WO2001041357A1 - Encryption of partitioned data blocks utilizing public key methods and random numbers - Google Patents

Encryption of partitioned data blocks utilizing public key methods and random numbers Download PDF

Info

Publication number
WO2001041357A1
WO2001041357A1 PCT/US2000/030164 US0030164W WO0141357A1 WO 2001041357 A1 WO2001041357 A1 WO 2001041357A1 US 0030164 W US0030164 W US 0030164W WO 0141357 A1 WO0141357 A1 WO 0141357A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
sub
block
encryption
key
Prior art date
Application number
PCT/US2000/030164
Other languages
French (fr)
Inventor
Nahum Brandman
Original Assignee
Cipheractive Communication Security Ltd.
Friedman, Mark, M.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cipheractive Communication Security Ltd., Friedman, Mark, M. filed Critical Cipheractive Communication Security Ltd.
Priority to AU20408/01A priority Critical patent/AU2040801A/en
Publication of WO2001041357A1 publication Critical patent/WO2001041357A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution
    • H04L2209/601Broadcast encryption

Definitions

  • the present invention relates to a system and method for video, audio and data encryption, and in particular to such a system and method in which the efficiency of encryption is increased by encrypting a first portion of the data according to a strong encryption protocol and a second portion of the data according to a rapid encryption protocol, such that effectively the entirety of the data cannot be accessed without the key for the strong encryption protocol.
  • DES Data Encryption Standard
  • 3DES implementation in software programs is inefficient because of the complicated, computationally intensive algorithm, which requires a powerful processor as well as large amount of time to perform calculations for each block of data.
  • the time and processor requirement is undesirable and economically unjustified.
  • PCT Application No. WO 99/44364 discloses an improved encryption method, in which the data to be encrypted is first divided into blocks. Certain blocks are scrambled according to a one-to-one function with other blocks, which are not scrambled. These blocks are then encrypted with the global key. The combination of scrambling the data with the encryption prevents the data from being understood by an unauthorized user.
  • the one-to-one function has the disadvantage of being reversible, such that the original data can be regenerated from the scrambled data by performing the reverse of the function.
  • such one-to-one functions are more vulnerable to being "cracked" by unauthorized users, even without access to the particular function itself and/or the key which was used to scramble the data.
  • a more secure method would not use a one-to-one function for scrambling the scrambled blocks of data, but instead would use a function which is not reversible. Such a method could also incorporate different types of encryption for various portions of the data, since the scrambled data itself would be significantly less accessible to the unauthorized user. Unfortunately, such a secure method is not currently available.
  • the present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function and then optionally, encrypting the scrambled data with the generated random local-data key.
  • a non-reversible function such as a hash function
  • the encryption method which is used to encrypt the first portion of the data could optionally and preferably be weak but rapidly performed.
  • the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption.
  • the second part of the data which is preferably the smaller portion of the data, contains the local-data key "XOR"-ed with the smallest second portion.
  • This second part of the data is optionally and preferably encrypted using a Public key, defined as a Global Key, more preferably with a stronger encryption method of any kind.
  • the system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method.
  • strong encryption method and “weaker encryption method” are relative, such that the results of the stronger encryption method are more difficult to break than the results of the weaker encryption method.
  • the system and method of the present invention are both more efficient and more effective than background art encryption methods.
  • method for encrypting data with a global key comprising the steps of: (a) dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block; (b) combining said first sub-block with said second sub-block with a hash function to form a scrambled sub-block of data as a random key; (c) replacing said second sub-block with said random key; (d) encrypting said first sub-block of data; and (e) encrypting said random key with the global key.
  • a system for encrypting data with a global key, the data being divided into a plurality of blocks, the system comprising: (a) a data input device for receiving the blocks of data; (b) a sub-block division module for dividing the blocks of data into sub-blocks; (c) a scrambling module for performing a non-reversible function on at least one sub-block of data to form scrambled data; (d) a random key module for replacing the at least one sub-block with the scrambled data and for encrypting the scrambled data with the random local- data key; and (e) a remainder encryption module for encrypting the random local-data key with a global key.
  • computer platform refers to a particular computer hardware system or to a particular software operating system.
  • hardware systems include, but are not limited to, personal computers (PC), palmtop computers, handheld and portable computers, Macintosh TM computers, mainframes, minicomputers, various types of data processors including ASIC, DSP, and RISC processors, workstations.
  • software operating systems include, but are not limited to, UNIX, VMS, Linux, MacOSTM, DOS, one of the WindowsTM operating systems by Microsoft Corp.
  • a software application could be written in substantially any suitable programming language, which could easily be selected by one of ordinary skill in the art.
  • the programming language chosen should be compatible with the computer platform according to which the software application is executed. Examples of suitable programming languages include, but are not limited to, C, C++ and Java.
  • the present invention could be implemented as software, firmware or hardware, or as a combination thereof. For any of these implementations, the functional steps performed by the method could be described as a plurality of instructions performed by a data processor.
  • FIG. 1 is a flowchart of an exemplary method for encrypting data according to the present invention
  • FIG. 2 is a schematic block diagram for describing a preferred embodiment of the method of Figure 1 ;
