Method and system for securing data
11438156 · 2022-09-06
Assignee
Inventors
Cpc classification
G06F21/6209
PHYSICS
H04L9/3033
ELECTRICITY
International classification
H04L9/00
ELECTRICITY
H04L9/30
ELECTRICITY
Abstract
A method of encrypting and storing a data item; said method comprising: a data encryption step wherein the data item is encrypted to form an encrypted data item; a mathematical disassembly step wherein the encrypted data item is mathematically disassembled into two or more encrypted data item component parts comprising at least a first component part and a second component part; storing at least a one of the component parts at a location separate from the others of the component parts.
Claims
1. A method of securing a data item N; said data item in the form of a data item character string; for secure storage of a representation of the data item; the method comprising the steps of: a. importing receiving, from a client device via a communication network, the character string comprising the data item at a first server, wherein the data item comprises transaction information corresponding to a transaction associated with a user of the client device; b. applying a first algorithm having at least a first data item argument to the data item character string thereby to form a first modified data item character string; c. applying a second algorithm having at least a second data item argument to the first modified character string whereby the first modified data item character string is embedded in a second modified data item character string; said second modified data item character string in the form of a first data item prime number; d. selecting a second data item prime number different from said first data item prime number; e. defining at least the first data item prime number as a data item private key in respect of the data item; defining the product of the first data item prime number and the second data item prime number as a data item public key in respect of the data item, wherein the data item public key is stored on a second server; f. deleting the data item character string from the first server; g. maintaining, at the first server, a data record associating the first data item prime number, the first algorithm and the second algorithm whereby the data item can be calculated by supply of arguments to the first algorithm and the second algorithm.
2. The method of claim 1 wherein an argument is the data item public key.
3. The method of claim 1 wherein an argument is the data item private key.
4. The method of claim 1 wherein an argument is the second data item argument.
5. The method of claim 1 wherein an argument is the first data item argument.
6. The method of claim 4 wherein the second data item argument is the numerical value delta.
7. The method of claim 5 wherein the first data item argument is an ASCII look up table.
8. The method of claim 1 wherein the first algorithm converts the character string into a numeric string.
9. The method of claim 1 wherein the second algorithm adds a numerical value delta to the first modified character string in order to form the second modified character string.
10. The method of claim 1 wherein in particular forms the algorithm is irreversible such that the data item character string 16 input into the algorithm 17 cannot be obtained merely having possession of one or other of others of the arguments of the algorithm.
11. A distributed encryption system comprising at least a primary server and a secondary server, wherein the system is configured to at least: primary server, from a client device via a communication network, a data item comprising transaction information corresponding to a transaction associated with a user of the client device; expand and obfuscate the data item to form an obfuscated string; encrypt the obfuscated string using a symmetric encryption key to form an encrypted string; progressively add a string of packing data to the encrypted string until a resulting data string is computationally equivalent of a nearest prime number which is then defined as an initial prime number; generate an additional prime number of similar length and use the initial prime number and the additional prime number to generate a public key using a predetermined public key algorithm store at least a first one of the symmetric encryption key and, the string of packing data, the public key, and the additional prime number at the primary server and store at least a second one of the symmetric encryption key and, the string of packing data, the public key, and the additional prime number at a secondary server.
12. The distributed encryption system of claim 11 wherein the initial prime number is deleted from memory and not stored.
13. The distributed encryption system of claim 11, wherein the symmetric encryption key and the string of packing data are stored on the primary server; the public key is stored on the secondary server; and the additional prime number is stored on a tertiary server.
14. The distributed encryption system of claim 11 wherein when the data is to be decrypted, a. the public key and additional prime number are retrieved from their respective servers; b. the public key is used in combination with the additional prime number are used to calculate the initial prime number using the predetermined public key algorithm; c. the stored string of packing data is then subtracted from the resulting prime number and the resulting encrypted string is decrypted using the symmetric encryption key that was stored on the primary server and; d. desired target data is de-obfuscated from the resulting expanded obfuscated data string using reverse of obfuscation rules used initially to originally obfuscated the data.
15. A data encryption system memory storing computer-executable instructions that cause the one or more processors to at least: receive a data string from a client device via a communication network, the data string comprising transaction information corresponding to a transaction associated with a user of the client device; encrypt the data string using an encryption key in order to produce an encrypted data string; pad the encrypted data string to expand the encrypted data string so as to produce a nearest prime number to the encrypted data string; and select a second similar length prime number so as to create a private key pair; the product of the private key pair producing a public key; and storing at least two of the public key, the second prime number of the key pair, the padding data, and the encryption key at different locations selected from the plurality of servers.
16. The system of claim 15 wherein the public key and the second prime number of the private key pair are stored separately as well as the padding data and the encryption key.
17. The system of claim 16 wherein the individual components would be stored in separate locations.
18. The system of claim 15 wherein never would all of the components be stored in the same location.
19. The system of claim 15 wherein the components must be stored in a minimum of two locations but the more different locations used the more secure the system would be.
Description
BRIEF DESCRIPTION OF DRAWINGS
(1) Embodiment of the present invention will now be described with reference to the accompanying drawings wherein:
(2)
(3)
(4)
(5)
(6)
(7)
(8)
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
(9) Broadly in one embodiment there is disclosed a method of encrypting and storing a data item; said method comprising:
(10) a data encryption step wherein the data item is encrypted to form an encrypted data item;
(11) a mathematical disassembly step wherein the encrypted data item is mathematically disassembled into two or more encrypted data item component parts comprising at least a first component part and a second component part;
(12) storing at least a one of the component parts at a location separate from the others of the component parts.
(13) In a preferred form the location separation is by logical memory separation whereby the at least a first component part is stored in a first logical memory and the at least a second component part is stored in a second logical memory.
(14) In an alternative preferred form the location separation is by use of separate servers whereby the at least a first component part is stored in a first server and the at least a second component part is stored in a second server.
(15) In a particular preferred form the location separation is by geographic separation whereby the at least a first component part is stored in a first geographic location and the at least a second component part is stored in a second geographic location and wherein the first geographic location is geographically separated from the second geographic location.
(16) In yet a further particular form the location separation is geographic separation of separate servers, each server holding different ones of the component parts forming the encrypted data item.
(17) Broadly in a further embodiment there is disclosed a method of securing a data item N; said data item in the form of a data item character string; for secure storage of a representation of the data item; the method comprising the steps of:
(18) importing the character string comprising the data item into a first environment;
(19) applying a first algorithm having at least a first data item argument to the data item character string thereby to form a first modified data item character string;
(20) applying a second algorithm having at least a second data item argument to the first modified character string whereby the first modified data item character string is embedded in a second modified data item character string; said second modified data item character string in the form of a first data item prime number;
selecting a second data item prime number different from said first data item prime number;
defining at least the first data item prime number as a data item private key in respect of the data item; defining the product of the first data item prime number and the second data item prime number as a data item public key in respect of the data item;
deleting the data item character string from the first environment;
maintaining a data record associating the first data item prime number, the first algorithm and the second algorithm whereby the data item can be calculated by supply of arguments to the first algorithm and the second algorithm.
(21) In a preferred form an argument is the data item public key.
(22) In alternative preferred form an argument is the data item private key.
(23) In an alternative preferred form an argument is the second data item argument.
(24) In an alternative preferred form an argument is the first data item argument.
(25) In an alternative preferred form the second data item argument is the numerical value delta.
(26) In an alternative preferred form the first data item argument is an ASCII look up table.
(27) In an alternative preferred form the first algorithm converts the character string into a numeric string.
(28) In an alternative preferred form the second algorithm adds a numerical value delta to the first modified character string in order to form the second modified character string.
(29) In a particular preferred form the second environment 21 is separated from the first environment 20 by virtue of the second environment being located at a location which is a remote location from the location of the first environment.
(30) In a further particular preferred form the second environment 21 is logically separated from the first environment 20.
(31) With reference to
(32) In preferred forms the data item 11 is in the form of a data item character string 13. In preferred forms at least a first algorithm 14 is applied to the data item character string 13 thereby to produce a first modified data item character string 16 as an output of the at least a first algorithm 14. Preferably the first algorithm 14 is in the form of a mathematical function having at least a first data item primary argument 13A and having at least a first data item secondary argument 15. In preferred forms the first data item primary argument 13A is the data item character string 13.
(33) In preferred forms at least a second algorithm 17 is applied to the data item character string 13 thereby to produce a second modified data item character string 19 as an output of the at least a second algorithm 17. Preferably the second algorithm 17 is in the form of a mathematical function having at least a second data item primary argument 16A and having at least a second data item secondary argument 18. In preferred forms the second data item primary argument 16A is the first modified data item character string 16, (which is to say the data item character string 13 after it has been modified by application of an algorithm previous to application of the at least a second algorithm 17). In this instance it has been modified by application of the at least a first algorithm 14 applied to the data item character string 13.
