公开(公告)号：US20210281392A1

公开(公告)日：2021-09-09

申请号：US16812494

申请日：2020-03-09

申请人： International Business Machines Corporation

发明人： Anthony Thomas Sofia ,  Jason Katonica

IPC分类号： H04L9/06 ,  H04L29/06 ,  H04L9/08

摘要： Aspects of the invention include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext. A data encryption key (DEK) and a nonce key for the unencrypted object are obtained by the processor. The nonce key is different than the DEK. The unencrypted object is encrypted by the processor. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key. The encrypting also includes generating ciphertext and a metadata authentication tag that includes a signature of the metadata. The generating is based at least in part on the plaintext, the metadata, the DEK, and the nonce. An encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag is created.

公开(公告)号：US11265144B2

公开(公告)日：2022-03-01

申请号：US16812494

申请日：2020-03-09

申请人： International Business Machines Corporation

发明人： Anthony Thomas Sofia ,  Jason Katonica

IPC分类号： H04L9/32 ,  H04L9/06 ,  H04L9/08 ,  H04L29/06

摘要： Aspects of the invention include receiving, by a processor, an unencrypted object that includes plaintext and metadata that describes the plaintext. A data encryption key (DEK) and a nonce key for the unencrypted object are obtained by the processor. The nonce key is different than the DEK. The unencrypted object is encrypted by the processor. The encrypting includes generating a nonce based at least in part of the plaintext and the nonce key. The encrypting also includes generating ciphertext and a metadata authentication tag that includes a signature of the metadata. The generating is based at least in part on the plaintext, the metadata, the DEK, and the nonce. An encrypted object that includes the ciphertext, the metadata, and the metadata authentication tag is created.