  • FIG. 3 is a schematic block diagram of an exemplary system according to the present invention.
  • the present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function, and then replacing the local data key with the second portion of data.
  • the scrambled, first portion of data is then encrypted with the local-data key.
  • the second portion of the data is replaced with a global key, preferably according to a strong encryption method.
  • the first portion of data may then optionally be encrypted with a weak encryption method.
  • the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption.
  • the system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method.
  • the system and method of the present invention are both more efficient and more effective than background art encryption methods.
  • background art encryption methods which may be employed with the present invention also include, but are not limited to, Diffie-Hellman, as disclosed in U.S. Patent No. 4,200,770; RSA, as disclosed in U.S. Patent No. 4,405,829; and Hellman-Pohlig, as disclosed in U.S. Patent No. 4,424,414; all of which are hereby incorporated by reference as if fully set forth herein.
  • Figure 1 shows a flowchart of an exemplary method for encrypting data according to the present invention.
  • various types of data can optionally be encrypted according to the method of the present invention.
  • the exemplary method assumes that a global key is publicly available for a public-key encryption method, which is highly preferred for the operation of the present invention.
  • ECC elliptic curve cryptography
  • each block is divided into at least two sub-blocks, denoted as a first sub-block and a second sub-block, although optionally the data may be divided into a larger number of sub-blocks, as described in greater detail below with regard to Figure 2.
  • each sub-block is 64 bits in size if the DES group of encryption methods is used to encrypt the data.
  • a hash function is performed to combine the first sub-block of data with the second sub-block of data, for example with an XOR (exclusive "or") function.
  • the performance of the hash function results in a scrambled sub-block of data, which then forms a random key.
  • the random key is thus data dependent, and as such cannot be predicted by analyzing previous sub-blocks of data and/or by analyzing previous blocks of data. Indeed, a change to a single bit of the block of data would change the random key. Thus, unless the unauthorized user had access to all of the data, the random key could not be obtained by analytical methods of "cracking" the ciphertext.
  • an extension to the performance of the hash function would involve the operation of the MD5 algorithm or any other one-way hash function including but not limited to those functions which are described in "Applied Cryptography Second Edition: Protocols, Algorithms, and Source Code in C", Bruce Schneier, ISBN 0-471-12845-7, Katherine Schowalter, John Wiley & Sons, Inc.
  • step 4 the second sub-block is replaced with the random key.
  • step 5 the first sub-block of data is encrypted, optionally and preferably with a weaker but more rapidly performed method of encryption, such as the original DES encryption method for example.
  • the random key is encrypted with the global key, preferably with a strong encryption method such as the 3 DES encryption method for example.
  • strong encryption method refers generally to the level of security of the encryption algorithm, such that a strong encryption method provides a higher level of security. For example, it generally believed that the 3DES encryption method is stronger than the DES encryption method.
  • IDEA Another example of a strong encryption method
  • a weak encryption method provides a lower level of security.
  • the encrypted data may now be transmitted and/or stored, for example. Various options for using the encrypted data are described in greater detail with regard to Figure 3.
  • One advantage of the method of the present invention is that real-time encryption is significantly accelerated, since a high overall level of security can be provided for the entirety of the data, even if only a small portion of the data is encrypted with the strong encryption method, while the remainder of the data is encrypted with a weaker but more efficient encryption method. Therefore, the rate of encryption is significantly accelerated, which is particularly important for real-time and other highly time-sensitive encryption applications. For such applications, any delay is unacceptable.
  • the method of the present invention provides strong encryption security for a fraction of the computational time and processing requirements. Another advantage of the method of the present invention is that the
  • RC4 encryption method or any fast stream cipher method in which data must be encrypted as a stream rather than as discrete units, can be used to encrypt the data.
  • the RC4 encryption method is a strong and efficient method of encryption, but has the disadvantage of being unsuitable for data, which is organized into packets or other discrete units. This disadvantage arises from the requirement of the algorithm for a random key in order to encrypt the data, as the strength of this particular encryption algorithm lies with the use of the random key. Previous applications of the RC4 algorithm would therefore result in the same random key being used for encrypting all of the packets in a particular transmission, which would render the encrypted data highly vulnerable to being "cracked" or decrypted from ciphertext back to plaintext by an unauthorized user.
  • the method of the present invention overcomes this disadvantage by providing a random key, which is generated separately for each unit of data such as a packet.
  • the method of the present invention could use the RC4 algorithm for encrypting the second sub-block of data,
  • Another advantage of the method of the present invention is that the method permits a combination of a block cipher with a stream cipher.
  • the method could be divided into two or more stages to provide protection for data which is to be stored, as well as for data which is to be retrieved, broadcast and/or browsed one or more times, in real time and on-demand.
  • the first stage would preferably be a "pre-encryption process”.
  • the method could perform the "pre-encryption process" as defined below during the process of storing digital files or compressed data, by using relatively few computational functions, which do not consume a significant portion of the time required for performing the total process.
  • At least a portion of the method is preferably performed "off-line” or "near-line” for the post-compression of data before transmission or storage.
