• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    In a method for writing and reading data into or from an indexed database (1) comprising a data structure (2) and an associated index structure (3), a processing unit (4) receives data in plaintext and writes the data Data by means of a write access in the data structure (2) and updated index data in the index structure (3). The processing unit (4) determines data to be read or its storage location by means of access to the index data (3) and reads the data to be read out of the data structure (2>) by means of a read access and makes this available in plain text (2) and the index data in the index structure (3) stored encrypted, wherein the read / write access of the processing unit (4) on the index structure (3) and on the data structure (2) via at least one encryption and decryption unit (6, 7 ), with which the data is encrypted or decrypted by means of a stream cipher.
    公开号:AT511842A4
    申请号:T106/2012
    申请日:2012-01-26
    公开日:2013-03-15
    发明作者:
    申请人:Cordes Rene Michael Mag;Schobesberger Ernesto;
    IPC主号:
    专利说明:

    The invention relates to a method for writing and reading data into or from an indexed database comprising a data structure and an associated index structure, wherein a processing unit receives data in plain text and writes it into the data structure by means of a write access and index data in the data structure Updated index structure and the processing unit to be read data or their storage location by means of access to the index data and read the data to be read by means of a read access from the data structure and provides in plain text.
    The invention further relates to an apparatus for writing and reading data in or from an indexed database, comprising a data structure and an associated index structure, comprising a processing unit in which data to be written can be received in plain text and which has a write access to the Has data structure to write the data in the data structure, and which cooperates with the index structure to update index data in the index structure, and having an access to the index data to determine the data or their location to be read, and a read access to has the data structure to read the data to be read from the data structure and to provide in plain text.
    Currently, indexed databases, especially indexed databases, represent the most common mass storage of data. From a hardware engineering perspective, an indexed database is a mass storage that has an index store attached to speed up access. A database index is one of the
    Data structure Separate index structure in a database, which speeds up the search and sorting for specific fields. An index consists of a collection of pointers (references) that define an ordering relation to one or more columns in a table. If an indexed column is used as the search criterion in a query, a processing unit, i. usually a database management system, the desired records based on these pointers. Without an index, the column would have to be searched sequentially, which takes a long time even with fast hardware. There are a variety of different index structures. As a rule, however, B + trees are used.
    It is desirable to encrypt databases to protect access to the contents of the database from unauthorized access. However, the fast access to the encrypted data should be preserved, i. it is to be avoided to have to decrypt the entire database before using a search query only one or more specific records is accessed. It would therefore be desirable that only the records to be read are decrypted or the records to be written are encrypted.
    Secure protection of the database is only guaranteed if not only the data stored in the data structure but also the index data stored in the index structure is encrypted.
    When data is encrypted, there is a functional requirement that it be put in a unique relationship with the code used for encryption. When indexing encrypted data, the following issues occur: When encrypting the data, the content of the data must be able to be recognized by the processing unit. Furthermore, it must be taken into account whether the encryption of the data changes their size on the storage medium. When decrypting the data, make sure that the encryption key is available again.
    The invention therefore aims to provide a method and a device with which the confidentiality of the data structure and the index structure of a database can be protected, without the access to the data using the index being impaired by authorized users. It should maintain the full functionality of an indexed database.
    To achieve this object, according to a first aspect of the invention, it is provided that the data in the data structure and the index data in the index structure are stored encrypted and that the read / write access of the processing unit to the index structure and to the data structure via at least one Decryption unit takes place with which the data is encrypted or decrypted by means of a stream cipher. The fact that the data to be written and read is encrypted or decrypted by means of a stream cipher ensures that the image of the encrypted data and the unencrypted data on the storage medium has exactly the same dimensions (bit length), so that they are also encrypted Form can be found bit-accurate and to the requesting user in ignorance of the content ····························································································. · V · »· ·· ·· can be transmitted. Since each individual piece of information has exactly the same dimensions (bit length) as the unencrypted one, the position of the encrypted data can also be accessed precisely by an index prepared in unencrypted form so that the content of the encrypted data is not recognized by the processing unit of the database and the circumstance of encryption in the storage space search does not have to be taken into account.
    A stream encryption is a cryptographic algorithm in which characters of the plaintext are linked individually with the characters of a key stream. In the case of power encryption of digital data - only the characters 0 and 1 are used - the clear text stream is linked to the keystream using the XOR function. The keystream is a pseudo-random string. Most stream ciphers use a symmetric key. The key determines the initial state of the system.
    Preferably, in the context of the invention, the procedure is such that the generation of the keystream is carried out using at least one feedback shift register, which is filled with a defined bit sequence for its initialization. Linear feedback shift registers can be efficiently implemented both directly in hardware such as FPGAs and in software. Feedback shift registers are fast and produce pseudo-random sequences with good statistical properties. A feedback shift register is implemented in digital technology as a shift register with n memory elements. The individual memory elements are typically D flip-flops, which can each store one bit. In contrast to a conventional shift register, there are branches between certain D flip-flops which represent the feedbacks. For feedback, an XOR function is usually used in each case. Instead of the XOR link, however, an XNOR link can also be used.
