Unified end-to-end security methods and systems for operating on insecure networks

US 5,960,086 A
Filed: 11/02/1995
Issued: 09/28/1999
Est. Priority Date: 11/02/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing transmission of information from a sender to a receiver, which comprises:

providing at the sender a unique sequence of bits associated with a sender;

providing at the receiver a first subset of bits selected from said unique sequence of bits;

generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information;

identifying at the sender the second subset of bits by means of addresses sent from the receiver to the sender;

encrypting at the sender the information to be transmitted using said second subset of bits; and

transmitting the encrypted information from the sender to the receiver.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure transmission of a message is achieved by using a one-time encryption key derived at the receiver and the sender from information present at both the sender and the receiver, but wherein the information from which the encryption key is derived is not transmitted between the sender and the receiver. A plurality of bytes, known as a master signature, is randomly generated and stored at the sender, wherein each byte is uniquely identified by an address. A first random subset of this plurality of bytes, called an access signature, and the addresses in the master signature of the bytes in this access signature, are stored at the receiver. To generate an encryption key, the receiver selects a second random subset of bytes, known as a session signature, from the access signature and sends the addresses in the master signature of the bytes in this session signature to the sender. The sender uses these addresses to identify the bytes in this session signature which bytes are used at both the sender and the receiver to derive the encryption key. If desired, these bytes can be used directly as the encryption key but preferably, these bytes are passed through a session signature-to-session key converter using an irreversible algorithm to generate a one-time encryption key to be used to encrypt the message to be sent between the sender and the receiver. The master signature can be also derived from the digitized video image of the user, which allows a card containing the master signature to be used as described above but also with a video monitor to visually identify the user.

Citations

70 Claims

1. A method for securing transmission of information from a sender to a receiver, which comprises:
- providing at the sender a unique sequence of bits associated with a sender;
  
  providing at the receiver a first subset of bits selected from said unique sequence of bits;
  
  generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information;
  
  identifying at the sender the second subset of bits by means of addresses sent from the receiver to the sender;
  
  encrypting at the sender the information to be transmitted using said second subset of bits; and
  
  transmitting the encrypted information from the sender to the receiver.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 including:
    - decrypting at the receiver the received encrypted information using the second subset of bits, wherein the bits used to encrypt the transmitted message are not sent between the sender and the receiver.
  - 3. The method of claim 2 including before said encrypting:
    - converting, at both said sender and receiver, said second subset of bits to an encryption key by use of an irreversible algorithm.
  - 4. The method of claim 3 wherein said unique sequence of bits represents a master signature, said first subset of bits represents an access signature and said second subset of bits represents a session signature.
  - 5. The method of claim 4 including:
    - changing said access signature by selecting at the user from the user'"'"'s master signature a new subset of bits to replace said first subset of bits;
      
      encrypting said new subset of bits using said first subset of bits;
      
      transmitting said encrypted new subset of bits to said receiver;
      
      decrypting said new subset of bits at said receiver using the access signature already present at the receiver for said decryption; and
      
      replacing at the receiver the first subset of bits representing the original access signature with the new subset of bits so as to form a new access signature.
  - 6. The method of claim 5 including:
    - identifying addresses in said master signature of the bits in said new subset of bits;
      
      encrypting these addresses of the new subset of bits using the first subset of bits;
      
      transmitting the encrypted addresses of said new subset of bits to the receiver;
      
      decrypting the encrypted addresses of the new subset of bits at the receiver; and
      
      storing at the receiver said addresses of the new subset of bits together with the new subset of bits to form the access signature.
  - 7. The method of claim 1 wherein said unique sequence of bits is made up of a unique set of bytes and each byte has associated therewith a unique address.
  - 8. The method of claim 7 wherein the first subset of bits comprises a first subset of bytes, each byte in said first subset having a corresponding address, each byte in said first subset corresponding to a byte in said unique set of bytes and having the same address as the corresponding byte in said unique set of bytes.
  - 9. The method of claim 8 wherein the second subset of bits comprises a second subset of bytes selected at said receiver from said first subset of bytes, each byte in said second subset having a corresponding address, each byte in said second subset corresponding to a byte in said unique set of bytes and having the same address as the corresponding byte in said unique set of bytes.
  - 10. The method of claim 9 wherein the step of identifying said second subset of bits at the sender comprises:
    - sending the addresses of said second subset of bytes to the sender to allow the sender to identify the bytes in the second subset of bytes by their addresses in said unique set of bytes.
  - 11. The method of claim 10 including the step of obtaining, at both said receiver and said sender, an encryption key from the second subset of bytes.
  - 12. The method of claim 11 wherein the step of obtaining an encryption key from the second subset of bytes comprises:
    - converting, at both said receiver and said sender, the second subset of bytes to an encryption key using an irreversible algorithm.
  - 13. The method of claim 11 including the steps of:
    - encrypting said information at said sender using said encryption key; and
      