(34) In preferred forms an argument is dynamically created immediately prior to its application to an algorithm.
(35) In preferred forms each secondary argument is dynamically created immediately prior to its application to an algorithm.
(36) In preferred forms at least some of the secondary arguments are dynamically created immediately prior to their application as an input to an algorithm.
(37) In a preferred form the algorithms are applied to the data item character string within a first environment 20. In preferred forms, once the algorithms have been applied, one or more of the arguments are stored in a second environment 21.
(38) In a preferred form at least one of the primary arguments is stored in the second environment. In a preferred form at least one of the primary arguments is stored in the second environment and then deleted from the first environment.
(39) In a preferred form at least one of the secondary arguments is stored in the second environment. In a preferred form at least one of the secondary arguments is stored in the second environment and then deleted from the first environment.
(40) In a preferred form at least a first algorithm 14 and a second algorithm 17 is applied consecutively to the data item character string 13. In a preferred form at least one primary argument and at least one secondary argument is stored in the second environment after application of the at least a first algorithm 14 and at least a second algorithm 17 to the data item character string 13.
(41) The process described immediately above may be repeated.
(42) In a preferred form the at least one primary argument and the at least one secondary argument is deleted from the first environment after storage in the second environment.
(43) In preferred forms the second environment 21 is separated from the first environment 20. In preferred forms the second environment 21 is separated from the first environment by virtue of the second environment being located at a location which is a remote location from the location of the first environment.
(44) In preferred forms the second environment 21 is logically separated from the first environment 20. Preferably those outputs or arguments which are stored in the second environment are then deleted from the first environment.
(45) Preferably the data item 11 including the data item character string 13 is deleted from the first environment once one or more of the algorithms have been applied.
(46) Preferably the data item 11 including the data item character string 13 is deleted from the first environment once one or more of the algorithms have been applied and once one or more of the outputs of the algorithms or arguments are stored in the second environment 21.
(47) When it is desired to recover the information 12 that was contained in the data item 11 the above described process is reversed. The first step in the reversal is to bring to the one location the outputs of the algorithms or arguments stored in the first environment 20 and the second environment 21. The arguments are then applied to the algorithms to reverse the process whereby the data item 11 is recovered for use.
(48) In some embodiments the above described process is reapplied to the data item 11 after it has been used thereby to secure the information 12 contained in it once more for a potentially indefinite period of time.
(49) It is to be noted that embodiments to be described are not merely a higher level of encryption with the ‘keys’ distributed. The data is deconstructed and recreated using algorithms that require several stored pieces of segregated information to be brought together before the algorithms can be processed.
(50) With reference to
(51) In particular forms the algorithm is such that the data item character string 16 input into the algorithm 17 cannot be obtained merely having possession of one or other of E or F or D.
(52) In the examples given a first and a second algorithm are applied. Additional algorithms may be applied to form a longer sequence as indicated by additional algorithms 22, 23 in
First Preferred Embodiment
(53) With reference to
(54) Preferably an argument is the data item public key.
(55) Preferably an argument is the data item private key.
(56) Preferably an argument is the second data item argument.
(57) Preferably an argument is the first data item argument.
(58) Preferably the second data item argument is the numerical value delta.
(59) Preferably the first data item argument is an ASCII look up table.
(60) Preferably the first function converts the character string into a numeric string.
(61) Preferably the second function/algorithm adds a numerical value delta to the first modified character string in order to form the second modified character string.
(62) With reference to
(63) The secondary prime number 15 and the encryption key 19 that was used to encrypt the data to be protected 13 are stored on the main process server 12. The initial prime number 14 and the secondary prime number 15 are combined to produce a public key using public key techniques known in the art and is then stored 17 on a remote server 16 along with the differential 18 between the encrypted data 13 and the initial prime number 14.
(64) After the storage of the components 17 18 on the secondary server 16 are confirmed, the original encrypted data 13 encased in a prime number 14 are deleted from memory.
(65) When a request is made to decrypt the protected data, the secondary server 16 is used to send the public key 17 along with the differential 18 to the primary server 12 to be de-obfuscated and decrypted. At the primary server 12 the stored prime number 15 is applied to the public key 17 to retrieve the initial prime number 14. The differential 18 is then applied to the initial prime number 14 resulting in the encrypted original data set 13. The locally stored encryption key 19 is then used to decrypt the protected data to its unencrypted state 21.
