GB2482297A - Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream - Google Patents

Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream Download PDF

Info

Publication number
GB2482297A
GB2482297A GB1012546.6A GB201012546A GB2482297A GB 2482297 A GB2482297 A GB 2482297A GB 201012546 A GB201012546 A GB 201012546A GB 2482297 A GB2482297 A GB 2482297A
Authority
GB
United Kingdom
Prior art keywords
data stream
streams
stream
encryption
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1012546.6A
Other versions
GB201012546D0 (en
Inventor
Darren Robert Christopher Higgins
Paul Howard
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DISUK Ltd
Original Assignee
DISUK Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DISUK Ltd filed Critical DISUK Ltd
Priority to GB1012546.6A priority Critical patent/GB2482297A/en
Publication of GB201012546D0 publication Critical patent/GB201012546D0/en
Publication of GB2482297A publication Critical patent/GB2482297A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0457Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply dynamic encryption, e.g. stream encryption
    • H04L29/06659
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels

Abstract

The apparatus comprises a divider (62), encryption modules (63) and a combiner (67). The divider divides a source of input data into plural sub-streams, each of the sub-streams including data not included in other ones of the sub-streams. The encryption modules encrypt respective sub-streams according to respective different encryption techniques. The encrypted sub-streams are re-combined and sent to a receiver, where the reverse operation is performed (fig.4, not shown). The sets of parameters used for the encryption (e.g. key strength, fig.5, not shown) are configurable by a user. Optionally the input data may also be compressed (61) prior to splitting and encryption.

