“Method And System For Controlling Access To Secure Data Using Custodial Key Data” in Patent Application Approval Process (USPTO 20220366060): Patent Application

2022 DEC 06 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors ESBENSEN, Daniel M. (Hayward, CA, US); OMOHUNDRO, Stephen (Palo Alto, CA, US), filed on May 9, 2022, was made available online on November 17, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: “Common implementations of data storage security rely on a single security key of 256 bits being applied to the data that then produces an encrypted copy of the data.

“Many situations require that data be highly secured while in transit. These include, but are not limited to, high-value intellectual property like digital films, sensitive corporate and government data, health data with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy requirements, and personal information in the European Union where General Data Protection Regulation (GDPR) compliance requires data protection. Many situations also require data to be highly secured while physically stored.

“Today’s cryptographic systems for securing data suffer from a number of problems. A common method for encrypted transport of data is to first use public key cryptography to transmit a symmetric cryptographic key and then to transmit the message data encrypted using symmetric cryptography with the exchanged key. The cryptography guide by Latacora describes Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) as the most popular mode of symmetric encryption today and recommends the use of a 256-bit key. Latacora also recommends Networking and Cryptography library (NaCl) for asymmetric encryption based on the Curve25519 elliptic curve.

“Unfortunately, the development of quantum computing, increases in hardware speed, the development of new cryptanalysis algorithms, and hardware security flaws have caused many to be concerned about the future security of the current cryptographic techniques. The new field of “post-quantum cryptography” has proposed new algorithms which are intended to be safe against cryptanalysis by quantum computers but they are unproven and not yet widely accepted. Many are also worried about the possibility of backdoors in standard algorithms which might be exposed in the future. There is no mathematical proof that either symmetric or public key encryption algorithms are actually secure. Public key cryptography, especially, is based on unproven assumptions which many question. The only known mathematically provably secure encryption technique is the “One Time Pad” (OTP), which combines the message with a random key of the same length. But current implementations of OTPs have suffered from technological difficulties making their widespread use impractical. For example, OTP key storage and distribution has traditionally been regarded as prohibitive.

“Another issue of increasing importance is the insecurity of modern computer hardware. Two processes which run on the same processor can leak information about cryptographic keys between them through the processor’s instruction cache. Information left in caches can also reveal supposedly secret information when speculative execution unwinds. And the “Rowhammer” and “Drammer” attacks access memory in ways that can flip bits in a key and break encryption. More and more hardware and side-channel attacks are being discovered every day. Using today’s processors with the standard encryption techniques leaves the user uncertain about the security of their data.

“Encryption systems which are based on a small key (e.g., Latacora’s recommended 256 bits) enable attacks which discover and transmit those small number of bits to recover all of the encrypted data. The single key, once known, can be easily and quickly sent across the Internet or by other electronic means and used to decrypt massive amounts of secured data. Low data rate transmission methods like inaudible signals over a computer’s speaker can even be used to transmit small keys from machines which are not connected to networks. Discovery of even a small number of bytes of key data can expose the contents of hundreds of terabytes of supposedly secured message data. In many settings, this kind of risk of exposure is unacceptable.

“When large amounts of data must be sent quickly from one location to another, it is common practice to physically transport the data on storage devices (SD), such as hard disk drives, solid state disk drives, magnetic tape, and other media. Physical transfer is used because network transfers of large amounts of data can take weeks or months. For example, on a 100 Mbps connection, it can take over 120 days to transfer 100 terabytes of data. Today’s storage devices have a large capacity and continuing improvements are expected. 14 terabyte hard drives and 100 terabyte SSD drives are now available. Similarly, physical storage devices must be used when data must be stored over time.

“The use of physical storage devices introduces the possibility that they may be stolen while being transported or stored. They may also become corrupted or damaged. These risks of exposure or loss of data must be minimized in many important situations.

“Moreover, in some situations, it may be difficult or impractical to transmit data on physical storage devices, such as when data needs to be received within a shortened period of time, or when weather, the climate, or a transportation route makes transporting physical storage devices difficult. In these cases, it may be advantageous to have a secure method of transmitting data which minimizes the risk of exposure of the data. While there are various conventional methods for transmitting electronic data securely, many of these methods are less secure than desired. For example, these conventional methods may leave the data prone to being viewed or accessed by unauthorized parties during transmit, and often times they do not provide any indication to the intended recipient of the data that there has been an intrusion.

