A novel data security framework that provides a triple layer of out-of-order “divide and store” protection.
The invention provides for "on-board" data encryption for communication and mobile internet devices operating on enterprise and wireless networks. The data division and out-of-order keystream generation scheme offer a means to protect stored data against becoming compromised during the distributed use part of its life cycles. The novel data security framework provides a triple layer of out-of-order "divide and store" protection. The first ring is to create cipher blocks by dividing the plaintext data into multiple blocks and encrypting them. A second layer is generated by a keystream abstracted from the data blocks in pseudorandom, out-or-order manner. A third security feature is a function of saving and storing separately the encrypted data (on the mobile device) and the keystream and PIN (on a secure server). Plain text can only be regenerated by merging the decrypted cipher text and keystream with an authenticated PIN.
Patent: U.S. 8,862,900
Unlike conventional stream ciphers built around a protected password, a publicly known initialization vector (IV), and a fixed-length keystream, which are becoming increasingly vulnerable to decryption efforts, the novel data division and out-of-order keystream generation approach is a robust self-encryption scheme that leverages the use of a variable-length keystream, which is computationally much more difficult to defeat with brute force attacks.
The on-device, data security encryption technology offers the following specific advantages when implemented in an embedded accelerator using configurable hardware devices such as Field Programmable Gate Arrays:
ROBUST: multi-layer distributed data security scheme;
EFFECTIVE: 256-bit encryption very difficult to defeat by brute force, algebraic, correlation, differential analysis, reply, and other cryptanalysis attacks;
SIMPLE and UNOBTRUSIVE: an embedded software solution that does not impose an excessive computational workload or processing overhead, or additional hardware power and size/weight requirements on personal devices;
SCALABLE: length of the keystream can be changed based on the user’s security requirements.
Safeguarding private or sensitive information (e.g., passwords, records, and other information), while enabling pervasive computing built on devices and sensors sharing data within ad hoc wireless networks or Internet-based distributed storage infrastructure, such as grid or cloud computing, or on cooperative systems for emergency management such as search and rescue, public safety, and on mesh networks.