      decrypting said encrypted information received at said receiver also using said encryption key.
  - 14. The method of claim 13 wherein the step of encrypting said information comprises:
    - holding a selected number of bits of the data to be encrypted in a first data register, said selected number of data bits being equal to the number of bits in the encryption key;
      
      holding the bits in the encryption key to be used to encrypt the data in an encryption register;
      
      simultaneously passing the bits in the first data register and the bits in the encryption register through a selected number of exclusive OR gates, a given bit of data in the data register and the corresponding bit from the encryption key in the encryption register being passed through a corresponding exclusive OR gate to produce an encrypted data bit; and
      
      storing the encrypted data in an encrypted data register.
  - 15. The method in claim 14 wherein the step of decrypting said encrypted information received at said receiver comprises:
    - storing said selected number of bits of the received encrypted data in an encryption data register;
      
      storing the encryption key in an encryption register, said encryption register having the same number of bits as the encrypted data stored in said encryption data register; and
      
      simultaneously passing the bits stored in said encryption data register and the bits stored in said encryption key register through a plurality of exclusive OR gates, one bit each from the encryption key register and the encryption data register going simultaneously through a corresponding exclusive OR gate to produce a decrypted data bit; and
      
      storing the resulting decrypted data in a decrypted data register.
  - 16. The method of claim 13 including:
    - encrypting the unique set of bits at said sender with a third set of bits unique and known only to the sender to protect the unique set of bits.
  - 17. The method of claim 16 including:
    - changing said third set of bits by substituting a fourth set of bits unique and known only to the sender for said third set of bits;
      
      said step of changing including the steps of;
      
      decrypting the unique set of bits using said third set of bits; and
      
      re-encrypting the unique set of bits using said fourth set of bits.

18. The method of encrypting a message to be transmitted from a sender to a receiver which comprises:
- generating a master signature associated with the sender, said master signature comprising a plurality of bytes of information, each byte being represented by a unique address;
  
  providing at a receiver an access signature, said access signature comprising a first subset of the bytes making up the master signature, the bytes in said first subset of bytes having associated with them their addresses in the master signature;
  
  generating at the receiver a session signature, said session signature comprising a second subset of bytes from the access signature, said second subset of bytes having associated with them their addresses in the master signature;
  
  transmitting the addresses of said second subset of bytes to the sender thereby to allow the sender to identify from the master signature said second subset of bytes; and
  
  using said second subset of bytes to encrypt the message at the sender and when the encrypted message is received at the receiver, to decrypt the received message at the receiver.
- View Dependent Claims (19)
- - 19. The method of claim 18, wherein the step of using said second subset of bytes to encrypt the message at the sender and to decrypt the received message at the receiver comprises:
    - deriving an encryption key at both said sender and said receiver from said subset of bytes;
      
      encrypting at the sender the message to be sent to the receiver using said encryption key;
      
      sending said encrypted message to the receiver; and
      
      decrypting the received message using the encryption key originally generated at the receiver, whereby the second subset of bytes from which the encryption key is derived is never transmitted between the sender and the receiver.

