Encryption data integrity check with dual parallel encryption engines

US 8,171,282 B2
Filed: 11/15/2007
Issued: 05/01/2012
Est. Priority Date: 11/15/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing integrity checks during data encryption, the method comprising:

encrypting a clear text by a first encryption engine using a first instance of an encryption key provided by a key manager to produce a first cipher text;

encrypting said clear text by a second encryption engine using a second, different instance of said encryption key to produce a second cipher text, wherein the second, different intance is provided by the key manager independent of the first instance of the encryption key;

determining whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid by comparing said first cipher text with said second cipher text; and

in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption method encrypts a clear text twice using a first encryption engine to produce a first cipher text and a second encryption engine to produce a second cipher text. The method compares the first cipher text with the second cipher text, or compares a checksum of the first cipher text with a checksum of the second cipher text. If the comparison succeeds, the method transmits the data. In some embodiments, the method uses a first instance of an encryption key to produce the first cipher text and a second instance of the encryption key to produce the second cipher text.

7 Citations

View as Search Results

16 Claims

1. A method of providing integrity checks during data encryption, the method comprising:
- encrypting a clear text by a first encryption engine using a first instance of an encryption key provided by a key manager to produce a first cipher text;
  
  encrypting said clear text by a second encryption engine using a second, different instance of said encryption key to produce a second cipher text, wherein the second, different intance is provided by the key manager independent of the first instance of the encryption key;
  
  determining whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid by comparing said first cipher text with said second cipher text; and
  
  in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text.
- View Dependent Claims (2, 5)
- - 2. The method as claimed in claim 1, further comprising:
    - transmitting said one of said first cipher text and said second cipher text to which the cipher text checksum is appended; and
      
      storing one of said first cipher texts and said second cipher text if said cipher text matches said second cipher text.
  - 5. The method as claimed in claim 1, wherein said comparing comprises:
    - generating a first checksum of said first cipher text;
      
      generating a second checksum of said second cipher text; and
      
      comparing said first and second checksums.

3. The method as claimed in 2, further comprising:
- generating a first checksum on said clear text prior to said encrypting steps, wherein said first checksum is generated using a hash function;
  
  reading said stored cipher text;
  
  decrypting the cipher text that is read; and
  
  checking said first checksum after said decrypting step.
- View Dependent Claims (4)
- - 4. The method as claimed in claim 3, further comprising:
    - generating the cipher text checksum as a second checksum for said one of said first cipher text and said second cipher text prior to said transmitting step; and
      
      checking said second checksum to ensure data integrity of the cipher text prior storing the cipher text.

6. A method of encrypting data, the method comprising:
- encrypting a clear text by a first encryption engine using a first instance of an encryption key to produce a first cipher text;
  
  encrypting said clear text by a second encryption engine using a second instance of said encryption key to produce a second cipher text, wherein the second instance is provided independent of the first instance of the encryption key;
  
  determining (a) whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid and (b) whether the encryption engines did not produce any errors during encryption of the clear text by comparing said first cipher text with said second cipher text; and
  
  storing one of said cipher texts if said first cipher text matches said second cipher text, which indicates that the encryption keys are identical and valid and that the encryption engines did not produce any errors during encryption.
- View Dependent Claims (7, 11)
- - 7. The method as claimed in claim 6, further comprising:
    - reading said stored cipher text; and
      
      decrypting said read cipher text.
  - 11. The method as claimed in claim 6, wherein said comparing comprises:
    - generating a first checksum of said first cipher text;
      
      generating a second checksum of said second cipher text; and
      
      comparing said checksum of said first cipher text with said checksum of said second cipher text to ensure encryption integrity, wherein encryption integrity is verified when the first checksum matches the second checksum.

8. The method as claimed in 7, further comprising:
- generating a first checksum on said clear text prior to said encrypting steps; and
  
  checking said first checksum after said decrypting step to ensure data integrity.
- View Dependent Claims (9, 10)
- - 9. The method as claimed in claim 8, further comprising:
    - transmitting said one of said cipher texts prior to said storing step.
  - 10. The method as claimed in claim 9, further comprising:
    - generating a second checksum on said one of said cipher texts prior to said transmitting step; and
      
      checking said second checksum prior to said storing step to ensure data integrity.

12. An encryption method, which comprises:
- encrypting a clear text by a first encryption engine using a first instance of an encryption key to produce a first cipher text;
  
  encrypting said clear text by a second encryption engine using a second instance of said encryption key to produce a second cipher text, wherein the second, different instance is provided by a key manager independent of the first instance of the encryption key;
  
  determining (a) whether the first instance of the encryption key and the second, different instance of the encryption key are identical and valid and (b) whether the encryption engines did not produce any errors during encryption of the clear text by comparing said first cipher text with said second cipher text;
  
  in response to the first cipher text and the second cipher text matching, indicating that the encryption keys are identical and valid and that no errors have occurred during encryption of said clear text, generating a cipher text checksum and appending the cipher text checksum to one of the first cipher text and the second cipher text;
  
  and transmitting one of said cipher texts if said first cipher text and said second cipher text match.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method as claimed in claim 12, wherein said comparing comprises:
    - generating a checksum of said first cipher text;
      
      generating a checksum of said second cipher text;
      
      and comparing said checksum of said first cipher text with said checksum of said second cipher text.
  - 14. The method as claimed in claim 13, wherein said transmitting comprises:
    - transmitting one of said cipher texts if said checksum of said first cipher text and said checksum of said second cipher text match.
  - 15. The method as claimed in claim 12, wherein said comparing comprises:
    - generating a checksum of said first cipher text;
      
      generating a checksum of said second cipher text; and
      
      comparing said checksum of said first cipher text with said checksum of said second cipher text.
  - 16. The method as claimed in claim 15, wherein said transmitting comprises:
    - transmitting one of said cipher texts if said checksum of said first cipher text and said checksum of said second cipher text match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Amann, Stefan, Banzhaf, Gerhard, Boyd, Kenneth W., Casper, Daniel F., Flanagan, John R., Palm, Jeffrey W., Yudenfriend, Harry M.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
FIELDS, COURTNEY D

Application Number

US11/940,496
Publication Number

US 20090132802A1
Time in Patent Office

1,629 Days
Field of Search

713/150, 713/193, 714/49, 380/44, 380/37
US Class Current

713/150
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 9/004   for fault attacks

H04L 9/0643   Hash functions, e.g. MD5, S...

Encryption data integrity check with dual parallel encryption engines

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption data integrity check with dual parallel encryption engines

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links