(66) In the example embodiment the main server is used for storing the encryption key of the data to be protected as well as the secondary prime number that is later used in the deobfuscation process. A second server is used to store a public key generated from the initial prime number and the secondary prime number as well as the differential between the first prime number and the data in its encrypted state. An alternative embodiment could see any of the key components stored at any accessible location on any number of remote servers as long as the components can be retrieved.
Second Preferred Embodiment
(67) With reference to
(68) It is important to note that the later solution is not merely a higher level of encryption with the ‘keys’ distributed, the data is deconstructed and recreated using algorithms that requires several stored pieces of segregated information to be brought together before the algorithms can be processed.
(69) The example embodiment uses public key encryption techniques to obfuscate and allow the secure distribution of key components for later recompilation and decryption. An alternative embodiment could use a nonpublic key encryption system such as Shamir's Secret Sharing algorithm which is known in the art. In this alternative embodiment the encrypted data still has a prime number applied to it however rather than generating a secondary prime number using public key methods the prime number is applied as a salt to the encrypted data to produce random points on a mathematical line. In this model at least two locations are required to distribute the random points. So the locations are stored on separate servers and the salt is stored on one of the servers. In yet another alternate embodiment an indefinite number of random points can be stored on an indefinite number of locations.
Example 1—Small Data Encryption
(70) With reference to
(71) To create encrypted distributed secure data:
(72) The user will enter data items 11 including a username (U1), vault name (VN1) unencrypted credentials (UC1) (e.g. a credit card number), transaction type (TT1) and transaction reference (TR1), at least one of which data items 11 includes information 12 which is to be secured. In this instance the information 12 is within the unencrypted credentials 13 (UC1).
(73) The system will generate one or more arguments 15, 18 in this instance including a random vault ID (ID1), prime number (P1) and symmetric key (K1) at least some of which will be used as arguments for at least a first and a second algorithms or functions 14, 17 operating consecutively on the information 12.
(74) The system will execute algorithms or functions 14, 17 in a predetermined order, in this instance comprising firstly padding the unencrypted credentials 13 (UC1) with random data (as argument), to create padded unencrypted credentials (PUC1).
(75) The system will then apply at least a second algorithm 17 in this instance an encryption algorithm in order to encrypt the padded unencrypted credentials (PUC1) with the at least second data item argument 18 in this instance in the form of the symmetric key (K1) to create an encrypted string (ES1).
(76) In this instance a yet further function or algorithm is applied whereby the encrypted string (ES1) will be converted or mapped to a large integer (LI1) via ASCII translation table (used as argument to the mapping function).
(77) In this instance a yet further function or algorithm is applied whereby the system will use the prime number (P1) as argument and an algorithm to split the large integer (LI1) into two or more parts (SP1 . . . n). In one form the function is based on Shamir's algorithm.
(78) The system will then separate one or more of the arguments and outputs of the functions or algorithms into separate remote locations. In this particular instance the system will store the vault ID (ID1), the first part (SP1) and the symmetric key (K1) and Prime number (P1) within the database store.
(79) The system will return the ID (ID1), the remaining parts (SP2 . . . n) to a different location.
(80) To retrieve data from the encrypted distributed system:
(81) The user will submit the ID (ID1), the transaction type (TT1), the parts (SP2 . . . n)
(82) The system will retrieve the prime number 1 (P1), part 1 (SP1) and the symmetric key (K1) via the user supplied vault ID (ID1)
(83) The system will use (P1) and the parts (SP1 . . . n) to rebuild the large integer (LI1)
(84) The large integer (LI1) will be converted to the encrypted string (ES1) via ASCII translation table
(85) The system will decrypt to the padded unencrypted credentials (PUC1) with the symmetric key (K1)
(86) The system will remove the padding to produce the unencrypted credentials (UC1)
(87) The system will check the transaction type (TT1) to determine if another offline vault should be generated
(88) The unencrypted credentials (UC1) will be returned to the user, along with another offline vault if applicable.
Example 2—Large Data Encryption
(89) With reference to
(90) To create encrypted distributed secure data:
(91) The user will enter a username (U1), vault name (VN1) unencrypted credentials (UC1) (e.g. a photo), transaction type (TT1) and transaction reference (TR1)
(92) The system will generate a random vault ID (ID1), prime number (P1), two symmetric keys (K1) (K2)
(93) The system will determine that the unencrypted credentials (UC1) are of a large type.