  • This portion of the method preferably includes the step of first: Dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block. Next, the first sub-block is combined with the second sub-block with a hash function to form a scrambled sub-block of data as a random key. In step 3, the second sub-block is replaced with the random key.
  • the stored content is in a protected format.
  • the method does not encrypt the header or trailers of relevant packages, which are used for indexing functions, for example in order to browse through stored, encrypted data for retrieval of such data.
  • the method does not add one or more redundant bits to the data; unlike background art methods, which do add such bits.
  • the second stage is performed upon demand for the retrieval, broadcast, remote transmission and/or browsing of the protected stored data.
  • the second stage preferably includes the step of encrypting the random key with the global key.
  • the protected stored data can be transmitted in a highly secure form to a remote storage location, since the highly secure encryption of the data is now added with the preferred strong encryption method.
  • the method of the present invention would only require encryption of the designated sub-block containing the local data key with the subscriber public (Global) key, rather than encrypting the whole file or block. Therefore, such an encryption process clearly requires fewer computational resources to perform and is therefore more efficient.
  • steps 1-5 of the method of Figure 1 are performed in a pre-processing stage.
  • This pre-processing stage is preferably performed off-line or near off-line for data storage purposes, including but not limited to. creating secure physical and virtual data storage volumes or "snap-shots" of stored data, or used for remote back-up and mirroring of data.
  • Figure 2 is a schematic block diagram of a preferred but exemplary implementation of the method of Figure 1.
  • the block of data may be of substantially any size, and may be divided into substantially any number of a plurality of sub-blocks of substantially any size.
  • the plurality of sub-blocks may be 16 sub-blocks of 32 bits per sub-block, 8 sub-blocks of 64 bits per sub-block, 4 sub-blocks of 128 bits per sub-block, and so forth.
  • the block of 512 bits of data is divided into 8 sub-blocks of 64 bits per sub-block, designated as "dl" through "d8".
  • the block of data also features a footer and header. Therefore, for the method of Figure 1 as performed on the data structure of Figure 2, sub-blocks dl to d7 would be scrambled with sub-block d8 according to a hash function to form the random key. The random key would then replace sub-block d8.
  • a fast cipher like RC4 or DES encryption method would optionally be used to encrypt sub-blocks dl to d7, for example, with the global key.
  • a high-level cipher 3DES encryption method would optionally be used to encrypt sub-block d8, for example.
  • another advantage of the method of the present invention is that a plurality of global keys could be used to encrypt the data without re-encrypting the entirety of the data with each global key. Instead, only the random key, which replaced sub-block d8 in this example, would need to be re-encrypted with each global key. The remaining sub-blocks would only need to be encrypted once, regardless of the number of different global keys, which are used. Thus, such an implementation is clearly more efficient for encryption when multiple global keys are required, for example for a system with multiple users and/or subscribers.
  • FIG. 3 is a schematic block diagram of an exemplary system according to the present invention.
  • a system 10 features a data input device 12 for inputting data, which may be any type of broadcasting application.
  • System 10 is also assumed to have received a global key.
  • Data input device 12 is optionally connected to a sub-block division module 14 for dividing the data into blocks and sub-blocks, if the data is not already divided into blocks and/or sub-blocks.
  • a scrambling module 16 then receives the blocks and sub-blocks of data, and performs a non-reversible function, such as a hash function, on at least one sub-block of data to form scrambled data.
  • a random key module 18 then replaces a designated sub-block with the scrambled data, to form an encrypted random key.
  • a remainder encryption module 20 then encrypts the remainder of the sub-blocks for each block to form encrypted sub-blocks, preferably with a weaker but more rapidly performed encryption method as previously described.
  • the encrypted sub-blocks and random key may then optionally be transmitted through a network 22, or alternatively may be securely stored on an electronic storage device (not shown) for example.
  • suitable types of data include, but are not limited to, video stream data and/or audio stream data on substantially any type of platform such as network transmission, satellite and other wireless transmission, cable transmission, xDSL and so forth; voice communication data such as voice over IP (Internet Protocol) networks and/or through cable modems, and so forth; video stream data which has been compressed according to a particular compression method such as a member of the MPEG (Motion Picture Expert Group) set of compression methods; DVB data playback and real-time playing; and wireless transmissions such as through cellular telephones, for example.
  • a particular compression method such as a member of the MPEG (Motion Picture Expert Group) set of compression methods
  • DVB data playback and real-time playing and wireless transmissions such as through cellular telephones, for example.
  • system 10 One preferred but exemplary implementation of system 10 would be for video on-demand applications, in which a subscriber individually orders a particular video to be displayed at the request of the subscriber.
  • System 10 provides a mechanism for protecting the video data with encryption, in order to prevent unauthorized users from obtaining such video data.
  • the increased efficiency of the system and method of the present invention can be calculated according to a "gain factor", which quantifies the order of magnitude of improvement for the rate of encryption according to the present invention.
  • gain factor quantifies the order of magnitude of improvement for the rate of encryption according to the present invention.
  • the required numbers of instructions per bit for various encryption methods are assumed to be as follows: DES, 4 instructions per bit; 3DES, 12 instructions per bit; MD5, 0.5 instructions per bit. Therefore, implementing 3DES results in the performance of 512 x 12 instructions per block of data, or 6144 instructions.