“Thus, a heretofore unaddressed need exists in the industry to address the aforementioned deficiencies and inadequacies.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “Embodiments of the present disclosure provide a system and method of controlling access to secure data using a custodial TRNG disk. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: encrypting a first quantity of source data with a first computer processor of a computerized device using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity; providing a second TRNG disk with second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location; cloning the first and second TRNG disk with a second processor, thereby creating at least one first TRNG disk copy and at least one second TRNG disk copy, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disk copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations; encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together; and transmitting the encoded first key data and the second key data to one or more of the first or second entities, wherein the first quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“In one aspect, the method further comprises: encrypting a second quantity of source data with using the second key data from the second TRNG disk to generate a second quantity of encrypted data, wherein the second quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“In another aspect of the method, the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity.

“In this aspect of the method, encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together further comprises mutual agreement by the first and second custodial entities.

“In another aspect of the method, the custodial entity further comprises three or more custodial entities, wherein the first and second TRNG disk copies are stored at the one or more locations by one of the three or more custodial entities, and wherein encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together further comprises mutual agreement by at least a portion of the three or more custodial entities.

“In yet another aspect, the method further comprises communicating data between the first entity and the second entity by: receiving, by the first entity, the encoded first key data and the second key data; encrypting the data, by the first entity, with the encoded first key data and the second key data; and transmitting the encrypted data to the second entity, whereby the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“In this aspect, encrypting the data with the encoded first key data and the second key data further comprises using an XOR operation.

“In this aspect, the encrypted data is transmitted to the second entity directly.

“In this aspect, the encrypted data is transmitted to the second entity through an untrusted network.

“Embodiments of the present disclosure provide a system and method for controlling secure data transmission between two entities using a custodial TRNG disk. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: encrypting a first quantity of source data with a first computer processor of a computerized device using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity; providing a second TRNG disk with second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location; cloning the first and second TRNG disk with a second processor, thereby creating at least one first TRNG disk copy and at least one second TRNG disk copy, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disks copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations; encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together; transmitting the encoded first key data and the second key data to the first entity; and communicating data between the first entity and the second entity by: receiving, by the first entity, the encoded first key data and the second key data; encrypting the data, by the first entity, with the encoded first key data and the second key data; and transmitting the encrypted data to the second entity, whereby the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“In one aspect, the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity, and wherein encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together further comprises mutual agreement by the first and second custodial entities.

“The present disclosure can also be viewed as providing a system of controlling access to secure data using a custodial TRNG disk. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. A first quantity of source data is encrypted, with a first computer processor of a computerized device, using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity. A second TRNG disk has second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location. At least one first TRNG disk copy and at least one second TRNG disk copy are created by cloning the first and second TRNG disk with a second processor, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disk copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations. First key data and the second key data is generated by encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together, wherein the encoded first key data and the second key data is transmitted to one or more of the first or second entities, wherein the first quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“In one aspect, a second quantity of source data is encrypted using the second key data from the second TRNG disk to generate a second quantity of encrypted data, wherein the second quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“In another aspect, the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity.

“In this aspect, the first key data of the first TRNG disk copy and the second key data of the second TRNG copy are encoded together by mutual agreement by the first and second custodial entities.

“In yet another aspect, the custodial entity further comprises three or more custodial entities, wherein the first and second TRNG disk copies are stored at the one or more locations by one of the three or more custodial entities, and wherein the first key data of the first TRNG disk copy and the second key data of the second TRNG copy are encoded together by mutual agreement by at least a portion of the three or more custodial entities.

“In yet another aspect, data is communicated between the first entity and the second entity, wherein the first entity receives the encoded first key data and the second key data and encrypts the data with the encoded first key data and the second key data, and wherein the encrypted data is transmitted to the second entity, wherein the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“In this aspect, encrypting the data with the encoded first key data and the second key data further comprises using an XOR operation.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method of controlling access to secure data using a custodial TRNG disk, the method comprising: encrypting a first quantity of source data with a first computer processor of a computerized device using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity; providing a second TRNG disk with second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location; cloning the first and second TRNG disk with a second processor, thereby creating at least one first TRNG disk copy and at least one second TRNG disk copy, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disk copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations; encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG copy together; and transmitting the encoded first key data and the second key data to one or more of the first or second entities, wherein the first quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“2. The method of claim 1, further comprising encrypting a second quantity of source data with using the second key data from the second TRNG disk to generate a second quantity of encrypted data, wherein the second quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“3. The method of claim 1, wherein the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity.

“4. The method of claim 3, wherein encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy together further comprises mutual agreement by the first and second custodial entities.