    For initialization, the shift register can be filled with XOR feedback with arbitrary values that determine the key stream generated by the shift register in the sequence. Like any other shift register, the feedback shift register also has a clock input: each clock pulse is changed to the next state, i. if a bit is to be output, all bits in the shift register are shifted by one memory location; the new bit at the end of the shift register is calculated depending on the other bits. This process counts as one bar. For a complete run of all combinations 2n-1 clock pulses are necessary. Such a code sequence thus has a length of 2n-1 bits {n = number of code-generating series-connected memory elements of the shift register). As a key-current generator, a plurality of linear feedback shift registers are generally used, which are usually of different lengths and have different feedback polynomials. This combines linear feedback shift registers to non-linear generators.
    The greater the length of the code sequence of the key stream or the code, the harder it is to decrypt. For example, an infinite code would not need to be hidden at all, since it is never well known.
    Functionally, any code that is not repeated before the end of the information to be encrypted is considered to be infinite. A functionally infinite code has the disadvantage that it can not be transmitted; it has to be generated.
    A disadvantage of code generators in the form of conventional feedback shift registers is the fact that the structure of the generator can easily be deduced from the code sequence so that it can be regenerated with an identically constructed generator. An increase in security is achieved in accordance with a preferred procedure within the scope of the invention in that a different keystream is used for each write access of the processing unit to the data structure or the index structure. This means that the feedback shift register (s) will be reinitialized for the encryption of each data packet. In this case, the procedure is preferably such that in each case at least one first bit sequence and one second bit sequence are used to initialize the feedback shift register or feedback signals. This occurs in particular when only a single feedback shift register is used to generate the keystream, such that the first and second bit sequences are linked using an XOR function, and the bit sequence resulting from the combination is fed to the feedback shift register for initialization , Alternatively, and in particular for the case where at least two feedback shift registers interconnected with one another are used for generating the key stream, the procedure is such that at least one first feedback shift register is connected to it
    Initialization is filled with the first bit sequence and at least a second feedback shift register is filled to its initialization with the second bit sequence.
    In the context of the invention, it must be ensured that the encryption of a section of the data stock, such as the a record of the database and the decryption of the same section or record are synchronized with each other, i. the encryption and decryption are done with the same keystream. This means that the code generator must be moved to the place of the beginning of the encryption. The synchronization preferably takes place using the indices of the data records. In particular, the procedure is such that an index number assigned to the data set to be encrypted or decrypted is selected as the first bit sequence, or that the first bit sequence is generated therefrom. The primary index is preferably used here. The second bit sequence is preferably a unique identifier of the database or is generated from this.
    An even higher level of security results if, as is the case with another preferred procedure, a third bit sequence is used for initializing the feedback shift register (s). The third bit sequence is advantageously a unique identifier of the respective user or is generated from this. The third bit sequence is preferably fed for initialization to a third feedback shift register.
    A further advantage of the method according to the invention is that the generation of the keystream can already begin as soon as at least one of the feedback shift registers is activated. II. * * * * * * * * 4 4 4 4 4 # 0 4 4 · ♦ * · 4 44 Μ 4 * * »» »4 * is filled with the first bit from the respective bit sequence. In particular, the feedback shift registers are filled simultaneously with the respective bit sequence.
    As is known per se, the structure of the key-current generator is preferably such that at least one XOR gate is used for the feedback of the shift register or registers. The complexity of the generator can be increased in a simple manner in that the feedback shift registers are interconnected in such a way that depending on the state of a shift register, the at least one XOR gate of the other shift register is turned on or off.
    A highly preferred development results when a code generator is used, as described in WO 03/075507 Al, reference being made to claims 15 and 16 and 33 to 38 of the present application. With such a code generator, the encryption can not even be broken if both the structure of the code generator and the algorithm running in it are known. Namely, the structure of the generator is such that it is capable of generating such a large number of different codes in such a large length that the discovery of the code just used as well as the currently produced position in the code sequence is extremely small Probability is possible. The code can not be regenerated if the generator can create so many different codes that one section of the single code can not conclude its continuation. 9
    The access of a user computer to the database or the database is usually done from a remote location via a Datenkommunikationsverblndung, in particular via a computer network. The access of a user's computer to the data structure and the index structure is carried out via the processing unit. Since the data in the processing unit is in plain text, it is advantageous to provide provisions to prevent user computers from gaining access to this plaintext data. In this context, the invention preferably provides that the data transmitted between the processing unit and a user computer is transmitted in encrypted form. In particular, the procedure is such that the encrypted transmission of the data between the processing unit and the user computer takes place using in each case one user computer and one data storage unit associated with the encryption and decryption unit with which the data is encrypted or decrypted by means of a stream cipher.
    A particularly secure execution is ensured by the fact that any transmission of data from and to the processing unit takes place via at least one encryption and decryption unit with which the data is encrypted or decrypted by means of a stream cipher. The processing unit thus does not have an unencrypted input or output to / from the surrounding network, thus ensuring that the file memory of the processing unit in which the data is in plain text can not be viewed.
