CA2101198A1 - Secure network method and apparatus - Google Patents
Secure network method and apparatusInfo
- Publication number
- CA2101198A1 CA2101198A1 CA002101198A CA2101198A CA2101198A1 CA 2101198 A1 CA2101198 A1 CA 2101198A1 CA 002101198 A CA002101198 A CA 002101198A CA 2101198 A CA2101198 A CA 2101198A CA 2101198 A1 CA2101198 A1 CA 2101198A1
- Authority
- CA
- Canada
- Prior art keywords
- information
- message
- scrambled
- editions
- passkey
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Abstract
ABSTRACT OF THE DISCLOSURE
A method and apparatus for ensuring the security of messages communicated on a network. The system employs different levels of security to ensure that communication integrity is not breached.
A user must first enter a valid password to clear the access control subsystem. The sending user must also possess valid cryptographic information and belong to a particular organization and/or be located at a particular device in order to encrypt a plain text message that is to be transmitted over the network. The device and organization information, along with receiving user information specified by the sending user, will then be grouped into a header which will be appended to the outgoing encrypted message. In order to receive a transmitted message, a receiving user must be the particular receiving user and be part of the particular group specified by the sending user, and must be attempting to receive the communication at the device specified in the message header. If these conditions are satisfied, cryptographic information must be entered into the system in order to decrypt the message, resulting in the original plain text message.
A method and apparatus for ensuring the security of messages communicated on a network. The system employs different levels of security to ensure that communication integrity is not breached.
A user must first enter a valid password to clear the access control subsystem. The sending user must also possess valid cryptographic information and belong to a particular organization and/or be located at a particular device in order to encrypt a plain text message that is to be transmitted over the network. The device and organization information, along with receiving user information specified by the sending user, will then be grouped into a header which will be appended to the outgoing encrypted message. In order to receive a transmitted message, a receiving user must be the particular receiving user and be part of the particular group specified by the sending user, and must be attempting to receive the communication at the device specified in the message header. If these conditions are satisfied, cryptographic information must be entered into the system in order to decrypt the message, resulting in the original plain text message.
Description
2 1 ~ 8 Title of the Invention: SECURE NE~WORK METHOD AND APPARATUS
Inventor: ROY D. FOLLENDORE III
ckqround of thç Invention 2 While the specter of "spies" eagerly trying to obtain the '" 3 defense information of various countri~es is very much still present , 4 in the defense and intelligence community, an equally massive -' 5 threat now exists from technological or commercial "spies" who i ,~ 6 desire to obtain commercial and technical information from . .
''~ 7 competing companies. These agents use sophisticated means similar ; 8 to those used by the defense and intelligence community in order to , ~
9 obtain commercially valuable information that reveals the plans and ; 10 commercial activities of competitors thereby allowing the aggressor '~
ll company to obtain a competitive advantage in the marketplace.
~, 12 Theft of commercially valuable information is a very real and ever 13 present threat.
.i ~ 14 To combat this type of commercial spying, various complex ".1 `'!~ 15 systems have evolved to protect company proprietary information.
16 These systems involve physical con,trols over personnel as well as ~,~ 17 over the data flowing in and out of a company. For example, most ~3 18 computer systems used within companies require a password to be ,', 19 entered before the system can be accessed. It is frequently the ,' 20 case that confidential or company proprietary information must be ' 21 passed electronically from one location to another in order to " 22 convey that information within the company in a timely fashionO
.
'`i', 23 Such electronic communication is easily susceptible to interception ~,;
;~ 24 if not protected in'some other form.
:.;
,,,3 :
:` ~ :: : : : :: :`t :: :: ::
'~ 1 9 8 ; 1 Cryptographic systems have evolved to fill the needs of 2 companies and individuals wanting to protect the proprietary 3 commercial information of a company from competitors and those who 4 generally should not have that information.
Encryption of data is therefore a critical requirement in 6 denying access to confidential information from those who are not 7 so authorized. Cryptographic "keys" are an essential part of the 8 information encryption process. The cryptographic key, or "key"
` 9 for short, is a sequence of letters, numbers, or bytes of information which are manipulated by a cryptographic algorithm to 11 transform data fxom plain (readable) text to a series of 12 unintelligible text or signals known as encrypted or cipher text.
.1 .
13 ~he key is then used by the receiv2r of the cipher text to decrypt 14 the message back to plain text. However, for two people to communicate successfully using keys, each must use the same key, 16 assuming that the same encryption/decryption algorithm is used on 17 both ends of the communication.
18 Simple encryption of data being communicated between two 19 p~ints only provides one level of security, however. Encryption limits data communication to those who have the key. Anyone who 21 has the key is privy to any communication at any location. That 22 is, if a group of people are working on a particul~r project, they 23 will all presumably share a key for decrypting information relating 24 to the project. Some of the project group may be working in one location, while the rest of the group may be located in a distant 26 city. If one member of the group wants to send a communication to , . ........... ~ . ,. ~.
.. . .
`2 ~
: 1 a particular member in the other city, the key will afford him no ;~ 2 protection because everyone in the project shares the same key.
;
3 Likewise, i~ someone wants to communicate a message to a subset of 4 the group, for example, only to management personnel, this key would again provide her with no extra security. In another case, 6 someone may want to send a message that is capable of being read 7 only at a particular computer terminal, or of being printed only at 8 a particular printer. In these and other cases, multilevel 9 multimedia key access, or individual keys issued to each person, " .
would provide a solution, albeit one that is quite unwieldy, ~ 11 inflexible, and difficult to manage by a security officer or key .. 12 administrator.
:;, -. 13 A secure method of labelling files or messages that are sent '. 14 from a sending user to a receiving user over a network can provide a level of protection in addition to cryptographic protectionO A
~ 16 file "label" for purposes of this invention means a series of ::3 17 letters or numbers, which may or may not be encrypted, separate ..i 18 from but associated with the sending of a message, .-hich identifies ~:l 19 the person, location, equipment, and/or organization which is ."
permitted to receive the associated message. Using a secure 21 labelling regimen, a network manager or user can be assured that . c, .c 22 only those messages meant for a certain person, group of persons, ., 23 and/or location(s) are in fact received, decrypted, and read by the 24 intended receiver. Thus, a sending user can specify label conditions that limit access to the transmitted message. For - 26 example, many people within a company may have the key necessary to , ., ., .
,., , ~1~119~
1 read a data file that a sender may transmit from his computer 2 terminal to other terminals at another site within his company.
3 The sender may, however, wish to r~strict reception to those 4 persons present at a particular terminal. By employing a secure ~ 5 labelling technique in addition to encryption, the sender can be i~ 6 assured that people having the correct key to decrypt the message 7 but working at different terminals will not receive or be allowed ' 8 to access the communication. Access may be limited to particular ; 9 people as well.
It is therefore an objective of the present invention to 11 provide a system to insure that properly specified kinds of 1~ information in a network system flows only to designated locations 13 and to further insure that such information is only read by those 14 individuals who are designated to review that information.
It is a further objective of the present invention to provide 16 a system whereby information can be protected via the Type 3 triple 17 DES (data encryption standard) or through a Type 4 expandable 18 digital encryption process or other cryptographic algorithms.
, lg It is a further objective to provide a system for automated key management environments which maintains a key and associated 21 label inventory from the time the information is created to the 22 time the informatiGn is deleted from the system.
~ 2'3 It is a further objective of the present invention to provide t~ 24 a system for a multilevel automated audit router associated with ', 25 the passage of information over a computer system or network as !.
., '.':' ~;' - ' ' , ';'.`.:' . '' . . . ` . , `::
i................ ~ :: ': ' ,~`:';i :::`~:: : ` :.` .': ::.' . : :: :;,`:
` : ` `: -2~ 19~
1 well as to evaluate the security associated with that network or 2 system.
3 Brief Descri~tion of the Invention 4 The present invention, also referred to as the Net Shield, is designed to improve the security of inter- and intra- office ~ 6 communications and to provide cryptographic data separation for the 3~ 7 storage of and transport of data files. This privacy protection 8 system integrates computer security labels and existing file 9 structures with an encryption process based on a Type 3 multiple Data Encryption Standard ("DES") or a Type 4 exportable 11 cryptographic algorithm. (Add Figure) "Type 3" and "Type 4" are 12 common National Security Agency ("NSA") designations for low level l 13 government and approved commercial encryption schemes, i~ 14 respectively. The present invention is designed to be used with ~ 15 most commercial operating systems.
3 16 The present invention provides ~rivacy and data separation ~ 17 protection to files using a Type 4 encryption algorithm. The Type :`i ¦ 18 4 key management offers data separation capability on any disk 19 medium with no modification to the computer.
A stand alone hardware implementation called the Net Shield 21 NLU (Network Label Unit) provides privacy and data separation using 22 a multiple Type 3 algorithm. The data transfer and encryption 23 process is transparent to the communications protocols and the user 24 application.
,~ .
~, i .~, .
1 9 ~
1 Cipher feedbaclc or output block en~ryption modes are available 2 in both algorithm implementations. The NLU firmware can be :, 3 programmed for triple DES.
4 Both hardware and software implementations of the present invention are based on a logical grouping of data, called a j 6 cluster, each such grouping of data sharing a sj.ngle label and i 7 crypto variable key. The cluster may operate within a physical 8 network such as a Local Area Network (LAN), within a logical 9 network such as E-mail, or even on a single workstation. The workstation used may be a personal computer, such as a computer 11 based on an Intel 80386 microprocessor chip. The invention may be ` 12 used successfully with such a computer running on a 20 megahertz 13 clock, utilizing 640 kilobytes of random access memory. Although .:, ` 14 ~he invention is designed for initial use on a network using the type of computer described, it is contemplated for use with a wide 16 range of computers and workstations. For example, an Intel 80387 ~3 17 math coprocessor and extra random access memory may be added to the ~l 18 above configuration in order to enhance performance. Likewise, a 19 computer based on a faster microprocessor may be used, as may a 'ii computer based on an entirely different microprocessor, such as the si 21 Motorola family of ¢hips. In short, the present invention is 22 contemplated for use with any device that is adaptable for use as 23 a computing device on a network, and the particular device used in 24 not a limitation on the scope of the present invention. At least two of these devices are contemplated for use with the system of ,,:i ;`"
.
.~
,;1. .~'" . ~ ` ' ' ' ' ' ' ''~,~' ' ' 210i~.a3~
1 the present invention -- one as a transmit port and one as a 2 receive port.
3 Labels provide a method to ensure a designated information 4 flow for data/files that are shared among users. A label is a character string or name which a user utilizes to associate a 6 crypto key with a particular project or compartment. Labels are 7 uniguely mapped to the encryption process, and a label's field may 8 be expanded to cryptographically reflect organizational functions 9 such as location and user.
}O In an operational context, a user is associated with a project 11 for which a directory and files are assigned. Access to files and 1~ to communications is limited through the project assignment label 13 and a personal identification number. Thus, only persons 14 associated with the project will have access to project files and communications; an unassociated person, such as a fellow employee 16 who possesses the cryptographic key to the network, will not have 17 access to communications having a project restrictive label. The 18 label and encryption process can be used with application programs 19 utilized by the project as well.
Within the project itself, access to particular communications 21 may be restricted to a certain person or group of persons, again 22 ~hrough the use of secure labels. Access to a communication may 2`3 also be restricted to a particular device, such as a workstation 24 terminal or printer. In this case, the label will ensure that only users present at the designated device (or group of devices) will 26 receive the communication.
.
.
~`:: . ' . ~- : : -. ' .
`~
2 1 ~
1 A label manager is available to complement network management.
2 The label manager is a software package that allows the system 3 administrator to implement company access control policies with a 4 simple access list.
A key generator is available for creating Type 4 keys Xor the 6 NLS Export/F. The NLU can be modified to generate Type 3 multiple 7 DES keys.
8 Brief Description of the Drawinqs 9 Figure 1 Protection of a network schema Figure 2 Net Shield label combinations 11 Figure 3 Net Shield flow chart 12 Figure 4 Net Shield operational flowchart 13 Figure 5 Net Shield security access system 14 Figure 6 Cryptographic label system (encryption motion) Figure 7 Cryptographic label system (decryption motion) 16 Figure 8 Net Shield header/key proof 17 Figure 9 Net Shield secure routlng system 18 Figure ~O Network label manager 19 Figure 11 Secure routing system (header labeling) Detailed DescriPtion of the Preferred Embodiment 21 The Net 5hield securely encrypts, decrypts and manages keys 22 and files, as well as archiving information files on disks, thus 23 creating a secure network. The present invention will allow 24 security networks that don't presently have security syst~ms to implement such systems. Net Shield will work at application and 26 presentation levels on the OSI model without interfering with those .~. ~ : : : -- . :
i:~.~:~ : -,, 9 ~
.~, g 1 models and will work with word proce~sing packages such as a ;~ 2 Microsoft WordTM for Windows.
3 The present invention security system will be simple to use.
4 A user will merely supply the subject matter or group affiliation of the communication, a designated target device or group of 6 devices to receive the communication, and a list of persons 1j 7 authorized to access the communication.
3i 8 Referring to Figure 1, some general concepts of the present 9 invention are shown. Labels consist of data, information and , 10 knowledge. Knowledge is made of specific schema of information.
11 Information in turn is made of specific schema or structures of 12 data. That is, input data are processed by the system to get ~i 13 information. The resulting information is analyzed and interpreted 14 to attain knowledge regarding the input. Knowledge, processed in~ormation, and raw data all go into the creation of labels. The ' 16 labels themselves are then named. They are names of projects, . 17 facilities and/or people, as shown in Figure 1. This all goes into 18 a process to perform the key management functions necessary for the 19 cryptography.
Figure 2 shows the Net Shield truth table which is a depiction 21 of all the possible combinations of access restrictions that can be ~- 22 placed on a communication, given the three levels of labels 23 utilized by the present invention. Each Net Shield project on file 24 will have a CID, a DID, and an UID.
; 25 'ICID'' stands fbr Cluster Identification, or Cluster I.D. It is 26 an authorization label based on an identification of the idea tha~
~'' , .
: .
.
~ "~
.~,,: :- .
:. ~ ..... .: :
2 ~ 0 ~
`~ 10 j 1 the subject or concept of the message to be transmitted involves.
; 2 The CID could therefore be a label associated with a project name, 3 or it could be a topic such as "baseball scores" or "research and 4 development software issues." The CID is a label that will be used to restrict access to any files or communications regarding that 6 particular project or subject matter.
1,!
7 "DID" stands for the Device Identification, or Device I.D. and 8 is the authorization label based on the physical location or the g logical location for a decryption to take place. It could be, for instance, the label for terminal number 29 or unit number 7, or it 11 could identify a printer or a telemetry signalling device that 12 must receive the information and needs to use that information for 13 decryption purposes.
14 "UID" stands for Use Identification, or Use I.D. The label is i~ 15 based on an authorized receiving user or group of users. It could 16 also be used to designate a particular use, such as a signal that 17 will be used only to enable a fire alarm system, or to initiate a ;~j 18 rocket telemetry proress.
19 The UID, the DID, and the CID provide the uniqueness of communication relative to organizational and operational qualities . .
21 for a user. Whien used in combination, the three labels will enable , 22 the user to choose from among a wide variety of possible 23 confidentiality combinations.
24 The truth table ~Figure 2) demonstrates how the labeling of files for transmission or for later access by other users takes 26 place. Each label will include a Cluster Initialization Variable v :
l ~' 1 ("CIV"), a Device Initialization Variable ("DIV"), and a Use 2 Initiali~ation Variable ("UIV"). The CIV is the portion of the 3 label that will be occupied by the CID~ The particular CID that 4 fills the CIV space will identify the cluster that is being authorized for the communication. Likewise, the DIY is the portion 6 of the label that will be occupied by the DID, which will identify 7 the device that is authorized to receive the communication.
8 Finally, the UIV is the portion of the label that will be occupied 9 by the UID, which will identify the user or use that is authorized . .
to receive the communication.
11 When a CID, a DID, and a UID are all named within the label, 12 access to the communication will be limited to the particular user 13 ~or group of users) named, to be received on the particular device 14 ~or group of devices) named, regarding the particular cluster ~or group of clusters~ named. At times, a user transmitting the 16 information may not need to name intended receivers with such 17 ~pecificity. For example, a user may want to limit the 1~ communication to a particular cluster and user, but may want to i 19 allow reception on any convenient device. In this case, a null character replaces the DID in the DIV spot. The null character in 21 this spot simply means that device access is not restricted.
