Method of and system for encryption and authentication

US 8,775,792 B2
Filed: 06/09/2006
Issued: 07/08/2014
Est. Priority Date: 06/10/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of secured communication over a networked system comprising:

a first party;

splitting, using at least one processor, a secure data message into two or more separate messages, said secure data message including a request for access to data held by a second party and said secure data message including an encrypted message, each separate message encrypted with a different key and including at least some unique portion of said secure data message, said two or more separate messages collectively preserving information contained in said secure data message; and

transmitting each of said two or more separate messages to a separate gatekeeper;

each of said separate gatekeepers;

receiving a respective one of said separate messages;

receiving a partial data set from said second party;

securely processing the one of said separate messages by comparing the one of said separate messages to the partial data set, securely processing the one of said separate messages including separately protecting and storing the one of said separate messages;

generating a pass code responsive to comparing the one of said separate messages to the partial data set; and

transmitting the one of said separate messages and the pass code to the second party;

said second party;

receiving the one of said separate messages and the pass code from each of said separate gatekeepers;

generating an authentication code;

splitting up said authentication code into two or more parts;

separately encrypting said two or more parts;

transmitting said two or more parts to separate gateways configured to forward the encrypted parts to a user so that they are re-assembled and decrypted; and

re-assembling each of the one of said separate messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method of and system for networked security, involving multiple clients and servers. Rather than relying on single server based authentication and/or single stream based data transmission, the invention breaks apart information before if leaves the User'"'"'s computer so that intercepting any single electronic message does not provide the hacker with sufficient information to gain access. The invention splits the values (i.e. password, User name, card number for authorization; encrypted text for encryption, etc.) at the point of sender/external authorization client. These split values are encrypted with different keys and transmitted to multiple external authorization servers. The invention can be applied to any secure transmission, storage or authentication of data over a data network.

18 Citations

View as Search Results

19 Claims

1. A method of secured communication over a networked system comprising:
- a first party;
  
  splitting, using at least one processor, a secure data message into two or more separate messages, said secure data message including a request for access to data held by a second party and said secure data message including an encrypted message, each separate message encrypted with a different key and including at least some unique portion of said secure data message, said two or more separate messages collectively preserving information contained in said secure data message; and
  
  transmitting each of said two or more separate messages to a separate gatekeeper;
  
  each of said separate gatekeepers;
  
  receiving a respective one of said separate messages;
  
  receiving a partial data set from said second party;
  
  securely processing the one of said separate messages by comparing the one of said separate messages to the partial data set, securely processing the one of said separate messages including separately protecting and storing the one of said separate messages;
  
  generating a pass code responsive to comparing the one of said separate messages to the partial data set; and
  
  transmitting the one of said separate messages and the pass code to the second party;
  
  said second party;
  
  receiving the one of said separate messages and the pass code from each of said separate gatekeepers;
  
  generating an authentication code;
  
  splitting up said authentication code into two or more parts;
  
  separately encrypting said two or more parts;
  
  transmitting said two or more parts to separate gateways configured to forward the encrypted parts to a user so that they are re-assembled and decrypted; and
  
  re-assembling each of the one of said separate messages.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein said secure data message is split using a partitioning algorithm.
  - 3. The method of claim 2 wherein said partitioning algorithm comprises a sliding algorithm.
  - 4. The method of claim 2 wherein said partitioning algorithm comprises a non-sliding algorithm.
  - 5. The method of claim 2 wherein the contents of said two or more separate messages overlap.
  - 6. The method of claim 2 wherein the contents of said two or more separate messages do not overlap.
  - 7. The method of claim 1 wherein said request for access to data includes data selected from a group consisting of a Username, a password, a passphrase and a User identifier.
  - 8. The method of claim 1 wherein said second party includes an authentication server.
  - 9. The method of claim 1 wherein said first party is selected from a group consisting of:
    - a personal computer;
      
      a cellular telephone;
      
      a personal digital assistant (PDA);
      
      a portable music player;
      
      a wireless email device;
      
      a portable video player; and
      
      other electronic communication device.
  - 10. The method of claim 1 wherein said encrypted message comprises an encrypted text message.
  - 11. The method of claim 1 wherein said secure data message comprises an email message.
  - 12. The method of claim 1 wherein said transmitted separate messages further comprise decoy messages.
  - 13. The method of claim 1 wherein said second party comprises a secure server.
  - 14. The method of claim 1 wherein said second party comprises a firewalled server which will only communicate with said separate gatekeepers.
  - 15. The method of claim 1 wherein said secure data message is of a type selected from a group consisting of:
    - high security documents;
      
      digital media files, including movies and music files;
      
      financial transaction data;
      
      authentication codes;
      
      any document requiring absolute verifiable sources;
      
      live video transmissions, including corporate digital conferences, Closed Circuit Television (CCTV), or subscription and fee based broadcasts;
      
      electronic voting;
      
