Generating and securing multiple archive keys
First Claim
1. A computer-implemented method comprising:
- receiving a passphrase;
generating a cipher key that is a value having a specified form;
enciphering the passphrase using the cipher key to generate an enciphered passphrase to be used as a new cipher key;
enciphering the new cipher key using a previous cipher key used to generate the new cipher key in an iterative process until a number of generated new cipher keys is equal to a number of a plurality of archive keys, wherein each new cipher key is generated in view of a unique previous cipher key;
enciphering each of the plurality of archive keys using a respective cipher key from the generated new cipher keys;
enciphering, by a computer system processing device, each of a plurality of data portions using a respective archive key of the plurality of archive keys; and
storing each of the enciphered plurality of data portions with the respective cipher key and a respective enciphered archive key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for generating multiple keys for a set of archives or portions of a set of archives. The process includes receiving a passphrase from a user and an indicator of a set of archives to be modified or created. An archive key generation process can be based on a random value generation, an algorithm for generating keys with specific characteristics, an indexing scheme, a progressive enciphering scheme or a shared secret scheme. The generated keys are enciphered using an enciphering algorithm in combination with the passphrase. The archive keys are stored with the archives in their enciphered form. Other intermediate key information is also stored with the archive to enable deciphering of the set of archives using the passphrase as needed.
-
Citations
12 Claims
-
1. A computer-implemented method comprising:
-
receiving a passphrase; generating a cipher key that is a value having a specified form; enciphering the passphrase using the cipher key to generate an enciphered passphrase to be used as a new cipher key; enciphering the new cipher key using a previous cipher key used to generate the new cipher key in an iterative process until a number of generated new cipher keys is equal to a number of a plurality of archive keys, wherein each new cipher key is generated in view of a unique previous cipher key; enciphering each of the plurality of archive keys using a respective cipher key from the generated new cipher keys; enciphering, by a computer system processing device, each of a plurality of data portions using a respective archive key of the plurality of archive keys; and storing each of the enciphered plurality of data portions with the respective cipher key and a respective enciphered archive key. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method comprising:
-
receiving a passphrase; generating a plurality of secret shares; enciphering the passphrase to generate an enciphered passphrase; enciphering an archive key using the enciphered passphrase; generating a plurality of secrets by combining the archive key and at least one of the plurality of secret shares, wherein the combination of the archive key and at least one of the plurality of secret shares is based on a binary indexing scheme; and enciphering, by a computer system processing device, a respective portion of data using a respective one of the plurality of secrets. - View Dependent Claims (6)
-
-
7. A non-transitory computer readable storage medium, having a set of instructions stored therein, which when executed cause a processing device to perform a set of operations comprising:
-
receiving a passphrase; generating a cipher key that is a value having a specified form; enciphering the passphrase using the cipher key to generate an enciphered passphrase to be used as a new cipher key; enciphering the new cipher key using a previous cipher key used to generate the new cipher key in an iterative process until a number of generated new cipher keys is equal to a number of a plurality of archive keys, wherein each new cipher key is generated in view of a unique previous cipher key; enciphering each of the plurality of archive keys using a respective cipher key from the generated new cipher keys; enciphering, by a computer system processing device, each of a plurality of data portions using a respective archive key of the plurality of archive keys; and storing each of the enciphered plurality of data portions with the respective cipher key and a respective enciphered archive key. - View Dependent Claims (8, 9)
-
-
10. A non-transitory computer readable storage medium, having a set of instructions stored therein, which when executed cause a processing device to perform a set of operations comprising:
-
receiving a passphrase; generating a plurality of secret shares; enciphering the passphrase to generate an enciphered passphrase; enciphering an archive key using the enciphered passphrase; generating a plurality of secrets by combining the archive key and at least one of the plurality of secret shares, wherein the combination of the archive key and at least one of the plurality of secret shares is based on a binary indexing scheme; and enciphering, by a computer system processing device, a respective portion of data using a respective one of the plurality of secrets. - View Dependent Claims (11)
-
-
12. A system comprising:
-
a memory comprising instructions; and a processing device coupled to the memory, the processing device to execute the instructions to perform operations comprising; receiving a passphrase; generating a cipher key that is a value having a specified form; enciphering the passphrase using the cipher key to generate an enciphered passphrase to be used as a new cipher key; enciphering the new cipher key using a previous cipher key in an iterative process until a number of generated new cipher keys is equal to a number of a plurality of archive keys;
wherein each new cipher key is generated in view of a unique previous cipher key;enciphering each of the plurality of archive keys using a respective cipher key from the generated cipher keys; enciphering, by the processing device, each of a plurality of data portions using a respective archive key of the plurality of archive keys; and storing each of the enciphered plurality of data portions with the respective cipher key and a respective enciphered archive key.
-
Specification