Computer implemented secret object key block cipher encryption and digital signature device and method

US 6,259,789 B1
Filed: 12/12/1997
Issued: 07/10/2001
Est. Priority Date: 12/12/1997
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A computer implemented method for encrypting data comprising the steps of:

creating at least one object key in a block cipher, the at least one object key comprising data and methods that operate on said data;

creating a key schedule based upon the at least one object key;

encrypting a random session object key in a block cipher encryption process with the at least one object key;

encrypting a block of input plaintext data utilizing said key schedule;

modifying the at least one object key based on seeding from the random session object key;

modifying the key schedule based upon the at least one modified object key;

encrypting a next block of input plaintext data utilizing said modified key schedule; and

repeating the steps of modifying the at least one object key, modifying the key schedule and encrypting utilizing the modified key schedule until the encrypting of blocks of plaintext data is completed.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Reexaminations

Accused Products

Abstract

A computer implemented method and device for creating object keys to be used with a 4096-bit secret key block cipher data encryption process and a 2048-bit secret key digital signature process. The object keys are dynamic keys, i.e., changing throughout the encryption process. The dynamic object keys are composed of a static initial state that is created by the user and a method that modifies the keys based on seeding from a random session key object. The object key modification is performed for each plaintext data block so that each data block is encrypted using a different key. The initial state of the object key is also used in a block cipher encryption process to encrypt a 512-bit random session key. Data blocks of 64 bytes each are encrypted utilizing a different key, provided by the object key, for each block. The ciphertext (encrypted file) is transmitted into a keyed hashed function that utilizes a 2048-bit object key to produce a unique 2048-bit digital signature that is appended to the ciphertext. The digital signature object key is seeded with the input data. Decryption is accomplished by reversing the encryption process.

144 Citations

34 Claims

1. A computer implemented method for encrypting data comprising the steps of:
- creating at least one object key in a block cipher, the at least one object key comprising data and methods that operate on said data;
  
  creating a key schedule based upon the at least one object key;
  
  encrypting a random session object key in a block cipher encryption process with the at least one object key;
  
  encrypting a block of input plaintext data utilizing said key schedule;
  
  modifying the at least one object key based on seeding from the random session object key;
  
  modifying the key schedule based upon the at least one modified object key;
  
  encrypting a next block of input plaintext data utilizing said modified key schedule; and
  
  repeating the steps of modifying the at least one object key, modifying the key schedule and encrypting utilizing the modified key schedule until the encrypting of blocks of plaintext data is completed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. A computer implemented method as defined in claim 1, wherein the modification of the key schedule is independent of the input plaintext data.
  - 3. A computer implemented method as defined in claim 1, further comprising prior to the first step of encrypting the steps of:
4. A computer implemented method as defined in claim 3, wherein the initial state of the random session object key is created by generating a random number.
5. A computer implemented method as defined in claim 4, wherein a new random number is generated and assigned as the initial state of the random session object key for each block of input plaintext to be encrypted.
6. A computer implemented method as defined in claim 3, wherein the method comprises two object keys utilized to produce the key schedule for each block of input plaintext.
7. A computer implemented method as defined in claim 1, wherein the method of modifying the at least one object key comprises the steps of:
- generating a random seed unsigned byte and bit wise exclusive or to an unsigned byte of a current state of the at least one object key provided by an incremented index into the current state of the object key (I_BYTE_OBJECT_KEY);
  
  performing an unsigned byte addition on the output byte of the previous operation (PREV_OUTPUT) with I_BYTE_OBJECT_KEY;
  
  performing a 16-bit multiplication of PREV_OUTPUT and I_BYTE_OBJECT_KEY modulus 254 and add 2;
  
  performing a 16-bit addition of PREV_OUTPUT and I_BYTE_OBJECT_KEY;
  
  performing another 16-bit addition of PREV_OUTPUT and I_BYTE_OBJECT_KEY;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with a 16-bit unsigned integer of the current state of the object key provided by an incremented index into the current state of the object key (I_INT_OBJECT_KEY);
  
  rotating PREV_OUTPUT to the right I_BYTE_OBJECT_KEY modulus 15 plus 1 times;
  
  performing a 16-bit addition of PREV_OUTPUT and I_INT_OBJECT_KEY;
  
  performing a 16-bit multiplication of PREV_OUTPUT and I_INT_OBJECT_KEY with the lower order byte of I_INT_OBJECT KEY modulus 254 plus 2;
  
  performing a 16-bit addition of PREV_OUTPUT and I_INT_OBJECT_KEY;
  
  performing another 16-bit addition of PREV_OUTPUT and I_INT_OBJECT KEY;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with a 32-bit unsigned long integer of the current state of the object key provided by an incremented index into the current state of the object key (I_LONG_INT_OBJECT_KEY);
  
  rotating PREV_OUTPUT to the left I_BYET_OBJECT_KEY modulus 31 plus 1 times;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with I_LONG_INT_OBJECT_KEY;
  
  repeating the previous set of operations eighty-four times substituting the random seed unsigned byte with a byte from a four byte output block provided by the previous set of operations recursively setting the current output block to a next output block when the current output block is exhausted, utilizing a different ordered byte each round;
  
  performing a byte transposition of the bytes in the new 256 byte output block (N_OUTPUT) provided by the previous set of operations utilizing the following steps;
  
  performing a byte-wise index through N_OUTPUT;
  
  switching the current byte of N_OUTPUT with the N-OUTPUT byte indexed at position I_BYTE_OBJECT_KEY; and
  
  indexing through the entire block of N_OUTPUT.
8. A computer implemented method as defined in claim 1, wherein said object key is dynamic and a modification method of said object key includes a hashing function.
9. A computer implemented method as defined in claim 1, wherein the object key is dynamic and includes at least two sub-object keys, and further wherein each sub-object key has a unique modification method associated therewith.
10. A computer implemented method as defined in claim 3, wherein the object key includes at least two sub-object keys and the random session object key operations with the object key are performed with only one of said sub-object keys.
11. A computer implemented method as defined in claim 3, wherein creating the initial state of the random session key object comprises the steps of:
- accessing a running time clock in a computer;
  
  multiplying together unique byte elements of the object key and summing and performing a bit-wise exclusive or to the time clock;
  
  using the output of the previous step as a seed for a rand( ) function available in C libraries;
  
  using an output of the rand( ) function modulus 255 plus an offset of 1 plus the lower eight bits of a high resolution computer clock timer is calculated and stored as one byte of the initial state of the random session object key;
  
  repeating the previous set steps for each byte in the initial state of the random session key object.
12. A computer implemented method as defined in claim 3, wherein the modification method for the random session object key comprises the steps of:
- indexing through each byte of the current state of the random session key object (I_BYTE_R_OBJECT) and replacing that byte with the output of the following operation;
  
  double indexing into the object key with I_BYTE_R_OBJECT as a starting index and add an offset and I_BYTE_OBJECT_KEY.
13. A computer implemented method as defined in claim 3, wherein the modification method of said random session object key includes a hashing function.
14. A computer implemented method as defined in claim 3, wherein said object key is first initialized with the random session key object by using an initial current state of the random session key object to provide a key schedule in the modification method of the object key.
15. A computer implemented method as defined in claim 2, wherein input plaintext is compressed using a redundant byte reducing method and padded with random bytes to produce a file with a length that is evenly divisible by the block length so that the plaintext blocks are processed by said block cipher system.
16. A computer implemented method as defined in claim 3, further including the step of performing a keyed transposition of ciphertext bytes after all input blocks are encrypted.
17. A computer implemented method as defined in claim 2, wherein the encrypting step comprises the steps of:
- transposition a substitution array whose elements contain unique numbers in reference to substitution array by switching a position of each element with a position provided by an element of a key.
18. A computer implemented method as defined in claim 17, wherein the position provided by an element of the key is bounded by the size of said substitution array.
19. A computer implemented method as defined by claim 1, wherein the block cipher encryption process comprises the steps of:
- transpositioning a substitution array whose elements contain unique numbers in reference to said substitution array by switching a position of each element with a position provided by an element of a key, which position provided by an element of the key is bounded by the size of said substitution array which is composed of 256 elements;
  
  transpositioning a transverse array whose elements contain unique numbers in reference to said transverse array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bounded by the size of the transverse array which is equal to the block size;
  
  replacing each input byte transverse number of times with the value of the substitution array indexed with the input byte;
  
  summing each output byte of the previous three steps to an element of the key to create ciphertext;
  
  grouping the ciphertext in a 32-bit sliding window and rotating to the left an element of the key modulus 31 plus 1 times, the window sliding by one byte after each rotation and this step being performed on all ciphertext bytes;
  
  performing a bit-wise exclusive or of each cipher text byte to an element of the key;
  
  transpositioning the substitution array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bounded by a size of said substitution array;
  
  tanspositioning the transverse array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bonded by a size of said transverse array;
  
  replacing each input byte transverse number of time with a value of the substitution array indexed with an input byte;
  
