ENCRYPTION OF PARTITIONED DATA BLOCKS UTILIZING PUBLIC KEY METHODS AND RANDOM NUMBERS
FIELD AND BACKGROUND OF THE INVENTION The present invention relates to a system and method for video, audio and data encryption, and in particular to such a system and method in which the efficiency of encryption is increased by encrypting a first portion of the data according to a strong encryption protocol and a second portion of the data according to a rapid encryption protocol, such that effectively the entirety of the data cannot be accessed without the key for the strong encryption protocol. As increasing amounts of data are transmitted through the Internet and other networks, the need has grown for strong and efficient encryption methods in order to protect the transmitted data. Since the Internet is not truly peer-to-peer, transmitted data can unfortunately be accessed relatively easily by unauthorized users. For example, the transfer of sensitive financial data, confidential business information and the electronic transfer of proprietary information of commercial institutions, must remain confidential and protected. Other examples of sensitive data include securities information related to the stocks and securities community, medical information for patients, stored and retrieved business data and so forth.
Although a number of encryption methods are currently available for protecting data for transmission, all of these encryption methods suffer from disadvantages. Strong methods of encryption require extensive computing resources and time for performance. Weaker encryption methods are easy to overcome, such that the encrypted data is still vulnerable to access by unauthorized personnel. Thus, clearly new methods for encrypting data are required in order to efficiently encrypt data for transmission and in order to effectively protect the data during transmission and/or storage.
For example, the Data Encryption Standard (DES) could be used with a commonly generated global key, where the global key is generated using public key cryptographic techniques. The 3DES implementation in software
programs is inefficient because of the complicated, computationally intensive algorithm, which requires a powerful processor as well as large amount of time to perform calculations for each block of data. For wide bandwidth data, such as video stream data, the time and processor requirement is undesirable and economically unjustified.
PCT Application No. WO 99/44364 discloses an improved encryption method, in which the data to be encrypted is first divided into blocks. Certain blocks are scrambled according to a one-to-one function with other blocks, which are not scrambled. These blocks are then encrypted with the global key. The combination of scrambling the data with the encryption prevents the data from being understood by an unauthorized user. However, the one-to-one function has the disadvantage of being reversible, such that the original data can be regenerated from the scrambled data by performing the reverse of the function. Furthermore, such one-to-one functions are more vulnerable to being "cracked" by unauthorized users, even without access to the particular function itself and/or the key which was used to scramble the data.
A more secure method would not use a one-to-one function for scrambling the scrambled blocks of data, but instead would use a function which is not reversible. Such a method could also incorporate different types of encryption for various portions of the data, since the scrambled data itself would be significantly less accessible to the unauthorized user. Unfortunately, such a secure method is not currently available.
There is thus a need for, and it would be useful to have, a system and a method for encrypting data in which the data is divided into blocks and sub-blocks, some of which are scrambled according to a non-reversible function, such that different portions of the data can be encrypted according to encryption methods of different strengths for more efficient encryption of the data, while still maintaining the overall strength of the protection of the data at the high level of the strongest encryption method.
SUMMARY OF THE INVENTION
The present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function and then optionally, encrypting the scrambled data with the generated random local-data key. which is defined as a XOR combination of the hash function and the second portion of the data. The encryption method, which is used to encrypt the first portion of the data could optionally and preferably be weak but rapidly performed. Preferably, the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption.
The second part of the data, which is preferably the smaller portion of the data, contains the local-data key "XOR"-ed with the smallest second portion. This second part of the data is optionally and preferably encrypted using a Public key, defined as a Global Key, more preferably with a stronger encryption method of any kind.
The system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method. As used herein, the terms "stronger encryption method" and "weaker encryption method" are relative, such that the results of the stronger encryption method are more difficult to break than the results of the weaker encryption method. Thus, the system and method of the present invention are both more efficient and more effective than background art encryption methods. According to the present invention, method for encrypting data with a global key is provided, the data being divided into a plurality of blocks, the steps of the method being performed by a data processor, the method comprising the steps of: (a) dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block; (b) combining said first sub-block with said second sub-block with a hash function to form a scrambled sub-block of data as a random key; (c) replacing said second sub-block with
said random key; (d) encrypting said first sub-block of data; and (e) encrypting said random key with the global key.