    According to a further aspect of the present invention is a device of the type mentioned for writing and 10th
    Reading data to or from an indexed database. The device according to the invention is characterized in that the processing unit is connected to the data structure and to the index structure via at least one encryption and decryption unit with which the data can be encrypted or decrypted by means of a stream cipher so that the read / write access of the processing unit to the index structure and to the data structure via the at least one encryption and decryption unit.
    The processing unit is preferably designed as a CPU assigned to the data structure and the index structure.
    Preferred developments of the device according to the invention will become apparent from the dependent claims.
    The invention will be explained in more detail below with reference to embodiments shown schematically in the drawing. 2 shows the encryption and decryption process, and FIGS. 3, 4 and 5 show different embodiments of a key-current generator used in the context of the invention.
    FIG. 1 shows a database 1 comprising a data structure 2 and an index structure 3. Denoted at 4 is a processing unit in the form of a CPU which has an outgoing and incoming data interface 5 and which controls write and read access to the index structure 3 and the data structure 2. The processing unit 4 is connected via an 11 and
    Decryption unit 6 connected to the data structure 2 and via an encryption and decryption unit 7 with the index structure 3, so that the read or write access to the data structure 2 and the index structure 3 via the encryption and decryption unit 6 and 7 takes place.
    In the processing unit 4, the data to be written into the data structure 2 or the index structure 3 and the data to be read from the data structure 2 or the index structure 3 are present in plain text, so that the operations required for indexing and for retrieving data records can be performed. In the data structure 2 and in the index structure 3, however, the data are available only in encrypted form. So that the processing unit 4 can access the encrypted data, the access takes place via the encryption and decryption unit 6 or 7.
    In Fig. 1, the transmission of the data in plain text is shown here with a solid line and the transmission of encrypted data with a dashed line.
    The encryption and decryption units 6 and 7 encrypt and decrypt the respective data by means of stream ciphering and accordingly comprise a keystream generator, which will be explained in greater detail with reference to the various embodiments in FIGS. 2 to 5. Each of the embodiments described below can be used in the context of the encryption and decryption unit 6 or 7 or the encryption and decryption unit 10 or 11 (see below).
    A user computer 8 can access the database 1 via a communication connection 9. The data is transmitted via the communication connection 9 in encrypted form 12, the encryption and decryption being performed by means of the encryption and decryption units 10 and 11. The encryption and decryption preferably takes place by means of a stream cipher.
    The encryption and decryption units 6, 7, 10 and 11 may each comprise a code generator according to WO 03/075507 A1, wherein the code generators of the and
    Decryption units 6 and 7 must be synchronized for the encryption and the subsequent decryption of data. Furthermore, the code generators of the encryption and decryption units 10 and 11 must be synchronized with each other.
    Now, if a user searches for specific information among the data stored by him in the database 1, he enters corresponding search words in the user computer 8. This encrypts this input and transmits it to the database 1. In the database 1, this search term is decrypted by the encryption and decryption unit 11 and the processing unit 4 provided in plain text. The processing unit 4 searches for the search term in the index structure 3, wherein the index structure 3 of the processing unit 4 is available in plain text due to the real-time access via the encryption and decryption unit 7. The index structure 3 indicates the exact location of the searched data in the encrypted data structure 2. Then the encrypted data in the data structure 2 are visited and forwarded in unchanged encrypted form to the user's computer 8 of the user. The user computer 8 decrypts the data using the encryption and decryption unit 10, so that they are displayed there as requested plain text data. 13
    Alternatively, the read-out of the encrypted data from the data structure 2 via the encryption and decryption unit 6, wherein this data in the processing unit 4 then present in plain text and for the purpose of transmission to the user computer 8 with the encryption and decryption unit 11 must be re-encrypted.
    The synchronization of the encryption and decryption units 6 and 7 will be explained in more detail with reference to FIG. Fig. 2 shows a schematic circuit of a keystream generator 12 with a shift register 13, which consists of a plurality of zusammengschalteten to a codeproduzierenden row memory elements, namely flip-flops FF1, FF2, ... FF9. An XOR gate XORpl is connected so that one input of the XOR gate XORpl is connected to the output of the code producing memory element FF2, and the other input of the XOR gate XORpl is connected to the output of the code producing memory element FF5 and the output of the XOR gate XORpl is recursively connected to the input of the memory element FF2 in the series following in the flow direction with the one input of the XOR gate XORpl in the row. Furthermore, it can be seen that the last memory element FF9 is connected to the first memory element FF1 via an inverter INV. As soon as the shift register 13 is filled with a bit sequence, a code sequence is obtained with this circuit. If, as is the case with the embodiment according to FIG. 2, only a single shift register is used, the bit sequences 14, 15 and 16 are supplied to the shift register 13 for its initialization in such a way that first the bit sequences 14 and 15 are generated by means of a XOR gate 17 are linked together and then the linked bit sequence with the bit string 16 using 14 of the XOR gate 18 is linked. In this case, it is preferred that the bit sequence generated from the bit sequences 14, 15 and 16 and supplied to the shift register 13 is not longer than the number of memory elements in the shift register 13, since the bit sequence would otherwise be from the memory element FF9 via the inverter INV would be superimposed on coming bit sequence. The first bit sequence 14 corresponds to the index number of the relevant data record. The second bit sequence 15 corresponds to the database ID. The third bit string 16 corresponds to the " Own ID " the user.
