Virtual matrix encryption (VME) and virtual key cryptographic method and apparatus

US 6,219,421 B1
Filed: 10/24/1997
Issued: 04/17/2001
Est. Priority Date: 10/24/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:

generating a matrix of possible unencrypted data values; and

for a given unencrypted data value;

locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and

prior to having completed encryption of the data message, changing a location of a given unencrypted data value within the matrix in a pseudo random fashion;

wherein the change in location of the given unencrypted data value within the matrix does not reveal a new location of other different unencrypted data values.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data security method and apparatus that provides an exceptional degree of security at low computational cost. The data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (arbitrarily large), continuously-changing array of values. The encryption technique is therefore referred to as Virtual Matrix Encryption. Furthermore, the data security arrangement uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure message and a computer used to receive a secure message. The term Virtual Key Cryptographic as used herein to refer to techniques in which a key is recreated at a remote location from an electronic file without any transmission of the key itself. The file may be a system file, a file downloaded from the Internet, etc. A smaller, transaction-specific key, e.g., a 2,048 bit key, is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key.

60 Citations

View as Search Results

16 Claims

1. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
- generating a matrix of possible unencrypted data values; and
  
  for a given unencrypted data value;
  
  locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and
  
  prior to having completed encryption of the data message, changing a location of a given unencrypted data value within the matrix in a pseudo random fashion;
  
  wherein the change in location of the given unencrypted data value within the matrix does not reveal a new location of other different unencrypted data values.
- View Dependent Claims (2)
- - 2. The method of claim 1 comprising the further steps of:

3. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
- encrypting an unencrypted data value multiple times using a plurality of encryption algorithms arranged in pipeline fashion, at least one of said encryption algorithms using a random number obtained from a random number generator seeded with a predetermined parameter of the encryption process;
  
  wherein one of a plurality of encryption algorithms comprises generating a matrix of possible unencrypted data values and, for a given unencrypted data value;
  
  locating the unencrypted data value in the matrix and substituting for the given unencrypted data value a pointer to the unencrypted data value within the matrix; and
  
  changing a location of a given unencrypted data value within the matrix.

4. A method of securely exchanging a data message between a first user and a second user using a common cryptographic key without exchanging the key, the method comprising the steps of:
- specifying a computer file of arbitrary size commonly available to both the first user and the second user;
  
  the first user using the computer file of arbitrary size to generate the common key and encrypt the data message, the common key being of a predetermined large size;
  
  transmitting the encrypted message to the second user through an in-band channel; and
  
  the second user using the computer file to generate the common key and decrypt the data message, wherein the common key generating steps do not require the computer file to be of a predetermined size.
- View Dependent Claims (5, 15, 16)
- - 5. The method of claim 4, comprising the further steps of:
15. The method of claim 4, wherein a copy of the computer file is local to the first and second user.
16. The method of claim 15, wherein the computer file has a primary purpose other than in the cryptographic algorithm.

6. Using a copy of a program having an assigned serial number, a method of encrypting a data message so as to allow decryption of the data message only by a specified target audience, the method comprising the steps:
- specifying a target audience and selecting a variable length portion of the serial number;
  
  performing a sequence of operations on the variable length portion to form a key; and
  
  using the key during encryption of the data message.
- View Dependent Claims (7, 8, 9)
- - 7. The method of claim 6 wherein the variable length portion is of 0 length, and the specified target audience includes all users of said program, regardless of serial number.
  - 8. The method of claim 6 wherein the variable length portion is of maximum length, and the specified target audience includes only the user of a copy of said program bearing a specific serial number.
  - 9. The method of claim 6 wherein the variable length portion is of an intermediate length, and the specified target audience includes users of copies of said program bearing serial numbers having a common portion and a distinct portion.

10. A method of encrypting a data message comprising a series of unencrypted data values, comprising the steps of:
- generating a random number;
  
  deriving a random value using said random number; and
  
  logically combining said random value with a data value to be encrypted, wherein different bits of the data value to be encrypted are randomly toggled from one logical state to another logical state.

11. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
- providing a multiplicity N of encryption algorithms;
  
  generating a random number;
  
  deriving a random value using said random number; and
  
  performing an N-way branch and encrypting the data value to be encrypted using a random one of said N encryption algorithms.

12. A method of encrypting a data message comprising a series of unencrypted data values, the method comprising the steps of:
- building a matrix of paired values, values of a pair being multiplicative inverses of one another in accordance with modulo arithmetic;
  
  scrambling the matrix;
  
  generating a random number;
  
  deriving a random value using said random number;
  
  selecting a pair of values based on said random number; and
  
  encrypting a data value to be encrypted by multiplying it by one value of said pair of values.

13. A method of encrypting a data message comprising a series of data values to produce an encrypted data message, the method comprising the steps of:
- a user specifying a date limit restricting the dates on which the data message may be decrypted;
  
  deriving from the data limit a derived key; and
  
  encrypting the data message using at least the derived key.

14. A method of decrypting an encrypted data message having combined therewith an encrypted date limit restricting the dates on which the encrypted data message may be decrypted, the method comprising the steps of:
- deriving from the current date a derived key; and
  
  attempting to decrypt the encrypted data message using at least the derived key;
  
  wherein, if the current date does not correspond to a date limit imposed during encryption, decryption fails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Shaul O. Backal
Original Assignee
Shaul O. Backal
Inventors
Backal, Shaul O.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
SEAL, JAMES

Application Number

US08/957,288
Time in Patent Office

1,271 Days
Field of Search

380/28, 380/57
US Class Current

380/28
CPC Class Codes

H04L 9/0827   involving distinctive inter...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/16   the keys or algorithms bein...

Virtual matrix encryption (VME) and virtual key cryptographic method and apparatus

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual matrix encryption (VME) and virtual key cryptographic method and apparatus

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links