A novel, multi-layer distributed data security scheme that provides a triple layer of out-of-order “divide and store” protection of data

About

This invention addresses the need for “on-board” data encryption for next generation communication and mobile Internet devices operating on enterprise and wireless networks. The unique data division and out-of-order keystream generation scheme offers a means to protect stored data against becoming compromised during the distributed use part of its life cycle—should the device fall into the hands of an unauthorized user or adversary, the “readable” data is not sufficient to provide understandable, useful information.The novel data security framework provides a triple layer of out-of-order “divide and store” protection. The first ring is to create cipher blocks by dividing the plaintext data into multiple blocks and encrypting them. A second layer is generated by a keystream abstracted from the data blocks in pseudorandom, out-or-order manner. A third security feature is a function of saving and storing separately the encrypted data (on the mobile device) and the keystream and PIN (on a secure server). Plain text can only be regenerated by merging the decrypted cipher text and keystream with an authenticated PIN.

Key Benefits

Unlike conventional stream ciphers built around a protected password, a publicly known initialization vector (IV), and a fixed length keystream which are becoming increasingly vulnerable to decryption efforts, the novel data division and out-of-order keystream generation approach is a robust self-encryption scheme that leverages the use of a variable length keystream which is computationally much more difficult to defeat with brute force attacks.The on-device, data security encryption technology offers the following specific advantages when implemented in an embedded accelerator using configurable hardware devices such as Field Programmable Gate Arrays: Robust: multi-layer distributed data security scheme Effective: 256-bit encryption very difficult to defeat by brute force, algebraic, correlation, differential analysis, reply, and other cryptanalysis attacks Simple and unobtrusive: an embedded software solution that does not impose an excessive computational workload or processing overhead, or additional hardware power and size/weight requirements on personal devices Scalable: The length of the keystream can be changed based on the user’s security requirements

Applications

Safeguarding private or sensitive information, e.g., passwords, records, and other information while enabling pervasive computing built on devices and sensors sharing data within ad hoc wireless networks or Internet based distributed storage infrastructure such as grid or cloud computing, or on cooperative systems for emergency management such as search and rescue, public safety, and on mesh networks.

Register for free for full unlimited access to all innovation profiles on LEO

  • Discover articles from some of the world’s brightest minds, or share your thoughts and add one yourself
  • Connect with like-minded individuals and forge valuable relationships and collaboration partners
  • Innovate together, promote your expertise, or showcase your innovations