Description

Data Encryption and Data Decryption
Description
The invention relates to the encryption of data, and to the decryption of data.
It is well known to encrypt data before transmitting it over a communication medium or storing it for later retrieval. Encryption provides some security for the data, in that it is necessary to know certain information, such as information about encryption keys that were used to encrypt the data, before it can be decrypted. The use of encryption makes it impossible or at the least difficult for unauthorised persons to access data not intended for them.
DISUK Limited supplies a range of hardware tape encryption appliances. A product named Paranoia3 produced by DISUK Limited uses AES encryption and includes pre-compression of data. The Paranoia3 product receives data via a Fibre Channel interface or a small computer serial interface (SCSI) interface, pre-compresses and encrypts the data and provides it via another interface for storage on a tape medium, which may be included in a stand-alone tape drive or within a library of tapes. The encrypted data stored on the tape medium is secure in the sense that it cannot be accessed by unauthorised persons even if the tape medium itself is lost or stolen. The Paranoia3 product is operable in response to an appropriate user input to decrypt data from a tape, decompress the decrypted data and provide uncompressed unencrypted data to a Fibre Channel host.
The security of encrypted data is dependent on a number of factors, including the type of encryption used and the length of encryption key that is used. However, certain constraints exist. For instance, some countries impose restrictions on the use of cryptography without prohibiting it. Also, security experts continually work devising attacks on encryption types, with the result that the relative protection provided by different encryption types changes over time.
The invention was made in this context.
The invention is defined by the claims and their equivalents.
Embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a schematic diagram of a system in which the invention is incorporated in various aspects; Figure 2 is a schematic diagram of generic processing apparatus according to aspects of the present invention; Figure 3 is a schematic diagram illustrating a data encryption apparatus according to various aspects of the invention; Figure 4 is a schematic diagram illustrating a data decryption apparatus according to various aspects of the invention; and Figure 5 is a user interface provided by apparatus according to aspects of the invention.
Referring firstly to Figure 1, a system 10 is illustrated. The system includes a computing site 11, which includes a source of data 12 and an encryption and decryption apparatus 13. The source of data may take any suitable form. For instance, it may be a server, a non-server computing device, a private network, etc. The computing site 11 is connected to a network 14. The network 14 may be a public network, such as the Internet, or it may be private, for instance a corporate network. The network 14 includes multiple switches, one of which is illustrated at 26.
Also connected to the network 14 is a terminal 15, which is shown to include an input device 16, in the form of a keyboard, a processor 17 and a memory 18.
o Also connected to the network 14 is a storage area network (SAN) 19. The SAN includes first to fifth storage devices 20 to 24, which are commonly coupled to the Internet 14 by a gateway device 25. The first and second storage devices 20, 21 each include a respective hard disc drive (HDD) 27, 28. Each of the third to fifth storage devices 22-24 each include respective tape storage devices 29-31. The tape devices 29-3 1 may be tape libraries, including multiple tape media, or may be individual tape drives, each associated with a single tape medium, for instance.
Within the computing site 11, the source of data 12 is connected to the encryption/decryption apparatus 13 by way of a network connection 32. The data encryption/decryption apparatus 13 is connected to the network 14 by a connection 33, which may take any suitable form.
The terminal 15 is connected to the network 14 by a connection 34, which may for instance be a DSL connection or a dialup. The connection 34 may involve a wireless link, such as for example a Wi-Fi link or a cellular phone link.
As will be appreciated from the description below, aspects of the invention may be incorporated in the encryption/decryption apparatus 13, the terminal 15, the network switch 26 and any of the storage devices 20-24.
Referring now to Figure 2, a schematic diagram of hardware that can implement aspects of the invention is shown at 40. The apparatus 40 includes an input interface 41, which is connected to an input line 42. An output interface 43 is similarly connected to an output line 44.
The input interface 41 is connected via a bus 45 to some pseudo-random access memory (RAM) 46. A second bus 47 connects the RAM to the output interface 43.
A processor 48 is connected directly to the RAM 46 by a line 49, which can carry control signals and data. The processor 48 also is coupled to the input interface 41 by a second control line 50 and is coupled to the output interface 43 by a third control line 51.
The processor 48 is operable to execute one or more software programs that are stored in a read-only memory (ROM) 52. The one or more computer programs in effect determine every aspect of the operation of the system 40.
A user interface 53 is coupled to the processor 48. The user interface 53 includes one or more input devices, such as the keyboard 16 of Figure 1, and one or more output devices, such as a display or monitor, for instance as shown to be included in the terminal 15 of Figure 1. The user interface 53 allows a user to control certain aspects of operation of the system 40, and allows the system 40 to indicate to a user information such as its status and selected configuration options.
In some embodiments, the input interface 41 and the output interface 43 are unitary. In these embodiments, the input 42 and the output 44 may be constituted by a single input/output, or they may remain separate.
