Bcencryption (BCE) - a public-key based method to encrypt a data stream

US 20070180230A1
Filed: 01/25/2007
Published: 08/02/2007
Est. Priority Date: 01/30/2006
Status: Active Grant

First Claim

Patent Images

1. A method of encrypting a data stream, comprising the steps of:

providing a web browser;

providing an application server;

providing a communication channel;

providing a data stream comprising an unencrypted text string, which string is further comprised of unencrypted text characters having numerical representations, m_i;

providing a public client key, a modulus and a server session ID string, wherein at least the public client key and session ID string are generated by the server;

converting the unencrypted text string into a cipher-text string using a salt key, a public-key algorithm, the public client-key and the modulus, wherein the salt key is formed from the server session ID string.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for a web browser to convert an unencrypted character string into a cipher-text string combines a public-key encryption algorithm with a unique and constantly changing salt key. A private “server-key”, a public “client-key” and a server session ID are generated by the server, and the client-key and the session ID are sent to the browser with the code used to encrypt the message. The session-based string can be a randomly generated set of characters which changes between established user sessions and the salt key can be formed from the server session ID string. The server contains the matching code necessary to decrypt the stream using the private key.

112 Citations

28 Claims

1. A method of encrypting a data stream, comprising the steps of:
- providing a web browser;
  
  providing an application server;
  
  providing a communication channel;
  
  providing a data stream comprising an unencrypted text string, which string is further comprised of unencrypted text characters having numerical representations, m_i;
  
  providing a public client key, a modulus and a server session ID string, wherein at least the public client key and session ID string are generated by the server;
  
  converting the unencrypted text string into a cipher-text string using a salt key, a public-key algorithm, the public client-key and the modulus, wherein the salt key is formed from the server session ID string.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20)
- - 2. The method of claim 1, further comprising:
    - sending the public client key, the modulus and the session ID string across the communication channel to the browser together with an encryption code for encrypting each character of the unencrypted text string into at least one corresponding 3-digit cipher-text element.
  - 3. The method of claim 1 further comprising using client-side JavaScript in the browser to implement encryption.
  - 4. The method of claim 2, further comprising:
    - providing a private server key;
      
      maintaining the private key on the server;
      
      transmitting at least one cipher-text element from the browser to the server; and
      
      decrypting the cipher-text element using the public-key algorithm, the private key, the modulus and the salt key.
  - 5. The method of claim 4, wherein the public key algorithm is the RSA public key algorithm and modulus, n, private key, d, and salt key, s, are used to recover at least one character m from at least cipher-text element, c, whereby m′
    - =c^dmod n and m=m′
      
      −
      
      s.
  - 6. The method of claim 1, further comprising, within the step of converting the unencrypted text string into a cipher-text string, wherein the salt key is a number, s, representative of a character from the session ID added to the message m:
    - creating an interim cipher-message element, m′
      
      , whereby m′
      
      =m+s, and converting m′
      
      to a 3-digit cipher-text sequence.
  - 7. The method of claim 2, further comprising padding two leading zeros when the cipher-text element is less than 10 and one leading zero when the cipher-text element is less than 100.
  - 8. The method of claim 1, wherein a first salt key is a number representative of the first character of the session ID string.
  - 9. The method of claim 1, wherein a first salt key is an ASCII decimal representation of any alphanumeric character of the session ID and the client and server contract or exchange information to specify the starting location for the first salt key in the session ID sequence.
  - 10. The method of claim 6, further comprising, within the step of converting the unencrypted text string into a cipher-text string,rolling the salt key derived from the session ID string by taking a number representative of each successive alphanumeric character in the session ID string as a next salt value, s_i, for creating each successive interim message element m′
    - _i, whereby m′
      
      _i=m_i+s_i.
  - 11. The method of claim 1, wherein the step of providing a server session ID string further comprises generating the session ID string as a randomly generated set of characters, which session ID string changes between established user sessions.
  - 12. The method of claim 1, wherein the public client key is generated on the server and sent to the client.
  - 13. The method of claim 2, wherein the conversion of each character of the unencrypted text string into a cipher-text element is unique with respect to that cipher-text element and the cipher-text element is only able to be unencrypted using a private key, the private key being stored on the application server.
  - 14. The method of claim 13, wherein the server contains the matching code necessary to decrypt the stream using the private key.
  - 15. The method of claim 8 further comprising, when converting the unencrypted text string of a target message and as each next unencrypted text character of a target message is encountered:
    - converting each unencrypted text character to a next ASCII decimal number, m′
      
      _i, representing said character,converting a next session ID alphanumeric character to its corresponding ASCII decimal value, which value is the next salt value, s_i;
      
      encrypting each next unencrypted text character to a cipher-text sequence, c_i, using the next salt value, whereby m′
      
      _i=m_i+s_iand c_i=(m′
      
      _i)^emod n and storing c_ias a next element of a cipher-text string in memory,restarting at the first session ID character in the session ID string if the end of the session ID is reached prior to completing the target message,skipping, during the creation of a next salt value, s_i, any non-alphanumeric characters embedded within the session ID string; and
      
      transmitting the cipher-string when the end of the target message is reached.
  - 20. The method of claim 1 or 23, wherein the session-ID string has greater than 20 alphanumeric characters.