Abstract

Referring to the figure, a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function (step 3) and then encrypting the scrambled data with the random generated key (step 5), preferably according to a weaker and faster encryption method. The remaining data, which contains the local data key can then optionally be encrypted with a stronger encryption method (step 6). Preferably, the first portion of data is a relatively larger fraction of the overall data, for increased efficiency of encryption. However, the system and method effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method. Thus, the system and method are both more efficient and more effective than the background art encryption methods.

Description

ENCRYPTION OF PARTITIONED DATA BLOCKS UTILIZING PUBLIC KEY METHODS AND RANDOM NUMBERS
FIELD AND BACKGROUND OF THE INVENTION The present invention relates to a system and method for video, audio and data encryption, and in particular to such a system and method in which the efficiency of encryption is increased by encrypting a first portion of the data according to a strong encryption protocol and a second portion of the data according to a rapid encryption protocol, such that effectively the entirety of the data cannot be accessed without the key for the strong encryption protocol. As increasing amounts of data are transmitted through the Internet and other networks, the need has grown for strong and efficient encryption methods in order to protect the transmitted data. Since the Internet is not truly peer-to-peer, transmitted data can unfortunately be accessed relatively easily by unauthorized users. For example, the transfer of sensitive financial data, confidential business information and the electronic transfer of proprietary information of commercial institutions, must remain confidential and protected. Other examples of sensitive data include securities information related to the stocks and securities community, medical information for patients, stored and retrieved business data and so forth.
Although a number of encryption methods are currently available for protecting data for transmission, all of these encryption methods suffer from disadvantages. Strong methods of encryption require extensive computing resources and time for performance. Weaker encryption methods are easy to overcome, such that the encrypted data is still vulnerable to access by unauthorized personnel. Thus, clearly new methods for encrypting data are required in order to efficiently encrypt data for transmission and in order to effectively protect the data during transmission and/or storage.
For example, the Data Encryption Standard (DES) could be used with a commonly generated global key, where the global key is generated using public key cryptographic techniques. The 3DES implementation in software programs is inefficient because of the complicated, computationally intensive algorithm, which requires a powerful processor as well as large amount of time to perform calculations for each block of data. For wide bandwidth data, such as video stream data, the time and processor requirement is undesirable and economically unjustified.
PCT Application No. WO 99/44364 discloses an improved encryption method, in which the data to be encrypted is first divided into blocks. Certain blocks are scrambled according to a one-to-one function with other blocks, which are not scrambled. These blocks are then encrypted with the global key. The combination of scrambling the data with the encryption prevents the data from being understood by an unauthorized user. However, the one-to-one function has the disadvantage of being reversible, such that the original data can be regenerated from the scrambled data by performing the reverse of the function. Furthermore, such one-to-one functions are more vulnerable to being "cracked" by unauthorized users, even without access to the particular function itself and/or the key which was used to scramble the data.
A more secure method would not use a one-to-one function for scrambling the scrambled blocks of data, but instead would use a function which is not reversible. Such a method could also incorporate different types of encryption for various portions of the data, since the scrambled data itself would be significantly less accessible to the unauthorized user. Unfortunately, such a secure method is not currently available.
There is thus a need for, and it would be useful to have, a system and a method for encrypting data in which the data is divided into blocks and sub-blocks, some of which are scrambled according to a non-reversible function, such that different portions of the data can be encrypted according to encryption methods of different strengths for more efficient encryption of the data, while still maintaining the overall strength of the protection of the data at the high level of the strongest encryption method. SUMMARY OF THE INVENTION
The present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function and then optionally, encrypting the scrambled data with the generated random local-data key. which is defined as a XOR combination of the hash function and the second portion of the data. The encryption method, which is used to encrypt the first portion of the data could optionally and preferably be weak but rapidly performed. Preferably, the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption.
The second part of the data, which is preferably the smaller portion of the data, contains the local-data key "XOR"-ed with the smallest second portion. This second part of the data is optionally and preferably encrypted using a Public key, defined as a Global Key, more preferably with a stronger encryption method of any kind.
The system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method. As used herein, the terms "stronger encryption method" and "weaker encryption method" are relative, such that the results of the stronger encryption method are more difficult to break than the results of the weaker encryption method. Thus, the system and method of the present invention are both more efficient and more effective than background art encryption methods. According to the present invention, method for encrypting data with a global key is provided, the data being divided into a plurality of blocks, the steps of the method being performed by a data processor, the method comprising the steps of: (a) dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block; (b) combining said first sub-block with said second sub-block with a hash function to form a scrambled sub-block of data as a random key; (c) replacing said second sub-block with said random key; (d) encrypting said first sub-block of data; and (e) encrypting said random key with the global key.
According to another embodiment of the present invention, a system is provided for encrypting data with a global key, the data being divided into a plurality of blocks, the system comprising: (a) a data input device for receiving the blocks of data; (b) a sub-block division module for dividing the blocks of data into sub-blocks; (c) a scrambling module for performing a non-reversible function on at least one sub-block of data to form scrambled data; (d) a random key module for replacing the at least one sub-block with the scrambled data and for encrypting the scrambled data with the random local- data key; and (e) a remainder encryption module for encrypting the random local-data key with a global key.
