One-time-pad encryption with central key service and key management
First Claim
1. A computer readable data carrier containing a one-time-pad communications key consisting of an encrypted sequence of bytes, produced by assembling a random sequence of bytes, encrypting the sequence by executing an encryption process with a key encryption key, and inserting into a carrier.
3 Assignments
0 Petitions
Accused Products
Abstract
A one-time-pad encryption system where encrypted one-time-pad keys can be distributed to users on physical media or on a computer network from a central server. Each one-time-pad key has a key identification number that facilitates key management. Each encrypted data set includes a header specifying an offset within the one-time-pad key for commencement of decryption so that messages can be decrypted in any order. Before encryption begins, the length of remaining unused key is compared to the length of the data set to be encrypted. For ease of transcription or transmission by humans, the encrypted data can be represented as a subset of the 48 keys that are easy to use on a keyboard, preferably the 26 capital letters of the Western alphabet or these letters plus six numerals for a total of 32 characters. A one-time-pad key which is specialized to achieve such encryption can also be used for binary encryption. Encryption control buttons are added to a word processor and other programs as an addition to the user interface.
110 Citations
37 Claims
- 1. A computer readable data carrier containing a one-time-pad communications key consisting of an encrypted sequence of bytes, produced by assembling a random sequence of bytes, encrypting the sequence by executing an encryption process with a key encryption key, and inserting into a carrier.
-
10. A method for a server on a network to provide a pair of encrypted one-time-pad communications keys, one to a sender and one to a receiver, comprising:
-
a. receiving a sequence of random numbers from a random number generator;
b. using said sequence of random numbers to generate a one-time-pad communications key commencing with an identifier; and
c. transmitting a copy of said key via a computer network to each of a data set sender and to a data set receiver, each copy encrypted with a key encryption key. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A method for a computer to use a one-time-pad communications key to encrypt a data set, comprising:
-
a. having an encrypted one-time-pad communications key with an identifier;
b. decrypting said one-time-pad communications key;
c. using said one-time-pad communications key to encrypt a data set; and
d. transmitting said data set to a receiver along with the identifier for said onetime-pad communications key. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for a computer to receive an encrypted data set and use a one-time-pad communications key to decrypt the data set, comprising:
-
a. having an encrypted one-time-pad communications key;
b. decrypting said one-time-pad communications key;
c. receiving an encrypted data set; and
d. using said one-time-pad communications key to decrypt said data set. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A computer method to minimize the chances that a one-time-pad encryption key that has been used is used again, comprising:
-
a. receiving in a computer system a command to install a one-time-pad encryption key;
b. installing said encryption key and placing in a registry in said computer system an identifier that identifies said key; and
c. when a command is received to again install said key, checking said registry for said identifier and, if said identifier is present, taking an action to discourage further use of said key. - View Dependent Claims (33, 34)
-
-
35. A method for a computer to determine whether a one-time-pad communications key is long enough to encrypt a data set, comprising:
-
a. having an encrypted one-time-pad communications key with a record of an amount of said key remaining unused;
b. having a data set to be encrypted with said communications key;
c. determining a length of said data set;
d. comparing said length to said amount of key remaining unused; and
e. if said length is longer than said amount of key remaining unused, taking an action to discourage use of said key to encrypt said data set. - View Dependent Claims (36, 37)
-
Specification