22 Likewise, if the user transmitting the file wants to limit the 23 communication to a particular device, regarding a particular 24 cluster, but wishes to allow anyone at that device to access the communication, she would use a null character in place of the UID
26 in the UIV spot. A null character may also replace the CID in the i'; l , ... ..
. ` 2~a~
1 CIV spot, and any combination of the three labels may also be 2 replaced by a null in its respective spot. Thus, a user may 3 transmit a completely non secure labelled communication by placing 4 null characters in the CIV, DIV, and UIV spots.
Figure 2 shows all the different combinations of label 6 security possible using Net Shield. Each of the eight combinations ~ 7 possible for a label having a CIV, a D:[V, and a UIV is given a name i 8 (CDU, CD, CU, DU, C, D, U, or NULL) which identifies the type of 9 access the label combination will bestow. For example, a CDU label ,~
' 10 combination will limit access to a particular user at a particular 11 device regarding a particular message subject. A DU label 12 combination, on the other hand, will allow access of any file to a 13 particular user at a particular device. Descriptions of the access ,~
14 allowed by each named label combination are listed in Figure 2~
The null character actually represents a uni~ue number. That 16 number is embedded within the Net Shield software 50 that anyone 17 outside of the organization using the system who does not have that 18 particular software version would not be able to decrypt the file l9 using the null. For example, someone from an outside company that is also using the Net Shield system would not be able to access a 21 file, even if the file had a null character in the UIV spot. The 22 system would not recognize an outside user number as one associated 23 with the unique null assigned to that particular software version, ., .
-i 24 and would deny him access. This ensures that co~nunications that .~, are open to everyone within a particular company are not accessible .
, .
~.,.
....
:.'. :'~,- . ' . - . - ~.. ;
. :~.~ :, ' ' .: . ' ~:
2101:L9~
1 to persons outside that company, even if the outside person 2 possesses a valid Net Shield user number.
3 Referring to Figure 3, the Net Sh:ield data flow is described.
4 The system employs a "pass phrase" system for access security.
~ 5 This pass phrase step must be satisEied before the actual Net ;t, 6 Shield encryption/decxyption process cian be initiated. Once the 7 pass phrase system is satisfied, a user will be able to create and 8 generate label lists from a set of label rules using an expert 9 system. A user will also be able to create code word lists, for use in th~ Net Shield header, which will be described laterO If c 11 the pass phrase system is not satisfied, an alarm is generated and 12 the user is forced to exit the system.
13 Assuming the pass phrase process is successful, the user then 14 initiates the process of the present invention as he would with any ~oftware. Once the session is initiated, the encryption/decryption 16 ("ENDEC"~ module is the first decision point. T~e ENDEC module 17 requests that the user select between the encrypt files and decrypt .
18 files functions. If a user decides to decrypt files, and has 19 proper Net Shield access, the system gets the encrypted file that was requested and writes the file out in plain text. The encrypted 21 ~ile may have been sent to the user or to the device as a secure 22 communication, or may be resident on the entire system as a common 23 ~ile that is designated for limited access. The user also has the 24 capability to get labels at this point.
If a user decides to encrypt files for transmission or 26 storage~ a similar process is followed. The user gets the plain ~, ~ . . . ; , . .
. . ~ '."
.., ' 2 ~ 0~9~
~ 1~
1 text files instead of getting the encrypted files. If the user is 2 in the encrypt files module, the plain text files are retrieved 3 from memory along with the associatecl Net Shield label, and the 4 encrypted file is then created. The Net Shield label is used to form a 100 byte header in a process which will be described in more 6 detail later in the specification. The header is then appended to :t 7 the front of the encrypted message before transmission or storage.
8 Both the encrypt and decrypt processes call the same crypto engine 9 module.
Figure 4 shows the Net Shield system with the pass phrase and .
11 expert label creation systems integrated. The system as shown here 12 is the operational prototype and represents the best mode version 13 of the Net Shield system~ The pass phrase system allows access to 14 the ENDEC module. After an encryption or decryption op~ion is chosen at this point, the user is able to create Net Shield Label 16 lists and write out new Net Shield labels by utilizing the 17 i~tegrated expert system, or can get previously created Net Shield 18 labels stored in system memory. From this point, the system 19 ~unctions as previously described.
Referring to Figure 5, the Net Shield BIOS pass phrase 21 security access system, or SAS, is shown in detail. The program is 22 intended to provide a mean~ of access control for any of the 23 applications software being used on a system. It represents the 24 first level of security for the system, occurring before key encryption/decryption and labelling/label decoding. The system 26 initializes all counters to zero for the first access attempt. The !
.,, 't , :;'. . :
: ,'' ', ; . , . ' ' . ' ' . ' ' ` '': :' ' .
2~0~19~
`~ 1 user then enters a pass phrase. The pass phrase consists of 20 2 bytes of information which is unique to the user. Each of these 3 bytes is eight bits long and represents an alphanumeric character, 4 with upper and lower case letters recognized by the system as distinct and separate characters. Thus, to the user, the pass ; 6 phrase is literally a phrase composed of 20 alphanumeric ; 7 characters. As the user enters his pass phrase, the system 8 acquires 20 bytes of BIOS information from system ~emory. There is 9 a total of 96 bytes of information in the BIOS ROM resident in the system. This BIOS information and the pass phrase are manipulated 11 by a series of XOR gates to produce a pass key. The 96 bytes of 12 BIOS information is changeable by a system manager in order to 13 maintain the integrity of the system over long periods of time.
14 The first 20 bytes of BIOS information are obtained and XOR'ed with the user inputted pass phrase by the XOR 1 function. This XOR
16 function is performed on a bit by bit basis, resulting in a 20 byte 17 product. The second 20 bytes of that BIOS information are then 18 obtained and XOR'ed, by the XOR 2 function, with the output of the 19 XOR 1 function. This XOR process continues to the XOR 4 function, ~i 20 which operates on the fourth 20 bytes of BIOS information. Once 21 this is accomplished, the last 16 bytes are obtained and are ?
22 concatenated with 4 additional bytes. The 4 additional bytes are 23 acquired from the BIOS date information. The BIOS date information , .
~.$,. 24 is a binary representation of the date that the particular BIOS
. .
$; 25 information used by the pass phrase 5AS was implemented in the , 26 system. Thus, an unauthorized person who somehow acquires ~3 19~
1 knowledge of the BIOS information will not be able to gain access 2 to the system without knowledge of its date of implementation.
, 3 The concatenation of the BIOS date information with the last 4 16 bytes of BIOS information results in another ~0 bytes of BIOS
information which is XOR'ed, by the XOR 5 function, with the output 6 of the XOR 4 function. 20 additional bytes of data are then ~; 7 obtained from the Net Shield serial number, which comes with the 8 software and is resident internal to the software. The serial ` 9 number is essentially a hard wired variable. That information is XOR'ed with the output of the XOR 5 function to produce the pass 11 key for the encryption algorithm that is used by the encryption 12 module, and an edition file is read from the disk. The edition 13 file is encrypted through the encryption algorithm module using the 14 key that has been generated. It is determined during this step ` 15 whether the information read from that file indicates that it is 5~ 16 truly a Net Shield file. If it is, the system passes the edition ; 17 values to the ENDEC module as the program continues. If a proper ! lB Net Shield file was not generated, the system determines if this ~ 19 has been the third attempt at file access. If it has not, the -~ 20 ~ystem advances the try counter by one and the entire pass phrase , 21 process is repeated. If a third try fails, an alarm is sounded and ,~,! 22 the user is exited out of the program.
. .
~ 23 In summary, the pass phrase SAS utilizes ~IOS information , ~ 24 obtained from the hardware of the upper memory locations, the exact ;~
~ 25 location depending on the particular work station used. Pass 3 26 phrase information from the user is input to the pass phrase module :i ~.,;, :j'.s, ;
~ 17 2~0~ 198 1 and XOR'ed with the BIOS information. The serial number which is 2 unique to the particular Net Shield BIOS pass phrase SAS software .~
. 3 resident in the workstation is then XOR'ed with the result. A pass ,i 4 key is generated, which allows the encryption algorithm module to accept an edition file. The edition values are then passed to the 6 ENDEC module.
Inventor: ROY D. FOLLENDORE III
ckqround of thç Invention 2 While the specter of "spies" eagerly trying to obtain the '" 3 defense information of various countri~es is very much still present , 4 in the defense and intelligence community, an equally massive -' 5 threat now exists from technological or commercial "spies" who i ,~ 6 desire to obtain commercial and technical information from . .
''~ 7 competing companies. These agents use sophisticated means similar ; 8 to those used by the defense and intelligence community in order to , ~
9 obtain commercially valuable information that reveals the plans and ; 10 commercial activities of competitors thereby allowing the aggressor '~
ll company to obtain a competitive advantage in the marketplace.
~, 12 Theft of commercially valuable information is a very real and ever 13 present threat.
.i ~ 14 To combat this type of commercial spying, various complex ".1 `'!~ 15 systems have evolved to protect company proprietary information.
16 These systems involve physical con,trols over personnel as well as ~,~ 17 over the data flowing in and out of a company. For example, most ~3 18 computer systems used within companies require a password to be ,', 19 entered before the system can be accessed. It is frequently the ,' 20 case that confidential or company proprietary information must be ' 21 passed electronically from one location to another in order to " 22 convey that information within the company in a timely fashionO
.
'`i', 23 Such electronic communication is easily susceptible to interception ~,;
;~ 24 if not protected in'some other form.
:.;
,,,3 :
:` ~ :: : : : :: :`t :: :: ::
'~ 1 9 8 ; 1 Cryptographic systems have evolved to fill the needs of 2 companies and individuals wanting to protect the proprietary 3 commercial information of a company from competitors and those who 4 generally should not have that information.
Encryption of data is therefore a critical requirement in 6 denying access to confidential information from those who are not 7 so authorized. Cryptographic "keys" are an essential part of the 8 information encryption process. The cryptographic key, or "key"
` 9 for short, is a sequence of letters, numbers, or bytes of information which are manipulated by a cryptographic algorithm to 11 transform data fxom plain (readable) text to a series of 12 unintelligible text or signals known as encrypted or cipher text.
.1 .
13 ~he key is then used by the receiv2r of the cipher text to decrypt 14 the message back to plain text. However, for two people to communicate successfully using keys, each must use the same key, 16 assuming that the same encryption/decryption algorithm is used on 17 both ends of the communication.
18 Simple encryption of data being communicated between two 19 p~ints only provides one level of security, however. Encryption limits data communication to those who have the key. Anyone who 21 has the key is privy to any communication at any location. That 22 is, if a group of people are working on a particul~r project, they 23 will all presumably share a key for decrypting information relating 24 to the project. Some of the project group may be working in one location, while the rest of the group may be located in a distant 26 city. If one member of the group wants to send a communication to , . ........... ~ . ,. ~.
.. . .
`2 ~
: 1 a particular member in the other city, the key will afford him no ;~ 2 protection because everyone in the project shares the same key.
;
3 Likewise, i~ someone wants to communicate a message to a subset of 4 the group, for example, only to management personnel, this key would again provide her with no extra security. In another case, 6 someone may want to send a message that is capable of being read 7 only at a particular computer terminal, or of being printed only at 8 a particular printer. In these and other cases, multilevel 9 multimedia key access, or individual keys issued to each person, " .
would provide a solution, albeit one that is quite unwieldy, ~ 11 inflexible, and difficult to manage by a security officer or key .. 12 administrator.
:;, -. 13 A secure method of labelling files or messages that are sent '. 14 from a sending user to a receiving user over a network can provide a level of protection in addition to cryptographic protectionO A
~ 16 file "label" for purposes of this invention means a series of ::3 17 letters or numbers, which may or may not be encrypted, separate ..i 18 from but associated with the sending of a message, .-hich identifies ~:l 19 the person, location, equipment, and/or organization which is ."
permitted to receive the associated message. Using a secure 21 labelling regimen, a network manager or user can be assured that . c, .c 22 only those messages meant for a certain person, group of persons, ., 23 and/or location(s) are in fact received, decrypted, and read by the 24 intended receiver. Thus, a sending user can specify label conditions that limit access to the transmitted message. For - 26 example, many people within a company may have the key necessary to , ., ., .
,., , ~1~119~
1 read a data file that a sender may transmit from his computer 2 terminal to other terminals at another site within his company.
3 The sender may, however, wish to r~strict reception to those 4 persons present at a particular terminal. By employing a secure ~ 5 labelling technique in addition to encryption, the sender can be i~ 6 assured that people having the correct key to decrypt the message 7 but working at different terminals will not receive or be allowed ' 8 to access the communication. Access may be limited to particular ; 9 people as well.
It is therefore an objective of the present invention to 11 provide a system to insure that properly specified kinds of 1~ information in a network system flows only to designated locations 13 and to further insure that such information is only read by those 14 individuals who are designated to review that information.
It is a further objective of the present invention to provide 16 a system whereby information can be protected via the Type 3 triple 17 DES (data encryption standard) or through a Type 4 expandable 18 digital encryption process or other cryptographic algorithms.
, lg It is a further objective to provide a system for automated key management environments which maintains a key and associated 21 label inventory from the time the information is created to the 22 time the informatiGn is deleted from the system.
~ 2'3 It is a further objective of the present invention to provide t~ 24 a system for a multilevel automated audit router associated with ', 25 the passage of information over a computer system or network as !.
., '.':' ~;' - ' ' , ';'.`.:' . '' . . . ` . , `::
i................ ~ :: ': ' ,~`:';i :::`~:: : ` :.` .': ::.' . : :: :;,`:
` : ` `: -2~ 19~
1 well as to evaluate the security associated with that network or 2 system.
3 Brief Descri~tion of the Invention 4 The present invention, also referred to as the Net Shield, is designed to improve the security of inter- and intra- office ~ 6 communications and to provide cryptographic data separation for the 3~ 7 storage of and transport of data files. This privacy protection 8 system integrates computer security labels and existing file 9 structures with an encryption process based on a Type 3 multiple Data Encryption Standard ("DES") or a Type 4 exportable 11 cryptographic algorithm. (Add Figure) "Type 3" and "Type 4" are 12 common National Security Agency ("NSA") designations for low level l 13 government and approved commercial encryption schemes, i~ 14 respectively. The present invention is designed to be used with ~ 15 most commercial operating systems.
3 16 The present invention provides ~rivacy and data separation ~ 17 protection to files using a Type 4 encryption algorithm. The Type :`i ¦ 18 4 key management offers data separation capability on any disk 19 medium with no modification to the computer.
A stand alone hardware implementation called the Net Shield 21 NLU (Network Label Unit) provides privacy and data separation using 22 a multiple Type 3 algorithm. The data transfer and encryption 23 process is transparent to the communications protocols and the user 24 application.
,~ .
~, i .~, .
1 9 ~
1 Cipher feedbaclc or output block en~ryption modes are available 2 in both algorithm implementations. The NLU firmware can be :, 3 programmed for triple DES.
4 Both hardware and software implementations of the present invention are based on a logical grouping of data, called a j 6 cluster, each such grouping of data sharing a sj.ngle label and i 7 crypto variable key. The cluster may operate within a physical 8 network such as a Local Area Network (LAN), within a logical 9 network such as E-mail, or even on a single workstation. The workstation used may be a personal computer, such as a computer 11 based on an Intel 80386 microprocessor chip. The invention may be ` 12 used successfully with such a computer running on a 20 megahertz 13 clock, utilizing 640 kilobytes of random access memory. Although .:, ` 14 ~he invention is designed for initial use on a network using the type of computer described, it is contemplated for use with a wide 16 range of computers and workstations. For example, an Intel 80387 ~3 17 math coprocessor and extra random access memory may be added to the ~l 18 above configuration in order to enhance performance. Likewise, a 19 computer based on a faster microprocessor may be used, as may a 'ii computer based on an entirely different microprocessor, such as the si 21 Motorola family of ¢hips. In short, the present invention is 22 contemplated for use with any device that is adaptable for use as 23 a computing device on a network, and the particular device used in 24 not a limitation on the scope of the present invention. At least two of these devices are contemplated for use with the system of ,,:i ;`"
.
.~
,;1. .~'" . ~ ` ' ' ' ' ' ' ''~,~' ' ' 210i~.a3~
1 the present invention -- one as a transmit port and one as a 2 receive port.