20. The method of generating an encryption key for use in encrypting information to be transmitted from a sender to a receiver which comprises:
- generating a master signature associated with a sender;
  
  storing at the sender the master signature associated with the sender, said master signature containing a first plurality of bytes of information, each byte being identified by a unique address;
  
  storing at a receiver a first subset of bytes selected from said first plurality of bytes, the bytes in said first subset of bytes being identified by the addresses of said bytes in said master signature and being denoted as an access signature;
  
  selecting at the receiver from the first subset of bytes a second subset of bytes, said second subset of bytes being randomly selected and being denoted as a first session signature, each byte in said second subset being identified by the same address as said byte had in the master signature to allow the identification of said byte in the master signature;
  
  transmitting the addresses of said second subset of bytes from the receiver to the sender;
  
  identifying at the sender from the master signature stored at the sender the second subset of bytes from the addresses transmitted from the receiver to the sender; and
  
  generating at both the sender and the receiver from said second subset of bytes a first encryption key using an irreversible algorithm, said first encryption key to be used in encrypting a message to be transmitted from the sender to the receiver.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20 wherein said step of generating comprises:
    - generating at both the sender and the receiver from said second subset of bytes a first encryption key using an irreversible algorithm.
  - 22. The method of claim 20 wherein the receiver is a hub in a computer network.
  - 23. The method of claim 20 wherein a second receiver is connected to said hub.
  - 24. The method of claim 23 wherein information is to be transmitted from the sender to the second receiver through said hub, said method including the additional steps of:
    - generating and storing at the second receiver a second master signature associated with the second receiver, said second master signature containing a second plurality of bytes of information, each byte being identified by a unique address;
      
      storing at said hub a third subset of bytes selected from said second plurality of bytes, the bytes in said third subset of bytes being identified by the addresses of said bytes in said second master signature and being denoted as a second access signature;
      
      selecting at said hub from the third subset of bytes a fourth subset of bytes, said fourth subset of bytes being randomly selected and being denoted as a second session signature, each byte in said fourth subset being identified by the same address as said byte had in the second master signature to allow the identification of said byte in the second master signature;
      
      transmitting the addresses of said fourth subset of bytes from the hub to the second receiver;
      
      identifying at the second receiver from the second master signature stored at the second receiver the fourth subset of bytes from the addresses transmitted from the hub to the second receiver; and
      
      generating from said fourth subset of bytes at both the second receiver and the hub a second encryption key, said second encryption key to be used in encrypting a message to be transmitted from the hub to the second receiver.
  - 25. The method of claim 24 including:
    - generating said second encryption key using an irreversible algorithm.
  - 26. The method of claim 25 including:
    - encrypting information to be transmitted from the sender to the second receiver using the first encryption key;
      
      transmitting the encrypted information from said sender through said hub to said second receiver;
      
      encrypting at the hub the first encryption key using the second encryption key; and
      
      transmitting the encrypted first encryption key from the hub to the second receiver, there to be decrypted and used by the second receiver to decrypt the transmitted encrypted message received at the second receiver from the sender.
  - 27. The method of claim 26 including:
    - passing said message being sent from said sender to said second receiver through a second hub;
      
      encrypting the first encryption key at said first hub using an intermediate encryption key for transmission of information from the first hub to the second hub; and
      
      decrypting the first encryption key at said second hub and re-encrypting at said second hub the first encryption key with a second encryption key used for transmission of information between the second hub and the second receiver;
      
      thereby to allow the message to be transmitted from said sender to the second receiver to pass through said first hub, said second hub and then to the second receiver and there be decrypted using the first encryption key.
  - 28. The method of claim 20 including:
    - storing the first subset of bytes selected from said first plurality of bytes at both the sender and the receiver;
      
      generating a first part of said second subset of bytes at the sender and a second part of said second subset of bytes at the receiver, andcombining at both the sender and the receiver said first part and said second part to form said second subset of bytes at both the sender and the receiver.

29. A method for secure transmission of information from a sender to a receiver which comprises:
- providing at the sender a master signature A comprising a plurality of bytes, each byte in the master signature A being identified by a corresponding address;
  
  providing at the receiver a master signature B made up of a second plurality of bytes, each byte in said second plurality of bytes being identified by a unique address;
  
  storing at the sender a first subset of bytes selected from the master signature B together with the addresses in the master signature B of the bytes in said first subset of bytes, said first subset of bytes being denoted as access signature B;
  
  storing at the receiver a second subset of bytes selected from said master signature A together with the addresses in the master signature A of the bytes in said second subset, said second subset of bytes being denoted as access signature A;
  
  generating at the sender from said first subset of bytes from the master signature B a third subset of bytes, said third subset of bytes being denoted as session signature B;
  