    The keystream generator 12 generates a keystream 19a. An incoming stream 19b of plaintext data is encrypted so that the bits of the plaintext bitstream 19b are individually linked to the bits of a keystream 19a by means of an XOR gate 20. If the plaintext data represent a dataset of the database 1, the index of this dataset is determined according to the structure inherent in the database and supplied as a bit sequence 14 to the keystream generator 12 as an initialization sequence.
    If the stream 19b is a stream of encrypted data, it is decrypted so that the bits of the bit stream 19b of the encrypted data are individually linked to the bits of the keystream 19a by means of an XOR gate 20. If the encrypted data represent an encrypted data set of the database 1, the index of this data record is determined in accordance with the inherent structuring of the database and supplied as a bit sequence 14 to the keystream generator 12 as an initialization sequence. 15
    In the modified embodiment according to FIG. 3, a total of three shift registers 21, 22 and 23 are used. The shift elements of the individual shift registers are interconnected recursively in this example in the same way as in Fig. 2. The shift registers are further interconnected such that, depending on the state of the second shift register 22, the function of the XOR gate of the recursive interconnection of the first Shift register 21 is turned on and off. The function of the XOR gate XORppl the recursive connection of the second shift register 22 is in turn turned on and off in response to the state of the third shift register 23. For this purpose, the output of the flip-flop FFp2 or FFpp2 of the one shift register 22 and 23, respectively, is connected to the input of an AND gate UNDpl or UNDppl, which is connected to the respective recursive function XORpl or XORppl of the shift registers 21 and 22, respectively is inserted.
    This results in a code generator 12 with three levels, wherein the code generation is influenced on each level by initializing the respective shift register 21, 22 and 23 with the bit sequence 14, 15 and 16. The initialization can preferably take place in such a way that the first bit sequence 14 is supplied to the shift register 21 of the first level, the second bit sequence 15 to the shift register 22 of the second level, and the third bit sequence 16 to the shift register 23 of the third level, the bit sequences 14, 15 and 16 are preferably defined as described in FIG.
    In the embodiment according to FIG. 4, the structure shown in FIG. 3 is made even more complex and, in particular, longer code-producing series and a plurality of recursive interconnections are provided. In this case, a number of 16 uninterrupted series-connected memory elements in the form of shift registers SRG1, SRG2, ... realized that functionally together form a shift register 24 in the context of the invention. It doubles the length of the code per added memory element, so the length of the code is calculated as follows
    Lc = 2n-1 <Lc = length of the code sequence; n = number of code-generating memory elements connected in series)
    If this unit is operated with a specific clock, the duration of the code is 2n - 1
    Tc ----------- fc (Tc = duration until code repeats; fc = code generation clock frequency)
    With fewer than 50 memory elements at a code generation clock rate of 384,000 bps, the code will run for more than a year without repeating the sequence so that a signal to be encrypted can be sent and decrypted encrypted over an equally long period of time over a dedicated line that transmissions live over an equally long period are possible.
    If one now with appropriate length of the shift register 24 at several points of this shift register 24 between a 17
    Memory element FF1,2,3,4 and the next in-line memory element FF2,3,4,5 an XOR gate XORpl, p2, p3, p4 inserts and then this with the signal from a third memory element FF8,15,20 23, each changes the code generated thereby (FIG. 5).
    With a plurality of code-changing XOR gates XORpl, p2, p3, p4, see FIG. 5, it should be ensured that the various code-changing XOR gates XORpl, p2, p3, p4 whose first input is from an output of a memory element FF1, 2,3,4 is fed, their second input in each case from the output of a memory element FF8,15,20,23 fed, which is a number of memory elements in the flow direction of the first memory element FF1,2,3,4 removed, each of a different Prime number greater than 1 but not a fraction of the total number of memory elements connected in row R, so that there are no code sequence shortening resonance effects in influencing the code sequence. Between the corresponding memory element pairs FF1,8; FF2,15; FF3,20; Thus, FF4, 23 each has a number of 7, 13, 17 and 19 (prime numbers) memory elements.
    If one of the two inputs of the respective XOR gate XORpl or XORpl, p2, p3, p4, the output of an AND gate ANDpl or ANDP1, p2, p3, p4 whose one input at the output of the memory element FF3 or FF8, 15,20,23, then one can connect this XOR gate XORpl or XORpl, p2, p3, p4 in its code-changing action via the second input of the AND gate ANDP1, p2, p3, p4, respectively. and turn it off and, if it is followed by a respective further memory element FFpl or FFpl, p2, p3, p4, the switching on and off of the code-influencing effect of the XOR- 18th
    Make gates XORpl or XORpl, p2, p3, p4 programmable. The code-programming memory elements FFpl, p2, p3, p4 can be interconnected to form a shift register 25. As a further consequence, the code-programming memory elements FFpl, p2, p3, p4 of the shift register 25 can in turn be recursively interconnected with the aid of an XOR gate XORppl.
