US20030026431A1 - One-time-pad encryption with central key service and key management - Google Patents

One-time-pad encryption with central key service and key management Download PDF

Info

Publication number
US20030026431A1
US20030026431A1 US10/254,754 US25475402A US2003026431A1 US 20030026431 A1 US20030026431 A1 US 20030026431A1 US 25475402 A US25475402 A US 25475402A US 2003026431 A1 US2003026431 A1 US 2003026431A1
Authority
US
United States
Prior art keywords
key
time
encryption
pad
communications
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/254,754
Inventor
Wolfgang Hammersmith
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vadium Tech Inc
Original Assignee
Vadium Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vadium Tech Inc filed Critical Vadium Tech Inc
Priority to US10/254,754 priority Critical patent/US20030026431A1/en
Assigned to VADIUM TECHNOLOGY, INC. reassignment VADIUM TECHNOLOGY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HAMMERSMITH, WOLFGANG S.
Publication of US20030026431A1 publication Critical patent/US20030026431A1/en
Assigned to CADG INTERNATIONAL, PTE, LTD. reassignment CADG INTERNATIONAL, PTE, LTD. SECURITY AGREEMENT Assignors: VADIUM TECHNOLOGY, INC.
Assigned to CADG INTERNATIONAL, PTE, LTD. reassignment CADG INTERNATIONAL, PTE, LTD. SECURITY AGREEMENT Assignors: VADIUM TECHNOLOGY, INC.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Definitions

  • This invention relates to methods for encrypting computer readable data, particularly improved to one-time-pad encryption methods and the use of a keyable ciphertext character set to facilitate transcription and transmission by humans.
  • the key used for encryption and decryption is as long as the message, it is referred to as a “one-time-pad” (OTP) encryption method and if the key is shorter than the message, such that the key, or a derivative of the key, must be used two or more times, it is referred to as a “repeating key” encryption method.
  • OTP one-time-pad
  • the value 2 minus the value 5 is the value 35.
  • Such a one-time-pad encryption process can be performed with any number of characters in a character set provided the key uses the same number of possible values as the allowed number of characters in the set. Thus, for encrypting eight bit bytes which have 256 possible values, addition (or subtraction) in modulo 256 is used. When working with binary numbers where the number of possible values is a power of two, the encryption or decryption process can be executed very quickly using an exclusive-or operation to produce the same result as modulo addition or subtraction.
  • the key encryption key can be a repeating key or also a one-time-pad.
  • the key encryption key can be identical for both parties so that a person who intercepts both transmissions receives identical content and cannot use any differences in content to aid with decrypting the content.
  • the communications key can be encrypted with a unique key encryption key.
  • the server can be configured to send them a continuous sequence of keys, each with its own identifier, such that the sender and receiver can each capture a portion of the sequence of keys and use that portion to encrypt and decrypt their messages.
  • a sequence of one-time-pad keys can be transmitted continuously for use by the sender and receiver at any time, effectively becoming a never-ending key.
  • the received blocks of continuously transmitted keys are stored in a buffer until used. If the communications between the sender and receiver do not require enough bandwidth to use all of each received block, the remainder of each block is discarded.
  • the communications key is recorded on physical media, rather than breaking it into blocks with an identifier for each block such that the key can be used starting at the beginning of any block, locations within the key are identified with an offset number.
  • the offset number is included as a metadata header for the encrypted message to indicate the starting point within the key for decrypting the message.
  • the metadata header includes an identification of the key to facilitate matching the key with the message at the recipient's computer system. Also, the metadata header includes a length and an error checking code, both of which are used to check for errors in the encrypted message.
  • Modern Western character sets include more than 90 characters, including upper and lower case letters, numerals, symbols, and punctuation.
  • the characters which require use of a shift key on a standard keyboard are inconvenient to use, and characters which are difficult to distinguish, such as 0 and 0 are ambiguous to the human reader. Consequently, if the ciphertext is to be keyed by a human or spoken by a human as a link in the transmission process, it is advantageous to use a limited character set including only one case of each letter and only those additional symbols that can be keyed without using the shift key and are easy to visually distinguish. This is referred to as the keyable ciphertext character set.
  • this character set consists of the 26 capitol letters of the Western alphabet. In another embodiment, it consists of these letters plus six of the numerals to make a set of 32 characters.
  • a character set with 32 characters has certain advantages because 32 is a power of two which facilitates binary operations.
  • the preferred one-time-pad key for encryption to the keyable ciphertext character set consists of a random sequence of bytes where each byte value is limited to the number of values in the keyable ciphertext character set (48 or fewer), preferably 26 or 32.
  • the plain text is lengthened to an intermediate text containing only the characters of the keyable ciphertext character set.
  • the intermediate text is then one-time-pad encrypted with the random sequence of bytes where the byte values are limited to the number of characters in the character set.
  • the one-time-pad communications key can also be used for binary encryption into ciphertext with all 256 possible values, so each key has dual uses.
  • the disclosed client computer encryption and decryption computer program can work with any computer file of any file type. It can encrypt folders including all of their sub-folders and files.
  • the controls can be incorporated into the user interface for a word processor so that an encrypt button appears in the word processor user interface, along with a decrypt button and the same can be done for other programs.
  • the displayed material is encrypted.
  • the program is configured to the keyable ciphertext character set mode, the encrypted information is displayed in the preferred character set. If binary encryption mode is selected, the encrypted information is displayed with box symbols representing non-displayable characters or with whatever displayable characters the encrypted byte values happen to represent.
  • FIG. 1 shows the process of creating one-time-pad communications keys and distributing them to users, whether by computer network or on disk.
  • FIG. 3 shows how the keyable ciphertext character set is used.
  • FIG. 6 shows separate secure communications with each of three sub-stations.
  • the keys can be of any length according to the client's needs and the capacity of the storage media.
  • Key material is preferably created from a commercially available random number generator called an SG100 manufactured by Protego in Sweden.
  • VLSA Very Large Storage Arrays
  • SCS server Secure Communications System
  • the program places an icon in the Windows System Tray that, through a pop-up menu, allows the user to open the main program window, encrypt or decrypt the contents of the Windows Clipboard, or close the program.
  • the System Tray icon stays in the system tray and is loaded each time the computer is started.
  • the program displays a Key Management Window 20 where key usage is tracked by the program and displayed for the user.
  • keys come to the end of their use as indicated by a “Key Remaining” indicator in a status bar and the “Remaining” data indicator 21 in the Key Management Window for each key, they are deleted by the user and never used again.
  • the program will not allow encryption to take place if the selected key is not large enough to handle the requested amount of encryption.
  • the Key Remaining status bar window displays the total number of bytes left in the selected key.
  • a “Current Key” status bar window displays a user given name or the Key Identification Number of the selected key if no user given name has been assigned. Multiple keys can be stored on one CD or other storage media, all managed through the program's Key Management Window. In this way, several types of communications systems can be implemented from a simple two-station system to a more complex system.
  • the keyable ciphertext uses the regular 8 bit ASCII values in the preferred embodiment.
  • the random characters for encryption can be generated by taking a long string of random bits 5 bits at a time and then converting with a look up table to preferred 8 bit representations, so any source of random bits can be used efficiently provided both the sender and the receiver have access to the same source of random binary bits.
  • an alternate embodiment of the invention adds 6 more characters.
  • the preferred characters are 6 of the 10 Arabic numerals because they are found on all keyboards and have representations in Morse code. Any 6 of the 10 will do, but the preferred 6 are the numerals 2-7. 0 is to be avoided because it looks too much like O. 1 is to be avoided because it looks too much like I and L and
  • the character set is referred to herein as a Keyable Ciphertext Character Set.
  • An algorithm for creating this sometimes one-to-one and sometimes two-to-one relationship may be implemented as follows. First, create an intermediate text by replacing every character other than a-v (a-z in the 32 character set embodiment), with a 2 character representation starting with W, X, Y, or Z (2-7 in the 32 character set embodiment). This reduces all characters in the plaintext to the allowed character set. Then do the one-time-pad encryption in the usual way by replacing each of the 26 or 32 characters in the intermediate text with another one of the 26 or 32 characters randomly produced by combining it with the next one of the 26 or 32 characters in the key.
  • the program offers the user an option to reduce the size of output files using a zero loss compression algorithm. With this option checked, the program's output cipher files are significantly reduced in volume automatically before storage.
  • the preferred algorithm is licensed from the distributor of the PKZip software, PK Ware, Inc., http://www.pkware.com. Because each character of ciphertext is represented-by 8 bits and there are only 26 or 32 different characters in the text mode ciphertext out of a possible 256 8 bit characters, large amounts of zero loss compression are possible in text mode. In binary mode, because the ciphertext is entirely random and all possible byte values are used, no compression is possible.
  • the ciphertext consists of 26 or 32 characters. Consequently, for use in the one time pad encryption process, the key should have only these 26 or 32 characters, the frequency of occurrence of each character being entirely random. For the embodiment that uses 32 characters, this can be accomplished by starting with any long string of random bits and taking them 5 at a time. If the original string is random, then each 5 bit byte will randomly contain each of 32 possible values. To represent the 32 keyable characters using 8 bit ASCII values, a look up table quickly converts to ASCII. Consequently, for the 32 character embodiment, the same key material can be used for both text encryption taking the key 5 bits at a time or for binary encryption using 8 bits at a time, making the keys last longer in text mode.
  • reducing a sequence of random bytes to only 26 or 32 characters can be accomplished by using a random byte generator (or taking random bits 8 at a time, which is the same thing) and throwing out all bytes other than the 26 or 32 bytes that represent characters within the set.
  • the communications key cannot be read or modified in an ordinary way by the user or copied and used by a competitor's encryption program.
  • the program reads a key file, it uses its own built-in key encryption key to decrypt the portions of the key it will use.
  • the key encryption key is identical in every instance of the program and every instance of every key produced.
  • the same key that is used for keyable ciphertext encryption may be used for binary encryption.
  • the encryption process uses an algorithm for base 26 addition and discard the carry (modulo 26 addition), with a conversion to binary, to combine the plaintext with the key and yield the ciphertext.
  • modulo addition can be done in binary by simply executing an exclusive-or operation (XOR) on the plaintext and the key, bit by bit, to produce the ciphertext. Because the key contains only the 8 bit values of the 26 ASCII characters, every byte has the same value in two of the bit positions.
  • the key is not entirely random and 2 bits of each byte in the ciphertext can be easily decrypted.
  • the values of each byte in the key are random and the remaining bits can not be decrypted. Therefore, the key can be used for binary encryption as well as for keyable ciphertext encryption without compromise of security and the binary encryption runs as fast as with a key of all possible byte values.
  • GUID creation algorithm published by Microsoft is used. Although it is theoretically possible that two different copies of this program will generate two GUIDs that are identical, the chances are very small and small enough to be acceptable.
  • the Microsoft GUID creation system uses alphanumeric characters with curly braces and dashes as punctuation. For use as a Disk ID, the curly braces and dashes generated by the Microsoft algorithm are removed.
  • the characters used for the GUID are the preferred 32 Keyable Ciphertext Characters (A-Z +2-7). To ensure that no two GUIDs are the same, the last 4 characters of the 32 character GUID are reserved to identify the manufacturer of that particular disk, allowing identification of 1,048,576 possible manufacturers (32 ⁇ 32 ⁇ 32 ⁇ 32). The first 28 characters are filled in by a program that never generates the same number twice until all possible numbers have been used (32 28 ).
  • Information for each key on the storage media consists of the following data that is stored as the contents of a large file using whatever file layout format is required for that media:
  • KIN Key Identification Number
  • GUID Globally Unique Identifier
  • the Disk ID is stored as the second 32 bytes to make it difficult for the contents of the key media to be copied to other media, reinstalled, and reused.
  • the key itself which is a long sequence of 26 or 32 character bytes used for encryption of the original material, is stored in repeating key encrypted form.
  • one key (including the Key Identification Number) or a pair of keys, one for encrypting and one for decrypting, fills up the entire media, usually a CD or DVD, except for the Disk ID file.
  • any number of keys can be stored in one memory medium, each as a file with whatever file organization method is used on the medium.
  • the key file name consists of the KIN as described above followed by either .ENC file extension for the encrypting key or .DEC for the decrypting key. Following is a sample of a GUID used for the KIN and the file name for the key pair:
  • any cipher system can be intentionally misused, resulting in a breech of security.
  • the KIN identifies the key that was used to create the message.
  • the Offset represents the starting place from the beginning of the usable key (following the 32 byte KIN) for the program to start decryption.
  • the length of the encrypted message is used to facilitate error checking by simply comparing the observed length of the message with this number.
  • the CRC is a checksum of the ciphertext used in error detection.
  • the binary/text designation instructs the receiving program whether to decrypt in binary mode or keyable ciphertext mode.
  • each message Offset identifies where the program must start decrypting the message within that particular key
  • the encrypted messages may be decrypted in any order, unlike the traditional one time pad where encrypted messages had to be decrypted in the order in which they were encrypted to maintain a proper index within the decrypt key.
  • the Install button 22 registers the Disk ID number in the Windows Registry (or a similar registry for any other operating system) along with the repeating key decrypted Key Identification Number and key usage information and displays key information in the Key Management Window 20 . If the key CD cannot be installed or it does not contain a valid Disk ID, a message informs the user that installation cannot take place.
  • [0087] Imported from another system along with usage data.
  • the usage data is used to ensure that the used portions of the imported key will not be reused.
  • the usage data may be imported across a network or read from a floppy disk with the Import button 24 .
  • the program displays a General Options dialog box containing user-selectable options discussed below.
  • the program may be used for direct communication between two points if both locations have identical keys. This is called the Direct Communications Mode. Communication between two locations, Location A and Location B in the table below, is the most basic way in which the program functions.
  • the Decrypt Keys can be used over and over again each time the recipient wants to read a particular encrypted message with no compromise in security because the message and key content are tied together by the KIN embedded in the key and the KIN and the offset data embedded in the message header.
  • the key used to encrypt a particular message will never again be used for any other message, so there is no limit to the number of times an encrypted message can be decrypted. This is a great boon to people who must store large or small volumes of messages on public storage centers like Driveway and similar online businesses.
  • the encrypted messages may be downloaded and decrypted as many times as the user wishes without a key use penalty.
  • the Encrypt Key at both stations is consumable, meaning that as messages are sent out, the Encrypt Key is used until it is too small to encrypt another message.
  • the program then informs the user that the remaining Encrypt Key is too small for the current message and prompts the user to select or install another key.
  • the Decrypt Key is used as many times as desired and must be retained until the saved encrypted messages never again need to be decrypted.
  • the Secure Communications System server enables direct, encrypted communications between two or more people who cannot physically exchange keys. Normally, as shown in FIG. 1, one of the parties who wish to communicate obtains a matched set from the central source and physically delivers a key CD or other storage media to the other and then begins communication. In some cases, physical delivery of a key disk from the source to the first party or from either of them to the second party is not possible. In this case, the key delivery shown in FIG. 1 may be accomplished by electronic communications as shown in FIG. 4.
  • the SCS Distribution Center 41 destroys its copies of the communications keys as they are sent to the Subscribers unless specifically requested not to do so. Keys archived at user request are kept on a separate SCS Distribution Center server for a pre-determined period of time at the user's expense.
  • the communications keys are, themselves, encrypted by a SCS key encryption key that is distributed to each subscriber to the SCS service at the time of subscription.
  • the communications key is created upon demand, encrypted with the SCS key, and then destroyed as it is transmitted to the subscribers who wish to communicate.
  • the encrypted communications keys are transmitted in packets which are blocks of 512, 1024, or larger, and each block is verified as received in tact by the program before it is destroyed on the SCS server, preventing transmission errors from ruining the key.
  • the SCS key encryption key is used to encrypt the communications key and prevents the blocks of communications key from being intercepted and used by non-subscribers or other non-authorized subscribers. No other subscriber can obtain and use a communications key set meant for another subscriber without authorization between the subscribers.
  • the program decrypts each communications key as it is received by each user, making it ready for communications between the users.
  • the SCS key encryption key is preferably a one-time-pad key that is as long as the pair of communications keys to be downloaded and is preferably physically delivered on a CD or DVD or alternatively delivered by network download.
  • the subscriber has the option to renew the subscription and receive a new SCS key recorded on CD, DVD, or other removable computer storage media or sent by network download.
  • This embodiment is used only for binary encryption, so the communications keys preferably use all possible byte values. Consequently, because the plaintext to be encrypted with the SCS key is merely a random sequence of all possible byte values, an encryption method using a repeating key is sufficient because the plaintext is not recognizable by a human or by a computer when it is successfully decrypted.
  • the KIN which is known from the file name, is not encrypted. Consequently, the SCS key can be a repeating key for RSA public key encryption or DES encryption or autokey encryption or any of many other methods, provided a different SCS key is given to each pair of communicating users.
  • the SCS server can be configured to endlessly generate and transmit to both parties a never ending communications key, encrypted with the SCS key encryption key and broken into blocks with a block identifier at the beginning of each block.
  • a desirable length for each block is between 1 kilobyte and 1 megabyte.
  • a convenient identifier for each block is the date and time that it is transmitted. Then, by secure means, one party specifies to the other an identifier of a block (date and time) which the sender will use to begin encrypting a message that is sent to the receiver. The receiver then begins recording the key sent from the SCS server starting at that block identifier and records enough of the never ending key to decrypt the message which is received from the sender.
  • the received key and message can be retained for any length of time.
  • the key can be retained only in volatile memory and only long enough to use it for decryption before erasing the key as well as the message. Then any interceptor that intercepted a copy of the message can not force the sender, the SCS server, or the receiver to reveal the decryption key because all copies of it have been destroyed. Neither the sender nor the SCS server ever kept a copy but instead only generated or used it on the fly.
  • the never ending key can be generated and transmitted to both parties at sufficient speed that it can be decrypted and used on the fly to encrypt real time voice or video conference communications. For simultaneous duplex communications two never ending keys would be transmitted to each party at the same time.
  • the speed of key generation need only be as fast as the fastest of such voice or video communications. Buffers can be used to accommodate speed differences. If the communication is slower than the speed at which the key is provided, the encryption can use only a portion of each block of the key, discarding the balance.
  • the key can be simply generated and transmitted over a period of time that is sufficient for the sender and recipient, such as 8 hours each day during working hours or during a specified 4 hour or 6 hour period of time.
  • the program can encrypt files for storage on public databases or local multi-user computers.
  • FIG. 5 shows files archived to any type of publicly accessible storage facility 52 .
  • All the encrypted files kept in a public storage facility can be downloaded by anyone, but only a user with a key associated with those files, shown as System A 51 in FIG. 5, can decrypt and read them. This eliminates concern over file security at the storage facility, although the facility needs to maintain the usual standards against vandalism and other physical and hacker attacks that could erase or alter the stored encrypted files. Unless damage consisting of additions or subtractions to the ciphertext can be undone, the file will not be decipherable. Substitution damage will also be detected by the program and the damaged file will be rejected for decryption.
  • the program can be configured to communicate between several substations in different ways. Key Sets for 3, 4, 5, 8, 10, and 20 substations or any number of substations can communicate with a Master Station and each other on a restricted, or open, basis.
  • the Key Management Window 20 shown in FIG. 2 facilitates handling the complex key arrangements.
  • Each key can be individually named (for example, “Substation 1 ”). This greatly reduces the difficulty in using the proper key for a particular station.
  • the program asks for the correct CD to be inserted, reducing possible errors in key selection.
  • the program is designed to be versatile and can be configured to match any communications need. For example, department managers can communicate with department heads through a public database or intranet without fear of compromise. Manager's reports that are sent to the department heads cannot be read by anyone else who is not authorized to possess the department head's key.
  • Authentication is built-in to the program's ciphertext protocol. Just as with a digital signature, only the individual in possession of a key can decrypt messages from the opposite station. If a message is successfully decrypted with the sender's key, the program's logic forces the assumption that it must have been encrypted by a person having access to the sender's key. Therefore, as far as the program is concerned, the message is genuine, originating from the possessor of the encryption key, and is therefore authenticated. This authentication process assumes that other variables that are impossible for the program to identify, such as theft of the key, have not occurred.
  • the encryption disk or digital signature or the PGP key or the private key of a public key encryption system is stolen, the thief becomes the authorized user.
  • the program can also encrypt a password or PIN or biometric data with the message contents, adding another level of authentication that is in unbreakable ciphertext.

Abstract

A one-time-pad encryption system where encrypted one-time-pad keys can be distributed to users on physical media or on a computer network from a central server. Each one-time-pad key has a key identification number that facilitates key management. Each encrypted data set includes a header specifying an offset within the one-time-pad key for commencement of decryption so that messages can be decrypted in any order. Before encryption begins, the length of remaining unused key is compared to the length of the data set to be encrypted. For ease of transcription or transmission by humans, the encrypted data can be represented as a subset of the 48 keys that are easy to use on a keyboard, preferably the 26 capital letters of the Western alphabet or these letters plus six numerals for a total of 32 characters. A one-time-pad key which is specialized to achieve such encryption can also be used for binary encryption. Encryption control buttons are added to a word processor and other programs as an addition to the user interface.

Description

    FIELD OF INVENTION
  • This invention relates to methods for encrypting computer readable data, particularly improved to one-time-pad encryption methods and the use of a keyable ciphertext character set to facilitate transcription and transmission by humans. [0001]
  • BACKGROUND
  • Before the advent of computers, many methods were developed for encrypting plain text into ciphertext so that a party having the appropriate key could decrypt the message to view the plain text. The methods were typically executed by humans with pen and paper and were later adapted for use with telegraph and teletype. [0002]
  • If the key used for encryption and decryption is as long as the message, it is referred to as a “one-time-pad” (OTP) encryption method and if the key is shorter than the message, such that the key, or a derivative of the key, must be used two or more times, it is referred to as a “repeating key” encryption method. [0003]
  • When computers were first developed, memory for storage of encryption keys was expensive and difficult to handle. The key for one-time pad encryption key needs to be as long as the message and must be used only once. Consequently, repeating keys were favored over one-time-pad keys because they are much smaller, typically hundreds or thousands of times smaller and can be reused. A popular repeating key method, known as public key encryption, uses different but related public and private keys for encryption and decryption. [0004]
  • Given a large enough sample of encrypted messages and a fast enough computer with a large enough memory, any repeating key encryption can be broken. With the recent increases in computer speed and memory size, repeating key encryption methods previously thought to provide adequate security have been broken. The only known encryption method that is provably unbreakable is one-time-pad. [0005]
  • The original form of one-time-pad encryption was performed using a key consisting of a random sequence of the 26 letters of the alphabet and the 10 numerals and little or no punctuation. The message was limited to the same character set as the key. To explain how it works, we assume a character set of 38 characters. If we assign to each character a value ranging from zero to 37, the encryption process can be performed by combining the first character of the message with the first character of the random key and then the second character of the message with the second character of the key, and so on. The combination process can be either addition or subtraction of the character values in base [0006] 38 (modulo 38) discarding the carry, and the decryption process is the opposite. Thus, the sum of value 35 plus the value 5 produces the value 2. Likewise, the value 2 minus the value 5 is the value 35. Such a one-time-pad encryption process can be performed with any number of characters in a character set provided the key uses the same number of possible values as the allowed number of characters in the set. Thus, for encrypting eight bit bytes which have 256 possible values, addition (or subtraction) in modulo 256 is used. When working with binary numbers where the number of possible values is a power of two, the encryption or decryption process can be executed very quickly using an exclusive-or operation to produce the same result as modulo addition or subtraction.
  • To encrypt a one megabyte computer file requires one megabyte of key that can not be reused. With the development of inexpensive CDs and DVDs to store a very long key, the use of one-time-pad encryption for computer communications has become practical. [0007]
  • SUMMARY
  • The advent of the Internet now allows bulky one-time-pad (OTP) keys to be distributed to a computer connected to a network such as the Internet. So that a onetime-pad key distributed on a network cannot be intercepted and then used to decrypt a message, the one-time-pad communications key is itself encrypted with a key encryption key. [0008]
  • The key encryption key can be a repeating key or also a one-time-pad. When a communications key is distributed to both a sender and receiver, the key encryption key can be identical for both parties so that a person who intercepts both transmissions receives identical content and cannot use any differences in content to aid with decrypting the content. Alternatively, to ensure that only one party can use each key distributed, the communications key can be encrypted with a unique key encryption key. [0009]
  • Instead of distributing a key of finite length to each of the sender and the receiver, the server can be configured to send them a continuous sequence of keys, each with its own identifier, such that the sender and receiver can each capture a portion of the sequence of keys and use that portion to encrypt and decrypt their messages. By this process, a sequence of one-time-pad keys can be transmitted continuously for use by the sender and receiver at any time, effectively becoming a never-ending key. [0010]
  • The received blocks of continuously transmitted keys are stored in a buffer until used. If the communications between the sender and receiver do not require enough bandwidth to use all of each received block, the remainder of each block is discarded. [0011]
  • When the one-time-pad communications keys are distributed on physical media such as CDs or DVDs, encryption of the key material renders the key unusable except with a certain copy of a communications program with the appropriate key encryption key for decrypting the communications key. [0012]
  • When the communications key is recorded on physical media, rather than breaking it into blocks with an identifier for each block such that the key can be used starting at the beginning of any block, locations within the key are identified with an offset number. The offset number is included as a metadata header for the encrypted message to indicate the starting point within the key for decrypting the message. [0013]
  • Similarly, the metadata header includes an identification of the key to facilitate matching the key with the message at the recipient's computer system. Also, the metadata header includes a length and an error checking code, both of which are used to check for errors in the encrypted message. [0014]
  • When a key of finite length is used, whether received on physical media or by communications across a network, before encryption begins, the length of the message is compared with the length of the key to ensure that the key is long enough to complete the encryption process. [0015]
  • Modern Western character sets include more than 90 characters, including upper and lower case letters, numerals, symbols, and punctuation. The characters which require use of a shift key on a standard keyboard are inconvenient to use, and characters which are difficult to distinguish, such as 0 and 0 are ambiguous to the human reader. Consequently, if the ciphertext is to be keyed by a human or spoken by a human as a link in the transmission process, it is advantageous to use a limited character set including only one case of each letter and only those additional symbols that can be keyed without using the shift key and are easy to visually distinguish. This is referred to as the keyable ciphertext character set. [0016]
  • In one embodiment, this character set consists of the 26 capitol letters of the Western alphabet. In another embodiment, it consists of these letters plus six of the numerals to make a set of 32 characters. A character set with 32 characters has certain advantages because 32 is a power of two which facilitates binary operations. [0017]
  • To use the keyable ciphertext character set for transmitting messages, nearly all of which use a character set that allows more than 32 characters, some of the plain text characters are represented with two ciphertext characters. To minimize the number of ciphertext characters, the most common 22 or 26 plaintext characters are each represented with one ciphertext character while all others are represented with two ciphertext characters. [0018]
  • The preferred one-time-pad key for encryption to the keyable ciphertext character set consists of a random sequence of bytes where each byte value is limited to the number of values in the keyable ciphertext character set (48 or fewer), preferably 26 or 32. Before encryption, the plain text is lengthened to an intermediate text containing only the characters of the keyable ciphertext character set. The intermediate text is then one-time-pad encrypted with the random sequence of bytes where the byte values are limited to the number of characters in the character set. Even though the possible byte values are limited to fewer than all 256 possible values, the one-time-pad communications key can also be used for binary encryption into ciphertext with all 256 possible values, so each key has dual uses. [0019]
  • Because security would be compromised if a one-time-pad encryption key were used twice, the key identification number for each key is semi-permanently written to a file in the computer system and this file is checked when a key is installed to insure it has not previously been installed. In the Windows operating systems, this file is known as the “registry”. To delete this semi-permanent record, the operating system must be entirely reinstalled on the computer system or a special program must be run to delete from the registry the previously installed key such as by using the maintenance program provided in Windows called REGEDIT.EXE. [0020]
  • The disclosed client computer encryption and decryption computer program can work with any computer file of any file type. It can encrypt folders including all of their sub-folders and files. The controls can be incorporated into the user interface for a word processor so that an encrypt button appears in the word processor user interface, along with a decrypt button and the same can be done for other programs. When displayed information is selected and the encrypt button is pressed, the displayed material is encrypted. If the program is configured to the keyable ciphertext character set mode, the encrypted information is displayed in the preferred character set. If binary encryption mode is selected, the encrypted information is displayed with box symbols representing non-displayable characters or with whatever displayable characters the encrypted byte values happen to represent.[0021]
  • SUMMARY OF THE DRAWINGS
  • FIG. 1 shows the process of creating one-time-pad communications keys and distributing them to users, whether by computer network or on disk. [0022]
  • FIG. 2 shows the key management window for each user. [0023]
  • FIG. 3 shows how the keyable ciphertext character set is used. [0024]
  • FIG. 4 shows additional details on distribution of one-time-pad communications keys by a server. [0025]
  • FIG. 5 shows how the encryption may be used by a single user for safe storage of secure information to be retrieved only by that user. [0026]
  • FIG. 6 shows separate secure communications with each of three sub-stations. [0027]
  • FIG. 7 shows secure communications accessible by all of four parties. [0028]
  • DETAILED DESCRIPTION
  • In the text below, “plaintext” refers to the original unencrypted bytes of data, whether characters, symbols, or binary bytes, Microsoft Word 2000™ is called Word 2000, and Microsoft Windows 98™ and Microsoft Windows 2000™ are called Windows 98 and Windows 2000 respectively.. [0029]
  • The preferred embodiment of the invention is a computer program operating in the Microsoft Windows 98 and Windows 2000 environments on an IBM compatible personal computer that performs encryption and decryption using a one time pad (OTP) cipher that conforms to the strict version of a one time pad algorithm to ensure the creation of ciphertext that is unbreakable. [0030]
  • The program encrypts and decrypts any message or other data set, including: [0031]
  • 1. All files created by any Windows 98 and Windows 2000 programs including any type of picture file and all Excel files. [0032]
  • 2. Subsections of a Word 2000 document within the document by adding to the Word 2000 toolbar additional “Encrypt” and “Decrypt” buttons. [0033]
  • 3. Windows Folders and their file contents to any subfolder level, creating one encrypted file for the entire hierarchy. When decrypted, the hierarchy and its file contents are re-assembled into a perfect copy of their prior structure. [0034]
  • 4. The text or ciphertext contents of the Windows Clipboard within the Clipboard itself. Using the Clipboard, the program can keep encrypted or decrypted text information in RAM and insert it in email or any other Windows program without saving such information to disk. This prevents electron microscope media scans and other techniques from detecting deleted information on the deep layers of magnetic storage media such as a hard drive. [0035]
  • 5. Text messages typed into the program's Text Window. [0036]
  • The program has full file saving and loading capabilities and can save encrypted and decrypted files to any computer storage media. [0037]
  • Keys for Encryption and Decryption [0038]
  • As shown in FIG. 1, two matching [0039] OTP keys 5 & 6, 4& 7 are created by a central key service I and distributed one to each subscriber 2 & 3 for use. The keys 4, 5, 6, 7 are kept on CD's, DVD-ROMs, or other computer storage media. Matching keys must be in the possession of the receiver and the sender in order to encrypt and decrypt the file or text. Each portion of each key is used for encryption once, and, to ensure security, only once. Replacement keys can be purchased from the manufacturer that provides a central source of OTP keys or, using a random number generator, created by the user under license from the manufacturer. Key CD's and DVD-ROMs may be copy protected.
  • The keys can be of any length according to the client's needs and the capacity of the storage media. Key material is preferably created from a commercially available random number generator called an SG100 manufactured by Protego in Sweden. [0040]
  • The program works with keys from any computer storage media including Very Large Storage Arrays (VLSA). However, for security reasons, it is not recommended that the program keys be installed on the hard disk of a computer connected to an unsecure network. For large key databases, a dedicated server in control of a subscription database called a Secure Communications System, or SCS server, discussed below, manages the VLSA. [0041]
  • Program Functions [0042]
  • The program works in two main modes: a purely binary mode where the cipher is not human-readable and a keyable ciphertext mode where the resultant ciphertext is in the 26 all capitol Western alphabet letters or the 26 letters plus 6 numbers for a total of 32 characters. Because the binary encryption process is very simple, the program kernel is fast enough to encrypt voice and real-time video communications on a contemporary Windows 98 or 2000 computer. The original plaintext encrypted by the program is not destroyed or modified in any way and remains in its original location. [0043]
  • The program places an icon in the Windows System Tray that, through a pop-up menu, allows the user to open the main program window, encrypt or decrypt the contents of the Windows Clipboard, or close the program. The System Tray icon stays in the system tray and is loaded each time the computer is started. [0044]
  • As shown in FIG. 2, the program displays a [0045] Key Management Window 20 where key usage is tracked by the program and displayed for the user. When keys come to the end of their use as indicated by a “Key Remaining” indicator in a status bar and the “Remaining” data indicator 21 in the Key Management Window for each key, they are deleted by the user and never used again. The program will not allow encryption to take place if the selected key is not large enough to handle the requested amount of encryption. The Key Remaining status bar window displays the total number of bytes left in the selected key. A “Current Key” status bar window displays a user given name or the Key Identification Number of the selected key if no user given name has been assigned. Multiple keys can be stored on one CD or other storage media, all managed through the program's Key Management Window. In this way, several types of communications systems can be implemented from a simple two-station system to a more complex system.
  • Text Encryption Character Set [0046]
  • During text encryption in the keyable ciphertext mode, the program converts all characters, including all punctuation and non-printable characters, to the ASCII capitol letters A through Z, resulting in ciphertext that is easy for humans to read and to quickly key on a keyboard. As shown in FIG. 3, this reduced character set facilitates non-computer related transcriptions of the ciphertext such as entering the ciphertext into a computer from printed media such as fax documents and other letters on paper. It also aids accuracy in the transmission of ciphertext by voice, Morse Code, and other non-computer direct methods of transmission. By using only one case of letters, the shift key never needs to be pressed. Upper case letters are easier for the eye to distinguish than lower case letters. 26 different characters are easier for a human to distinguish and work with than 52 different upper and lower case letters or the 62 alphanumerics or the 94 possible characters on a standard computer keyboard. [0047]
  • So that each display of the ciphertext on a standard computer will show the proper characters, the keyable ciphertext uses the regular 8 bit ASCII values in the preferred embodiment. However, when only 26 characters are represented in binary numbers, only 5 bits are required. 5 bits can represent a total of 32 characters, so 6 additional characters can be represented without making the ciphertext any larger. Also, if all possible values of 5 bit binary numbers are used for the ciphertext, the random characters for encryption can be generated by taking a long string of [0048] random bits 5 bits at a time and then converting with a look up table to preferred 8 bit representations, so any source of random bits can be used efficiently provided both the sender and the receiver have access to the same source of random binary bits.
  • To take advantage of these benefits of using 32 characters in the ciphertext character set, an alternate embodiment of the invention adds 6 more characters. The preferred characters are 6 of the 10 Arabic numerals because they are found on all keyboards and have representations in Morse code. Any 6 of the 10 will do, but the preferred 6 are the numerals 2-7. 0 is to be avoided because it looks too much like O. 1 is to be avoided because it looks too much like I and L and |. When faded or blurry, 6, 8, and 9 can be difficult to distinguish. It is easiest for a human to interpret blurry characters if he or she knows they are limited to certain set, and it is easiest to explain to the user the possible range of numerals if the range is contiguous. For these reasons, the range 2-7 is preferred. [0049]
  • Whether using 26 characters or 32 characters or any easily keyed character set up to the 48 characters that can easily be keyed on a standard computer without using the shift key, the character set is referred to herein as a Keyable Ciphertext Character Set. [0050]
  • Because there are only 26 to 48 characters in the Keyable Ciphertext Character Set, the resultant reduction of any standard character set into the Keyable Ciphertext Character Set requires that many characters be represented as two of the Keyable characters, resulting in a greater number of ciphertext characters than plaintext characters. If a 32 character set is used, all lowercase letters are encrypted with a one-to-one relationship to a random ciphertext character. All non-lowercase letters, including lower-case characters with accents, are represented by two random symbols of ciphertext. This method helps reduce ciphertext expansion because most messages are predominately made up of lowercase letters. By this method of using one-to-one for 26 of the possible characters and two-to-one for all other possible characters, the number of characters that can be represented is 26+32×32×32×32=1,048,602, which is enough to represent all known characters in all alphabets, including Chinese word characters. [0051]
  • In the embodiment which uses 26 characters, the first 22 lower case characters of the alphabet, a-v, are given a one-to-one relationship with ciphertext and all the remaining characters, including w, x, y, and z, are represented with 2 characters of ciphertext. This allows representation of a total of 22+26×26×26×26=456,998 characters, which is still enough to represent all known characters in all known languages. [0052]
  • An algorithm for creating this sometimes one-to-one and sometimes two-to-one relationship may be implemented as follows. First, create an intermediate text by replacing every character other than a-v (a-z in the 32 character set embodiment), with a 2 character representation starting with W, X, Y, or Z (2-7 in the 32 character set embodiment). This reduces all characters in the plaintext to the allowed character set. Then do the one-time-pad encryption in the usual way by replacing each of the 26 or 32 characters in the intermediate text with another one of the 26 or 32 characters randomly produced by combining it with the next one of the 26 or 32 characters in the key. [0053]
  • In text mode, the program offers the user an option to reduce the size of output files using a zero loss compression algorithm. With this option checked, the program's output cipher files are significantly reduced in volume automatically before storage. The preferred algorithm is licensed from the distributor of the PKZip software, PK Ware, Inc., http://www.pkware.com. Because each character of ciphertext is represented-by 8 bits and there are only 26 or 32 different characters in the text mode ciphertext out of a possible 256 8 bit characters, large amounts of zero loss compression are possible in text mode. In binary mode, because the ciphertext is entirely random and all possible byte values are used, no compression is possible. [0054]
  • Key Rendered Non-Random [0055]
  • For use with text, as described above, the ciphertext consists of 26 or 32 characters. Consequently, for use in the one time pad encryption process, the key should have only these 26 or 32 characters, the frequency of occurrence of each character being entirely random. For the embodiment that uses 32 characters, this can be accomplished by starting with any long string of random bits and taking them 5 at a time. If the original string is random, then each 5 bit byte will randomly contain each of 32 possible values. To represent the 32 keyable characters using 8 bit ASCII values, a look up table quickly converts to ASCII. Consequently, for the 32 character embodiment, the same key material can be used for both text encryption taking the key 5 bits at a time or for binary encryption using 8 bits at a time, making the keys last longer in text mode. Alternatively, for either the embodiment that uses 26 characters or the embodiment that uses 32 characters, reducing a sequence of random bytes to only 26 or 32 characters can be accomplished by using a random byte generator (or taking random bits 8 at a time, which is the same thing) and throwing out all bytes other than the 26 or 32 bytes that represent characters within the set. [0056]
  • However, if merely random key CDs or other key media are distributed to the users for use with the program, then the media can be used with any encryption program as a source of random characters or numbers. Likewise, the program can then be used with any source of random characters or numbers. For business reasons, it is preferable that the program only be usable with an authorized CD and that the CDs only be usable with an authorized program. Therefore, before the key is recorded on the disk, it is processed through a reversible algorithm that renders the key no longer a random sequence of characters. Because the key as recorded on the key media is non-random, it is not usable for encryption without running it through the reverse algorithm to render it random again. This process of starting with a random key, then rendering it non-random, and then rendering it random again at the time of use can easily be achieved with a one-to-one relationship between 8 bit bytes of the original key consisting of 26 or 32 characters and 8 bit bytes of the key in non-random form because the non-random form can use any of the 256 possible values for each byte. [0057]
  • To render each communications key non-random before it is recorded on the CD or DVD or other media, many different algorithms may be used. A suitable method is to encrypt each key with a repeating key encryption key by XORing the communications key with a string of bytes used over and over. The string of bytes is preferably between 1,000 bytes and 50,000 bytes long, stored as a file. When the XOR process reaches the end of the string of bytes, the file pointer is reset to the beginning of the file and the string of bytes is re-used until the file reaches the End of File indicator. Any repeating key cipher may be used, such as Vernam, autokey or DES. [0058]
  • With repeating key obfuscation of the raw key data, the communications key cannot be read or modified in an ordinary way by the user or copied and used by a competitor's encryption program. When the program reads a key file, it uses its own built-in key encryption key to decrypt the portions of the key it will use. For a version of the program, so that all programs work together and all keys for that version work with all the programs, the key encryption key is identical in every instance of the program and every instance of every key produced. [0059]
  • Use of the Keys for Binary Encryption [0060]
  • The binary encryption user-selectable option of the program does not use the Keyable Ciphertext Character Set because voice and video encryption are of a volume that makes manual input impractical. Instead, it uses all 256 possible 8 bit bytes in cipher to represent the 8 bit bytes of original material. In the program's binary encryption mode, there is a direct relationship between each key byte and each plaintext byte, resulting in a one-to-one relationship between key bytes and plaintext bytes. [0061]
  • For versions of the program that can do both keyable ciphertext encryption and binary encryption, the same key that is used for keyable ciphertext encryption may be used for binary encryption. When the key is used for 26 character encryption, the encryption process uses an algorithm for [0062] base 26 addition and discard the carry (modulo 26 addition), with a conversion to binary, to combine the plaintext with the key and yield the ciphertext. For binary encryption, the process is much faster because modulo addition can be done in binary by simply executing an exclusive-or operation (XOR) on the plaintext and the key, bit by bit, to produce the ciphertext. Because the key contains only the 8 bit values of the 26 ASCII characters, every byte has the same value in two of the bit positions. Therefore, with respect to the bits in each byte, the key is not entirely random and 2 bits of each byte in the ciphertext can be easily decrypted. However, at the byte level, the values of each byte in the key are random and the remaining bits can not be decrypted. Therefore, the key can be used for binary encryption as well as for keyable ciphertext encryption without compromise of security and the binary encryption runs as fast as with a key of all possible byte values.
  • Key Disk Contents [0063]
  • Each memory medium containing one or more keys is identified with a 32 byte Disk ID, which is a globally unique identifier (GUID) consisting only of characters that are permitted in a file name in all common file systems (58 case insensitive characters in Microsoft systems). Preferably, each GUID is created with an algorithmic relationship between successive characters rather than a random relationship. Each user that is licensed to create key disks is given a key generator program that creates a unique Disk ID GUID for each disk during the key production process. The Disk ID is stored on the memory medium in a file which has the same 32 byte name as the file contents. [0064]
  • In one embodiment of the invented system, the GUID creation algorithm published by Microsoft is used. Although it is theoretically possible that two different copies of this program will generate two GUIDs that are identical, the chances are very small and small enough to be acceptable. The Microsoft GUID creation system uses alphanumeric characters with curly braces and dashes as punctuation. For use as a Disk ID, the curly braces and dashes generated by the Microsoft algorithm are removed. [0065]
  • In another embodiment, for ease of reading and keying by humans, the characters used for the GUID are the preferred 32 Keyable Ciphertext Characters (A-Z +2-7). To ensure that no two GUIDs are the same, the last 4 characters of the 32 character GUID are reserved to identify the manufacturer of that particular disk, allowing identification of 1,048,576 possible manufacturers (32×32×32×32). The first 28 characters are filled in by a program that never generates the same number twice until all possible numbers have been used (32[0066] 28).
  • Information for each key on the storage media consists of the following data that is stored as the contents of a large file using whatever file layout format is required for that media: [0067]
  • 1. The first 32 8 bit bytes is a Key Identification Number (KIN), which is a Globally Unique Identifier (GUID) using the same characters that are permitted in a Disk ID as described above. Again, the last four characters identify the manufacturer of the key in one embodiment. For simplicity, repeating key encryption is applied to the entire contents of the key file, including the KIN. When the key is stored on a disk, the Key Identification Number, in non-repeating key-encrypted form, is copied to the file allocation table as the file name within the file system on the media. [0068]
  • 2. In one embodiment, the Disk ID is stored as the second 32 bytes to make it difficult for the contents of the key media to be copied to other media, reinstalled, and reused. [0069]
  • 3. The key itself, which is a long sequence of 26 or 32 character bytes used for encryption of the original material, is stored in repeating key encrypted form. [0070]
  • Preferably, one key (including the Key Identification Number) or a pair of keys, one for encrypting and one for decrypting, fills up the entire media, usually a CD or DVD, except for the Disk ID file. However, any number of keys can be stored in one memory medium, each as a file with whatever file organization method is used on the medium. [0071]
  • The key file name consists of the KIN as described above followed by either .ENC file extension for the encrypting key or .DEC for the decrypting key. Following is a sample of a GUID used for the KIN and the file name for the key pair: [0072]
  • 3AA91601F83211D49D6A0008C7A23A01.ENC [0073]
  • 3AA91601F83211D49D6A0008C7A23A01. DEC [0074]
  • When a key is installed on a computer system, its offset number (the location in the key file where the usable portion of the key begins which initially is the 33[0075] rd byte following the initial 32 byte KIN), size, name, and Disk ID are stored in the resident computer's registry. These registry entries remain with the system as long as the program is installed, and key information consisting of the key name, disk ID, and offset remain in the registry after the program is uninstalled in case the program is reinstalled on that system in the future. A special uninstall process, separate from the program's standard uninstall facility, is required to remove the resident registry data. The persistence of the registry data after an uninstall of the program helps prevent the unintentional reuse of the keys should another instance of the program be installed at a later time.
  • Of course, any cipher system can be intentionally misused, resulting in a breech of security. There is no technical means to prevent a pair of CD's or other key media containing the same key from being used again on a second pair of computer systems that had not used the key before. Because this would compromise security for both the first and the second user if an attacker were to get copies of a large volume of messages where the same key was used, facilitating analysis in depth attacks, the users have a strong incentive to destroy any CDs or other storage media containing used keys. [0076]
  • Ciphertext Contents [0077]
  • The body of ciphertext created by the program contains the following header information (metadata): [0078]
  • | KIN| Offset | Length | CRC | binary/text |[0079]
  • The KIN identifies the key that was used to create the message. The Offset represents the starting place from the beginning of the usable key (following the 32 byte KIN) for the program to start decryption. The length of the encrypted message is used to facilitate error checking by simply comparing the observed length of the message with this number. The CRC is a checksum of the ciphertext used in error detection. The binary/text designation instructs the receiving program whether to decrypt in binary mode or keyable ciphertext mode. [0080]
  • Since each message Offset identifies where the program must start decrypting the message within that particular key, the encrypted messages may be decrypted in any order, unlike the traditional one time pad where encrypted messages had to be decrypted in the order in which they were encrypted to maintain a proper index within the decrypt key. [0081]
  • The CRC (checksum process) uses an algorithm that can detect the substitution, subtraction, or addition of a single character in a field of 100 million characters. Although an error changing one character to another is usually inconsequential, changing the length by subtracting or adding even one character will render the message indecipherable by any means. The program will therefore be prevented from decrypting ciphertext if a single character is added or subtracted, so a check for a one-to-one character relationship is mandatory in the program's design. Substitutions are the least harmful because they only effect between 1 and 2 characters of plaintext. However, the CRC algorithm finds these as well. [0082]
  • Program Operation [0083]
  • Using the functions accessed via a Key Management Window as shown in FIG. 2, each key stored on the media can be: [0084]
  • 1. Installed. The Install [0085] button 22 registers the Disk ID number in the Windows Registry (or a similar registry for any other operating system) along with the repeating key decrypted Key Identification Number and key usage information and displays key information in the Key Management Window 20. If the key CD cannot be installed or it does not contain a valid Disk ID, a message informs the user that installation cannot take place.
  • 2. Selected for use. Encryption will be carried out with the key selected with the [0086] Select button 23.
  • 3. Imported from another system along with usage data. The usage data is used to ensure that the used portions of the imported key will not be reused. The usage data may be imported across a network or read from a floppy disk with the [0087] Import button 24.
  • 4. Exported to another system along with usage data. The usage data provides to the receiving system the information it needs to ensure key reuse will not occur. The usage data may be exported across a network or saved to a floppy disk with the [0088] Export button 25.
  • 5. Renamed with a User Given Name. For the initial Key Name, the Key Management Window displays a copy of the repeating key decrypted Key Identification Number (which is also displayed in the [0089] Key Management Window 20 two lines below as the Key Identification Number). Right-clicking the Key Name brings up a menu that allows the user to rename the key with any preferred name, such as “Jim's Office” or “Seattle Center.” If the original Key Name or file name is modified by the user with the intent to reinstall a used key, the embedded KIN prevents key reuse by comparing the repeating key decrypted KIN of each new key to the KIN of previously installed keys listed in the computer's Registry. Installation is not allowed if there is a match. Neither the Key Name nor the key file name is used in the comparison. The KIN is always used to identify the key regardless of any changes to the Key Name or key file name made by the user.
  • 6. Deleted. Once Deleted by pressing the [0090] Delete button 26, a key cannot be reused on that computer during the lifetime of the program's installation on the computer. Deleting a key updates the Windows Registry to indicate that the key has been entirely used, compromised by being stolen, damaged, or otherwise indisposed.
  • Renaming a key to a friendly name makes it easier for the user to know which key to select. To select a key, the user clicks on the name of the key in the Key Management Window and presses the “Select” button. If the selected key is not present on the currently installed CD or other key storage media, the program asks the user to insert the proper media. The request is repeated until the media containing the selected key is installed or the selection process is cancelled. [0091]
  • When the key is installed, the KIN is read by the program, repeating key decrypted, and authenticated as a valid GUID according to the algorithm for creating a GUID. The GUID is checked to ensure it contains only permitted characters. GUIDs are generated with an algorithmic relationship between successive characters rather than a random relationship, and this relationship is verified. If the KIN is verified, it is displayed in the [0092] Key Management Window 20 in the section for that key. If the KIN is not correct or absent, the program will not allow the associated key to be installed.
  • The program displays a General Options dialog box containing user-selectable options discussed below. [0093]
  • “Run the program in the background when Windows starts”: This option places an icon for the program in the System Tray for easy access to encrypt and decrypt functions and as an alternate way to open the main program. [0094]
  • “Create Zip File for Files and Folders Encrypted”: This function automatically converts files into a standard Zip file format as the last step in encryption. This makes the file smaller, making network transmission many times faster. [0095]
  • “Use wizards for encrypting and decrypting files”: This option opens helpful wizards to instruct the user in file and folder encryption and decryption. [0096]
  • “Quick encrypt and decrypt”: This option opens simple dialog boxes for experienced users to decrypt and encrypt files. [0097]
  • Direct Communications Mode [0098]
  • The program may be used for direct communication between two points if both locations have identical keys. This is called the Direct Communications Mode. Communication between two locations, Location A and Location B in the table below, is the most basic way in which the program functions. [0099]
  • Location A Location B [0100]
  • A Encrypt Key=B Decrypt Key [0101]
  • A Decrypt Key=B Encrypt Key [0102]
  • The “A Encrypt Key” is identical in key content to the “B Decrypt Key.” The “A Decrypt Key” is identical in key content to the “B Encrypt Key.” At Location A, the A Encrypt Key amount used is tracked and stored by the program and, at Location B, the same thing happens for the B Decrypt Key. When Location B receives a message from Location A, the B Decrypt Key is used to decrypt the message starting at the offset indicated by the message header. [0103]
  • The Decrypt Keys can be used over and over again each time the recipient wants to read a particular encrypted message with no compromise in security because the message and key content are tied together by the KIN embedded in the key and the KIN and the offset data embedded in the message header. The key used to encrypt a particular message will never again be used for any other message, so there is no limit to the number of times an encrypted message can be decrypted. This is a great boon to people who must store large or small volumes of messages on public storage centers like Driveway and similar online businesses. The encrypted messages may be downloaded and decrypted as many times as the user wishes without a key use penalty. [0104]
  • The Encrypt Key at both stations is consumable, meaning that as messages are sent out, the Encrypt Key is used until it is too small to encrypt another message. The program then informs the user that the remaining Encrypt Key is too small for the current message and prompts the user to select or install another key. By contrast, the Decrypt Key is used as many times as desired and must be retained until the saved encrypted messages never again need to be decrypted. [0105]
  • The amount of Encrypt Key remaining for the selected key is displayed in the program's status bar along with the key's file name or user assigned name. [0106]
  • Any two stations can communicate until their Encrypt Keys are consumed, at which time they install a new Key Set and begin again. Key Sets can be as large as 650 MB for each key on a pair of CDs, 8 Gigabytes on a DVD-ROM, and any size on large enough storage media. [0107]
  • SCS Server Communications [0108]
  • The Secure Communications System server enables direct, encrypted communications between two or more people who cannot physically exchange keys. Normally, as shown in FIG. 1, one of the parties who wish to communicate obtains a matched set from the central source and physically delivers a key CD or other storage media to the other and then begins communication. In some cases, physical delivery of a key disk from the source to the first party or from either of them to the second party is not possible. In this case, the key delivery shown in FIG. 1 may be accomplished by electronic communications as shown in FIG. 4. [0109]
  • When two or more people subscribe to the SCS service shown in FIG. 4, they are each sent a CD or larger storage media containing the program and a SCS key encryption key that allows them to download communications keys from the SCS Distribution Center. The communications keys that are downloaded are encrypted with the SCS key encryption key so only a party with the SCS key encryption key can use the communications key for encryption or decryption. Encryption with the SCS key does not include the KIN. Because the communications keys are encrypted with the SCS keys, other repeating key obfuscation as described above is unnecessary. After each party downloads and decrypts its copy of the pair of communications keys, the parties involved then use the communications keys to communicate directly with each other without passing their encrypted messages through the SCS Distribution Center. [0110]
  • This enhances privacy because, as the keys are downloaded from the SCS Distribution Center, they are destroyed in the SCS database. The SCS database maintains no copies of the communications keys downloaded unless requested to do so by the owner of the key subscription. Communication between the subscribers using the downloaded keys takes place over a different connection, usually through their own phone lines or satellite systems or the Internet, as shown in FIG. 4. [0111]
  • As shown in FIG. 4, acquisition of keys is controlled by the following process, or a variation of this process. Subscriber A [0112] 42 requests Subscriber B's communications key set. In order for the SCS Distribution Center 41 to release Subscriber B's communications key set, the exchange must be pre-approved by Subscriber B 43. After approval, Subscriber A may then download Subscriber B's key set, and Subscriber B is able to download Subscriber A's key set. Communication then takes place directly between Subscriber A and Subscriber B outside of the SCS Distribution Center.
  • The [0113] SCS Distribution Center 41 destroys its copies of the communications keys as they are sent to the Subscribers unless specifically requested not to do so. Keys archived at user request are kept on a separate SCS Distribution Center server for a pre-determined period of time at the user's expense.
  • As noted above, before transmission by the server, the communications keys are, themselves, encrypted by a SCS key encryption key that is distributed to each subscriber to the SCS service at the time of subscription. The communications key is created upon demand, encrypted with the SCS key, and then destroyed as it is transmitted to the subscribers who wish to communicate. The encrypted communications keys are transmitted in packets which are blocks of 512, 1024, or larger, and each block is verified as received in tact by the program before it is destroyed on the SCS server, preventing transmission errors from ruining the key. The SCS key encryption key is used to encrypt the communications key and prevents the blocks of communications key from being intercepted and used by non-subscribers or other non-authorized subscribers. No other subscriber can obtain and use a communications key set meant for another subscriber without authorization between the subscribers. The program decrypts each communications key as it is received by each user, making it ready for communications between the users. [0114]
  • For maximum security, the SCS key encryption key is preferably a one-time-pad key that is as long as the pair of communications keys to be downloaded and is preferably physically delivered on a CD or DVD or alternatively delivered by network download. When the matching SCS key encryption key kept on the server is consumed, the subscriber has the option to renew the subscription and receive a new SCS key recorded on CD, DVD, or other removable computer storage media or sent by network download. [0115]
  • This embodiment is used only for binary encryption, so the communications keys preferably use all possible byte values. Consequently, because the plaintext to be encrypted with the SCS key is merely a random sequence of all possible byte values, an encryption method using a repeating key is sufficient because the plaintext is not recognizable by a human or by a computer when it is successfully decrypted. The KIN, which is known from the file name, is not encrypted. Consequently, the SCS key can be a repeating key for RSA public key encryption or DES encryption or autokey encryption or any of many other methods, provided a different SCS key is given to each pair of communicating users. [0116]
  • Alternatively, instead of downloading to the sender and receiver communications keys each with a beginning, a length, and an end, the SCS server can be configured to endlessly generate and transmit to both parties a never ending communications key, encrypted with the SCS key encryption key and broken into blocks with a block identifier at the beginning of each block. A desirable length for each block is between 1 kilobyte and 1 megabyte. A convenient identifier for each block is the date and time that it is transmitted. Then, by secure means, one party specifies to the other an identifier of a block (date and time) which the sender will use to begin encrypting a message that is sent to the receiver. The receiver then begins recording the key sent from the SCS server starting at that block identifier and records enough of the never ending key to decrypt the message which is received from the sender. [0117]
  • The received key and message can be retained for any length of time. Alternatively, the key can be retained only in volatile memory and only long enough to use it for decryption before erasing the key as well as the message. Then any interceptor that intercepted a copy of the message can not force the sender, the SCS server, or the receiver to reveal the decryption key because all copies of it have been destroyed. Neither the sender nor the SCS server ever kept a copy but instead only generated or used it on the fly. [0118]
  • The never ending key can be generated and transmitted to both parties at sufficient speed that it can be decrypted and used on the fly to encrypt real time voice or video conference communications. For simultaneous duplex communications two never ending keys would be transmitted to each party at the same time. The speed of key generation need only be as fast as the fastest of such voice or video communications. Buffers can be used to accommodate speed differences. If the communication is slower than the speed at which the key is provided, the encryption can use only a portion of each block of the key, discarding the balance. [0119]
  • Instead of being generated and transmitted continuously without interruption forever, the key can be simply generated and transmitted over a period of time that is sufficient for the sender and recipient, such as 8 hours each day during working hours or during a specified 4 hour or 6 hour period of time. [0120]
  • Archive Capabilities [0121]
  • The program can encrypt files for storage on public databases or local multi-user computers. FIG. 5 shows files archived to any type of publicly accessible storage facility [0122] 52.
  • All the encrypted files kept in a public storage facility can be downloaded by anyone, but only a user with a key associated with those files, shown as [0123] System A 51 in FIG. 5, can decrypt and read them. This eliminates concern over file security at the storage facility, although the facility needs to maintain the usual standards against vandalism and other physical and hacker attacks that could erase or alter the stored encrypted files. Unless damage consisting of additions or subtractions to the ciphertext can be undone, the file will not be decipherable. Substitution damage will also be detected by the program and the damaged file will be rejected for decryption.
  • Versatile Communications Structures [0124]
  • The program can be configured to communicate between several substations in different ways. Key Sets for 3, 4, 5, 8, 10, and 20 substations or any number of substations can communicate with a Master Station and each other on a restricted, or open, basis. [0125]
  • As shown in FIG. 6, the program can communicate securely with three [0126] Substations 62, 63, 64 that cannot communicate securely between themselves. Each Substation's traffic is received and decrypted at the Master Station 61 and individual replies are sent from the Master Station to each Substation. If Substation 3 receives traffic from Substation 1 or 2 in error, it cannot be decrypted.
  • The [0127] Key Management Window 20 shown in FIG. 2 facilitates handling the complex key arrangements. Each key can be individually named (for example, “Substation 1”). This greatly reduces the difficulty in using the proper key for a particular station. As mentioned above, if a user selects a key that is not on the currently inserted CD, the program asks for the correct CD to be inserted, reducing possible errors in key selection.
  • As shown in FIG. 7, relationships can be established that allow [0128] Substations 72, 73, 74 to communicate securely with each other as well as with the Master Station 71. This form of communication can function well with a research group that is spread over a wide geographical area or within a corporation where data is to be kept within a specific department but stored on a corporate intranet.
  • The program is designed to be versatile and can be configured to match any communications need. For example, department managers can communicate with department heads through a public database or intranet without fear of compromise. Manager's reports that are sent to the department heads cannot be read by anyone else who is not authorized to possess the department head's key. [0129]
  • Authentication, Digital Signatures, and Biometric Data [0130]
  • Authentication is built-in to the program's ciphertext protocol. Just as with a digital signature, only the individual in possession of a key can decrypt messages from the opposite station. If a message is successfully decrypted with the sender's key, the program's logic forces the assumption that it must have been encrypted by a person having access to the sender's key. Therefore, as far as the program is concerned, the message is genuine, originating from the possessor of the encryption key, and is therefore authenticated. This authentication process assumes that other variables that are impossible for the program to identify, such as theft of the key, have not occurred. As with most forms of authentication, if the encryption disk or digital signature or the PGP key or the private key of a public key encryption system is stolen, the thief becomes the authorized user. The program can also encrypt a password or PIN or biometric data with the message contents, adding another level of authentication that is in unbreakable ciphertext. [0131]

Claims (37)

1. A computer readable data carrier containing a one-time-pad communications key consisting of an encrypted sequence of bytes, produced by assembling a random sequence of bytes, encrypting the sequence by executing an encryption process with a key encryption key, and inserting into a carrier.
2. The computer readable data carrier of claim 1 where the carrier is a physical, portable data memory.
3. The computer readable data carrier of claim 1 where the carrier is a carrier signal with electronic intra-computer communications.
4. A pair of computer readable data carriers as specified in claim 1 where the communications key on each carrier is encrypted with a key encryption key that is the same as the key encryption key for the other carrier of the pair.
5. A pair of computer readable data carriers as specified in claim 1 where the communications key on each carrier is encrypted with a key encryption key that is different from the key encryption key for the other carrier of the pair.
6. The pair of computer readable data carriers of claim 4 where the communications key on each carrier is encrypted with a one-time-pad key.
7. The pair of computer readable data carriers of claim 4 where the communications key on each carrier is encrypted with a repeating key.
8. The computer readable data carrier of claim 2 where the communications key on the carrier is encrypted with a repeating key.
9. The computer readable data carrier of claim 1 where the byte values in said random sequence of bytes are limited to a set of byte values that includes fewer than all possible byte values such that the encryption process with the encryption key generates encrypted byte values falling outside of the set.
10. A method for a server on a network to provide a pair of encrypted one-time-pad communications keys, one to a sender and one to a receiver, comprising:
a. receiving a sequence of random numbers from a random number generator;
b. using said sequence of random numbers to generate a one-time-pad communications key commencing with an identifier; and
c. transmitting a copy of said key via a computer network to each of a data set sender and to a data set receiver, each copy encrypted with a key encryption key.
11. The method of claim 10 wherein the key is comprised of a plurality of blocks, each having a block identifier associated with the block.
12. The method of claim 11 wherein the blocks are generated and transmitted in a sequential stream for more than 4 continuous hours.
13. The method of claim 10 wherein the key encryption method is a one-time-pad method.
14. The method of claim 10 wherein the key encryption method is a repeating key method.
15. The method of claim 10 where the communications key is encrypted with a key encryption key for the sender that is the same as the key encryption key for the receiver.
16. A method for a computer to use a one-time-pad communications key to encrypt a data set, comprising:
a. having an encrypted one-time-pad communications key with an identifier;
b. decrypting said one-time-pad communications key;
c. using said one-time-pad communications key to encrypt a data set; and
d. transmitting said data set to a receiver along with the identifier for said onetime-pad communications key.
17. The method of claim 16 wherein the computer is coupled to a network and the one-time-pad communications key is received from a server on the network.
18. The method of claim 17 wherein the communications key is comprised of a plurality of blocks and the identifier comprises a block identifier associated with the block.
19. The method of claim 18 wherein a portion of each block is used to encrypt said data set and a remaining portion of each block is discarded.
20. The method of claim 16 wherein the key decryption method is a one-time-pad method.
21. The method of claim 16 wherein the key decryption method is a repeating key method.
22. The method of claim 16 wherein the method of encrypting the data set is binary encryption.
23. The method of claim 16 wherein the method of encrypting the data set produces ciphertext having a keyable character set.
24. A method for a computer to receive an encrypted data set and use a one-time-pad communications key to decrypt the data set, comprising:
a. having an encrypted one-time-pad communications key;
b. decrypting said one-time-pad communications key;
c. receiving an encrypted data set; and
d. using said one-time-pad communications key to decrypt said data set.
25. The method of claim 24 wherein the computer is coupled to a network and the one-time-pad communications key is received from a server on the network.
26. The method of claim 25 wherein the communications key is comprised of a plurality of blocks, each having a block identifier associated with the block.
27. The method of claim 26 wherein a portion of each block is used to decrypt said data set and a remaining portion of each block is discarded.
28. The method of claim 24 wherein the key decryption method is a one-time-pad method.
29. The method of claim 24 wherein the key decryption method is a repeating key method.
30. The method of claim 24 wherein the method of decrypting the data set is binary decryption.
31. The method of claim 24 wherein the data set is comprised of ciphertext having a keyable character set and the method of decryption is based on the number of characters in the character set.
32. A computer method to minimize the chances that a one-time-pad encryption key that has been used is used again, comprising:
a. receiving in a computer system a command to install a one-time-pad encryption key;
b. installing said encryption key and placing in a registry in said computer system an identifier that identifies said key; and
c. when a command is received to again install said key, checking said registry for said identifier and, if said identifier is present, taking an action to discourage further use of said key.
33. The method of claim 32 further comprising, as said key is used, adding usage information to said registry indicating which portion remains unused and taking said action to discourage further use only if the portion remaining unused is smaller than a threshold.
34. The method of claim 33 further comprising, if a command is received to delete said key while a portion larger than said threshold remains unused, taking said action to discourage further use even though such portion remains unused.
35. A method for a computer to determine whether a one-time-pad communications key is long enough to encrypt a data set, comprising:
a. having an encrypted one-time-pad communications key with a record of an amount of said key remaining unused;
b. having a data set to be encrypted with said communications key;
c. determining a length of said data set;
d. comparing said length to said amount of key remaining unused; and
e. if said length is longer than said amount of key remaining unused, taking an action to discourage use of said key to encrypt said data set.
36. The method of claim 35 wherein the method of encrypting the data set is binary encryption.
37. The method of claim 35 wherein:
a. said data set comprises text;
b. before said length is determined, said data set is expanded to an intermediate text represented by a character set limited to 48 or fewer characters; and
c. the method of encrypting the data set produces ciphertext having a keyable character set.
US10/254,754 2000-03-29 2002-09-24 One-time-pad encryption with central key service and key management Abandoned US20030026431A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US10/254,754 US20030026431A1 (en) 2000-03-29 2002-09-24 One-time-pad encryption with central key service and key management

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US19315200P 2000-03-29 2000-03-29
PCT/US2001/010348 WO2001074005A1 (en) 2000-03-29 2001-03-29 One-time-pad encryption with central key service and keyable characters
US10/254,754 US20030026431A1 (en) 2000-03-29 2002-09-24 One-time-pad encryption with central key service and key management

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/010348 Continuation WO2001074005A1 (en) 2000-03-29 2001-03-29 One-time-pad encryption with central key service and keyable characters

Publications (1)

Publication Number Publication Date
US20030026431A1 true US20030026431A1 (en) 2003-02-06

Family

ID=22712449

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/254,495 Expired - Fee Related US8467533B2 (en) 2000-03-29 2002-09-24 One-time-pad encryption with key ID and offset for starting point
US10/254,754 Abandoned US20030026431A1 (en) 2000-03-29 2002-09-24 One-time-pad encryption with central key service and key management
US10/254,743 Abandoned US20030016821A1 (en) 2000-03-29 2002-09-24 One-time-pad encryption with keyable characters

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US10/254,495 Expired - Fee Related US8467533B2 (en) 2000-03-29 2002-09-24 One-time-pad encryption with key ID and offset for starting point

Family Applications After (1)

Application Number Title Priority Date Filing Date
US10/254,743 Abandoned US20030016821A1 (en) 2000-03-29 2002-09-24 One-time-pad encryption with keyable characters

Country Status (7)

Country Link
US (3) US8467533B2 (en)
EP (1) EP1279249B1 (en)
JP (1) JP2004501532A (en)
AT (1) ATE368981T1 (en)
AU (1) AU2001253034A1 (en)
DE (1) DE60129682T2 (en)
WO (1) WO2001074005A1 (en)

