| 发明名称 |
Data encryption conversion for independent agents |
| 摘要 |
The re-encryption of data can be performed with independent cryptographic agents that can automatically encrypt and decrypt data in accordance with cryptographic regions, such that data within a single cryptographic region is encrypted and decrypted with the same cryptographic key. An “in-place” re-encryption can be performed by reading data from a chunk in an existing cryptographic region, shrinking the existing cryptographic region past the chunk, expanding a replacement cryptographic region over the chunk, and then writing the data back to the same location, which is now part of the replacement cryptographic region. An “out-of-place” re-encryption can be performed by reading data from a chunk in an existing cryptographic region and then writing the data back to a location immediately adjacent that is part of a replacement cryptographic region. After the re-encrypted data is “shifted”, the cryptographic regions can be expanded and contracted appropriately, and another chunk can be selected. |
| 申请公布号 |
US8977865(B2) |
申请公布日期 |
2015.03.10 |
| 申请号 |
US201012786550 |
申请日期 |
2010.05.25 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Abzarian David;Moss Darren Glen;Lyakhovitskiy Grigory Borisovich;Mehra Karan;Basmov Innokentiy;Ureche Octavian T. |
| 分类号 |
G06F21/00;G06F21/78;G06F21/72;G06F21/85;H04L9/08 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
Churna Timothy;Drakos Kate;Minhas Micky |
| 主权项 |
1. One or more computer-readable memory comprising computer-executable instructions for re-encrypting a set of data, the computer-executable instructions directed to steps comprising:
reading a first chunk of data from a first storage location where the first chunk of data was stored, the first storage location being within a first encryption region during the reading, wherein data written to the first encryption region is encrypted with reference to a first cryptographic key prior to being stored in the first encryption region and data read from the first encryption region is decrypted with reference to the first cryptographic key after being read from the first encryption region; writing the first chunk of data into a second storage location where the first chunk of data will be stored for subsequent access, the second storage location differing from the first storage location, the second storage location being within a second encryption region during the writing, wherein data written to the second encryption region is encrypted with reference to a second cryptographic key prior to being stored in the second encryption region and data read from the second encryption region is decrypted with reference to the second cryptographic key after being read from the second encryption region, the second cryptographic key differing from the first cryptographic key; contracting the first encryption region to no longer include the first storage location; expanding the second encryption region to accommodate a second chunk of data, different from the first chunk of data, the expanding being performed after the writing of the first chunk of data into the second storage location within the second encryption region; and repeating the reading, the writing, the contracting and the expanding with successive chunks of data. |
| 地址 |
Redmond WA US |
