Researchers Submit Patent Application, “Method And System For Securing Data Using Random Bits”, for Approval (USPTO 20220004648): Patent Application
2022 JAN 25 (NewsRx) -- By a
No assignee for this patent application has been made.
News editors obtained the following quote from the background information supplied by the inventors: “Common implementations of data storage security rely on a single security key of 256 bits being applied to the data that then produces an encrypted copy of the data.
“Many situations require that data be highly secured while in transit. These include, but are not limited to, high-value intellectual property like digital films, sensitive corporate and government data, health data with Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy requirements, and personal information in the
“Today’s cryptographic systems for securing data suffer from a number of problems. A common method for encrypted transport of data is to first use public key cryptography to transmit a symmetric cryptographic key and then to transmit the message data encrypted using symmetric cryptography with the exchanged key. The cryptography guide by Latacora describes Advanced Encryption Standard-Galois/Counter Mode (AES-GCM) as the most popular mode of symmetric encryption today and recommends the use of a 256-bit key. Latacora also recommends Networking and Cryptography library (NaCl) for asymmetric encryption based on the Curve25519 elliptic curve.
“Unfortunately, the development of quantum computing, increases in hardware speed, the development of new cryptanalysis algorithms, and hardware security flaws have caused many to be concerned about the future security of the current cryptographic techniques. The new field of “post-quantum cryptography” has proposed new algorithms which are intended to be safe against cryptanalysis by quantum computers but they are unproven and not yet widely accepted. Many are also worried about the possibility of backdoors in standard algorithms which might be exposed in the future. There is no mathematical proof that either symmetric or public key encryption algorithms are actually secure. Public key cryptography, especially, is based on unproven assumptions which many question. The only known mathematically provably secure encryption technique is the “One Time Pad” (OTP), which combines the message with a random key of the same length. But current implementations of OTPs have suffered from technological difficulties making their widespread use impractical. For example, OTP key storage and distribution has traditionally been regarded as prohibitive.
“Another issue of increasing importance is the insecurity of modern computer hardware. Two processes which run on the same processor can leak information about cryptographic keys between them through the processor’s instruction cache. Information left in caches can also reveal supposedly secret information when speculative execution unwinds. And the “Rowhammer” and “Drammer” attacks access memory in ways that can flip bits in a key and break encryption. More and more hardware and side-channel attacks are being discovered every day. Using today’s processors with the standard encryption techniques leaves the user uncertain about the security of their data.
“Encryption systems which are based on a small key (e.g., Latacora’s recommended 256 bits) enable attacks which discover and transmit those small number of bits to recover all of the encrypted data. The single key, once known, can be easily and quickly sent across the Internet or by other electronic means and used to decrypt massive amounts of secured data. Low data rate transmission methods like inaudible signals over a computer’s speaker can even be used to transmit small keys from machines which are not connected to networks. Discovery of even a small number of bytes of key data can expose the contents of hundreds of terabytes of supposedly secured message data. In many settings, this kind of risk of exposure is unacceptable.
“When large amounts of data must be sent quickly from one location to another, it is common practice to physically transport the data on storage devices (SD), such as hard disk drives, solid state disk drives, magnetic tape, and other media. Physical transfer is used because network transfers of large amounts of data can take weeks or months. For example, on a 100 Mbps connection, it can take over 120 days to transfer 100 terabytes of data. Today’s storage devices have a large capacity and continuing improvements are expected. 14 terabyte hard drives and 100 terabyte SSD drives are now available. Similarly, physical storage devices must be used when data must be stored over time.
“The use of physical storage devices introduces the possibility that they may be stolen while being transported or stored. They may also become corrupted or damaged. These risks of exposure or loss of data must be minimized in many important situations.
“Moreover, in some situations, it may be difficult or impractical to transmit data on physical storage devices, such as when data needs to be received within a shortened period of time, or when weather, the climate, or a transportation route makes transporting physical storage devices difficult. In these cases, it may be advantageous to have a secure method of transmitting data which minimizes the risk of exposure of the data. While there are various conventional methods for transmitting electronic data securely, many of these methods are less secure than desired. For example, these conventional methods may leave the data prone to being viewed or accessed by unauthorized parties during transmit, and often times they do not provide any indication to the intended recipient of the data that there has been an intrusion.
