Unified end-to-end security methods and systems for operating on insecure networks
First Claim
1. A method for securing transmission of information from a sender to a receiver, which comprises:
- providing at the sender a unique sequence of bits associated with a sender;
providing at the receiver a first subset of bits selected from said unique sequence of bits;
generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information;
identifying at the sender the second subset of bits by means of addresses sent from the receiver to the sender;
encrypting at the sender the information to be transmitted using said second subset of bits; and
transmitting the encrypted information from the sender to the receiver.
3 Assignments
0 Petitions
Accused Products
Abstract
Secure transmission of a message is achieved by using a one-time encryption key derived at the receiver and the sender from information present at both the sender and the receiver, but wherein the information from which the encryption key is derived is not transmitted between the sender and the receiver. A plurality of bytes, known as a master signature, is randomly generated and stored at the sender, wherein each byte is uniquely identified by an address. A first random subset of this plurality of bytes, called an access signature, and the addresses in the master signature of the bytes in this access signature, are stored at the receiver. To generate an encryption key, the receiver selects a second random subset of bytes, known as a session signature, from the access signature and sends the addresses in the master signature of the bytes in this session signature to the sender. The sender uses these addresses to identify the bytes in this session signature which bytes are used at both the sender and the receiver to derive the encryption key. If desired, these bytes can be used directly as the encryption key but preferably, these bytes are passed through a session signature-to-session key converter using an irreversible algorithm to generate a one-time encryption key to be used to encrypt the message to be sent between the sender and the receiver. The master signature can be also derived from the digitized video image of the user, which allows a card containing the master signature to be used as described above but also with a video monitor to visually identify the user.
-
Citations
70 Claims
-
1. A method for securing transmission of information from a sender to a receiver, which comprises:
-
providing at the sender a unique sequence of bits associated with a sender; providing at the receiver a first subset of bits selected from said unique sequence of bits; generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information; identifying at the sender the second subset of bits by means of addresses sent from the receiver to the sender; encrypting at the sender the information to be transmitted using said second subset of bits; and transmitting the encrypted information from the sender to the receiver. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. The method of encrypting a message to be transmitted from a sender to a receiver which comprises:
-
generating a master signature associated with the sender, said master signature comprising a plurality of bytes of information, each byte being represented by a unique address; providing at a receiver an access signature, said access signature comprising a first subset of the bytes making up the master signature, the bytes in said first subset of bytes having associated with them their addresses in the master signature; generating at the receiver a session signature, said session signature comprising a second subset of bytes from the access signature, said second subset of bytes having associated with them their addresses in the master signature; transmitting the addresses of said second subset of bytes to the sender thereby to allow the sender to identify from the master signature said second subset of bytes; and using said second subset of bytes to encrypt the message at the sender and when the encrypted message is received at the receiver, to decrypt the received message at the receiver. - View Dependent Claims (19)
-
-
20. The method of generating an encryption key for use in encrypting information to be transmitted from a sender to a receiver which comprises:
-
generating a master signature associated with a sender; storing at the sender the master signature associated with the sender, said master signature containing a first plurality of bytes of information, each byte being identified by a unique address; storing at a receiver a first subset of bytes selected from said first plurality of bytes, the bytes in said first subset of bytes being identified by the addresses of said bytes in said master signature and being denoted as an access signature; selecting at the receiver from the first subset of bytes a second subset of bytes, said second subset of bytes being randomly selected and being denoted as a first session signature, each byte in said second subset being identified by the same address as said byte had in the master signature to allow the identification of said byte in the master signature; transmitting the addresses of said second subset of bytes from the receiver to the sender; identifying at the sender from the master signature stored at the sender the second subset of bytes from the addresses transmitted from the receiver to the sender; and generating at both the sender and the receiver from said second subset of bytes a first encryption key using an irreversible algorithm, said first encryption key to be used in encrypting a message to be transmitted from the sender to the receiver. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for secure transmission of information from a sender to a receiver which comprises:
-
providing at the sender a master signature A comprising a plurality of bytes, each byte in the master signature A being identified by a corresponding address; providing at the receiver a master signature B made up of a second plurality of bytes, each byte in said second plurality of bytes being identified by a unique address; storing at the sender a first subset of bytes selected from the master signature B together with the addresses in the master signature B of the bytes in said first subset of bytes, said first subset of bytes being denoted as access signature B; storing at the receiver a second subset of bytes selected from said master signature A together with the addresses in the master signature A of the bytes in said second subset, said second subset of bytes being denoted as access signature A; generating at the sender from said first subset of bytes from the master signature B a third subset of bytes, said third subset of bytes being denoted as session signature B; generating at the receiver from said second subset of bytes from the master signature A a fourth subset of bytes, said fourth subset of bytes being denoted as session signature A; transmitting the addresses in the master signature B of the bytes in the third subset of bytes to the receiver; transmitting the addresses in the master signature A of bytes in the fourth subset of bytes to the sender; using the third subset of bytes to encrypt a message to be transmitted from the sender to the receiver; and using the fourth subset of bytes to encrypt a message to be transmitted from the receiver to the sender. - View Dependent Claims (30, 31)
-
-
32. The method of providing an encryption key for use in securing transmission of information from a sender to a receiver which comprises:
-
selecting a subset of bits at a receiver from a set of bits located at both the receiver and the sender; identifying the same subset of bits at the sender by transmitting the addresses of the subset of bits from the receiver to the sender; and deriving an encryption key from said subset of bits.
-
-
33. The method of securing the transmission of information from a sender to a receiver which comprises:
-
selecting, at the receiver, from a first set of bits located at both the receiver and the sender, a first subset of bits; selecting, at the receiver, from said first set of bits located at both the receiver and the sender a second subset of bits, whereby the first subset of bits and the second subset of bits are identified by a first set of addresses and a second set of addresses, respectively; encrypting, at the receiver, the addresses of the second subset of bits with the bits in the first subset of bits; and transmitting to the sender the addresses of the first subset of bits and the encrypted addresses of the second subset of bits; thereby to allow the sender to encrypt the information to be transmitted from the sender to the receiver using the bits in the second subset of bits as determined by the sender from the addresses of the first subset of bits and the encrypted addresses of the second subset of bits transmitted from the receiver to the sender, the encrypted addresses of the second subset of bits being decrypted using the first subset of bits identified at the sender by their addresses. - View Dependent Claims (34, 35, 36)
-
-
37. Structure for securing transmission of information from a sender to a receiver, which comprises:
-
means for providing at the sender a unique set of bits associated with a sender; means for providing at the receiver a first subset of bits selected from said unique set of bits; means for generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information; means for identifying at the sender the second subset of bits by means of the addresses of selected sroupings of bits in said second subset of bits sent from the receiver to the sender; means for encrypting at the sender the information to be transmitted using said second subset of bits; and means for transmitting the encrypted information from the sender to the receiver. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. Structure for encrypting a message to be transmitted from a sender to a receiver which comprises:
-
means for generating a master signature associated with the sender, said master signature comprising a plurality of bytes of information, each byte being represented by a unique address; means for providing at a receiver an access signature, said access signature comprising a first subset of the bytes making up the master signature, said bytes in said first subset of bytes having associated with them their addresses in the master signature; means for generating at the receiver a session signature, said session signature comprising a second subset of bytes from the access signature, said second subset of bytes having associated therewith their addresses in the master signature; means for transmitting the addresses of said second subset of bytes to the sender thereby to allow the sender to identify from the master signature said second subset of bytes; means for using said second subset of bytes to encrypt the message at the sender; and means for using said second subset of bytes at the receiver when the encrypted message is received at the receiver, to decrypt the received message at the receiver. - View Dependent Claims (52)
-
-
53. Structure for generating an encryption key for use in encrypting information to be transmitted from a sender to a receiver which comprises:
-
