Patent Issued for Method and system for securing data using random bits and encoded key data (USPTO 11537728): Quantum Properties Technology LLC
2023 JAN 12 (NewsRx) -- By a
The patent’s assignee for patent number 11537728 is
News editors obtained the following quote from the background information supplied by the inventors:
“Common implementations of data storage security rely on a single security key of 256 bits being applied to the data that then produces an encrypted copy of the data.
“Many situations require that data be highly secured while in transit. These include, but are not limited to, high-value intellectual property like digital films, sensitive corporate and government data, health data with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy requirements, and personal information in the
“Today’s cryptographic systems for securing data suffer from a number of problems. A common method for encrypted transport of data is to first use public key cryptography to transmit a symmetric cryptographic key and then to transmit the message data encrypted using symmetric cryptography with the exchanged key. The cryptography guide by Latacora describes Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) as the most popular mode of symmetric encryption today and recommends the use of a 256-bit key. Latacora also recommends Networking and Cryptography library (NaCl) for asymmetric encryption based on the Curve25519 elliptic curve.
“Unfortunately, the development of quantum computing, increases in hardware speed, the development of new cryptanalysis algorithms, and hardware security flaws have caused many to be concerned about the future security of the current cryptographic techniques. The new field of “post-quantum cryptography” has proposed new algorithms which are intended to be safe against cryptanalysis by quantum computers but they are unproven and not yet widely accepted. Many are also worried about the possibility of backdoors in standard algorithms which might be exposed in the future. There is no mathematical proof that either symmetric or public key encryption algorithms are actually secure. Public key cryptography, especially, is based on unproven assumptions which many question. The only known mathematically provably secure encryption technique is the “One Time Pad” (OTP), which combines the message with a random key of the same length. But current implementations of OTPs have suffered from technological difficulties making their widespread use impractical. For example, OTP key storage and distribution has traditionally been regarded as prohibitive.
“Another issue of increasing importance is the insecurity of modern computer hardware. Two processes which run on the same processor can leak information about cryptographic keys between them through the processor’s instruction cache. Information left in caches can also reveal supposedly secret information when speculative execution unwinds. And the “Rowhammer” and “Drammer” attacks access memory in ways that can flip bits in a key and break encryption. More and more hardware and side-channel attacks are being discovered every day. Using today’s processors with the standard encryption techniques leaves the user uncertain about the security of their data.
“Encryption systems which are based on a small key (e.g., Latacora’s recommended 256 bits) enable attacks which discover and transmit those small number of bits to recover all of the encrypted data. The single key, once known, can be easily and quickly sent across the Internet or by other electronic means and used to decrypt massive amounts of secured data. Low data rate transmission methods like inaudible signals over a computer’s speaker can even be used to transmit small keys from machines which are not connected to networks. Discovery of even a small number of bytes of key data can expose the contents of hundreds of terabytes of supposedly secured message data. In many settings, this kind of risk of exposure is unacceptable.
“When large amounts of data must be sent quickly from one location to another, it is common practice to physically transport the data on storage devices (SD), such as hard disk drives, solid state disk drives, magnetic tape, and other media. Physical transfer is used because network transfers of large amounts of data can take weeks or months. For example, on a 100 Mbps connection, it can take over 120 days to transfer 100 terabytes of data. Today’s storage devices have a large capacity and continuing improvements are expected. 14 terabyte hard drives and 100 terabyte SSD drives are now available. Similarly, physical storage devices must be used when data must be stored over time.
“The use of physical storage devices introduces the possibility that they may be stolen while being transported or stored. They may also become corrupted or damaged. These risks of exposure or loss of data must be minimized in many important situations.
“Moreover, in some situations, it may be difficult or impractical to transmit data on physical storage devices, such as when data needs to be received within a shortened period of time, or when weather, the climate, or a transportation route makes transporting physical storage devices difficult. In these cases, it may be advantageous to have a secure method of transmitting data which minimizes the risk of exposure of the data. While there are various conventional methods for transmitting electronic data securely, many of these methods are less secure than desired. For example, these conventional methods may leave the data prone to being viewed or accessed by unauthorized parties during transmit, and often times they do not provide any indication to the intended recipient of the data that there has been an intrusion.