Cited By (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030069676A1 (en) * 2001-10-05 2003-04-10 Koyo Seiko Co., Ltd. Electric power steering apparatus
US20040064710A1 (en) * 2002-09-30 2004-04-01 Pervasive Security Systems, Inc. Document security system that permits external users to gain access to secured files
US6868495B1 (en) * 1996-09-12 2005-03-15 Open Security Solutions, Llc One-time pad Encryption key Distribution
US20050071275A1 (en) * 2003-09-30 2005-03-31 Pss Systems, Inc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US20050086531A1 (en) * 2003-10-20 2005-04-21 Pss Systems, Inc. Method and system for proxy approval of security changes for a file security system
US20050138371A1 (en) * 2003-12-19 2005-06-23 Pss Systems, Inc. Method and system for distribution of notifications in file security systems
US20050226424A1 (en) * 2004-04-08 2005-10-13 Osamu Takata Key allocating method and key allocation system for encrypted communication
US20060059347A1 (en) * 2002-04-18 2006-03-16 Herz Frederick S System and method which employs a multi user secure scheme utilizing shared keys
US20060274898A1 (en) * 2005-06-07 2006-12-07 Pedlow Leo M Jr Key table and authorization table management
US20070016794A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Method and device using one-time pad data
US20070074277A1 (en) * 2005-09-29 2007-03-29 Christopher Tofts Method of provisioning devices with one-time pad data, device for use in such method, and service usage tracking based on one-time pad data
GB2430845A (en) * 2005-09-29 2007-04-04 Hewlett Packard Development Co Provisioning devices with one-time pad data using a hierarchical distribution
US20070076877A1 (en) * 2005-09-30 2007-04-05 Sony Ericsson Mobile Communications Ab Shared key encryption using long keypads
US20070101410A1 (en) * 2005-09-29 2007-05-03 Hewlett-Packard Development Company, L.P. Method and system using one-time pad data to evidence the possession of a particular attribute
US20070162766A1 (en) * 2006-01-09 2007-07-12 Fuji Xerox Co, Ltd. Data management system, data management method and storage medium storing program for data management
US20070172066A1 (en) * 2003-09-12 2007-07-26 Secured Email Goteborg Ab Message security
US20070242829A1 (en) * 2005-06-07 2007-10-18 Pedlow Leo M Jr Key table and authorization table management
EP1848142A2 (en) * 2006-04-19 2007-10-24 Nec Corporation Secret communications system and channel control method
US20080031456A1 (en) * 2005-09-29 2008-02-07 Keith Alexander Harrison Device with multiple one-time pads and method of managing such a device
US20080082837A1 (en) * 2006-09-29 2008-04-03 Protegrity Corporation Apparatus and method for continuous data protection in a distributed computing network
US20080147820A1 (en) * 2006-12-19 2008-06-19 Nec Corporation Method and system for managing shared information
US20080165972A1 (en) * 2007-01-08 2008-07-10 I-Fax.Com Inc. Method and system for encrypted email communication
US20080170688A1 (en) * 2007-01-15 2008-07-17 Hitachi-Lg Data Storage Korea, Inc. Method of recording and reproducing data on and from optical disc
US20080222699A1 (en) * 2007-03-06 2008-09-11 Barry Sohl System and Method for Extensible Lobby Services
US20090067625A1 (en) * 2007-09-07 2009-03-12 Aceurity, Inc. Method for protection of digital rights at points of vulnerability in real time
US20090080665A1 (en) * 2007-09-25 2009-03-26 Aceurity, Inc. Method of Generating Secure Codes for a Randomized Scrambling Scheme for the Protection of Unprotected Transient Information
US20090100268A1 (en) * 2001-12-12 2009-04-16 Guardian Data Storage, Llc Methods and systems for providing access control to secured data
US20090147949A1 (en) * 2007-12-05 2009-06-11 Microsoft Corporation Utilizing cryptographic keys and online services to secure devices
US20090254972A1 (en) * 2001-12-12 2009-10-08 Guardian Data Storage, Llc Method and System for Implementing Changes to Security Policies in a Distributed Security System
US20100199088A1 (en) * 2003-09-30 2010-08-05 Guardian Data Storage, Llc Method and System For Securing Digital Assets Using Process-Driven Security Policies
US7913311B2 (en) 2001-12-12 2011-03-22 Rossmann Alain Methods and systems for providing access control to electronic data
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8006280B1 (en) * 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US20110299679A1 (en) * 2010-06-04 2011-12-08 Takahiro Yamaguchi Controller, control method, computer program, recording medium for computer program, recording apparatus, and manufacturing method for recording apparatus
USRE43906E1 (en) 2001-12-12 2013-01-01 Guardian Data Storage Llc Method and apparatus for securing digital assets
US20130138974A1 (en) * 2011-11-28 2013-05-30 Hon Hai Precision Industry Co.,Ltd. System and method for encrypting and storing data
US20130191639A1 (en) * 2002-11-01 2013-07-25 Sumcorp Llc System and method for securing communications between devices
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US8769272B2 (en) 2008-04-02 2014-07-01 Protegrity Corporation Differential encryption utilizing trust modes
US20140245009A1 (en) * 2013-02-22 2014-08-28 Cisco Technology, Inc. Client Control Through Content Key Format
WO2015157735A3 (en) * 2014-04-10 2015-12-03 OTP Technologies, Inc. Content encryption and decryption
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US20190044923A1 (en) * 2017-01-09 2019-02-07 Introspective Power, Inc. Secure storage and data exchange/sharing system using one time pads
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US10389693B2 (en) 2016-08-23 2019-08-20 Hewlett Packard Enterprise Development Lp Keys for encrypted disk partitions
EP3832948A1 (en) * 2019-12-04 2021-06-09 Sangle-Ferriere, Bruno Single-use key renewal
WO2021168164A1 (en) * 2020-02-21 2021-08-26 SDSE Networks LLC Method and system for secure communication
US20220014367A1 (en) * 2018-12-13 2022-01-13 Login Id Inc. Decentralized computing systems and methods for performing actions using stored private data
WO2022213048A1 (en) * 2021-03-27 2022-10-06 Geneial Llc Hardware-accelerated homomorphic encryption in marketplace platforms

Families Citing this family (83)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6480831B1 (en) * 1998-12-24 2002-11-12 Pitney Bowes Inc. Method and apparatus for securely transmitting keys from a postage metering apparatus to a remote data center
US9450749B2 (en) * 2000-03-29 2016-09-20 Wolfgang S. Hammersmith One-time-pad encryption with central key service
KR100641824B1 (en) * 2001-04-25 2006-11-06 주식회사 하렉스인포텍 A payment information input method and mobile commerce system using symmetric cipher system
CN100364002C (en) * 2001-10-12 2008-01-23 皇家飞利浦电子股份有限公司 Apparatus and method for reading or writing user data
US6813614B2 (en) * 2001-11-19 2004-11-02 Pitney Bowes Inc. Method for re-keying postage metering devices
DE10162991A1 (en) 2001-12-20 2003-07-17 Siemens Ag Process for computer-aided encryption and decryption of data
WO2003079607A1 (en) * 2002-03-18 2003-09-25 Colin Martin Schmidt Session key distribution methods using a hierarchy of key servers
FI114061B (en) * 2002-05-17 2004-07-30 Nokia Corp Procedure and system in a digital wireless data network to provide a data encryption and corresponding server
ITRM20020489A1 (en) * 2002-09-30 2004-04-01 Daniele Misrachi DATA TRANSFER METHOD.
DE60307498T2 (en) * 2002-11-06 2007-09-13 International Business Machines Corp. PROVIDING A USER DEVICE WITH AN ACCESS CODE COLLECTION
JP4331947B2 (en) * 2003-01-17 2009-09-16 誠 加藤 Data transmission system, data transmission method and apparatus
JP2005026762A (en) * 2003-06-30 2005-01-27 Nec Corp Security maintenance method in wireless communication network, system, apparatus, security program, and storage medium
US7366302B2 (en) * 2003-08-25 2008-04-29 Sony Corporation Apparatus and method for an iterative cryptographic block
US8015393B2 (en) * 2004-04-12 2011-09-06 Canon Kabushiki Kaisha Data processing device, encryption communication method, key generation method, and computer program
DE102004039899B4 (en) * 2004-08-17 2010-07-22 Dimitri Prof. Dr.-Ing. Korobkov encryption method
US7398348B2 (en) * 2004-08-24 2008-07-08 Sandisk 3D Llc Method and apparatus for using a one-time or few-time programmable memory with a host device designed for erasable/rewritable memory
US7434062B2 (en) * 2004-11-19 2008-10-07 Konica Minolta Systems Laboratory, Inc. Password encrypting apparatus and method for encrypting password
KR100735539B1 (en) * 2005-02-24 2007-07-04 주식회사키컴 Method of transmitting / re- ceiving facsimile data through internet and system there of
US8832458B2 (en) 2005-03-22 2014-09-09 Seagate Technology Llc Data transcription in a data storage device
ATE537643T1 (en) * 2005-03-22 2011-12-15 Swisscom Ag METHOD AND SYSTEM FOR SETTING UP A PEER-TO-PEER COMMUNICATION CHANNEL
KR100704627B1 (en) * 2005-04-25 2007-04-09 삼성전자주식회사 Apparatus and method for security service
US8050411B2 (en) * 2005-09-29 2011-11-01 Hewlett-Packard Development Company, L.P. Method of managing one-time pad data and device implementing this method
US8447695B2 (en) * 2006-01-05 2013-05-21 International Business Machines Corporation System and method for processing feedback entries received from software
EP2118837A4 (en) 2007-01-09 2012-07-11 Visa Usa Inc Mobile phone payment process including threshold indicator
CA2693234C (en) * 2007-07-17 2016-09-13 Certicom Corp. Method of providing text representation of a cryptographic value
US8111828B2 (en) * 2007-07-31 2012-02-07 Hewlett-Packard Development Company, L.P. Management of cryptographic keys for securing stored data
US9070129B2 (en) * 2007-09-04 2015-06-30 Visa U.S.A. Inc. Method and system for securing data fields
DE102007062637B4 (en) * 2007-12-22 2010-05-12 Schwäger, Dan Method for encrypted data transmission using a one-time key via a central distribution point and sub-distribution points
DE102008010794B3 (en) * 2008-02-22 2009-10-29 Fachhochschule Schmalkalden Method for unmanipulable, tap-proof and non-hackable P2P communication in multi-subscriber networks
DE102008011882B4 (en) * 2008-02-29 2010-04-01 Robert Niggl Device and method for controlled data exchange between at least two data carriers
EP2337262A1 (en) * 2008-10-10 2011-06-22 Panasonic Corporation Information processing device, method, program, and integrated circuit
EP2175579B1 (en) * 2008-10-13 2012-07-25 Adeya SA Encryption and decryption device and method for voice communications
JP5299024B2 (en) * 2009-03-27 2013-09-25 ソニー株式会社 Digital cinema management apparatus and digital cinema management method
US8571218B2 (en) * 2010-06-01 2013-10-29 GreatCall, Inc. Short message service cipher
US20120057704A1 (en) * 2010-09-07 2012-03-08 Futurewei Technologies, Inc. System and Method for Providing Security in a Wireless Communications System
CN102096789A (en) * 2011-02-23 2011-06-15 上海帝埃碧化学科技有限公司 Electronic document security device
US9338220B1 (en) 2011-03-08 2016-05-10 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9667741B1 (en) * 2011-03-08 2017-05-30 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9356993B1 (en) 2011-03-08 2016-05-31 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9413526B1 (en) 2011-03-08 2016-08-09 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US11228566B1 (en) 2011-03-08 2022-01-18 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9231920B1 (en) * 2011-12-13 2016-01-05 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9852311B1 (en) 2011-03-08 2017-12-26 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9432342B1 (en) 2011-03-08 2016-08-30 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US8726398B1 (en) * 2011-12-13 2014-05-13 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9292696B1 (en) 2011-03-08 2016-03-22 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9300637B1 (en) * 2011-03-08 2016-03-29 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
US9619482B1 (en) * 2011-03-08 2017-04-11 Ciphercloud, Inc. System and method to anonymize data transmitted to a destination computing device
JP5875047B2 (en) * 2012-03-27 2016-03-02 国立研究開発法人情報通信研究機構 Electronic medical record transmission method and system using quantum key distribution
US9425825B2 (en) 2012-05-22 2016-08-23 International Business Machines Corporation Path encoding and decoding
US20140185808A1 (en) * 2012-12-31 2014-07-03 Cloud Star Corporation Apparatus, systems, and methods for encryption key distribution
CN103973730B (en) * 2013-01-29 2016-10-19 腾讯科技(深圳)有限公司 A kind of realize the method for data sharing, terminal and system
US9590951B2 (en) * 2013-05-07 2017-03-07 Robert John Tomkow One-time pad communications network
US9584313B2 (en) 2013-08-09 2017-02-28 Introspective Power, Inc. Streaming one time pad cipher using rotating ports for data encryption
US9584488B2 (en) * 2013-08-09 2017-02-28 Introspective Power, Inc. Data encryption cipher using rotating ports
IL228523A0 (en) * 2013-09-17 2014-03-31 Nds Ltd Private data processing in a cloud-based environment
DE102014000996A1 (en) * 2014-01-29 2015-07-30 Michael Gude Secure cryptographic method and apparatus therefor
WO2015120170A1 (en) 2014-02-05 2015-08-13 Bigdatabio, Llc Methods and systems for biological sequence compression transfer and encryption
US20150229621A1 (en) * 2014-02-13 2015-08-13 Safe Frontier Llc One-time-pad data encryption in communication channels
CN103985042A (en) * 2014-06-04 2014-08-13 孙国华 Digital information encryption and decryption method based on NFC mobile phone and IC card
CN104506483A (en) * 2014-10-21 2015-04-08 中兴通讯股份有限公司 Method for encrypting and decrypting information and managing secret key as well as terminal and network server
GB2533392A (en) 2014-12-19 2016-06-22 Ibm Path encoding and decoding
GB2533391A (en) 2014-12-19 2016-06-22 Ibm Wall encoding and decoding
GB2533393A (en) 2014-12-19 2016-06-22 Ibm Pad encoding and decoding
US10673826B2 (en) * 2015-02-09 2020-06-02 Arc Bio, Llc Systems, devices, and methods for encrypting genetic information
AU2016294131B2 (en) * 2015-04-24 2020-02-27 7Tunnels, Inc. Random Cipher Pad cryptography
KR101572111B1 (en) * 2015-07-01 2015-11-27 주식회사 이노스코리아 Electronic device and method for generating random and unique code
US9660803B2 (en) 2015-09-15 2017-05-23 Global Risk Advisors Device and method for resonant cryptography
US9950261B2 (en) 2016-04-29 2018-04-24 International Business Machines Corporation Secure data encoding for low-resource remote systems
WO2018140052A1 (en) * 2017-01-30 2018-08-02 Hewlett-Packard Development Company, L.P. One-time pad cryptography
CN107196760B (en) * 2017-04-17 2020-04-14 徐智能 Sequence encryption method of adjoint random reconstruction key with adjustability
FR3076423B1 (en) * 2017-12-28 2020-01-31 Thales METHOD AND SYSTEM FOR CRYPTOGRAPHIC ACTIVATION OF A PLURALITY OF EQUIPMENT
US11271724B2 (en) 2019-02-21 2022-03-08 Quantum Lock, Inc. One-time-pad encryption system and methods
AU2020335028A1 (en) * 2019-08-23 2022-03-17 Commonwealth Scientific And Industrial Research Organisation Secure environment for cryptographic key generation
US11062080B2 (en) * 2019-09-10 2021-07-13 Adobe Inc. Application-based font previewing
US11606194B2 (en) 2020-07-31 2023-03-14 United States Government As Represented By The Secretary Of The Army Secure cryptographic system for datalinks
WO2022031563A1 (en) * 2020-08-01 2022-02-10 Ntt Research Inc. Enhanced security for existing public key infrastructure
CN112235112B (en) * 2020-09-03 2022-03-18 中国电子科技集团公司第三十研究所 Zero-semantic and one-time pad-based IP encryption method, system and storage medium
CN112615824B (en) * 2020-12-03 2021-12-24 清华大学 Anti-leakage one-time pad communication method and device
CN113504894B (en) * 2021-09-09 2021-12-17 华控清交信息科技(北京)有限公司 Random number generator, method for generating pseudo-random number and chip
CN113810174A (en) * 2021-09-16 2021-12-17 金蝶软件(中国)有限公司 Data processing method and related equipment
US20230132943A1 (en) * 2021-10-29 2023-05-04 Konica Minolta Business Solutions U.S.A., Inc. Deep-learning based text correction method and apparatus
CN114553589B (en) * 2022-03-14 2024-02-06 杭州电子科技大学 Cloud file secure transmission method based on multi-stage encryption