  transpositioning the ciphertext by switching a position of each ciphertext element with a position provided by an element of the key, the position provided by an element of the key is bounded by a size of the block;
  
  repeating the previous seven steps four times with the key elements being unique each time the key is accessed;
  
  transpositioning each bit in the ciphertext block by switching a position of each ciphertext bit with a position provided by elements of the key, the position provided by elements of the key are bounded by the size of the blocks times eight; and
  
  repeating the previous nine steps four times with the key elements being unique each time the key is accessed.
20. A computer implemented method as defined in claim 19, wherein said key is the at least one object key.
21. A computer implemented method as defined in claim 19, wherein the last transpositioning step uses a switch key comprised of the following steps:
- initializing the switch key with elements of an initial state of the object key;
  
  grouping the switch key by 32-bit blocks;
  
  replacing the current switch key element with the following process;
  
  performing a bit-wise exclusive or of the current switch key element to a switch key element indixed two elements from the current element;
  
  rotating the output of the previous step to the right switch key indexed three elements from the current element modulus thirty-one plus one;
  
  performing a bit-wise exclusive or of the output from the previous step to a switch key element indexed three elements from the current element;
  
  repeating the previous three steps for each final transposition switch operation.
22. A computer implemented method as defined in claim 21, wherein a hashing function is included in the creation of the switch key.

23. A cryptographic communications system comprising:
- at least two networked computer systems linked by a communication channel; and
  
  each computer system including a central processing unit and a memory storage device for executing a block cipher encryption/decryption process;
  
  wherein the encryption process transforms an input plaintext message to a ciphertext message and the decryption process transforms the ciphertext message to the input plaintext message, the encryption/decryption process using at least one dynamic object key which is modified using a non-linear function for each block of input data, each object key being associated with a different key schedule to encrypt/decrypt the input plaintext/output ciphertext message.
- View Dependent Claims (24, 25, 26, 34)
- - 24. A cryptographic communications system as defined in claim 23, wherein the encryption/decryption process further includes the use of a random session object key having an initial state randomly generated by the computer system, and wherein the object key modifications are based on seeding from the random session object key.
  - 25. A cryptographic communications system as defined in claim 24, wherein an initial state of the object key is created by the user and wherein the initial state of the random session object key is created by the computer system generating a random number.
  - 26. A cryptographic communications system as defined in claim 23, wherein the block cipher encryption/decryption process includes use of a keyed transposition of a sequence of integers provides a count of substitution rounds for a particular input entering an S-box.
  - 34. A cryptographic communications systems as defined in claim 23, wherein the non-linear function is a hashing function.

27. A computer implemented method for encrypting data comprising the steps of:
- creating at least one object key comprising data and methods that operate on said data; and
  
  modifying the at least one object key for each input block of plaintext utilizing the at least one object key in conjunction with an encryption process;
  
  wherein the step of modifying the at least one object key comprises the steps of;
  
  generating a random seed unsigned byte and bit wise exclusive or to an unsigned byte of a current state of the object key provided by an incremented index into the current state of the object key (I_BYTE_OBJECT_KEY);
  
  performing an unsigned byte addition on the output byte of the previous operation (PREV_OUTPUT) with I_BYTE_OBJECT_KEY;
  
  performing a 16-bit multiplication of PREV_OUTPUT and I_BYTE_OBJECT_KEY modulus 254 and add 2;
  
  performing a 16-bit addition of PREV_OUTPUT and I_BYTE_OBJECT_KEY;
  
  performing another 16-bit addition of PREV_OUTPUT and I_BYTE_OBJECT_KEY;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with a 16-bit unsigned integer of the current state of the object key provided by an incremented index into the current state of the object key (I_INT_OBJECT_KEY);
  
  rotating PREV_OUTPUT to the right I_BYTE_OBJECT_KEY modulus 15 plus 1 times;
  
  performing a 16-bit addition of PREV_OUTPUT and I_{—
  
  INT_OBJECT_KEY;}performing a 16-bit multiplication of PREV_OUTPUT and I_INT_OBJECT_KEY with the lower order byte of I_INT_OBJECT_KEY modulus 254 plus 2;
  
  performing a 16-bit addition of PREV_OUTPUT and I_INT_OBJECT KEY;
  
  performing another 16-bit addition of PREV_OUTPUT and I_INT_OBJECT_KEY;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with a 32-bit unsigned long integer of the current state of the object key provided by an incremented index into the current state of the object key (I_LONG_INT_OBJECT_KEY);
  
  rotatino PREV_OUTPUT to the left I_BYET_OBJECT KEY modulus 31 plus 1 times;
  