“Thus, a heretofore unaddressed need exists in the industry to address the aforementioned deficiencies and inadequacies. As such, methods and systems for providing highly secured network communication are presented herein.”
As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “Embodiments of the present disclosure provide a system and method for securing data using random bits. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: providing a true random number generator (TRNG) disk, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); cloning the TRNG disk, thereby creating at least one TRNG disk copy which is identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; receiving source data; encrypting the source data with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from a first location to at least a second location; and decrypting the encrypted source data at the second location using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“In one aspect of the method, the block of random bits of the TRNG disk used to encrypt the source data has a bit size which is equal or greater than every write request of the source data.
“In another aspect of the method, the at least one TRNG disk copy is stored at the second location prior to receiving the source data.
“In yet another aspect, a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.
“In yet another aspect, the block of random bits within the TRNG disk are destroyed after the source data is encrypted with the block of random bits.
“In another aspect, the first location is an in-field location, and the second location is an operations center.
“In yet another aspect, communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location further comprises at least one of: transporting a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; electronically communicating, through at least one network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; or electronically communicating, through at least one mesh network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location.
“In yet another aspect, the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.
“In another aspect, the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.
“The present disclosure can also be viewed as providing a system for securing data using random bits. Briefly described, in architecture, one embodiment of the system, among others, can be implemented as follows. A true random number generator (TRNG) disk has a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID). At least one TRNG disk copy is created by cloning the TRNG disk, the at least one TRNG disk copy being identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk. An encryption operator receives source data and encrypts it with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk. At least one communication path is located between a first location and at least a second location, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are communicated on the at least one communication path from the first location to the second location. A decryption operator is located at the second location, wherein the decryption operator decrypts the encrypted source data using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“In one aspect of the system, the block of random bits of the TRNG disk used to encrypt the source data has a bit size which is equal or greater than every write request of the source data.
“In another aspect of the system, the at least one TRNG disk copy is stored at the second location prior to receiving the source data.
“In yet another aspect, a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.
“In yet another aspect, the block of random bits within the TRNG disk are destroyed after the source data is encrypted with the block of random bits.
“In another aspect, the first location is an in-field location, and the second location is an operations center.
“In yet another aspect, communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location further comprises at least one of: transporting a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; electronically communicating, through at least one network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; or electronically communicating, through at least one mesh network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location.
“In yet another aspect, the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.
“In another aspect, the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.
“The present disclosure can also be viewed as providing methods for securing data using random bits and time-controlling release of the secured data. In this regard, one embodiment of such a method, among others, can be broadly summarized by the following steps: providing source data; encrypting the source data with a block of random bits of a true random number generator (TRNG) disk to produce encrypted data, wherein the TRNG disk has a plurality of random bits and a universally unique identifier (UUID), and wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk on a data storage device; and time-controlling decryption of the encrypted source data, whereby after a period of time, a TRNG disk copy, identical to the TRNG disk, is communicated to the data storage device, whereby the encrypted source data is decrypted using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“In one aspect of the method, the source data is encrypted with the block of random bits of the TRNG disk automatically during an upload of the source data to the data storage device.
“Other systems, methods, features, and advantages of the present disclosure will be or become apparent to one with skill in the art upon examination of the following drawings and detailed description. It is intended that all such additional systems, methods, features, and advantages be included within this description, be within the scope of the present disclosure, and be protected by the accompanying claims.”
The claims supplied by the inventors are:
“1. A method for securing data using random bits, the method comprising: providing a true random number generator (TRNG) disk, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); cloning the TRNG disk, thereby creating at least one TRNG disk copy which is identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; receiving source data; encrypting the source data with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from a first location to at least a second location; and decrypting the encrypted source data at the second location using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“2. The method of claim 1, wherein the block of random bits of the TRNG disk used to encrypt the source data have a bit size which is equal or greater than every write request of the source data.
“3. The method of claim 1, wherein the at least one TRNG disk copy is stored at the second location prior to receiving the source data.
“4. The method of claim 1, wherein a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.
“5. The method of claim 1, further comprising destroying the block of random bits within the TRNG disk after the source data is encrypted with the block of random bits.
“6. The method of claim 1, wherein the first location is an in-field location, and the second location is an operations center.
“7. The method of claim 1, wherein communicating the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location further comprises at least one of: transporting a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; electronically communicating, through at least one network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location; or electronically communicating, through at least one mesh network, the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to at least the second location.
