Cipher method and system for verifying a decryption of an encrypted user data key

US 7,499,552 B2
Filed: 01/11/2006
Issued: 03/03/2009
Est. Priority Date: 01/11/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A cipher system, comprising:

a processor; and

a memory storing instructions operable with the processor for verifying a decryption of an encrypted user data key used to encrypt user data prior to an encryption of the user data key with an encryption key, the instructions being executed for;

intermixing eight bytes of random text with eight bytes of text comprising alphanumeric characters “

DFSMSDSS”

to create an intermixed text;

encrypting the intermixed text with the user data key to create a verification text;

decrypting the encrypted user data key with a decryption key in response to an initiation of a decryption of the encrypted user data with the user data key as decrypted with the decryption key;

decrypting the verification text with the user data key as decrypted with the decryption key;

validating a use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a matched comparison of the verification text as decrypted with the user data key and the intermixed text; and

invalidating the use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a mismatched comparison of the verification text as decrypted with the user data key and the intermixed text.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cipher method for verifying a decryption of an encrypted user data key used to encrypt user data prior to an encryption of the user data key with an encryption key. The cipher method involves a decryption of the encrypted user data key with a decryption key in response to an initiation of a decryption of the encrypted user data with the user data key as decrypted with the description key, a decryption of the verification text with the user data key as decrypted with the decryption key, and a validation/invalidation of a use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a matched/unmatched comparison of the verification text as decrypted with the user data key and an intermixing of a known text and a random text.

Citations

15 Claims

1. A cipher system, comprising:
- a processor; and
  
  a memory storing instructions operable with the processor for verifying a decryption of an encrypted user data key used to encrypt user data prior to an encryption of the user data key with an encryption key, the instructions being executed for;
  
  intermixing eight bytes of random text with eight bytes of text comprising alphanumeric characters “
  
  DFSMSDSS”
  
  to create an intermixed text;
  
  encrypting the intermixed text with the user data key to create a verification text;
  
  decrypting the encrypted user data key with a decryption key in response to an initiation of a decryption of the encrypted user data with the user data key as decrypted with the decryption key;
  
  decrypting the verification text with the user data key as decrypted with the decryption key;
  
  validating a use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a matched comparison of the verification text as decrypted with the user data key and the intermixed text; and
  
  invalidating the use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a mismatched comparison of the verification text as decrypted with the user data key and the intermixed text.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The cipher system of claim 1, wherein the instructions are further executed for:
    - segmenting the intermixed text; and
      
      encrypting the segmented intermixed text with the user data key prior to the encryption of the user data key with the encryption key, wherein the verification text is the segmented intermixed text in segments encrypted with the user data key.
  - 3. The cipher system of claim 1, wherein the verification text includes a first verification segment, a second verification segment, a third verification segment and a fourth verification segment in sequential order;
    - wherein the first verification segment includes an encryption of a first random text segment with the user data key prior to the encryption of the user data key with the encryption key;
      
      wherein the second verification segment includes an encryption of a first known text segment “
      
      DFSM”
      
      with the user data key prior to the encryption of the user data key with the encryption key;
      
      wherein the third verification segment includes an encryption of a second known text segment “
      
      SDSS”
      
      with the user data key prior to the encryption of the user data key with the encryption key; and
      
      wherein the fourth verification segment includes an encryption of a second random text segment with the user data key prior to the encryption of the user data key with the encryption key.
  - 4. The cipher system of claim 3, wherein the instructions are further executed for:
    - encrypting a first grouping of the first known text segment and the first random text segment with the user data key prior to the encryption of the user data key with the encryption key;
      
      encrypting a second grouping of the second known text segment and the second random text segment with the user data key prior to the encryption of the user data key with the encryption key; and
      
      storing the verification text including the encrypted first grouping of the first known text segment and the first random text segment and the encrypted second grouping of the second known text segment and the second random text segment.
  - 5. The cipher system of claim 4, wherein the decrypting of the verification text with the user data key as decrypted with the decryption key includes:
    - decrypting the first grouping of the first known text segment and the first random text segment with the user data key as decrypted with the decryption key; and
      
      decrypting the second grouping of the second known text segment and the second random text segment with the user data key as decrypted with the decryption key.
  - 6. The cipher system of claim 1, wherein the encryption key is a public key;
    - and wherein the decryption key is a private key.