means for generating a master signature associated with a sender; means for storing at the sender the master signature associated with the sender, said master signature containing a first plurality of bytes of information, each byte being identified by a unique address; means for storing at a receiver a first subset of bytes selected from said first plurality of bytes, the bytes in said first subset of bytes being identified by the addresses of said bytes in said master signature and being denoted as an access signature; means for selecting at the receiver from the first subset of bytes a second subset of bytes, said second subset of bytes being randomly selected and being denoted as a first session signature, each byte in said second subset being identified by the same address as said byte had in the master signature to allow the identification of said byte in the master signature; means for sending the addresses of said second subset of bytes from the receiver to the sender; means for identifying at the sender from the master signature stored at the sender the second subset of bytes from the addresses sent from the receiver to the sender; and means for generating at both the sender and the receiver from said second subset of bytes a first encryption key using an irreversible algorithm, said first encryption key to be used in encrypting a message to be transmitted from the sender to the receiver. - View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
-
-
61. Structure for secure transmission of information from a sender to a receiver which comprises:
-
means for providing at the sender a master signature A comprising a plurality of bytes, each byte in the master signature A being identified by a unique corresponding address; means for providing at the receiver a master signature B made up of a second plurality of bytes, each byte in said second plurality of bytes being identified by a unique corresponding address; means for storing at the sender a first subset of bytes selected from the master signature B together with the addresses in the master signature B of the bytes in said first subset of bytes, said first subset of bytes being denoted as access signature B; means for storing at the receiver a second subset of bytes selected from said master signature A together with the addresses in the master signature A of the bytes in said second subset of bytes, said second subset of bytes being denoted as access signature A; means for generating at the sender from said first subset of bytes a third subset of bytes, said third subset of bytes being denoted as session signature B; means for generating at the receiver from said second subset of bytes a fourth subset of bytes, said fourth subset of bytes being denoted as session signature A; means for transmitting the addresses in the master signature B of the bytes in the third subset of bytes to the receiver; means for transmitting the addresses in the master signature A of the bytes in the fourth subset of bytes to the sender; means for using the third subset of bytes to encrypt a message to be transmitted from the sender to the receiver; and means for using the fourth subset of bytes to encrypt a message to be transmitted from the receiver to the sender. - View Dependent Claims (62, 63)
-
-
64. Structure for generating an encryption key for use in securing transmission of information from a first station to a second station which comprises:
-
means for selecting a subset of bits at the second station from a set of bits located at both the second station and the first station, selected groupings of bits in said subset having unique addresses; and means for identifying the same subset of bits at the first station by transmitting the addresses of said selected groupings of bits from the second station to the first station; whereby the encryption key is related to said subset of bits. - View Dependent Claims (65)
-
-
66. Structure for securing the transmission of information from a sender to a receiver which comprises:
-
means for selecting, at the receiver, from a first set of bits located at both the receiver and the sender, a first subset of bits; means for selecting, at the receiver, from said first set of bits located at both the receiver and the sender a second subset of bits, whereby the first subset of bits and the second subset of bits are identified by a first set of addresses and a second set of addresses, respectively; means for encrypting, at the receiver, the addresses of the second subset of bits with the bits in the first subset of bits; and means for transmitting to the sender the addresses of the first subset of bits and the encrypted addresses of the second subset of bits; thereby to allow the sender to encrypt the information to be transmitted from the sender to the receiver using the bits in the second subset of bits as determined by the sender from the addresses of the first subset of bits and the encrypted addresses of the second subset of bits transmitted from the receiver to the sender, the encrypted addresses of the second subset of bits being decrypted using the first subset of bits identified at the sender by their addresses. - View Dependent Claims (67, 68, 69)
-
-
70. The method of providing an encryption key for securing transmission of information from a sender to a receiver which comprises:
-
a. selecting a subset of bits at a receiver from a set of bits located at both the receiver and the sender, selected groupings of bits in said set of bits having unique addresses said bits in said subset of bits being uniquely identified by a unique subset of addresses; b. identifying the same subset of bits at the sender by transmitting the unique subset of addresses from the receiver to the sender; c. deriving at both the sender and the receiver an encryption key from said subset of bits; d. using said encryption key to encrypt at the sender information to be transmitted from the sender to the receiver; e. using at the receiver the same encryption key to decrypt the information transmitted from the sender to the receiver; f. discarding the encryption key upon completion of the transmission of information; and g. generating a new encryption key by repeating steps a through f for a subsequent transmission of information from the sender to the receiver.
-
Specification