Cryptography – Particular algorithmic function encoding
Reexamination Certificate
1999-04-09
2001-05-15
Hayes, Gail (Department: 2131)
Cryptography
Particular algorithmic function encoding
C380S029000
Reexamination Certificate
active
06233338
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates in general to data processing and communication systems, and is particularly directed to a data communication access control mechanism for enabling a computer end user to securely encrypt data communications in such a manner that effectively prevents a usurper from decrypting the data.
BACKGROUND OF THE INVENTION
The rapid expansion of the data communications industry, in particular the Internet and the World Wide Web (WWW), sometimes referred to as the superinformation highway, has provided data processing system users with what is effectively global communication link interconnecting a vast number of databases and other network users. The local link between the network and the user is typically by way of a phone line (e.g., analog or ISDN, for example) of a public communication service provider, with the workstation hardware including a modem or terminal adapter equipment that allows dial-up access between the user and a remote party. Since a user's workstation is coupled directly to such interface equipment, not only can the workstation user access any other party having similar network access, but any other party can call the user's workstation.
More particularly, as diagrammatically illustrated in
FIG. 1
, a user workstation
10
may typically be coupled via a communication link
11
to a local area network (LAN)
20
by way of a LAN interface
13
, which also provides access to an external, public communication services (PCS) network, such as the Internet
30
. LAN
20
customarily includes one or more computer-based units, such as the illustrated workstations
21
and
22
, network server
23
and printer
24
, which are interconnected via a hub
25
. The hub
25
is connected to interface
13
, so that the end user workstation
10
may access any unit of the local area network
20
. Similarly, to connect to the external network
30
, the network interface
13
may be coupled through an electronic mail gateway
32
and a modem
33
, so that a dial-up connection may be provided to an Internet connection provider
34
, through which direct access to the Internet
35
is achieved.
Because a public communication system is a potential window into any computer linked to it, it is customary to both wrap or embed all communications in a ‘security blanket’, (some form of encryption) at the source end, and to employ one or more permission code (password) layers that must be used to gain access to another computer.
Unfortunately, a fundamental characteristic of essentially all encryption operators or algorithms is the fact that, given enough resources, almost any encryption algorithm can be broken. This, coupled with the fact that each encryption algorithm has a ‘footprint’, which is discernible in the scrambled data by a sophisticated data communications analyst, means that no data communication can be guaranteed as secure.
SUMMARY OF THE INVENTION
In accordance with the present invention, this problem is effectively remedied by a ‘virtual’ encryption scheme that combines selected ones of plurality of different encryption operators stored in an encryption operator database into a compound sequence of encryption operators. Data to be transported from a data source site, such as a user workstation, to a destination or data recipient site, is sequentially encrypted by performing a compound sequential data flow through this sequence prior to transmission.
By ‘virtual’ encryption scheme is meant that the overall encryption operator itself does not actually perform any encrypting of the data. Instead, it assembles selected ones of a plurality of true encryption mechanisms into a cascaded sequence of successively different encryption operators, each of which operates on the data, to realize a scrambled data stream that is not practically decryptable by a sophisticated data communications usurper.
For this purpose, a plurality of respectively different data encryption operators are stored in an encryption algorithm database, with each operator having an associated access address code through which the operator may be readily called up or accessed to operate on a data sequence of interest. The fundamental mechanism of the virtual encryption scheme of the invention involves the generation of a sequence of the access codes, with immediately successive ones of the access codes of the sequence being different from one another.
This access code sequence is employed to call up or read out from the database selected ones of the respectively different data encryption operators so as to produce or assemble a sequence of data encryption operators. Because immediately successive ones of the access codes of the access code sequence are different from one another, then their associated data encryption operators that have been assembled into the sequence of data encryption operators are also successively different from one another. When the data is applied to the generated sequence of individual encrypting operators, what results is a scrambled data stream having no readily discernible encryption footprint that would imply what encryption mechanism has been used and facilitate decryption by a sophisticated data communications usurper.
Since it is ‘virtual’, the success of the encryption operator assembly mechanism of the invention does not rely upon the sophistication or complexity of any given encryption operator within its database. As a consequence, even conventional encryption operators may be used. The key to the success of the present invention is the fact that the data stream is wrapped or encrypted multiple times prior to transmission, with each successive wrap of the data presenting an encryptor that is different from the previous operator in the sequence.
In its simplest form, the virtual encryption scheme of the invention may comprise as few as two or three respectively different encryption operators. The order of the encryptors within the sequence to which the data is applied may vary as desired, and the sequence may ‘toggle’ or switch back and forth between the same set of encryption operators as part of its overall encryptor flow.
Because the encryption process of the invention subjects the data to successively difference encryption operators, the final output of the sequence will be a compound-encrypted data stream that has no readily discernible encryption footprint. As a consequence, even if a skilled data communications usurper were to possess a decryption key for each of the encryption operators of which the compound encrypted data stream is comprised, there is a very low likelihood that he would be able to recognize the characteristics of any individual encryption operator. Moreover, without knowledge of the sequence of encryption operators through which the data has been encrypted, a usurper will be forced to operate under a severe resource penalty that makes decryption of such a compound sequence a practical impossibility.
At the recipient end of the data communications path, the recovery process involves the use of a complementary virtual decryption scheme that is the exact reverse of that used at the data source site. Namely, at the recipient site the received scrambled data stream is subjected to a ‘virtual’ decryptor, which sequentially ‘unwraps’ using a decryption key known to the recipient as being the complement of the encrypting sequence, thereby recovering the original data.
REFERENCES:
patent: 4531020 (1985-07-01), Wechselberger et al.
patent: 4802217 (1989-01-01), Michener
patent: 5412730 (1995-05-01), Jones
patent: 5450493 (1995-09-01), Maher
Spencer and Tavares, A Layered Broadcast Cryptographic System, pp. 157-170, 1983.
Allen Dyer Doppelt Milbrath & Gilchrist, P.A.
Harris Corporation
Hayes Gail
Seal James
LandOfFree
Virtual encryption scheme combining different encryption... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Virtual encryption scheme combining different encryption..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Virtual encryption scheme combining different encryption... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2486883