same as or different from the first encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification