EP3639176A1 - Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys - Google Patents
Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keysInfo
- Publication number
- EP3639176A1 EP3639176A1 EP18818117.6A EP18818117A EP3639176A1 EP 3639176 A1 EP3639176 A1 EP 3639176A1 EP 18818117 A EP18818117 A EP 18818117A EP 3639176 A1 EP3639176 A1 EP 3639176A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- transmission
- key
- cipher
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0041—Arrangements at the transmitter end
Definitions
- Sub-Channels which is a nonprovisional conversion of US Provisional Application number 62/540,307 filed August 2, 2017 and entitled, "Devices for Transmitting and Communicating Randomized Encrypted Data Utilizing Sub-Channels".
- the technical field comprises cyber security. More specifically, the present disclosure relates to randomization and securitization of communications, and more particularly to devices and an associated system that conceals and reveals signals between devices to ensure that the communications are discoverable by only designated third parties. Methods and devices for securitization of these (primarily digital and normally two-way) communications using applications that may be combined with authorization and validation for receiving, storing, and retrieval of electronic, optical, and/or electro-optical communications in the form of voice, data, or optical transmissions, are also included.
- the present disclosure includes devices and a system that is specifically suited for data transmission applications that require a need for discrete communications, preserving privacy of information, electronic commerce transactions, electronic mail communications and the like.
- plaintext also refers to serial data transferred, for example, from a communication system such as a satellite, telephone or electronic mail system.
- Terms such as 'encryption' and 'enciphering', 'encrypted' and 'ciphered', 'encrypting device' and 'ciphering device', 'decrypting device' and 'decipher device' have an equivalent meaning within cryptology and are herein used to describe devices and methods that include encryption and decryption techniques.
- Network security is a burgeoning field.
- encryption algorithms for example, public key encryption techniques using RSA and Diffie-Hellman are widely used.
- Well known public key encryption techniques generally described in the following U.S. Pat. Nos: 4,200,770 entitled, Cryptographic Apparatus and Method, invented by Hellman, Diffie and Merkle; 4,218,582 entitled, Public Key Cryptographic Apparatus and Method, invented by Hellman and Merkle; 4,405,829 entitled Cryptographic Communications System and Method, invented by Rivest, Shamir and Adleman; and 4,424,414 entitled, Exponentiation Cryptographic Apparatus and Method, invented by Hellman and Pohlig.
- Another trend in data mobility is to upload and download data on demand over a network, so that the most recent version of the data is always accessible and can be shared only with authorized users.
- This facilitates the use of "thin client" software and minimizes the cost of storing replicated versions of the data, facilitates the implementation of a common backup and long-term storage retention and/or purging plan, and may provide enhanced visibility and auditing as to who accessed the data and the time of access, as may be required for regulatory compliance.
- thin client software greatly increases the vulnerability of such data to hackers who are able to penetrate the firewalls and other mechanisms, unless the data is encrypted on the storage medium in such a way that only authorized users could make sense of it, even if an unauthorized user were able to access the encrypted files.
- DES Data Encryption Standard
- NSS National Institute of Standards and Technology
- FEAL Fast data encipherment algorithm
- Current file encryption systems provide a technique for a general-purpose computer to encrypt or decrypt computer-based files.
- Current encryption and decryption techniques typically rely on lengthy strings (e.g., 1024 bits, 2048 bits, 4096 bits, or more) to provide for secure encryption or decryption of files.
- Computer performance suffers due to the amount of data in the messages as well as the size of the encryption keys themselves.
- Asymmetric file encryption systems use a different key to encrypt a file from the key used to decrypt the encrypted file.
- Many current file encryption systems rely on asymmetric encryption, such as those that rely on public key/private key pairs.
- An example of an encryption algorithm that utilizes public key/private key pairs is the RSA (Rivest, Shamir, and Adleman) algorithm.
- Symmetric file systems use an identical key to encrypt a file as the key used to decrypt the encrypted file.
- Certain file encryption systems utilize a cryptographic process or random number generator to derive a random symmetric key known as the file encryption key (FEK).
- the FEK is used to encrypt the file.
- Symmetric cryptography functions up to five orders of magnitude faster than asymmetric cryptography on files. Even with a very fast key device or software that encrypts/decrypts using the asymmetric key, any such file encryption system still has to overcome the fact that asymmetric keys generally operate at orders of magnitude slower than symmetric keys.
- the present disclosure relates generally to a cryptographic management scheme that provides for network security, mobile security and specifically and more particularly relates to devices and a system for creating and manipulating encryption keys without risking the security of the key.
- the present disclosure addresses all of the needs described directly herein, as well as described earlier above. Summary
- the present disclosure and associate inventiveness can be described as one or more combined devices that encrypt data transmitted to and/or decrypt data received from the devices that utilize one or more master keys comprising; at least one encrypter or decrypter or both an encrypter and a decrypter such that encryption or decryption or both encryption and decryption of the data or associated data files or both data and data files utilize one or more master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more encryption keys that encrypt and/or decrypt the data or associated data files or both data and data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data or cipher data files or both cipher data and cipher data files, and wherein the key selectors and the cipher data and the cipher data files produce result data and result data files such that the cipher data and cipher data files together with the result data and result data files are sealed in that produced encrypted data
- a transmission(s) combiner that combines transmission(s) from the forward error correction encoder with transmission(s) from the sub-channel encoder
- a transmission(s) encrypter that receives combined transmission(s) from the transmission(s) combiner, wherein the transmission(s) encrypter receives one or more encrypter keys (KE) and the combined transmission(s), such that the combined transmission(s) are encrypted by the transmission(s) encrypter and sent to a transmission(s) transmitter and wherein the transmission(s) are in a form of cipher text;
- KE encrypter keys
- a transmission(s) receiver that receives the cypher text and sends the cypher text to a transmission(s) decrypter, such that the cypher text is decrypted and wherein the one or more combined systems further comprise; at least one executable coded cipher key(s), and at least one executable coded encryption key (ECEK) device that encrypts transmission(s) that uses executable cipher coded key(s), and at least one executable coded decryption key (ECDK) device that decrypts transmission(s) that also uses at least one executable coded cipher key(s), such that a combined device is a RDDS/ECDK device that transmits randomized encrypted data with data sub-channels and with executable coded encryption keys; at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus such that the address bus accesses a designated range of computer memories and range of memory bits and the data
- the key selectors themselves are encrypted and decrypted.