Operation of the system of Figure 2 in providing encryption of data will now be described with reference to Figures 3 and 5.
In Figure 3, a system is shown schematically as including a number of modules, which are connected in a predefined manner. The modules are provided by the one or more computer programs that are stored in the ROM 52 of Figure 2 and executed by the processor 48 in conjunction with the RAM 46. Input data is received at the system of Figure 3 firstly at an optional compression module 61.
The compression module 61 may be omitted. Alternatively, it may be selectively disabled by software. If operational, the compression module 61 provides compression of the received input data in any suitable way. As is known, compression typically results in a reduction in the amount of data, so compressed data typically occupies fewer bytes than the input data. Compressed data is provided as an output of the compression module 61, and is received by a stream splitting module 62.
As can be seen from Figure 5, a first part 80 of information provided at an output of the user interface 53 indicates a number of streams and indicates whether data compression is on' or off'. In Figure 5, the number of streams is set at three and data compression is set to on'. The user interface 53 allows a user to change these settings. For instance, the user can select that data compression is switched off'.
In such a case, the software stored in the ROM 52 disables the compression module 61. The user interface 53 also allows a user to set the number of parallel streams.
In Figure 5, the number of streams is shown to be set at three, although it will be appreciated that this is just an example. The number of streams can be changed for instance using a numerical key entry or by selecting a number from a drop-down list.
After the first part 80 of the user interface is a second part 81, that relates to configurations for all streams. In the second part 81, the user is able to control three separate parameters, namely encryption type, key strength and key merge. The encryption type is selectable in the second part 81 to be either configurable or non-configurable. In Figure 5, the encryption type is shown as having been selected as being configurable by a user. The key strength is able to be set as configurable, in which case the key strength can vary between different streams, or can take one of a number of pre-set values. In Figure 5, the key strength is shown to have been selected as 64 bit. The key merge field can be either on' or off'. In the Figure, key merge is shown to have been selected by a user to be on'.
Following the section 81 are third to fifth sections 82 to 84, each of which relates to a different one of the streams. Since the user has selected that there are three streams (as shown in the section 80), there are three sections 82 to 84, one for each of the streams.
For each stream, four different parameters are shown. These parameters are encryption type, key strength, key type and key.
In the example shown in Figure 5, the encryption type is different for each of the streams. In particular, the first stream has encryption type DES, the second type has encryption type AES and the third type has encryption type Blowfish. If in the second section 81 the user has selected that the encryption type is configurable, the software controls the user interface to provide a different encryption type in each of the streams by default. However, a user may select a different encryption type for the streams individually through the user interface 53, for instance by selecting an encryption type from a drop-down list. In the event of the encryption type being specified in the section 81 as being anything other than configurable, the encryption type in each of the sections 82 to 84 is shown to have the encryption type that is set in the first section 81. Other encryption types that may be selected include IDEA, SEAL and RC4.
For each of the sections 82 to 84, a key strength parameter is shown. Since the key strength parameter was set at 64 bits in the second section 81, this setting (64 bit) is shown in each of the stream sections 82 to 84. If, however, the key strength was set as configurable in section 81, the parameters in the stream sections 82 to 84 are able to be changed by the user from a default value. The key strength may be selected by way of a drop-down list, for instance. The key strength may be different for different ones of the streams 82 to 84.
The key type parameter is individually configurable for each of the streams 82 to 84.
The key parameter for each of the first to third stream 82 to 84 necessarily is different for different streams. The software is configured so as to provide a pseudo-random key in each of the streams, although the key may be changed by a user through the user interface 53.
The stream splitting module 62 is configured to divide the input data (as compressed if appropriate) into a number of streams. The number of streams is set by the parameter provided in the first section 80 of the output of the user interface shown in Figure 5. The stream splitting module 62 is configured to split the input data having regard to a block size parameter. The block size parameter may be set by the system, for instance based on a determination as to target device type (for instance Fibre Channel or HDD), and/or may be negotiated prior to data communication. Data blocks at the block size are provided by the stream splitting module 62. The resulting streams are provided to appropriate ones of first to fourth encryption modules 63 to 66. In this example, there are three streams so only the first to third encryption modules 63 to 65 are provided with data streams.
In systems in which the number of streams can be set to have a value greater than four, further encryption engines (not shown) are provided.
Each of the encryption modules 63 to 66 is configured such that encryption is performed only once an amount of data equal to the block size has been received.