“8. The method of claim 1, wherein the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.
“9. The method of claim 1, wherein the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.
“10. A system for securing data using random bits, the method comprising: a true random number generator (TRNG) disk, the TRNG disk having a plurality of random bits, wherein the TRNG disk has a universally unique identifier (UUID); at least one TRNG disk copy created by cloning the TRNG disk, the at least one TRNG disk copy being identical to the TRNG disk, wherein the at least one TRNG disk copy is stored in a separate physical location than the TRNG disk; source data; an encryption operator receiving source data and encrypting it with a block of random bits of the TRNG disk to produce encrypted data, wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; at least one communication path located between a first location and at least a second location, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are communicated on the at least one communication path from the first location to the second location; and a decryption operator located at the second location, wherein the decryption operator decrypts the encrypted source data using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“11. The system of claim 10, wherein the block of random bits of the TRNG disk used to encrypt the source data have a bit size which is equal or greater than every write request of the source data.
“12. The system of claim 10, wherein the at least one TRNG disk copy is stored at the second location prior to receiving the source data.
“13. The system of claim 10, wherein a plurality of TRNG disk copies is made, each of the plurality of TRNG disk copies being stored at a different second locations, respectively.
“14. The system of claim 10, wherein the block of random bits within the TRNG disk is destroyed after the source data is encrypted with the block of random bits.
“15. The system of claim 10, wherein the first location is an in-field location, and the second location is an operations center.
“16. The system of claim 10, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are communicated along the communication path with at least one of: a physical data storage device storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk, the physical storage device being transported from the first location to at least the second location; at least one network, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are electronically communicated from the first location to at least the second location on the at least one network; or at least one mesh network, wherein the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk are electronically communicated from the first location to at least the second location on the at least one mesh network.
“17. The system of claim 10, wherein the TRNG disk further comprises a seed vector usable in a pseudo random number generator (PRNG), wherein a seed index number and a PRNG iteration number is communicated with the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk from the first location to the second location.
“18. The system of claim 10, wherein the TRNG disk at the first location further comprises a key fob, and wherein the TRNG disk copy at the second location further comprises a receiver for the key fob.
“19. A method for securing data using random bits and time-controlling release of the secured data, the method comprising: providing source data; encrypting the source data with a block of random bits of a true random number generator (TRNG) disk to produce encrypted data, wherein the TRNG disk has a plurality of random bits and a universally unique identifier (UUID), and wherein the block of random bits of the TRNG disk has a bit offset, the bit offset being a positional address of the block of random bits within the TRNG disk; storing the encrypted source data, the UUID of the TRNG disk, and the bit offset of the TRNG disk on a data storage device; and time-controlling decryption of the encrypted source data, whereby after a period of time, a TRNG disk copy, identical to the TRNG disk, is communicated to the data storage device, whereby the encrypted source data is decrypted using the UUID of the TRNG disk, the offset of the TRNG disk, and the TRNG disk copy.
“20. The method of claim 19, wherein the source data is encrypted with the block of random bits of the TRNG disk automatically during an upload of the source data to the data storage device.”
For additional information on this patent application, see: ESBENSEN, Daniel M.; OMOHUNDRO, Stephen M. Method And System For Securing Data Using Random Bits. Filed
(Our reports deliver fact-based news of research and discoveries from around the world.)
Reports from St. Louis University Highlight Recent Findings in Social Work (Financial Well-being of the Non-profit Social Service Workforce In China): Social Work
“Information Management System, And Method For Device Registration Of Measuring Device And Information Terminal” in Patent Application Approval Process (USPTO 20220007091): Patent Application
Advisor News
- Social cultivation: How to talk with wealthy prospects
- How important is a written financial plan?
- Coalition wants to advise people impacted by policy changes in new administration
- Diagnosing miscommunication in retirement planning
- Election creates an opportunity for advisor/client dialogue
More Advisor NewsAnnuity News
Health/Employee Benefits News
- ‘Especially disgusting’: Former workers, patients, level accusations at addiction treatment empire
- Doctor’s bills often come with sticker shock
- Covering weight loss drugs driving Virginia Medicaid costs higher
- Generations
- Vermont Dept. of Financial Regulation warns of potential health insurance scams
More Health/Employee Benefits NewsLife Insurance News