(94) The system will encrypt the unencrypted credentials (UC1) with the symmetric key (K1) to create encrypted data (ED1)
(95) The system splits encrypted data (ED1) into two parts taking the first 100 bytes (FBD1) and remaining (RBD1)
(96) The system will pad the symmetric key (K1) with random data, to create padded unencrypted key (PUK1)
(97) The system will encrypt the padded unencrypted key (PUK1) with the symmetric key (K2) to create an encrypted string (ES1)
(98) The encrypted string (ES1) will be converted to a large integer (LI1) via ASCII translation table
(99) The system will use the prime number (P1) and an algorithm to split the large integer (LI1) into two or more parts (SP1 . . . n)
(100) The system will store the vault ID (ID1), the first part (SP1) and the symmetric key (K2), Prime number (P1) and remaining data bytes (RBD1) within the database store
(101) The system will return the vault ID (ID1), the remaining parts (SP2 . . . n), and the first bytes of data (FBD1)
(102) To retrieve data from the encrypted distributed system:
(103) The user will submit the vault ID (ID1), the transaction type (TT1), the parts (SP2 . . . n), and the first bytes of data (FBD1)
(104) The system will retrieve the prime number 1 (P1), part 1 (SP1), the symmetric key (K2) and remaining data bytes (RBD1) via the user supplied vault ID (ID1)
(105) The system will use (P1) and the parts (SP1 . . . n) to rebuild the large integer (LI1)
(106) The large integer (LI1) will be converted to the encrypted string (ES1) via ASCII translation table
(107) The system will decrypt to the padded unencrypted key (PUK1) with the symmetric key (K2)
(108) The system will remove the padding to produce the unencrypted Key (K1)
(109) The system will merge the first bytes of data (FBD1) with the remaining bytes of data (RBD1) to create encrypted data (ED1)
(110) The system will use unencrypted key (K1) on encrypted data (ED1) to produce unencrypted credentials (UC1)
(111) The system will check the transaction type (TT1) to determine if another offline vault should be generated
(112) The unencrypted credentials (UC1) will be returned to the user, along with another offline vault if applicable.
(113) In Use
(114)
(115) In this instance a user 201 provides credit card details 202 to an entity 203 for the purpose of receiving goods or services. In the instance where the entity 203 may require access to the credit card details 202 again or at some future time the entity 203 may enlist the system 10 of the present application to secure the credit card details 202. In order to do this, the entity 203 may cause the credit card details 202 to be subject to the algorithms 14, 17 and securing process of one or more of the above described embodiments thereby to cause arguments 202A and 202B to be stored in separate locations 206 and 207 respectively. The credit card details 202 may be entirely deleted once the securing process is completed.
(116) In the event the entity 203 wishes to recover the credit card details 202 in order to, for example, make use of them to trigger a periodic payment to entity 203 authorized by user 201 the entity 203 causes the arguments 202A and 202B to be brought into a computing environment 204 whereby the credit card details 202 are recreated and, in this instance, caused to trigger an offline or ‘card not present’ transaction at the computing environment 204 whereby funds 205 are caused to be transferred from a user account 201A to the entity account 203A.
(117) In some instances, the computing environment 204 may be an environment 206, 207 in which the arguments 202A or 202B have been stored. In an alternative form the computing environment 204 may be an entirely separate environment. In one example the entirely separate environment may be an EFTPOS terminal. In an alternative form computing environment 204 may be a distributed computing environment.
(118) Action in the Event of Breach of an Environment
(119) In the event it is determined that an environment has become compromised—for example if it is determined that unauthorized access has been obtained to arguments 202A in environment 206 or arguments 202B in environment 207 a preferred procedure is to instigate deletion of the arguments in environment which has not been determined as compromised. In this way it becomes exceedingly difficult to reconstruct the credit card details 202 from only the arguments from the compromised environment.
(120) In particular forms the algorithms 14, 17 may be selected such that the arguments output by the algorithms in no circumstance can be reversed without the corresponding secondary argument.
Alternative Embodiments
(121) In the example embodiment the source of the data to be encrypted is a client device e.g. mobile phone. In an alternative embodiment the source data could come from anywhere.
(122) In all of these alternative embodiments additional padding of the initial data can be used to further expand obfuscation options.
(123) In the alternative embodiments already described the data to be protected is typically less than 300 bytes. The generation of prime numbers of this size is relative easy but becomes harder as the size of the data increases beyond this. An alternative embodiment could apply the processes already described to a subset of the initial encrypted data. Ideally the subset would be of a size and location in the data that would make it just as laborious as a brute force attack.
(124) In yet another alternative embodiment a large data chunk could be broken up into multiple parts and have the same technique applied.