- executable cipher keys contain meta data.
- these devices comprise a real or virtual master distributed auto-synchronous array (DAS A) database or both one or more real and virtual master distributed auto-synchronous array (DASA) databases located within or external to the one or more combined devices that at least stores and retrieves data and that includes at least two or more partial distributed auto-synchronous array (DASA) databases wherein the partial DASA databases function in either an independent manner, a collaborative manner or both, and wherein the master and partial DASA databases allow for bi-directional transmission of data to and from multiple partial user devices, to and from multiple partial access devices or to and from both partial user and partial access devices, wherein the one or more partial user and access devices store and provide at least partial copies of portions of the master DASA database and wherein the master DASA database, the partial DASA databases or both partial and master DASA databases are linked and communicate with each other as well as one or more logging and monitoring databases capable of statistical and numerical calculations utilizing the data, wherein the tools authenticate using a first set of computing operations, validates using a second set of computing operations,
- the master and partial DASA databases analyze and provide information in a form of data and act to control one or more output devices, wherein the output devices create user devices.
- the one or more combined systems that encrypt data transmitted to or decrypt data or both transmit and decrypt data received from the one or more combined systems that utilize one or more master keys comprising; at least one encrypter or decrypter or both an encrypter and a decrypter such that encryption or decryption or both encryption and decryption of said data or associated data files or both data and data files utilize one or more master keys and one or more key selectors, wherein the master keys and key selectors produce a specific set of one or more encryption keys that encrypt and/or decrypt the data or associated data files or both data and data files such that one or more key selectors coincide with at least one value that directly corresponds with created cipher data or cipher data files or both cipher data and cipher data files, and wherein the key selectors and the cipher data and the cipher data files produce result data and result data files such that the cipher data and cipher data files together with the result data and result data files are sealed in
- a transmission(s) combiner that combines transmission(s) from the forward error correction encoder with transmission(s) from the sub-channel encoder
- a transmission(s) encrypter that receives combined transmission(s) from transmission(s) combiner, wherein the transmission(s) encrypter receives one or more encrypter keys (KE) and the combined transmission(s), such that the combined transmission(s) are encrypted by the transmission(s) encrypter and sent to a transmission(s) transmitter and wherein the transmission(s) are in a form of cipher text;
- KE encrypter keys
- a transmission(s) receiver that receives the cypher text and sends the cypher text to a transmission(s) decrypter, such that the cypher text is decrypted and wherein the one or more combined systems further comprise; at least one executable coded cipher key(s), and at least one executable coded encryption key (ECEK) device that encrypts transmission(s) that uses executable cipher coded key(s), and at least one executable coded decryption key (ECDK) device that decrypts transmission(s) that also uses at least one executable coded cipher key(s), such that a combined device is a RDDS/ECDK device that transmits randomized encrypted data with data sub-channels and with executable coded encryption keys; at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus such that the address bus accesses a designated range of computer memories and range of memory bits and the data
- the key selectors themselves are encrypted and decrypted.
- the executable cipher keys contain meta data.
- FIG. 1 is a flow diagram for the Dynamically Selectable Encryption System (DSES) without the Hidden Portion
- FIG. 2 is a flow diagram for the Dynamically Selectable Decryption System (DSDS) without the Hidden Portion
- FIG. 3 is a flow diagram that describes the Dynamically Selectable Encryption System (DSES) with the Hidden Portion
- Figure 4 is a flow diagram that describes the Dynamically Selectable Decryption System (DSDS) with the Hidden Portion
- Figure 5 is a flow diagram that describes the Dynamically Selectable Encryption System (DSES) with and Indirect Hidden Portion
- FIG. 6 is a flow diagram that describes the Dynamically Selectable Decryption System (DSDS) with and Indirect Hidden Portion
- Figure 7 is a flow diagram that provides one example of a detailed End-to-End Hidden Encryption System Utilizing a Sophisticated Dynamic Encrypter
- Figure 8 is a flow diagram that provides one example of a detailed End-to-End Hidden Encryption System Utilizing a Sophisticated Dynamic Decrypter
- Figure 9 is a schematic that provides at least one embodiment that illustrates the combination of two transceiver devices utilizing both encrypters and decrypters.
- Figure 10 is a flowchart describing a device that communicates randomized encrypted data with sub-channels (REDS) together with executable coded encryption key (ECEK) device that encrypts and/or decrypts data using executable coded keys (1075), which is a
- REDS/ECEK device This REDS/ECEK device transmits randomized encrypted data with data sub-channels and with executable coded encryption keys.
- Figure 11 is a flowchart describing a device that communicates randomized decrypted data with sub-channels (RDDS) that receives randomized encrypted data with data sub-channels together with a device that uses an executable coded decryption key, (ECDK) devices that decrypts data using executable coded keys (1125).
- RDDS randomized decrypted data with sub-channels
- ECDK executable coded decryption key
- Figure 11 A is a schematic diagram that illustrates devices utilized initially represented in simple block form for Figures 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, and 11 (1-11).
- Figure 12 is a schematic which provides at least one embodiment of the computer enabled access control (securitization) system, which contains, in this instance, a real or virtual master distributed auto-synchronous array (DASA) database.
- securitization computer enabled access control
- DASA distributed auto-synchronous array
- Figure 12A is a schematic diagram that illustrates devices utilized initially represented in simple block form for Figure 12. So that the above recited features and advantages of the present disclosure can be understood in detail, a more particular description of the invention and reference to embodiments are provided and illustrated in the appended figures. It is to be noted, however, that the appended drawings illustrate only typical embodiments of the present disclosure and are therefore not to be considered limiting the scope or other equally effective embodiments.