3 Labels provide a method to ensure a designated information 4 flow for data/files that are shared among users. A label is a character string or name which a user utilizes to associate a 6 crypto key with a particular project or compartment. Labels are 7 uniguely mapped to the encryption process, and a label's field may 8 be expanded to cryptographically reflect organizational functions 9 such as location and user.
}O In an operational context, a user is associated with a project 11 for which a directory and files are assigned. Access to files and 1~ to communications is limited through the project assignment label 13 and a personal identification number. Thus, only persons 14 associated with the project will have access to project files and communications; an unassociated person, such as a fellow employee 16 who possesses the cryptographic key to the network, will not have 17 access to communications having a project restrictive label. The 18 label and encryption process can be used with application programs 19 utilized by the project as well.
Within the project itself, access to particular communications 21 may be restricted to a certain person or group of persons, again 22 ~hrough the use of secure labels. Access to a communication may 2`3 also be restricted to a particular device, such as a workstation 24 terminal or printer. In this case, the label will ensure that only users present at the designated device (or group of devices) will 26 receive the communication.
.
.
~`:: . ' . ~- : : -. ' .
`~
2 1 ~
1 A label manager is available to complement network management.
2 The label manager is a software package that allows the system 3 administrator to implement company access control policies with a 4 simple access list.
A key generator is available for creating Type 4 keys Xor the 6 NLS Export/F. The NLU can be modified to generate Type 3 multiple 7 DES keys.
8 Brief Description of the Drawinqs 9 Figure 1 Protection of a network schema Figure 2 Net Shield label combinations 11 Figure 3 Net Shield flow chart 12 Figure 4 Net Shield operational flowchart 13 Figure 5 Net Shield security access system 14 Figure 6 Cryptographic label system (encryption motion) Figure 7 Cryptographic label system (decryption motion) 16 Figure 8 Net Shield header/key proof 17 Figure 9 Net Shield secure routlng system 18 Figure ~O Network label manager 19 Figure 11 Secure routing system (header labeling) Detailed DescriPtion of the Preferred Embodiment 21 The Net 5hield securely encrypts, decrypts and manages keys 22 and files, as well as archiving information files on disks, thus 23 creating a secure network. The present invention will allow 24 security networks that don't presently have security syst~ms to implement such systems. Net Shield will work at application and 26 presentation levels on the OSI model without interfering with those .~. ~ : : : -- . :
i:~.~:~ : -,, 9 ~
.~, g 1 models and will work with word proce~sing packages such as a ;~ 2 Microsoft WordTM for Windows.
3 The present invention security system will be simple to use.
4 A user will merely supply the subject matter or group affiliation of the communication, a designated target device or group of 6 devices to receive the communication, and a list of persons 1j 7 authorized to access the communication.
3i 8 Referring to Figure 1, some general concepts of the present 9 invention are shown. Labels consist of data, information and , 10 knowledge. Knowledge is made of specific schema of information.
11 Information in turn is made of specific schema or structures of 12 data. That is, input data are processed by the system to get ~i 13 information. The resulting information is analyzed and interpreted 14 to attain knowledge regarding the input. Knowledge, processed in~ormation, and raw data all go into the creation of labels. The ' 16 labels themselves are then named. They are names of projects, . 17 facilities and/or people, as shown in Figure 1. This all goes into 18 a process to perform the key management functions necessary for the 19 cryptography.
Figure 2 shows the Net Shield truth table which is a depiction 21 of all the possible combinations of access restrictions that can be ~- 22 placed on a communication, given the three levels of labels 23 utilized by the present invention. Each Net Shield project on file 24 will have a CID, a DID, and an UID.
; 25 'ICID'' stands fbr Cluster Identification, or Cluster I.D. It is 26 an authorization label based on an identification of the idea tha~
~'' , .
: .
.
~ "~
.~,,: :- .
:. ~ ..... .: :
2 ~ 0 ~
`~ 10 j 1 the subject or concept of the message to be transmitted involves.
; 2 The CID could therefore be a label associated with a project name, 3 or it could be a topic such as "baseball scores" or "research and 4 development software issues." The CID is a label that will be used to restrict access to any files or communications regarding that 6 particular project or subject matter.
1,!
7 "DID" stands for the Device Identification, or Device I.D. and 8 is the authorization label based on the physical location or the g logical location for a decryption to take place. It could be, for instance, the label for terminal number 29 or unit number 7, or it 11 could identify a printer or a telemetry signalling device that 12 must receive the information and needs to use that information for 13 decryption purposes.
14 "UID" stands for Use Identification, or Use I.D. The label is i~ 15 based on an authorized receiving user or group of users. It could 16 also be used to designate a particular use, such as a signal that 17 will be used only to enable a fire alarm system, or to initiate a ;~j 18 rocket telemetry proress.
19 The UID, the DID, and the CID provide the uniqueness of communication relative to organizational and operational qualities . .
21 for a user. Whien used in combination, the three labels will enable , 22 the user to choose from among a wide variety of possible 23 confidentiality combinations.
24 The truth table ~Figure 2) demonstrates how the labeling of files for transmission or for later access by other users takes 26 place. Each label will include a Cluster Initialization Variable v :
l ~' 1 ("CIV"), a Device Initialization Variable ("DIV"), and a Use 2 Initiali~ation Variable ("UIV"). The CIV is the portion of the 3 label that will be occupied by the CID~ The particular CID that 4 fills the CIV space will identify the cluster that is being authorized for the communication. Likewise, the DIY is the portion 6 of the label that will be occupied by the DID, which will identify 7 the device that is authorized to receive the communication.
8 Finally, the UIV is the portion of the label that will be occupied 9 by the UID, which will identify the user or use that is authorized . .
to receive the communication.
11 When a CID, a DID, and a UID are all named within the label, 12 access to the communication will be limited to the particular user 13 ~or group of users) named, to be received on the particular device 14 ~or group of devices) named, regarding the particular cluster ~or group of clusters~ named. At times, a user transmitting the 16 information may not need to name intended receivers with such 17 ~pecificity. For example, a user may want to limit the 1~ communication to a particular cluster and user, but may want to i 19 allow reception on any convenient device. In this case, a null character replaces the DID in the DIV spot. The null character in 21 this spot simply means that device access is not restricted.
22 Likewise, if the user transmitting the file wants to limit the 23 communication to a particular device, regarding a particular 24 cluster, but wishes to allow anyone at that device to access the communication, she would use a null character in place of the UID
26 in the UIV spot. A null character may also replace the CID in the i'; l , ... ..
. ` 2~a~
1 CIV spot, and any combination of the three labels may also be 2 replaced by a null in its respective spot. Thus, a user may 3 transmit a completely non secure labelled communication by placing 4 null characters in the CIV, DIV, and UIV spots.
Figure 2 shows all the different combinations of label 6 security possible using Net Shield. Each of the eight combinations ~ 7 possible for a label having a CIV, a D:[V, and a UIV is given a name i 8 (CDU, CD, CU, DU, C, D, U, or NULL) which identifies the type of 9 access the label combination will bestow. For example, a CDU label ,~
' 10 combination will limit access to a particular user at a particular 11 device regarding a particular message subject. A DU label 12 combination, on the other hand, will allow access of any file to a 13 particular user at a particular device. Descriptions of the access ,~
14 allowed by each named label combination are listed in Figure 2~
The null character actually represents a uni~ue number. That 16 number is embedded within the Net Shield software 50 that anyone 17 outside of the organization using the system who does not have that 18 particular software version would not be able to decrypt the file l9 using the null. For example, someone from an outside company that is also using the Net Shield system would not be able to access a 21 file, even if the file had a null character in the UIV spot. The 22 system would not recognize an outside user number as one associated 23 with the unique null assigned to that particular software version, ., .
-i 24 and would deny him access. This ensures that co~nunications that .~, are open to everyone within a particular company are not accessible .
, .
~.,.
....
:.'. :'~,- . ' . - . - ~.. ;
. :~.~ :, ' ' .: . ' ~:
2101:L9~
1 to persons outside that company, even if the outside person 2 possesses a valid Net Shield user number.
3 Referring to Figure 3, the Net Sh:ield data flow is described.
4 The system employs a "pass phrase" system for access security.
~ 5 This pass phrase step must be satisEied before the actual Net ;t, 6 Shield encryption/decxyption process cian be initiated. Once the 7 pass phrase system is satisfied, a user will be able to create and 8 generate label lists from a set of label rules using an expert 9 system. A user will also be able to create code word lists, for use in th~ Net Shield header, which will be described laterO If c 11 the pass phrase system is not satisfied, an alarm is generated and 12 the user is forced to exit the system.
13 Assuming the pass phrase process is successful, the user then 14 initiates the process of the present invention as he would with any ~oftware. Once the session is initiated, the encryption/decryption 16 ("ENDEC"~ module is the first decision point. T~e ENDEC module 17 requests that the user select between the encrypt files and decrypt .
18 files functions. If a user decides to decrypt files, and has 19 proper Net Shield access, the system gets the encrypted file that was requested and writes the file out in plain text. The encrypted 21 ~ile may have been sent to the user or to the device as a secure 22 communication, or may be resident on the entire system as a common 23 ~ile that is designated for limited access. The user also has the 24 capability to get labels at this point.
If a user decides to encrypt files for transmission or 26 storage~ a similar process is followed. The user gets the plain ~, ~ . . . ; , . .
. . ~ '."
.., ' 2 ~ 0~9~
~ 1~
1 text files instead of getting the encrypted files. If the user is 2 in the encrypt files module, the plain text files are retrieved 3 from memory along with the associatecl Net Shield label, and the 4 encrypted file is then created. The Net Shield label is used to form a 100 byte header in a process which will be described in more 6 detail later in the specification. The header is then appended to :t 7 the front of the encrypted message before transmission or storage.
8 Both the encrypt and decrypt processes call the same crypto engine 9 module.
Figure 4 shows the Net Shield system with the pass phrase and .
11 expert label creation systems integrated. The system as shown here 12 is the operational prototype and represents the best mode version 13 of the Net Shield system~ The pass phrase system allows access to 14 the ENDEC module. After an encryption or decryption op~ion is chosen at this point, the user is able to create Net Shield Label 16 lists and write out new Net Shield labels by utilizing the 17 i~tegrated expert system, or can get previously created Net Shield 18 labels stored in system memory. From this point, the system 19 ~unctions as previously described.
Referring to Figure 5, the Net Shield BIOS pass phrase 21 security access system, or SAS, is shown in detail. The program is 22 intended to provide a mean~ of access control for any of the 23 applications software being used on a system. It represents the 24 first level of security for the system, occurring before key encryption/decryption and labelling/label decoding. The system 26 initializes all counters to zero for the first access attempt. The !
.,, 't , :;'. . :
: ,'' ', ; . , . ' ' . ' ' . ' ' ` '': :' ' .
2~0~19~
`~ 1 user then enters a pass phrase. The pass phrase consists of 20 2 bytes of information which is unique to the user. Each of these 3 bytes is eight bits long and represents an alphanumeric character, 4 with upper and lower case letters recognized by the system as distinct and separate characters. Thus, to the user, the pass ; 6 phrase is literally a phrase composed of 20 alphanumeric ; 7 characters. As the user enters his pass phrase, the system 8 acquires 20 bytes of BIOS information from system ~emory. There is 9 a total of 96 bytes of information in the BIOS ROM resident in the system. This BIOS information and the pass phrase are manipulated 11 by a series of XOR gates to produce a pass key. The 96 bytes of 12 BIOS information is changeable by a system manager in order to 13 maintain the integrity of the system over long periods of time.
14 The first 20 bytes of BIOS information are obtained and XOR'ed with the user inputted pass phrase by the XOR 1 function. This XOR
16 function is performed on a bit by bit basis, resulting in a 20 byte 17 product. The second 20 bytes of that BIOS information are then 18 obtained and XOR'ed, by the XOR 2 function, with the output of the 19 XOR 1 function. This XOR process continues to the XOR 4 function, ~i 20 which operates on the fourth 20 bytes of BIOS information. Once 21 this is accomplished, the last 16 bytes are obtained and are ?
22 concatenated with 4 additional bytes. The 4 additional bytes are 23 acquired from the BIOS date information. The BIOS date information , .
~.$,. 24 is a binary representation of the date that the particular BIOS
. .
$; 25 information used by the pass phrase 5AS was implemented in the , 26 system. Thus, an unauthorized person who somehow acquires ~3 19~
1 knowledge of the BIOS information will not be able to gain access 2 to the system without knowledge of its date of implementation.
, 3 The concatenation of the BIOS date information with the last 4 16 bytes of BIOS information results in another ~0 bytes of BIOS
information which is XOR'ed, by the XOR 5 function, with the output 6 of the XOR 4 function. 20 additional bytes of data are then ~; 7 obtained from the Net Shield serial number, which comes with the 8 software and is resident internal to the software. The serial ` 9 number is essentially a hard wired variable. That information is XOR'ed with the output of the XOR 5 function to produce the pass 11 key for the encryption algorithm that is used by the encryption 12 module, and an edition file is read from the disk. The edition 13 file is encrypted through the encryption algorithm module using the 14 key that has been generated. It is determined during this step ` 15 whether the information read from that file indicates that it is 5~ 16 truly a Net Shield file. If it is, the system passes the edition ; 17 values to the ENDEC module as the program continues. If a proper ! lB Net Shield file was not generated, the system determines if this ~ 19 has been the third attempt at file access. If it has not, the -~ 20 ~ystem advances the try counter by one and the entire pass phrase , 21 process is repeated. If a third try fails, an alarm is sounded and ,~,! 22 the user is exited out of the program.
. .
~ 23 In summary, the pass phrase SAS utilizes ~IOS information , ~ 24 obtained from the hardware of the upper memory locations, the exact ;~
~ 25 location depending on the particular work station used. Pass 3 26 phrase information from the user is input to the pass phrase module :i ~.,;, :j'.s, ;
~ 17 2~0~ 198 1 and XOR'ed with the BIOS information. The serial number which is 2 unique to the particular Net Shield BIOS pass phrase SAS software .~
. 3 resident in the workstation is then XOR'ed with the result. A pass ,i 4 key is generated, which allows the encryption algorithm module to accept an edition file. The edition values are then passed to the 6 ENDEC module.
7 When the user i5 in the decrypt files module rather than the 8 encrypt files module, the process is identical except that the pass ; 9 key is provided to the decryption algorithm module rather than the encryption algorithm module. The edition values will then be used ll by the ENDEC module to strip and interpret the Net Shield header ;
12 and to provide a key to enable decryption of the associated ~ 13 message.
-, 14 Referring to Figure 6, the encryption methodology or "motion"
of the cryptographic label system (the "CLS") is described. This .
16 motion can be initiated only after the Passphrase SAS has been 17 satisfied, and provides encryption for the message, as well as an 18 encrypted header for identification and labelling of the message.
19 There are four editions of cryptographic informat~on used in both the encryption motion and the decryption motion: Edition A, 21 Edition B, Edition C, and Edition D. Additional editions may be 22 added as required to extend the flexibility and/or enhance the ~3 security of the system. These editions are unique 20 byte 24 initialization vectors that will be used to start the program. They are critical to tbe operation of the encryption and decryption 26 motion. In addition, there is an organizational account number ..
..,~
;' `~:
2 1 ~
1 that is provided that represents a number that is unique to the 2 user of the invention. The purp~se of the organizational account 3 number is to provide a unique null capability to the Network Label 4 Unit, CID, DID and UID.
5Edition A and Edition B are XOR'ed by XOR 7, the result of 6 which is XOR'ed with the organizational account number by XOR 10 to 7 produce a scrambled AB result. Edition A and Edition C are XOR'ed 8 by XOR 8 to generate the scrambled AC result. Edition B and 'J, g Edition C are XOR'ed by XOR 9 to produce a result which is XOR'ed with the organizational account number by XOR ll to produce the 11 scrambled BC result. Therefore, the results of these operations 12 are a scrambled Edition AB, a scrambled Edition AC and a scrambled ` 13 Edition BC. All of these scrambled editions are 20 characters in .,~
14 length, that is, 20 bytes in length. In fact, all editions of the present invention are at least 20 characters in length. It is 16 possible to implement the present invention using 6 or 17 characters; however, use of this 20 character configuration 18 provides better security.
19The Cluster I.D., the Device I.D. and the Use I ~ Do are then 20provided to the inputs of XOR 12, XOR 13 and XOR 14 respectively, 21 and are XOR'ed with scrambled Edition AB, scrambled Edition AC and 22 scrambled Edition BC, respectively. This produces scrambled :
, 23 versions of the identifiers (generally noted with the letter "S" as - 24 a prefix to the identifier): the SUID, the SDID and the SCID
products, respectively.
,:
.
, .
', ,, ~ -;, , "' ,.,: . ' ... , ` . .`. ,~ ` . . ,, '. '~ ` , : ' :
3 1 ~ ~
:`.', 19 ; 1 Edition D is XOR'ed with the filename date time group, which 2 is another 20 characters, by XOR 15 to produce the scrambl~d 3 filename date time ("SFDT") product. The SFDT is XOR'ed with the 4 SUID by XOR 16. The product of this is XOR'ed by XOR 17 with the SDIDo The result of the XOR 17 operation is XOR'ed with SCID by 6 XOR 18. Edition D is then XOR'ed with this product by XOR 19.
7 This process creates what is called "clockwise" motion to this 8 system. On the left side, Edition A, Edition B and Edition c are ~.
12 and to provide a key to enable decryption of the associated ~ 13 message.
-, 14 Referring to Figure 6, the encryption methodology or "motion"
of the cryptographic label system (the "CLS") is described. This .
16 motion can be initiated only after the Passphrase SAS has been 17 satisfied, and provides encryption for the message, as well as an 18 encrypted header for identification and labelling of the message.
19 There are four editions of cryptographic informat~on used in both the encryption motion and the decryption motion: Edition A, 21 Edition B, Edition C, and Edition D. Additional editions may be 22 added as required to extend the flexibility and/or enhance the ~3 security of the system. These editions are unique 20 byte 24 initialization vectors that will be used to start the program. They are critical to tbe operation of the encryption and decryption 26 motion. In addition, there is an organizational account number ..
..,~
;' `~:
2 1 ~
1 that is provided that represents a number that is unique to the 2 user of the invention. The purp~se of the organizational account 3 number is to provide a unique null capability to the Network Label 4 Unit, CID, DID and UID.
5Edition A and Edition B are XOR'ed by XOR 7, the result of 6 which is XOR'ed with the organizational account number by XOR 10 to 7 produce a scrambled AB result. Edition A and Edition C are XOR'ed 8 by XOR 8 to generate the scrambled AC result. Edition B and 'J, g Edition C are XOR'ed by XOR 9 to produce a result which is XOR'ed with the organizational account number by XOR ll to produce the 11 scrambled BC result. Therefore, the results of these operations 12 are a scrambled Edition AB, a scrambled Edition AC and a scrambled ` 13 Edition BC. All of these scrambled editions are 20 characters in .,~
14 length, that is, 20 bytes in length. In fact, all editions of the present invention are at least 20 characters in length. It is 16 possible to implement the present invention using 6 or 17 characters; however, use of this 20 character configuration 18 provides better security.
19The Cluster I.D., the Device I.D. and the Use I ~ Do are then 20provided to the inputs of XOR 12, XOR 13 and XOR 14 respectively, 21 and are XOR'ed with scrambled Edition AB, scrambled Edition AC and 22 scrambled Edition BC, respectively. This produces scrambled :
, 23 versions of the identifiers (generally noted with the letter "S" as - 24 a prefix to the identifier): the SUID, the SDID and the SCID
products, respectively.
,:
.
, .
', ,, ~ -;, , "' ,.,: . ' ... , ` . .`. ,~ ` . . ,, '. '~ ` , : ' :
3 1 ~ ~
:`.', 19 ; 1 Edition D is XOR'ed with the filename date time group, which 2 is another 20 characters, by XOR 15 to produce the scrambl~d 3 filename date time ("SFDT") product. The SFDT is XOR'ed with the 4 SUID by XOR 16. The product of this is XOR'ed by XOR 17 with the SDIDo The result of the XOR 17 operation is XOR'ed with SCID by 6 XOR 18. Edition D is then XOR'ed with this product by XOR 19.
7 This process creates what is called "clockwise" motion to this 8 system. On the left side, Edition A, Edition B and Edition c are ~.
9 XOR'ed in the following manner. Edition A and Edition B are XOR'ed by XOR 20. This result and Edition C are XOR'ed by XOR 21. This 11 product and the product of XOR 19 are XOR'ed by XOR 22 to produce 12 the encrypt key. This encrypt key is used on the plain text ,.
13 message in the encryption module to produce the encrypted message.
; 14 That is, once the key is provided to the encryption algorithm . .
module, the algorithm is applied to the plain text message to 16 produce the encrypted message.
17 The SFDT, SUID, SDID and the SCID are linked serially to form 18 an 80 byte SCDUFDT (scrambled cluster display user filename date 19 time) header for any given file. In addition there is a code word (~CW"~ which is 20 character readable text, that will also be 27 placed on the front end of this header, for a total of 100 bytes 22 for the Net Shield header.
23 The product of the encryption process, the encrypted message, ;, .
- 24 is a binary file. The Net Shield header is placed at the front of .
the binary fileO This header is not generally readable as plain .:~
-~ 26 text because it has been scrambled and encrypted through the ., .
.: ~. . . .
~ ', f, . ' . ' `` 2~01:19~
1 previously described series of XOR operations. The only part that 2 is plain text readable is the code word, which is used in case of 3 accidental misrouting or "spillage" of the encrypted message. The :`
4 code word allows people who don't have access to either the routing information or the encrypted message to be able to convey which ~`~ 6 message may have been misdirected or "spilled" en route in order to , .
7 reroute that message and provide that message to .someone who does 8 have access and can reroute that message. That is, a person . .
; 9 without access can identify the message using the code word, without being able to read the access information in the Net Shield .
11 header or the encrypted message binary file.
12 Referring to Figure 7, the decryption motion is described. The -~ 13 encrypted message is received by the system and the Net Shield -1~ 14 header is recognized and stripped away from the encrypted message "I
by the strip label header IDs module. The 20 byte code word 16 portion of the header is removed by the strip header code word 17 module. This process ii available to anyone who has physical 18 access to the encrypted message (i.e. the code word can be read as 3 1~ plain text by anyone). As previously described, the code word is essentially meaningless in terms of the encryption process and . ~, 21 decryption process but it provides a means of "spill control" if a 22 particular encrypted message happens to, for example, inadvertently ~3 get written into the wrong disk or displayed at the wrong terminal.
~; .
24 In such a case, the code word is recognized once it is stripped off the header and the file can be directed to a security officer. The 26 security officer can interpret the code word, which will identify ~ ,:
.....
.~
; .-. . : ., ,~: , . :
. , ~ . .~ .. ..... ... ..
2~0~19~
; 1 people who have appropriate clearance to reroute the communication.
2 The remaining 80 bytes of the Net Shield header are then stripped 3 away from the encrypted message and are separated into the SFDT, `.. 4 SUID, SDID, and SCID 20 byte components.
The same four editions of cryptographic information that were ; 6 used in the encryption process are now used in the decryption 7 process. Edition D is XOR'ed with the SFDT by XOR 23 to recover ., .
8 the filename date time group. Thus, the only thing a person 9 actually needs to determine what the file name and the date time are, is Edition D and knowledge of how to strip out the SFDT.
~' 11 Having that information does not provide the person with the key, 12 however, to decrypt the message. A person who has a need to know 13 ~ile names and date times for the different messages coming in 14 could do so with only the Edition D. The access to read this ~.
~ 15 information could therefore be granted to a person without allowing ,~
,~ 16 him access to the message itself by providing him with Edition D.
17 Edition A and ~dition B are XOR'ed by XOR 26 and the result is .. ..
18 then XOR'ed with the Organizational Account Number by XOR 28 to 19 produce a scrambled Edition AB result. Edition C and Edition B are 20 XOR'ed by XOR 24 and this result is XOR'ed with the Organizational 21 A¢count Number by XOR 27 to produce the scrambled Edition BC
22 result. A scrambled Edition AC result is ach eved simply by 23 XOR'ing ~dition A with Edition C by XOR 25. Thus, Edition A, 24 Edition B, and Edition C are used, along with the Organizational .~ -; 25 Account Number, to generate the scrambled editions that were u~ed 26 to generate the label~ and the encryption key during encryption of :, . ~
- .,: , ,~:: . . . .
21~ ~ 9~
., 1 the message. During the decryption motion, these will in turn be 2 used to recover the unscrambled Cluster I.D., Device I.D., and Use 3 I.D.
4 As prfeviously described, the Organizational Account Numbfer is .~
, 5 not involved in the scrambled Edition AC process, neither during . ~, `~ 6 the encryption motion nor during the decryption motion. This ~i 7 results in a form of asymmetrical type of encryption/decryption ., ~
8 process. This asymmetrical encryption/decryption provides added `~ 9 security ~or the system. If the Organizational Account Number were not part of the process for deriving the scrambled editions, or if :;
11 it were part of the process in deriving all of the scrambled :;
-~ 12 editions, an unauthorized person who is familiar with encryption ,, 13 systems would be able to determine the original unscrambled .; ~!
14 editions on inspection of the scrambled editions. The asymmetrical scrambling scheme using the Organizational Account Number will 16 prsvent this from happening. Attempts to decode the scramkffled 3f 17 editions in this case will only result in a scrambled product or ;.
~!f~ 18 the Organizational Account Number itself.
19 After the scramkled editions are produced, the scrambled .
;~, 20 Edition BC is XOR'ed with the SUID by XOR 32 to produce the use :, 21 I.D. The scrambled Edition AC is XOR'ed with the SDID by XOR 33, 22 generating the Device I.D., and the scramkled Edition AB is XOR'ed Z3 with the SCID by XOR 34 to generate the Cluster I.D. Thus, the i 24 UID, the DID, and the CID are all recaptured from the Net Shield ,.
' 25 header on the receive side of the message transmission. The user : ' 26 on the receive s;de therefore now possesses the information . , :, , .
21011~8 1 essential for verifying which project the communication involves, 2 which device is able to receive the message, and which person is 3 authorized to read the contents of the message. Not only will the 4 above operation enable the appropriately cleared person who isreading the header to read information regarding the intended 6 destination of the message, it will also simplify file management 7 tasks regarding the plain text message that will be received by the 8 intended recipient.
9 The decryption key is then generated by the following process.
The SFDT is XOR'ed with the SUID by XOR 29. The product of XOR 29 11 is then XOR'ed with the SDID by XOR 30. The product of XOR 30 is r 12 XOR'ed with the SCID by XOR 31. This product is then XOR'ed with 13 Edition D by XOR 37. Edition A and Edition B are XOR'ed by XOR 35.
14 The product of XOR 35 is XOR'ed with Edition C by XOR 36 and this result and the product of XOR 37 are then XOR'ed by XOR 38 to 16 generate the decrypt key. The decrypt key is used by the 17 decryption algorithm module to decrypt the encrypted message, 18 resulting in a plain text message output. The decryption algorithm lg is applied to the encrypted message by the decryption algorithm module during this process. The decrypt key is the final element 21 that is supplied to the decryption algorithm module that allows the 22 module to perform the decryption.
2i3 Thus, the decoding of the header, which allows the user to 24 read as plain text the Cluster I.D., the Device I.D. and the Use ` 25 I.D., as well as the File Name Date Time, is independent of the 26 actual key management process. Therefore, a security officer or .
.. , . . ~ . , . .~.. ::
r ~0~19~
1 ~ile management personnel may be provided with the scrambled 2 editions, imparting information to these persons regarding the 3 routing of the communication. However, a person in possession of 4 only the scrambled editions, and not of Editions A, B, C, and D, will not be able to generate a decrypt key and hence will not be 6 able to decrypt the actual message. The plain text message will be ' 7 inaccessible to a person having only the scrambled editions. A
i 8 person with knowledge of Editions A, B, C, and D, however, will be 9 able to decode the header and decrypt the attached message. It is also important to note that generation of the decrypt key is not ?
11 possible without input from elements of the header. The SFDT, the 12 SUID, the SDID, and the SCID must all be provided by the header in 13 order to acquire the decrypt key.
14 Figure 8 is a key proof of the XOR functions using a limited number of binary digits (bits). The purpose of this figure is to 16 demonstrate that the editions and the scrambled results can be 17 protected from someone who happens to have the scrambled BC, AC, 18 and AB.
19 Figure 9 isolates the secure routing function of ths decryption motion in order to stress its significance. The secure 21 routing function is one aspect of the overall encry~tion/decryption 22 methodology~ This function first breaks out the header into a CW, 23 the SFDT, the SUID, the SDID, and the SCID. Once decoded, these 24 components of the header contain all the routing and identification information regarding the message to be transmitted or stored.
26 This information must be safeguarded from outsiders, even if the .. ,.. . , . ~ . . . - .. - . .
3 ~
; 25 1 unauthorized person cannot read the actual message. Knowledge .::
; 2 regarding the routing of communications within a company can give 3 an outsider knowledge of the structure of the company or of 4 organizations within the company. This information, along with ., knowledge of the titles and dates of the files, can impart a great 6 deal of information to the industrial spy as to the current 7 practices of the company. This in turn may be used by the 8 competition for commercial advantage or to negate commercial 9 disadvantage. Information on the routing and identification of company communications must therefore be carefully safeguarded.
l~ On the other hand, it is important that an authorized user be 12 a~le to tell the significance of a communication without having to 13 decrypt the message. It is also important that a person who is not 14 authorized to receive the communication but who nevertheless has had a message routed to her be able to glean information from the 16 header which tells her who the intended recipient is. The Net 17 Shield se~ure routing system allows this flexibility.
18 Di~ferent people within a company may be given different 19 components of secure information in order to allow them to Pxtract in~ormation that they need to know from a secure communication 21 without compromising the message itself. In this way, people (or 22 machines) along the communication path can perform secure file ::
; 23 management tasks without having to be given access to the message ~ 24 or to more of the routing information than they need to know. For s~ 25 example, a person whose job it is to log secure communications 26 taking place relating to a particular project within the company i~
?
:;
. ~
"-, '`,'~,.` ` ' ~ .'-`'' .:.- :
'~ 9 8 1 may be given access to scrambled Edition AB. This scrambled 2 edition can be XOR'ed with the SCID ~a~ter isolating it from the 3 header) to produce the plain text Cluster I.D. Thus, the person ' 4 with knowledge o~ the scrambled Edition AB can get cluster '!~ 5 information and can therefore log communications pertaining to a 6 particular project. Note that knowledge of scrambled Edition AB
7 alone will not enable this person to ~deri~e any other informatio~
8 from the header, nor will it allow him to decrypt the attached 9 message.
Likewise, a person who must keep track of secure 11 communications being received at a workstation terminal or being `; 12 sent to a printer, may be given the scrambled Edition AC. This ; 13 will allow this person to acquire the plain text Device I.D. from 14 the header. An employee keeping track of the secure communications received by a particular user may be given the scrambled Edition 16 BC, allowing access to the plain text User I.D. Finally, a company 17 employee keeping track of the file name, date, and time of all 18 secure company communications can be given Edition D, allo~ing her 19 to read the plain text File name date time information from the header. A person could actually be given all this info~nation, .~
-i 21 that is, Edition D, and scrambled Editions AB, AC, -~nd BC, and that 22 person would still only have complete access to the secure routing - 23 system. She would not be able to generate the decrypt key and 24 therefore would not be able to decrypt the message.
Because the secure access system can work independently of the 26 encryption~decryption key generation process, it is contemplated .?
.
'~
`` 2 ~
l that the secure access system can be used in applications outside2 of the Net Shield system.
3 All of the above file management capabilities add to the 4 security of the system. Keeping a record of secure message transmissions and receptions in this way helps detect attempted 6 breaches and helps indicate suspicious communications occurriny .
~ 7 within the company. The flexibility provided by the Net Shield 3 n system allows this file management to take place without allowiny ~! 9 any one person to have more information than he needs to know.
In addition to adding to the security of the system, use of 11 header components allows for an enhanced directory format for 12 stored messages. Each component of the header is composed of 20 13 characters. The message file can be stored or archived in 14 encrypted form according to its receiving user, access device, . 15 cleared cluster, filenamel date of creation, time of creation, or 16 any combination of these. A complex file management system can be :
;~ 17 built around these components, allowing for programs that can 18 search archived files based on numerous categories.