  generating at the receiver from said second subset of bytes from the master signature A a fourth subset of bytes, said fourth subset of bytes being denoted as session signature A;
  
  transmitting the addresses in the master signature B of the bytes in the third subset of bytes to the receiver;
  
  transmitting the addresses in the master signature A of bytes in the fourth subset of bytes to the sender;
  
  using the third subset of bytes to encrypt a message to be transmitted from the sender to the receiver; and
  
  using the fourth subset of bytes to encrypt a message to be transmitted from the receiver to the sender.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29 including:
    - combining said third subset of bytes and said fourth subset of bytes to form a combined session signature, said combined session signature being used to generate an encryption key for use in transmitting information from the sender to the receiver or vice versa.
  - 31. The method of claim 30 including:
    - generating an encryption key using an irreversible algorithm on said combined session signature.

32. The method of providing an encryption key for use in securing transmission of information from a sender to a receiver which comprises:
- selecting a subset of bits at a receiver from a set of bits located at both the receiver and the sender;
  
  identifying the same subset of bits at the sender by transmitting the addresses of the subset of bits from the receiver to the sender; and
  
  deriving an encryption key from said subset of bits.

33. The method of securing the transmission of information from a sender to a receiver which comprises:
- selecting, at the receiver, from a first set of bits located at both the receiver and the sender, a first subset of bits;
  
  selecting, at the receiver, from said first set of bits located at both the receiver and the sender a second subset of bits, whereby the first subset of bits and the second subset of bits are identified by a first set of addresses and a second set of addresses, respectively;
  
  encrypting, at the receiver, the addresses of the second subset of bits with the bits in the first subset of bits; and
  
  transmitting to the sender the addresses of the first subset of bits and the encrypted addresses of the second subset of bits;
  
  thereby to allow the sender to encrypt the information to be transmitted from the sender to the receiver using the bits in the second subset of bits as determined by the sender from the addresses of the first subset of bits and the encrypted addresses of the second subset of bits transmitted from the receiver to the sender, the encrypted addresses of the second subset of bits being decrypted using the first subset of bits identified at the sender by their addresses.
- View Dependent Claims (34, 35, 36)
- - 34. The method of claim 33 including:
    - using, at the sender, the addresses of the first subset of bits to identify the bits in said first subset and then using the bits in said first subset to decrypt the addresses of the second subset of bits thereby to identify the second subset of bits.
  - 35. The method of claim 34 including:
    - using, at the sender, the second subset of bits to encrypt the information to be transmitted to the receiver.
  - 36. The method of claim 34 including:
    - using, at the sender, the second subset of bits to derive an encryption key using an irreversible algorithm, said encryption key being used to encrypt the information to be transmitted from the sender to the receiver.

37. Structure for securing transmission of information from a sender to a receiver, which comprises:
- means for providing at the sender a unique set of bits associated with a sender;
  
  means for providing at the receiver a first subset of bits selected from said unique set of bits;
  
  means for generating at the receiver from said first subset of bits a second subset of bits for use in encrypting the information;
  
  means for identifying at the sender the second subset of bits by means of the addresses of selected sroupings of bits in said second subset of bits sent from the receiver to the sender;
  
  means for encrypting at the sender the information to be transmitted using said second subset of bits; and
  
  means for transmitting the encrypted information from the sender to the receiver.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 38. The structure of claim 37 including:
    - means for decrypting at the receiver the received encrypted information using the second subset of bits, wherein the bits used to encrypt the transmitted message are not sent between the sender and the receiver.
  - 39. The structure of claim 38 including:
    - means for converting, at both said sender and receiver, said second subset of bits to an encryption key by use of an irreversible algorithm.
  - 40. The structure of claim 39 wherein said unique set of bits represents a master signature, said first subset of bits represents an access signature and said second subset of bits represents a session signature.
  - 41. The structure of claim 37 wherein said unique set of bits is made up of a unique set of bytes and each byte has associated therewith a unique address.
  - 42. The structure of claim 41 wherein the first subset of bits comprises a first subset of bytes, each byte in said first subset having a corresponding address, each byte in said first subset corresponding to a byte in said unique set of bytes and having the same address as the corresponding byte in said unique set of bytes.
  - 43. The structure of claim 42 wherein the second subset of bits comprises a second subset of bytes selected at said receiver from said first subset of bytes, each byte in said second subset having a corresponding address, each byte in said second subset corresponding to a byte in said unique set of bytes and having the same address as the corresponding byte in said unique set of bytes.
  - 44. The structure of claim 43 wherein the means for identifying said second subset of bits at the sender comprises:
    - means for sending the addresses of said second subset of bytes to the sender to allow the sender to identify the bytes in the second subset of bytes by their addresses in said unique set of bytes.
  - 45. The structure of claim 44 including:
    - means for obtaining, at both said receiver and said sender, an encryption key from the second subset of bytes.
  - 46. The structure of claim 45 wherein said means for obtaining comprises:
    - means for converting, at both said receiver and said sender, the second subset of bytes to an encryption key using an irreversible algorithm.
  - 47. The structure of claim 45 including:
    - means for encrypting said information at said sender using said encryption key; and
      