- Figure 1 is a flow diagram (100) for operation of the Dynamically Selectable Encryption System (DSES) Encrypter (100 A) without the Hidden Portion.
- the master key (110) is used by a dynamically selectable encryption key generator (130) together with the key selector value (120) to produce a data encryption key (KE) in a dynamic fashion.
- the key (KE) maybe changed at any time based upon a change in the key selector value (120).
- the key selector value (120) is sent to the decryption token (150).
- Encrypter (170) receives data (160) which may be in the form of plaintext and encrypts the data according to the value of the key (KE).
- Encrypted output data (180) is accepted from encrypter (170) which may be provided in the form of cypher-text.
- the combination of the decryption token (150) and the encrypted output data (180) now becomes available as encrypted communication signals.
- the encryption process described above is for dynamically encrypted data on the move.
- the decryption token (150) is utilized by a memory storage system (190) as the block address to store the encrypted output data (180) at that specific block address. In this manner every block of memory in the memory storage system is encrypted with a unique encryption key (KE).
- KE unique encryption key
- FIG 2 is a flow diagram (200) for operation of the Dynamically Selectable Decryption System (DSDS) Decrypter (200A) without the Hidden Portion.
- the master key (210) has the same value as its matching master key (110) for the DSES as described in Figure 1.
- the combination of the decryption token (150) and the encrypted output data (180) which has become available as communication signals (see Figure 1) are received as a decryption token (250) and as encrypted input data (280).
- the decryption token (250) becomes the key selector value (120).
- the master key (210) is used by a dynamically selectable decryption key generator (230) together with the key selector value (120) to produce a decryption key (KD) in a dynamic fashion.
- the decryption key (KD) maybe changed at any time based upon the value of the key selector (120).
- the key selector value (120) is sent to the key selector receiver (220).
- Decrypter (270) receives encrypted input data (280) which may be in the form of cyphertext and decrypts the data according to the value of the decryption key (KD).
- Decrypted output data receiver (260) from decrypter (270) may be provided in the form of plaintext. Both the values of the original key selector value (120) and the original data (160) are available as decrypted communication signals from the key selector receiver (220) and the decrypted output data receiver, (260), respectively. At this point the communication signals using devices and the associated system have been securely transmitted through a dynamic encryption/decryption tunnel.
- the decryption process described above is for dynamically encrypted data on the move.
- the key locater (120) is utilized by a memory storage system (290) as the block address to recover the encrypted output data (180) at that specific block address.
- every block of memory in the memory storage system is encrypted and decrypted with a unique encryption key (KE).
- FIG 3 is a flow diagram (300) for operation of the Dynamically Selectable Encryption System (DSES) Encrypter (300A) with a Direct Hidden Portion.
- the master key (110) is used by a dynamically selectable encryption key generator (130) together with the key selector (120) to produce a data encryption key (KE) in a dynamic fashion.
- the key (KE) maybe changed at any time based upon a change in the key selector value (120).
- the key selector value (120) is sent to an encryption token encrypter (340) along with the master key (110).
- the encryption token encrypter (340) encrypts the key selector value (120) and produces a hidden encryption token (350).
- Encrypter (170) receives data (160) which may be in the form of plaintext and encrypts the data according to the value of the key (KE). Encrypted output data (180) is accepted from encrypter (170) which may be provided in the form of cyphertext. The combination of the hidden encryption token (350) and the encrypted output data (180) now becomes available as encrypted communication signals.
- the encryption process described above is for dynamically encrypted data on the move.
- the key selector value (120) or the hidden decryption token (350) is utilized by a memory storage system (190) as the block address to store the encrypted output data (180) at that specific block address.
- a unique encryption key KE
- FIG 4 is a flow diagram (400) for operation of the Dynamically Selectable Decryption System (DSDS) Decrypter (400A) with a Direct Hidden Portion.
- the master key (210) has the same value as its matching master key (110) for the DSES as described in Figure 1.
- the combination of the hidden encryption token (350) and the encrypted output data (180) which has become available as communication signals (see Figure 3) are received as an encrypted decryption token (450) and as encrypted input data (280).
- the encrypted decryption token (450) is sent to a decryption token decrypter (440) along with the master key (210).
- the decryption token decrypter (440) decrypts the encrypted decryption token (450) and produces the key selector value (120).
- the master key (210) is used by a dynamically selectable decryption key generator (230) together with the key selector value (120) to produce a decryption key (KD) in a dynamic fashion.
- the decryption key (KD) maybe changed at any time based upon the value of the key selector value (120).
- the key selector value (120) is sent to the key selector receiver (220).
- Decrypter (270) receives encrypted input data (280) which may be in the form of cyphertext and decrypts the data according to the value of the decryption key (KD).
- Decrypted output data receiver (260) from decrypter (270) may be provided in the form of plaintext. Both the values of the original key selector (120) and the original data (160) are available as decrypted communication signals from the key selector receiver (220) and the decrypted output data receiver, (260), respectively. At this point the communication signals using devices and the associated system have been securely transmitted through a dynamic encryption/decryption tunnel.
- the decryption process described above is for dynamically encrypted data on the move.
- the key selector value (120) or the encrypted decryption token (450) is utilized by a memory storage system (290) as the block address to recover the encrypted output data (180) at that specific block address.
- a unique encryption key KE
- FIG. 5 is a flow diagram (500) for operation of the Dynamically Selectable Encryption System (DSES) Encrypter (500A) with an Indirect Hidden Portion.
- the master key (110) in this configuration, is the source for a first key derivation communication processor (512) and second key derivation communication processor (514). These key derivation communication processors (512, 514) utilize information from the master key (110) to provide variants of the original master key (110).
