Cryptography – Particular algorithmic function encoding
Reexamination Certificate
1999-10-15
2001-05-29
Hayes, Gail (Department: 2131)
Cryptography
Particular algorithmic function encoding
C713S184000, C713S171000, C713S152000, C380S042000
Reexamination Certificate
active
06240183
ABSTRACT:
DESCRIPTION
1. Technical Field
The present invention relates generally to transmission of data in a secure fashion between computer systems. More specifically, the present invention relates to a portable security apparatus that attaches to a computer and makes use of random encryption algorithms that change.
2. Background Art
Within any computing system or within any network, data is often transmitted between two points such as between a server computer and a user's host computer. At times, this information may be transmitted over a local area network (LAN), a wide area network (WAN), over a corporate Intranet or Internet, and also over the Internet. Because data transmission makes use of a variety of media such as cables, telephone wires, microwaves, satellites, etc., the security of the data is often at risk when it is transmitted. In other words, when confidential or private information is being transmitted there is always a risk that the information can be read by unauthorized users.
In addition, there is the problem of an unauthorized user masquerading as the true user of the information, and thus receiving information that he or she is not authorized to view. Thus, confidential information needs not only a secure form of transmission, but also a technique for ensuring that the end recipient is authorized to view such information. A variety of secure transmission techniques rely upon data being encrypted by a complex, single encryption algorithm. However, relying upon only one encryption algorithm for transmission of data is somewhat risky in that the encryption algorithm may eventually be broken. Other techniques change an encryption key on a monthly or daily basis, or upon some outside event; however, these encryption algorithms are still subject to be broken for any given message. Furthermore, many of these techniques store a fixed encryption algorithm and an encryption key within the user's computer. Such techniques are also at risk because a computer hacker may be able to break into the user's computer and retrieve such an encryption algorithm and key and/or any password or personal identification number (PIN) that may be used as an encryption key. If the fixed encryption algorithm is obtained, a hacker may be able to read unauthorized data.
Therefore, a simple, easy to use, portable and inexpensive data security module and technique is desired that allows for secure transmission of data and that does not suffer any of the drawbacks of the prior art.
DISCLOSURE OF THE INVENTION
To achieve the foregoing, and in accordance with the purpose of the present invention, a security unit and technique is disclosed that attaches outside of a user's computer and assists in decrypting encrypted information using random encryption algorithms that may change frequently within the body of a single message.
The security unit attaches conveniently to an easily accessible port of a laptop or desktop computer and includes an encryption schema which is a random array of bits. The same encryption schema is also stored at the data site where the secure data originates before it is transmitted to the user's computer. A personal identification number (PIN) is known only to the data site and to the user, and is not transmitted with the secure information. The data site uses a public code combined with the PIN to randomly access the encryption schema in order to determine not only which encryption algorithm to use, but also to determine how many bytes of the message to transmit using that encryption algorithm. Once a number of bytes are sent using a random encryption algorithm, the data site changes to a new random encryption algorithm for another set of bytes whose length is also randomly determined. Once the encrypted message is sent to the user (or at any time), the user in a similar fashion uses the public code and the secret PIN in order to access the encryption schema within his security unit in order to determine not only which encryption algorithm to use, but also to determine how many bytes should be decrypted using that encryption algorithm. The encryption algorithm may also change randomly during the message based upon random bits within the encryption schema
The present invention provides a variety of advantages over the prior art. In one embodiment, the security unit is external to the computer, thus preventing any hacker who can gain access to the computer from gaining access to the encryption schema or PIN stored within the security unit. By plugging into a port of the computer, the security unit is still able to provide decryption information to the computer, yet the encryption schema stored within the memory of the external security unit is not able to be read by anyone gaining unauthorized access to the computer itself. In other words, the encryption schema that defines which encryption algorithm to use and how many bytes to decrypt using that algorithm along with the user's PIN is not retained within the computer. In one particular embodiment, the security unit conveniently plugs into a mouse port located near the front of the computer system, thus allowing convenient attachment. Also, an external unit allows the security unit to be extremely portable and attachable to any suitable computer.
In addition, the security unit is a simple device enabling it to be built inexpensively and small, which means it is more portable. The unit is especially useful for business travelers who need to access large amount of corporate information while on the road. The unit is portable, and the encryption technique used is suitable for the security of large amounts of information.
Also, the security unit does not need an enormous amount of processing power that is sometimes required with other complex encryption techniques. The actual decryption of an encrypted message is performed on the CPU of the host computer, although identification of which encryption algorithm to use and how many bytes to decode using each algorithm is determined externally in the security unit. Also, the security unit does not need its own clock or battery power. The security unit is able to draw any needed power from a pin of the port to which it is attached. Because the present invention uses random algorithms, it does not need to rely upon a clock to provide a time element for computing either an algorithm or a key.
Because the user PIN is only present at the data site and in the user's head and is never transmitted over a network, any encrypted message is more difficult to decrypt by unauthorized people. Furthermore, although the PIN is entered into the security unit, the PIN is never transmitted into the host computer. Also, in one particular embodiment, the PIN is entered first onto the security unit and the public code is entered second. Thus, upon entering the public code the PIN is removed from the outside of the security unit. Thus, the PIN is never left unprotected on the outside of the security unit.
Having a unique encryption schema per security unit also has advantages. Although it is contemplated that any number of security units distributed to multiple users might use the same encryption schema, for higher security it may be desirable to have a unique encryption schema for every security unit. The encryption schema is a random array of bits that provides for even higher security in choosing an encryption algorithm and for choosing how many bytes of a message to encrypt using an algorithm. A combination of the public code and the PIN provide a first random entry into the encryption schema. From this entry point, a random set of bits identify a particular encryption algorithm to use for decryption, and a random set of bits identify how many bytes of the message to decrypt using that algorithm. Because these bits are random, the encryption algorithm chosen for a portion of the message is entirely random and it is difficult to break this code. Also, because the random bits also identify a length of string to encrypt, the encryption algorithm changes randomly within a gi
Hayes Gail
Oppenheimer Wolff & Donnelly LLP
Song Ho S.
LandOfFree
Security apparatus for data transmission with dynamic random... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security apparatus for data transmission with dynamic random..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security apparatus for data transmission with dynamic random... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2567584