Data is buffered prior to being encrypted The first encryption engine 63 is configured to encrypt data received from the stream splitting module 62 according to the parameters specified in the first stream section 72 of the user interface of Figure 5. In this example, the first encryption module 62 is configured to encrypt 64kB blocks of the received data using the DES encryption type with the key specified in the section 72. Similarly, the second encryption module 64 is configured to encrypt data received from the stream splitting module 62 according to the parameters specified in the second stream section 73 of Figure 5. The third encryption module 65 is configured to encrypt data received from the stream splitting module 62 according to the parameters shown in the third stream section 74 of Figure 5.
Once encryption is completed, the resulting encrypted data is provided to a stream combining module 67. In the meantime, data received from the stream splitting module 62 is monitored and once it is detected that the amount of data equals the block size specified for the stream, encryption is performed on that data before the encrypted is provided to the stream combining module 67.
Since the different encryption modules 63 to 66 receive different data from the stream splitting module 62, different parts of the input data are subjected to different encryption, as set by the parameters shown in the user interface of Figure The stream combining module 67 is configured to provide a single data stream using encrypted data received from the encryption module 63 to 66 in the order in which they were received. The result is a single data stream that is sent to a transmission module 78. The data stream provided by the stream combining module 67 appears as a single stream, but is composed of a number of different sections, consecutive sections of which have been encrypted in different manners.
The system 60 is arranged such that encrypted data reaches the stream combining module 67 in the same order in which it was received at the stream splitting module 62, In this way, the data stream provided by the stream combining module 67 always includes data in the same order in which it was received at the system 60.
Alternatively, this steam combining module 67 may be configured to detect out-of-order data received from the encryption module 63 to 66 and to ensure that the combined data stream includes the data in the correct order.
The combined data stream is transmitted by the transmission module 68.
Each of the modules 61 to 67 of Figure 3 is provided as a separate software module that is stored in the ROM 52 and executed by the processor 48 in conjunction with the RAM 46. It will be appreciated that the execution of software modules involves the passing of data between the input interface 41 and the RAM 46, between the processor 48 and the RAM 46 and between the RAM 46 and the output interface 47.
Although Figure 3 shows dataflow between blocks in a sequence, the data may not be moved between different physical components of the Figure 2 system 40 but instead may reside in one place in the RAM 46 and be operated upon by different ones of the software modules stored in the ROM 52.
The transmission module 68 includes a software module stored in the ROM 52 and also involves the hardware output interface 43.
Data provided by the transmission module 68 may be sent to a remote location, for instance it may be sent from the encryption/decryption apparatus 13 to the terminal 15, or alternatively it may be stored, either locally or remotely, for instance in one of the storage devices of the SAN 19.
The corresponding receiver system 70 is illustrated in Figure 4. Here, a data stream is received at a receiving module 71 and is then provided to a stream splitting module 72. The stream splitting module 72 is configured to split the received data stream into blocks that correspond to the blocks provided by the first to fourth encryption modules 63 to 66 of Figure 3. These different blocks are provided to respective ones of decryption modules 73 to 76, which decrypt the received data according to the relevant decryption parameters. Decrypted data is provided by the decryption modules 73 to 76 and received at a stream combining module 77. A data stream is formed from the decrypted data blocks by the stream combining module 77, This data stream has the same form as that received at the stream splitting module 62 of Figure 3. If the compression module 61 was present and operational, decompression occurs in a decompression module 78, with decompressed unencrypted information being provided at a data output.
Again, each of the modules 71 to 78 is constituted by one or more software modules that are stored in the ROM 52 and executed by the processor 48 in conjunction with the RAI\4 46.
The system 70 uses the encryption parameters shown in Figure 5 to split, decrypt and recombine the received data stream.
In some embodiments, the stream combiner 67 is omitted. Instead, encrypted streams are sent separately by the transmitter system 60. Here, the encrypted streams may be packetized and sent using a packetized protocol, for instance -10 -internet protocol. In these embodiments, the receiver system 70 does not need a stream splitting module 72, however, the receiving module 71 is configured to receive distinct streams and provide them to the appropriate ones of the decryption modules 73 to 78.
In order to reconstruct correctly at the receiver system 70 the data stream received at the input of the transmitter system 60, the receiver system 70 needs to know the configuration of the transmitter system 60. In particular, the receiver system 70 needs to be able to separate the streams from the received data. If the streams are not combined in the transmitter (e.g. because no stream combiner 67 is present in the transmitter system 60 or because any stream combiner 67 is disabled), separating the streams can be relatively straightforward. If the received data includes a combined stream, the receiver system 70 needs to know where to split the received stream such as to provide the correct sub streams. This can be achieved in one of two ways. Either the stream transmitted by the transmitter station 60 can indicate where the stream should be split, for instance using a bit sequence that is reserved for this purpose and cannot otherwise be present in the stream. Alternatively, the receiver system 70 can be provided with information about how the stream was split, including details of the number of sub streams, the amount of data included in each of the slices as well as the locations in the data stream at which one slice ends and another begins.