- the first key and second key derivation communication processors (512, 514) are distinguishable from each other in that they use unique initialization vectors and/or algorithms to each produce uniquely different derived keys.
- the master key (110) is provided to the first key derivation communication processor (512) that is used by a dynamically selectable encryption key generator (130) together with the key selector value (120) to produce a data encryption key (KE) in a dynamic fashion.
- the key (KE) maybe changed at any time based upon a change in the key selector value (120).
- the same master key (110) is provided to the second key derivation communication processor (514).
- the key selector value (120) is sent to a decryption token encrypter (340) along with the second key derivation communication processor (514).
- the decryption token encrypter (340) encrypts the key selector value (120) and produces an indirect hidden encryption token (550).
- Encrypter (170) receives data (160) which may be in the form of plaintext and encrypts the data according to the value of the key (KE). Encrypted output data (180) is accepted from encrypter (170) which may be provided in the form of cyphertext. The combination of the indirect hidden encryption token (550) and the encrypted output data (180) now becomes available as encrypted communication signals.
- the encryption process described above is for dynamically encrypted data on the move.
- the key selector value (120) or the indirect hidden encryption token (550) is utilized by a memory storage system (190) as the block address to store the encrypted output data (180) at that specific block address.
- a unique encryption key KE
- FIG. 6 is a flow diagram (600) for operation of the Dynamically Selectable Decryption System (DSDS) Decrypter (600A) with an Indirect Hidden Portion.
- the master key (210) has the same value as its matching master key (110) for the DSES as described in Figure 1.
- the master key (210) in this configuration, is the source for a first key derivation communication processor (512) and second key derivation communication processor (514). These key derivation communication processors (512, 514) utilize information from the master key (210) to provide variants of the original master key (210).
- the first key and second key derivation communication processors (512, 514) are distinguishable from each other in that they use unique initialization vectors and/or algorithms to each produce uniquely different derived keys.
- the combination of the indirect hidden encryption token (550) and the encrypted output data (180) which has become available as communication signals (see Figure 5) are received as an indirect encrypted decryption token (650) and as encrypted input data (280).
- the master key (210) is provided to the second key derivation communication processor (514).
- the indirect encrypted decryption token (650) is sent to an indirect decryption token decrypter (640) along with the second derivation communication processor (514).
- the indirect decryption token decrypter (640) decrypts the indirect encrypted decryption token (650) and produces the key selector value (120).
- the master key (210) is provided to the first key derivation communication processor (512) that is used by a dynamically selectable decryption key generator (230) together with the key selector value (120) to produce a decryption key(KD) in a dynamic fashion.
- the key (KD) maybe changed at any time based upon a change in the key selector value (120).
- the key selector value (120) is sent to the key selector receiver (220).
- Decrypter (270) receives encrypted input data (280) which may be in the form of cyphertext and decrypts the data according to the value of the decryption key (KD).
- Decrypted output data receiver (260) from decrypter (270) may be provided in the form of plaintext. Both the values of the original key selector (120) and the original data (160) are available as decrypted communication signals from the key selector receiver (220) and the decrypted output data receiver, (260), respectively. At this point the communication signals using devices and the associated system have been securely transmitted through a dynamic encryption/decryption tunnel.
- the decryption process described above is for dynamically encrypted data on the move.
- the key selector value (120) or the indirect encrypted decryption token (650) is utilized by a memory storage system (290) as the block address to recover the encrypted output data (280) at that specific block address.
- a unique encryption key KE
- FIG. 7 is a flow diagram (700) for operation of the Dynamically Selectable Dynamic Encryption System (DSDES) Encrypter (700A) with an Indirect Hidden Portion.
- the master key (110) in this configuration, is the source for a first key derivation communication processor (512) and second key derivation communication processor (514). These key derivation communication processors (512, 514) utilize information from the master key (110) to provide variants of the original master key (110).
- the first key and second key derivation communication processors (512, 514) are distinguishable from each other in that they use unique initialization vectors and/or algorithms to each produce uniquely different derived keys.
- the master key (110) is provided to the first key derivation communication processor (512) that is used by a dynamically selectable encryption key generator (130) together with the key selector value (120) to produce a data encryption key (KE) in a dynamic fashion.
- the key (KE) maybe changed at any time based upon a change in the key selector value (120).
- the same master key (110) is provided to the second key derivation communication processor (514).
- the key selector value (120) is sent to a data combiner (775) along with control data from the dynamic encrypter (770) that includes descriptive information about the nature of dynamic encrypted output data (780) such as length, padding, and encryption parameters.
- the decryption token encrypter (340) encrypts the combined data from the data combiner (775) and produces an indirect hidden dynamic decryption token (750).
- Dynamic encrypter (770) receives data (160) which may be in the form of plaintext and encrypts the data according to the value of the key (KE).
- the dynamic encrypter functions to provide new encryption keys for every block of encrypted data of some length along with padding to further adjust the data (string) length as required.
- the length, padding, and encryption parameters are available for proper decryption and supplied to the data combiner (775).
- Dynamic encrypted output data (780) is accepted from dynamic encrypter (770) which may be provided in the form of cyphertext.
- the combination of the indirect hidden dynamic decryption token (750) and the dynamic encrypted output data (780) now becomes available as dynamic encrypted communication signals.
- the dynamic encryption process described above is for dynamically encrypted data on the move.
- the key selector value (120) is utilized by a memory storage system (190) as the block address to store the dynamic encrypted output data (780) at that specific block address.
- every block of memory in the memory storage system is encrypted with a unique encryption key (KE).
- KE unique encryption key
- fixed data block sizes are used that obviates the need for including control data from the dynamic encrypter (770) for completing decryption.
- FIG 8 is a flow diagram (800) for operation of the Dynamically Selectable Dynamic Decryption System (DSDDS) Decrypter (800A) with an Indirect Hidden Portion.
- the master key (210) has the same value as its matching master key (110) for the DSES as described in Figure 1.
- the master key (210) in this configuration, is the source for a first key derivation communication processor (512) and second key derivation communication processor (514). These key derivation communication processors (512, 514) utilize information from the master key (110) to provide variants of the original master key (210).
- the first key and second key derivation communication processors (512, 514) are distinguishable from each other in that they use unique initialization vectors and/or algorithms to each produce uniquely different derived keys.
- the master key (210) is provided to the second key derivation communication processor (514).
- the indirect encrypted dynamic decryption token (850) is sent to an indirect decryption token decrypter (640) along with the second derivation communication processor (514).
- the indirect decryption token decrypter (640) decrypts the indirect dynamic encrypted decryption token (850) and sends it to the data splitter (875).
- the data splitter (875) separates the key selector value (120) from the control data which is sent to dynamic decrypter (870).
- the control data contains information such as length, padding, and decryption parameters.
- the master key (210) is provided to the first key derivation communication processor (512) that is used by a dynamically selectable decryption key generator (230) together with the key selector value (120) to produce a decryption key(KD) in a dynamic fashion.
- the key (KD) maybe changed at any time based upon a change in the key selector value (120).
- the key selector value (120) is sent to the key selector receiver (220).
- Dynamic decrypter (870) receives encrypted dynamic input data (880) which may be in the form of cyphertext and decrypts the data according to the value of the decryption key (KD).
- the dynamic decrypter (870) functions to provide new decryption keys for every block of decrypted data along with padding as required.
- the length, padding, and encryption parameters are available for proper decryption and supplied by the data splitter (875).
- Decrypted output data receiver (260) from dynamic decrypter (870) may be provided in the form of plaintext. Both the values of the original key selector (120) and the original data (160) are available as decrypted communication signals from the key selector receiver (220) and the decrypted output data receiver, (260), respectively. At this point the communication signals using devices and the associated system have been securely transmitted through a dynamic encryption/decryption tunnel.
- the decryption process described above is for dynamically encrypted dynamic data on the move.
- the key selector value (120) is utilized by a memory storage system (290) as the block address to recover the encrypted dynamic output data (880) at that specific block address.
- every block of memory in the memory storage system is encrypted and decrypted with a unique decryption key (KD).
- KD decryption key
- fixed data block sizes are used that obviates the need for including control data from the dynamic decrypter (870) for completing decryption.
- Figure 9 is a schematic (900) depicting the combination of two transceiver devices utilizing both encrypters and decrypters with memory.
- Communication signals from a first source (910) are sent through connection (920) to the first transceiver (930).
- the first transceiver (930) securely connects encrypted data through connection (940) through unsecured network (950).
- the second transceiver (970) securely connects encrypted data through another connection (960) through unsecured network (950).
- Communication signals from a second source (990) are sent through connection (980) to the second transceiver (970).
- the signals (910) enter the first transceiver (930) through connection (920) and travel to the (DSES) Encrypter (932).
- the (DSES) Encrypter (932) is controlled by the computer (931) to dynamically encrypt and transmit the communication signals to the DSDS Decrypter (973) via an unsecured network (950).
- Encrypted signals arrive at the second transceiver (970) to the DSDS Decrypter (973) controlled by computer (971).
- DSDS Decrypter (973) decrypts the signals and sends them to the second source (990) thorough connection (980).
- the communication signals can be conversely secured by sending them from the second source (990) to the first source (910) utilizing the DSES Encrypter (972) in the second transceiver (970) as well as the DSDS Decrypter (933) in the first transceiver (930). This completes the process for securing data in transit.
- the first source (910) provides signals that enter the first transceiver (930) through the connection (920) and travel to the (DSES) Encrypter (932).
- the (DSES) Encrypter (932) is controlled by the computer (931) to dynamically encrypt, store and seal the communication signals to a first storage memory (935).
- the computer removes dynamically encrypted communication signals from the first storage memory (935) and delivers the signals to the DSDS decrypter (933) which dynamically decrypts the signals allowing the unencrypted signals to flow back to the first source (910) through connection (920).
- the same process as described regarding data at rest is followed within the second transceiver (970) and second source (990).
- Figure 10 is a flowchart (1000) describing a device (1000A) that communicates randomized encrypted data with sub-channels (REDS) together with executable coded encryption key (ECEK) device that encrypts and/or decrypts data using executable coded keys (1075), which is a REDS/ECEK device.
- This REDS/ECEK device transmits randomized encrypted data with data sub-channels and with executable coded encryption keys.
- a data source (1010) which could be plaintext
- the data is sent to forward error correction encoder (1020) which encodes the data and provides a known degree of forward error correction to the data. This function enlarges the transmitted data by adding various error checking features that may include rows, columns, and diagonal checksums.
- the forward error corrected data is sent to the data combiner (1060).
- a random number generator (1030) provides a random number for a sub-channel data encoder (1050).
- Sub-channel data combiner (1040) which is comprised of inputs from temporal information (1041), message authentication codes (1042) and user data - such as user ID data (1043), is sent to the subchannel data encoder (1050).
- the sub-channel data encoder (1050) has received the required or desired input for the data sub-channels.
- the sub-channel data encoder (1050) now encodes the sub-channel data and sends it to the data combiner (1060).
- the data combiner (1060) combines the forward error corrected data with the sub-channel data.
- This combined data is sent to the executable coded encryption key device, an ECEK device, (1070 A), and into the encrypter/decrypter memory (1070) which stores the data while it is being encrypted and/or decrypted.
- the ECEK device (1070A) encrypts data using executable coded keys (1075).
- the process of encryption/decryption is controlled by the executable coded keys (1075).
- the executable coded keys (1075) need only remain in computer memory for at least the duration of the encryption/decryption process.
- Executable coded keys (1075) control the execution of encryption/decryption subroutine primitives (1080).
- the subroutine primitives (1080) read, modify, and write the encrypter/decrypter memory (1070). This allows for the executable coded keys (1075) to control the encryption/decryption process of reading, modifying, and writing the encrypter/decrypter memory (1070) by utilizing the subroutine primitives (1080). This allows for the executable coded keys (1075) to be removed from a computer memory (not shown), as computer memory no longer contains instructions to encrypt and/or decrypt the data residing in the encrypter/decrypter memory (1070). As a result, it is impossible to reverse compile the code because the code no longer resides in computer memory.
- the encryption/ decryption instructions reside in the key itself, for which no source code exists, i.e., there is no source code for the key.
- the executable coded keys (1075) simply contain the typical binary randomized bits that are the same or similar to those contained in today's symmetric encryption keys. These bits may be interpreted by the encrypt/decrypt binary primitive interpreter (1082) which then dispatches control to the balance of the binary primitive subroutine libraries (1084, 1086).
- the binary primitive subroutine libraries (1084, 1086) are chosen functions which provide instructions to encrypt or decrypt the data in encrypt/decrypt memory (1070).
- the encryption set of primitives (1084) are utilized by bits in executable coded keys (1075) to produce encryption functions.
- a decryption set of primitives (1086) utilizes the same bits found in the executable coded keys (1075) which provide matching but inverse functions that are required to decrypt the data.
- the bits used from the executable coded keys (1075) are utilized in a reverse order when compared with those utilized during and for encryption.
- data source (1010) has been combined with sub-channel data (1050) which includes randomness so that a fully randomized and encrypted data output has been realized and transmitted through transmitter (1090).
- Figure 11 is a flowchart (1100) describing a device (1100A) that communicates randomized decrypted data with sub-channels (RDDS) that receives randomized encrypted data with data sub-channels together with a device that uses an executable coded decryption key, (ECDK) devices that decrypts data using executable coded keys (1125).
- RDDS randomized decrypted data with sub-channels
- ECDK executable coded decryption key
- This combined device is a RDDS/ECDK device.
- the RDDS/ECDK device transmits randomized encrypted data with data sub-channels and with executable coded encryption keys.
- data receiver (1110) which could be cypher-text data is sent to the executable coded encryption key device, an ECEK device, (1120A), and into the
- encrypter/decrypter memory (1120) which stores the data while it is being encrypted and/or decrypted.
- the ECEK device (1120 A) encrypts data using executable coded keys (1125). When the encryption/decryption is completed the data is sent to a transmitter (1130). The process of encryption/decryption is controlled by the executable coded keys (1125).
- the executable coded keys (1125) need only remain in computer memory for at least the duration of the encryption/decryption process.
- Executable coded keys (1125) control the execution of encryption/decryption subroutine primitives (1180).
- the subroutine primitives (1180) read, modify, and write the encrypter/decrypter memory (1120).
- the executable coded keys (1125) simply contain the typical binary randomized bits that are the same or similar to those contained in today's symmetric encryption keys. These bits may be interpreted by the encrypt/decrypt binary primitive interpreter (1182) which then dispatches control to the balance of the binary primitive subroutine libraries (1184, 1186).
- the binary primitive subroutine libraries (1184, 1186) are chosen functions which provide instructions to encrypt or decrypt the data in encrypt/decrypt memory (1120). While encrypting, the encryption set of primitives (1184) are utilized by bits in executable coded keys (1125) to produce encryption functions.
- a decryption set of primitives (1186) utilizes the same bits found in the executable coded keys (1125) which provide matching but inverse functions that are required to decrypt the data.
- the bits used from the executable coded keys (1125) are utilized in a reverse order when compared with those utilized during and for encryption.
- the encrypter/decrypter memory (1120) now possesses the decrypted data and allows the decrypted data to be sent to the forward error correction decoder (1130).
- the forward error correction decoder (1130) provides two data outputs. The first output is the forward error corrected data which is sent to the corrected data receiver (1140). As before, the data could be in plain text form.
- the second output from the forward error correction decoder (1130) sends the decrypted data to a sub-channel data decoder (1150).
- the sub-channel data decoder (1150) decodes the sub-channel data, sending the received random number to the random number receiver (1160) and the sub-channel data to the sub-channel data splitter (1170).
- Sub-channel data splitter (1170) splits the sub-channel data into sub-channel data receivers (1171, 1172, and 1173) which correspond to temporal information (1171), message authentication codes (1172) and user data - such as user ID data (1173).
- the data received from the data receiver (1110) has been split into both the corrected data receiver (1140) as well as the sub-channel data receivers (1171, 1172, and 1173) and the random number receiver (1160).
- the initial point source data (1010), the random number generator (1030), and the sub-channel data (1041, 1042, 1043) has now been fully de-randomized, decrypted, and recovered into the corrected data receiver (1140) as well as both the random number receiver (1160) and the sub-channel data receivers (1171,1172, and 1173).
- Figure 11 A is a schematic diagram that illustrates devices utilized initially represented in simple block form for Figures 1,2,3,4,5,6,7,8, 9, 10, and 11. More specifically, Figure 11A further illustrates and demonstrates actual and various devices using exploded view callouts from that depicted in the schematic diagram shown in Figure 11 A and described above (in e.g. Figures 1-11).
- the list of devices associated with callouts 100A, 200A, 300A, 400A, 500A, 600A, 700A, 800A, 910, 930, 970, and 990, 1000A and 1100A can represent DASA database(s) as well as user devices and/or access devices including desktop or stand-alone computer terminals replete with hard drives, laptop computers, cellular or smart telephones, computer tablets such as the iPad® and even printed circuit boards or integrated circuits (ICs). Further, elaborating on the virtual user devices as described above, these can be created and are shown as real output device(s). It remains important to understand that these real devices can be used to create virtual user devices.
- Data communication amplifiers, repeaters, and/or range extenders which optionally assist in ensuring signal integrity and strength, over various communication distances can be located in the data communication flow paths connecting the DASA databases, user devices, and/or access devices.