7. A cipher method for verifying a decryption of an encrypted user data key used to encrypt user data prior to an encryption of the user data key with an encryption key, the cipher method comprising:
- intermixing eight bytes of random text with eight bytes of text comprising alphanumeric characters “
  
  DFSMSDSS”
  
  to create an intermixed text;
  
  encrypting the intermixed text with the user data key to create a verification text;
  
  decrypting the encrypted user data key with a decryption key in response to an initiation of a decryption of the encrypted user data with the user data key as decrypted with the description key;
  
  decrypting the verification text with the user data key as decrypted with the decryption key;
  
  validating a use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a matched comparison of the verification text as decrypted with the user data key and the intermixed text; and
  
  invalidating the use of the user data key as decrypted with the decryption key to decrypt the encrypted user data in response to a mismatched comparison of the verification text as decrypted with the user data key and the intermixed text.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The cipher method of claim 7, further comprising:
    - segment the intermixed text; and
      
      encrypting the segmented intermixed text with the user data key prior to the encryption of the user data key with the encryption key, wherein the verification text is the segmented intermixed text in segments encrypted with the user data key.
  - 9. The cipher method of claim 7, wherein the verification text includes a first verification segment, a second verification segment, a third verification segment and a fourth verification segment in sequential order;
    - wherein the first verification segment includes an encryption of a first random text segment with the user data key prior to the encryption of the user data key with the encryption key;
      
      wherein the second verification segment includes an encryption of a first known text segment “
      
      DFSM”
      
      with the user data key prior to the encryption of the user data key with the encryption key;
      
      wherein the third verification segment includes an encryption of a second known text segment “
      
      SDSS”
      
      with the user data key prior to the encryption of the user data key with the encryption key; and
      
      wherein the fourth verification segment includes an encryption of a second random text segment with the user data key prior to the encryption of the user data key with the encryption key.
  - 10. The cipher method of claim 9, further comprising:
    - encrypting a first grouping of the first known text segment and the first random text segment with the user data key prior to the encryption of the user data key with the encryption key;
      
      encrypting a second grouping of the second known text segment and the second random text segment with the user data key prior to the encryption of the user data key with the encryption key; and
      
      storing the verification text including the encrypted first grouping of the first known text segment and the first random text segment and the encrypted second grouping of the second known text segment and the second random text segment.
  - 11. The cipher method of claim 10, wherein the decrypting of the verification text with the user data key as decrypted with the decryption key includes:
    - decrypting the first grouping of the first known text segment and the first random text segment with the user data key as decrypted with the decryption key; and
      
      decrypting the second grouping of the second known text segment and the second random text segment with the user data key as decrypted with the decryption key.
  - 12. The cipher method of claim 7, wherein the encryption key is a public key;
    - and wherein the decryption key is a private key.

13. A method for ensuring correct and secure decryption on an encrypted user data key comprising:
- intermixing eight bytes of random text with eight bytes of text comprising alphanumeric characters “
  
  DFSMSDSS”
  
  to create an intermixed text;
  
  encrypting the intermixed text with the user data key to create a verification text;
  
  initiating a decryption of an encrypted user data using the encrypted user data key;
  
  decrypting the encrypted user data key based on the initiation using a decryption key;
  
  decrypting the verification text with the user data key as decrypted with the decryption key;
  
  comparing the decrypted verification text with the intermixed text;
  
  validating a use of the user key based on the comparison; and
  
  ensuring correct and secure decryption of the encrypted user data with the decrypted user data key based on the validated use.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13 wherein the method further comprises:
    - issuing a DUMP of user data, including encrypting the user data into an encrypted user data using a user data key;
      
      generating the verification text based on the encryption of the user data into the encrypted user data;
      
      encrypting the user data key into the encrypted user data key based on generating the verification text;
      
      storing the verification text with the encrypted user data; and
      
      receiving a RESTORE, wherein the initiation of the decryption is responsive to the RESTORE.
  - 15. The method of claim 14 wherein the DUMP is responsive to a Data Set Services DUMP command, and wherein the RESTORE is responsive to a Data Set Services RESTORE command.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kelly, Michael J., Wilt, Andrew N.
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US11/329,773
Publication Number

US 20070160202A1
Time in Patent Office

1,147 Days
Field of Search

380/281, 380/284
US Class Current

380/281
CPC Class Codes

H04L 9/0825 using asymmetric-key encryp...

H04L 9/32 including means for verifyi...

Cipher method and system for verifying a decryption of an encrypted user data key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Cipher method and system for verifying a decryption of an encrypted user data key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links