Patent Issued for Method and system for securing data using random bits (USPTO 11341254): Quantum Properties Technology LLC

2022 JUN 14 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Esbensen, Daniel M. (Hayward, CA, US), Omohundro, Stephen M. (Palo Alto, CA, US), filed on July 23, 2021, was published online on May 24, 2022.

The assignee for this patent, patent number 11341254, is Quantum Properties Technology LLC (Wilmington, Delaware, United States).

Reporters obtained the following quote from the background information supplied by the inventors:

“Common implementations of data storage security rely on a single security key of 256 bits being applied to the data that then produces an encrypted copy of the data.

“Many situations require that data be highly secured while in transit. These include, but are not limited to, high-value intellectual property like digital films, sensitive corporate and government data, health data with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy requirements, and personal information in the European Union where General Data Protection Regulation (GDPR) compliance requires data protection. Many situations also require data to be highly secured while physically stored.

“Today’s cryptographic systems for securing data suffer from a number of problems. A common method for encrypted transport of data is to first use public key cryptography to transmit a symmetric cryptographic key and then to transmit the message data encrypted using symmetric cryptography with the exchanged key. The cryptography guide by Latacora describes Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) as the most popular mode of symmetric encryption today and recommends the use of a 256-bit key. Latacora also recommends Networking and Cryptography library (NaCl) for asymmetric encryption based on the Curve25519 elliptic curve.

“Unfortunately, the development of quantum computing, increases in hardware speed, the development of new cryptanalysis algorithms, and hardware security flaws have caused many to be concerned about the future security of the current cryptographic techniques. The new field of “post-quantum cryptography” has proposed new algorithms which are intended to be safe against cryptanalysis by quantum computers but they are unproven and not yet widely accepted. Many are also worried about the possibility of backdoors in standard algorithms which might be exposed in the future. There is no mathematical proof that either symmetric or public key encryption algorithms are actually secure. Public key cryptography, especially, is based on unproven assumptions which many question. The only known mathematically provably secure encryption technique is the “One Time Pad” (OTP), which combines the message with a random key of the same length. But current implementations of OTPs have suffered from technological difficulties making their widespread use impractical. For example, OTP key storage and distribution has traditionally been regarded as prohibitive.

“Another issue of increasing importance is the insecurity of modern computer hardware. Two processes which run on the same processor can leak information about cryptographic keys between them through the processor’s instruction cache. Information left in caches can also reveal supposedly secret information when speculative execution unwinds. And the “Rowhammer” and “Drammer” attacks access memory in ways that can flip bits in a key and break encryption. More and more hardware and side-channel attacks are being discovered every day. Using today’s processors with the standard encryption techniques leaves the user uncertain about the security of their data.

“Encryption systems which are based on a small key (e.g., Latacora’s recommended 256 bits) enable attacks which discover and transmit those small number of bits to recover all of the encrypted data. The single key, once known, can be easily and quickly sent across the Internet or by other electronic means and used to decrypt massive amounts of secured data. Low data rate transmission methods like inaudible signals over a computer’s speaker can even be used to transmit small keys from machines which are not connected to networks. Discovery of even a small number of bytes of key data can expose the contents of hundreds of terabytes of supposedly secured message data. In many settings, this kind of risk of exposure is unacceptable.

“When large amounts of data must be sent quickly from one location to another, it is common practice to physically transport the data on storage devices (SD), such as hard disk drives, solid state disk drives, magnetic tape, and other media. Physical transfer is used because network transfers of large amounts of data can take weeks or months. For example, on a 100 Mbps connection, it can take over 120 days to transfer 100 terabytes of data. Today’s storage devices have a large capacity and continuing improvements are expected. 14 terabyte hard drives and 100 terabyte SSD drives are now available. Similarly, physical storage devices must be used when data must be stored over time.

“The use of physical storage devices introduces the possibility that they may be stolen while being transported or stored. They may also become corrupted or damaged. These risks of exposure or loss of data must be minimized in many important situations.

“Moreover, in some situations, it may be difficult or impractical to transmit data on physical storage devices, such as when data needs to be received within a shortened period of time, or when weather, the climate, or a transportation route makes transporting physical storage devices difficult. In these cases, it may be advantageous to have a secure method of transmitting data which minimizes the risk of exposure of the data. While there are various conventional methods for transmitting electronic data securely, many of these methods are less secure than desired. For example, these conventional methods may leave the data prone to being viewed or accessed by unauthorized parties during transmit, and often times they do not provide any indication to the intended recipient of the data that there has been an intrusion.