19 Figure ~0 shows the secure routing system header la~elling ,.~
" 20 function, isolated from the encryption motion. As previously 21 stated, the secure routing function is one aspect of the overall ~' 22 encryption/decryption methodology. It is this function that .j:
23 provides the capability for composing the Net Shield header and 24 appending it to the encrypted message. The creation of the header .i.
can be accomplished by someone who has knowledge of Edition D and -` 26 scrambled Editions AB, AC, and BC only. It is not necessary for . .
',', ,.
:; '~ ` ` ,, ,, . . :
: '," . . . ' :
,: :.:, ~ . :
2 ~
.,;
1 that person to have access to Editions A, B, and c. Thus, the task ; 2 of creating the header for a message may be delegated to someone 3 who does not have the full capability of encrypting the 4 message.Also, a person may be charged with creating only part of the header; that person would only have to be given one of the 6 scrambled editions. For example, a person working for a particular 7 project may supply a default Cluster I.D. for headers attached to ;~' 8 all project communications. That person need only be given the 9 scrambled Edition AB. Likewise, someone with the responsibility of addin~ the filename, date, and time portion to the headers of all 11 outgoing communications would only have to be given access to 12 Edition D.
13 Once the header is created, it functions as ~ signature for 14 the message. The signature can be used for archival purposes. By :.
storing all outgoing messages according to this signature, a - 16 flexible file management system can be created. A file directory 17 may be easily searched for a particular file by a person cleared to 18 decode headers, or portions of headers. For example, an employee 19 needing to acquire a list of all files transmitted on a particular ~-~ 20 day can search the directory for a header with a particular SFDT~
;
21 assuming the employee has knowledge of Edition Do Thus, a secure 22 *ile archival system may be created through the use of Net Shield 23 headers.
, ...
~;` 24 Within the directory, additional characters may be added to the header at the discretion of the user. The additional ..~
:, i.:
`''~
,i 9 ~
1 characters may be in plain text if it is not required that this 2 information be kept confidential.
~.~
`~ 3 Figure 11 shows an operational diagram of the Net Shield 4 Network Label Manager ("NLM"). The NLM oversees the creation of ~i, 5 labels, ensuring that combinations of labels that will go in a Net r~ 6 Shield header are appropriate for the system, that is, that their 7 contribution to the encryption/decryption key will be valid. It 8 does this by combining label components taken from component lists, 9 rejecting invalid combinations and storing valid ones. The NLM
will be used by system security managers to generate and allocate 11 labels to individual users.
12 Such a management system is necessary because of the large 13 number o~ labels that can possibly be generated by a company using 14 the Net Shield. The flexibility provided by the system leads to a 1~ complexity in validation and tracking of labels. Certain 16 combinations of label components (CID, DID, UID, etc.) will not ~'1 17 provide a header that will allow the generation of a valid 18 encryption/decryption key~ The NLM will not allow these invalid .
~; 19 co~binations to be implemented by a user.
-~ 20 When first entering the NLM system, the security manager will ~ 21 have to satisfy the Net Shield Passphrase SAS, as any user must do .
22 before performing a Net Shield activity. The security manager is - 23 then given a chance to exit the system. If he does not choose to ` 24 exit, he continues with the NLM procedure.
The first step performed in the NLM system is the generation 26 of new cryptographic I.D. "cards". A cryptographic I.D. card is `' :, ,'. : ' :
~bD1198 ,`.
1 simply a list of possible words or phrases to be used to represent , 2 a particular cryptographic I.D., or label component. For example, 3 one cryptographic I.D. card is a Use I.D. card, which would be a 4 list of character strings that could possibly be used as a Use I.D.
Such a list would be fairly easy to create; each item on the list :j 6 can be the name of an employee that will be cleared to transmit or 7 receive secure Net Shield communications. Because the Use I.D. is 8 a character string that is 20 bytes long, each user can be ~ identified with a good degree of specificity. For example, a Use :
' 10 I.D. card may look like this:
.
. ..:
11 RoyDFollendoreIII
12 JohnWilliamSmith ~- 13 MarieElizabethJones - 14 LisaEveRosenberg i Other cryptographic I.D. cards include Cluster I.D. cards, ,.. .
16 Device I.D. cards, and Code Word cards. Each of these I.D. cards - 17 consists of a list of character strings, each of 20 characters or .,~
~ 18 less. Preferably, the character strings are words or phrases that . .i 19 make rational sense to the security manager and to other users of . 20 the system. Each cryptographic I.D. card is created independently ~., 21 of any other cryptographic I.D. card. These can be stored and 22 later called up when creating labels.
~t~ 23 The next step is to create a cryptographic pool card, which . .
24 results in a reduced cryptographic I.D. list. To create the .... .
-i 25 cryptographic pool card, the security manager first collects one of ~ 26 each kind of cryptographic I.D. card that has been created that he '.1 , 27 wishes to use to create a label. That is, he calls up a Cluster . 28 I.D. card, a Device I.D. card, a Use I.D. card, and a Code Word '.t 9 ~
s 31 1 card. Preferably these cards can be displayed side by side on a 2 workstation screen or computer terminal. The security manager then 3 chooses one item from one of the cards. For examp~e, he ~an choose 4 a project name from the Clustler I.D. card, such as "WorldDominationStudy'~. When an item is chosen, the items in the ; 6 other cards are analyzed to determine whether combinations o f these 7 items with the chosen item can result in a label that is valid for 8 encryption and decryption.
9 If an item in another card can be validly combined with the y 10 chosen item, it remains in its respective card. I-f an item in ;,, 11 another card cannot be validly combined with the chosen item, it 12 drops of~ the screen. The item analysis and card reduction is i3 performed by the security expert system utilized by the NL~, 14 according to labelling rules programmed into the security expert system. Thus, the security officer knows that items left on the :, 16 screen can be validly combined to create labels. The security 17 officer may then combine remainin~ items to generate valid labels 18 and may now add these to the cryptographic pool card.
19 If an item dropped off the screen when an item from one of the ' 20 lists was selected, it cannot be combined with th~ selected item.
, .. .
~ 21 ~owever, the security officer may find it necessary to link the ~, 22 ideas represented by the two items into one labelO For example, an 23 item representing a user of the Net Shield system may be 24 incompatible with an item representing a particular projectO The user may nevertheless require access to files generated by that 26 project, and so must be linked with that project in a label. In :
." .. , .:~:: . ~: . - : i : - -~ .
' ` 32 1 such cases, the item that dropped off the screen must be modified 2 slightly until it is in a form that the NLM recognizes as 3 compatible with the selected item. The two items can then be 4 linked into a label and can be added to the cryptographic pool card. It is still preferred that the modified item be a word or 6 phrase that has some rational meaning to the security officer or 7 user.
8 Once a set of valid labels is created, it can be stored on the 9 system hard disk. The security officer can then assign particular labels to individual users' cryptographic I.D. cards. The user is 11 then allowed to use labels resident on her cryptographic I.D. card 12 when transmitting an encrypted message.
, ~, 13 The dotted arrow between the pool cryptographic users card and 14 the organizational model illustrates the fact that these cards can then be used as potential data and information for the 16 organizational model which then can be used with security rules.
17 For example, if by looking at the organizational model and looking 18 at the cryptographic users cards regarding who can communicate to 19 whom, and where and under what subjects, other rules external to that model can be applied which would affect the ability to produce 21 new lists of these cards in the future. This is useful for 22 security control issues or looking at audit trail information.
23 A secure network comprising secure labeling, key generation 24 and encryption of files on the network has now been described in detail. It is to-be noted, however, that this description is merely illustrative of the principles underlying the inventive `:~
.:
;!
2 ~ 9 ~
1 concept. It is therefore contemplated that various modifications ~. 2 of the disclosed embodiments will, without departing from the `~ 3 spirit and scope of the present invention, be apparent to persons .
skilled in the art.
~'i .' .
. "
.-!
' ,~
;
~' ., . .
;~
.
.
~.1 .
~#
. .
'~`''' ',1 ~r~
.
~,^,'`~
, i ;.`' ~.~
~,1 !. 3
13 message in the encryption module to produce the encrypted message.
; 14 That is, once the key is provided to the encryption algorithm . .
module, the algorithm is applied to the plain text message to 16 produce the encrypted message.
17 The SFDT, SUID, SDID and the SCID are linked serially to form 18 an 80 byte SCDUFDT (scrambled cluster display user filename date 19 time) header for any given file. In addition there is a code word (~CW"~ which is 20 character readable text, that will also be 27 placed on the front end of this header, for a total of 100 bytes 22 for the Net Shield header.
23 The product of the encryption process, the encrypted message, ;, .
- 24 is a binary file. The Net Shield header is placed at the front of .
the binary fileO This header is not generally readable as plain .:~
-~ 26 text because it has been scrambled and encrypted through the ., .
.: ~. . . .
~ ', f, . ' . ' `` 2~01:19~
1 previously described series of XOR operations. The only part that 2 is plain text readable is the code word, which is used in case of 3 accidental misrouting or "spillage" of the encrypted message. The :`
4 code word allows people who don't have access to either the routing information or the encrypted message to be able to convey which ~`~ 6 message may have been misdirected or "spilled" en route in order to , .
7 reroute that message and provide that message to .someone who does 8 have access and can reroute that message. That is, a person . .
; 9 without access can identify the message using the code word, without being able to read the access information in the Net Shield .
11 header or the encrypted message binary file.
12 Referring to Figure 7, the decryption motion is described. The -~ 13 encrypted message is received by the system and the Net Shield -1~ 14 header is recognized and stripped away from the encrypted message "I
by the strip label header IDs module. The 20 byte code word 16 portion of the header is removed by the strip header code word 17 module. This process ii available to anyone who has physical 18 access to the encrypted message (i.e. the code word can be read as 3 1~ plain text by anyone). As previously described, the code word is essentially meaningless in terms of the encryption process and . ~, 21 decryption process but it provides a means of "spill control" if a 22 particular encrypted message happens to, for example, inadvertently ~3 get written into the wrong disk or displayed at the wrong terminal.
~; .
24 In such a case, the code word is recognized once it is stripped off the header and the file can be directed to a security officer. The 26 security officer can interpret the code word, which will identify ~ ,:
.....
.~
; .-. . : ., ,~: , . :
. , ~ . .~ .. ..... ... ..
2~0~19~
; 1 people who have appropriate clearance to reroute the communication.
2 The remaining 80 bytes of the Net Shield header are then stripped 3 away from the encrypted message and are separated into the SFDT, `.. 4 SUID, SDID, and SCID 20 byte components.
The same four editions of cryptographic information that were ; 6 used in the encryption process are now used in the decryption 7 process. Edition D is XOR'ed with the SFDT by XOR 23 to recover ., .
8 the filename date time group. Thus, the only thing a person 9 actually needs to determine what the file name and the date time are, is Edition D and knowledge of how to strip out the SFDT.
~' 11 Having that information does not provide the person with the key, 12 however, to decrypt the message. A person who has a need to know 13 ~ile names and date times for the different messages coming in 14 could do so with only the Edition D. The access to read this ~.
~ 15 information could therefore be granted to a person without allowing ,~
,~ 16 him access to the message itself by providing him with Edition D.
17 Edition A and ~dition B are XOR'ed by XOR 26 and the result is .. ..
18 then XOR'ed with the Organizational Account Number by XOR 28 to 19 produce a scrambled Edition AB result. Edition C and Edition B are 20 XOR'ed by XOR 24 and this result is XOR'ed with the Organizational 21 A¢count Number by XOR 27 to produce the scrambled Edition BC
22 result. A scrambled Edition AC result is ach eved simply by 23 XOR'ing ~dition A with Edition C by XOR 25. Thus, Edition A, 24 Edition B, and Edition C are used, along with the Organizational .~ -; 25 Account Number, to generate the scrambled editions that were u~ed 26 to generate the label~ and the encryption key during encryption of :, . ~
- .,: , ,~:: . . . .
21~ ~ 9~
., 1 the message. During the decryption motion, these will in turn be 2 used to recover the unscrambled Cluster I.D., Device I.D., and Use 3 I.D.
4 As prfeviously described, the Organizational Account Numbfer is .~
, 5 not involved in the scrambled Edition AC process, neither during . ~, `~ 6 the encryption motion nor during the decryption motion. This ~i 7 results in a form of asymmetrical type of encryption/decryption ., ~
8 process. This asymmetrical encryption/decryption provides added `~ 9 security ~or the system. If the Organizational Account Number were not part of the process for deriving the scrambled editions, or if :;
11 it were part of the process in deriving all of the scrambled :;
-~ 12 editions, an unauthorized person who is familiar with encryption ,, 13 systems would be able to determine the original unscrambled .; ~!
14 editions on inspection of the scrambled editions. The asymmetrical scrambling scheme using the Organizational Account Number will 16 prsvent this from happening. Attempts to decode the scramkffled 3f 17 editions in this case will only result in a scrambled product or ;.
~!f~ 18 the Organizational Account Number itself.
19 After the scramkled editions are produced, the scrambled .
;~, 20 Edition BC is XOR'ed with the SUID by XOR 32 to produce the use :, 21 I.D. The scrambled Edition AC is XOR'ed with the SDID by XOR 33, 22 generating the Device I.D., and the scramkled Edition AB is XOR'ed Z3 with the SCID by XOR 34 to generate the Cluster I.D. Thus, the i 24 UID, the DID, and the CID are all recaptured from the Net Shield ,.
' 25 header on the receive side of the message transmission. The user : ' 26 on the receive s;de therefore now possesses the information . , :, , .
21011~8 1 essential for verifying which project the communication involves, 2 which device is able to receive the message, and which person is 3 authorized to read the contents of the message. Not only will the 4 above operation enable the appropriately cleared person who isreading the header to read information regarding the intended 6 destination of the message, it will also simplify file management 7 tasks regarding the plain text message that will be received by the 8 intended recipient.
9 The decryption key is then generated by the following process.
The SFDT is XOR'ed with the SUID by XOR 29. The product of XOR 29 11 is then XOR'ed with the SDID by XOR 30. The product of XOR 30 is r 12 XOR'ed with the SCID by XOR 31. This product is then XOR'ed with 13 Edition D by XOR 37. Edition A and Edition B are XOR'ed by XOR 35.
14 The product of XOR 35 is XOR'ed with Edition C by XOR 36 and this result and the product of XOR 37 are then XOR'ed by XOR 38 to 16 generate the decrypt key. The decrypt key is used by the 17 decryption algorithm module to decrypt the encrypted message, 18 resulting in a plain text message output. The decryption algorithm lg is applied to the encrypted message by the decryption algorithm module during this process. The decrypt key is the final element 21 that is supplied to the decryption algorithm module that allows the 22 module to perform the decryption.
2i3 Thus, the decoding of the header, which allows the user to 24 read as plain text the Cluster I.D., the Device I.D. and the Use ` 25 I.D., as well as the File Name Date Time, is independent of the 26 actual key management process. Therefore, a security officer or .
.. , . . ~ . , . .~.. ::
r ~0~19~
1 ~ile management personnel may be provided with the scrambled 2 editions, imparting information to these persons regarding the 3 routing of the communication. However, a person in possession of 4 only the scrambled editions, and not of Editions A, B, C, and D, will not be able to generate a decrypt key and hence will not be 6 able to decrypt the actual message. The plain text message will be ' 7 inaccessible to a person having only the scrambled editions. A
i 8 person with knowledge of Editions A, B, C, and D, however, will be 9 able to decode the header and decrypt the attached message. It is also important to note that generation of the decrypt key is not ?
11 possible without input from elements of the header. The SFDT, the 12 SUID, the SDID, and the SCID must all be provided by the header in 13 order to acquire the decrypt key.
14 Figure 8 is a key proof of the XOR functions using a limited number of binary digits (bits). The purpose of this figure is to 16 demonstrate that the editions and the scrambled results can be 17 protected from someone who happens to have the scrambled BC, AC, 18 and AB.
19 Figure 9 isolates the secure routing function of ths decryption motion in order to stress its significance. The secure 21 routing function is one aspect of the overall encry~tion/decryption 22 methodology~ This function first breaks out the header into a CW, 23 the SFDT, the SUID, the SDID, and the SCID. Once decoded, these 24 components of the header contain all the routing and identification information regarding the message to be transmitted or stored.
