Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low
Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.
대표청구항▼
1. A method performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to perform the method, the method comprising: encrypting a first block of data with a first cryptographic key
1. A method performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the processor to perform the method, the method comprising: encrypting a first block of data with a first cryptographic key to generate a first encrypted block of data, the first block of data comprising a second cryptographic key;encrypting a second block of data with the second cryptographic key to generate a second encrypted block of data, the second block of data comprising a third cryptographic key,storing the first encrypted block of data and the second encrypted block of data on a non-volatile storage medium;generating an index comprising the first cryptographic key and a first link associating the first encrypted block of data with the second encrypted block of data; andstoring the index in a secure storage medium. 2. The method of claim 1, further comprising receiving the first block of data and the second block of data for storage on the non-volatile storage medium. 3. The method of claim 1, further comprising: retrieving the first cryptographic key from the index;retrieving the first encrypted block of data from the non-volatile storage medium; anddecrypting the first encrypted block of data using the first cryptographic key. 4. The method of claim 3, further comprising: retrieving the second cryptographic key from the decrypted first block of data, andretrieving the first link associating the first encrypted block of data with the second encrypted block of data from the index; anddecrypting the second encrypted block of data using the second cryptographic key based on the first link. 5. The method of claim 1, wherein the first encrypted block of data and the second encrypted block of data are stored on the non-volatile storage medium in a log structured file. 6. The method of claim 1, wherein the index further comprises a hierarchical location map comprising information for locating the first encrypted block of data and the second encrypted block of data on the non-volatile storage medium. 7. The method of claim 6, wherein the hierarchical location map comprises one or more nodes, a first node of the one or more nodes comprising a first cryptographic hash of the first block of data and an indicator specifying a location of the first encrypted block of data on the non-volatile storage medium. 8. The method of claim 1, wherein the method further comprises: encrypting a third block of data with the third cryptographic key to generate a third encrypted block of data, the third block of data comprising a fourth cryptographic key; andstoring the third encrypted block of data on the non-volatile storage medium;wherein the index further comprises a second link associating the second encrypted block of data with the third encrypted block of data. 9. The method of claim 1, wherein the non-transitory computer-readable storage medium and the non-volatile storage medium comprise a single storage medium. 10. The method of claim 1, wherein secure storage medium is associated with a protected processing environment of the system. 11. A non-transitory computer-readable storage medium storing executable instructions that, when executed by a processor of a system, cause the processor to perform a method comprising: encrypting a first block of data with a first cryptographic key to generate a first encrypted block of data, the first block of data comprising a second cryptographic key;encrypting a second block of data with the second cryptographic key to generate a second encrypted block of data, the second block of data comprising a third cryptographic key,storing the first encrypted block of data and the second encrypted block of data on a non-volatile storage medium;generating an index comprising the first cryptographic key and a first link associating the first encrypted block of data with the second encrypted block of data; andstoring the index in a secure storage medium. 12. The non-transitory computer-readable storage medium of claim 11, further comprising receiving the first block of data and the second block of data for storage on the non-volatile storage medium. 13. The non-transitory computer-readable storage medium of claim 11, further comprising: retrieving the first cryptographic key from the index;retrieving the first encrypted block of data from the non-volatile storage medium; anddecrypting the first encrypted block of data using the first cryptographic key. 14. The non-transitory computer-readable storage medium of claim 13, further comprising: retrieving the second cryptographic key from the decrypted first block of data, andretrieving the first link associating the first encrypted block of data with the second encrypted block of data from the index; anddecrypting the second encrypted block of data using the second cryptographic key based on the first link. 15. The non-transitory computer-readable storage medium of claim 11, wherein the first encrypted block of data and the second encrypted block of data are stored on the non-volatile storage medium in a log structured file. 16. The non-transitory computer-readable storage medium of claim 11, wherein the index further comprises a hierarchical location map comprising information for locating the first encrypted block of data and the second encrypted block of data on the non-volatile storage medium. 17. The non-transitory computer-readable storage medium of claim 16, wherein the hierarchical location map comprises one or more nodes, a first node of the one or more nodes comprising a first cryptographic hash of the first block of data and an indicator specifying a location of the first encrypted block of data on the non-volatile storage medium. 18. The non-transitory computer-readable storage medium of claim 11, wherein the method further comprises: encrypting a third block of data with the third cryptographic key to generate a third encrypted block of data, the third block of data comprising a fourth cryptographic key; andstoring the third encrypted block of data on the non-volatile storage medium;wherein the index further comprises a second link associating the second encrypted block of data with the third encrypted block of data. 19. The non-transitory computer-readable storage medium of claim 11, wherein the non-transitory computer-readable storage medium and the non-volatile storage medium comprise a single storage medium. 20. The non-transitory computer-readable storage medium of claim 11, wherein secure storage medium is associated with a protected processing environment of the system.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (49)
Ober, Timothy; Reed, Peter; Doud, Robert W., Apparatus and method for implementing IPSEC transforms within an integrated circuit.
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
Asokan,Nadarajah; Ekberg,Jan Erik; Paatero,Lauri, Method, system and computer program product for a trusted counter in an external security element for securing a personal communication device.
Van Wie David M. ; Weber Robert P., Steganographic techniques for securely delivering electronic digital rights management control information over insecure.
Shear Victor H. ; Van Wie David M. ; Weber Robert P., Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Hall Edwin J. ; Shear Victor H. ; Tomasello Luke S. ; Van Wie David M. ; Weber Robert P. ; Worsencroft Kim ; Xu Xuejun, Techniques for defining using and manipulating rights management data structures.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M. ; Weber Robert P., Trusted and secure techniques, systems and methods for item delivery and execution.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.