The receiver needs also to have the relevant information about the encryption applied to each of the streams. This information includes at least the encryption type and the encryption key (the key strength can be determined from the key length). This information can be termed the stream encryption information.
If compression was applied, the receiver system 70 also needs to deduce or be provided with details of the compression algorithm(s) used.
The receiver system 70 can be provided with the stream encryption information in one of a number of different manners. In one alternative, the transmitter system 60 and the receiver system 70 enter into a handshaking procedure prior to the transmission of encrypted streams. In this case, P1(1 may be used. . In another alternative, the transmitter system 60 send a certificate to the receiver system 70.
This allows authentication of the transmitter system 60 by the receiver system 70.
The certificate also allows the receiver system to unlock a key that is pre-stored in encrypted form In another alternative, the stream encryption information is entered manually into the receiver system 70 by a user. In this case, the receiver system 60 may provide a user interface like that of Figure 5, although omitting irrelevant fields, In another alternative, P1(1 is used in conjunction with the sending of a certificate from the transmitter system 60 to the receiver system 70.
Some embodiments of the invention utilise a virtual private network (\TPN). A VPN is a virtual connection to a physical network, usually from a remote station.
For instance, a user at their home can access a network at their employer's premises using a VPN. VPNs are provided with security features such as to prevent access to the network by unauthorised persons. However, data passing between the user's home and their employer's premises may be intercepted, for instance at the user's local telephone exchange. Encryption of the link between the user's home and the employer's premises using the techniques described with reference to Figures 4 and can ensure security of the VPN.
In embodiments of the invention, the terminal 15 is used as a terminal to access a VPN connection in a network at the source of data 12. In these embodiments, the processor 17 and the memory 18 of the terminal 15 cooperate to provide the functionality of both the transmitter system 60 and the receiver system 70.
Alternatively, if data is to be sent between the terminal 15 and the network 12 in only one direction, one of the transmitter system 60 and the receiver system 70 may be omitted from the terminal 15. Corresponding functionality is provided at the network 12. Here, the functionality may be both of the transmitter system 60 and the receiver system 70, or may be only one of them, depending on the requirements for data transfer between the terminal 15 and the network 12.
After receiver system 70 functionality in either or both of the terminal 15 and the network 12 (as the case may be) has ensured that has the information needed to reconstruct received data streams into their original form, the transfer of data can commence. Data that is required to be passed from the network 12 to the terminal 15 is processed using the transmitter system 60 functionality in the network 12 or the encryption/decryption device 13, is transmitted over the network 14 and is received at the terminal 15. Here, receiver system 70 functionality processes the received data and reconstructs the original data stream. Data that is required to be passed from the terminal 15 to the network 12 is processed using the transmitter system 60 functionality in the terminal 15, is transmitted over the network 14 and is received at the network 12 or the encryption/decryption device 13. Here, receiver system 70 functionality processes the received data and reconstructs the original data stream.
The transmitter system 60 can be used to advantage in a number of different parts of the system. These include the source of data 12, the encryption/decryption device 13, the network switch 26 and the terminal 15. The receiver system 70 can be used to advantage in a number of different parts of the system. These include the source of data 12, the encryption/decryption device 13, the network switch 26 and the terminal 15.
The SAN 19 also may incorporate aspects of the invention. In some modes of operation, encrypted data is generated by the source of data 12 or the terminal 15 and is stored in one of the storage devices 20-24 in encrypted form. In other modes of operation, encrypted data is generated by the source of data 12 or the terminal 15 and is decrypted in a receiver system 70 included in the gateway device 25 or one of the storage devices 20-24, with unencrypted data then being stored on the HDD or tape. Here, the unencrypted data stored on the HDD or tape may be encrypted by a transmitter system 60 provided as part of the gateway device 25 or one of the storage devices 20-24 before being transmitted to the source of data 12 or the terminal 15.
-13 -The transmitter system 60 and/or receiver system 70 functionality may be provided by part of firmware used to control the storage hardware of an HDD or tape drive or tape library.
Aspects of the invention allow for improved security in data that is transmitted and/or stored. In particular, firstly the configurability of the encryption means that compromised or weak encryption types can be avoided and secondly the use of different encryption on different parts of the data stream means that the stream as a whole is better protected. The second advantage is particularly useful in situations where there are restrictions on encryption, for instance key length.
Other embodiments will be apparent to the skilled person. The invention is not limited by the above description, and is limited only by the appended claims and their equivalents.