26 This information must be safeguarded from outsiders, even if the .. ,.. . , . ~ . . . - .. - . .
3 ~
; 25 1 unauthorized person cannot read the actual message. Knowledge .::
; 2 regarding the routing of communications within a company can give 3 an outsider knowledge of the structure of the company or of 4 organizations within the company. This information, along with ., knowledge of the titles and dates of the files, can impart a great 6 deal of information to the industrial spy as to the current 7 practices of the company. This in turn may be used by the 8 competition for commercial advantage or to negate commercial 9 disadvantage. Information on the routing and identification of company communications must therefore be carefully safeguarded.
l~ On the other hand, it is important that an authorized user be 12 a~le to tell the significance of a communication without having to 13 decrypt the message. It is also important that a person who is not 14 authorized to receive the communication but who nevertheless has had a message routed to her be able to glean information from the 16 header which tells her who the intended recipient is. The Net 17 Shield se~ure routing system allows this flexibility.
18 Di~ferent people within a company may be given different 19 components of secure information in order to allow them to Pxtract in~ormation that they need to know from a secure communication 21 without compromising the message itself. In this way, people (or 22 machines) along the communication path can perform secure file ::
; 23 management tasks without having to be given access to the message ~ 24 or to more of the routing information than they need to know. For s~ 25 example, a person whose job it is to log secure communications 26 taking place relating to a particular project within the company i~
?
:;
. ~
"-, '`,'~,.` ` ' ~ .'-`'' .:.- :
'~ 9 8 1 may be given access to scrambled Edition AB. This scrambled 2 edition can be XOR'ed with the SCID ~a~ter isolating it from the 3 header) to produce the plain text Cluster I.D. Thus, the person ' 4 with knowledge o~ the scrambled Edition AB can get cluster '!~ 5 information and can therefore log communications pertaining to a 6 particular project. Note that knowledge of scrambled Edition AB
7 alone will not enable this person to ~deri~e any other informatio~
8 from the header, nor will it allow him to decrypt the attached 9 message.
Likewise, a person who must keep track of secure 11 communications being received at a workstation terminal or being `; 12 sent to a printer, may be given the scrambled Edition AC. This ; 13 will allow this person to acquire the plain text Device I.D. from 14 the header. An employee keeping track of the secure communications received by a particular user may be given the scrambled Edition 16 BC, allowing access to the plain text User I.D. Finally, a company 17 employee keeping track of the file name, date, and time of all 18 secure company communications can be given Edition D, allo~ing her 19 to read the plain text File name date time information from the header. A person could actually be given all this info~nation, .~
-i 21 that is, Edition D, and scrambled Editions AB, AC, -~nd BC, and that 22 person would still only have complete access to the secure routing - 23 system. She would not be able to generate the decrypt key and 24 therefore would not be able to decrypt the message.
Because the secure access system can work independently of the 26 encryption~decryption key generation process, it is contemplated .?
.
'~
`` 2 ~
l that the secure access system can be used in applications outside2 of the Net Shield system.
3 All of the above file management capabilities add to the 4 security of the system. Keeping a record of secure message transmissions and receptions in this way helps detect attempted 6 breaches and helps indicate suspicious communications occurriny .
~ 7 within the company. The flexibility provided by the Net Shield 3 n system allows this file management to take place without allowiny ~! 9 any one person to have more information than he needs to know.
In addition to adding to the security of the system, use of 11 header components allows for an enhanced directory format for 12 stored messages. Each component of the header is composed of 20 13 characters. The message file can be stored or archived in 14 encrypted form according to its receiving user, access device, . 15 cleared cluster, filenamel date of creation, time of creation, or 16 any combination of these. A complex file management system can be :
;~ 17 built around these components, allowing for programs that can 18 search archived files based on numerous categories.
19 Figure ~0 shows the secure routing system header la~elling ,.~
" 20 function, isolated from the encryption motion. As previously 21 stated, the secure routing function is one aspect of the overall ~' 22 encryption/decryption methodology. It is this function that .j:
23 provides the capability for composing the Net Shield header and 24 appending it to the encrypted message. The creation of the header .i.
can be accomplished by someone who has knowledge of Edition D and -` 26 scrambled Editions AB, AC, and BC only. It is not necessary for . .
',', ,.
:; '~ ` ` ,, ,, . . :
: '," . . . ' :
,: :.:, ~ . :
2 ~
.,;
1 that person to have access to Editions A, B, and c. Thus, the task ; 2 of creating the header for a message may be delegated to someone 3 who does not have the full capability of encrypting the 4 message.Also, a person may be charged with creating only part of the header; that person would only have to be given one of the 6 scrambled editions. For example, a person working for a particular 7 project may supply a default Cluster I.D. for headers attached to ;~' 8 all project communications. That person need only be given the 9 scrambled Edition AB. Likewise, someone with the responsibility of addin~ the filename, date, and time portion to the headers of all 11 outgoing communications would only have to be given access to 12 Edition D.
13 Once the header is created, it functions as ~ signature for 14 the message. The signature can be used for archival purposes. By :.
storing all outgoing messages according to this signature, a - 16 flexible file management system can be created. A file directory 17 may be easily searched for a particular file by a person cleared to 18 decode headers, or portions of headers. For example, an employee 19 needing to acquire a list of all files transmitted on a particular ~-~ 20 day can search the directory for a header with a particular SFDT~
;
21 assuming the employee has knowledge of Edition Do Thus, a secure 22 *ile archival system may be created through the use of Net Shield 23 headers.
, ...
~;` 24 Within the directory, additional characters may be added to the header at the discretion of the user. The additional ..~
:, i.:
`''~
,i 9 ~
1 characters may be in plain text if it is not required that this 2 information be kept confidential.
~.~
`~ 3 Figure 11 shows an operational diagram of the Net Shield 4 Network Label Manager ("NLM"). The NLM oversees the creation of ~i, 5 labels, ensuring that combinations of labels that will go in a Net r~ 6 Shield header are appropriate for the system, that is, that their 7 contribution to the encryption/decryption key will be valid. It 8 does this by combining label components taken from component lists, 9 rejecting invalid combinations and storing valid ones. The NLM
will be used by system security managers to generate and allocate 11 labels to individual users.
12 Such a management system is necessary because of the large 13 number o~ labels that can possibly be generated by a company using 14 the Net Shield. The flexibility provided by the system leads to a 1~ complexity in validation and tracking of labels. Certain 16 combinations of label components (CID, DID, UID, etc.) will not ~'1 17 provide a header that will allow the generation of a valid 18 encryption/decryption key~ The NLM will not allow these invalid .
~; 19 co~binations to be implemented by a user.
-~ 20 When first entering the NLM system, the security manager will ~ 21 have to satisfy the Net Shield Passphrase SAS, as any user must do .
22 before performing a Net Shield activity. The security manager is - 23 then given a chance to exit the system. If he does not choose to ` 24 exit, he continues with the NLM procedure.
The first step performed in the NLM system is the generation 26 of new cryptographic I.D. "cards". A cryptographic I.D. card is `' :, ,'. : ' :
~bD1198 ,`.
1 simply a list of possible words or phrases to be used to represent , 2 a particular cryptographic I.D., or label component. For example, 3 one cryptographic I.D. card is a Use I.D. card, which would be a 4 list of character strings that could possibly be used as a Use I.D.
Such a list would be fairly easy to create; each item on the list :j 6 can be the name of an employee that will be cleared to transmit or 7 receive secure Net Shield communications. Because the Use I.D. is 8 a character string that is 20 bytes long, each user can be ~ identified with a good degree of specificity. For example, a Use :
' 10 I.D. card may look like this:
.
. ..:
11 RoyDFollendoreIII
12 JohnWilliamSmith ~- 13 MarieElizabethJones - 14 LisaEveRosenberg i Other cryptographic I.D. cards include Cluster I.D. cards, ,.. .
16 Device I.D. cards, and Code Word cards. Each of these I.D. cards - 17 consists of a list of character strings, each of 20 characters or .,~
~ 18 less. Preferably, the character strings are words or phrases that . .i 19 make rational sense to the security manager and to other users of . 20 the system. Each cryptographic I.D. card is created independently ~., 21 of any other cryptographic I.D. card. These can be stored and 22 later called up when creating labels.
~t~ 23 The next step is to create a cryptographic pool card, which . .
24 results in a reduced cryptographic I.D. list. To create the .... .
-i 25 cryptographic pool card, the security manager first collects one of ~ 26 each kind of cryptographic I.D. card that has been created that he '.1 , 27 wishes to use to create a label. That is, he calls up a Cluster . 28 I.D. card, a Device I.D. card, a Use I.D. card, and a Code Word '.t 9 ~
s 31 1 card. Preferably these cards can be displayed side by side on a 2 workstation screen or computer terminal. The security manager then 3 chooses one item from one of the cards. For examp~e, he ~an choose 4 a project name from the Clustler I.D. card, such as "WorldDominationStudy'~. When an item is chosen, the items in the ; 6 other cards are analyzed to determine whether combinations o f these 7 items with the chosen item can result in a label that is valid for 8 encryption and decryption.
9 If an item in another card can be validly combined with the y 10 chosen item, it remains in its respective card. I-f an item in ;,, 11 another card cannot be validly combined with the chosen item, it 12 drops of~ the screen. The item analysis and card reduction is i3 performed by the security expert system utilized by the NL~, 14 according to labelling rules programmed into the security expert system. Thus, the security officer knows that items left on the :, 16 screen can be validly combined to create labels. The security 17 officer may then combine remainin~ items to generate valid labels 18 and may now add these to the cryptographic pool card.
19 If an item dropped off the screen when an item from one of the ' 20 lists was selected, it cannot be combined with th~ selected item.
, .. .
~ 21 ~owever, the security officer may find it necessary to link the ~, 22 ideas represented by the two items into one labelO For example, an 23 item representing a user of the Net Shield system may be 24 incompatible with an item representing a particular projectO The user may nevertheless require access to files generated by that 26 project, and so must be linked with that project in a label. In :
." .. , .:~:: . ~: . - : i : - -~ .
' ` 32 1 such cases, the item that dropped off the screen must be modified 2 slightly until it is in a form that the NLM recognizes as 3 compatible with the selected item. The two items can then be 4 linked into a label and can be added to the cryptographic pool card. It is still preferred that the modified item be a word or 6 phrase that has some rational meaning to the security officer or 7 user.
8 Once a set of valid labels is created, it can be stored on the 9 system hard disk. The security officer can then assign particular labels to individual users' cryptographic I.D. cards. The user is 11 then allowed to use labels resident on her cryptographic I.D. card 12 when transmitting an encrypted message.
, ~, 13 The dotted arrow between the pool cryptographic users card and 14 the organizational model illustrates the fact that these cards can then be used as potential data and information for the 16 organizational model which then can be used with security rules.
17 For example, if by looking at the organizational model and looking 18 at the cryptographic users cards regarding who can communicate to 19 whom, and where and under what subjects, other rules external to that model can be applied which would affect the ability to produce 21 new lists of these cards in the future. This is useful for 22 security control issues or looking at audit trail information.
23 A secure network comprising secure labeling, key generation 24 and encryption of files on the network has now been described in detail. It is to-be noted, however, that this description is merely illustrative of the principles underlying the inventive `:~
.:
;!
2 ~ 9 ~
1 concept. It is therefore contemplated that various modifications ~. 2 of the disclosed embodiments will, without departing from the `~ 3 spirit and scope of the present invention, be apparent to persons .
skilled in the art.
~'i .' .
. "
.-!
' ,~
;
~' ., . .
;~
.
.
~.1 .
~#
. .
'~`''' ',1 ~r~
.
~,^,'`~
, i ;.`' ~.~
~,1 !. 3
Claims (36)
1. A system for the secure routing of encrypted data within a communications network, comprising:
A) first digital logic means and second digital logic means, the first digital logic means being electronically linked for communication with the second digital logic means;
B) the first digital logic means comprising:
1) a first system memory for storing data;
A) first digital logic means and second digital logic means, the first digital logic means being electronically linked for communication with the second digital logic means;
B) the first digital logic means comprising:
1) a first system memory for storing data;
2) a first access control subsystem, comprising logic for limiting system access to authorized users, the first access control subsystem being electronically connected to the first system memory for accessing data stored in the first system memory;
3) an encryption algorithm module, comprising logic for converting plain text messages into encrypted text messages, the encryption algorithm module being electronically connected to the first system memory for accessing data stored in the first system memory and the encryption algorithm module being further electronically connected to the first access control subsystem to accept inputs from the first access control subsystem; and
4) a message header labelling subsystem, comprising logic for limiting system access, subject to label conditions, the message header labelling subsystem being electronically connected to the first system memory for accessing data stored in the first system memory and the message header labelling subsystem being further electronically connected to the encryption algorithm module to accept inputs from the encryption algorithm module;
C) the second digital logic means comprising:
1) a second system memory for storing data;
2) a second access control subsystem, comprising logic for limiting system access to authorized users, the second access control subsystem being electronically connected to the second system memory for accessing data stored in the second system memory;
3) a decryption algorithm module, comprising logic for converting encrypted text messages into plain text messages, the decryption algorithm module being electronically connected to the second system memory for accessing data stored in the second system memory and the decryption algorithm module being further electronically connected to the second access control subsystem to accept inputs from the second access control subsystem;
and 4) a message header identification subsystem, comprising logic for limiting system access, subject to label conditions, the message header identification subsystem being electronically connected to the second system memory for accessing data stored in the second system memory and the message header identification subsystem being further electronically connected to the decryption algorithm module to accept inputs from the decryption algorithm module;
D) the encryption algorithm module working in conjunction with the message header labelling subsystem to create an outgoing message to be transmitted from a sending user to a receiving user;
E) the message header identification subsystem limiting access to an incoming message prior to conversion of a received encrypted text message into a plain text message by the decryption algorithm module.
2. The system of claim 1, wherein the first access control subsystem and the second access control subsystem manipulate passphrase information entered by users to generate a passkey.
3. The system of claim 2, wherein the passphrase information entered by a user comprises alphanumeric characters.
4. The system of claim 3, wherein the system converts the alphanumeric characters input by the user to digital data.
C) the second digital logic means comprising:
1) a second system memory for storing data;
2) a second access control subsystem, comprising logic for limiting system access to authorized users, the second access control subsystem being electronically connected to the second system memory for accessing data stored in the second system memory;
3) a decryption algorithm module, comprising logic for converting encrypted text messages into plain text messages, the decryption algorithm module being electronically connected to the second system memory for accessing data stored in the second system memory and the decryption algorithm module being further electronically connected to the second access control subsystem to accept inputs from the second access control subsystem;
and 4) a message header identification subsystem, comprising logic for limiting system access, subject to label conditions, the message header identification subsystem being electronically connected to the second system memory for accessing data stored in the second system memory and the message header identification subsystem being further electronically connected to the decryption algorithm module to accept inputs from the decryption algorithm module;
D) the encryption algorithm module working in conjunction with the message header labelling subsystem to create an outgoing message to be transmitted from a sending user to a receiving user;
E) the message header identification subsystem limiting access to an incoming message prior to conversion of a received encrypted text message into a plain text message by the decryption algorithm module.
2. The system of claim 1, wherein the first access control subsystem and the second access control subsystem manipulate passphrase information entered by users to generate a passkey.
3. The system of claim 2, wherein the passphrase information entered by a user comprises alphanumeric characters.
4. The system of claim 3, wherein the system converts the alphanumeric characters input by the user to digital data.
5. The system of claim 2, wherein the first access control subsystem manipulates the passphrase information with BIOS
information stored in the first system memory and the second access control subsystem manipulates the passphrase information with BIOS
information stored in the second system memory.
information stored in the first system memory and the second access control subsystem manipulates the passphrase information with BIOS
information stored in the second system memory.
6. The system of claim 5, wherein the BIOS information includes the date of origin of the BIOS information.
7. The system of claim 6, wherein a system serial number, stored in the first system memory and in the second system memory, is manipulated with the passphrase information and the BIOS
information to generate the passkey.
information to generate the passkey.
8. The system of claim 2, wherein A) the first access control subsystem further comprises a check key which is compared to the passkey; and B) the passkey is an input to the encryption algorithm module which allows editions of cryptographic information stored within the first system memory to be inputs to the encryption algorithm module only if the passkey exactly matches the check key.
9. The system of claim 2, wherein A) the second access control subsystem further comprises a check key which is compared to the passkey; and B) the passkey is an input to the decryption algorithm module which allows editions of cryptographic information stored within the second system memory to be inputs to the decryption algorithm module only if the passkey exactly matches the check key.
10. The system of claim 8, wherein the passkey inputs to the encryption algorithm module allow the encryption algorithm module to convert a plain text message to an encrypted text message.