Hereinafter, the term "computer platform" refers to a particular computer hardware system or to a particular software operating system. Examples of such hardware systems include, but are not limited to, personal computers (PC), palmtop computers, handheld and portable computers, Macintosh ™ computers, mainframes, minicomputers, various types of data processors including ASIC, DSP, and RISC processors, workstations. Examples of such software operating systems include, but are not limited to, UNIX, VMS, Linux, MacOS™, DOS, one of the Windows™ operating systems by Microsoft Corp. (USA), including Windows NT™, Windows 3.x™ (in which "x" is a version number, such as "Windows 3.1™"), Windows CE™, Windows95™, and Windows98™, as well as any suitable operating system for embedded units or palmtop/handheld type portable computers. For the present invention, a software application could be written in substantially any suitable programming language, which could easily be selected by one of ordinary skill in the art. The programming language chosen should be compatible with the computer platform according to which the software application is executed. Examples of suitable programming languages include, but are not limited to, C, C++ and Java. In addition, the present invention could be implemented as software, firmware or hardware, or as a combination thereof. For any of these implementations, the functional steps performed by the method could be described as a plurality of instructions performed by a data processor.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
FIG. 1 is a flowchart of an exemplary method for encrypting data according to the present invention;
FIG. 2 is a schematic block diagram for describing a preferred embodiment of the method of Figure 1 ; and
FIG. 3 is a schematic block diagram of an exemplary system according to the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function, and then replacing the local data key with the second portion of data. The scrambled, first portion of data is then encrypted with the local-data key. Next, the second portion of the data is replaced with a global key, preferably according to a strong encryption method. The first portion of data may then optionally be encrypted with a weak encryption method. Preferably, the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption. However, the system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method. Thus, the system and method of the present invention are both more efficient and more effective than background art encryption methods. Examples of background art encryption methods which may be employed with the present invention also include, but are not limited to, Diffie-Hellman, as disclosed in U.S. Patent No. 4,200,770; RSA, as disclosed in U.S. Patent No. 4,405,829; and Hellman-Pohlig, as disclosed in U.S. Patent No. 4,424,414; all of which are hereby incorporated by reference as if fully set forth herein.
The principles and operation of the system and method according to the present invention may be better understood with reference to the drawings and the accompanying description. Referring now to the drawings, Figure 1 shows a flowchart of an exemplary method for encrypting data according to the present invention. As described in greater detail below with regard to Figure 3, various types of data can optionally be encrypted according to the method of the present invention. The exemplary method assumes that a global key is publicly available for a public-key encryption method, which is highly preferred for the operation of the present invention. However, it is understood that other types of encryption methods and key generating schemes, such as ECC (elliptic curve cryptography), could also be used with the method of the present invention. In step 1 of Figure 1, the data is divided into a plurality of blocks. The size of the blocks is dependent upon the type of data and/or upon the type of encryption to be performed at subsequent steps. However, a typical preferred block size is 512 bits. In step 2, each block is divided into at least two sub-blocks, denoted as a first sub-block and a second sub-block, although optionally the data may be divided into a larger number of sub-blocks, as described in greater detail below with regard to Figure 2. Preferably, each sub-block is 64 bits in size if the DES group of encryption methods is used to encrypt the data.
In step 3, a hash function is performed to combine the first sub-block of data with the second sub-block of data, for example with an XOR (exclusive "or") function. The performance of the hash function results in a scrambled sub-block of data, which then forms a random key. The random key is thus data dependent, and as such cannot be predicted by analyzing previous sub-blocks of data and/or by analyzing previous blocks of data. Indeed, a change to a single bit of the block of data would change the random key. Thus, unless the unauthorized user had access to all of the data, the random key could not be obtained by analytical methods of "cracking" the ciphertext.
Optionally, an extension to the performance of the hash function would involve the operation of the MD5 algorithm or any other one-way hash function including but not limited to those functions which are described in "Applied Cryptography Second Edition: Protocols, Algorithms, and Source Code in C", Bruce Schneier, ISBN 0-471-12845-7, Katherine Schowalter, John Wiley & Sons, Inc.
In step 4, the second sub-block is replaced with the random key. In step 5, the first sub-block of data is encrypted, optionally and preferably with a weaker but more rapidly performed method of encryption, such as the original DES encryption method for example.
In step 6, the random key is encrypted with the global key, preferably with a strong encryption method such as the 3 DES encryption method for example. The term strong encryption method refers generally to the level of security of the encryption algorithm, such that a strong encryption method provides a higher level of security. For example, it generally believed that the 3DES encryption method is stronger than the DES encryption method. Another example of a strong encryption method is IDEA. By contrast, a weak encryption method provides a lower level of security. In step 7, the encrypted data may now be transmitted and/or stored, for example. Various options for using the encrypted data are described in greater detail with regard to Figure 3. One advantage of the method of the present invention is that real-time encryption is significantly accelerated, since a high overall level of security can be provided for the entirety of the data, even if only a small portion of the data is encrypted with the strong encryption method, while the remainder of the data is encrypted with a weaker but more efficient encryption method. Therefore, the rate of encryption is significantly accelerated, which is particularly important for real-time and other highly time-sensitive encryption applications. For such applications, any delay is unacceptable. Thus, the method of the present invention provides strong encryption security for a fraction of the computational time and processing requirements. Another advantage of the method of the present invention is that the
RC4 encryption method, or any fast stream cipher method in which data must be encrypted as a stream rather than as discrete units, can be used to encrypt the data. The RC4 encryption method is a strong and efficient method of encryption, but has the disadvantage of being unsuitable for data, which is organized into packets or other discrete units. This disadvantage arises from the requirement of the algorithm for a random key in order to encrypt the data, as the strength of this particular encryption algorithm lies with the use of the random key. Previous applications of the RC4 algorithm would therefore result in the same random key being used for encrypting all of the packets in a particular transmission, which would render the encrypted data highly vulnerable to being "cracked" or decrypted from ciphertext back to plaintext by an unauthorized user. The method of the present invention overcomes this disadvantage by providing a random key, which is generated separately for each unit of data such as a packet. Thus, the method of the present invention could use the RC4 algorithm for encrypting the second sub-block of data, for example.
Another advantage of the method of the present invention is that the method permits a combination of a block cipher with a stream cipher. Yet another advantage of the method of the present invention is that the method could be divided into two or more stages to provide protection for data which is to be stored, as well as for data which is to be retrieved, broadcast and/or browsed one or more times, in real time and on-demand. The first stage would preferably be a "pre-encryption process". The method could perform the "pre-encryption process" as defined below during the process of storing digital files or compressed data, by using relatively few computational functions, which do not consume a significant portion of the time required for performing the total process.