16. A method for establishing cryptographic communications comprising the step of:
- encoding a digital message word signal M to a ciphertext word signal C, where M corresponds to a number representative of a message word or character and 0<
  
  M<
  
  n−
  
  1 where n is a composite number of the form n=p·
  
  q where p and q are prime numbers, and where C is a number representative of an encoded form of message word signal M, wherein said encoding step comprises the step of;
  
  transforming said message word signal M to an interim word signal M′
  
  by salting M with a number representative of one or more alphanumeric characters of a session ID string and then further transforming M′
  
  to said ciphertext word signal C whereby C=(M′
  
  )^e(mod n), where e is a number relatively prime to (p−
  
  1)·
  
  (q−
  
  1).
- View Dependent Claims (17, 18, 19)
- - 17. The method of claim 16, wherein the step of transforming message word signal M to M′
    - is an iterative process for a plurality of numbers representative of message characters m_ithat compose message word signal M whereby each number m_iis transformed to a corresponding interim message number m′
      
      _iby concatenation with a rolling salt key s_iwhereby m′
      
      _i=m_i+s_i.
  - 18. The method according to claim 17 comprising the further step of:
    - decoding said ciphertext word signal C to said message word signal M, wherein said decoding step comprises the step of;
      
      transforming said ciphertext word signal C, whereby;
      
      m′
      
      =c^d(mod n) where d is a multiplicative inverse of e(mod(lcm((p−
      
      1), (q−
      
      1)))); and
      
      m_i=m′
      
      _i−
      
      s_i; and
      
      message word signal M is recovered from the iterative generation of successive message characters m_iconcatenated to form message word signal M.
  - 19. The method of claim 16 where said encoding step includes the step of transforming M to C by the performance of a first ordered succession of invertible operations on M, wherein at least one step is transforming M to M′
    - by concatenating M with a rolling salt key derived from the session-ID string; and
      
      further comprising the step of;
      
      decoding C to M by the performance of a second ordered succession of invertible operations on C, where each of the invertible operations of said second succession is the inverse of a corresponding one of said first succession, and wherein the order of said operations in said second succession is reversed with respect to the order of corresponding operations in said first succession.

22. A cryptographic method, comprisingcombining an asymmetric algorithm or public-key encryption approach with a rolling salt key to encrypt a data stream between an HTTP client and an HTTP application container using a client-side and server-side coding pair.
- View Dependent Claims (21, 23)
- - 21. The method of claim 23, where n, p, q, e and d are chosen to not overload the computational capability of the browser during the encryption step.
  - 23. The method of claim 22 wherein the rolling salt key is derived from a session based ID string.

24. A cryptographic communications system, comprising:
- a communications channel;
  
  an encoding means coupled to the channel and adapted for transforming a transmit message element m to a ciphertext element C and for transmitting C on the channel, where m corresponds to a number representative of a message character and 0≦
  
  m≦
  
  (n−
  
  1), where n is a composite number of the form n=p·
  
  q where p and q are prime numbers, and where C corresponds to a number representative of an enciphered form of the message element and corresponds to C=(m′
  
  )^e(mod n) where e is a number relatively prime to the least common multiple of (p−
  
  1,q−
  
  1) and where m′
  
  =m+s, s being a current salt value, anda decoding means coupled to the channel and adapted for receiving C from said channel and for transforming C to a receive message element M′
  
  , where M′
  
  corresponds to a number representative of a deciphered form of C and corresponds to M′
  
  ≡
  
  c^d(mod n) where d is a multiplicative inverse of e(mod(lcm((p−
  
  1),(q−
  
  1)))),a session ID unique to a communications session, the session ID having a sequence of at least one alphanumeric character,wherein s is an ASCII decimal representation of a character in the session ID string, andwherein, as each successive transmit message character is encountered, the next character in the session ID string is used to form the current salt value.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The system of claim 24 further comprising:
    - means for transmitting said cipher-text c from a first terminal to a second terminal, and wherein said second terminal includes means for decoding said cipher-text c to a message m, said second terminal including;
      
      means for transforming said ciphertext word signal c to said message word signal m′
      
      , whereby m′
      
      =c^dmod n and m′
      
      =m+s, wherein s is a salt value added to message m upon an earlier encryption step.
  - 26. The system of claim 24 wherein said encoding means further comprises:
    - means for transforming said message character m to one or more interim ciphertext elements m′
      
      , each message character m corresponding to a number representative of a portion of said interim ciphertext element in the range 0<
      
      m<
      
      (n−
      
      1), and means for transforming each of said interim cipher-text element m′
      
      to a cipher-text element c, c corresponding to a number representative of an encoded form of said interim cipher-text element m′
      
      , whereby c=(m′
      
      )^emod n.
  - 27. The system of claim 26 further comprising:
    - means for transmitting said signed cipher-text element c or a plurality of such elements from said first terminal to said second terminal, wherein said second terminal includes means for decoding said signed cipher-text element or plurality of elements to said message character m, said second terminal including;
      
      means for transforming each of said signed cipher-text elements c to one of said interim cipher-text elements m′
      
      , whereby m′
      
      =(c)^dmod n; and
      
      means for transforming said interim cipher-text elements m′
      
      to said message characters m, whereby m=m′
      
      −
      
      s.
  - 28. The system of claim 24, where n, p, q, e and d are chosen to not overload the computational capability of the browser during the encryption computations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kronos Technology Systems Limited Partnership
Original Assignee
Kronos Technology Systems Limited Partnership
Inventors
Cortez, Brian Keith

Granted Patent

US 7,865,730 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/065   Encryption by serially and ...

H04L 9/302   involving the integer facto...

Bcencryption (BCE) - a public-key based method to encrypt a data stream

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Bcencryption (BCE) - a public-key based method to encrypt a data stream

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links