  performing a bit-wise exclusive or of PREV_OUTPUT with I_LONG_INT_OBJECT_KEY;
  
  repeating the previous set of operations eighty-four times substituting the random seed unsigned byte with a byte from a four byte output block provided by the previous set of operations recursively setting the current output block to a next output block when the current output block is exhausted, utilizing a different ordered byte each round;
  
  performing a byte transposition of the bytes in the new 256 byte output block (N_OUTPUT) provided by the previous set of operations utilizing the following steps;
  
  performing a byte-wise index through N_OUTPUT;
  
  switching the current byte of N_OUTPUT with the N-OUTPUT byte indexed at position I_BYTE_OBJECT_KEY, and indexing through the entire block of N_OUTPUT.

28. A computer implemented method for encrypting data comprising the steps of:
- creating at least one object key comprising data and methods that operate on said data; and
  
  encrypting input plaintext data utilizing said object key in conjunction with a block cipher encryption process, wherein the block cipher encryption process comprises the steps of;
  
  transpositioning a substitution array whose elements contain unique numbers in reference to said substitution array by switching a position of each element with a position provided by an element of a key, which position provided by an element of the key is bounded by the size of said substitution array which is composed of 256 elements;
  
  transpositioning a traverse array whose elements contain unique numbers in reference to said transverse array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bounded by the size of the transverse array which is equal to the block size;
  
  replacing each input byte transverse number of times with the value of the substitution array indexed with the input byte;
  
  summing each output byte of the previous three steps to an element of the key to create ciphertext;
  
  grouping the ciphertext in a 32-bit sliding window and rotating to the left an element of the key modulus 31 plus 1 times, the window sliding by one byte after each rotation and this step being performed on all ciphertext bytes;
  
  performing a bit-wise exclusive or of each cipher text byte to an element of the key;
  
  transpositioning the substitution array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bounded by a size of said substitution array;
  
  transpositioning the transverse array by switching a position of each element with a position provided by an element of the key, the position provided by an element of the key is bounded by a size of said transverse array;
  
  replacing each input byte transverse number of time with a value of the substitution array indexed with an input byte;
  
  transpositioning the ciphertext by switching a position of each ciphertext element with a position provided by an element of the key, the position provided by an element of the key is bounded by a size of the block;
  
  repeating the previous seven steps four times with the key elements being unique each time the key is accessed;
  
  transpositioning each bit in the ciphertext block by switching a position of each ciphertext bit with a position provided by elements of the key, the position provided by elements of the key are bounded by the size of the blocks times eight; and
  
  repeating the previous nine steps four times with the key elements being unique each time the key is accessed.
- View Dependent Claims (29, 30, 31)
- - 29. A computer implemented method as defined in claim 28, wherein said key is the object key.
  - 30. A computer implemented method as defined in claim 28, wherein the last transpositioning step uses a switch key comprised of the following steps:
31. A computer implemented method as defined in claim 30, wherein a hashing function is included in the creation of the switch key.

32. A computer implemented method for encrypting data comprising the steps of:
- creating at least one object key in a block cipher, the at least one object key comprising data and methods that operate on said data;
  
  creating a key schedule based upon the at least one object key;
  
  encrypting a block of input plaintext data utilizing said key schedule;
  
  modifying the at least one object key using at least a non-linear function;
  
  modifying the key schedule based upon the at least one modified object key;
  
  encrypting a next block of input plaintext data utilizing said modified key schedule; and
  
  repeating the steps of modifying the at least one object key, modifying the key schedule and encrypting utilizing the modified key schedule until the encrypting of blocks of plaintext data is completed.
- View Dependent Claims (33)
- - 33. A computer implemented method as defined in claim 32, wherein the nonlinear function is a hashing function.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Luciano F. Paone
Original Assignee
Safecourier Software Inc.
Inventors
Paone, Luciano F.
Primary Examiner(s)
Swann, Tod
Assistant Examiner(s)
KABAKOFF, STEPHEN ERIC

Application Number

US08/989,261
Time in Patent Office

1,306 Days
Field of Search

380/4, 380/21, 380/25, 380/28, 380/30, 713/189
US Class Current

380/28
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0631   Substitution permutation ne...

H04L 9/0869   involving random numbers or...

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

Computer implemented secret object key block cipher encryption and digital signature device and method

First Claim

5 Assignments

Litigations

0 Petitions

Reexaminations

Accused Products

Abstract

144 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Computer implemented secret object key block cipher encryption and digital signature device and method

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Reexaminations

Accused Products

Subscription Required

Abstract

144 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links