According to another embodiment of the present invention, a system is provided for encrypting data with a global key, the data being divided into a plurality of blocks, the system comprising: (a) a data input device for receiving the blocks of data; (b) a sub-block division module for dividing the blocks of data into sub-blocks; (c) a scrambling module for performing a non-reversible function on at least one sub-block of data to form scrambled data; (d) a random key module for replacing the at least one sub-block with the scrambled data and for encrypting the scrambled data with the random local- data key; and (e) a remainder encryption module for encrypting the random local-data key with a global key.
Hereinafter, the term "computer platform" refers to a particular computer hardware system or to a particular software operating system. Examples of such hardware systems include, but are not limited to, personal computers (PC), palmtop computers, handheld and portable computers, Macintosh ™ computers, mainframes, minicomputers, various types of data processors including ASIC, DSP, and RISC processors, workstations. Examples of such software operating systems include, but are not limited to, UNIX, VMS, Linux, MacOS™, DOS, one of the Windows™ operating systems by Microsoft Corp. (USA), including Windows NT™, Windows 3.x™ (in which "x" is a version number, such as "Windows 3.1™"), Windows CE™, Windows95™, and Windows98™, as well as any suitable operating system for embedded units or palmtop/handheld type portable computers. For the present invention, a software application could be written in substantially any suitable programming language, which could easily be selected by one of ordinary skill in the art. The programming language chosen should be compatible with the computer platform according to which the software application is executed. Examples of suitable programming languages include, but are not limited to, C, C++ and Java.
In addition, the present invention could be implemented as software, firmware or hardware, or as a combination thereof. For any of these implementations, the functional steps performed by the method could be described as a plurality of instructions performed by a data processor.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
FIG. 1 is a flowchart of an exemplary method for encrypting data according to the present invention;
FIG. 2 is a schematic block diagram for describing a preferred embodiment of the method of Figure 1 ; and
FIG. 3 is a schematic block diagram of an exemplary system according to the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention is of a system and a method for more rapidly and efficiently encrypting data with a global key, by scrambling a first portion of the data according to a non-reversible function such as a hash function, and then replacing the local data key with the second portion of data. The scrambled, first portion of data is then encrypted with the local-data key. Next, the second portion of the data is replaced with a global key, preferably according to a strong encryption method. The first portion of data may then optionally be encrypted with a weak encryption method. Preferably, the first portion of data is a relatively large fraction of the overall data, for increased efficiency of encryption. However, the system and method of the present invention effectively provide the highest level of data security overall, at the level provided by the strong encryption method, even though only a portion of the data is encrypted according to the strong encryption method. Thus, the system and method of the present invention are both more efficient and more effective than background art encryption methods.
Examples of background art encryption methods which may be employed with the present invention also include, but are not limited to, Diffie-Hellman, as disclosed in U.S. Patent No. 4,200,770; RSA, as disclosed in U.S. Patent No. 4,405,829; and Hellman-Pohlig, as disclosed in U.S. Patent No. 4,424,414; all of which are hereby incorporated by reference as if fully set forth herein.
The principles and operation of the system and method according to the present invention may be better understood with reference to the drawings and the accompanying description. Referring now to the drawings, Figure 1 shows a flowchart of an exemplary method for encrypting data according to the present invention. As described in greater detail below with regard to Figure 3, various types of data can optionally be encrypted according to the method of the present invention. The exemplary method assumes that a global key is publicly available for a public-key encryption method, which is highly preferred for the operation of the present invention. However, it is understood that other types of encryption methods and key generating schemes, such as ECC (elliptic curve cryptography), could also be used with the method of the present invention. In step 1 of Figure 1, the data is divided into a plurality of blocks. The size of the blocks is dependent upon the type of data and/or upon the type of encryption to be performed at subsequent steps. However, a typical preferred block size is 512 bits. In step 2, each block is divided into at least two sub-blocks, denoted as a first sub-block and a second sub-block, although optionally the data may be divided into a larger number of sub-blocks, as described in greater detail below with regard to Figure 2. Preferably, each sub-block is 64 bits in size if the DES group of encryption methods is used to encrypt the data.
In step 3, a hash function is performed to combine the first sub-block of data with the second sub-block of data, for example with an XOR (exclusive "or") function. The performance of the hash function results in a scrambled sub-block of data, which then forms a random key. The random key is thus
data dependent, and as such cannot be predicted by analyzing previous sub-blocks of data and/or by analyzing previous blocks of data. Indeed, a change to a single bit of the block of data would change the random key. Thus, unless the unauthorized user had access to all of the data, the random key could not be obtained by analytical methods of "cracking" the ciphertext.