- Figure 12 is a schematic which provides at least one embodiment of the computer enabled access control (securitization) system (1200), which contains, in this instance, a real or virtual master distributed auto-synchronous array (DASA) database (1210), depicted as a cloud, that at least stores and retrieves data and that includes at least two or more partial distributed auto-synchronous array (DASA) databases Dl, D2, D3, shown as (1220, 1222, and 1224) so that the partial DASA databases 1220(D1), 1222(D2), and
- DASA distributed auto-synchronous array
- 1224(D3)) are capable of functioning in an independent and/or collaborative manner (1230), and such that the master DASA database (1210) and partial DASA databases (1220, 1222, and 1224) allow for bi-directional transmission of data, shown as (1220a), (1220b), and (1220c) for 1220 (Dl) as well as for 1222 (D2) with transmissions (1222a), (1222b), and (1222c).
- these transmissions are shown to be different than the transmissions shown to exist for (1224), D3 as will be further explained below.
- the D3 transmissions can be identical to those of Dl and/or D2 and that multiple databases Dl ... Dn can exist.
- the multiple partial user devices Ul, U2, U3 are shown as (1240), (1250), and (1260) respectfully.
- the multiple partial user devices in this instance include 2 sets of records in Ul(1240); U1R1(1245) and U2R2 (1246), 3 set of records in U2(1250);, U2R1(1255), U2R2(1256), and U2R3 (1257), and 5 sets of records in U3 (1260); U3R1(1265) ,U3R2 (1266), U3R3(1267) ,U3R4 (1268), and U3R5 (1269).
- Each of these user devices contains optional computing capabilities (1241, 1251, and 1261) that also provide for overall optional read/write functionality (1242).
- Multiple partial access devices (Al - 1270 and A2- 1275) exist that can store and provide at least partial copies, Ul (1240) with a set of records U1R1 and U1R2 - (1245, 1246), U2 (1250), with sets of records U2R1,(1255), U2R2,(1256), and U2R3, (1257).
- Access device A2 (1275) in this case possesses 3 sets of records, Ul (1240), with records U1R1, (1245) and U1R2, (1246),U3, (1260), with 5 sets of records U3R1 through U3R5; (1265-12269) and U4 (1290), which is a virtual user device, that in this instance contains 7 records, U4R1 through R7 that are represented as U4R1(1293),
- the virtual user device, U4 (1290) is created by output device(s) (1291) e.g. printers, scanners, tokens, stamps, RFID tags, encoders, wave scanners, electromagnetic devices, etc. which subsequently create virtual user devices (U4).
- output device(s) (1291) e.g. printers, scanners, tokens, stamps, RFID tags, encoders, wave scanners, electromagnetic devices, etc.
- these user devices could be a collection of both real and virtual user devices that also can be connected to a partial database D3 (1224).
- virtual U4 (1290), U4R1 (1293) is a printed bar code ticket that could be provided in a paper or electronic format.
- U4R2 (1294) is a QR code printed on a more durable plastic medium or electronic format.
- U4R3 (1295) is an electronic record sent to a user's personal smart display device (e.g. an application on a cell phone) which displays a QR code on its screen.
- U4R5-U4R7 (1296-1299) are RFID tags that provide for bi-directional nearfield communications. Each of these records within the virtual U4 device (1290) are produced by appropriate output devices (1291) for each media type.
- U4R3(1295) which is for a "smart" or intelligent application
- U4R4- U4R7 (1296- 1299) which is a read- write device
- these records can be distinguished from a single photographic copy so that only the designated users/user devices can possess the authentic and validated records.
- the read-write capability allows for verification of the actual token, which is not possible for records U4R1 (1293) and U4R2(1294), which are simple images. The simple images must still be used in sequence, in a single instance, unless tolerance rules provide otherwise.
- FIG. 12 also provides, as an example, a set of process rules which are carried out directly or indirectly as computer operations (1280) that are followed to authenticate (1281), validate (1282) and determine access (1283) for user devices. These rules apply to all access devices, including access devices, Al (1270) and A2 (1275). There can be, and often are, different rules that should be followed for other access devices.
- the flow path provided indicates that the access device(s) authenticates (1281) using a first set of rules, validates (1282) using a second set of rules, and includes a third set of rules that controls access (1283) using data that has been supplied by the user devices to ensure access to only a specified set of users under specified conditions.
- the process rules are finalized with an access decision (1284) which includes at least two options.
- One option is an access decision (1285) that includes the process of allowing user access and verifies the user has invoked their privileges. This may include, for example, physical access such as opening doors or logical access such as unlocking data within databases or communication systems. Normally the user would be alerted to the system when allowing access. The user's activity then may be monitored by the access process to ensure that they have utilized their access within certain limitations. Physical limitations may be provided by enabling door monitoring switches, floor-mats, man traps, video analysis, etc. Logical limitations may be monitored by keyboard and/or data access and the like. Temporal limitations may be employed as required. Access may further be limited by counting the number of access/egress attempts.
- the user In the case of access denial (1286), the user will be normally notified of the denial of access and optional alarming may take place. Reporting of the activity is normally returned from the access device(s) (e.g. 1270, 1275) to the master DASA database (1210), which also provides for logging the data, meta-data and associated information to the external logging and monitoring database (105).
- the access device(s) e.g. 1270, 1275
- the master DASA database (1210) also provides for logging the data, meta-data and associated information to the external logging and monitoring database (105).
- Figure 12A further illustrates and demonstrates actual and various devices using exploded view callouts from that depicted in the schematic diagram shown in Figure 12 and described above.
- the monitoring database is shown as linked, residing within, and/or processed by a server or other computer microprocessor(s).
- the DASA database (1210) and/or partial DASA databases (1220, 1222, and 1224) are linked and communicate with the same or different (in some cases hardware) server(s) or other computer microprocessor(s).
