File encryption method and system

US 6,049,612 A
Filed: 12/28/1998
Issued: 04/11/2000
Est. Priority Date: 03/10/1997
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method of protecting an information file from unauthorized access, which comprises the following steps:

combining a constant value and a secret plural bit sequence in accordance with an algebraic function to shuffle bits, perform a first many-to-few bit mapping, and produce a first pseudo-random result;

performing a secure hash operation on said first pseudo-random result to effect a second many-to-few bit mapping and produce a second pseudo-random result;

extracting a pseudo-random, symmetric encryption key from said second pseudo-random result;

encrypting said information file in accordance with said pseudo-random, symmetric encryption key to form an encrypted information file; and

concatenating said constant value to a beginning of said encrypted information file.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A file security system is disclosed in which both a deterministic, non-predictable, pseudo-random, symmetric encryption key and an encrypted information file are highly resistant to cryptographic analysis or brute force trial-and-error attacks. The encryption key is formed by first combining a constant value and a secret E-Key Seed in accordance with a logic, algebraic, and/or encryption function to shuffle bits and perform a first many-to-few bit mapping to provide a first pseudo-random result, and by operating upon the result with a secure one-way hash algorithm to perform a second many-to-few bit mapping and thereby provide a pseudo-random message digest. The message digest may be truncated to provide a deterministic encryption key. The information file to be protected is then encrypted with the encryption key, and thereafter the encryption key is destroyed by the file manager of the host system. The encrypted information file and the constant value then are concatenated, and the result is operated upon by a secure hash algorithm to provide a message integrity code. The constant value and a constant value checksum are inserted as headers at the beginning of the encrypted file, and the message integrity code, a redundant constant value, and a redundant constant value checksum are added as trailers at the end of the encrypted file. Any alteration of the encrypted file is reflected by the message integrity code. If a comparison of the constant value and redundant constant value indicates a match, the encryption key may be regenerated. If no match occurs, the checksums are tested to determine which of the constant value and redundant constant value is correct in order to regenerate the encryption key.

Citations

19 Claims

1. A method of protecting an information file from unauthorized access, which comprises the following steps:
- combining a constant value and a secret plural bit sequence in accordance with an algebraic function to shuffle bits, perform a first many-to-few bit mapping, and produce a first pseudo-random result;
  
  performing a secure hash operation on said first pseudo-random result to effect a second many-to-few bit mapping and produce a second pseudo-random result;
  
  extracting a pseudo-random, symmetric encryption key from said second pseudo-random result;
  
  encrypting said information file in accordance with said pseudo-random, symmetric encryption key to form an encrypted information file; and
  
  concatenating said constant value to a beginning of said encrypted information file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method set forth in claim 1 above further including the steps of:
    - combining said encrypted information file and said constant value to form a concatenation;
      
      performing a secure hash operation on said concatenation to form a message integrity code;
      
      performing a checksum bit sequence operation on said constant value to form a checksum;
      
      interjecting said checksum between said constant value and said encrypted information file; and
      
      adding as a trailer at the end of said encrypted information file said message integrity code, said constant value, and said checksum.
  - 3. The method of claim 1 wherein said step of combining includes a plurality of algebraic functions.
  - 4. The method of claim 1 wherein said step of combining includes one or more logic functions.
  - 5. The method of claim 1 wherein said step of combining includes one or more cryptographic functions.
  - 6. The method of claim 1 further including the steps of:
    - combining said encrypted information file and said constant value to form a concatenation;
      
      performing said secure hash operation on said concatenation to form a message integrity code;
      
      adding said message integrity code as a trailer after said encrypted information file;
      
      performing a checksum bit sequence operation on said constant value to form a checksum;
      
      adding said checksum after said constant value at said beginning of said encrypted information file;
      
      adding said constant value as a redundant constant value to said trailer at an end of said encrypted information file after said message integrity code;
      
      adding said checksum as a redundant checksum to said trailer at said end of said encryption information file after said redundant constant value;
      
      testing said message integrity code to determine whether information file integrity has been lost;
      
      if information file integrity has not been lost, comparing said constant value with said redundant constant value to determine whether a match occurs to indicate that said pseudo-random symmetric, encryption key may be regenerated;
      
      if information file integrity has been lost, testing said checksum and said redundant checksum to determine which of said constant value and said redundant constant value is correct; and
      
      regenerating said pseudo-random, symmetric encryption key by using a correct one of said constant value and said redundant constant value.
  - 7. The method of claim 1, wherein said secret plural bit sequence has a binary length that is larger than that of said constant value.
  - 8. The method of claim 2, wherein said checksum bit sequence operation is a CRC-16 checksum operation.
  - 9. The method of claim 2, wherein said checksum bit sequence operation is a CRC-32 checksum operation.
  - 10. The method set forth in claim 1, wherein said constant value is a data file having plural bit fields including a length byte field, an E-Key Seed ID field, an encryption algorithm field, an original file extension field, an author-owner field, a summary information field, an audit entry field, and a checksum field.
  - 11. The method of claim 1, wherein said pseudo-random, symmetric encryption key also is deterministic and non-predictable.
  - 12. The method of claim 6, wherein said pseudo-random, symmetric encryption key also is deterministic and non-predictable.
  - 13. The method of claim 1, wherein any hash function is substituted for said secure hash function.
  - 14. The method of claim 1, wherein the steps of combining and performing are executed n times, and each said second pseudo-random result is concatenated to a previous said second pseudo-random result for an increased bit length of said pseudo-random, symmetric encryption key.
  - 15. The method of claim 2, wherein said checksum bit sequence operation is any error correction algorithm for reconstructing said constant value.
  - 16. The method of claim 1, wherein said algebraic function is replaced by plural bit-shuffling functions.
  - 17. The method of claim 1, wherein said pseudo-random, symmetric encryption key is destroyed after said information file is encrypted.

18. An information file structure stored on a memory system for protecting information exchanged between communication stations, which comprises:
- an encrypted information file area for storing an encrypted information file which has been formed through use of an encryption key generated by combining a constant value and a secret E-Key Seed in accordance with an algebraic function and performing a secure hash operation on an output of said algebraic function;
  
  a plural bit trailer having a message integrity code field for storing a message integrity code which is generated by forming a concatenation of said constant value and said encrypted information file and operating upon said concatenation with said secure hash operation; and
  
  a plural bit header having a constant value field concatenated to a beginning of said encrypted information file for storing a constant value, and a checksum field concatenated to said beginning next to said constant value field for storing a checksum generated by performing a checksum bit sequence operation on said constant value.
- View Dependent Claims (19)
- - 19. The information file structure of claim 18, further including:
    - a redundant constant value field having stored therein said constant value, and located next to said message integrity code field in said plural bit trailer; and
      
      a redundant checksum field having stored therein said checksum, and located next to said redundant constant value field in said plural bit trailer.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
RPX Corporation
Original Assignee
The PacID Group, LLC (Marathon Patent Group, Inc.)
Inventors
Fielder, Guy L., Alito, Paul N.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US09/221,521
Time in Patent Office

470 Days
Field of Search

380/3, 380/25, 380/44, 706/41
US Class Current

380/44
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2107   File encryption

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3236   using cryptographic hash fu...

File encryption method and system

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

File encryption method and system

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links