11. The system of claim 9, wherein the passkey inputs to the decryption algorithm module allow the decryption algorithm module to convert an encrypted text message to a plain text message.
12. The system of claim 10, wherein:
A) scrambled editions are generated by manipulating the editions of cryptographich information using the first digital logic means;
B) scrambled label conditions are generated by manipulating the scrambled editions with label conditions using the first digital logic means;and C) an encryption key is generated by manipulating the scrambled label conditions and the editions of cryptographic data using the first digital logic means, the encryption key allowing the encryption algorithm module to convert a plain text message to an encrypted text message.
A) scrambled editions are generated by manipulating the editions of cryptographich information using the first digital logic means;
B) scrambled label conditions are generated by manipulating the scrambled editions with label conditions using the first digital logic means;and C) an encryption key is generated by manipulating the scrambled label conditions and the editions of cryptographic data using the first digital logic means, the encryption key allowing the encryption algorithm module to convert a plain text message to an encrypted text message.
13. The system of claim 12, further comprising an organizational account number stored in the first system memory which is manipulated with the editions of cryptographic data by the first digital logic means to generate the scrambled editions.
14. The system of claim 12 or 13, further comprising filename/date/time information stored in the first system memory, which is manipulated with one edition of cryptographic information by the first digital logic means to generate scrambled filename/date/time information.
15. The system of claim 14, wherein the encryption key is generated by manipulating the scrambled filename/date/time information with the scrambled label conditions and the editions of cryptographic information using the first digital logic means, the encryption key allowing the encryption algorithm module to convert a plain text message into an encrypted text message.
16. The system of claim 12, wherein the header labelling subsystem combines the scrambled label conditions to form a message header.
17. The system of claim 16, wherein the message header further comprises the scrambled filename/date/time information.
18. The system of claim 17, wherein the message header further comprises a code word.
19. The system of claim 16, 17, or 18, wherein the encrypted text message is appended to the message header prior to transmission.
20. The system of claim 11, wherein the header identification subsystem separates a message header from the encrypted text message and into separate scrambled label conditions.
21. The system of claim 20, wherein scrambled filename/date/time information is also separated from the message header.
22. The system of claim 21, wherein a code word is also separated from the message header.
23. The system of claim 22, wherein:
A) scrambled editions are generated by manipulating the editions of cryptographic information;
B) label conditions are recaptured by manipulating the scrambled editions with scrambled label conditions using the second digital logic means;
C) a decryption key is generated by manipulating the scrambled label conditions and the editions of cryptographic data using the second digital logic means, the decryption key allowing the decryption algorithm module to convert an encrypted text message into a plain text message.
A) scrambled editions are generated by manipulating the editions of cryptographic information;
B) label conditions are recaptured by manipulating the scrambled editions with scrambled label conditions using the second digital logic means;
C) a decryption key is generated by manipulating the scrambled label conditions and the editions of cryptographic data using the second digital logic means, the decryption key allowing the decryption algorithm module to convert an encrypted text message into a plain text message.
24. The system of claim 23, further comprising an organizational account number stored in the second system memory which is manipulated with the editions of cryptographic data by the second digital logic means to generate the scrambled editions.
25. The system of claim 24, wherein the filename/date/time information is recaptured by manipulating the scrambled filename/date/time information with one edition of cryptographic information using the second digital logic means.
26. The system of claim 23, wherein the decryption key is generated by manipulating the scrambled filename/date/time information with the scrambled label conditions and the editions of encryption information using te second digital logic means, the decryption key allowing the decryption algorithm module to convert an encrypted text message into a plain text message.
27. A method for the secure routing of data in a communications system, comprising the following steps performed in the order given:
A) limiting access to the communications system to an authorized sending user at a transmit port;
B) retrieving and converting a plain text message to an encrypted text message;
C) creating a message header which specifies message access conditions;
D) appending the message header to the front of the encrypted text message to create the secure message;
E) transmitting the secure message from the transmit port to a receive port via the communications system;
F) limiting access to the communications system to an authorized receiving user at a recieve port;
G) stripping the message header from the secure message;
H) decoding the message header to recover the message access conditions; and I) converting the encrypted text message to a plain text message that can be read by a receiving user.
A) limiting access to the communications system to an authorized sending user at a transmit port;
B) retrieving and converting a plain text message to an encrypted text message;
C) creating a message header which specifies message access conditions;
D) appending the message header to the front of the encrypted text message to create the secure message;
E) transmitting the secure message from the transmit port to a receive port via the communications system;
F) limiting access to the communications system to an authorized receiving user at a recieve port;
G) stripping the message header from the secure message;
H) decoding the message header to recover the message access conditions; and I) converting the encrypted text message to a plain text message that can be read by a receiving user.
28. The method of claim 27, wherein the step of limiting access to the communications system to an authorized sending user at a transmit port comprises the substeps of:
A) initializing the contents of an attempt counter located in the communications system to zero;
B) having the sending user enter passphrase information into the transmit port;
C) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
D) comparing the passkey to a check key stored in the communications system;
E) applying the passkey to a communication systems encryption means if the passkey matches the check key exactly;
and F) copying a file containing editions of cryptographic information, stored in the communications system, into the encryption means.
A) initializing the contents of an attempt counter located in the communications system to zero;
B) having the sending user enter passphrase information into the transmit port;
C) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
D) comparing the passkey to a check key stored in the communications system;
E) applying the passkey to a communication systems encryption means if the passkey matches the check key exactly;
and F) copying a file containing editions of cryptographic information, stored in the communications system, into the encryption means.
29. The method of claim 28, wherein the following steps occur if the passkey does not match the check key exactly:
A) incrementing the attempt counter by one;
B) refusing access by the sending user to the communication system if the contents of the attempt counter equals three, C) having the sending user enter passphrase information into the transmit port;
D) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
E) comparing the passkey to a check key stored in the communications system;
F) repeating steps B) through E) if the passkey does not exactly match the check key;
G) applying the passkey to a communication systems encryption means if the passkey matches the check key exactly;
and H) copying a file containing editions of cryptographic information, stored in the communications system, into the encryption means.
A) incrementing the attempt counter by one;
B) refusing access by the sending user to the communication system if the contents of the attempt counter equals three, C) having the sending user enter passphrase information into the transmit port;
D) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
E) comparing the passkey to a check key stored in the communications system;
F) repeating steps B) through E) if the passkey does not exactly match the check key;
G) applying the passkey to a communication systems encryption means if the passkey matches the check key exactly;
and H) copying a file containing editions of cryptographic information, stored in the communications system, into the encryption means.
30. The method of claim 28, wherein the step of retrieving and converting a plain text message to an encrypted text message comprises the substeps of:
A) reading a plain text message file from communications system memory;
B) manipulating the editions of cryptographic information and an organizational account number stored in communications system memory by digital logic means to generate scrambled editions of cryptographic information;
C) manipulating the scrambled editions of cryptographic information with message access conditions to generate scrambled access conditions;
D) manipulating fileneme/date/time information stored in communications system memory with one edition of cryptographic information to generate scrambled filename/date/time information;
E) manipulating the scrambled filename/date/time information with the scrambled access conditions and the editions of cryptographic information to generate an encryption key;
F) applying the encryption key to the encryption means;
G) converting the plain text message to an encrypted text message by applying the encryption means to the plain text message; and H) applying the encrypted text message to a header labeling subsystem located within the communications system.
A) reading a plain text message file from communications system memory;
B) manipulating the editions of cryptographic information and an organizational account number stored in communications system memory by digital logic means to generate scrambled editions of cryptographic information;
C) manipulating the scrambled editions of cryptographic information with message access conditions to generate scrambled access conditions;
D) manipulating fileneme/date/time information stored in communications system memory with one edition of cryptographic information to generate scrambled filename/date/time information;
E) manipulating the scrambled filename/date/time information with the scrambled access conditions and the editions of cryptographic information to generate an encryption key;
F) applying the encryption key to the encryption means;
G) converting the plain text message to an encrypted text message by applying the encryption means to the plain text message; and H) applying the encrypted text message to a header labeling subsystem located within the communications system.
31. The method of claim 30 wherein the step of creating a message header which specifies message access conditions comprises the substeps of:
A) combining the scrambled filename/date/time information with the scrambled access conditions to form the scrambled cluster/device/user/filename/date/time header; and B) appending a code word to the scrambled cluster/device/user/filename/date/time header to form the message header.
A) combining the scrambled filename/date/time information with the scrambled access conditions to form the scrambled cluster/device/user/filename/date/time header; and B) appending a code word to the scrambled cluster/device/user/filename/date/time header to form the message header.
32. The method of claim 27, wherein the step of limiting access to the communications system to an authorized receiving user at a recieve port comprises the substeps of:
A) initializing the contents of an attempt counter located in the communications system to zero;
B) having the receiving user enter passphrase information into the receive port;
C) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
D) comparing the passkey to a check key stored in the communications system;
E) applying the passkey to a communications system decryption means if the passkey matches the check key exactly;
and F) copying a file containing editions of cryptographic information, stored in the communications system, into the decryption means.
A) initializing the contents of an attempt counter located in the communications system to zero;
B) having the receiving user enter passphrase information into the receive port;
C) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
D) comparing the passkey to a check key stored in the communications system;
E) applying the passkey to a communications system decryption means if the passkey matches the check key exactly;
and F) copying a file containing editions of cryptographic information, stored in the communications system, into the decryption means.
33. The method of claim 32, wherein the following steps occur if the passkey does not match the check key exactly:
A) incrementing the attempt counter by one;
B) refusing access by the receiving user to the communications system if the contents of the attempt counter equals three;
C) having the receiving user enter passphrase information into the receive port;
D) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
E) comparing the passkey to a check key stored in the communications system;
F) repeating steps B) through E) if the passkey does not exactly match the check key;
G) applying the passkey to a communication systems decryption means if the passkey matches the check key exactly;
and H) copying a file containing editions of cryptographic information, stored in the communications system, into the decryption means.
A) incrementing the attempt counter by one;
B) refusing access by the receiving user to the communications system if the contents of the attempt counter equals three;
C) having the receiving user enter passphrase information into the receive port;
D) manipulating the passphrase information with BIOS
information and a serial number stored in the communications system using digital logic means, in order to generate a passkey;
E) comparing the passkey to a check key stored in the communications system;
F) repeating steps B) through E) if the passkey does not exactly match the check key;
G) applying the passkey to a communication systems decryption means if the passkey matches the check key exactly;
and H) copying a file containing editions of cryptographic information, stored in the communications system, into the decryption means.
34. The method of claim 27 wherein the step of stripping the message header from the secure message comprises the substeps of:
A) separating the message header from the encrypted data message;
B) dividing the message header into the code word and the cluster/device/user/filename/date/time header; and C) dividing the cluster/device/user/filename/date/time header into the filename/date/time information and the scrambled access conditions.
A) separating the message header from the encrypted data message;
B) dividing the message header into the code word and the cluster/device/user/filename/date/time header; and C) dividing the cluster/device/user/filename/date/time header into the filename/date/time information and the scrambled access conditions.
35. The method of claim 27 wherein the step of decoding the message header to recover the message access conditions comprises the substeps of:
A) manipulating the editions of cryptographic information with the organizational account number located in communications system memory to generate scrambled editions of cryptographic information; and B) manipulating the scrambled editions of cryptographic information with scrambled access conditions to recapture the access conditions.
A) manipulating the editions of cryptographic information with the organizational account number located in communications system memory to generate scrambled editions of cryptographic information; and B) manipulating the scrambled editions of cryptographic information with scrambled access conditions to recapture the access conditions.
36. The method of claim 35 wherein the step of converting the encrypted text message to a plain text message comprises the substeps of:
A) manipulating the scrambled fileneme/date/time information with one edition of cryptographic information to recapture the filename/date/time information;
B) manipulating the scrambled access conditions with the scrambled filename/date/time information and the editions of cryptographic information to generate a decryption key;
C) applying the decryption key to a communications system decryption means; and D) converting the encrypted text message to a plain text message by applying the decryption means to the encrypted text message.
