Secure distributed storage system and method
First Claim
1. A method of encrypting information, comprising:
- defining a plaintext message to be encrypted;
defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm;
constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length;
encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion, with the keystream into a ciphertext using at least one automated processor; and
storing the defined subset at a location, communicated through a communication network, remote from the encrypted residual portion of the plaintext, such that for at least one time period, the defined subset and the encrypted residual portion of the plaintext are stored remotely from each other with respect to the communication network.
2 Assignments
0 Petitions
Accused Products
Abstract
Moving from server-attached storage to distributed storage brings new vulnerabilities in creating a secure data storage and access facility. The Data Division and Out-of-order keystream Generation technique provides a cryptographic method to protect data in the distributed storage environments. In the technique, the Treating the data as a binary bit stream, our self-encryption (SE) scheme generates a keystream by randomly extracting bits from the stream. The length of the keystream depends on the user'"'"'s security requirements. The bit stream is encrypted and the ciphertext is stored on the mobile device, whereas the keystream is stored separately. This makes it computationally not feasible to recover the original data stream from the ciphertext alone.
-
Citations
20 Claims
-
1. A method of encrypting information, comprising:
-
defining a plaintext message to be encrypted; defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm; constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length; encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion, with the keystream into a ciphertext using at least one automated processor; and storing the defined subset at a location, communicated through a communication network, remote from the encrypted residual portion of the plaintext, such that for at least one time period, the defined subset and the encrypted residual portion of the plaintext are stored remotely from each other with respect to the communication network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus for encrypting information, comprising:
-
a memory configured to store a plaintext message to be encrypted and an encrypted ciphertext resulting from encryption of the plaintext message; a processor, configured to separate a set, defined by a pseudorandom algorithm, comprising a plurality of digital information elements, from a remainder of the plaintext message, to construct a keystream for the remainder of the plaintext message with an initialization vector formed from at least the separated set comprising the plurality of digital information elements, and to encrypt the remainder of the plaintext remaining after separation of the set comprising the plurality of digital information elements, using the keystream, into the encrypted ciphertext; an interface between the processor and the memory; and a communication port configured to communicate the keystream remotely from the memory through a communication network, the keystream being further adapted for decryption of the encrypted ciphertext. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer readable medium, storing therein non-transitory instructions for controlling a processor to encrypt information, according to the steps of:
-
receiving a plaintext message to be encrypted; defining a subset of the plaintext message comprising a plurality of digital information elements of the plaintext message having a pseudorandom order defined by an algorithm; constructing a keystream using at least one automated processor with an initialization vector formed from the defined subset, wherein the initialization vector is not constrained to a predetermined length; encrypting a residual portion of the plaintext remaining after separation of the defined subset from the residual portion using the keystream into a ciphertext using at least one automated processor; and communicating the defined subset, through a communication network, to a storage location remote from the encrypted residual portion of the plaintext, such that the defined subset and the encrypted residual portion of the plaintext are storable remotely from each other with respect to the communication network.
-
-
15. A method of decrypting information, comprising:
-
defining a message to be decrypted, comprising an encrypted subset of a plaintext message; receiving, from a remote location through a communication network, information defining a set comprising a plurality of digital information elements, removed from the plaintext message in accordance with a pseudorandom algorithm; constructing a keystream with an initialization vector formed from at least the removed set comprising the plurality of digital information elements; decrypting, using at least one automated processor, the message to be decrypted using the keystream, into the corresponding subset of the plaintext message; and merging, using at least one automated processor, the removed set comprising the plurality of digital information elements and the corresponding subset of the plaintext message, to produce the plaintext message. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification