Cryptography – Communication system using cryptography – Data stream/substitution enciphering
Reexamination Certificate
1999-05-10
2003-02-25
Barron, Gilberto (Department: 2766)
Cryptography
Communication system using cryptography
Data stream/substitution enciphering
C380S028000
Reexamination Certificate
active
06526145
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates generally to encryption techniques and in particular to a computer implemented software data encryptor/decryptor.
Computer cryptography, securing secret data, private data and authentication of information using software data encryption is an ongoing concern in the public and private sectors. Use of file based and device driver encryption is secure to the extent of the unknown key(s). Personal computers with a standard operating system such as DOS that uses device driver encryption/decryption are bound to I/O overhead, reside in random access memory and can expose a method of encryption. Device driver cryptosystems are useful for elimination of file specific encryption/decryption and are virtually transparent to the user.
Firmware cryptosystems like device driver cryptosystems are virtually transparent to the user. Physically implemented firmware cryptosystems require hardware embedded attachment that exposes a method of encryption, and can be bound to I/O overhead. Firmware cryptosystems generally require transported cipher data to a target machine to have the same hardware embedded attachment as a deciphering agent. This can be a cumbersome approach when wide area networks are involved and/or many PC's are involved in the process.
Private key cryptosystems generally require the secret key(s) used for encryption as the key(s) used for decryption. Public key cryptosystems generally used over networks generate a public and private key from a mathematical computational process. The generated private key is kept secret and should only be known by the recipient. The sender uses the public key to encrypt the data file or message and the recipient decrypts the data with his or her private key. Under a public key cryptosystem only the recipient's private key can decrypt the message data. Public key cryptosystems require at least two keys and a process to generate the keys
The present invention discloses a “data encryptor/decryptor using variable in-place I/O” and addresses on standard operating systems such as DOS and WINDOWS private key cryptosystem capability with varying degrees of data security for private use as well as public use over networks and other distribution channels. The present invention can also be used for data authentication and digital signatures.
Data authentication is used for proof of authentic, non-corrupted reproduction of data. Cryptographic processes can be used for authentication because of the level of mathematical proofs required for verification of an authentic binary dataset.
Use of the present invention method and apparatus as a process for authentication is achieved by applying an expected binary dataset authenticity certificate and/or digital signature to the data encrypted. Decryption of the dataset that includes the authenticity certificate and/or digital signature guarantees a perfect binary equivalent of the original data when the certificates and/or digital signatures match as binary equivalents or are validated as expected.
SUMMARY OF THE INVENTION
The present invention provides for a “data encryptor/decryptor using variable in-place I/O”, preferably in the form of computer software. The software can be installed on a hard drive, or be loaded on a floppy disk and run therefrom. Though not preferred, the process can also be burned into ROM. The present invention provides a method and apparatus which is implemented for private key cryptosystems and can be used in conjunction with public key cryptosystems. The invention processes dataset(s) and/or file(s) based on binary representation. The symbol “{circumflex over ( )}” will be used throughout the disclosure to represent the exponential symbol. Thus, “2{circumflex over ( )}8” will mean “two to the eighth” or “two hundred and fifty six”.
Private key file based cryptosystems use an input source file and designate an encrypted output file. The present invention implementation can process the input source file “in-place” eliminating the creation of a new output file, which increases security. In addition the present invention can also process separate output file(s) for leaving the input source file(s) encrypted or in their original form.
The present invention implementation can be executed directly from a disk inserted in a floppy disk drive without installing to a hard disk drive. This avoids any trace of a ciphering agent, which is an obvious security benefit. To increase the level of security by orders of magnitude the present invention can process multiple times using multiple variable length keys the same input source data adding to the total number of possible combinations of encryption/decryption keys.
Furthering the complexities of the encryption/decryption process the present invention method and apparatus can include multiple matrix arrays with variable ordered element pairs. The present invention can be executed using the decryptor method as an encryption process. Conversely, the encryptor method can then be used as the decryption process. This effectively increases the data security by increasing the total number of possible combinations of encryption/decryption keys and cipher layers.
The invention provides an encryption/decryption method and apparatus using a computer with a central processing unit “CPU” accessing random access memory “RAM” controlling an input/output “I/O” device. The I/O device could be in RAM, or a peripheral storage unit such as a floppy disk.
The method and apparatus include software programmed instructions, associated with the CPU of a computer, for carrying out the arithmetic, logical and manipulative functions that controls and directs the method and apparatus processing. The method and apparatus Access Code Key table byte is logically XOR'ed with a current data STRING byte pointed to. The initial keypointer (“KP”) value is calculated by dividing the input dataset size that is less than the I/O Control variable (“IOC”), by the length of the access code key (“KEYLENGTH”). If the dataset size is greater than IOC, IOC is used as a dividend and the KEYLENGTH is the divisor.
The remainder relative to zero is the initial KP value. KP is added to the relative offset of the Access Code Key table. The access code key byte pointed at with KP is logical XOR'ed with the current data STRING byte pointed to with a string pointer (“SP”). Then the user XOR code UWORD is logically XOR'ed with the current data STRING byte pointed to with SP. After swapping several symbols, the current data STRING byte pointed to by SP, is targeted for replacement with the current Matrix Array element pointed at by matrix array pointer (“MAP”).
Initial Counter Starting value (“O”) is calculated by dividing the size of the dataset by the Matrix Array size. The remainder relative to zero is used as the initial counter starting value O.
The replacement Matrix Array element is pointed at via MAP. The MAP is calculated by adding the current data STRING byte pointed to SP, to the relative offset of the Matrix Array. The initial counter starting value through the iteration of the processing loop is subtracted from the value replaced from the Matrix Array. Then the counter starting value is decremented.
The processing loop reverses the STRING to relative offset of reverse string (“OREVSTR”) and writes OREVSTR to output.
The method and apparatus controls the physical input size read by the I/O Control variable IOC. Preferably, the Matrix Array is in effect and IOC preferably is a minimum of the Matrix Array size, or an exact multiple thereof. When the Matrix Array is bypassed, IOC preferably is equal to the KEYLENGTH or an exact multiple of the KEYLENGTH.
The method and apparatus controls the physical output pointer (“ODP”) via IOC derived from the above criterion using a record counter (“PRC”) as a multiplier to IOC. The product ODP becomes a relative pointer from the beginning of the output dataset. Through the iteration of the processing loop, the output pointer is relatively displaced by each new product.
The method a
Barron Gilberto
Malin Haley & DiMaggio, P.A.
Meislahn Douglas J
LandOfFree
Data encryptor/decryptor using variable in-place I/O does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data encryptor/decryptor using variable in-place I/O, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data encryptor/decryptor using variable in-place I/O will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3166959