“Thus, a heretofore unaddressed need exists in the industry to address the aforementioned deficiencies and inadequacies. As such, methods and systems for providing highly secured network communication are presented herein.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “Embodiments of the present disclosure provide a system and method for securing data using random bits. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: providing a true random number generator (TRNG) disk, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); cloning the TRNG disk, thereby creating at least one TRNG disk copy which is identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; receiving source data; encrypting the source data with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from a first location to at least a second location; and decrypting the encrypted source data at the second location using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.

“In one aspect of the method, the block of random bits of the TRNG disk used to encrypt the source data has a bit size which is equal or greater than every write request of the source data.

“In another aspect of the method, the at least one TRNG disk copy is stored at the second location prior to receiving the source data.

“In yet another aspect, a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.

“In yet another aspect, the block of random bits within the TRNG disk are destroyed after the source data is encrypted with the block of random bits.”

The claims supplied by the inventors are:

“1. A method for securing data using random bits, the method comprising: providing a true random number generator (TRNG) disk on a computerized device, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); cloning the TRNG disk with a processor of the computerized device, thereby creating at least one TRNG disk copy which is identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; receiving source data on the computerized device; using the processor, encrypting the source data with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from a first location to at least a second location; and decrypting the encrypted source data at the second location using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.

“2. The method of claim 1, wherein the block of random bits of the TRNG disk used to encrypt the source data have a bit size which is equal or greater than every write request of the source data.

“3. The method of claim 1, wherein the at least one TRNG disk copy is stored at the second location prior to receiving the source data.

“4. The method of claim 1, wherein a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.

“5. The method of claim 1, further comprising destroying the block of random bits within the TRNG disk after the source data is encrypted with the block of random bits.

“6. The method of claim 1, wherein the first location is an in-field location, and the second location is an operations center.

“7. The method of claim 1, wherein communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location further comprises at least one of: transporting a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; electronically communicating, through at least one network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; or electronically communicating, through at least one mesh network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location.

“8. The method of claim 1, wherein the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.

“9. The method of claim 1, wherein the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.

“10. A system for securing data using random bits, the system comprising: a computerized device having a processor and a true random number generator (TRNG) disk, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); at least one TRNG disk copy created by cloning the TRNG disk with the processor of the computerized device, the at least one TRNG disk copy being identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; source data; an encryption operator receiving source data and, with the processor, encrypting it with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; at least one communication path located between a first location and at least a second location, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are communicated on the at least one communication path from the first location to the second location; and a decryption operator located at the second location, wherein the decryption operator decrypts the encrypted source data using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.

“11. The system of claim 10, wherein the block of random bits of the TRNG disk used to encrypt the source data have a bit size which is equal or greater than every write request of the source data.

“12. The system of claim 10, wherein the at least one TRNG disk copy is stored at the second location prior to receiving the source data.

“13. The system of claim 10, wherein a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.

“14. The system of claim 10, wherein the block of random bits within the TRNG disk is destroyed after the source data is encrypted with the block of random bits.

“15. The system of claim 10, wherein the first location is an in-field location, and the second location is an operations center.

“16. The system of claim 10, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are communicated along the communication path with at least one of: a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk, the physical storage device being transported from the first location to at least the second location; at least one network, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are electronically communicated from the first location to at least the second location on the at least one network; or at least one mesh network, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are electronically communicated from the first location to at least the second location on the at least one mesh network.

“17. The system of claim 10, wherein the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.

“18. The system of claim 10, wherein the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.

“19. A method for securing data using random bits and time- controlling release of the secured data, the method comprising: providing source data; using a processor of a computerized device, encrypting the source data with a block of random bits of a true random number generator (TRNG) disk to produce encrypted data, wherein the TRNG disk has a plurality of random bits and a universally unique identifier (UUID), and wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk on a data storage device; and time-controlling decryption of the encrypted source data with the processor, whereby after a period of time, a TRNG disk copy, identical to the TRNG disk, is communicated to the data storage device, whereby the encrypted source data is decrypted using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.

“20. The method of claim 19, wherein the source data is encrypted with the block of random bits of the TRNG disk automatically during an upload of the source data to the data storage device.”

For more information, see this patent: Esbensen, Daniel M. Method and system for securing data using random bits. U.S. Patent Number 11341254, filed July 23, 2021, and published online on May 24, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11341254.PN.&OS=PN/11341254RS=PN/11341254

(Our reports deliver fact-based news of research and discoveries from around the world.)