- the multiple partial user devices Ul, U2, U3 shown as (1240), (1250), and (1260) respectfully, as well as the multiple partial access devices, (1270), (1275) are shown as one or more of several hardware devices including a desktop computer terminal and hard drive, a laptop computer, a cellular or smart phone, a tablet, such as an iPad®, and even a printed circuit board or integrated circuit (IC).
- a desktop computer terminal and hard drive a laptop computer
- a cellular or smart phone such as an iPad®
- a tablet such as an iPad®
- IC integrated circuit
- U4 (1290) can be created and are shown as real output device(s) (1291) e.g. printers, scanners, tokens, stamps, RFID tags, (1293,1294) existing on or in cell phones or scanners (1295) and/or functioning encoders, wave scanners, and/or electromagnetic devices (1296-1299). It is important to understand that these real devices can be used to create virtual user devices (U4) - as shown in Figure 12.
- real output device(s) e.g. printers, scanners, tokens, stamps, RFID tags, (1293,1294) existing on or in cell phones or scanners (1295) and/or functioning encoders, wave scanners, and/or electromagnetic devices (1296-1299). It is important to understand that these real devices can be used to create virtual user devices (U4) - as shown in Figure 12.
- the computer readable media described within this application is non-transitory. In most if not all cases, the transmission of data is transmitted via signals that are non-transitory signals.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201762518281P | 2017-06-12 | 2017-06-12 | |
US201762518337P | 2017-06-12 | 2017-06-12 | |
US201762518371P | 2017-06-12 | 2017-06-12 | |
US201762540326P | 2017-08-02 | 2017-08-02 | |
US201762540307P | 2017-08-02 | 2017-08-02 | |
US201762540266P | 2017-08-02 | 2017-08-02 | |
US201762540352P | 2017-08-02 | 2017-08-02 | |
PCT/US2018/037019 WO2018231773A1 (en) | 2017-06-12 | 2018-06-12 | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3639176A1 true EP3639176A1 (en) | 2020-04-22 |
EP3639176A4 EP3639176A4 (en) | 2021-01-06 |
Family
ID=64660225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP18818117.6A Withdrawn EP3639176A4 (en) | 2017-06-12 | 2018-06-12 | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3639176A4 (en) |
WO (1) | WO2018231773A1 (en) |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030120938A1 (en) * | 2001-11-27 | 2003-06-26 | Miki Mullor | Method of securing software against reverse engineering |
WO2003071440A1 (en) * | 2002-02-15 | 2003-08-28 | Digital Fountain, Inc. | System and method for reliably communicating the content of a live data stream |
US8401186B2 (en) * | 2010-11-29 | 2013-03-19 | Beijing Z&W Technology Consulting Co., Ltd. | Cloud storage data access method, apparatus and system based on OTP |
EP2817916B1 (en) * | 2012-02-21 | 2020-06-10 | Microchip Technology Incorporated | Cryptographic transmission system using key encryption key |
US10181231B2 (en) * | 2014-02-18 | 2019-01-15 | Bekey A/S | Controlling access to a location |
EP2913772A1 (en) * | 2014-02-28 | 2015-09-02 | Wibu-Systems AG | Method and computer system for protecting a computer program against influence |
DE102014207026B4 (en) * | 2014-04-11 | 2017-02-09 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | An encoder, decoder, system and method for transmitting encrypted data |
US9998434B2 (en) | 2015-01-26 | 2018-06-12 | Listat Ltd. | Secure dynamic communication network and protocol |
-
2018
- 2018-06-12 WO PCT/US2018/037019 patent/WO2018231773A1/en unknown
- 2018-06-12 EP EP18818117.6A patent/EP3639176A4/en not_active Withdrawn
Also Published As
Publication number | Publication date |
---|---|
WO2018231773A1 (en) | 2018-12-20 |
EP3639176A4 (en) | 2021-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10536445B1 (en) | Discrete blockchain and blockchain communications | |
US9521123B2 (en) | Method for file encryption | |
US10158613B1 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
US10686764B2 (en) | Executable coded cipher keys | |
EP3035585B1 (en) | S-box selection in white-box cryptographic implementation | |
Lee | Security basics for computer architects | |
CN114175580B (en) | Enhanced secure encryption and decryption system | |
US9654279B2 (en) | Security module for secure function execution on untrusted platform | |
WO2019199813A2 (en) | Managed high integrity blockchain and blockchain communications that utilize containers | |
US10623384B2 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
Jones et al. | Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing | |
Drăguşin et al. | A Brief Overview Of Current Encryption Techniques Used In Embedded Systems: Present And Future Technologies | |
CN108985079B (en) | Data verification method and verification system | |
EP3639176A1 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
WO2018231765A1 (en) | Executable coded cipher keys | |
US11876797B2 (en) | Multi-factor geofencing system for secure encryption and decryption system | |
Reddy et al. | Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques | |
Haunts et al. | Final Summary | |
Soundappan et al. | Cloud Data Security Using Hybrid Encryption with Blockchain | |
Kaur et al. | Pre-requisite Concepts for Security and Privacy | |
Jain | Honey2Fish-An enhanced hybrid encryption method for password and messages | |
Sandeepthi et al. | Ensuring Audit-Free Cloud Using CFF with AES-SHA in Cloud Computing | |
Shettar | A Survey on Classical and Quantum Cryptography. | |
CN118400103A (en) | Database encryption method, device, server and storage medium | |
CN112668030A (en) | Identity ID (identity) confirmation and environment safety authentication method for financial self-service terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20200109 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06F0021140000 Ipc: H04L0029060000 |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20201204 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/06 20060101ALI20201130BHEP Ipc: G06F 21/60 20130101ALI20201130BHEP Ipc: H04L 1/00 20060101ALI20201130BHEP Ipc: H04L 29/06 20060101AFI20201130BHEP Ipc: H04L 9/08 20060101ALI20201130BHEP Ipc: G06F 21/79 20130101ALI20201130BHEP |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: IRONCLAD ENCRYPTION CORPORATION |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: LERNER, DANIEL MAURICE |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20221012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20230223 |