Optionally, an extension to the performance of the hash function would involve the operation of the MD5 algorithm or any other one-way hash function including but not limited to those functions which are described in "Applied Cryptography Second Edition: Protocols, Algorithms, and Source Code in C", Bruce Schneier, ISBN 0-471-12845-7, Katherine Schowalter, John Wiley & Sons, Inc.
In step 4, the second sub-block is replaced with the random key. In step 5, the first sub-block of data is encrypted, optionally and preferably with a weaker but more rapidly performed method of encryption, such as the original DES encryption method for example.
In step 6, the random key is encrypted with the global key, preferably with a strong encryption method such as the 3 DES encryption method for example. The term strong encryption method refers generally to the level of security of the encryption algorithm, such that a strong encryption method provides a higher level of security. For example, it generally believed that the 3DES encryption method is stronger than the DES encryption method. Another example of a strong encryption method is IDEA. By contrast, a weak encryption method provides a lower level of security. In step 7, the encrypted data may now be transmitted and/or stored, for example. Various options for using the encrypted data are described in greater detail with regard to Figure 3. One advantage of the method of the present invention is that real-time encryption is significantly accelerated, since a high overall level of security can be provided for the entirety of the data, even if only a small portion of the data is encrypted with the strong encryption method, while the remainder of the data is encrypted with a weaker but more efficient encryption method. Therefore, the rate of encryption is significantly accelerated, which is particularly
important for real-time and other highly time-sensitive encryption applications. For such applications, any delay is unacceptable. Thus, the method of the present invention provides strong encryption security for a fraction of the computational time and processing requirements. Another advantage of the method of the present invention is that the
RC4 encryption method, or any fast stream cipher method in which data must be encrypted as a stream rather than as discrete units, can be used to encrypt the data. The RC4 encryption method is a strong and efficient method of encryption, but has the disadvantage of being unsuitable for data, which is organized into packets or other discrete units. This disadvantage arises from the requirement of the algorithm for a random key in order to encrypt the data, as the strength of this particular encryption algorithm lies with the use of the random key. Previous applications of the RC4 algorithm would therefore result in the same random key being used for encrypting all of the packets in a particular transmission, which would render the encrypted data highly vulnerable to being "cracked" or decrypted from ciphertext back to plaintext by an unauthorized user. The method of the present invention overcomes this disadvantage by providing a random key, which is generated separately for each unit of data such as a packet. Thus, the method of the present invention could use the RC4 algorithm for encrypting the second sub-block of data, for example.
Another advantage of the method of the present invention is that the method permits a combination of a block cipher with a stream cipher. Yet another advantage of the method of the present invention is that the method could be divided into two or more stages to provide protection for data which is to be stored, as well as for data which is to be retrieved, broadcast and/or browsed one or more times, in real time and on-demand. The first stage would preferably be a "pre-encryption process". The method could perform the "pre-encryption process" as defined below during the process of storing digital files or compressed data, by using relatively few computational functions, which do not consume a significant portion of the time required for performing
the total process.
At least a portion of the method is preferably performed "off-line" or "near-line" for the post-compression of data before transmission or storage. This portion of the method preferably includes the step of first: Dividing each block into at least two sub-blocks, denoted as a first sub-block and a second sub-block. Next, the first sub-block is combined with the second sub-block with a hash function to form a scrambled sub-block of data as a random key. In step 3, the second sub-block is replaced with the random key.
The benefits of using this method include the following. First, the stored content is in a protected format. Second, the method does not encrypt the header or trailers of relevant packages, which are used for indexing functions, for example in order to browse through stored, encrypted data for retrieval of such data. Third, the method does not add one or more redundant bits to the data; unlike background art methods, which do add such bits. Preferably, the second stage is performed upon demand for the retrieval, broadcast, remote transmission and/or browsing of the protected stored data. The second stage preferably includes the step of encrypting the random key with the global key.
The benefits of the second stage include the following. First, the protected stored data can be transmitted in a highly secure form to a remote storage location, since the highly secure encryption of the data is now added with the preferred strong encryption method. Second, if multiple subscribers request the same content, the method of the present invention would only require encryption of the designated sub-block containing the local data key with the subscriber public (Global) key, rather than encrypting the whole file or block. Therefore, such an encryption process clearly requires fewer computational resources to perform and is therefore more efficient.
Furthermore, for gateway and router key switching applications, the method would only require encryption of the designated sub-block containing the local data key with the subscriber public (Global) key, as compared to the process of encrypting the whole data package, which passes the unit.