      Radio Frequency Identification (RFID) tags; and
      
      transmission of biometric authentication date.
  - 16. The method of claim 1 wherein said secured communication is applied to a system selected from a group consisting of:
    - unencrypted file transmission with enhanced error correction;
      
      automatic protection against server level viruses via checksum matching;
      
      use of multiple routing in protected server to counter denial-of-service (DOS) attacks;
      
      network authentication for Financial transactions or Network logons;
      
      wireless Data Transmission for Modified Wired Equivalent Privacy (WEP) encryption or Multiple broadcast point transmission;
      
      secure networked storage and retrieval of data;
      
      use of splitting via multiple processors in addition to multiple servers; and
      
      splitting via multiple processors applied to a single computer rather than a network of computers or servers.
  - 17. The method of claim 1 wherein said secure data message is securely stored at said first party, said first party including a storage server, and said second party including a user computer device retrieving from the storage server said secure data message.

18. A method of authentication comprising:
- generating identification data for a user;
  
  dividing, using at least one processor, said identification data into two or more separate sets, each of the separate sets encrypted with a different key and including at least some unique portion of the identification data, the separate sets collectively including information contained in said identification data;
  
  protecting each of said two or more separate sets; and
  
  transmitting each of said two or more separate protected sets of data to two or more intermediate servers;
  
  said two or more intermediate servers;
  
  receiving a partial set of data from an authentication server;
  
  comparing the two or more separate protected sets of data to the partial set of data and storing the two or more separate protected sets of data;
  
  generating a pass code responsive to comparing the two or more separate protected sets of data to the partial set of data; and
  
  forwarding said two or more separate protected sets of data and the pass code to the authentication server;
  
  said authentication server;
  
  generating an authentication code;
  
  splitting up said authentication code into two or more parts;
  
  separately encrypting said two or more parts;
  
  transmitting said two or more parts to separate gateways configured to forward the encrypted parts to a user for reassembly and decryption; and
  
  re-assembling the two or more separate protected sets of data and determining whether access should be granted to said user.

19. A system for secured communication comprising:
- a first computer device operable to;
  
  split a secure data message into two or more separate messages, said secure data message including a request for access to data of a second device and said secure data message including an encrypted message, each separate message encrypted with a different key and including at least some unique portion of said secure data message, and said two or more separate messages collectively preserving information contained in said secure data message; and
  
  transmit each of said two or more separate messages to a separate gatekeeper;
  
  each of said separate gatekeepers having a processor operable to;
  
  receive a respective one of said separate messages;
  
  receive a partial data set from the second device;
  
  securely process the one of said separate messages by comparing the one of said separate messages to the partial data set and by separately protecting and storing the one of said separate messages;
  
  generate a pass code responsive to the comparison of the one of said separate messages to the partial data set; and
  
  transmit the one of said separate messages and the pass code to the second device;
  
  said second computer device being operable to;
  
  receive the one of said separate messages and the pass code from each of said separate gatekeepers;
  
  generate an authentication code;
  
  split up said authentication code into two or more parts;
  
  separately encrypt said two or more parts;
  
  transmit said two or more parts to separate gateways configured to forward the encrypted parts to a user so that they are re-assembled and decrypted;
  
  re-assemble each of the one of said separate messages;
  
  said first device, second device and separate gatekeepers interconnected via a communication network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Elevator Software Corporation
Original Assignee
Strue Incorporated
Inventors
MacLeod, Jordan Bruce, Davies, Traverse A. Sr.
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/917,136
Publication Number

US 20090034725A1
Time in Patent Office

2,951 Days
Field of Search

709/238, 713/153
US Class Current

713/153
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/02   for separating internal fro...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/18   using different networks or...

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

Method of and system for encryption and authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method of and system for encryption and authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links