Accelerated cryptography with an encryption attribute

US 8,880,879 B2
Filed: 09/04/2008
Issued: 11/04/2014
Est. Priority Date: 09/04/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

encrypting, at a computing device, one or more segments of first data with a first key, the first data being associated with at least one encryption attribute and having a plurality of segments, wherein the encryption attribute includes information to identify the one or more segments of the first data to encrypt, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;

encrypting the encryption attribute with a second key to create an encrypted encryption attribute; and

storing at least a part of second data including partly encrypted data and the encrypted encryption attribute.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute.

Citations

36 Claims

1. A method comprising:
- encrypting, at a computing device, one or more segments of first data with a first key, the first data being associated with at least one encryption attribute and having a plurality of segments, wherein the encryption attribute includes information to identify the one or more segments of the first data to encrypt, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;
  
  encrypting the encryption attribute with a second key to create an encrypted encryption attribute; and
  
  storing at least a part of second data including partly encrypted data and the encrypted encryption attribute.
- View Dependent Claims (2, 3, 5, 6, 7)
- - 2. The method of claim 1, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user, wherein the encryption attribute is associated with a file to identify the two or more segments of the file that are to be subsequently encrypted during the encryption process, wherein the encryption attribute is set to a setting based on a category or a file type to protect unauthorized usages such that the two or more segments include one or more of headers of the file, segments of important parts of the file, and alternate N segments of the file.
  - 3. The method of claim 1, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 5. The method of claim 1, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 6. The method of claim 1, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 7. The method of claim 1, wherein the encryption attribute is encrypted with a file encryption key (FEK).

4. A method for decrypting comprising:
- accessing, at a computing device, first data including partly encrypted data and an encrypted version of an encryption attribute, wherein the partly encrypted data comprises a plurality of segments;
  
  decrypting the encrypted encryption attribute with a first key to retrieve an encryption attribute, wherein the encryption attribute includes information to identify one or more segments of the plurality of segments of partly encrypted data that are encrypted, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;
  
  decrypting the one or more segments of the data with a second key; and
  
  decrypting an encrypted version of the second key with a third key, wherein the first data further includes the encrypted version of the second key, and wherein the first key and the second key are identical symmetric encryption keys, and the third key includes a private key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method defined in claim 4, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user.
  - 9. The method defined in claim 4, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 10. The method of claim 4, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 11. The method of claim 4, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 12. The method of claim 4, wherein the encryption attribute is encrypted with a file encryption key (FEK).

13. A system comprising:
- a controller to receive a request to encrypt first data associated with at least one encryption attribute;
  
  a first encryption engine to encrypt one or more segments of the first data with a first key, the first data being associated with the at least one encryption attribute and having a plurality of segments, wherein the encryption attribute includes information to identify the one or more segments of the first data to encrypt, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;
  
  a second encryption engine to encrypt the encryption attribute with a second key to create an encrypted encryption attribute; and
  
  a storage to store at least a part of second data including partly encrypted data and the encrypted encryption attribute.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user, wherein the encryption attribute is associated with a file to identify the two or more segments of the file that are to be subsequently encrypted during the encryption process, wherein the encryption attribute is set to a setting based on a category or a file type to protect unauthorized usages such that the two or more segments include one or more of headers of the file, segments of important parts of the file, and alternate N segments of the file.
  - 15. The system of claim 13, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 16. The system of claim 13, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 17. The system of claim 13, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 18. The system of claim 13, wherein the encryption attribute is encrypted with a file encryption key (FEK).

19. A system comprising:
- a controller to access first data including partly encrypted data and an encrypted version of an encryption attribute, wherein the partly encrypted data comprises a plurality of segments;
  
  a first decryption engine to decrypt the encrypted encryption attribute with a first key to retrieve an encryption attribute, wherein the encryption attribute includes information to identify one or more segments of the plurality of segments of partly encrypted data that are encrypted, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;
  
  a second decryption engine to decrypt the one or more segments of the data with a second key; and
  
  a third decryption engine to decrypt an encrypted version of the second key with a third key, wherein the first data further includes the encrypted version of the second key, and wherein the first key and the second key are identical symmetric encryption keys, and the third key includes a private key.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user.
  - 21. The system of claim 19, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 22. The system of claim 19, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 23. The system of claim 19, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 24. The system of claim 19, wherein the encryption attribute is encrypted with a file encryption key (FEK).

25. At least one non-transitory machine-readable medium having stored thereon instructions which, when executed by a processing device, cause the processing device to perform one or more operations comprising:
- encrypting one or more segments of first data with a first key, the first data being associated with at least one encryption attribute and having a plurality of segments, wherein the encryption attribute includes information to identify the one or more segments of the first data to encrypt, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments;
  
  encrypting the encryption attribute with a second key to create an encrypted encryption attribute; and
  
  storing at least a part of second data including partly encrypted data and the encrypted encryption attribute.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The non-transitory machine-readable medium of claim 25, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user, wherein the encryption attribute is associated with a file to identify the two or more segments of the file that are to be subsequently encrypted during the encryption process, wherein the encryption attribute is set to a setting based on a category or a file type to protect unauthorized usages such that the two or more segments include one or more of headers of the file, segments of important parts of the file, and alternate N segments of the file.
  - 27. The non-transitory machine-readable medium of claim 25, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 28. The non-transitory machine-readable medium of claim 25, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 29. The non-transitory machine-readable medium of claim 25, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 30. The non-transitory machine-readable medium of claim 25, wherein the encryption attribute is encrypted with a file encryption key (FEK).

31. At least one non-transitory machine-readable medium having stored thereon instructions which, when executed by a processing device, cause the processing device to perform one or more operations comprising:
- accessing first data including partly encrypted data and an encrypted version of an encryption attribute, wherein the partly encrypted data comprises a plurality of segments;
  
  decrypting the encrypted encryption attribute with a first key to retrieve an encryption attribute, wherein the encryption attribute includes information to identify one or more segments of the plurality of segments of partly encrypted data that are encrypted, wherein the information contained in the encryption attribute further includes one or more of a set of numbers corresponding to the one or more segments, one or more rules relating to the one or more segments, an identifier corresponding to the one or more rules, and a pointer to a location storing the one or more rules, further comprising lowering overall time for performing encryption by limiting the encryption to the one or more segments of the plurality of segments; and
  
  decrypting the one or more segments of the data with a second key; and
  
  decrypting an encrypted version of the second key with a third key, wherein the first data further includes the encrypted version of the second key, and wherein the first key and the second key are identical symmetric encryption keys, and the third key includes a private key.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The non-transitory machine-readable medium of claim 31, wherein the encryption attribute is based on a file type of the data or a categorization of the data, and wherein the encryption attribute comprises a user-defined attribute or a default setting that is modifiable by a user.
  - 33. The non-transitory machine-readable medium of claim 31, wherein each segment of the plurality of segments is M-bit in length such that the length is equal to one of block sizes of an M-bit encryption engine, and wherein each segment is processed by the M-bit encryption engine.
  - 34. The non-transitory machine-readable medium of claim 31, wherein the information comprises at least one of a list of numbers corresponding to the number of segments identified for encryption, an identifier corresponding to each of the one or more rules, a pointer to a location for storing the one or more rules or the list of numbers, user information relating to one or more authorized users, and agent information relating to one or more designated recovery agents.
  - 35. The non-transitory machine-readable medium of claim 31, wherein the data includes a plurality of files, and wherein each segment of the plurality of segments of the data comprises a header corresponding to a file, wherein the header interprets a file format associated with the file, wherein the interpretation of the file format includes at least one of video parameters associated with a video encoding algorithm, image parameters associated with an image encoding algorithm, data fields associated with a data structure, and security measures to protect the file.
  - 36. The non-transitory machine-readable medium of claim 31, wherein the encryption attribute is encrypted with a file encryption key (FEK).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Chew, Yen Hsiang
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Ho, Thomas

Application Number

US12/204,658
Publication Number

US 20100054477A1
Time in Patent Office

2,252 Days
Field of Search

380/277, 380/45, 380/281, 380/284, 713/165
US Class Current

713/165
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

H04L 9/0825   using asymmetric-key encryp...

Accelerated cryptography with an encryption attribute

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Accelerated cryptography with an encryption attribute

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links