    The number of programmable different codes is calculated as follows:
    Nc = 2pn - 1 (Nc = number of possible different codes, pn = number of programmable XOR gates XORpl, p2, ... pn)
    Now, if you are in possession of an identical code generator, and want to deduce the further course of the code sequence on the basis of a certain number of bits, then the probability of recognizing the correct continuation of the code sequence depends both on the number of memory elements used in the code generation FFl, 2, ... n as well as those of the programmable code-changing XOR gates XORpl, p2, ... pn. This results in a probability to discover the programming underlying the code and thus to predict the further course of the code from:
    Nb
    W (2n-1) * (2pn-1) 19 (Nb = number of bits observed in the code sequence; n = number of code-generating series-connected memory elements FFl, 2, ... n; pn = number of programmable code-changing XOR Gate XORpl, p2, ... pn)
    Example; 233 is the 52nd prime. If one does not use 1 and 233 expresses the total number of memory elements connected in series, then there are 50 different memory elements on this path, which are each at a distance from an output memory element which corresponds to a prime number (np = 50). Since each recursive XOR gate 1-50 is turned on between a next memory element 1-50 starting from the first one in series, the total length of the memory elements is extended to (n = 233 + 50 = 283).
    It follows:
    Nb
    Nb
    W (2n - 1) * (2pn - 1) (2283 - 1) * (25 ° - 1)
    Nb W -------------------- 1) * (1, 1258999068 * 1015 - 1) ¢ 1,5541351138 * 1085
    Nb W --------------------- 1,749,8005798 * IO100
    In other words, one must observe the code sequence 1.7498005798 * IO100 clock steps long, so that with the probability 1 a certain sequence is discovered. If 20 is the clock frequency 384000 Hz, this gives a necessary observation time of 1.4449430312 * 1087 years.
    By recursively interconnecting the code-programming memory elements (FFpl, p2, p3, p4, p5, p6) of the shift register 25 so that they within the time interval 2pn - 1 T pn = ------------ fp (T pn = cycle time of all possible programming states; pn = number of program memory elements; fp = programming clock frequency) to run through all possible state combinations, the programming results from a certain period of time in which the code-programming memory elements are supplied with a program clock.
    In order to ensure that the programming time can not be approximated, the programming can be carried out in two stages. For this purpose, a further programming level can be added by XORppl the code-programming XORppl itself in turn with the interposition of an AND gate ANDppl connected to a memory element row RRR and thus made programmable, again an XOR gate XORpppl for recursive connection of the Shift register 26 is used (Figure 6).
    Based on the above calculation example, this ensures that the (2283-l) * (250-l) different states 21 are divided into 2S0-1 different sections, one of which is selected in the first programming phase. This selection process takes place in a maximum of 2ppn - 1 steps (ppn = number of primes contained in the number of primes used in programming (50), ie 16). This means that a maximum of 216 steps must be taken before all sections are visited. At a programming clock frequency of 1 MHz, this process is completed in 0.065 seconds. A period of time that is likely to be measured with each programming because it is below the reaction time of humans, which is why it is ensured that no conclusions about the programming of the keys can be drawn from the actually elapsed programming time.
    权利要求:
    Claims (39)
    [1]
    A method for writing and reading data into or from an indexed dataset comprising a data structure and an associated index structure, wherein a processing unit receives data to be written in plain text and writes it into the data structure by means of a write access and index data in the data structure Updated index structure and wherein the processing unit to be read data or their storage location by accessing the index data and reads the data to be read by means of a read access from the data structure and provides in plain text, characterized in that the data in the data structure and the index data in the Index structure are stored in encrypted form and that the read / write access of the processing unit to the index structure and the data structure via at least one encryption and decryption unit, with which the data by means of a stream cipher versch or lost be broken.
    [2]
    2. The method according to claim 1, characterized in that the generation of the keystream is carried out using at least one feedback shift register, which is filled to its initialization with a defined bit sequence.
    [3]
    3. The method according to claim 1 or 2, characterized in that a different key stream is used for each write access.
    [4]
    4. The method of claim 1, 2 or 3, characterized in that in each case at least one first bit sequence and a second bit sequence is used for initialization of the or the feedback shift register.
    [5]
    5. The method according to claim 4, characterized in that the first and the second bit sequence are linked by means of an XOR function and the result of the link bit sequence for initialization is fed to the feedback shift register.
    [6]
    6. The method of claim 4 or 5, characterized in that at least a first feedback shift register is filled to its initialization with the first bit sequence and at least a second feedback shift register is filled to its initialization with the second bit sequence.
    [7]
    7. The method of claim 4, 5 or 6, characterized in that is selected as the first bit sequence to the encrypted or decrypting record associated index number.
    [8]
    8. The method according to any one of claims 1 to 7, characterized in that the second bit sequence is generated from a unique identifier of the database.
    [9]
    9. The method according to any one of claims 2 to 8, characterized in that for initialization of the or the feedback shift register further a third bit sequence is used.
    [10]
    10. The method according to claim 9, characterized in that 24

    the third bit sequence is generated from a unique identifier of the respective user.
    [11]
    11. The method according to claim 9 or 10, characterized in that the third bit sequence for initialization is supplied to a third feedback shift register.
