Method and apparatus for the virtualization of cryptographic resources
First Claim
1. A method of provisioning a cryptographic memory operation comprising:
- a keying operation, an initialization operation, a store plaintext operation and a store ciphertext operation;
the keying operation, the store plaintext operation and the store ciphertext operation are performed by at least a physical processor coupled to a memory;
the keying operation for generating a random number and keying a symmetric-key algorithm; and
the initialization operation for initializing each byte of a cryptographic memory allocation with consecutive values from a keystream computed using the symmetric key algorithm in a counter based cipher mode; and
the store plaintext operation wherein a logical set of plaintext bytes are encoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
an encoded logical set of plaintext bytes written to initialized bytes of the cryptographic memory allocation replacing the consecutive values from the keystream which was used to encode the logical set of plaintext bytes by writing the encoded logical set of plaintext bytes to the initialized bytes of the cryptographic memory allocation storing the consecutive values; and
the store ciphertext operation wherein the encoded logical set of plaintext bytes are decoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
decoded logical set of plaintext bytes written to the cryptographic memory allocation replacing the consecutive values from the keystream which was used to decode the encoded logical set of plaintext bytes by writing the decoded logical set of plaintext bytes to the same location on the cryptographic memory allocation.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for the virtualization of cryptographic resources which enables memory speed encryption and decryption that is not bound by the speed at which processor resources can compute the result of a symmetric-key algorithm. This is achieved through a time-memory tradeoff via empty space at provisioning time. When implementing the apparatus, un-initialized memory is filled with the output of a symmetric-key algorithm uniquely keyed for the specific set of data that is going to be written to the provisioned area. Since the provisioning operation stores cryptographically structured data, rather than redundant data, plaintext that is xor'"'"'ed into memory is automatically encrypted and ciphertext that xor'"'"'ed into memory is automatically decrypted without the need for additional cryptographic computation. This reduced computation requirement enables cryptographic function to be implemented at the ends of communication, rather than the middle, and treated as a virtualized resource.
-
Citations
7 Claims
-
1. A method of provisioning a cryptographic memory operation comprising:
-
a keying operation, an initialization operation, a store plaintext operation and a store ciphertext operation; the keying operation, the store plaintext operation and the store ciphertext operation are performed by at least a physical processor coupled to a memory; the keying operation for generating a random number and keying a symmetric-key algorithm; and the initialization operation for initializing each byte of a cryptographic memory allocation with consecutive values from a keystream computed using the symmetric key algorithm in a counter based cipher mode; and the store plaintext operation wherein a logical set of plaintext bytes are encoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
an encoded logical set of plaintext bytes written to initialized bytes of the cryptographic memory allocation replacing the consecutive values from the keystream which was used to encode the logical set of plaintext bytes by writing the encoded logical set of plaintext bytes to the initialized bytes of the cryptographic memory allocation storing the consecutive values; andthe store ciphertext operation wherein the encoded logical set of plaintext bytes are decoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
decoded logical set of plaintext bytes written to the cryptographic memory allocation replacing the consecutive values from the keystream which was used to decode the encoded logical set of plaintext bytes by writing the decoded logical set of plaintext bytes to the same location on the cryptographic memory allocation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification