WO2007109373A2 - Recording over the key in otp encryption - Google Patents

Recording over the key in otp encryption Download PDF

Info

Publication number
WO2007109373A2
WO2007109373A2 PCT/US2007/007378 US2007007378W WO2007109373A2 WO 2007109373 A2 WO2007109373 A2 WO 2007109373A2 US 2007007378 W US2007007378 W US 2007007378W WO 2007109373 A2 WO2007109373 A2 WO 2007109373A2
Authority
WO
WIPO (PCT)
Prior art keywords
key
byte
location
file
offset
Prior art date
Application number
PCT/US2007/007378
Other languages
French (fr)
Other versions
WO2007109373A3 (en
Inventor
Wolfgang Hammersmith
Zsolt Ari
Original Assignee
Vadium Technology, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vadium Technology, Inc. filed Critical Vadium Technology, Inc.
Publication of WO2007109373A2 publication Critical patent/WO2007109373A2/en
Publication of WO2007109373A3 publication Critical patent/WO2007109373A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher

Definitions

  • the battle for space on memory devices is constant.
  • the regular indexing method for an OTP cipher key is to index to the portion of the key that is • being used to encrypt or decrypt a message and then use that portion without eliminating any key bytes.
  • This has the advantage that the operator can decrypt the ciphertext at the originating station, or decrypt the ciphertext multiple times at the receiving station because the key remains available for reuse. But this method carries a space penalty in that both the key and the cipher text must occupy available memory at the same time.
  • the invention is a method in a one time pad encryption system for saving data storage space.
  • the method includes performing a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message.
  • the steps in each iteration include: read into working memory a byte of plain text message, read from a persistent memory into working memory a byte of key from a key file, and compute an encrypted byte.
  • the location where the encrypted byte is written may be the same as a location from which the byte of key was read, or the location may be offset by one or more bytes from a location from which the byte of key was read.
  • each next byte of key is offset by one from the prior byte of key, or it may be offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm.
  • the next byte of plain text may be offset by one from the prior byte or it may be offset from the prior byte of plain text by an amount specified by an algorithm such that the amount varies according to the algorithm.
  • the number of loop iterations will be at least equal to the number of bytes in the plain text message to be encrypted.
  • the method may further include a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the encrypted byte.
  • the invention is a method in a one time pad decryption system for saving data storage space.
  • the method includes performing a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message.
  • the iterations include reading into working memory a byte of cipher text message, reading from a persistent memory into working memory a byte of key from a key file, and computing a decrypted byte.
  • a file allocation table for a plain text file is updated to show the location in the persistent memory as now part of the plain text
  • a file allocation table for the key file is updated to show the location as no longer part of the key file.
  • the location where the decrypted byte is written may be the same as a location from which the byte of key was read, or the location where the decrypted byte is written may be offset by one or more bytes from a location from which the byte of key was read.
  • next byte of key may be offset by one from the prior byte of key, or it may be offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm.
  • next byte of cipher text may be offset by one from the prior byte or it may be offset from the prior byte of cipher text by an amount specified by an algorithm such that the amount varies according to the algorithm.
  • the number of loop iterations is generally at least equal to a number of bytes in the cipher text message to be decrypted.
  • the method may include a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the decrypted byte.
  • the message was encrypted with the iterations beginning at the end of the key with an offset from a beginning of the key file at least equal to a number of bytes in the cipher text message and proceeding toward a lower offset from the beginning of the key file, then it must be decrypted the same way.
  • the invention is a device with a logic circuit that performs the encryption method or the decryption method described above.
  • the device may be any digital communications terminal, including a mobile telephone or PDA, that contains a programmable or hard wired logic circuit to perform the method.
  • the invention is a method wherein new communications devices each include a unique OTP transport key. A copy of each transport key is kept at a central repository. When people using any two or more of these devices wish to communicate with each other securely, one copy of a new communications key is encrypted with the transport key for device A and sent to device A and a second copy is likewise sent to device B.
  • Figure 1 shows the encryption method.
  • Figure 2 shows the decryption method.
  • This invention can be practiced with any form of persistent memory storing the key that is converted to a message, whether cipher text or plain text, including a hard disk drive or a solid state rewritable memory.
  • the persistent memory can be just about anything that when the electricity is turned off the data is not lost. This includes FlashRam, USB memory sticks, Bio Devices, Hard drives, SD cards, etc. Even RAM could be used for the purpose of this invention as long as electricity is not turned off.
  • this method uses bytes from the end of the key first, moving toward the beginning of the key as encryption or decryption occurs.
  • the method can be done working from the beginning of the key to the end, but this requires more tracking of address data and is more complicated for maintaining file allocation tables. Because cipher text must be decrypted in the order it was encrypted, whichever direction is chosen for encryption, the same direction must be used for decryption.
  • the key is processed from the end toward the beginning and the method is used for short messages that are entirely received before decryption is commenced, it is simplest to also process the messages from the end toward the beginning. However, it is also possible to process the key in one direction and the message in the other, and this is preferred where the message is long such that encryption and transmission should start before the message generation is completed.
  • the method can be performed using any number of bits in a processed byte.
  • the optimal number of bits to include in each byte will depend on the processor that is used. Most contemporary processors will be most efficient using 8 bit bytes, others using 64 bit bytes, and others in between. [0025] As shown in Figure 1 , in one embodiment, the encryption process is:
  • the decryption process is,
  • This method ensures that each portion of the key is used only once because it is erased as it is used whether for encryption or decryption. [0029] Because the key is erased as it us used, this method is not ideal for an archive key, nor is it ideal for a decrypt key in an application that is required to decrypt the same cipher text multiple times,
  • cipher text messages must be decrypted in order they were encrypted, otherwise the key could not be deleted to make space as it is used.
  • alternative file allocation table methods can be implemented. For applications where streaming encryption is used, this method functions perfectly.
  • a device For the encryption or decryption process, a device has a fixed amount of persistent storage available to it, which it has to joggle to accomplish the task. The available space is partially taken up by the OTP key file and the PlainText file with some remaining free space. For simplicity sake, the PlainText file and the OTP key file can take up a contiguous space on the device, however in reality it is left up to the device how it wants to organize the files on its available space, typically using a file allocation table.
  • this method can be used with or in,
  • This method is particularly helpful in a new form of electronic key distribution in which large numbers of new communications devices distributed each include a very large capacity persistent rewritable memory containing a unique OTP key called a transport key. A copy of each transport key is kept at a central repository. As millions of devices are distributed, millions of unique very large transport keys, one for each device, are stored in the repository. [0034] Then, when people using any two or more of these devices wish to communicate with each other securely, a new OTP communications key is generated for them to use.
  • One copy of the new communications key is encrypted with the transport key for device A and sent via an open network to device A where the communications key is decrypted, using up a portion of the transport key that was built into device A when it was made and replacing it with the communications key.
  • a second copy of the new communications key is encrypted with the transport key for device B and sent via an open network to device B where the communications key is decrypted, using up a portion of the transport key that was built into device B when it was made and replacing it with the communications key.
  • the process is repeated for as many devices as are allowed to participate in the secure communications.
  • each new communications device is given a large enough transport key, it will then be able to convert that key to enough usable communications key by this method to last as long as the typical useful life of the device.
  • the transport keys may be removable and replaceable with new physically distributed keys so the useful life of the device can be extended.
  • the persistent memory with an OTP transport key may be a hard disk drive or a rewritable solid state memory such as flash memory.

Abstract

The large keys required by one-time pad (OTP) ciphers occupy valuable drive or other memory space. This method erases key bytes as they are used, replacing them with encrypted or decrypted data depending upon the mode of operation of the cipher. By using this method, an OTP key is replaced with new data to be stored as the key is consumed in standard cipher operations. New communications devices can each include a unique OTP transport key. A copy of each transport key is kept at a central repository. When people using any two or more of these devices wish to communicate with each other securely, one copy of a new communications key is encrypted with the transport key for device A and sent to device A and a second copy is likewise sent to device B.

Description

Recording over the key in OTP encryption
Background
[0001] The battle for space on memory devices is constant. The regular indexing method for an OTP cipher key is to index to the portion of the key that is being used to encrypt or decrypt a message and then use that portion without eliminating any key bytes. This has the advantage that the operator can decrypt the ciphertext at the originating station, or decrypt the ciphertext multiple times at the receiving station because the key remains available for reuse. But this method carries a space penalty in that both the key and the cipher text must occupy available memory at the same time.
[0002] The method disclosed herein trades key space with cipher text / message space, making efficient use of available memory.
Summary [0003] In one aspect, the invention is a method in a one time pad encryption system for saving data storage space. The method includes performing a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message. The steps in each iteration include: read into working memory a byte of plain text message, read from a persistent memory into working memory a byte of key from a key file, and compute an encrypted byte. Then write the encrypted byte into a location in the persistent memory formerly occupied by a byte of key, update a file allocation table for a cipher text file to show the location in the persistent memory as now part of the cipher text, and update a file allocation table for the key file to show the location as no longer part of the key file. [0004] In this method, the location where the encrypted byte is written may be the same as a location from which the byte of key was read, or the location may be offset by one or more bytes from a location from which the byte of key was read.
In this method, each next byte of key is offset by one from the prior byte of key, or it may be offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm. [0005] Likewise, the next byte of plain text may be offset by one from the prior byte or it may be offset from the prior byte of plain text by an amount specified by an algorithm such that the amount varies according to the algorithm.
[0006] In some embodiments, the number of loop iterations will be at least equal to the number of bytes in the plain text message to be encrypted.
[0007] The method may further include a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the encrypted byte.
[0008] In this method, there are benefits in simplicity of key management if the iterations begin at the end of the key, with an offset from a beginning of the key file at least equal to a number of bytes in the plain text message, and proceed toward the beginning of the key file.
[0009] In another aspect, the invention is a method in a one time pad decryption system for saving data storage space. The method includes performing a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message. The iterations include reading into working memory a byte of cipher text message, reading from a persistent memory into working memory a byte of key from a key file, and computing a decrypted byte. Then the decrypted byte is written into a location in the persistent memory formerly occupied by a byte of key, a file allocation table for a plain text file is updated to show the location in the persistent memory as now part of the plain text, and a file allocation table for the key file is updated to show the location as no longer part of the key file.
[0010] In this method, the location where the decrypted byte is written may be the same as a location from which the byte of key was read, or the location where the decrypted byte is written may be offset by one or more bytes from a location from which the byte of key was read.
[0011] As with the encryption method, the next byte of key may be offset by one from the prior byte of key, or it may be offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm. [0012] Likewise, the next byte of cipher text may be offset by one from the prior byte or it may be offset from the prior byte of cipher text by an amount specified by an algorithm such that the amount varies according to the algorithm.
[0013] The number of loop iterations is generally at least equal to a number of bytes in the cipher text message to be decrypted.
[0014] The method may include a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the decrypted byte.
[0015] If the message was encrypted with the iterations beginning at the end of the key with an offset from a beginning of the key file at least equal to a number of bytes in the cipher text message and proceeding toward a lower offset from the beginning of the key file, then it must be decrypted the same way.
[0016] In another aspect, the invention is a device with a logic circuit that performs the encryption method or the decryption method described above. The device may be any digital communications terminal, including a mobile telephone or PDA, that contains a programmable or hard wired logic circuit to perform the method.
[0017] In another aspect, the invention is a method wherein new communications devices each include a unique OTP transport key. A copy of each transport key is kept at a central repository. When people using any two or more of these devices wish to communicate with each other securely, one copy of a new communications key is encrypted with the transport key for device A and sent to device A and a second copy is likewise sent to device B.
Brief Description of the Figures
[0018] Figure 1 shows the encryption method.
[0019] Figure 2 shows the decryption method. Detailed Description
[0020] This invention can be practiced with any form of persistent memory storing the key that is converted to a message, whether cipher text or plain text, including a hard disk drive or a solid state rewritable memory. The persistent memory can be just about anything that when the electricity is turned off the data is not lost. This includes FlashRam, USB memory sticks, Bio Devices, Hard drives, SD cards, etc. Even RAM could be used for the purpose of this invention as long as electricity is not turned off.
[0021] In one time pad encryption, the key and the message, whether plain text (which might be compressed) or cipher text, take up the same number of bytes, so replacing key with message makes a good fit.
[0022] In one embodiment, this method uses bytes from the end of the key first, moving toward the beginning of the key as encryption or decryption occurs. The method can be done working from the beginning of the key to the end, but this requires more tracking of address data and is more complicated for maintaining file allocation tables. Because cipher text must be decrypted in the order it was encrypted, whichever direction is chosen for encryption, the same direction must be used for decryption.
[0023] If the key is processed from the end toward the beginning and the method is used for short messages that are entirely received before decryption is commenced, it is simplest to also process the messages from the end toward the beginning. However, it is also possible to process the key in one direction and the message in the other, and this is preferred where the message is long such that encryption and transmission should start before the message generation is completed.
[0024] The method can be performed using any number of bits in a processed byte. The optimal number of bits to include in each byte will depend on the processor that is used. Most contemporary processors will be most efficient using 8 bit bytes, others using 64 bit bytes, and others in between. [0025] As shown in Figure 1 , in one embodiment, the encryption process is:
1. Obtain the current length of the OTP key 8 and compare it to the length of the message to be encrypted 4. 2. If there are not enough bytes in the key, warn the user and stop. If there are enough bytes in the key, proceed.
3. Begin loop iteration from zero to the length of the message minus 1.
4. For each loop iteration, using the next byte unit of key and the next byte S unit of message: , a. Read from persistent memory into working memory the current byte of the plain text message 2 and the current end byte of the key 1 , working from the end of the key toward the beginning, and compute the encrypted byte, 0 b. Delete the last byte of the key in the persistent memory (the byte that was just read) (actual DOD standard wiping may be used here), c. Write out the resulting cipher text into the persistent memory location where the byte of key was stored 3 and update the file allocation table for each file to show this byte as now part of the cipher text, 5 d. Advance the plaintext pointer and repeat the loop.
5. Attach an appropriate header to the ciphertext so that decryption can be performed with the proper key.
[0026] As shown in Figure 2, in one embodiment, the decryption process is,
1. Obtain the current length of the OTP key 8 and compare it to the length of 0 the encrypted message 10.
2. Recover and read the message header. If the message header matches the key value, proceed. If it does not, warn the user and stop.
3. If there are not enough bytes in the key, warn the user and stop. If there are enough bytes in the key, proceed. 5 4. Moving from the end of the key 8 toward the beginning, begin loop iteration from zero to the length of the message minus 1.
5. For each loop iteration, using the next byte unit of key and the next byte unit of message, a. Read from persistent memory into working memory the current byte 0 of the ciphertext message 6 and the last byte of the key 5 and compute the decrypted byte, b. Delete the byte of key used (DOD standard wiping may be used here), c. Write out the resulting plaintext into the persistent memory location where the byte of the key was stored 7 and update the file allocation table for each file to show this byte as now part of the plain text, d. Advance the cipher text pointer and repeat the loop.
6. Attach appropriate header to the plaintext, which may also provide BioMetric or other identifying information.
[0027] This method works best working from the end of the key to the beginning ("reverse indexing") because the preferred key file format is to keep a header at the position zero of the key,
[0028] This method ensures that each portion of the key is used only once because it is erased as it is used whether for encryption or decryption. [0029] Because the key is erased as it us used, this method is not ideal for an archive key, nor is it ideal for a decrypt key in an application that is required to decrypt the same cipher text multiple times,
[0030] In the embodiment described above, cipher text messages must be decrypted in order they were encrypted, otherwise the key could not be deleted to make space as it is used. However, to allow messages to be decrypted in any order and stored in the persistent memory in place of the key, alternative file allocation table methods can be implemented. For applications where streaming encryption is used, this method functions perfectly.
[0031] For the encryption or decryption process, a device has a fixed amount of persistent storage available to it, which it has to joggle to accomplish the task. The available space is partially taken up by the OTP key file and the PlainText file with some remaining free space. For simplicity sake, the PlainText file and the OTP key file can take up a contiguous space on the device, however in reality it is left up to the device how it wants to organize the files on its available space, typically using a file allocation table.
Uses [0032] Generally, this method can be used with or in,
• electronic key distribution to reduce the number of additional memory devices necessary for encryption or decryption,
• automated processes, such as vehicle data reporting, location reporting, ROV traffic where encrypted images or other data is sent in streaming mode,
• medical scanner data transmission where a patient's data must not be revealed as it is transmitted from a scanner to multiple doctors at different locations who are consulting on a case, and, • streaming encrypted video, encrypted voice on cell and other equipment, satellite downloads and subsequent ground distribution, bulk encryption processes, and other similar encrypted data streaming applications.
Transport Keys Embedded in New Communications Devices
[0033] This method is particularly helpful in a new form of electronic key distribution in which large numbers of new communications devices distributed each include a very large capacity persistent rewritable memory containing a unique OTP key called a transport key. A copy of each transport key is kept at a central repository. As millions of devices are distributed, millions of unique very large transport keys, one for each device, are stored in the repository. [0034] Then, when people using any two or more of these devices wish to communicate with each other securely, a new OTP communications key is generated for them to use. One copy of the new communications key is encrypted with the transport key for device A and sent via an open network to device A where the communications key is decrypted, using up a portion of the transport key that was built into device A when it was made and replacing it with the communications key. A second copy of the new communications key is encrypted with the transport key for device B and sent via an open network to device B where the communications key is decrypted, using up a portion of the transport key that was built into device B when it was made and replacing it with the communications key. The process is repeated for as many devices as are allowed to participate in the secure communications. [0035] This method solves the problem of securely distributing OTP keys via networks. The only secure way to distribute an OTP key without using up as much encryption resource as is delivered, for zero net gain, is to distribute keys in physical memories rather than via an open computer network. Whenever a new communications device is manufactured, it must be physically distributed. This is an opportunity to also deliver a large OTP transport key.
[0036] If each new communications device is given a large enough transport key, it will then be able to convert that key to enough usable communications key by this method to last as long as the typical useful life of the device. Alternatively, the transport keys may be removable and replaceable with new physically distributed keys so the useful life of the device can be extended. The persistent memory with an OTP transport key may be a hard disk drive or a rewritable solid state memory such as flash memory.
[0037] Although the present invention has been described in detail with reference to certain preferred embodiments, other embodiments are possible. Therefore, the spirit or scope of the appended claims should not be limited to the description of the embodiments contained herein. It is intended that the invention resides in the claims hereinafter appended.

Claims

We claim:
1. A method in a one time pad encryption system for saving data storage space, comprising the steps: perform a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message: a. read into working memory a byte of plain text message, read from a persistent memory into working memory a byte of key from a key file, and compute an encrypted byte, b. write the encrypted byte into a location in the persistent memory formerly occupied by a byte of key, update a file allocation table for a cipher text file to show the location in the persistent memory as now part of the cipher text, and update a file allocation table for the key file to show the location as no longer part of the key file.
2. The method of claim 1 wherein the location where the encrypted byte is written is the same as a location from which the byte of key was read.
3. The method of claim 1 wherein the location where the encrypted byte is written is offset by one or more bytes from a location from which the byte of key was read.
4. The method of claim 1 wherein each next byte of key is offset by one from the prior byte of key.
5. The method of claim 1 wherein each next byte of key is offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm.
6. The method of claim 1 wherein each next byte of plain text is offset from the prior byte of plain text by an amount specified by an algorithm such that the amount varies according to the algorithm.
7. The method of claim 1 wherein the number of loop iterations is at least equal to a number of bytes in the plain text message to be encrypted.
8. The method of claim 1 further comprising a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the encrypted byte.
9. The method of claim 1 wherein the iterations begin with an offset from a beginning of the key file at least equal to a number of bytes in the plain text message and proceed toward a lower offset from the beginning of the key file.
10. A method in a one time pad decryption system for saving data storage space, comprising the steps: perform a plurality of loop iterations, on each loop iteration using a next byte of key and a next byte of message: a. read into working memory a byte of cipher text message, read from a persistent memory into working memory a byte of key from a key file, and compute a decrypted byte, b. write the decrypted byte into a location in the persistent memory formerly occupied by a byte of key, update a file allocation table for a plain text file to show the location in the persistent memory as now part of the plain text, and update a file allocation table for the key file to show the location as no longer part of the key file.
11. The method of claim 10 wherein the location where the decrypted byte is written is the same as a location from which the byte of key was read.
12. The method of claim 10 wherein the location where the decrypted byte is written is offset by one or more bytes from a location from which the byte of key was read.
13. The method of claim 10 wherein each next byte of key is offset by one from the prior byte of key.
14. The method of claim 10 wherein each next byte of key is offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm.
15. The method of claim 10 wherein each next byte of cipher text is offset from the prior byte of cipher text by an amount specified by an algorithm such that the amount varies according to the algorithm.
16. The method of claim 10 wherein the number of loop iterations is at least equal to a number of bytes in the cipher text message to be decrypted.
17. The method of claim 10 further comprising a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the decrypted byte.
18. The method of claim 10 wherein the iterations begin with an offset from a beginning of the key file at least equal to a number of bytes in the cipher text message and proceed toward a lower offset from the beginning of the key file.
19. A data storage space saving encryption device, comprising: a logic circuit that performs a plurality of loop iterations and, on each loop iteration, using a next byte of key and a next byte of message: a. reads into working memory a byte of plain text message, reads from a persistent memory into working memory a byte of key from a key file, and computes an encrypted byte, b. writes the encrypted byte into a location in the persistent memory formerly occupied by a byte of key, updates a file allocation table for a cipher text file to show the location in the persistent memory as now part of the cipher text, and updates a file allocation table for the key file to show the location as no longer part of the key file.
20. The device of claim 19 wherein the location where the encrypted byte is written is the same as a location from which the byte of key was read.
21. The device of claim 19 wherein the location where the encrypted byte is written is offset by one or more bytes from a location from which the byte of key was read.
22. The device of claim 19 wherein each next byte of key is offset by one from the prior byte of key.
23. The device of claim 19 wherein each next byte of key is offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm.
24. The device of claim 19 wherein each next byte of plain text is offset from the prior byte of plain text by an amount specified by an algorithm such that the amount varies according to the algorithm.
25. The device of claim 19 wherein the number of loop iterations is at least equal to a number of bytes in the plain text message to be encrypted.
26. The device of claim 19 further comprising a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the encrypted byte.
27. The device of claim 19 wherein the iterations begin with an offset from a beginning of the key file at least equal to a number of bytes in the plain text message and proceed toward a lower offset from the beginning of the key file.
S 28. A data storage space saving decryption device, comprising: a logic circuit that performs a plurality of loop iterations and, on each loop iteration, using a next byte of key and a next byte of message: a. reads into working memory a byte of cipher text message, reads from a persistent memory into working memory a byte of key from a key 0 file, and computes a decrypted byte, b. writes the decrypted byte into a location in the persistent memory formerly occupied by a byte of key, updates a file allocation table for a plain text file to show the location in the persistent memory as now part of the plain text, and updates a file allocation table for the key file to 5 show the location as no longer part of the key file.
29. The device of claim 28 wherein the location where the decrypted byte is written is the same as a location from which the byte of key was read.
0 30. The device of claim 28 wherein the location where the decrypted byte is written is offset by one or more bytes from a location from which the byte of key was read.
31. The device of claim 28 wherein each next byte of key is offset by one from the 5 prior byte of key.
32. The device of claim 28 wherein each next byte of key is offset from the prior byte of key by a amount specified by an algorithm such that the amount varies according to the algorithm. 0
33. The device of claim 28 wherein each next byte of cipher text is offset from the prior byte of cipher text by an amount specified by an algorithm such that the amount varies according to the algorithm.
34. The device of claim 28 wherein the number of loop iterations is at least equal to a number of bytes in the cipher text message to be decrypted.
35. The device of claim 28 further comprising a memory wiping step performed on the location after reading a byte of key from the location and prior to writing the decrypted byte.
36. The device of claim 28 wherein the iterations begin with an offset from a beginning of the key file at least equal to a number of bytes in the cipher text message and proceed toward a lower offset from the beginning of the key file.
37. A method for securely distributing a shared communications encryption key across an insecure medium to two networked communications devices, comprising: a. having at a central key service computer system a plurality of one time pad transport keys where no two keys have the same contents; b. manufacturing and securely distributing a first communications device with a copy of a first transport key of the plurality of transport keys stored in a persistent memory within the device; c. manufacturing and securely distributing a second communications device with a copy of a second transport key of the plurality of transport keys stored in a persistent memory within the device; d. at the central key service computer, using a portion of the transport key for the first communications device to encrypt a one time pad communications key and then distributing the encrypted communications key across an insecure network to the first communications device where it is decrypted by the first communications device using a portion of its copy of its transport key; and e. at the central key service computer, using a portion of the transport key for the second communications device to encrypt the one time pad communications key and then distributing the encrypted communications key across an insecure network to the second communications device where it is decrypted by the second computer system using a portion of its copy of its transport key.
38. The method of claim 37 where the portion of each transport key used to decrypt the communications key is less than one half of the transport key.
39. The method of claim 37 where the portion of each transport key used to decrypt the communications key is less than one tenth of the transport key.
40. The method of claim 37 where the portion of each transport key used to decrypt the communications key is less than one one-hundredth of the transport key.
PCT/US2007/007378 2006-03-22 2007-03-22 Recording over the key in otp encryption WO2007109373A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US78500306P 2006-03-22 2006-03-22
US60/785,003 2006-03-22

Publications (2)

Publication Number Publication Date
WO2007109373A2 true WO2007109373A2 (en) 2007-09-27
WO2007109373A3 WO2007109373A3 (en) 2007-11-08

Family

ID=38523123

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/007378 WO2007109373A2 (en) 2006-03-22 2007-03-22 Recording over the key in otp encryption

Country Status (1)

Country Link
WO (1) WO2007109373A2 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008011882A1 (en) * 2008-02-29 2009-11-05 Robert Niggl Device and method for controlled data exchange between at least two data carriers
EP2745212A1 (en) * 2011-08-19 2014-06-25 Quintessencelabs Pty Ltd Virtual zeroisation system and method
WO2018191772A2 (en) 2017-04-19 2018-10-25 Quintessencelabs Pty Ltd. Encryption enabling storage systems
EP3461057A1 (en) * 2017-09-25 2019-03-27 The Boeing Company Systems and methods for facilitating data encryption and decryption and erasing of associated information
US20190095269A1 (en) 2017-09-25 2019-03-28 The Boeing Company Systems and methods for facilitating truly random bit generation
CN111932752A (en) * 2020-07-09 2020-11-13 腾讯科技(深圳)有限公司 Remote control method and system of access control equipment and storage medium
US10924263B2 (en) 2017-09-25 2021-02-16 The Boeing Company Systems and methods for facilitating iterative key generation and data encryption and decryption
DE102020002423A1 (en) 2020-01-20 2021-07-22 HENSOLDT Cyber GmbH Device and method for data storage

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020056820A (en) * 2001-12-10 2002-07-10 최창원 One-time key generating method for public-key algorithm
KR20040085113A (en) * 2004-09-09 2004-10-07 조정현 Method for using and generating one pass key in wireless mobile network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020056820A (en) * 2001-12-10 2002-07-10 최창원 One-time key generating method for public-key algorithm
KR20040085113A (en) * 2004-09-09 2004-10-07 조정현 Method for using and generating one pass key in wireless mobile network