At least a portion of the method is preferably performed "off-line" or "near-line" for the post-compression of data before transmission or storage. This portion of the method preferably includes the step of first: Dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block. Next, the first sub-block is combined with the second sub-block with a hash function to form a scrambled sub-block of data as a random key. In step 3, the second sub-block is replaced with the random key.
The benefits of using this method include the following. First, the stored content is in a protected format. Second, the method does not encrypt the header or trailers of relevant packages, which are used for indexing functions, for example in order to browse through stored, encrypted data for retrieval of such data. Third, the method does not add one or more redundant bits to the data; unlike background art methods, which do add such bits. Preferably, the second stage is performed upon demand for the retrieval, broadcast, remote transmission and/or browsing of the protected stored data. The second stage preferably includes the step of encrypting the random key with the global key.
The benefits of the second stage include the following. First, the protected stored data can be transmitted in a highly secure form to a remote storage location, since the highly secure encryption of the data is now added with the preferred strong encryption method. Second, if multiple subscribers request the same content, the method of the present invention would only require encryption of the designated sub-block containing the local data key with the subscriber public (Global) key, rather than encrypting the whole file or block. Therefore, such an encryption process clearly requires fewer computational resources to perform and is therefore more efficient.
Furthermore, for gateway and router key switching applications, the method would only require encryption of the designated sub-block containing the local data key with the subscriber public (Global) key, as compared to the process of encrypting the whole data package, which passes the unit. According to another preferred embodiment of the present invention, steps 1-5 of the method of Figure 1 are performed in a pre-processing stage. This pre-processing stage is preferably performed off-line or near off-line for data storage purposes, including but not limited to. creating secure physical and virtual data storage volumes or "snap-shots" of stored data, or used for remote back-up and mirroring of data.
Figure 2 is a schematic block diagram of a preferred but exemplary implementation of the method of Figure 1. As noted previously, the block of data may be of substantially any size, and may be divided into substantially any number of a plurality of sub-blocks of substantially any size. For example, for a block of data of 512 bits, the plurality of sub-blocks may be 16 sub-blocks of 32 bits per sub-block, 8 sub-blocks of 64 bits per sub-block, 4 sub-blocks of 128 bits per sub-block, and so forth.
In the example of Figure 2, the block of 512 bits of data is divided into 8 sub-blocks of 64 bits per sub-block, designated as "dl" through "d8". The block of data also features a footer and header. Therefore, for the method of Figure 1 as performed on the data structure of Figure 2, sub-blocks dl to d7 would be scrambled with sub-block d8 according to a hash function to form the random key. The random key would then replace sub-block d8. A fast cipher like RC4 or DES encryption method would optionally be used to encrypt sub-blocks dl to d7, for example, with the global key. A high-level cipher 3DES encryption method would optionally be used to encrypt sub-block d8, for example.
Also as shown in Figure 2, another advantage of the method of the present invention is that a plurality of global keys could be used to encrypt the data without re-encrypting the entirety of the data with each global key. Instead, only the random key, which replaced sub-block d8 in this example, would need to be re-encrypted with each global key. The remaining sub-blocks would only need to be encrypted once, regardless of the number of different global keys, which are used. Thus, such an implementation is clearly more efficient for encryption when multiple global keys are required, for example for a system with multiple users and/or subscribers.
Figure 3 is a schematic block diagram of an exemplary system according to the present invention. A system 10 features a data input device 12 for inputting data, which may be any type of broadcasting application. System 10 is also assumed to have received a global key. Data input device 12 is optionally connected to a sub-block division module 14 for dividing the data into blocks and sub-blocks, if the data is not already divided into blocks and/or sub-blocks. A scrambling module 16 then receives the blocks and sub-blocks of data, and performs a non-reversible function, such as a hash function, on at least one sub-block of data to form scrambled data. A random key module 18 then replaces a designated sub-block with the scrambled data, to form an encrypted random key. A remainder encryption module 20 then encrypts the remainder of the sub-blocks for each block to form encrypted sub-blocks, preferably with a weaker but more rapidly performed encryption method as previously described. The encrypted sub-blocks and random key may then optionally be transmitted through a network 22, or alternatively may be securely stored on an electronic storage device (not shown) for example. Examples of suitable types of data include, but are not limited to, video stream data and/or audio stream data on substantially any type of platform such as network transmission, satellite and other wireless transmission, cable transmission, xDSL and so forth; voice communication data such as voice over IP (Internet Protocol) networks and/or through cable modems, and so forth; video stream data which has been compressed according to a particular compression method such as a member of the MPEG (Motion Picture Expert Group) set of compression methods; DVB data playback and real-time playing; and wireless transmissions such as through cellular telephones, for example.
One preferred but exemplary implementation of system 10 would be for video on-demand applications, in which a subscriber individually orders a particular video to be displayed at the request of the subscriber. System 10 provides a mechanism for protecting the video data with encryption, in order to prevent unauthorized users from obtaining such video data.
The increased efficiency of the system and method of the present invention can be calculated according to a "gain factor", which quantifies the order of magnitude of improvement for the rate of encryption according to the present invention. For these calculations, the required numbers of instructions per bit for various encryption methods are assumed to be as follows: DES, 4 instructions per bit; 3DES, 12 instructions per bit; MD5, 0.5 instructions per bit. Therefore, implementing 3DES results in the performance of 512 x 12 instructions per block of data, or 6144 instructions.
For real-time encryption applications according to the present invention, assuming that a weaker encryption method is used for the majority of the block, while the strong encryption method is used for only 64 bits of the block, then the total number of instructions per block for the method of the present invention is 4.5 x (512-64) + (64 x 12) = 2784 instructions per block. Therefore, the gain factor in terms of numbers of instructions per block is 2784/6144 = 2.2. Thus, clearly the method and system of the present invention are significantly faster and more efficient than background art methods for real-time encryption applications.
It will be appreciated that the above descriptions are intended only to serve as examples, and that many other embodiments are possible within the spirit and the scope of the present invention.

