Virtual matrix encryption (VME) and virtual key cryptographic method and apparatus
First Claim
1. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
- generating a matrix of possible unencrypted data values; and
for a given unencrypted data value;
locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and
prior to having completed encryption of the data message, changing a location of a given unencrypted data value within the matrix in a pseudo random fashion;
wherein the change in location of the given unencrypted data value within the matrix does not reveal a new location of other different unencrypted data values.
0 Assignments
0 Petitions
Accused Products
Abstract
A data security method and apparatus that provides an exceptional degree of security at low computational cost. The data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (arbitrarily large), continuously-changing array of values. The encryption technique is therefore referred to as Virtual Matrix Encryption. Furthermore, the data security arrangement uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure message and a computer used to receive a secure message. The term Virtual Key Cryptographic as used herein to refer to techniques in which a key is recreated at a remote location from an electronic file without any transmission of the key itself. The file may be a system file, a file downloaded from the Internet, etc. A smaller, transaction-specific key, e.g., a 2,048 bit key, is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key.
60 Citations
16 Claims
-
1. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
-
generating a matrix of possible unencrypted data values; and
for a given unencrypted data value;
locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and
prior to having completed encryption of the data message, changing a location of a given unencrypted data value within the matrix in a pseudo random fashion;
wherein the change in location of the given unencrypted data value within the matrix does not reveal a new location of other different unencrypted data values.- View Dependent Claims (2)
successively subtracting from one of an unencrypted data value and a previously encrypted data value each of a plurality of predetermined parameters;
wherein the predetermined parameters are selected so as to ensure that a machine limit on number representation is encountered.
-
-
3. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
-
encrypting an unencrypted data value multiple times using a plurality of encryption algorithms arranged in pipeline fashion, at least one of said encryption algorithms using a random number obtained from a random number generator seeded with a predetermined parameter of the encryption process;
wherein one of a plurality of encryption algorithms comprises generating a matrix of possible unencrypted data values and, for a given unencrypted data value;
locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and
changing a location of a given unencrypted data value within the matrix.
-
-
4. A method of securely exchanging a data message between a first user and a second user using a common cryptographic key without exchanging the key, the method comprising the steps of:
-
specifying a computer file of arbitrary size commonly available to both the first user and the second user;
the first user using the computer file of arbitrary size to generate the common key and encrypt the data message, the common key being of a predetermined large size;
transmitting the encrypted message to the second user through an in-band channel; and
the second user using the computer file to generate the common key and decrypt the data message, wherein the common key generating steps do not require the computer file to be of a predetermined size. - View Dependent Claims (5, 15, 16)
generating a session specific key;
transmitting the session specific key through the in-band channel; and
using the session specific key to scramble the common key prior to using the common key.
-
-
15. The method of claim 4, wherein a copy of the computer file is local to the first and second user.
-
16. The method of claim 15, wherein the computer file has a primary purpose other than in the cryptographic algorithm.
-
6. Using a copy of a program having an assigned serial number, a method of encrypting a data message so as to allow decryption of the data message only by a specified target audience, the method comprising the steps:
-
specifying a target audience and selecting a variable length portion of the serial number;
performing a sequence of operations on the variable length portion to form a key; and
using the key during encryption of the data message. - View Dependent Claims (7, 8, 9)
-
-
10. A method of encrypting a data message comprising a series of unencrypted data values, comprising the steps of:
-
generating a random number;
deriving a random value using said random number; and
logically combining said random value with a data value to be encrypted, wherein different bits of the data value to be encrypted are randomly toggled from one logical state to another logical state.
-
-
11. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
-
providing a multiplicity N of encryption algorithms;
generating a random number;
deriving a random value using said random number; and
performing an N-way branch and encrypting the data value to be encrypted using a random one of said N encryption algorithms.
-
-
12. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
-
building a matrix of paired values, values of a pair being multiplicative inverses of one another in accordance with modulo arithmetic;
scrambling the matrix;
generating a random number;
deriving a random value using said random number;
selecting a pair of values based on said random number; and
encrypting a data value to be encrypted by multiplying it by one value of said pair of values.
-
-
13. A method of encrypting a data message comprising a series of data values to produce an encrypted data message, the method comprising the steps of:
-
a user specifying a date limit restricting the dates on which the data message may be decrypted;
deriving from the data limit a derived key; and
encrypting the data message using at least the derived key.
-
-
14. A method of decrypting an encrypted data message having combined therewith an encrypted date limit restricting the dates on which the encrypted data message may be decrypted, the method comprising the steps of:
-
deriving from the current date a derived key; and
attempting to decrypt the encrypted data message using at least the derived key;
wherein, if the current date does not correspond to a date limit imposed during encryption, decryption fails.
-
Specification