A) manipulating the scrambled fileneme/date/time information with one edition of cryptographic information to recapture the filename/date/time information;
B) manipulating the scrambled access conditions with the scrambled filename/date/time information and the editions of cryptographic information to generate a decryption key;
C) applying the decryption key to a communications system decryption means; and D) converting the encrypted text message to a plain text message by applying the decryption means to the encrypted text message.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US08/009,741 US5369707A (en) | 1993-01-27 | 1993-01-27 | Secure network method and apparatus |
| US08/009,741 | 1993-01-27 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2101198A1 true CA2101198A1 (en) | 1994-07-28 |
Family
ID=21739440
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002101198A Abandoned CA2101198A1 (en) | 1993-01-27 | 1993-07-23 | Secure network method and apparatus |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US5369707A (en) |
| CA (1) | CA2101198A1 (en) |
Families Citing this family (119)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5577209A (en) * | 1991-07-11 | 1996-11-19 | Itt Corporation | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
| CA2151738C (en) * | 1992-12-14 | 2003-01-21 | Mark Stephen Anderson | Message document security |
| US5369702A (en) * | 1993-10-18 | 1994-11-29 | Tecsec Incorporated | Distributed cryptographic object method |
| US5680452A (en) * | 1993-10-18 | 1997-10-21 | Tecsec Inc. | Distributed cryptographic object method |
| US5459789A (en) * | 1994-04-22 | 1995-10-17 | Thomson Consumer Electronics | Packet TV program component detector |
| US7362775B1 (en) | 1996-07-02 | 2008-04-22 | Wistaria Trading, Inc. | Exchange mechanisms for digital information packages with bandwidth securitization, multichannel digital watermarks, and key management |
| US5745569A (en) * | 1996-01-17 | 1998-04-28 | The Dice Company | Method for stega-cipher protection of computer code |
| US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
| US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
| US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
| CA2683230C (en) | 1995-02-13 | 2013-08-27 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
| GB2299000B (en) * | 1995-03-14 | 1999-10-27 | Marconi Gec Ltd | A communications system |
| DE69636116T2 (en) * | 1995-03-31 | 2006-12-21 | The Commonwealth Of Australia | METHOD AND DEVICE FOR CONNECTING NETWORKS WITH VARIOUS SAFETY DEVICES |
| US6011847A (en) * | 1995-06-01 | 2000-01-04 | Follendore, Iii; Roy D. | Cryptographic access and labeling system |
| US5621729A (en) * | 1995-06-07 | 1997-04-15 | Geophonic Networks, Inc. | Receiver controlled communication system |
| US5613004A (en) | 1995-06-07 | 1997-03-18 | The Dice Company | Steganographic method and device |
| US5625693A (en) * | 1995-07-07 | 1997-04-29 | Thomson Consumer Electronics, Inc. | Apparatus and method for authenticating transmitting applications in an interactive TV system |
| JP3590143B2 (en) * | 1995-07-28 | 2004-11-17 | 株式会社東芝 | Email transfer device |
| JP3982848B2 (en) * | 1995-10-19 | 2007-09-26 | 富士通株式会社 | Security level control device and network communication system |
| US5787175A (en) * | 1995-10-23 | 1998-07-28 | Novell, Inc. | Method and apparatus for collaborative document control |
| US5638448A (en) * | 1995-10-24 | 1997-06-10 | Nguyen; Minhtam C. | Network with secure communications sessions |
| US5689566A (en) * | 1995-10-24 | 1997-11-18 | Nguyen; Minhtam C. | Network with secure communications sessions |
| US5862323A (en) * | 1995-11-13 | 1999-01-19 | International Business Machines Corporation | Retrieving plain-text passwords from a main registry by a plurality of foreign registries |
| US5832211A (en) * | 1995-11-13 | 1998-11-03 | International Business Machines Corporation | Propagating plain-text passwords from a main registry to a plurality of foreign registries |
| US5838903A (en) * | 1995-11-13 | 1998-11-17 | International Business Machines Corporation | Configurable password integrity servers for use in a shared resource environment |
| US5771234A (en) * | 1995-12-06 | 1998-06-23 | Industrial Technology Research Institute | Method and system for ATM cell multiplexing under constant bit rate, variable bit rate and best-effort traffic |
| US5812526A (en) * | 1995-12-21 | 1998-09-22 | Industrial Technology Research Institute | Traffic control mechanism in ATM communications network |
| DE19549014C1 (en) * | 1995-12-28 | 1997-02-20 | Siemens Ag | Protected function activation method for communication system |
| US5787169A (en) * | 1995-12-28 | 1998-07-28 | International Business Machines Corp. | Method and apparatus for controlling access to encrypted data files in a computer system |
| US7664263B2 (en) | 1998-03-24 | 2010-02-16 | Moskowitz Scott A | Method for combining transfer functions with predetermined key creation |
| US6205249B1 (en) | 1998-04-02 | 2001-03-20 | Scott A. Moskowitz | Multiple transform utilization and applications for secure digital watermarking |
| AU5014796A (en) * | 1996-03-22 | 1997-10-17 | Hitachi Limited | Method and device for managing computer network |
| US5740361A (en) * | 1996-06-03 | 1998-04-14 | Compuserve Incorporated | System for remote pass-phrase authentication |
| JP3446482B2 (en) * | 1996-06-28 | 2003-09-16 | 三菱電機株式会社 | Encryption device |
| US7346472B1 (en) | 2000-09-07 | 2008-03-18 | Blue Spike, Inc. | Method and device for monitoring and analyzing signals |
| US7457962B2 (en) | 1996-07-02 | 2008-11-25 | Wistaria Trading, Inc | Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data |
| US7159116B2 (en) | 1999-12-07 | 2007-01-02 | Blue Spike, Inc. | Systems, methods and devices for trusted transactions |
| US7095874B2 (en) | 1996-07-02 | 2006-08-22 | Wistaria Trading, Inc. | Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data |
| US7177429B2 (en) | 2000-12-07 | 2007-02-13 | Blue Spike, Inc. | System and methods for permitting open access to data objects and for securing data within the data objects |
| US5889868A (en) | 1996-07-02 | 1999-03-30 | The Dice Company | Optimization methods for the insertion, protection, and detection of digital watermarks in digitized data |
| US5892906A (en) * | 1996-07-19 | 1999-04-06 | Chou; Wayne W. | Apparatus and method for preventing theft of computer devices |
| US6272538B1 (en) * | 1996-07-30 | 2001-08-07 | Micron Technology, Inc. | Method and system for establishing a security perimeter in computer networks |
| US6993582B2 (en) * | 1996-07-30 | 2006-01-31 | Micron Technology Inc. | Mixed enclave operation in a computer network |
| SE9603962D0 (en) * | 1996-10-30 | 1996-10-30 | Christian Wettergren | Device and method of communication |
| US7730317B2 (en) | 1996-12-20 | 2010-06-01 | Wistaria Trading, Inc. | Linear predictive coding implementation of digital watermarks |
| US5812990A (en) * | 1996-12-23 | 1998-09-22 | Pitney Bowes Inc. | System and method for providing an additional cryptography layer for postage meter refills |
| US7212632B2 (en) | 1998-02-13 | 2007-05-01 | Tecsec, Inc. | Cryptographic key split combiner |
| US5925126A (en) * | 1997-03-18 | 1999-07-20 | Memco Software, Ltd. | Method for security shield implementation in computer system's software |
| US6212636B1 (en) | 1997-05-01 | 2001-04-03 | Itt Manufacturing Enterprises | Method for establishing trust in a computer network via association |
| US6694433B1 (en) * | 1997-05-08 | 2004-02-17 | Tecsec, Inc. | XML encryption scheme |
| US5987028A (en) * | 1997-05-12 | 1999-11-16 | Industrial Technology Research Insitute | Multiple channel ATM switch |
| US5940389A (en) * | 1997-05-12 | 1999-08-17 | Computer And Communication Research Laboratories | Enhanced partially self-routing algorithm for controller Benes networks |
| DE19720719C2 (en) * | 1997-05-16 | 2002-04-11 | Deutsche Telekom Ag | Connection-monitoring device |
| US7162738B2 (en) * | 1998-11-03 | 2007-01-09 | Tumbleweed Communications Corp. | E-mail firewall with stored key encryption/decryption |
| US7127741B2 (en) | 1998-11-03 | 2006-10-24 | Tumbleweed Communications Corp. | Method and system for e-mail message transmission |
| US20050081059A1 (en) * | 1997-07-24 | 2005-04-14 | Bandini Jean-Christophe Denis | Method and system for e-mail filtering |
| ATE444614T1 (en) | 1997-07-24 | 2009-10-15 | Axway Inc | EMAIL FIREWALL |
| US8077870B2 (en) * | 1998-02-13 | 2011-12-13 | Tecsec, Inc. | Cryptographic key split binder for use with tagged data elements |
| US7095852B2 (en) * | 1998-02-13 | 2006-08-22 | Tecsec, Inc. | Cryptographic key split binder for use with tagged data elements |
| US7079653B2 (en) * | 1998-02-13 | 2006-07-18 | Tecsec, Inc. | Cryptographic key split binding process and apparatus |
| US7711714B2 (en) * | 1998-09-22 | 2010-05-04 | Hitachi, Ltd. | Method and a device for sterilizing downloaded files |
| AUPP752398A0 (en) * | 1998-12-04 | 1999-01-07 | Collins, Lyal Sidney | Secure multi-point data transfer system |
| US7664264B2 (en) | 1999-03-24 | 2010-02-16 | Blue Spike, Inc. | Utilizing data reduction in steganographic and cryptographic systems |
| US6901145B1 (en) * | 1999-04-08 | 2005-05-31 | Lucent Technologies Inc. | Generation of repeatable cryptographic key based on varying parameters |
| FI112315B (en) | 1999-05-11 | 2003-11-14 | Nokia Corp | Integrity protection method for radio network signaling |
| US7475246B1 (en) | 1999-08-04 | 2009-01-06 | Blue Spike, Inc. | Secure personal content server |
| US7213152B1 (en) * | 2000-02-14 | 2007-05-01 | Intel Corporation | Modular bios update mechanism |
| US7127615B2 (en) | 2000-09-20 | 2006-10-24 | Blue Spike, Inc. | Security based on subliminal and supraliminal channels for data objects |
| US7139821B1 (en) * | 2000-10-20 | 2006-11-21 | Sun Microsystems, Inc. | Method and apparatus for creating and deploying applications from a server application |
| US7590745B2 (en) * | 2001-03-02 | 2009-09-15 | International Business Machines Corporation | System and method for analyzing a router in a shared network system |
| US7287275B2 (en) | 2002-04-17 | 2007-10-23 | Moskowitz Scott A | Methods, systems and devices for packet watermarking and efficient provisioning of bandwidth |
| US20040022390A1 (en) * | 2002-08-02 | 2004-02-05 | Mcdonald Jeremy D. | System and method for data protection and secure sharing of information over a computer network |
| US8166033B2 (en) * | 2003-02-27 | 2012-04-24 | Parity Computing, Inc. | System and method for matching and assembling records |
| GB2400699B (en) * | 2003-04-17 | 2006-07-05 | Hewlett Packard Development Co | Security data provision method and apparatus and data recovery method and system |
| US9338026B2 (en) | 2003-09-22 | 2016-05-10 | Axway Inc. | Delay technique in e-mail filtering system |
| US7934101B2 (en) * | 2004-04-16 | 2011-04-26 | Cisco Technology, Inc. | Dynamically mitigating a noncompliant password |
| US7673025B2 (en) * | 2004-04-29 | 2010-03-02 | Cisco Technology, Inc. | Controlling access message flow |
| US8266429B2 (en) | 2004-07-20 | 2012-09-11 | Time Warner Cable, Inc. | Technique for securely communicating and storing programming material in a trusted domain |
| US8312267B2 (en) * | 2004-07-20 | 2012-11-13 | Time Warner Cable Inc. | Technique for securely communicating programming content |
| US7715565B2 (en) * | 2004-07-29 | 2010-05-11 | Infoassure, Inc. | Information-centric security |
| US7502466B2 (en) * | 2005-01-06 | 2009-03-10 | Toshiba Corporation | System and method for secure communication of electronic documents |
| US20090210695A1 (en) * | 2005-01-06 | 2009-08-20 | Amir Shahindoust | System and method for securely communicating electronic documents to an associated document processing device |
| JP2006262450A (en) * | 2005-02-17 | 2006-09-28 | Ricoh Co Ltd | Electronic apparatus, information management method, and information management program |
| US20060282681A1 (en) * | 2005-05-27 | 2006-12-14 | Scheidt Edward M | Cryptographic configuration control |
| US20070206786A1 (en) * | 2005-08-31 | 2007-09-06 | Skyetek, Inc. | Rfid security system |
| US8520850B2 (en) | 2006-10-20 | 2013-08-27 | Time Warner Cable Enterprises Llc | Downloadable security and protection methods and apparatus |
| US8732854B2 (en) | 2006-11-01 | 2014-05-20 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
| US7578346B2 (en) * | 2006-11-08 | 2009-08-25 | Schlumberger Technology Corporation | Method of plugging fractured formation |
| US9141819B2 (en) * | 2006-11-08 | 2015-09-22 | International Business Machines Corporation | Encrypted tape access control via challenge-response protocol |
| US8621540B2 (en) | 2007-01-24 | 2013-12-31 | Time Warner Cable Enterprises Llc | Apparatus and methods for provisioning in a download-enabled system |
| US8127133B2 (en) * | 2007-01-25 | 2012-02-28 | Microsoft Corporation | Labeling of data objects to apply and enforce policies |
| WO2009017910A2 (en) * | 2007-06-25 | 2009-02-05 | Vuance, Inc. | Emergency responder credentialing system and method |
| US8352729B2 (en) * | 2008-07-29 | 2013-01-08 | International Business Machines Corporation | Secure application routing |
| US9602864B2 (en) | 2009-06-08 | 2017-03-21 | Time Warner Cable Enterprises Llc | Media bridge apparatus and methods |
| US9866609B2 (en) | 2009-06-08 | 2018-01-09 | Time Warner Cable Enterprises Llc | Methods and apparatus for premises content distribution |
| US20110066851A1 (en) | 2009-09-14 | 2011-03-17 | International Business Machines Corporation | Secure Route Discovery Node and Policing Mechanism |
| US9906838B2 (en) | 2010-07-12 | 2018-02-27 | Time Warner Cable Enterprises Llc | Apparatus and methods for content delivery and message exchange across multiple content delivery networks |
| US9565472B2 (en) | 2012-12-10 | 2017-02-07 | Time Warner Cable Enterprises Llc | Apparatus and methods for content transfer protection |
| US20140282786A1 (en) | 2013-03-12 | 2014-09-18 | Time Warner Cable Enterprises Llc | Methods and apparatus for providing and uploading content to personalized network storage |
| US10368255B2 (en) | 2017-07-25 | 2019-07-30 | Time Warner Cable Enterprises Llc | Methods and apparatus for client-based dynamic control of connections to co-existing radio access networks |
| US9066153B2 (en) | 2013-03-15 | 2015-06-23 | Time Warner Cable Enterprises Llc | Apparatus and methods for multicast delivery of content in a content delivery network |
| US10212144B2 (en) | 2013-03-15 | 2019-02-19 | Assa Abloy Ab | Digital credential with embedded authentication instructions |
| US9313568B2 (en) | 2013-07-23 | 2016-04-12 | Chicago Custom Acoustics, Inc. | Custom earphone with dome in the canal |
| US9621940B2 (en) | 2014-05-29 | 2017-04-11 | Time Warner Cable Enterprises Llc | Apparatus and methods for recording, accessing, and delivering packetized content |
| US11540148B2 (en) | 2014-06-11 | 2022-12-27 | Time Warner Cable Enterprises Llc | Methods and apparatus for access point location |
| US9935833B2 (en) | 2014-11-05 | 2018-04-03 | Time Warner Cable Enterprises Llc | Methods and apparatus for determining an optimized wireless interface installation configuration |
| US9986578B2 (en) | 2015-12-04 | 2018-05-29 | Time Warner Cable Enterprises Llc | Apparatus and methods for selective data network access |
| US9918345B2 (en) | 2016-01-20 | 2018-03-13 | Time Warner Cable Enterprises Llc | Apparatus and method for wireless network services in moving vehicles |
| US10492034B2 (en) | 2016-03-07 | 2019-11-26 | Time Warner Cable Enterprises Llc | Apparatus and methods for dynamic open-access networks |
| US10164858B2 (en) | 2016-06-15 | 2018-12-25 | Time Warner Cable Enterprises Llc | Apparatus and methods for monitoring and diagnosing a wireless network |
| US10645547B2 (en) | 2017-06-02 | 2020-05-05 | Charter Communications Operating, Llc | Apparatus and methods for providing wireless service in a venue |
| US10638361B2 (en) | 2017-06-06 | 2020-04-28 | Charter Communications Operating, Llc | Methods and apparatus for dynamic control of connections to co-existing radio access networks |
| US11005971B2 (en) * | 2018-08-02 | 2021-05-11 | Paul Swengler | System and method for user device authentication or identity validation without passwords or matching tokens |
| CN110688341B (en) * | 2019-09-25 | 2021-01-29 | 支付宝(杭州)信息技术有限公司 | Method and device for realizing efficient contract calling on FPGA (field programmable Gate array) |
| CN112866226B (en) * | 2021-01-12 | 2023-03-10 | 中国工商银行股份有限公司 | Network security protection method and device |
| CN113051576A (en) * | 2021-03-31 | 2021-06-29 | 联想(北京)有限公司 | Control method and electronic device |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4218582A (en) * | 1977-10-06 | 1980-08-19 | The Board Of Trustees Of The Leland Stanford Junior University | Public key cryptographic apparatus and method |
| US4405829A (en) * | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
| US4424414A (en) * | 1978-05-01 | 1984-01-03 | Board Of Trustees Of The Leland Stanford Junior University | Exponentiation cryptographic apparatus and method |
| US4864616A (en) * | 1987-10-15 | 1989-09-05 | Micronyx, Inc. | Cryptographic labeling of electronically stored data |
| JPH0622345B2 (en) * | 1988-01-14 | 1994-03-23 | 東京電力株式会社 | Mobile communication system |
| US4984272A (en) * | 1988-11-30 | 1991-01-08 | At&T Bell Laboratories | Secure file handling in a computer operating system |
| US5052040A (en) * | 1990-05-25 | 1991-09-24 | Micronyx, Inc. | Multiple user stored data cryptographic labeling system and method |
| US5204961A (en) * | 1990-06-25 | 1993-04-20 | Digital Equipment Corporation | Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols |
| US5040210A (en) * | 1990-07-30 | 1991-08-13 | Arena Recreations (Toronto) | Lockable tape cassette control system |
| US5231666A (en) * | 1992-04-20 | 1993-07-27 | International Business Machines Corporation | Cryptographic method for updating financial records |
-
1993
- 1993-01-27 US US08/009,741 patent/US5369707A/en not_active Expired - Lifetime
- 1993-07-23 CA CA002101198A patent/CA2101198A1/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| US5369707A (en) | 1994-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5369707A (en) | Secure network method and apparatus | |
| US5680452A (en) | Distributed cryptographic object method | |
| US5898781A (en) | Distributed cryptographic object method | |
| AU681822B2 (en) | A method for providing blind access to an encryption key | |
| US5375169A (en) | Cryptographic key management method and apparatus | |
| Feistel et al. | Some cryptographic techniques for machine-to-machine data communications | |
| US6802013B1 (en) | Cryptographic access and labeling system | |
| AU676107B2 (en) | Method for providing mutual authentication of a user and a server on a network | |
| US7140044B2 (en) | Data security system and method for separation of user communities | |
| US6981141B1 (en) | Transparent encryption and decryption with algorithm independent cryptographic engine that allows for containerization of encrypted files | |
| US7146644B2 (en) | Data security system and method responsive to electronic attacks | |
| US20090138944A1 (en) | Method and apparatus for camouflaging of data, information and functional transformations | |
| EP1374464B1 (en) | Method and apparatus for camouflaging of data, information and functional transformations | |
| CN113836558A (en) | File encryption method, device and file decryption method | |
| US6088456A (en) | Data encryption technique | |
| JP2002539545A (en) | Anonymization method | |
| US10402573B1 (en) | Breach resistant data storage system and method | |
| Kou | Networking security and standards | |
| Prajanati et al. | Image Security Enhancement on Cloud Storage using AES Algorithm | |
| Barksdale et al. | Network Security | |
| EP3639176A1 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
| Goldstein | Secure SPARCOM: A new approach for database cryptography. Tackling the privileged insider access problem | |
| Friedlob et al. | An auditor's primer on encryption | |
| Longley | DAC.(1) Data authentication code. Syno | |
| Devkar et al. | SMS ENCRYPTION AND DECRYPTION |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |