Exponential data transform to enhance security

US 8,737,608 B2
Filed: 03/02/2012
Issued: 05/27/2014
Est. Priority Date: 08/12/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A data transformer, comprising:

an input port to receive data including a plurality of bits;

a padder to pad said data to a predetermined number of bits;

a divider to divide said padded data into a first segment and a second segment;

a calculator to compute an exponential permutation of said padded data using said first segment, said second segment, and a predefined modulus; and

an output port to output said first segment and said exponential permutation as transformed data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data input is divided into two segments. The second segment is raised to a power of a function of the first segment, the power being relatively prime to a function of a predefined modulus. The modulus is then applied to the result. The transformed data is assembled from the first segment and the remainder modulo the modulus. This data transformation can be applied in combination with a key derivation algorithm, a key wrapping algorithm, or an encryption algorithm to enhance the security of these other applications.

48 Citations

24 Claims

1. A data transformer, comprising:
- an input port to receive data including a plurality of bits;
  
  a padder to pad said data to a predetermined number of bits;
  
  a divider to divide said padded data into a first segment and a second segment;
  
  a calculator to compute an exponential permutation of said padded data using said first segment, said second segment, and a predefined modulus; and
  
  an output port to output said first segment and said exponential permutation as transformed data.
- View Dependent Claims (2, 3, 4)
- - 2. A data transformer according to claim 1, wherein the calculator includes an implementation of a first formula to compute a power as a function of said first segment, said power being relatively prime to a function of said predefined modulus.
  - 3. A data transformer according to claim 2, wherein the calculator further includes an implementation of a second formula to compute a result of raising a function of said second segment to said power.
  - 4. A data transformer according to claim 3, wherein the calculator further includes an implementation of a third formula to compute said exponential permutation as said result modulo said predefined modulus.

5. A data security device, comprising:
- a data transformer, including;
  
  an input port to receive data including a plurality of bits;
  
  a padder to pad said data to a predetermined number of bits;
  
  a divider to divide said padded data into a first segment and a second segment;
  
  a calculator to compute an exponential permutation of said padded data using said first segment, said second segment, and a predefined modulus, including;
  
  an implementation of a first formula to compute a power as a function of said first segment, said power being relatively prime to a function of said predefined modulus;
  
  an implementation of a second formula to compute a result of raising a function of said second segment to said power; and
  
  an implementation of a third formula to compute said exponential permutation as said result modulo said predefined modulus; and
  
  an output port to output said first segment and said exponential permutation as transformed data; and
  
  an implementation of a security algorithm to secure said transformed data.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. A data security device according to claim 5, wherein:
    - said data includes a master key; and
      
      the implementation of a security algorithm includes an implementation of a key derivation function to use said transformed data to generate a derivative key of said master key.
  - 7. A data security device according to claim 5, wherein:
    - said data includes a key to be wrapped; and
      
      the implementation of said security algorithm includes an implementation of a key wrapping function to wrap said transformed data.
  - 8. A data security device according to claim 7, wherein the implementation of said key wrapping function includes an implementation of RSA to wrap said transformed data.
  - 9. A data security device according to claim 5, wherein the implementation of said security algorithm includes an implementation of an encryption algorithm to use said transformed data as a key to encrypt a second data.
  - 10. A data security device according to claim 9, wherein the implementation of said security algorithm includes an implementation of AES to use said key to encrypt said second data.
  - 11. A data security device according to claim 5, further comprising a second divider to divide an input into at least two blocks, the data transformer operative separately on each block.
  - 12. A data security device according to claim 11, further comprising a combiner to combine a result of the data transformer on each block into a single transformed data to be secured by the implementation of said security algorithm.

13. A method for generating a data transform, comprising:
- receiving data, the data including a plurality of bits;
  
  padding the data to a predetermined number of bits;
  
  dividing the padded data into a first segment and a second segment, each of the first segment and the second segment including at least one bit;
  
  computing an exponential permutation using the first segment, the second segment, and a predefined modulus; and
  
  constructing the data transform from the first segment and the exponential permutation.
- View Dependent Claims (14, 15, 16)
- - 14. A method according to claim 13, wherein computing an exponential permutation includes computing a power as a function of the first segment, the power being relatively prime to a function of the predefined modulus.
  - 15. A method according to claim 14, wherein computing an exponential permutation further includes computing a result of raising a function of the second segment to the power.
  - 16. A method according to claim 15, wherein computing an exponential permutation further includes computing the exponential permutation as the result modulo the predefined modulus.

17. A method for enhancing security of data, comprising:
- transforming the data, including;
  
  receiving data, the data including a plurality of bits;
  
  padding the data to a predetermined number of bits;
  
  dividing the padded data into a first segment and a second segment, each of the first segment and the second segment including at least one bit;
  
  computing a power as a function of the first segment, the power being relatively prime to a function of a predefined modulus;
  
  computing a result of raising a function of the second segment to the power;
  
  computing an exponential permutation as the result modulo the predefined modulus; and
  
  constructing the data transform from the first segment and the computed exponential permutation; and
  
  applying an implementation of a security algorithm to the data transform to secure the data transform.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. A method according to claim 17, wherein:
    - receiving the data includes receiving a master key from which to generate a derivate key; and
      
      applying an implementation of a security algorithm includes applying an implementation of a key derivation function to the data transform to generate the derivative key of the master key.
  - 19. A method according to claim 18, wherein applying an implementation of a key derivation function includes:
    - combining the transformed data with an encoded counter to produce a combined result;
      
      securely hashing the combined result to produce a hash; and
      
      selecting a subset of bits in the hash as the derivative key.
  - 20. A method according to claim 17, wherein:
    - receiving the data includes receiving a key to be wrapped as the data; and
      
      applying an implementation of a security algorithm includes applying an implementation of a key wrapping function to wrap the data transform.
  - 21. A method according to claim 20, wherein applying an implementation of a key wrapping function includes applying an implementation of RSA to wrap the data transform.
  - 22. A method according to claim 17, wherein applying an implementation of a security algorithm includes applying an implementation of an encryption algorithm using the data transform as a key to encrypt a second data.
  - 23. A method according to claim 22, wherein applying an implementation of an encryption algorithm includes applying an implementation of AES using the data transform as the key to encrypt the second data.
  - 24. A method according to claim 22, further comprising:
    - dividing an input into at least two blocks, transforming each block separately; and
      
      combining a result of the data transformation on each block into a single transformed data to be secured by the application of the implementation of the security algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CMLA LLC
Original Assignee
CMLA LLC
Inventors
Damgaard, Ivan Bjerre, Pedersen, Torben Pryds, Rijmen, Vincent
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US13/410,807
Publication Number

US 20120163591A1
Time in Patent Office

816 Days
Field of Search

None
US Class Current

380/44
CPC Class Codes

H04L 9/0861 Generation of secret inform...

Exponential data transform to enhance security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Exponential data transform to enhance security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links