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4423287A (en) * 1981-06-26 1983-12-27 Visa U.S.A., Inc. End-to-end encryption system and method of operation
US4558176A (en) * 1982-09-20 1985-12-10 Arnold Mark G Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software
US4645916A (en) * 1983-09-09 1987-02-24 Eltrax Systems, Inc. Encoding method and related system and product
US4757534A (en) * 1984-12-18 1988-07-12 International Business Machines Corporation Code protection using cryptography
US4771461A (en) * 1986-06-27 1988-09-13 International Business Machines Corporation Initialization of cryptographic variables in an EFT/POS network with a large number of terminals
US5293576A (en) * 1991-11-21 1994-03-08 Motorola, Inc. Command authentication process
US5563955A (en) * 1990-11-21 1996-10-08 The Board Of Trustees Of The University Of Arkansas Apparatus and/or method for recognizing printed data in an image
US5764767A (en) * 1996-08-21 1998-06-09 Technion Research And Development Foundation Ltd. System for reconstruction of a secret shared by a plurality of participants
US5768378A (en) * 1993-09-09 1998-06-16 British Telecommunications Public Limited Company Key distribution in a multiple access network using quantum cryptography
US5771291A (en) * 1995-12-11 1998-06-23 Newton; Farrell User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer
US5799088A (en) * 1993-12-01 1998-08-25 Raike; William Michael Non-deterministic public key encrypton system
US5930479A (en) * 1996-10-21 1999-07-27 At&T Corp Communications addressing system
US6064738A (en) * 1996-12-10 2000-05-16 The Research Foundation Of State University Of New York Method for encrypting and decrypting data using chaotic maps
US6085323A (en) * 1996-04-15 2000-07-04 Kabushiki Kaisha Toshiba Information processing system having function of securely protecting confidential information
US6249866B1 (en) * 1997-09-16 2001-06-19 Microsoft Corporation Encrypting file system and method
US6266413B1 (en) * 1998-06-24 2001-07-24 Benyamin Ron System and method for synchronizing one time pad encryption keys for secure communication and access control
US6460137B1 (en) * 1995-06-02 2002-10-01 Fujitsu Limited Encryption processing system
US20030028761A1 (en) * 1999-10-20 2003-02-06 Platt David C. Cryptographically signed filesystem
US6891952B1 (en) * 1998-12-07 2005-05-10 International Business Machines Corporation Dynamic key generation and confidential synchronization of encryption components

Family Cites Families (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4731840A (en) * 1985-05-06 1988-03-15 The United States Of America As Represented By The United States Department Of Energy Method for encryption and transmission of digital keying data
US6836548B1 (en) * 1991-10-29 2004-12-28 The Commonwealth Of Australia Communications security and trusted path method and means
US5268962A (en) * 1992-07-21 1993-12-07 Digital Equipment Corporation Computer network with modified host-to-host encryption keys
US5454039A (en) * 1993-12-06 1995-09-26 International Business Machines Corporation Software-efficient pseudorandom function and the use thereof for encryption
US5438622A (en) * 1994-01-21 1995-08-01 Apple Computer, Inc. Method and apparatus for improving the security of an electronic codebook encryption scheme utilizing an offset in the pseudorandom sequence
US6125182A (en) * 1994-11-09 2000-09-26 Channel One Communications, Inc. Cryptographic engine using logic and base conversions
US5799090A (en) * 1995-09-25 1998-08-25 Angert; Joseph C. pad encryption method and software
US6075858A (en) * 1995-10-27 2000-06-13 Scm Microsystems (U.S.) Inc. Encryption key system and method
US6577734B1 (en) * 1995-10-31 2003-06-10 Lucent Technologies Inc. Data encryption key management system
JP3627384B2 (en) * 1996-01-17 2005-03-09 富士ゼロックス株式会社 Information processing apparatus with software protection function and information processing method with software protection function
US6104811A (en) * 1996-08-16 2000-08-15 Telcordia Technologies, Inc. Cryptographically secure pseudo-random bit generator for fast and secure encryption
US6075864A (en) * 1996-08-30 2000-06-13 Batten; Lynn Margaret Method of establishing secure, digitally signed communications using an encryption key based on a blocking set cryptosystem
US6868495B1 (en) * 1996-09-12 2005-03-15 Open Security Solutions, Llc One-time pad Encryption key Distribution
GB2319704B (en) * 1996-11-15 2001-07-04 Desktop Guardian Ltd Data encryption technique
US6021203A (en) * 1996-12-11 2000-02-01 Microsoft Corporation Coercion resistant one-time-pad cryptosystem that facilitates transmission of messages having different levels of security
US6526145B2 (en) * 1997-01-29 2003-02-25 David M. Marzahn Data encryptor/decryptor using variable in-place I/O
US20020002675A1 (en) * 1997-08-06 2002-01-03 Ronald Roscoe Bush Secure encryption of data packets for transmission over unsecured networks
AU757557B2 (en) * 1997-11-13 2003-02-27 Intellectual Ventures I Llc File transfer system
US6282294B1 (en) * 1998-01-07 2001-08-28 Microsoft Corporation System for broadcasting to, and programming, a motor device in a protocol, device, and network independent fashion
US6134243A (en) * 1998-01-15 2000-10-17 Apple Computer, Inc. Method and apparatus for media data transmission
US6363152B1 (en) * 1998-09-09 2002-03-26 Koninklijke Philips Electronics N.V. (Kpenv) Hybrid one time pad encryption and decryption apparatus with methods for encrypting and decrypting data
US6351539B1 (en) * 1998-09-18 2002-02-26 Integrated Device Technology, Inc. Cipher mixer with random number generator
US6370629B1 (en) * 1998-10-29 2002-04-09 Datum, Inc. Controlling access to stored information based on geographical location and date and time
AU3324599A (en) * 1999-03-16 2000-10-04 Valentin Alexandrovich Mischenko Method and apparatus for encoding and decoding information
US7373517B1 (en) * 1999-08-19 2008-05-13 Visto Corporation System and method for encrypting and decrypting files
US6944762B1 (en) * 1999-09-03 2005-09-13 Harbor Payments Corporation System and method for encrypting data messages
US6909783B2 (en) * 1999-10-29 2005-06-21 Joseph Samuel Incarnato Alphabet soup cryptography
US6978376B2 (en) * 2000-12-15 2005-12-20 Authentica, Inc. Information security architecture for encrypting documents for remote access while maintaining access control
US20030149876A1 (en) * 2002-02-01 2003-08-07 Secure Choice Llc Method and system for performing perfectly secure key exchange and authenticated messaging

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4423287A (en) * 1981-06-26 1983-12-27 Visa U.S.A., Inc. End-to-end encryption system and method of operation
US4558176A (en) * 1982-09-20 1985-12-10 Arnold Mark G Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software
US4645916A (en) * 1983-09-09 1987-02-24 Eltrax Systems, Inc. Encoding method and related system and product
US4757534A (en) * 1984-12-18 1988-07-12 International Business Machines Corporation Code protection using cryptography
US4771461A (en) * 1986-06-27 1988-09-13 International Business Machines Corporation Initialization of cryptographic variables in an EFT/POS network with a large number of terminals
US5563955A (en) * 1990-11-21 1996-10-08 The Board Of Trustees Of The University Of Arkansas Apparatus and/or method for recognizing printed data in an image
US5293576A (en) * 1991-11-21 1994-03-08 Motorola, Inc. Command authentication process
US5768378A (en) * 1993-09-09 1998-06-16 British Telecommunications Public Limited Company Key distribution in a multiple access network using quantum cryptography
US5799088A (en) * 1993-12-01 1998-08-25 Raike; William Michael Non-deterministic public key encrypton system
US6460137B1 (en) * 1995-06-02 2002-10-01 Fujitsu Limited Encryption processing system
US5771291A (en) * 1995-12-11 1998-06-23 Newton; Farrell User identification and authentication system using ultra long identification keys and ultra large databases of identification keys for secure remote terminal access to a host computer
US6085323A (en) * 1996-04-15 2000-07-04 Kabushiki Kaisha Toshiba Information processing system having function of securely protecting confidential information
US5764767A (en) * 1996-08-21 1998-06-09 Technion Research And Development Foundation Ltd. System for reconstruction of a secret shared by a plurality of participants
US5930479A (en) * 1996-10-21 1999-07-27 At&T Corp Communications addressing system
US6064738A (en) * 1996-12-10 2000-05-16 The Research Foundation Of State University Of New York Method for encrypting and decrypting data using chaotic maps
US6249866B1 (en) * 1997-09-16 2001-06-19 Microsoft Corporation Encrypting file system and method
US6266413B1 (en) * 1998-06-24 2001-07-24 Benyamin Ron System and method for synchronizing one time pad encryption keys for secure communication and access control
US6445794B1 (en) * 1998-06-24 2002-09-03 Benyamin Ron System and method for synchronizing one time pad encryption keys for secure communication and access control
US6891952B1 (en) * 1998-12-07 2005-05-10 International Business Machines Corporation Dynamic key generation and confidential synchronization of encryption components
US20030028761A1 (en) * 1999-10-20 2003-02-06 Platt David C. Cryptographically signed filesystem

