Secure network method and apparatus
First Claim
1. A system for the secure routing of encrypted data within a communications network, comprising:
- A) first digital logic means and second digital logic means, the first digital logic means being electronically linked for communication with the second digital logic means;
B) the first digital logic means comprising;
1) a first system memory for storing data;
2) a first access control subsystem, comprising logic for limiting system access to authorized users, the first access control subsystem being electronically connected to the first system memory for accessing data stored in the first system memory;
3) an encryption algorithm module, comprising logic for converting plain text messages into encrypted text messages, the encryption algorithm module being electronically connected to the first system memory for accessing data stored in the first system memory and the encryption algorithm module being further electronically connected to the first access control subsystem to accept inputs from the first access control subsystem;
4) a message header labelling subsystem, comprising logic for limiting system access, subject to label conditions, the message header labelling subsystem being electronically connected to the first system memory for accessing data stored in the first system memory and the message header labelling subsystem being further electronically connected to the encryption algorithm module to accept inputs from the encryption algorithm module; and
5) message transmission means for transmitting data to the second digit logic means;
C) the second digital logic means comprising;
1) a second system memory for storing data;
2) a second access control subsystem, comprising logic for limiting system access to authorized users, the second access control subsystem being electronically connected to the second system memory for accessing data stored in the second system memory;
3) a decryption algorithm module, comprising logic for converting encrypted text messages into plain text messages, the decryption algorithm module being electronically connected to the second system memory for accessing data stored in the second system memory and the decryption algorithm module being further electronically connected to the second access control subsystem to accept inputs from the second access control subsystem;
4) a message header identification subsystem, comprising logic for limiting system access, subject to label conditions, the message header identification subsystem being electronically connected to the second system memory for accessing data stored in the second system memory and the message header identification subsystem being further electronically connected to the decryption algorithm module to accept inputs from the decryption algorithm module; and
5) receiver means for receiving data transmitted by the first digital logic means;
D) the encryption algorithm module working in conjunction with the message header labelling subsystem to create an outgoing message transmitted from the transmission means of the first digital logic means to the receiver means of the second digital logic means;
E) the message header identification subsystem limiting access to an incoming message prior to conversion of a received encrypted text message into a plain text message by the decryption algorithm module by providing a cryptographic key to the encryption algorithm module;
F) the first access control subsystem and the second access control subsystem being adapted to manipulate passphrase information entered by users to generate a passkey;
G) the first access control subsystem further comprising a check key which is compared to the passkey;
H) the passkey being an input to the encryption algorithm module which allows editions of cryptographic information stored within the first system memory to be inputs to the encryption algorithm module only if the passkey exactly matches the check key;
I) the second access control subsystem further comprising a check key which is compared to the passkey;
J) the passkey being an input to the decryption algorithm module which allows editions of cryptographic information stored within the second system memory to be inputs to the decryption algorithm module only if the passkey exactly matches the check key;
K) the passkey inputs to the encryption algorithm module allowing the encryption algorithm module to convert a plain text message to an encrypted text message;
L) the passkey inputs to the decryption algorithm module allowing the decryption algorithm module to convert an encrypted text message to a plain text message;
M) the first digital logic means being adapted to exclusive OR all possible pairings of the editions of cryptographic information and an organizational account number to generate scrambled editions of cryptographic information;
N) the first digital logic means being further adapted to exclusive OR the scrambled editions of cryptographic information with label conditions to generate scrambled label conditions; and
O) the first digital logic means being further adapted to manipulate the scrambled label conditions and the editions of cryptographic data to generate an encryption key for allowing the encryption algorithm module to convert a plain text message to an encrypted text message.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for ensuring the security of messages communicated on a network. The system employs different levels of security to ensure that communication integrity is not breached. A user must first enter a valid password to clear the access control subsystem. The sending user must also possess valid cryptographic information and belong to a particular organization and/or be located at a particular device in order to encrypt a plain text message that is to be transmitted over the network. The device and organization information, along with receiving user information specified by the sending user, will then be grouped into a header which will be appended to the outgoing encrypted message. In order to receive a transmitted message, a receiving user must be the particular receiving user and be part of the particular group specified by the sending user, and must be attempting to receive the communication at the device specified in the message header. If these conditions are satisfied, cryptographic information must be entered into the system in order to decrypt the message, resulting in the original plain text message.