    [12]
    12. The method according to any one of claims 2 to 11, characterized in that the feedback shift registers are filled simultaneously with the respective bit sequence.
    [13]
    13. The method according to any one of claims 2 to 12, characterized in that for the feedback of the shift register or at least one XOR gate is used.
    [14]
    14. The method according to any one of claims 2 to 13, characterized in that the feedback shift registers are interconnected such that, depending on the state of a shift register, the at least one XOR gate of the other shift register on or off.
    [15]
    15. The method according to any one of claims 2 to 14, characterized in that the at least one feedback shift register has a plurality of memory elements connected to a codeproduzierenden row, wherein the output of the last row in the memory element to the input of the first memory element in the row is connected together with the aid of the at least one XOR gate in such a way that the first input of the XOR gate to the output of a memory element in the codeproducing row, the second input to the output of another in the 25 « 4 'codeproducing row memory element and the output is connected to the input of the codeproducing in the series connected to the first input of the XOR gate memory element subsequent memory element.
    [16]
    16. The method according to claim 15, characterized in that in the second input of the at least one XOR gate and the output of the further in the codeproducing row located memory element line connecting an AND gate is connected such that the output of the AND gate is connected to the second input of the XOR gate, the first input of the AND gate to the output of the further memory element in the codeproducing row and the second input of the AND gate to the output of a codeprogrammierenden memory element, wherein as a code-programming memory element, a memory element a further feedback shift register is used, and that preferably the output of a storage element located in the code-producing row is connected to the input of an inverter and the output of the inverter is connected to the input of another memory element arranged in the code-producing row.
    [17]
    17. The method according to any one of claims 1 to 16, characterized in that the database is a database.
    [18]
    18. The method according to any one of claims 1 to 17, characterized in that the data transmitted between the processing unit and a user computer data are transmitted encrypted.
    [19]
    19. The method according to claim 18, characterized in that the encrypted transmission of the data between the processing text and the user computer using one of the user computer and a data associated with the encryption and decryption unit, with the data by means of a stream cipher ver or be decrypted,
    [20]
    20. The method according to any one of claims 1 to 19, characterized in that any transmission of data from and to the processing unit via at least one encryption and decryption unit, with which the data is encrypted or decrypted by means of a stream cipher.
    [21]
    21. An apparatus for writing and reading data in or from an indexed database (1) comprising a data structure (2) and an associated index structure (3), comprising a processing unit (4) in the data to be written in plain text can be received and which has a write access to the data structure (2) to write the data in the data structure (2), and which cooperates with the index structure (3) to update index data in the index structure (3), and the has access to the index data to determine data to be read or its storage location, and which has a read access to the data structure (2) to read the data to be read from the data structure (2) and to provide it in plain text, characterized in that the processing unit (4) is connected to the data structure (2) and to the index structure (3) via at least one encryption and decryption unit (6, 7) with which the data is communicated The write / read access of the processing unit (4) to the index structure (3) and to 27 the data structure (2) via the at least one encryption and decryption unit (6,7) takes place.
    [22]
    22. The apparatus as claimed in claim 21, characterized in that the encryption and decryption unit (6, 7) has at least one feedback shift register (13, 21, 22, 23, 24, 25, 24, 25, 26) for generating a keystream, which is fed to its initialization in each case a defined bit sequence.
    [23]
    23. The device as claimed in claim 22, characterized in that means are provided for generating and / or storing at least one first bit sequence (14) and a second bit sequence (15) which are connected to the shift register (s) (13; 22, 23, 24, 25, 24, 25, 26) cooperate in such a way that at least the first bit sequence (14) and the second bit sequence (15) are used to initialize the feedback shift register (s) (13, 21, 22, 23; , 25, 24, 25, 26).
    [24]
    24. Device according to claim 22 or 23, characterized in that the first bit sequence (14) is fed to at least one first feedback shift register (21; 24) for its initialization and the second bit sequence (15) is fed to at least one second feedback shift register (22; ) is supplied to its initialization.
    [25]
    25. The apparatus of claim 22, 23 or 24, characterized in that the means for generating and / or storing the first bit sequence (14) are adapted to the first bit sequence (14) from a to be encrypted or decrypting data record associated index number to generate. 28
    [26]
    26. Device according to one of claims 22 to 25, characterized in that the means for generating and / or storing the second bit sequence (15) are designed to generate the second bit sequence (15) from a unique identifier of the database (1) ,
    [27]
    27. Device according to one of claims 22 to 26, characterized in that means for generating and / or storing at least one third bit sequence (16) are provided, which with the or the shift register (s) (13, 21,22,23 24, 25, 24, 25, 26) cooperate in such a way that also the third bit sequence (16) is used to initialize the feedback shift register (s) (13, 21, 22, 23, 24, 25, 24, 25, 26) becomes.
    [28]
    28. The device according to claim 27, characterized in that the third bit sequence (16) is generated from a unique identifier of the respective user.
    [29]
    29. The apparatus of claim 27 or 28, characterized in that the third bit sequence (16) for initialization of a third feedback shift register (23,26) is supplied.
    [30]
    30. Device according to one of claims 22 to 29, characterized in that the feedback shift registers (13; 21,22,23; 24,25; 24,25,26) are filled simultaneously with the respective bit sequence.
