Method and apparatus for the virtualization of cryptographic resources
First Claim
Patent Images
1. A method of provisioning a cryptographic memory operation comprising:
- a keying operation, an initialization operation, a store plaintext operation and a store ciphertext operation;
the keying operation, the store plaintext operation and the store ciphertext operation are performed by at least a physical processor coupled to a memory;
the keying operation for generating a random number and keying a symmetric-key algorithm; and
the initialization operation for initializing each byte of a cryptographic memory allocation with consecutive values from a keystream computed using the symmetric key algorithm in a counter based cipher mode; and
the store plaintext operation wherein a logical set of plaintext bytes are encoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
an encoded logical set of plaintext bytes written to initialized bytes of the cryptographic memory allocation replacing the consecutive values from the keystream which was used to encode the logical set of plaintext bytes by writing the encoded logical set of plaintext bytes to the initialized bytes of the cryptographic memory allocation storing the consecutive values; and
the store ciphertext operation wherein the encoded logical set of plaintext bytes are decoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
decoded logical set of plaintext bytes written to the cryptographic memory allocation replacing the consecutive values from the keystream which was used to decode the encoded logical set of plaintext bytes by writing the decoded logical set of plaintext bytes to the same location on the cryptographic memory allocation.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for the virtualization of cryptographic resources which enables memory speed encryption and decryption that is not bound by the speed at which processor resources can compute the result of a symmetric-key algorithm. This is achieved through a time-memory tradeoff via empty space at provisioning time. When implementing the apparatus, un-initialized memory is filled with the output of a symmetric-key algorithm uniquely keyed for the specific set of data that is going to be written to the provisioned area. Since the provisioning operation stores cryptographically structured data, rather than redundant data, plaintext that is xor'"'"'ed into memory is automatically encrypted and ciphertext that xor'"'"'ed into memory is automatically decrypted without the need for additional cryptographic computation. This reduced computation requirement enables cryptographic function to be implemented at the ends of communication, rather than the middle, and treated as a virtualized resource.
-
Citations
7 Claims
-
1. A method of provisioning a cryptographic memory operation comprising:
-
a keying operation, an initialization operation, a store plaintext operation and a store ciphertext operation; the keying operation, the store plaintext operation and the store ciphertext operation are performed by at least a physical processor coupled to a memory; the keying operation for generating a random number and keying a symmetric-key algorithm; and the initialization operation for initializing each byte of a cryptographic memory allocation with consecutive values from a keystream computed using the symmetric key algorithm in a counter based cipher mode; and the store plaintext operation wherein a logical set of plaintext bytes are encoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
an encoded logical set of plaintext bytes written to initialized bytes of the cryptographic memory allocation replacing the consecutive values from the keystream which was used to encode the logical set of plaintext bytes by writing the encoded logical set of plaintext bytes to the initialized bytes of the cryptographic memory allocation storing the consecutive values; andthe store ciphertext operation wherein the encoded logical set of plaintext bytes are decoded using the consecutive values from the keystream computed using the symmetric key algorithm before being written to the cryptographic memory allocation; and
decoded logical set of plaintext bytes written to the cryptographic memory allocation replacing the consecutive values from the keystream which was used to decode the encoded logical set of plaintext bytes by writing the decoded logical set of plaintext bytes to the same location on the cryptographic memory allocation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeDavid H. Leventhal, Robert F. Barnitt
-
Original AssigneeDark Signal Research, LLC
-
InventorsLeventhal, David H, Barnitt, Robert F
-
Primary Examiner(s)BEHESHTI SHIRAZI, SAYED ARESH
-
Application NumberUS15/458,870Time in Patent Office413 DaysField of SearchUS Class CurrentCPC Class CodesG06F 12/1408 by using cryptography for d...G06F 21/602 Providing cryptographic fac...G06F 21/74 operating in dual or compar...G06F 21/78 to assure secure storage of...G06F 2212/1052 Security improvementG06F 2212/402 Encrypted dataG06F 2221/2107 File encryptionH04L 2209/34 Encoding or coding, e.g. Hu...H04L 9/0631 Substitution permutation ne...H04L 9/0637 Modes of operation, e.g. ci...H04L 9/0662 with particular pseudorando...H04L 9/0869 involving random numbers or...