      means for decrypting said encrypted information received at said receiver also using said encryption key.
  - 48. The structure of claim 47 wherein said means for encrypting comprises:
    - a data register for holding data to be encrypted;
      
      an encryption register for holding the encryption key to-be used to encrypt the data; and
      
      a plurality of exclusive OR gates each containing two input leads, the input leads on each exclusive OR gate being connected to receive one bit from the data register and one bit from the encryption register thereby to be capable of producing an output signal reflecting the data in said data register encrypted by the encryption key in the encryption register.
  - 49. The structure of claim 47 wherein said means for decrypting comprises:
    - an encryption data register for storing encrypted data;
      
      an encryption key register for storing the encryption key; and
      
      a plurality of exclusive OR gates each containing two input leads, one input lead being connected to a corresponding bit register in the encrypted data register and the other input lead being connected to a corresponding encryption bit storage cell in said encryption key register, thereby to be capable of producing output signals from said exclusive OR gates the decrypted data.
  - 50. The structure of claim 47 including:
    - means for encrypting the unique set of bits at said sender with a third set of bits unique and known only to the sender to protect the unique set of bits.

51. Structure for encrypting a message to be transmitted from a sender to a receiver which comprises:
- means for generating a master signature associated with the sender, said master signature comprising a plurality of bytes of information, each byte being represented by a unique address;
  
  means for providing at a receiver an access signature, said access signature comprising a first subset of the bytes making up the master signature, said bytes in said first subset of bytes having associated with them their addresses in the master signature;
  
  means for generating at the receiver a session signature, said session signature comprising a second subset of bytes from the access signature, said second subset of bytes having associated therewith their addresses in the master signature;
  
  means for transmitting the addresses of said second subset of bytes to the sender thereby to allow the sender to identify from the master signature said second subset of bytes;
  
  means for using said second subset of bytes to encrypt the message at the sender; and
  
  means for using said second subset of bytes at the receiver when the encrypted message is received at the receiver, to decrypt the received message at the receiver.
- View Dependent Claims (52)
- - 52. The structure of claim 51, wherein said means for using said second subset of bytes to encrypt the message at the sender and said means for using said second subset of bytes to decrypt the received message at the receiver comprise:
    - means for deriving an encryption key at said sender from said subset of bytes;
      
      means for deriving the same encryption key at said receiver from said subset of bytes;
      
      means for encrypting at the sender the message to be sent to the receiver using said encryption key;
      
      means for sending said encrypted message to the receiver; and
      
      means for decrypting the received message using the encryption key derived at the receiver, whereby the second subset of bytes from which the encryption key is derived is never transmitted between the sender and the receiver.

53. Structure for generating an encryption key for use in encrypting information to be transmitted from a sender to a receiver which comprises:
- means for generating a master signature associated with a sender;
  
  means for storing at the sender the master signature associated with the sender, said master signature containing a first plurality of bytes of information, each byte being identified by a unique address;
  
  means for storing at a receiver a first subset of bytes selected from said first plurality of bytes, the bytes in said first subset of bytes being identified by the addresses of said bytes in said master signature and being denoted as an access signature;
  
  means for selecting at the receiver from the first subset of bytes a second subset of bytes, said second subset of bytes being randomly selected and being denoted as a first session signature, each byte in said second subset being identified by the same address as said byte had in the master signature to allow the identification of said byte in the master signature;
  
  means for sending the addresses of said second subset of bytes from the receiver to the sender;
  
  means for identifying at the sender from the master signature stored at the sender the second subset of bytes from the addresses sent from the receiver to the sender; and
  
  means for generating at both the sender and the receiver from said second subset of bytes a first encryption key using an irreversible algorithm, said first encryption key to be used in encrypting a message to be transmitted from the sender to the receiver.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
- - 54. The structure of claim 53 wherein the receiver is a hub in a computer network.
  - 55. The structure of claim 54 wherein a second receiver is connected to said hub.
  - 56. The structure of claim 55 wherein information is to be transmitted from the sender to the second receiver through said hub, said structure including:
    - means for generating a second master signature associated with the second receiver;
      
      means for storing at the second receiver the second master signature, said second master signature containing a second plurality of bytes of information, each byte being identified by a unique address;
      
      means for storing at said hub a third subset of bytes selected from said second plurality of bytes, the bytes in said third subset of bytes being identified by the addresses of said bytes in said second master signature and being denoted as a second access signature;
      
      means for selecting at said hub from the third subset of bytes a fourth subset of bytes, said fourth subset of bytes being randomly selected and being denoted as a second session signature, each byte in said fourth subset being identified by the same address as said byte had in the second master signature to allow the identification of said byte in the second master signature;
      
      means for transmitting the addresses of said fourth subset of bytes from the hub to the second receiver;
      
      means for identifying at the second receiver from the second master signature stored at the second receiver the fourth subset of bytes using the addresses transmitted from the hub to the second receiver; and
      
      means for generating from said fourth subset of bytes at both the second receiver and the hub a second encryption key, said second encryption key to be used in encrypting a message to be transmitted from the hub to the second receiver.
  - 57. Structure as in claim 56 wherein said means for generating said second encryption key uses an irreversible algorithm.
  - 58. The structure of claim 57 including:
    - means for encrypting information to be transmitted from the sender to the second receiver using the first encryption key;
      
      means for transmitting the encrypted information from said sender through said hub to said second receiver;
      
      means for encrypting at the hub the first encryption key using the second encryption key; and
      
      means for transmitting the encrypted first encryption key from the hub to the second receiver, there to be decrypted and used by the second receiver to decrypt the transmitted encrypted message received at the second receiver from the sender.
  - 59. The structure of claim 58 including:
    - means for passing said message being sent from said sender to said second receiver through a second hub;
      
      means for encrypting the first encryption key at said first hub using an intermediate encryption key for transmission of information from the first hub to the second hub; and
      
      means for decrypting the first encryption key at said second hub and re-encrypting at said second hub the first encryption key with a second encryption key used for transmission of information between the second hub and the second receiver;
      
      whereby the message to be transmitted from said sender to the second receiver is able to pass through said first hub, said second hub and then to the second receiver and there be decrypted using the first encryption key.
  - 60. The structure of claim 53 including:
    - means for storing the first subset of bytes selected from said first plurality of bytes at both the sender and the receiver;
      
      means for generating a first part of said second subset of bytes at the sender and a second part of said second subset of bytes at the receiver; and
      
      means for combining at both the sender and the receiver said first part and said second part to form said second subset of bytes at both the sender and the receiver.

61. Structure for secure transmission of information from a sender to a receiver which comprises:
- means for providing at the sender a master signature A comprising a plurality of bytes, each byte in the master signature A being identified by a unique corresponding address;
  
  means for providing at the receiver a master signature B made up of a second plurality of bytes, each byte in said second plurality of bytes being identified by a unique corresponding address;
  
  means for storing at the sender a first subset of bytes selected from the master signature B together with the addresses in the master signature B of the bytes in said first subset of bytes, said first subset of bytes being denoted as access signature B;
  
  means for storing at the receiver a second subset of bytes selected from said master signature A together with the addresses in the master signature A of the bytes in said second subset of bytes, said second subset of bytes being denoted as access signature A;
  
  means for generating at the sender from said first subset of bytes a third subset of bytes, said third subset of bytes being denoted as session signature B;
  
  means for generating at the receiver from said second subset of bytes a fourth subset of bytes, said fourth subset of bytes being denoted as session signature A;
  
  means for transmitting the addresses in the master signature B of the bytes in the third subset of bytes to the receiver;
  