“5. The method of claim 1, wherein the custodial entity further comprises three or more custodial entities, wherein the first and second TRNG disk copies are stored at the one or more locations by one of the three or more custodial entities, and wherein encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy together further comprises mutual agreement by at least a portion of the three or more custodial entities.

“6. The method of claim 1, further comprising communicating data between the first entity and the second entity, comprising: receiving, by the first entity, the encoded first key data and the second key data; encrypting the data, by the first entity, with the encoded first key data and the second key data; and transmitting the encrypted data to the second entity, whereby the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“7. The method of claim 6, wherein encrypting the data with the encoded first key data and the second key data further comprises using an XOR operation.

“8. The method of claim 6, wherein the encrypted data is transmitted to the second entity directly.

“9. The method of claim 6, wherein the encrypted data is transmitted to the second entity through an untrusted network.

“10. A method of controlling secure data transmission between two entities using a custodial TRNG disk, the method comprising: encrypting a first quantity of source data with a first computer processor of a computerized device using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity; providing a second TRNG disk with second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location; cloning the first and second TRNG disks with a second processor, thereby creating at least one first TRNG disk copy and at least one second TRNG disk copy, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disk copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations; encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy together; transmitting the encoded first key data and the second key data to the first entity; and communicating data between the first entity and the second entity by: receiving, by the first entity, the encoded first key data and the second key data; encrypting the data, by the first entity, with the encoded first key data and the second key data; and transmitting the encrypted data to the second entity, whereby the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“11. The method of claim 10, wherein the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity, and wherein encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy together further comprises mutual agreement by the first and second custodial entities.

“12. A system of controlling access to secure data using a custodial TRNG disk comprising: a first quantity of source data encrypted, with a first computer processor of a computerized device, using first key data from a first true random number generator (TRNG) disk to generate a first quantity of encrypted data, wherein the first key data comprises at least a block of random bits of the first TRNG disk, wherein the first TRNG disk is stored at a first location by a first entity; a second TRNG disk with second key data comprising at least a block of random bits of the second TRNG disk, wherein the second TRNG disk is stored at a second location by a second entity, the second location being different from the first location; at least one first TRNG disk copy and at least one second TRNG disk copy created by cloning the first and second TRNG disks with a second processor, wherein each of the first and second TRNG disk copies are identical to the first TRNG disk and the second TRNG disk, respectively, wherein the first and second TRNG disk copies are stored at one or more locations by a custodial entity, wherein the one or more locations are different from the first and second locations; encoded first key data and the second key data generated by encoding the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy together, wherein the encoded first key data and the second key data is transmitted to one or more of the first or second entities, wherein the first quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“13. The system of claim 12, wherein a second quantity of source data is encrypted using the second key data from the second TRNG disk to generate a second quantity of encrypted data, wherein the second quantity of encrypted data is decryptable using the encoded first key data and the second key data.

“14. The system of claim 12, wherein the custodial entity further comprises at least first and second custodial entities, wherein the first TRNG disk copy is stored at the one or more locations by the first custodial entity and the second TRNG disk copy is stored at the one or more locations by the second custodial entity.

“15. The system of claim 14, wherein the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy are encoded together by mutual agreement by the first and second custodial entities.

“16. The system of claim 12, wherein the custodial entity further comprises three or more custodial entities, wherein the first and second TRNG disk copies are stored at the one or more locations by one of the three or more custodial entities, and wherein the first key data of the first TRNG disk copy and the second key data of the second TRNG disk copy are encoded together by mutual agreement by at least a portion of the three or more custodial entities.

“17. The system of claim 12, wherein data is communicated between the first entity and the second entity, wherein the first entity receives the encoded first key data and the second key data and encrypts the data with the encoded first key data and the second key data, and wherein the encrypted data is transmitted to the second entity, wherein the encrypted data is decryptable by the second entity using the second key data from the second TRNG disk.

“18. The system of claim 17, wherein the data is encrypted with the encoded first key data and the second key data using an XOR operation.

“19. The system of claim 17, wherein the encrypted data is transmitted to the second entity directly.

“20. The system of claim 17, wherein the encrypted data is transmitted to the second entity through an untrusted network.”

URL and more information on this patent application, see: ESBENSEN, Daniel M.; OMOHUNDRO, Stephen. Method And System For Controlling Access To Secure Data Using Custodial Key Data. Filed May 9, 2022 and posted November 17, 2022.

(Our reports deliver fact-based news of research and discoveries from around the world.)