    [31]
    31. Device according to one of claims 22 to 30, characterized in that at least one XOR gate (XORpl, X0Rp2, XORp3, X0Rp4, XORppl, XORpppl).
    [32]
    32. Device according to one of claims 22 to 31, characterized in that the feedback shift registers (13; 21,22,23; 24,25; 24,25,26) are interconnected in such a way that, depending on the state of a shift register the at least one XOR gate (XORpl, X0Rp2, XORp3, XORp4, XORppl) of the other shift register is turned on or off.
    [33]
    33. Device according to one of claims 22 to 32, characterized in that the at least one feedback shift register (13; 21,22,23; 24,25; 24,25,26) a plurality of memory elements connected to a code-producing row (FFl , FF2, ...; FFpl, FFp2, ...; FFppl, FFpp2, ...), wherein the output of the last memory element in the row is connected to the input of the first memory element in the series to a circle, wherein the feedback by means of the at least one XOR gate (XORpl, XORp2, XORp3, X0Rp4, XORppl, XORpppl) takes place in such a way that the first input of the XOR gate is connected to the output of a memory element (FF2) located in the code-producing row; Input to the output of another memory element (FF5) located in the code producing series and the output to the input of the code in the code producing series to the memory element connected to the first input of the XOR gate ierelements (FF3) is connected.
    [34]
    34. Apparatus according to claim 33, characterized in that the line connecting the second input of the at least one XOR gate and the output of the further memory element (FF5) in the code-producing row (21; Gate (ANDpl) is switched such that the output of the AND gate (ANDpl) with the second input of the XOR gate (XORpl), the first input of the AND gate (ANDpl) with the output of the other in the codeproducing series ( 21; 24) and the second input of the AND gate is connected to the output of a code-programmable memory element (FFp2) and that preferably the output of a memory element (FF9) located in the code-producing row (21; ) is connected to the input of one inverter (INV) and the output of the inverter (INV) is connected to the input of another memory element (FF1) arranged in the code-producing row (21; 24), wherein as codeprogra a memory element of a further feedback shift register (22; 25) is used.
    [35]
    35. Apparatus according to claim 33 or 34, characterized in that a plurality of XOR gates (XORPL, p2, p3, p4) is provided, the first input of which is in each case from an output of a in the code-producing row (21; 24) located memory element (FF1, 2, 3, 4) and whose second input is fed in each case by the output of a further memory element (FF8, 15, 20, 23) located in the code-producing row (21, 24), which has a number of memory elements in the direction of flow the row (21; 24) is removed from the memory element (FF1,2,3,4) respectively connected to the first input, which corresponds in each case to a different prime number which is greater than 1 and no partial value of the total number of the row connected in series (21; 24) 31 switched memory elements (FFl, 2, ... n).
    [36]
    36. Device according to one of claims 33 to 35, characterized in that a plurality of code-programmable, in each case an AND gate (ANDP1, p2, p3, p4) and an XOR gate (XORP1, p2, p3, p4) associated memory elements (FFpl, p2, p3, p4, ... pn) and is connected in a closed series (22; 25) and at least one XOR gate (XORppl) is arranged, whose first input is connected to the output of an in the memory element (FFp6) located in the code-programming row (22, 25), whose second input is connected to the output of another memory element (FFp5) in the code-programming sequence {22; 25) and whose output is connected to the input of the code-programming sequence (22; 25) is connected to the memory element (FFp6) connected to the first input of the XOR gate (XORppl) and connected to the memory element (FFp6).
    [37]
    37. Device according to one of claims 33 to 36, characterized in that in the second input of the at least one XOR gate (XORppl) and the output of the further in the code-programming row (22; 25) located memory element (FFp3) connecting line an AND gate (ANDppl) is connected such that the output of the AND gate (ANDppl) to the second input of the XOR gate (XORppl), the first input of the AND gate (UNDppl) to the output of the other in the and the 2-input input of the AND gate (ANDppl) is connected to the output of a memory element (FFpp5) serving to program the code-programming train (22; 25).
    [38]
    38. Device according to one of claims 33 to 37, characterized in that a plurality of the programming of the code-programming series (22; 25) serving, in each case an AND gate (UNDppl) and an XOR gate (XORppl) associated memory elements {FFppl , pp2, pp3, pp4, ... ppn) and is connected in a closed series (23; 26) and at least one XOR gate (XORpppl) is arranged, whose first input is connected to the output of one in series (23; 26) located memory element (FFppl), whose second input to the output of another in the row (23; 26) located memory element (FFpp3) and whose output to the input of the in line (23; first input of the XOR gate (XORpppl) connected to the memory element (FFppl) subsequent memory element (FFpp2) is connected.