“Thus, a heretofore unaddressed need exists in the industry to address the aforementioned deficiencies and inadequacies.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Embodiments of the present disclosure provide a system and method for securing data using random bits and distributed key data. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: providing a plurality of true random number generator (TRNG) disks; providing a plurality of key data sets, wherein a key data set from the plurality of key data sets is associated with each of the plurality of TRNG disks, respectively, and wherein the key data set comprises at least a block of random bits of an associated TRNG disk; encoding at least two of the key data sets together to form an encoded key data set; and encrypting, using a computer processor of a computerized device, source data with the encoded key data set to produce a quantity of encrypted data.
“Embodiments of the present disclosure provide a system and method for securing data using random bits and distributed key data. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: providing at least a first true random number generator (TRNG) disk; a second TRNG disk; and a third TRNG disk; providing a key data set for each of the first, second, and third TRNG disks, respectively, whereby a first key data set is associated with the first TRNG disk, a second key data set is associated with the second TRNG disk, and a third key data set is associated with the third TRNG disk, and wherein each of the first, second, and third key data sets comprises at least a block of random bits of an associated first, second, and third TRNG disk, respectively; encoding at least two of the first, second, or third key data sets together to form an encoded key data set; encrypting, using a computer processor of a computerized device, source data with the encoded key data set to produce encrypted data; and decrypting, using the computer processor of the computerized device, the encrypted data with the at least two of the first, second, or third key data sets retrieved from the associated TRNG disks, respectively, of the first, second, or third TRNG disks.
“The present disclosure can also be viewed as providing a system for securing data using random bits and distributed key data. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. A plurality of true random number generator (TRNG) disks and a plurality of key data sets are provided. A key data set from the plurality of key data sets is associated with each of the plurality of TRNG disks, respectively. The key data set comprises at least a block of random bits of an associated TRNG disk. An encoded key data set is formed by encoding at least two of the key data sets together, wherein a computer processor of a computerized device is used to encrypt source data with the encoded key data set to produce a quantity of encrypted data.
“Other systems, methods, features, and advantages of the present disclosure will be or become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional systems, methods, features, and advantages be included within this description, be within the scope of the present disclosure, and be protected by the accompanying claims.”
The claims supplied by the inventors are:
“1. A method for securing data using random bits and encoded key data, the method comprising: providing a plurality of separate true random number generator (TRNG) disks; providing a plurality of separate key data sets, wherein a key data set from the plurality of key data sets is associated with each of the plurality of separate TRNG disks, respectively, and wherein the key data set comprises at least a block of random bits of an associated TRNG disk; encoding at least two of the separate key data sets together to form an encoded key data set; encrypting, using a computer processor of a computerized device, source data with the encoded key data set to produce a quantity of encrypted data, and decrypting the quantity of encrypted data with the at least two of the separate key data sets retrieved from the associated TRNG disks of the plurality of TRNG disks.
“2. The method of claim 1, further comprising: decrypting the quantity of encrypted data with the encoded key data set.
“3. The method of claim 2, wherein a first portion of the plurality of TRNG disks is controlled by a first entity and a second portion of the plurality of TRNG disks is controlled by a second entity, wherein the first entity is different from the second entity, and wherein the at least two of the key data sets retrieved from the associated TRNG disks of the plurality of TRNG disks are combined upon agreement by both the first entity and the second entity.
“4. The method of claim 1, further comprising: distributing the plurality of key data sets to at least one of different entities or different locations.
“5. The method of claim 4, wherein the different locations further comprise: different physical locations or different network locations.
“6. The method of claim 1, wherein the key data further comprises a universally unique identifier (UUID) of the associated TRNG disk and bit offset of the block of random bits, the bit offset being a positional address of the block of random bits within the associated TRNG disk.
“7. The method of claim 1, wherein the block of random bits of the associated TRNG disk has a bit size which is equal to or greater than every write request of the source data.
“8. The method of claim 1, wherein a first portion of the plurality of TRNG disks is controlled by a first entity and a second portion of the plurality of TRNG disks is controlled by a second entity, wherein the first entity is different from the second entity.
“9. A method for securing data using random bits and encoded key data, the method comprising: providing at least a first true random number generator (TRNG) disk; a second TRNG disk; and a third TRNG disk; providing a key data set for each of the first, second, and third TRNG disks, respectively, whereby a first key data set is associated with the first TRNG disk, a second key data set is associated with the second TRNG disk, and a third key data set is associated with the third TRNG disk, and wherein each of the first, second, and third key data sets comprises at least a block of random bits of an associated first, second, and third TRNG disk, respectively; encoding at least two of the first, second, or third key data sets together to form an encoded key data set; encrypting, using a computer processor of a computerized device, source data with the encoded key data set to produce encrypted data; and decrypting, using the computer processor of the computerized device, the encrypted data with the at least two of the first, second, or third key data sets retrieved from the associated TRNG disks, respectively, of the first, second, or third TRNG disks.
“10. The method of claim 9, wherein the encoded key data set is unavailable.
“11. The method of claim 9, wherein each of the first, second, and third TRNG disks is controlled by separate entities or is positioned in different locations.
“12. The method of claim 11, wherein the at least two of the first, second, or third key data sets retrieved from the associated first, second, or third TRNG disk are combined upon agreement by at least two of the separate entities.
“13. A system for securing data using random bits and encoded key data, the method comprising: a plurality of separate true random number generator (TRNG) disks; a plurality of separate key data sets, wherein a key data set from the plurality of key data sets is associated with and provided from each of the plurality of separate TRNG disks, respectively, and wherein the key data set comprises at least a block of random bits of an associated TRNG disk; and an encoded key data set is formed by encoding at least two of the separate key data sets together, wherein a computer processor of a computerized device is used to encrypt source data with the encoded key data set to produce a quantity of encrypted data, wherein the quantity of encrypted data is decrypted with the at least two of the separate key data sets retrieved from the associated TRNG disks of the plurality of separate TRNG disks.
“14. The system of claim 13, wherein the quantity of encrypted data is decrypted with the encoded key data set.
“15. The system of claim 14, wherein a first portion of the plurality of separate TRNG disks is controlled by a first entity and a second portion of the plurality of separate TRNG disks is controlled by a second entity, wherein the first entity is different from the second entity, and wherein the at least two of the key data sets retrieved from the associated TRNG disks of the plurality of separate TRNG disks are combined upon agreement by both the first entity and the second entity.
“16. The system of claim 13, wherein the plurality of key data sets is distributed to at least one of different entities or different locations.
“17. The system of claim 16, wherein the different locations further comprise: different physical locations or different network locations.
“18. The system of claim 16, wherein the key data further comprises a universally unique identifier (UUID) of the associated TRNG disk and bit offset of the block of random bits, the bit offset being a positional address of the block of random bits within the associated TRNG disk.
“19. The system of claim 13, wherein the block of random bits of the associated TRNG disk has a bit size which is equal to or greater than every write request of the source data.
“20. The system of claim 13, wherein a first portion of the plurality of separate TRNG disks is controlled by a first entity and a second portion of the plurality of separate TRNG disks is controlled by a second entity, wherein the first entity is different from the second entity.”
For additional information on this patent, see: Esbensen,
(Our reports deliver fact-based news of research and discoveries from around the world.)
“Systems And Methods For Obtaining Data Annotations” in Patent Application Approval Process (USPTO 20220414598): Allstate Insurance Company
KKR Income Opportunities Fund Announces Terms of Rights Offering and Declares Monthly Distributions
Advisor News
- Financial shocks, caregiving gaps and inflation pressures persist
- Americans unprepared for increased longevity
- More investors will seek comprehensive financial planning
- Midlife planning for women: why it matters and how advisors should adapt
- Tax anxiety is real, although few have a plan to address it
More Advisor NewsAnnuity News
- LIMRA: Annuity sales notch 10th consecutive $100B+ quarter
- AIG to sell remaining shares in Corebridge Financial
- Corebridge Financial, Equitable Holdings post Q1 earnings as merger looms
- AM Best Assigns Credit Ratings to Calix Re Limited
- Transamerica introduces new RILA with optional income features
More Annuity NewsHealth/Employee Benefits News
- NC House lawmakers push for better breast cancer detection
- Lincoln County Commissioners Review Insurance Increase, Approve Road Equipment Purchases
- All about AHCCCS: Navigating Arizona Medicaid's changing landscape
- Studies from David Geffen School of Medicine University of California Los Angeles (UCLA) Yield New Information about Managed Care and Specialty Pharmacy (The effectiveness of care coordination on medication adherence among high-need, high-cost …): Drugs and Therapies – Managed Care and Specialty Pharmacy
- Big health systems blamed for affordability crisis
More Health/Employee Benefits NewsLife Insurance News
- Financial Focus : Keep your beneficiary choices up to date
- Equitable-Corebridge merger casts shadow over life insurance earnings
- When an MEC is an effective planning tool
- Lincoln Financial Reports 2026 First Quarter Results
- Brighthouse Financial Announces First Quarter 2026 Results
More Life Insurance News