317 Citations
28 Claims
-
1. A system for the secure routing of encrypted data within a communications network, comprising:
-
A) first digital logic means and second digital logic means, the first digital logic means being electronically linked for communication with the second digital logic means; B) the first digital logic means comprising; 1) a first system memory for storing data; 2) a first access control subsystem, comprising logic for limiting system access to authorized users, the first access control subsystem being electronically connected to the first system memory for accessing data stored in the first system memory; 3) an encryption algorithm module, comprising logic for converting plain text messages into encrypted text messages, the encryption algorithm module being electronically connected to the first system memory for accessing data stored in the first system memory and the encryption algorithm module being further electronically connected to the first access control subsystem to accept inputs from the first access control subsystem; 4) a message header labelling subsystem, comprising logic for limiting system access, subject to label conditions, the message header labelling subsystem being electronically connected to the first system memory for accessing data stored in the first system memory and the message header labelling subsystem being further electronically connected to the encryption algorithm module to accept inputs from the encryption algorithm module; and 5) message transmission means for transmitting data to the second digit logic means; C) the second digital logic means comprising; 1) a second system memory for storing data; 2) a second access control subsystem, comprising logic for limiting system access to authorized users, the second access control subsystem being electronically connected to the second system memory for accessing data stored in the second system memory; 3) a decryption algorithm module, comprising logic for converting encrypted text messages into plain text messages, the decryption algorithm module being electronically connected to the second system memory for accessing data stored in the second system memory and the decryption algorithm module being further electronically connected to the second access control subsystem to accept inputs from the second access control subsystem; 4) a message header identification subsystem, comprising logic for limiting system access, subject to label conditions, the message header identification subsystem being electronically connected to the second system memory for accessing data stored in the second system memory and the message header identification subsystem being further electronically connected to the decryption algorithm module to accept inputs from the decryption algorithm module; and 5) receiver means for receiving data transmitted by the first digital logic means; D) the encryption algorithm module working in conjunction with the message header labelling subsystem to create an outgoing message transmitted from the transmission means of the first digital logic means to the receiver means of the second digital logic means; E) the message header identification subsystem limiting access to an incoming message prior to conversion of a received encrypted text message into a plain text message by the decryption algorithm module by providing a cryptographic key to the encryption algorithm module; F) the first access control subsystem and the second access control subsystem being adapted to manipulate passphrase information entered by users to generate a passkey; G) the first access control subsystem further comprising a check key which is compared to the passkey; H) the passkey being an input to the encryption algorithm module which allows editions of cryptographic information stored within the first system memory to be inputs to the encryption algorithm module only if the passkey exactly matches the check key; I) the second access control subsystem further comprising a check key which is compared to the passkey; J) the passkey being an input to the decryption algorithm module which allows editions of cryptographic information stored within the second system memory to be inputs to the decryption algorithm module only if the passkey exactly matches the check key; K) the passkey inputs to the encryption algorithm module allowing the encryption algorithm module to convert a plain text message to an encrypted text message; L) the passkey inputs to the decryption algorithm module allowing the decryption algorithm module to convert an encrypted text message to a plain text message; M) the first digital logic means being adapted to exclusive OR all possible pairings of the editions of cryptographic information and an organizational account number to generate scrambled editions of cryptographic information; N) the first digital logic means being further adapted to exclusive OR the scrambled editions of cryptographic information with label conditions to generate scrambled label conditions; and O) the first digital logic means being further adapted to manipulate the scrambled label conditions and the editions of cryptographic data to generate an encryption key for allowing the encryption algorithm module to convert a plain text message to an encrypted text message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for the secure routing of data in a communications system, comprising the following steps performed in the order given:
-
A) limiting access to the communications system to an authorized sending user at a transmit port; B) retrieving and converting a plain text message to an encrypted text message according to the following substeps; 1) reading a plain text message file from communications system memory; 2) modulo-2 adding all possible pairings of the editions of cryptographic information and an organizational account number stored in communications system memory by digital logic means to generate scrambled editions of cryptographic information; 3) modulo-2 adding the scrambled editions of cryptographic information with message access conditions to generate scrambled access conditions; 4) modulo-2 adding filename/date/time information stored in communications system memory with one edition of cryptogphic information to generate scrambled filename/date/time information; 5) modulo-2 adding the scrambled filename/date/time information with the scrambled access conditions and the editions of cryptographic information to generate an encryption key; 6) applying the encryption key to the encryption means; 7) converting the plain text message to an encrypted text message by applying the encryption means to the plain text message; and 8) applying the encrypted text message to a header labeling subsystem located within the communications system; C) creating a message header which specifies message access conditions and is a key to the encryption means; D) adding the message header to the front of the encrypted text message to create the secure message; E) transmitting the secure message from the transmit port to a receive port via the communications system; F) limiting access to the communications system to an authorized receiving user at a receive port; G) stripping the message header from the secure message; H) decoding the message header to recover the message access conditions and encryption means key; and I) converting the encrypted text message to a plain text message. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
Specification