Claims

WHAT IS CLAIMED IS:
1. A method for encrypting data with a global key, the data being divided into a plurality of blocks, the steps of the method being performed by a data processor, the method comprising the steps of:
(a) dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block;
(b) combining said first sub-block with said second sub-block with a hash function to form a scrambled sub-block of data as a random key;
(c) replacing said second sub-block with said random key;
(d) encrypting said first sub-block of data; and
(e) encrypting said random key with the global key.
2. The method of claim 1, wherein step (e) is performed with a strong encryption method.
3. The method of claim 2, wherein said strong encryption method is the 3DES encryption method.
4. The method of claim 2, wherein said strong encryption method is IDEA.
5. The method of claim 2, wherein step (d) is performed with a weaker method of encryption, said weaker method of encryption being less secure than said strong encryption method.
6. The method of claim 5, wherein said weaker method of encryption is the original DES encryption method.
7. The method of claim 5, wherein the global key is a plurality of global keys, such that step (e) comprises the step of encrypting said random key with each of the plurality of global keys.
8. The method of claim 5, wherein the data is broadcast application data.
9. The method of claim 8, wherein said broadcast application data is selected from the group consisting of video stream data and audio stream data.
10. The method of claim 9, wherein said broadcast application data is transmitted through a platform selected from the group consisting of network transmission, satellite transmission, cable transmission, xDSL transmission and cellular telephone wireless transmission.
11. The method of claim 8, wherein said broadcast application data is voice data.
12. The method of claim 8, wherein said broadcast application data is compressed streamed data.
13. The method of claim 12, wherein said compressed streamed data is selected from the group consisting of video stream data and audio stream data.
14. The method of claim 1, wherein steps (a) - (d) are performed as a pre-processing procedure for storing the data to form stored data.
15. The method of claim 14, wherein said pre-processing procedure is performed to form secure data storage volumes.
16. The method of claim 14. wherein said pre-processing procedure is performed to form a snapshot of said stored data.
17. The method of claim 14. wherein said pre-processing procedure is performed for a remote back-up storage of said stored data.
18. The method of claim 14. wherein said stored data is selected from the group consisting of video stream data and audio stream data.
19. The method of claim 18. wherein said stored data is transmitted through a platform selected from the group consisting of network transmission, satellite transmission, cable transmission, xDSL transmission and cellular telephone wireless transmission.
20. The method of claim 14, wherein said stored data is voice data.
21. The method of claim 14, wherein said stored data is compressed streamed data.
22. The method of claim 21, wherein said compressed streamed data is selected from the group consisting of video stream data and audio stream data.
23. The method of claim 1, further comprising the step of:
(f) interacting with the data by a plurality of users, each user having an associated global key, such that step (e) is performed with one of a plurality of global keys.
24. The method of claim 1, wherein the data is broadcast application data.
25. A method for encrypting data with a global key, the data being divided into a plurality of blocks, the steps of the method being performed by a data processor, the method comprising the steps of:
(a) dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block;
(b) combining said first sub-block with said second sub-block with a hash function to form a scrambled sub-block of data as a random key;
(c) replacing said second sub-block with said random key;
(d) encrypting said first sub-block of data;
(e) selecting at least a portion of the data to form a selected portion of the data; and
(f) encrypting said random key with the global key for said selected portion of the data.
26. The method of claim 25, further comprising the step of:
(g) transmitting the data.
27. The method of claim 26, wherein the data is selected from the group consisting of compressed stream data and uncompressed stream data.
28. A system for encrypting data with a global key, the data being divided into a plurality of blocks, the system comprising:
(a) a data input device for receiving the blocks of data;
(b) a sub-block division module for dividing the blocks of data into sub-blocks;
(c) a scrambling module for performing a non-reversible function on at least one sub-block of data to form scrambled data; (d) a random key module for replacing said at least one sub-block with said scrambled data and for encrypting said scrambled data with a random local data key; and
(e) a remainder encryption module for encrypting of said sub-blocks containing said random local data key.
PCT/US2000/030164 1999-12-03 2000-11-28 Encryption of partitioned data blocks utilizing public key methods and random numbers WO2001041357A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU20408/01A AU2040801A (en) 1999-12-03 2000-11-28 Encryption of partitioned data blocks utilizing public key methods and random numbers

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US45329199A 1999-12-03 1999-12-03
US09/453,291 1999-12-03

Publications (1)

Publication Number Publication Date
WO2001041357A1 true WO2001041357A1 (en) 2001-06-07

Family

ID=23799966

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/030164 WO2001041357A1 (en) 1999-12-03 2000-11-28 Encryption of partitioned data blocks utilizing public key methods and random numbers