  means for transmitting the addresses in the master signature A of the bytes in the fourth subset of bytes to the sender;
  
  means for using the third subset of bytes to encrypt a message to be transmitted from the sender to the receiver; and
  
  means for using the fourth subset of bytes to encrypt a message to be transmitted from the receiver to the sender.
- View Dependent Claims (62, 63)
- - 62. The structure of claim 61 including:
    - means for combining said third subset of bytes and said fourth subset of bytes to form a combined session signature; and
      
      means for using said combined session signature to generate an encryption key for use in transmitting information from the sender to the receiver or vice versa.
  - 63. The structure of claim 62 including:
    - means for generating an encryption key using an irreversible algorithm on said combined session signature.

64. Structure for generating an encryption key for use in securing transmission of information from a first station to a second station which comprises:
- means for selecting a subset of bits at the second station from a set of bits located at both the second station and the first station, selected groupings of bits in said subset having unique addresses; and
  
  means for identifying the same subset of bits at the first station by transmitting the addresses of said selected groupings of bits from the second station to the first station;
  
  whereby the encryption key is related to said subset of bits.
- View Dependent Claims (65)
- - 65. The structure of claim 64 wherein said first station is a first hub and said second station is a second hub.

66. Structure for securing the transmission of information from a sender to a receiver which comprises:
- means for selecting, at the receiver, from a first set of bits located at both the receiver and the sender, a first subset of bits;
  
  means for selecting, at the receiver, from said first set of bits located at both the receiver and the sender a second subset of bits, whereby the first subset of bits and the second subset of bits are identified by a first set of addresses and a second set of addresses, respectively;
  
  means for encrypting, at the receiver, the addresses of the second subset of bits with the bits in the first subset of bits; and
  
  means for transmitting to the sender the addresses of the first subset of bits and the encrypted addresses of the second subset of bits;
  
  thereby to allow the sender to encrypt the information to be transmitted from the sender to the receiver using the bits in the second subset of bits as determined by the sender from the addresses of the first subset of bits and the encrypted addresses of the second subset of bits transmitted from the receiver to the sender, the encrypted addresses of the second subset of bits being decrypted using the first subset of bits identified at the sender by their addresses.
- View Dependent Claims (67, 68, 69)
- - 67. The structure of claim 66 including:
    - means for using, at the sender, the addresses of the first subset of bits to identify the bits in said first subset and then using the bits in said first subset to decrypt the addresses of the second subset of bits thereby to identify the second subset of bits.
  - 68. The structure of claim 67 including:
    - means for using, at the sender, the second subset of bits to encrypt the information to be transmitted to the receiver.
  - 69. The structure of claim 67 including:
    - means for using, at the sender, the second subset of bits to derive an encryption key using an irreversible algorithm; and
      
      means for using said encryption key to encrypt the information to be transmitted from the sender to the receiver.

70. The method of providing an encryption key for securing transmission of information from a sender to a receiver which comprises:
- a. selecting a subset of bits at a receiver from a set of bits located at both the receiver and the sender, selected groupings of bits in said set of bits having unique addresses said bits in said subset of bits being uniquely identified by a unique subset of addresses;
  
  b. identifying the same subset of bits at the sender by transmitting the unique subset of addresses from the receiver to the sender;
  
  c. deriving at both the sender and the receiver an encryption key from said subset of bits;
  
  d. using said encryption key to encrypt at the sender information to be transmitted from the sender to the receiver;
  
  e. using at the receiver the same encryption key to decrypt the information transmitted from the sender to the receiver;
  
  f. discarding the encryption key upon completion of the transmission of information; and
  
  g. generating a new encryption key by repeating steps a through f for a subsequent transmission of information from the sender to the receiver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comdisco, Inc (Comdisco Holding Co., Inc.)
Original Assignee
Tristrata Security Incorporated
Inventors
Atalla, Martin M.
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
SAYADIAN, HRAYR

Application Number

US08/552,029
Time in Patent Office

1,426 Days
Field of Search

380/44, 380/21, 380/49, 380/50
US Class Current

380/44
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0861   Generation of secret inform...

H04L 9/0891   Revocation or update of sec...

Unified end-to-end security methods and systems for operating on insecure networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Unified end-to-end security methods and systems for operating on insecure networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links