The present invention, generally speaking, provides a data security method and apparatus that provides an exceptional degree of security at low computational cost. The data security arrangement differs from known data security measures in several fundamental aspects. Most notably, the content of the message is not sent with the encrypted data. Rather, the encrypted data consists of pointers to locations within a virtual matrix, a large (arbitrarily large), continuously-changing array of values. The encryption technique is therefore referred to as Virtual Matrix Encryption. Furthermore, the data security arrangement uses a very large key of one million bits or more which creates a level of security much higher than any other existing method. The key is not transferred but is instead created from a file of any size that is available on both a computer used to send a secure message and a computer used to receive a secure message. The term Virtual Key Cryptographic as used herein to refer to techniques in which a key is recreated at a remote location from an electronic file without any transmission of the key itself. The file may be a system file, a file downloaded from the Internet, etc. A smaller, transaction-specific key, e.g., a 2,048 bit key, is sent end-to-end and is used in conjunction with the very large key to avoid a security hazard in instances where the same file is used repeatedly to create the very large key. A single byte may be encrypted many, many times, each successive result being passed to another algorithm in what may be regarded as a random path determined by reseeding of a random number generator at various junctures using values from the very large key, the smaller key and various other user supplied parameters, including, for example, source user, destination user, file name, save-as file name, and description. An optional higher level of security is available. If the message is secured using the same string as the file name and save-to file name, then when unlocking is attempted the first time, the original file will be overwritten, affording only a single opportunity for the message to be unlocked. A message may be secured in accordance with various options specifying an intended audience, including "global," "specific" and "private" options. "Global" allows anyone having a copy of the data security software to decrypt the message providing that person has the correct keys and is able to supply parameters matching those with which the message was secured. "Group" allows the possibility of successful decryption by any of a number of users within a group identified by its members having copies of the software program with a common prefix. "specific" allows only a user having a particular numbered copy of the software program to decrypt. Finally, "private" allows decryption only by the same software copy used to secure the message originally. Without the correct keys and parameters, it is impossible for the message to be unlocked. The present invention further enhances security by allowing definition of a date range where the data can be decrypted correctly, hence preventing lengthy efforts to break the code by brute computational force.

Next: Brief of the drawing

References Cited / Other References | Claims | Background of the invention | Summary of the invention | Brief of the drawing | Detailed description of the preferred embodiments

[top]