Country Status (2)

Country Link
AU (1) AU2040801A (en)
WO (1) WO2001041357A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2391082A (en) * 2002-07-19 2004-01-28 Ritech Internat Ltd Portable data storage device with layered memory architecture
WO2007015034A2 (en) * 2005-08-04 2007-02-08 Everbee Networks Method and system for high-speed encryption
CN1316405C (en) * 2003-03-19 2007-05-16 大唐微电子技术有限公司 Method for obtaining digital siguature and realizing data safety
EP2166479A1 (en) * 2008-09-04 2010-03-24 Intel Corporation Accelerated cryptography with an encryption attribute
US9240883B2 (en) 2008-09-04 2016-01-19 Intel Corporation Multi-key cryptography for encrypting file system acceleration

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4484027A (en) * 1981-11-19 1984-11-20 Communications Satellite Corporation Security system for SSTV encryption
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5696823A (en) * 1995-03-31 1997-12-09 Lucent Technologies Inc. High-bandwidth encryption system with low-bandwidth cryptographic modules
US5987124A (en) * 1996-02-20 1999-11-16 International Business Machines Corporation Method and apparatus for encrypting long blocks using a short-block encryption procedure
US6052469A (en) * 1996-07-29 2000-04-18 International Business Machines Corporation Interoperable cryptographic key recovery system with verification by comparison

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4484027A (en) * 1981-11-19 1984-11-20 Communications Satellite Corporation Security system for SSTV encryption
US5592553A (en) * 1993-07-30 1997-01-07 International Business Machines Corporation Authentication system using one-time passwords
US5696823A (en) * 1995-03-31 1997-12-09 Lucent Technologies Inc. High-bandwidth encryption system with low-bandwidth cryptographic modules
US5987124A (en) * 1996-02-20 1999-11-16 International Business Machines Corporation Method and apparatus for encrypting long blocks using a short-block encryption procedure
US6052469A (en) * 1996-07-29 2000-04-18 International Business Machines Corporation Interoperable cryptographic key recovery system with verification by comparison

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SCHNEIER B.: "Applied Cryptography", 1995, JOHN WILEY AND SONS, XP002937738 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2391082A (en) * 2002-07-19 2004-01-28 Ritech Internat Ltd Portable data storage device with layered memory architecture
GB2391082B (en) * 2002-07-19 2005-08-03 Ritech Internat Ltd Portable data storage device with layered memory architecture
CN1316405C (en) * 2003-03-19 2007-05-16 大唐微电子技术有限公司 Method for obtaining digital siguature and realizing data safety
WO2007015034A2 (en) * 2005-08-04 2007-02-08 Everbee Networks Method and system for high-speed encryption
FR2889637A1 (en) * 2005-08-04 2007-02-09 Everbee Networks Sa METHOD AND SYSTEM FOR HIGH-RATE ENCRYPTION
WO2007015034A3 (en) * 2005-08-04 2007-09-13 Everbee Networks Method and system for high-speed encryption
EP2166479A1 (en) * 2008-09-04 2010-03-24 Intel Corporation Accelerated cryptography with an encryption attribute
EP2472426A1 (en) * 2008-09-04 2012-07-04 Intel Corporation Accelerated cryptography with an encryption attribute
US8880879B2 (en) 2008-09-04 2014-11-04 Intel Corporation Accelerated cryptography with an encryption attribute
US9240883B2 (en) 2008-09-04 2016-01-19 Intel Corporation Multi-key cryptography for encrypting file system acceleration
US10447476B2 (en) 2008-09-04 2019-10-15 Intel Corporation Multi-key graphic cryptography for encrypting file system acceleration

Also Published As

Publication number Publication date
AU2040801A (en) 2001-06-12

Similar Documents

Publication Publication Date Title
EP1456777B1 (en) Digital content distribution system
KR101026609B1 (en) Scalable, error resilient drm for scalable media
US8249255B2 (en) System and method for securing communications between devices
US7151832B1 (en) Dynamic encryption and decryption of a stream of data
JP3864675B2 (en) Common key encryption device
JP4572085B2 (en) Fully scalable encryption for scalable multimedia
US8332633B2 (en) Encryption processing for streaming media
US7787621B2 (en) Secure transmission using adaptive transformation and plural channels
EP1678586B1 (en) A method and apparatus for ensuring the integrity of data
Lookabaugh et al. Selective encryption for consumer applications
JP2000138668A (en) Encipherment system for packet exchange circuit network based on digital chaos model
JP4784260B2 (en) Distributed data storage method, terminal, and program
US5659618A (en) Multi-size cryptographic key system
WO2001041357A1 (en) Encryption of partitioned data blocks utilizing public key methods and random numbers
Sharma et al. Compression and encryption: An integrated approach
WO2007031894A2 (en) Improved cryptographic method and system
Aly et al. A light-weight encrypting for real time video transmission
Lindskog et al. A content-independent scalable encryption model
US20060088156A1 (en) Cfm mode system
JP4752239B2 (en) Common key encryption method and apparatus
US20070092076A1 (en) Initialization method and termination method for scrambling transport stream
JP2000236305A (en) System and method for collecting viewing history
JP3864798B2 (en) Common key encryption decryption device
Han et al. EMCEM: an efficient multimedia content encryption scheme for mobile handheld devices
Lindskog et al. The Design and Implementation of a Content-Independent Scalable Encryption Model

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP