Method and apparatus for protecting digital data by double re-encryption
First Claim
1. A method, comprising:
- a computing system receiving data; and
the computing system encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and an apparatus ensuring protection of digital data are provided.
In addition to re-encrypting the data using an unchangeable key, the data is double re-encrypted using a changeable key. The changeable key is used first and the unchangeable key is then used, or in another case, the unchangeable key is used first, and the changeable key is then used. In the aspect of embodiments, there is a case adopting a software, a case adopting a hardware, or a case adopting the software and the hardware in combination. The hardware using the unchangeable key developed for digital video is available. In adopting the software, encryption/decryption is performed in a region below the kernel which cannot be handled by the user to ensure the security for the program and for the key used. More concretely, encryption/decryption is performed with RTOS using a HAL and a device driver, i.e., a filter driver, a disk driver and a network driver, in an I/O manager. Either one of two filter drivers, with a file system driver between them, may be used. Further, both filter drivers may be used.
-
Citations
30 Claims
-
1. A method, comprising:
-
a computing system receiving data; and the computing system encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system. - View Dependent Claims (2, 3, 4, 5, 6, 20)
-
-
7. An apparatus, comprising:
-
first means for performing a first encryption operation using a first key, wherein the first encryption operation is performed by a filter driver of an operating system of the apparatus; and second means for performing a second encryption operation using a second key; wherein said first and second means are configured to collectively operate on a set of unencrypted data to produce a double encrypted version of the set of unencrypted data. - View Dependent Claims (8, 9, 10)
-
-
11. An article of manufacture comprising a computer readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computing system, cause the computing system to perform operations including:
-
receiving data; and encrypting the received data using a first key and a second key to produce double encrypted data, wherein a first portion of said encrypting uses the first key and is performed by a filter driver of an operating system executing on the computing system, and wherein a second portion of said encrypting uses the second key and is performed by a hardware unit of the computing system. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system, comprising:
-
a processor; a hardware encryption unit; a memory storing program instructions that are executable to cause the system to; receive data; encrypt said received data by performing a first encryption operation using a first key and by performing a second encryption operation using a second key to produce double encrypted data, and wherein the first encryption operation is performed by a filter driver of an operating system executing on the system, and wherein key the second encryption operation is performed by the hardware encryption unit. - View Dependent Claims (18, 19, 21, 22)
-
-
23. A computer-readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computer system, cause the computer system to perform operations comprising:
-
receiving data; performing a first encryption operation on the received data using a first key, wherein the first encryption operation is performed by a filter driver of an operating system of the computer system; wherein the computer system is configured to perform a second encryption operation using a second key; and wherein the first encryption operation and the second encryption operation are performed by the computer system collectively produce a double encrypted version of the received data. - View Dependent Claims (24)
-
-
25. A computer-readable non-transitory storage medium having program instructions stored thereon that, in response to execution by a computer system, cause the computer system to perform operations comprising:
- receiving data;
performing a first encryption operation on the received data using a first key to produce an encrypted version of the received data, wherein the first encryption operation is performed by a hardware abstract layer (HAL) of an operating system of the computer system;
sending the encrypted version of the received data via the HAL to a hardware encryption unit that is configured to perform a second encryption operation using a second key to produce a double encrypted version of the received data; and
receiving the double encrypted version of the received data from the hardware encryption unit via the HAL. - View Dependent Claims (26)
- receiving data;
-
27. A method, comprising:
-
a computing system receiving data; the computing system encrypting the received data using a first key produce encrypted data, wherein the encrypting the received data is performed by a hardware abstract layer (HAL) of an operating system of the computing system; the computing system encrypting the encrypted data using a second key to produce double encrypted data, wherein the encrypting the encrypted data is performed by a hardware unit that receives the encrypted data via the HAL and sends the double encrypted data to the computing system via the HAL. - View Dependent Claims (28)
-
-
29. A system, comprising:
-
a system processor; a hardware encryption unit; a memory storing program instructions that are executable to cause the system to; receive data; performing a first encryption operation using a first key to produce an encrypted version of the received data, wherein the first encryption operation is performed by a hardware abstract layer (HAL) of an operating system executing on the system processor; sending the encrypted version of the received data via the HAL to the hardware encryption unit; performing a second encryption operation using a second key to produce double encrypted data, wherein the second encryption operation is performed by the hardware encryption unit using the encrypted version of the received data sent via the HAL; and sending the double encrypted data from the hardware encryption unit to the system processor via the HAL. - View Dependent Claims (30)
-
Specification