File encryption method and system
DCFirst Claim
1. A method of protecting an information file from unauthorized access, which comprises the following steps:
- combining a constant value and a secret plural bit sequence in accordance with an algebraic function to shuffle bits, perform a first many-to-few bit mapping, and produce a first pseudo-random result;
performing a secure hash operation on said first pseudo-random result to effect a second many-to-few bit mapping and produce a second pseudo-random result;
extracting a pseudo-random, symmetric encryption key from said second pseudo-random result;
encrypting said information file in accordance with said pseudo-random, symmetric encryption key to form an encrypted information file; and
concatenating said constant value to a beginning of said encrypted information file.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A file security system is disclosed in which both a deterministic, non-predictable, pseudo-random, symmetric encryption key and an encrypted information file are highly resistant to cryptographic analysis or brute force trial-and-error attacks. The encryption key is formed by first combining a constant value and a secret E-Key Seed in accordance with a logic, algebraic, and/or encryption function to shuffle bits and perform a first many-to-few bit mapping to provide a first pseudo-random result, and by operating upon the result with a secure one-way hash algorithm to perform a second many-to-few bit mapping and thereby provide a pseudo-random message digest. The message digest may be truncated to provide a deterministic encryption key. The information file to be protected is then encrypted with the encryption key, and thereafter the encryption key is destroyed by the file manager of the host system. The encrypted information file and the constant value then are concatenated, and the result is operated upon by a secure hash algorithm to provide a message integrity code. The constant value and a constant value checksum are inserted as headers at the beginning of the encrypted file, and the message integrity code, a redundant constant value, and a redundant constant value checksum are added as trailers at the end of the encrypted file. Any alteration of the encrypted file is reflected by the message integrity code. If a comparison of the constant value and redundant constant value indicates a match, the encryption key may be regenerated. If no match occurs, the checksums are tested to determine which of the constant value and redundant constant value is correct in order to regenerate the encryption key.
-
Citations
19 Claims
-
1. A method of protecting an information file from unauthorized access, which comprises the following steps:
-
combining a constant value and a secret plural bit sequence in accordance with an algebraic function to shuffle bits, perform a first many-to-few bit mapping, and produce a first pseudo-random result; performing a secure hash operation on said first pseudo-random result to effect a second many-to-few bit mapping and produce a second pseudo-random result; extracting a pseudo-random, symmetric encryption key from said second pseudo-random result; encrypting said information file in accordance with said pseudo-random, symmetric encryption key to form an encrypted information file; and concatenating said constant value to a beginning of said encrypted information file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An information file structure stored on a memory system for protecting information exchanged between communication stations, which comprises:
-
an encrypted information file area for storing an encrypted information file which has been formed through use of an encryption key generated by combining a constant value and a secret E-Key Seed in accordance with an algebraic function and performing a secure hash operation on an output of said algebraic function; a plural bit trailer having a message integrity code field for storing a message integrity code which is generated by forming a concatenation of said constant value and said encrypted information file and operating upon said concatenation with said secure hash operation; and a plural bit header having a constant value field concatenated to a beginning of said encrypted information file for storing a constant value, and a checksum field concatenated to said beginning next to said constant value field for storing a checksum generated by performing a checksum bit sequence operation on said constant value. - View Dependent Claims (19)
-
Specification