Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption
First Claim
1. A portable encryption device with logon access controlled by an encryption key, comprising:
- an enclosure for the device providing a portable form factor, anda cryptographic processor within the enclosure for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm.
1 Assignment
0 Petitions
Accused Products
Abstract
A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.
35 Citations
63 Claims
-
1. A portable encryption device with logon access controlled by an encryption key, comprising:
-
an enclosure for the device providing a portable form factor, and a cryptographic processor within the enclosure for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method for controlling logon access on a portable encryption device having a portable form factor and a cryptographic processor, comprising:
-
generating a plurality of secrets by a secret sharing algorithm, configuring the cryptographic processor to reconstitute an encryption key from the plurality of generated secrets, and determining logon access as a function of the reconstituted encryption key. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A portable encryption device with file decryption controlled by a file encryption key, comprising:
-
an enclosure for the device providing a portable form factor, and a cryptographic processor within the enclosure for reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code.
-
-
50. A method for controlling file decryption with a portable encryption device having a portable form factor and a cryptographic processor, comprising:
-
generating a network authorization code, distributing the network authorization code to a community of interest through an out-of-band distribution mechanism, shrouding a file encryption key with the network authorization code using an invertible transform, receiving the network authorization code from a user, causing the cryptographic processor to reconstitute the file encryption key from the received network authorization code, and determining file decryption as a function of the reconstituted file encryption key. - View Dependent Claims (51, 52, 53, 54)
-
-
55. A method for file encryption of a plaintext file, comprising the steps of:
-
hashing the plaintext file to produce a plaintext hash, compressing the plaintext file, encrypting the compressed plaintext file to create ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash, to produce the encrypted file. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
-
Specification