Browse Prior Art Database

Securing Information in Remote Storage Media

IP.com Disclosure Number: IPCOM000200377D
Publication Date: 2010-Oct-08
Document File: 4 page(s) / 43K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method to extend the OpenPGP protocol (RFC-4880) to describe encrypt and signed items that are stored separate from the packet itself (for instance on a cloud based server). One way to leverage PGP technology is to store the encrypted content separate from the OpenPGP packet that describes it. While most of the OpenPGP packet would stay the same, rather than encapsulating the bulk content, the literal data portion now contains meta-data including a reference indicating where the content is stored on the net as well as information on how to decrypt and view it. Using as an example a 2GB movie, let’s walk through how this works: 1. As before we create a random number large enough to be used as a session key to encrypt the data content to the specified symmetric key algorithm. In our example we are using AES-256, hence we use a 256 bit (32 byte) random number. 2. Encrypt the content (2GB movie) using the selected symmetric key algorithm. 3. Upload the content to my storage provider and create a URL or GUID that describes where the data can be retrieved from. 4. Create a record that describes the detached content location, the encryption method, session key and the application needed to view the content. 5. Encrypt this content description as an OpenPGP message, but rather than identifying it as text in the Literal Data Packet, we use a new type identifier indicating that it is detached content. 6. Send this packet to the recipients as before. Once decrypted, they have all the information available to access and decrypt the original content.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 51% of the total text.

Securing Information in Remote Storage Media

Vincent Moscaritolo

Damon Cokenias

David Finkelstein

Symantec Corporation

Abstract

A method to extend the OpenPGP protocol (RFC-4880) to describe encrypt and signed items that are stored separate from the packet itself (for instance on a cloud based server).  One way to leverage PGP technology is to store the encrypted content separate from the OpenPGP packet that describes it. While most of the OpenPGP packet would stay the same, rather than encapsulating the bulk content, the literal data portion now contains meta-data including a reference indicating where the content is stored on the net as well as information on how to decrypt and view it. Using as an example a 2GB movie, let’s walk through how this works: 1. As before we create a random number large enough to be used as a session key to encrypt the data content to the specified symmetric key algorithm. In our example we are using AES-256, hence we use a 256 bit (32 byte) random number. 2. Encrypt the content (2GB movie) using the selected symmetric key algorithm. 3. Upload the content to my storage provider and create a URL or GUID that describes where the data can be retrieved from. 4. Create a record that describes the detached content location, the encryption method, session key and the application needed to view the content. 5. Encrypt this content description as an OpenPGP message, but rather than identifying it as text in the Literal Data Packet, we use a new type identifier indicating that it is detached content. 6. Send this packet to the recipients as before. Once decrypted, they have all the information available to access and decrypt the original content.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.  For a full list of Symantec trademarks, please visit

http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation

350 Ellis...