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102008011882B4 (en) * 2008-02-29 2010-04-01 Robert Niggl Device and method for controlled data exchange between at least two data carriers
DE102008011882A1 (en) * 2008-02-29 2009-11-05 Robert Niggl Device and method for controlled data exchange between at least two data carriers
EP2745212A1 (en) * 2011-08-19 2014-06-25 Quintessencelabs Pty Ltd Virtual zeroisation system and method
EP2745212A4 (en) * 2011-08-19 2015-01-21 Quintessencelabs Pty Ltd Virtual zeroisation system and method
US10102383B2 (en) 2011-08-19 2018-10-16 Quintessencelabs Pty Ltd. Permanently erasing mechanism for encryption information
EP3612971A4 (en) * 2017-04-19 2021-02-17 Quintessencelabs Pty Ltd Encryption enabling storage systems
WO2018191772A2 (en) 2017-04-19 2018-10-25 Quintessencelabs Pty Ltd. Encryption enabling storage systems
AU2018255501B2 (en) * 2017-04-19 2022-08-04 Quintessencelabs Pty Ltd. Encryption enabling storage systems
US11341251B2 (en) 2017-04-19 2022-05-24 Quintessencelabs Pty Ltd. Encryption enabling storage systems
CN109560922A (en) * 2017-09-25 2019-04-02 波音公司 System and method for facilitating the erasing of data encryption and decryption and related information
CN109560922B (en) * 2017-09-25 2023-10-20 波音公司 System and method for facilitating data encryption and decryption and erasure of associated information
US10860403B2 (en) 2017-09-25 2020-12-08 The Boeing Company Systems and methods for facilitating truly random bit generation
US10924263B2 (en) 2017-09-25 2021-02-16 The Boeing Company Systems and methods for facilitating iterative key generation and data encryption and decryption
JP2019080307A (en) * 2017-09-25 2019-05-23 ザ・ボーイング・カンパニーThe Boeing Company Systems and methods for facilitating data encryption and decryption and erasing associated information
US10965456B2 (en) 2017-09-25 2021-03-30 The Boeing Company Systems and methods for facilitating data encryption and decryption and erasing of associated information
JP7233872B2 (en) 2017-09-25 2023-03-07 ザ・ボーイング・カンパニー Systems and methods for facilitating data encryption and decryption and erasure of associated information
US20190095269A1 (en) 2017-09-25 2019-03-28 The Boeing Company Systems and methods for facilitating truly random bit generation
EP3461057A1 (en) * 2017-09-25 2019-03-27 The Boeing Company Systems and methods for facilitating data encryption and decryption and erasing of associated information
DE102020002423A1 (en) 2020-01-20 2021-07-22 HENSOLDT Cyber GmbH Device and method for data storage
CN111932752A (en) * 2020-07-09 2020-11-13 腾讯科技(深圳)有限公司 Remote control method and system of access control equipment and storage medium
CN111932752B (en) * 2020-07-09 2023-11-14 腾讯科技(深圳)有限公司 Remote control method, system and storage medium of access control equipment

Also Published As

Publication number Publication date
WO2007109373A3 (en) 2007-11-08

Similar Documents

Publication Publication Date Title
WO2007109373A2 (en) Recording over the key in otp encryption
EP1279249B1 (en) One-time-pad encryption with central key service and keyable characters
CN1641717B (en) Firmware encrypting and decrypting method and an apparatus using the same
CN1983227B (en) Removable computer with mass storage
US6993661B1 (en) System and method that provides for the efficient and effective sanitizing of disk storage units and the like
US7650499B2 (en) Encryption apparatus and decryption apparatus
CN102855452B (en) Fast Data Encipherment strategy based on encryption chunk is deferred to
US20150304104A9 (en) One-time-pad encryption with central key service
US20010039620A1 (en) Method for protecting a memory card, and a memory card
US20080301775A1 (en) Method and apparatus for securing data in a memory device
EP1176755A3 (en) Key distribution system, method and program providing medium
CN104298926B (en) A kind of method and apparatus for running encryption file
US8983072B2 (en) Portable data carrier featuring secure data processing
US20070153580A1 (en) Memory arrangement, memory device, method for shifting data from a first memory device to a second memory device, and computer program element
CN105718808A (en) File encryption storage system and method based on multiple network disks
CN1211750C (en) Sentence informance recording method and sentence informance processing device
CN111866864A (en) Method, device and storage medium for realizing encrypted storage and safe use management of cloud platform certificate based on wireless AP
KR100859651B1 (en) Storage medium of recording data structure for storing variable size data, method of storing variable size data, and computer-readable storage medium of storing program for executing method of storing variable size data
EP1942437A1 (en) Data processing apparatus
CN110516457B (en) Data storage method, data reading method and storage device
CN103001774B (en) Method and device for managing package file
KR101659396B1 (en) Method for Processing Security between RF Writer and Reader
CN116910781B (en) Mobile phone backup data searching device based on background password verification
US20210297248A1 (en) Storage device and controlling method
CN110909385B (en) Safety management method for storage data in esim card

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07753962

Country of ref document: EP

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 07753962

Country of ref document: EP

Kind code of ref document: A2