Virtual encryption scheme combining different encryption operators into compound-encryption mechanism
First Claim
1. A method for controllably encrypting data to be transmitted over a communication path between a data source and a data recipient, comprising the steps of:
- (a) providing a plurality of respectively different data encryption operators each of which is capable of encrypting said data into an unintelligible form for transmission over said communication path; and
(b) successively passing said data to be transported over said communication path through said plurality of respectively different encryption operators that are assembled in a cascaded sequence to produce a multiple-encrypted data stream.
0 Assignments
0 Petitions
Accused Products
Abstract
A ‘virtual’ encryption scheme combines selected ones of plurality of different encryption operators stored in an encryption operator database into a compound sequence of encryption operators. Data to be transported from a data source site, such as a user workstation, to a data recipient site, such as another workstation, is sequentially encrypted by performing a compound sequential data flow through this sequence prior to transmission. Because of the use of successively different encryption operators, the final output of the sequence will be a compound-encrypted data stream that has no readily discernible encryption footprint. Therefore, even if a skilled data communications usurper possesses a decryption key for each encryption operators, there is a very low likelihood that he would be able to recognize the characteristics of any individual encryption operator. Moreover, without knowledge of the sequence of encryption operators a potential usurper will be forced to operate under a severe resource penalty that makes decryption of such a compound sequence a practical impossibility. At the recipient end of the data communications path, the recovery process involves the use of a complementary virtual decryption scheme that is the exact reverse of that used at the data source site.
18 Citations
5 Claims
-
1. A method for controllably encrypting data to be transmitted over a communication path between a data source and a data recipient, comprising the steps of:
-
(a) providing a plurality of respectively different data encryption operators each of which is capable of encrypting said data into an unintelligible form for transmission over said communication path; and
(b) successively passing said data to be transported over said communication path through said plurality of respectively different encryption operators that are assembled in a cascaded sequence to produce a multiple-encrypted data stream. - View Dependent Claims (2, 3)
(d) transporting said multiple-encrypted data stream over said communication path to said data recipient; and
(e) passing said multiple-encrypted data data stream through a sequence of respectively different data decryption operators that respectively decrypt said multiple-encrypted data stream so as to recover said data.
-
-
4. A system for controllably encrypting data to be transmitted over a communication path between a data source and a data recipient, comprising:
-
a database containing a plurality of respectively different data encryption operators;
an access code generator which is operative to generate a cascaded sequence of access codes, immediately successive ones of which are different from one another, and each of which is associated with a respectively different one of said data encryption operators stored in said database; and
a signal processor which is operative to controllably subject data to be transported over said communication path to a sequence of respectively different data encryption operators accessed from said data based in accordance with a cascaded sequence of access codes generated by said access code generator, so as to produce a compound-encrypted data stream. - View Dependent Claims (5)
at said data recipient site, a data decryption operator database which stores a plurality of respectively different data decryption operators;
an address code generator which generates a sequence of access codes, each of which is associated with a respective one of said data decryption operators stored in said data decryption database, and is operative to cause a sequence of data decryption operators to be accessed from said data decryption database in accordance with the reverse order of said sequence of data encryption operators that produced said compound-encrypted data stream; and
a further signal processor which is operative to apply said compound-encrypted data stream that has been transported over said communication path to said data recipient site through said sequence of data decryption operators accessed from said decryption operator database to recover said data.
-
Specification