    [39]
    39. Data, in particular database (1), comprising a data structure containing data (2) and an associated index data containing index structure (3), wherein the data in the data structure (2) and the index data in the index structure (3) encrypted by means of a stream cipher are stored. Vienna, 26 January 2012 Applicant by: Haffner and Keschmann Patentanwälte OG No. 486

    类似技术:
    公开号 | 公开日 | 专利标题
    DE69728465T2|2005-05-19|Non-parallel multi-cycle encryption device
    EP2240848B1|2011-08-17|Circuit and method for generating a true, circuit-specific and time-invariant random number
    DE19906450C1|2000-08-17|Generating encoded useful data flow involves producing encoded version of useful data key using asymmetrical encoding and entering in useful data stream header block
    DE19925910A1|2001-02-22|Data processing of coded data stored in database
    DE60217260T2|2007-07-12|Data processing and encryption unit
    DE10319435A1|2004-11-11|Processes for processing data
    DE102009001719B4|2011-02-10|Method for generating asymmetric cryptographic key pairs
    DE2231849A1|1973-01-11|DEVICE FOR ENCiphering or deciphering a block of binary data
    DE102004042826A1|2005-03-31|Method and device for data encryption
    EP2433241A1|2012-03-28|Encoding methods
    AT510730B1|2013-06-15|METHOD AND DEVICE FOR IMPLEMENTING A SYMMETRIC ENERGY ENCRYPTION OF DATA
    EP3552344B1|2021-07-21|Bidirectionally linked blockchain structure
    AT511842A4|2013-03-15|METHOD FOR WRITEING AND READING DATA
    DE69826778T2|2006-02-16|Devices for encrypting and decrypting a key recovery condition
    EP1481509B1|2011-04-20|Code generator and device for synchronous or asynchronous and permanent identification or encoding and decoding of data of any particular length
    DE19831346A1|1999-01-14|Coding data generator e.g. for secure data transmission
    DE102004010666A1|2005-09-29|Key bit stream generation
    EP1022659B1|2005-11-09|Circuit for electronic data management
    DE102015103251B4|2017-03-09|Method and system for managing user data of a user terminal
    EP2184695A1|2010-05-12|Method of combining data with a device to be used for processing data, corresponding functionality to execute the individual steps in the procedure and computer program to implement the procedure
    EP3958157A1|2022-02-23|Encrypted search in a database
    DE102020121985A1|2022-02-24|Search in a database with graduated search permissions
    AT515097B1|2015-06-15|Encryption method and pseudo-random number generator
    EP2288073A1|2011-02-23|Apparatus for encrypting data
    DE10162991A1|2003-07-17|Process for computer-aided encryption and decryption of data
    同族专利:
    公开号 | 公开日
    US20150046416A1|2015-02-12|
    RU2014134714A|2016-03-20|
    WO2013110103A2|2013-08-01|
    EP2807788A2|2014-12-03|
    WO2013110103A3|2013-09-19|
    AT511842B1|2013-03-15|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2003075507A1|2002-03-05|2003-09-12|Cordes Rene-Michael|Code generator and device for synchronous or asynchronous and permanent identification or encoding and decoding of data of any particular length|
    DE102006006057A1|2006-02-09|2007-08-16|Infineon Technologies Ag|Data encryption apparatus and method for encrypting data|
    US20090220083A1|2008-02-28|2009-09-03|Schneider James P|Stream cipher using multiplication over a finite field of even characteristic|
    US5050213A|1986-10-14|1991-09-17|Electronic Publishing Resources, Inc.|Database usage metering and protection system and method|
    TW490611B|2000-03-31|2002-06-11|Jian-Tsz Hou|Encryption and decryption memory and access control method|
    US7043017B2|2001-09-13|2006-05-09|Freescale Semiconductor, Inc.|Key stream cipher device|
    US7519835B2|2004-05-20|2009-04-14|Safenet, Inc.|Encrypted table indexes and searching encrypted tables|
    WO2006100801A1|2005-03-23|2006-09-28|Kddi Corporation|Key stream encryption device, method, and program|
    US7734969B2|2007-10-30|2010-06-08|Infineon Technologies Ag|Feedback shift register control|
    US9015181B2|2008-09-26|2015-04-21|Commvault Systems, Inc.|Systems and methods for managing single instancing data|US10114832B1|2014-09-17|2018-10-30|EMC IP Holding Company LLC|Generating a data stream with a predictable change rate|
    US10114850B1|2014-09-17|2018-10-30|EMC IP Holding Company LLC|Data stream generation using prime numbers|
    EP3428665B1|2017-07-11|2020-03-25|Nxp B.V.|Fault detection in registers|
    法律状态:
    2017-09-15| MM01| Lapse because of not paying annual fees|Effective date: 20170126 |
    优先权:
    申请号 | 申请日 | 专利标题
    ATA106/2012A|AT511842B1|2012-01-26|2012-01-26|METHOD FOR WRITEING AND READING DATA|ATA106/2012A| AT511842B1|2012-01-26|2012-01-26|METHOD FOR WRITEING AND READING DATA|
    EP13704705.6A| EP2807788A2|2012-01-26|2013-01-22|Method for writing and reading data|
    RU2014134714A| RU2014134714A|2012-01-26|2013-01-22|METHOD FOR RECORDING AND READING DATA|
    US14/374,423| US20150046416A1|2012-01-26|2013-01-22|Method for writing and reading data|
    PCT/AT2013/000010| WO2013110103A2|2012-01-26|2013-01-22|Method for writing and reading data|
    [返回顶部]