According to another preferred embodiment of the present invention, steps 1-5 of the method of Figure 1 are performed in a pre-processing stage. This pre-processing stage is preferably performed off-line or near off-line for data storage purposes, including but not limited to. creating secure physical and virtual data storage volumes or "snap-shots" of stored data, or used for remote back-up and mirroring of data.
Figure 2 is a schematic block diagram of a preferred but exemplary implementation of the method of Figure 1. As noted previously, the block of data may be of substantially any size, and may be divided into substantially any number of a plurality of sub-blocks of substantially any size. For example, for a block of data of 512 bits, the plurality of sub-blocks may be 16 sub-blocks of 32 bits per sub-block, 8 sub-blocks of 64 bits per sub-block, 4 sub-blocks of 128 bits per sub-block, and so forth.
In the example of Figure 2, the block of 512 bits of data is divided into 8 sub-blocks of 64 bits per sub-block, designated as "dl" through "d8". The block of data also features a footer and header. Therefore, for the method of Figure 1 as performed on the data structure of Figure 2, sub-blocks dl to d7 would be scrambled with sub-block d8 according to a hash function to form the random key. The random key would then replace sub-block d8. A fast cipher like RC4 or DES encryption method would optionally be used to encrypt sub-blocks dl to d7, for example, with the global key. A high-level cipher 3DES encryption method would optionally be used to encrypt sub-block d8, for example.
Also as shown in Figure 2, another advantage of the method of the present invention is that a plurality of global keys could be used to encrypt the data without re-encrypting the entirety of the data with each global key. Instead, only the random key, which replaced sub-block d8 in this example, would need to be re-encrypted with each global key. The remaining sub-blocks would only need to be encrypted once, regardless of the number of different global keys, which are used. Thus, such an implementation is clearly more
efficient for encryption when multiple global keys are required, for example for a system with multiple users and/or subscribers.
Figure 3 is a schematic block diagram of an exemplary system according to the present invention. A system 10 features a data input device 12 for inputting data, which may be any type of broadcasting application. System 10 is also assumed to have received a global key. Data input device 12 is optionally connected to a sub-block division module 14 for dividing the data into blocks and sub-blocks, if the data is not already divided into blocks and/or sub-blocks. A scrambling module 16 then receives the blocks and sub-blocks of data, and performs a non-reversible function, such as a hash function, on at least one sub-block of data to form scrambled data. A random key module 18 then replaces a designated sub-block with the scrambled data, to form an encrypted random key. A remainder encryption module 20 then encrypts the remainder of the sub-blocks for each block to form encrypted sub-blocks, preferably with a weaker but more rapidly performed encryption method as previously described. The encrypted sub-blocks and random key may then optionally be transmitted through a network 22, or alternatively may be securely stored on an electronic storage device (not shown) for example. Examples of suitable types of data include, but are not limited to, video stream data and/or audio stream data on substantially any type of platform such as network transmission, satellite and other wireless transmission, cable transmission, xDSL and so forth; voice communication data such as voice over IP (Internet Protocol) networks and/or through cable modems, and so forth; video stream data which has been compressed according to a particular compression method such as a member of the MPEG (Motion Picture Expert Group) set of compression methods; DVB data playback and real-time playing; and wireless transmissions such as through cellular telephones, for example.
One preferred but exemplary implementation of system 10 would be for video on-demand applications, in which a subscriber individually orders a particular video to be displayed at the request of the subscriber. System 10
provides a mechanism for protecting the video data with encryption, in order to prevent unauthorized users from obtaining such video data.
The increased efficiency of the system and method of the present invention can be calculated according to a "gain factor", which quantifies the order of magnitude of improvement for the rate of encryption according to the present invention. For these calculations, the required numbers of instructions per bit for various encryption methods are assumed to be as follows: DES, 4 instructions per bit; 3DES, 12 instructions per bit; MD5, 0.5 instructions per bit. Therefore, implementing 3DES results in the performance of 512 x 12 instructions per block of data, or 6144 instructions.
For real-time encryption applications according to the present invention, assuming that a weaker encryption method is used for the majority of the block, while the strong encryption method is used for only 64 bits of the block, then the total number of instructions per block for the method of the present invention is 4.5 x (512-64) + (64 x 12) = 2784 instructions per block. Therefore, the gain factor in terms of numbers of instructions per block is 2784/6144 = 2.2. Thus, clearly the method and system of the present invention are significantly faster and more efficient than background art methods for real-time encryption applications.
It will be appreciated that the above descriptions are intended only to serve as examples, and that many other embodiments are possible within the spirit and the scope of the present invention.