Claims (30)

  1. Claims 1. Apparatus comprising: a divider configured to divide a source of data into plural data streams, each of the plural streams including data not included on other ones of the plural data streams; a first stream encryption configured to encrypt a first one of the data streams according to a first encryption technique using a first set of parameters, thereby to provide a first encrypted data stream; and a second stream encryption configured to encrypt a second one of the data streams according to a second encryption technique using a second set of parameters, thereby to provide a second encrypted data stream, wherein the first and second sets of parameters are configurable by a user.
  2. 2. Apparatus as claimed in claim 1, comprising an interlacer configured to interlace the first and second encrypted data streams thereby to provide an interlaced encrypted data stream.
  3. 3. Apparatus as claimed in claim 2, configured to provide the interlaced encrypted data stream for non-transient storage.
  4. 4. Apparatus as claimed in claim 2, configured to provide the interlaced encrypted data stream for transmission over a communication medium to a remote receiver.
  5. 5. Apparatus as claimed in claim 1, comprising a data stream handler configured to provide the first and second encrypted streams separately onto a communication medium, for external transmission, or a storage device or storage system, for non-transient storage.
  6. 6. A method comprising: -15 -dividing a source of data into plural data streams, each of the plural streams including data not included on other ones of the plural data streams; encrypting a first one of the data streams according to a first encryption technique, thereby to provide a first encrypted data stream; and encrypting a second one of the data streams according to a second encryption technique, thereby to provide a second encrypted data stream, wherein the first and second sets of parameters are configurable by a user.
  7. 7. A method as claimed in claim 6, comprising interlacing the first and second encrypted data streams thereby to provide an interlaced encrypted data stream.
  8. 8. A method as claimed in claim 7, comprising providing the interlaced encrypted data stream for non-transient storage.
  9. 9. A method as claimed in claim 6 or claim 7, comprising providing the interlaced encrypted data stream for transmission over a communication medium to a remote receiver.
  10. 10. A method as claimed in claim 6, comprising providing the first and second encrypted streams separately onto a communication medium, for external transmission, or a storage device or storage system, for non-transient storage.
  11. 11. Apparatus comprising: a divider configured to divide a source of data into plural data streams, each of the plural streams including data not included on other ones of the plural data streams; a first stream encryption configured to encrypt a first one of the data streams according to a first encryption technique using a first set of parameters, thereby to provide a first encrypted data stream; and a second stream encryption configured to encrypt a second one of the data streams according to a second encryption technique using a second set of parameters, thereby to provide a second encrypted data stream, wherein the first and second sets encryption techniques are different.
  12. 12. Apparatus as claimed in claim 11, comprising an interlacer configured to interlace the first and second encrypted data streams thereby to provide an interlaced encrypted data stream.
  13. 13. Apparatus as claimed in claim 12, configured to provide the interlaced encrypted data stream for non-transient storage.
  14. 14. Apparatus as claimed in claim 12, configured to provide the interlaced encrypted data stream for transmission over a communication medium to a remote receiver.
  15. 15. Apparatus as claimed in claim 11, comprising a data stream handler configured to provide the first and second encrypted streams separately onto a communication medium, for external transmission, or a storage device or storage system, for non-transient storage.
  16. 16. A method comprising: dividing a source of data into plural data streams, each of the plural streams including data not included on other ones of the plural data streams; encrypting a first one of the data streams according to a first encryption technique, thereby to provide a first encrypted data stream; and encrypting a second one of the data streams according to a second encryption technique, thereby to provide a second encrypted data stream, wherein the first and second sets encryption techniques are different.
  17. 17. A method as claimed in claim 16, comprising interlacing the fitst and second encrypted data streams thereby to provide an interlaced encrypted data stream.
  18. 18. A method as claimed in claim 17, comprising providing the interlaced encrypted data stream for non-transient storage.
  19. 19. A method as claimed in claim 16 or claim 17, comprising providing the interlaced encrypted data stream for transmission over a communication medium to a remote receiver.
  20. 20. A method as claimed in claim 16, comprising providing the first and second encrypted streams separately onto a communication medium, for external transmission, or a storage device or storage system, for non-transient storage.
  21. 21. Apparatus comprising: a first stream decryption configured to decrypt a first one of the data streams according to a first decryption technique using a first set of parameters, thereby to provide a first decrypted data stream; and a second stream decryption configured to decrypt a second one of the data streams according to a second decryption technique using a second set of parameters, thereby to provide a second decrypted data stream, and a combiner configured to combine the first decrypted data stream with the first decrypted data stream, thereby to provide a combined decrypted data stream, wherein the first and second sets encryption techniques are different.
  22. 22. Apparatus as claimed in claim 11, comprising a deinterlacer configured to deinterlace a received interlaced encrypted data stream into the first and second encrypted data streams.
  23. 23. Apparatus as claimed in claim 12, configured to receive the interlaced encrypted data stream from non-transient storage.
  24. 24. Apparatus as claimed in claim 12, configured to receive the interlaced encrypted data stream from a remote receiver via a transmission medium.
    -18 -
  25. 25. Apparatus as claimed in claim 11, configured to receive the first and second encrypted streams separately from a communication medium, storage device or storage system.
  26. 26. A method comprising: decrypting a first one of the data streams according to a first decryption technique using a first set of parameters, thereby to provide a first decrypted data stream; and decrypting a second one of the data streams according to a second decryption technique using a second set of parameters, thereby to provide a second decrypted data stream, and combining the first decrypted data stream with the first decrypted data stream, thereby to provide a combined decrypted data stream, wherein the first and second sets encryption techniques are different.
  27. 27. A method as claimed in claim 26, comprising deinterlacing a received interlaced encrypted data stream into the first and second encrypted data streams.
  28. 28. A method as claimed in claim 27, comprising receiving the interlaced encrypted data stream from non-transient storage.
  29. 29. A method as claimed in claim 27, comprising receiving the interlaced encrypted data stream from a remote receiver via a transmission medium.
  30. 30. A method as claimed in claim 26, comprising receiving the first and second encrypted streams separately from a communication medium, storage device or storage system.
GB1012546.6A 2010-07-27 2010-07-27 Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream Withdrawn GB2482297A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1012546.6A GB2482297A (en) 2010-07-27 2010-07-27 Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1012546.6A GB2482297A (en) 2010-07-27 2010-07-27 Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream

Publications (2)

Publication Number Publication Date
GB201012546D0 GB201012546D0 (en) 2010-09-08
GB2482297A true GB2482297A (en) 2012-02-01

Family

ID=42752820

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1012546.6A Withdrawn GB2482297A (en) 2010-07-27 2010-07-27 Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream

Country Status (1)

Country Link
GB (1) GB2482297A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6347143B1 (en) * 1998-12-15 2002-02-12 Philips Electronics No. America Corp. Cryptographic device with encryption blocks connected parallel
US20070297612A1 (en) * 2005-10-21 2007-12-27 Meir Feder Method, device and system of encrypted wireless communication
US20100124332A1 (en) * 2008-11-18 2010-05-20 Verizon Corporate Resources Group Llc Secure wireless communications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6347143B1 (en) * 1998-12-15 2002-02-12 Philips Electronics No. America Corp. Cryptographic device with encryption blocks connected parallel
US20070297612A1 (en) * 2005-10-21 2007-12-27 Meir Feder Method, device and system of encrypted wireless communication
US20100124332A1 (en) * 2008-11-18 2010-05-20 Verizon Corporate Resources Group Llc Secure wireless communications

Also Published As

Publication number Publication date
GB201012546D0 (en) 2010-09-08

Similar Documents

Publication Publication Date Title
US8155311B2 (en) Method and apparatus for encrypting message for maintaining message integrity, and method and apparatus for decrypting message for maintaining message integrity
Albrecht et al. Plaintext recovery attacks against SSH
JP4907518B2 (en) Method and system for generating transcodable encrypted content
EP3195519B1 (en) Encoder, decoder and methods employing partial data encryption
JP2014204444A (en) Method and device for detecting manipulation of sensor and/or sensor data of the sensor
KR20080078013A (en) Secure system-on-chip
CN105871549A (en) Digital signal encryption processing method
KR102482908B1 (en) Network security symmetric quantum cryptography key based encryption device
CA2403488A1 (en) Automatic identity protection system with remote third party monitoring
Cherifi et al. A practical implementation of unconditional security for the IEC 60780-5-101 SCADA protocol
Singh et al. Comparative study of DES, 3DES, AES and RSA
US9002010B2 (en) Secure communication of information over a wireless link
US7920705B1 (en) System and method for convert channel detection
GB2482297A (en) Encryption involving splitting data stream into sub-streams and using of different user-configurable encryption techniques on each sub-stream
Mahalakshmi et al. Image encryption method using differential expansion technique, AES and RSA algorithm
CN115296897A (en) Covert communication method, device, storage medium and electronic equipment
Prasanthi et al. Hybrid approach for securing the IoT devices
KR20060011999A (en) Des algorithm-based encryption method
JP4910956B2 (en) Communication control system, terminal, and program
CN101159540A (en) Method and process device of transmitting-receiving data flow
US8130945B2 (en) Encrypted cryptography system
US20100014670A1 (en) One-Way Hash Extension for Encrypted Communication
Castiglione et al. Towards a lawfully secure and privacy preserving video surveillance system
CN112765686A (en) Power consumption attack prevention framework and method for algorithm key in chip
Pandey et al. Survey paper: Cryptography the art of hiding information

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)