Skeleton network: physical corner stone for the towering cyber house

US 10,523,642 B2
Filed: 06/18/2019
Issued: 12/31/2019
Est. Priority Date: 10/14/2016
Status: Active Grant

First Claim

Patent Images

1. A system utilizing a secure enclosure to achieve network security comprising:

a skeleton network comprising at least one or more skeleton stations;

each of the at least one or more skeleton stations comprising a physical-entry computer (PEC) and a data access box (DAB);

the DAB configured to be a physically and/or electronically and/or cryptanalytically secure enclosure comprising a hardware computer processor and memory, with a shared cryptographic key that is shared between two or more of the at least one or more skeleton stations provided that there are at least two or more of the at least one or more skeleton stations, this shared cryptographic key residing in the DAB that is inaccessible to any entity outside the DAB secure enclosure, this shared cryptographic key utilized by the DAB to decrypt inbound encrypted data and encrypt outbound plaintext data;

the PEC configured to be a physical and local data entry computing device comprising a hardware computer processor and memory, the PEC having no communication connections external to the skeleton station except for a data transmit one-way directional outbound communications line to an external additional skeleton station or external host network, and also except for a communications connection external to the skeleton station necessary for physical and local data entry, and that except for physical and local data entry, the PEC accepts no entry of any data except for data directly received from the DAB; and

the skeleton station configured to route all received external or remote inbound data through the DAB where it is decrypted using the shared cryptographic key before being routed to the PEC, with the PEC receiving decrypted external or remote inbound data directly from the DAB, and when the PEC has outbound data to transmit to an external additional skeleton station or to the external host network, the PEC passes the outbound data in plaintext form to the DAB, the DAB then encrypts this outbound plaintext data using the shared cryptographic key, and passes the outbound data in encrypted form back to the PEC, of which the PEC then transmits the DAB encrypted outbound data via the PEC'"'"'s data transmit one-way directional outbound communications line to an external additional skeleton station or to the external host network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention establishes a physical corner stone to build upon it a towering cyber space—creating a baseline which is out of bounds for remote hackers, and is tamper resistant to hands on attackers—intended to survive even a catastrophic breach of the host network, and subsequently serve as a leverage to recover from the attack. Foundational security for critical infrastructure.

2 Citations

8 Claims

1. A system utilizing a secure enclosure to achieve network security comprising:
- a skeleton network comprising at least one or more skeleton stations;
  
  each of the at least one or more skeleton stations comprising a physical-entry computer (PEC) and a data access box (DAB);
  
  the DAB configured to be a physically and/or electronically and/or cryptanalytically secure enclosure comprising a hardware computer processor and memory, with a shared cryptographic key that is shared between two or more of the at least one or more skeleton stations provided that there are at least two or more of the at least one or more skeleton stations, this shared cryptographic key residing in the DAB that is inaccessible to any entity outside the DAB secure enclosure, this shared cryptographic key utilized by the DAB to decrypt inbound encrypted data and encrypt outbound plaintext data;
  
  the PEC configured to be a physical and local data entry computing device comprising a hardware computer processor and memory, the PEC having no communication connections external to the skeleton station except for a data transmit one-way directional outbound communications line to an external additional skeleton station or external host network, and also except for a communications connection external to the skeleton station necessary for physical and local data entry, and that except for physical and local data entry, the PEC accepts no entry of any data except for data directly received from the DAB; and
  
  the skeleton station configured to route all received external or remote inbound data through the DAB where it is decrypted using the shared cryptographic key before being routed to the PEC, with the PEC receiving decrypted external or remote inbound data directly from the DAB, and when the PEC has outbound data to transmit to an external additional skeleton station or to the external host network, the PEC passes the outbound data in plaintext form to the DAB, the DAB then encrypts this outbound plaintext data using the shared cryptographic key, and passes the outbound data in encrypted form back to the PEC, of which the PEC then transmits the DAB encrypted outbound data via the PEC'"'"'s data transmit one-way directional outbound communications line to an external additional skeleton station or to the external host network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further comprising:
    - wherein the encryption/decryption processes in the DAB utilize a cipher with specific characteristics, the specific characteristics of the cipher used in the DAB being that the size of a key utilized by the cipher may be set to be as large as desired, and as long as a total bit count of all transmitted and received data messages processed in the DAB is equal to or less than a total number of bits in the shared cryptographic key in the DAB, then no amount of available plaintext-ciphertext pairs is sufficient to deduce the identity of the shared cryptographic key, as for example is the case for a Vernam, BitFlip, and SpaceFlip Cipher; and
      
      wherein the DAB includes a data use monitor that counts the number of bits processed by the DAB, and when the total number of bits processed by the DAB reaches the total number of bits of the shared cryptographic key in the DAB, a key-erasure apparatus in the DAB is activated, and the shared cryptographic key in the DAB is erased by the DAB'"'"'s key-erasure apparatus.
  - 3. The system of claim 1, further comprising:
    - wherein at least one or more of the skeleton stations are host network nodes within the external host network, the external host network providing network communications paths to interconnect the at least one or more skeleton stations, and where the host network nodes of the external host network which are not also skeleton stations can receive data messages or information transmitted from the at least one or more skeleton stations but cannot transmit data messages or information to the at least one or more skeleton stations.
  - 4. The system of claim 1, further comprising:
    - wherein at least one or more network nodes are formed by the joining of one of the at least one or more skeleton stations with a computing device that resides at a non-skeleton network node, with the resulting network node configured to be a skeleton administration post managed by a human controller, the human controller utilizing a physical connection at the skeleton administration post to pass information to and from the PEC.
  - 5. The system of claim 1, further comprising:
    - wherein the DAB in at least one or more of the skeleton stations is configured to either only encrypt outbound plaintext data or only decrypt inbound encrypted data.
  - 6. The system of claim 1, further comprising:
    - wherein at least one or more of the skeleton stations is configured to either only encrypt outbound plaintext data to transmit to an external additional skeleton station or only decrypt inbound encrypted data received from an external additional skeleton station.
  - 7. The system of claim 1, further comprising:
    - wherein at least one or more of the skeleton stations is configured to communicate over exposed channels while preventing a remote attacker from compromising the communication over the exposed channels by;
      
      using shared cryptographic keys which are each secured in each respective skeleton station'"'"'s DAB secure enclosure, and where the respective shared cryptographic key of each respective skeleton station'"'"'s DAB secure enclosure is erased when the respective shared cryptographic key is utilized to process data of a total bit count larger than the total bit count of the respective shared cryptographic key.
  - 8. The system of claim 1, further comprising:
    - wherein the external host network is divided into “
      
      offline communication zones”
      
      (OCZ), indicating that each non-skeleton network node in the external host network is physically close enough to configure an offline shared cryptographic key with a skeleton station.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gideon Samid
Original Assignee
Gideon Samid
Inventors
Samid, Gideon
Primary Examiner(s)
Holder, Bradley W

Application Number

US16/444,892
Publication Number

US 20190327219A1
Time in Patent Office

196 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

H04L 63/0407   wherein the identity of one...

H04L 63/0471   applying encryption by an i...

H04L 9/0656   Pseudorandom key sequence c...

H04L 9/0836   using tree structure or hie...

H04L 9/0891   Revocation or update of sec...

H04L 9/0897   involving additional device...

H04L 9/12   Transmitting and receiving ...

H04L 9/3239   involving non-keyed hash fu...

H04L 9/50   using hash chains, e.g. blo...

Skeleton network: physical corner stone for the towering cyber house

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Skeleton network: physical corner stone for the towering cyber house

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others