1. Field of the Invention
The present invention relates generally to encryption systems, and more particularly to data encryption systems, methods, and computer program products for accelerated encryption and decryption of a data element using both static encryption and dynamic encryption.
2. Description of the Background Art
Data, such as audio and video data, is typically transmitted from an initiating computer system to a data server computer system and is then transmitted to a client computer system. In order to protect the data from theft or improper access, the data may be transmitted in an encrypted form and may be stored on a computer system in an encrypted form. It is desirable to protect data with strong encryption. Static encryption may be implemented as strong encryption.
It will be appreciated by those skilled in the art that data encrypted with a static key that retains the same value during the transmission and storage of the data is statically encrypted data. For example, when data is encrypted at the initiating computer system, transmitted to the server system, and then transmitted to the client computer system before decryption, the data may be referred to as statically encrypted data. Such static encryption provides end-to-end security between the initiating computer system and the client computer system. Static encryption is limited since it requires significant computer resources to process and it is therefore difficult to rapidly change the static encryption key if necessary, especially for large data collections.
It will be appreciated by those skilled in the art that dynamic encryption transformations are performed with a key whose value is typically assigned on a per-use basis and may be rapidly changed during transmission or storage operations associated with the data. In the past, the initiating computer system encrypted the data before transmitting the data on to the data server. Then the data server decrypted the data and dynamically assigned a protected key. The data server then encrypted the data with the new dynamic key prior to further transmission of the data thereby enabling encryption on a per-use basis. For example, when a client computer system requests data the data server may encrypt the data, using a client-specific encryption key, and then transmit the data to the client computer system. Dynamic encryption is typically used to transmit data over the Internet by techniques such as the Secure Sockets Layer (SSL). Dynamic encryption is limited as it consumes significant computer resources since the dynamic encryption is performed each time the dynamic key is changed. Further, dynamic encryption is typically implemented as weak encryption and may not provide strong protection of the data.
Transmission of digital data, such as audio or video data, from the initiating computer system that is managed by a content provider to the data server, and then to the client computer system typically includes static encryption generated by the initiating computer system. If the content provider has a high degree of trust in the security of the data server the data may be decrypted and stored at the data server, and re-encrypted only when transmission to the client computer system is imminent.
Decryption of the interim data is inefficient. Since the content provider seeks to maintain control of the static key, decryption by the server system is limited to trusted intermediary data servers that the content provider has allowed to have access to the content provider's static key and to the decrypted data. Decryption eliminates end-to-end security since the data has been decrypted on an intermediate data server computer system prior to transmission to the client computer system. It will be appreciated by those skilled in the art that decryption and re-encryption may also occur on a trusted client computer system.
Typically, the data server is responsible for protecting and transmitting a large amount of digital data and therefore efficient encryption is required. The constraints of efficient encryption and the inefficiency of interim decryption often limit dynamic encryption to weak encryption, which typically does not provide sufficient protection for the data. Static encryption does not support rapid change of the encryption key, especially for large data collections, and therefore limits the protection of digital data.