Cited By (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6868495B1 (en) * 1996-09-12 2005-03-15 Open Security Solutions, Llc One-time pad Encryption key Distribution
US20030069676A1 (en) * 2001-10-05 2003-04-10 Koyo Seiko Co., Ltd. Electric power steering apparatus
US8065713B1 (en) 2001-12-12 2011-11-22 Klimenty Vainstein System and method for providing multi-location access management to secured items
US20090100268A1 (en) * 2001-12-12 2009-04-16 Guardian Data Storage, Llc Methods and systems for providing access control to secured data
USRE43906E1 (en) 2001-12-12 2013-01-01 Guardian Data Storage Llc Method and apparatus for securing digital assets
US7913311B2 (en) 2001-12-12 2011-03-22 Rossmann Alain Methods and systems for providing access control to electronic data
US10229279B2 (en) 2001-12-12 2019-03-12 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US7921450B1 (en) 2001-12-12 2011-04-05 Klimenty Vainstein Security system using indirect key generation from access rules and methods therefor
US10033700B2 (en) 2001-12-12 2018-07-24 Intellectual Ventures I Llc Dynamic evaluation of access rights
US9542560B2 (en) 2001-12-12 2017-01-10 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US9129120B2 (en) 2001-12-12 2015-09-08 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US7921284B1 (en) 2001-12-12 2011-04-05 Gary Mark Kinghorn Method and system for protecting electronic data in enterprise environment
US8918839B2 (en) 2001-12-12 2014-12-23 Intellectual Ventures I Llc System and method for providing multi-location access management to secured items
US7921288B1 (en) 2001-12-12 2011-04-05 Hildebrand Hal S System and method for providing different levels of key security for controlling access to secured items
US8543827B2 (en) 2001-12-12 2013-09-24 Intellectual Ventures I Llc Methods and systems for providing access control to secured data
US7930756B1 (en) 2001-12-12 2011-04-19 Crocker Steven Toye Multi-level cryptographic transformations for securing digital assets
US10360545B2 (en) 2001-12-12 2019-07-23 Guardian Data Storage, Llc Method and apparatus for accessing secured electronic data off-line
US8341407B2 (en) 2001-12-12 2012-12-25 Guardian Data Storage, Llc Method and system for protecting electronic data in enterprise environment
US10769288B2 (en) 2001-12-12 2020-09-08 Intellectual Property Ventures I Llc Methods and systems for providing access control to secured data
US8341406B2 (en) 2001-12-12 2012-12-25 Guardian Data Storage, Llc System and method for providing different levels of key security for controlling access to secured items
US8006280B1 (en) * 2001-12-12 2011-08-23 Hildebrand Hal S Security system for generating keys from access rules in a decentralized manner and methods therefor
US8266674B2 (en) 2001-12-12 2012-09-11 Guardian Data Storage, Llc Method and system for implementing changes to security policies in a distributed security system
US20090254972A1 (en) * 2001-12-12 2009-10-08 Guardian Data Storage, Llc Method and System for Implementing Changes to Security Policies in a Distributed Security System
US7950066B1 (en) 2001-12-21 2011-05-24 Guardian Data Storage, Llc Method and system for restricting use of a clipboard application
US8943316B2 (en) 2002-02-12 2015-01-27 Intellectual Ventures I Llc Document security system that permits external users to gain access to secured files
US7350069B2 (en) * 2002-04-18 2008-03-25 Herz Frederick S M System and method which employs a multi user secure scheme utilizing shared keys
US20060059347A1 (en) * 2002-04-18 2006-03-16 Herz Frederick S System and method which employs a multi user secure scheme utilizing shared keys
US20040064710A1 (en) * 2002-09-30 2004-04-01 Pervasive Security Systems, Inc. Document security system that permits external users to gain access to secured files
US8176334B2 (en) 2002-09-30 2012-05-08 Guardian Data Storage, Llc Document security system that permits external users to gain access to secured files
USRE47443E1 (en) 2002-09-30 2019-06-18 Intellectual Ventures I Llc Document security system that permits external users to gain access to secured files
US20130191639A1 (en) * 2002-11-01 2013-07-25 Sumcorp Llc System and method for securing communications between devices
US8707034B1 (en) 2003-05-30 2014-04-22 Intellectual Ventures I Llc Method and system for using remote headers to secure electronic files
US20070172066A1 (en) * 2003-09-12 2007-07-26 Secured Email Goteborg Ab Message security
US8127366B2 (en) 2003-09-30 2012-02-28 Guardian Data Storage, Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US8327138B2 (en) 2003-09-30 2012-12-04 Guardian Data Storage Llc Method and system for securing digital assets using process-driven security policies
US20050071275A1 (en) * 2003-09-30 2005-03-31 Pss Systems, Inc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US20100199088A1 (en) * 2003-09-30 2010-08-05 Guardian Data Storage, Llc Method and System For Securing Digital Assets Using Process-Driven Security Policies
US8739302B2 (en) 2003-09-30 2014-05-27 Intellectual Ventures I Llc Method and apparatus for transitioning between states of security policies used to secure electronic documents
US20050086531A1 (en) * 2003-10-20 2005-04-21 Pss Systems, Inc. Method and system for proxy approval of security changes for a file security system
US20050138371A1 (en) * 2003-12-19 2005-06-23 Pss Systems, Inc. Method and system for distribution of notifications in file security systems
US8238555B2 (en) * 2004-04-08 2012-08-07 Hitachi, Ltd. Management server, communication apparatus and program implementing key allocation system for encrypted communication
US20090055649A1 (en) * 2004-04-08 2009-02-26 Hitachi, Ltd. Key allocating method and key allocation system for encrypted communication
US7443986B2 (en) * 2004-04-08 2008-10-28 Hitachi, Ltd. Key allocating method and key allocation system for encrypted communication
US20050226424A1 (en) * 2004-04-08 2005-10-13 Osamu Takata Key allocating method and key allocation system for encrypted communication
US8050406B2 (en) 2005-06-07 2011-11-01 Sony Corporation Key table and authorization table management
US20060274898A1 (en) * 2005-06-07 2006-12-07 Pedlow Leo M Jr Key table and authorization table management
US8165302B2 (en) 2005-06-07 2012-04-24 Sony Corporation Key table and authorization table management
US20070242829A1 (en) * 2005-06-07 2007-10-18 Pedlow Leo M Jr Key table and authorization table management
US9191198B2 (en) * 2005-06-16 2015-11-17 Hewlett-Packard Development Company, L.P. Method and device using one-time pad data
US20070016794A1 (en) * 2005-06-16 2007-01-18 Harrison Keith A Method and device using one-time pad data
GB2430845B (en) * 2005-09-29 2010-03-24 Hewlett Packard Development Co Method of provisioning devices with one-time pad data and a device for use in implementing the method
US20070074277A1 (en) * 2005-09-29 2007-03-29 Christopher Tofts Method of provisioning devices with one-time pad data, device for use in such method, and service usage tracking based on one-time pad data
GB2430845A (en) * 2005-09-29 2007-04-04 Hewlett Packard Development Co Provisioning devices with one-time pad data using a hierarchical distribution
US20070101410A1 (en) * 2005-09-29 2007-05-03 Hewlett-Packard Development Company, L.P. Method and system using one-time pad data to evidence the possession of a particular attribute
US8842839B2 (en) 2005-09-29 2014-09-23 Hewlett-Packard Development Company, L.P. Device with multiple one-time pads and method of managing such a device
US20080031456A1 (en) * 2005-09-29 2008-02-07 Keith Alexander Harrison Device with multiple one-time pads and method of managing such a device
US8250363B2 (en) * 2005-09-29 2012-08-21 Hewlett-Packard Development Company, L.P. Method of provisioning devices with one-time pad data, device for use in such method, and service usage tracking based on one-time pad data
US8050405B2 (en) * 2005-09-30 2011-11-01 Sony Ericsson Mobile Communications Ab Shared key encryption using long keypads
US20070076877A1 (en) * 2005-09-30 2007-04-05 Sony Ericsson Mobile Communications Ab Shared key encryption using long keypads
US7895450B2 (en) * 2006-01-09 2011-02-22 Fuji Xerox Co., Ltd. Data management system, data management method and storage medium storing program for data management
US20070162766A1 (en) * 2006-01-09 2007-07-12 Fuji Xerox Co, Ltd. Data management system, data management method and storage medium storing program for data management
EP1848142A3 (en) * 2006-04-19 2014-07-02 NEC Corporation Secret communications system and channel control method
US20080013738A1 (en) * 2006-04-19 2008-01-17 Nec Corporation Secret communications system and channel control method
EP1848142A2 (en) * 2006-04-19 2007-10-24 Nec Corporation Secret communications system and channel control method
US8041039B2 (en) * 2006-04-19 2011-10-18 Nec Corporation Secret communications system and channel control method
US9971906B2 (en) 2006-09-29 2018-05-15 Protegrity Corporation Apparatus and method for continuous data protection in a distributed computing network
US20080082837A1 (en) * 2006-09-29 2008-04-03 Protegrity Corporation Apparatus and method for continuous data protection in a distributed computing network
US9152579B2 (en) 2006-09-29 2015-10-06 Protegrity Corporation Meta-complete data storage
US9514330B2 (en) 2006-09-29 2016-12-06 Protegrity Corporation Meta-complete data storage
US8661263B2 (en) 2006-09-29 2014-02-25 Protegrity Corporation Meta-complete data storage
US20080082834A1 (en) * 2006-09-29 2008-04-03 Protegrity Corporation Meta-complete data storage
US20080147820A1 (en) * 2006-12-19 2008-06-19 Nec Corporation Method and system for managing shared information
US7734757B2 (en) 2006-12-19 2010-06-08 Nec Corporation Method and system for managing shared information
US20080165972A1 (en) * 2007-01-08 2008-07-10 I-Fax.Com Inc. Method and system for encrypted email communication
US20080170688A1 (en) * 2007-01-15 2008-07-17 Hitachi-Lg Data Storage Korea, Inc. Method of recording and reproducing data on and from optical disc
US20080222699A1 (en) * 2007-03-06 2008-09-11 Barry Sohl System and Method for Extensible Lobby Services
US20090067625A1 (en) * 2007-09-07 2009-03-12 Aceurity, Inc. Method for protection of digital rights at points of vulnerability in real time
US20090080665A1 (en) * 2007-09-25 2009-03-26 Aceurity, Inc. Method of Generating Secure Codes for a Randomized Scrambling Scheme for the Protection of Unprotected Transient Information
WO2009041992A1 (en) * 2007-09-25 2009-04-02 Aceurity, Inc. Method of generating secure codes for a randomized scrambling scheme for the protection of unprotected transient information
US20090147949A1 (en) * 2007-12-05 2009-06-11 Microsoft Corporation Utilizing cryptographic keys and online services to secure devices
US8265270B2 (en) * 2007-12-05 2012-09-11 Microsoft Corporation Utilizing cryptographic keys and online services to secure devices
US8769272B2 (en) 2008-04-02 2014-07-01 Protegrity Corporation Differential encryption utilizing trust modes
US20110299679A1 (en) * 2010-06-04 2011-12-08 Takahiro Yamaguchi Controller, control method, computer program, recording medium for computer program, recording apparatus, and manufacturing method for recording apparatus
CN102473230A (en) * 2010-06-04 2012-05-23 松下电器产业株式会社 Controller, control method, computer program, program recording medium, recording apparatus, and method of manufacturing recording apparatus
US20130138974A1 (en) * 2011-11-28 2013-05-30 Hon Hai Precision Industry Co.,Ltd. System and method for encrypting and storing data
US8756420B2 (en) * 2011-11-28 2014-06-17 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. System and method for encrypting and storing data
US9485095B2 (en) * 2013-02-22 2016-11-01 Cisco Technology, Inc. Client control through content key format
US20140245009A1 (en) * 2013-02-22 2014-08-28 Cisco Technology, Inc. Client Control Through Content Key Format
WO2015157735A3 (en) * 2014-04-10 2015-12-03 OTP Technologies, Inc. Content encryption and decryption
US9621526B2 (en) 2014-04-10 2017-04-11 OTP Technologies, Inc. Content encryption and decryption
US10389693B2 (en) 2016-08-23 2019-08-20 Hewlett Packard Enterprise Development Lp Keys for encrypted disk partitions
US20190044923A1 (en) * 2017-01-09 2019-02-07 Introspective Power, Inc. Secure storage and data exchange/sharing system using one time pads
US11196720B2 (en) * 2017-01-09 2021-12-07 Introspective Power, Inc. Secure storage and data exchange/sharing system using one time pads
US20220141203A1 (en) * 2017-01-09 2022-05-05 Introspective Power, Inc. Secure storage and data exchange/sharing system using one time pads
US11671411B2 (en) * 2017-01-09 2023-06-06 Introspective Power, Inc. Secure storage and data exchange/sharing system using one time pads
US20220014367A1 (en) * 2018-12-13 2022-01-13 Login Id Inc. Decentralized computing systems and methods for performing actions using stored private data
EP3832948A1 (en) * 2019-12-04 2021-06-09 Sangle-Ferriere, Bruno Single-use key renewal
FR3104357A1 (en) * 2019-12-04 2021-06-11 Bruno SANGLE-FERRIERE Renewal of single-use keys
WO2021168164A1 (en) * 2020-02-21 2021-08-26 SDSE Networks LLC Method and system for secure communication
US11621945B2 (en) 2020-02-21 2023-04-04 Sdse Networks, Inc Method and system for secure communications
EP4107903A4 (en) * 2020-02-21 2023-08-23 SDSE Networks, Inc. Method and system for secure communication
WO2022213048A1 (en) * 2021-03-27 2022-10-06 Geneial Llc Hardware-accelerated homomorphic encryption in marketplace platforms

Also Published As

Publication number Publication date
AU2001253034A1 (en) 2001-10-08
US20030026429A1 (en) 2003-02-06
DE60129682D1 (en) 2007-09-13
US20030016821A1 (en) 2003-01-23
WO2001074005A1 (en) 2001-10-04
JP2004501532A (en) 2004-01-15
EP1279249A4 (en) 2004-07-21
DE60129682T2 (en) 2008-04-30
ATE368981T1 (en) 2007-08-15
EP1279249A1 (en) 2003-01-29
US8467533B2 (en) 2013-06-18
EP1279249B1 (en) 2007-08-01

Similar Documents

Publication Publication Date Title
US8467533B2 (en) One-time-pad encryption with key ID and offset for starting point
US9450749B2 (en) One-time-pad encryption with central key service
US7475258B2 (en) Exclusive encryption
US7738660B2 (en) Cryptographic key split binding process and apparatus
US6549623B1 (en) Cryptographic key split combiner
US7974410B2 (en) Cryptographic key split combiner
US7725716B2 (en) Methods and systems for encrypting, transmitting, and storing electronic information and files
WO1998036520A1 (en) Cryptographic key split combiner
EP1808977A1 (en) One-time-pad encryption with key ID and offset for starting point
US20110197076A1 (en) Total computer security
CN111506546A (en) High-security file cloud storage method
KR20040031525A (en) System and method for managing a secret value

Legal Events

Date Code Title Description
AS Assignment

Owner name: VADIUM TECHNOLOGY, INC., WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HAMMERSMITH, WOLFGANG S.;REEL/FRAME:013335/0601

Effective date: 20020924

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: CADG INTERNATIONAL, PTE, LTD., SINGAPORE

Free format text: SECURITY AGREEMENT;ASSIGNOR:VADIUM TECHNOLOGY, INC.;REEL/FRAME:026218/0285

Effective date: 20110415

AS Assignment

Owner name: CADG INTERNATIONAL, PTE, LTD., SINGAPORE

Free format text: SECURITY AGREEMENT;ASSIGNOR:VADIUM TECHNOLOGY, INC.;REEL/FRAME:026539/0866

Effective date: 20110620