Encryption data integrity check with dual parallel encryption engines
First Claim
Patent Images
1. A method of providing integrity checks during data encryption, the method comprising:
- encrypting a clear text by a first encryption engine using a first instance of an encryption key provided by a key manager to produce a first cipher text;
encrypting said clear text by a second encryption engine using a second, different instance of said encryption key to produce a second cipher text, wherein the second, different intance is provided by the key manager independent of the first instance of the encryption key;
determining whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid by comparing said first cipher text with said second cipher text; and
in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text.
1 Assignment
0 Petitions
Accused Products
Abstract
An encryption method encrypts a clear text twice using a first encryption engine to produce a first cipher text and a second encryption engine to produce a second cipher text. The method compares the first cipher text with the second cipher text, or compares a checksum of the first cipher text with a checksum of the second cipher text. If the comparison succeeds, the method transmits the data. In some embodiments, the method uses a first instance of an encryption key to produce the first cipher text and a second instance of the encryption key to produce the second cipher text.
7 Citations
16 Claims
-
1. A method of providing integrity checks during data encryption, the method comprising:
-
encrypting a clear text by a first encryption engine using a first instance of an encryption key provided by a key manager to produce a first cipher text; encrypting said clear text by a second encryption engine using a second, different instance of said encryption key to produce a second cipher text, wherein the second, different intance is provided by the key manager independent of the first instance of the encryption key; determining whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid by comparing said first cipher text with said second cipher text; and in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text. - View Dependent Claims (2, 5)
-
-
3. The method as claimed in 2, further comprising:
-
generating a first checksum on said clear text prior to said encrypting steps, wherein said first checksum is generated using a hash function; reading said stored cipher text; decrypting the cipher text that is read; and checking said first checksum after said decrypting step. - View Dependent Claims (4)
-
-
6. A method of encrypting data, the method comprising:
-
encrypting a clear text by a first encryption engine using a first instance of an encryption key to produce a first cipher text; encrypting said clear text by a second encryption engine using a second instance of said encryption key to produce a second cipher text, wherein the second instance is provided independent of the first instance of the encryption key; determining (a) whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid and (b) whether the encryption engines did not produce any errors during encryption of the clear text by comparing said first cipher text with said second cipher text; and storing one of said cipher texts if said first cipher text matches said second cipher text, which indicates that the encryption keys are identical and valid and that the encryption engines did not produce any errors during encryption. - View Dependent Claims (7, 11)
-
-
8. The method as claimed in 7, further comprising:
-
generating a first checksum on said clear text prior to said encrypting steps; and checking said first checksum after said decrypting step to ensure data integrity. - View Dependent Claims (9, 10)
-
-
12. An encryption method, which comprises:
-
encrypting a clear text by a first encryption engine using a first instance of an encryption key to produce a first cipher text; encrypting said clear text by a second encryption engine using a second instance of said encryption key to produce a second cipher text, wherein the second, different instance is provided by a key manager independent of the first instance of the encryption key; determining (a) whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid and (b) whether the encryption engines did not produce any errors during encryption of the clear text by comparing said first cipher text with said second cipher text; in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text; and transmitting one of said cipher texts if said first cipher text and said second cipher text match. - View Dependent Claims (13, 14, 15, 16)
-
Specification