Secure distributed storage system and method

US 8,862,900 B2
Filed: 01/06/2011
Issued: 10/14/2014
Est. Priority Date: 01/08/2010
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting information, comprising:

defining a plaintext message to be encrypted;

defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm;

constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length;

encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion, with the keystream into a ciphertext using at least one automated processor; and

storing the defined subset at a location, communicated through a communication network, remote from the encrypted residual portion of the plaintext, such that for at least one time period, the defined subset and the encrypted residual portion of the plaintext are stored remotely from each other with respect to the communication network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Moving from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. The Data Division and Out-of-order keystream Generation technique provides a cryptographic method to protect data in the distributed storage environments. In the technique, the Treating the data as a binary bit stream, our self-encryption (SE) scheme generates a keystream by randomly extracting bits from the stream. The length of the keystream depends on the user'"'"'s security requirements. The bit stream is encrypted and the ciphertext is stored on the mobile device, whereas the keystream is stored separately. This makes it computationally not feasible to recover the original data stream from the ciphertext alone.

Citations

20 Claims

1. A method of encrypting information, comprising:
- defining a plaintext message to be encrypted;
  
  defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm;
  
  constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length;
  
  encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion, with the keystream into a ciphertext using at least one automated processor; and
  
  storing the defined subset at a location, communicated through a communication network, remote from the encrypted residual portion of the plaintext, such that for at least one time period, the defined subset and the encrypted residual portion of the plaintext are stored remotely from each other with respect to the communication network.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according claim 1, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 3. The method according to claim 2, wherein the ciphertext is divided into multiple blocks, which are stored in a memory.
  - 4. The method according to claim 2, wherein at least part of the information defining the keystream is communicated remotely through an automated communication system, and the information defining the keystream is communicated locally for decryption only after authentication of a user requesting decryption.
  - 5. The method according to claim 1, wherein the keystream is generated by extracting removing a sequence comprising a plurality of bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 6. The method according to claim 1, wherein the keystream is stored separately from the ciphertext.

7. An apparatus for encrypting information, comprising:
- a memory configured to store a plaintext message to be encrypted and an encrypted ciphertext resulting from encryption of the plaintext message;
  
  a processor, configured to separate a set, defined by a pseudorandom algorithm, comprising a plurality of digital information elements, from a remainder of the plaintext message, to construct a keystream for the remainder of the plaintext message with an initialization vector formed from at least the separated set comprising the plurality of digital information elements, and to encrypt the remainder of the plaintext remaining after separation of the set comprising the plurality of digital information elements, using the keystream, into the encrypted ciphertext;
  
  an interface between the processor and the memory; and
  
  a communication port configured to communicate the keystream remotely from the memory through a communication network, the keystream being further adapted for decryption of the encrypted ciphertext.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus according claim 7, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 9. The apparatus according to claim 8, wherein the ciphertext is divided into multiple blocks, which are stored.
  - 10. The apparatus according to claim 8, further comprising a communication port, configured to transmit at least part of the information defining the keystream remotely, and receive the information defining the keystream from a remote memory only after authentication of a user requesting decryption.
  - 11. The apparatus according to claim 8, wherein the plaintext is provided in a communication device configured to communicate through a communication network, the ciphertext is stored in the communication device, and the extracted set of digital information is stored remotely from the communication device.
  - 12. The apparatus according to claim 7, wherein the processor is further configured to generate the keystream by extracting a sequence comprising a plurality of bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 13. The apparatus according to claim 7, wherein the keystream is stored separately from the ciphertext.

14. A computer readable medium, storing therein non-transitory instructions for controlling a processor to encrypt information, according to the steps of:
- receiving a plaintext message to be encrypted;
  
  defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm;
  
  constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length;
  
  encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion using the keystream into a ciphertext using at least one automated processor; and
  
  communicating the defined subset, through a communication network, to a storage location remote from the encrypted residual portion of the plaintext, such that the defined subset and the encrypted residual portion of the plaintext are storable remotely from each other with respect to the communication network.

15. A method of decrypting information, comprising:
- defining a message to be decrypted, comprising an encrypted subset of a plaintext message;
  
  receiving, from a remote location through a communication network, information defining a set comprising a plurality of digital information elements, removed from the plaintext message in accordance with a pseudorandom algorithm;
  
  constructing a keystream with an initialization vector formed from at least the removed set comprising the plurality of digital information elements;
  
  decrypting, using at least one automated processor, the message to be decrypted using the keystream, into the corresponding subset of the plaintext message; and
  
  merging, using at least one automated processor, the removed set comprising the plurality of digital information elements and the corresponding subset of the plaintext message, to produce the plaintext message.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method according claim 15, wherein the initialization vector is further formed based on an encryption password and a nonce.
  - 17. The method according to claim 16, wherein at least part of the information defining the keystream is received from a remote storage medium, dependent on authentication of a user requesting decryption.
  - 18. The method according to claim 16, wherein the ciphertext is provided in a mobile communication device, and the removed set of digital information is stored remotely from the mobile communication device.
  - 19. The method according to claim 15, wherein the keystream is generated by removing a sequence comprising a plurality of bits from data blocks of the plaintext message in a pseudorandom out-of-order manner.
  - 20. The method according to claim 15, wherein the keystream is stored separately from the ciphertext.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Research Foundation for The State University of New York (State University of New York)
Original Assignee
The Research Foundation for The State University of New York (State University of New York)
Inventors
Chen, Yu
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US12/985,488
Publication Number

US 20110197056A1
Time in Patent Office

1,377 Days
Field of Search

713/190
US Class Current

713/190
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 9/0668   producing a non-linear pseu...

H04L 9/3228   One-time or temporary data,...

Secure distributed storage system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure distributed storage system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links