Patent #6,049.612

File Encryption Method and System

ABSTRACT

A file security system is disclosed in which both a deterministic, non-predictable, pseudo-random, symmetric encryption key and an encrypted information file are highly resistant to cryptographic analysis or brute force trial-and-error attacks. The encryption key is formed by first combining a constant value and a secret E-Key Seed in accordance with a logic, algebraic, and/or encryption function to shuffle bits and perform a first many-to-few bit mapping to provide a first pseudo-random result, and by operating upon the result with a secure one-way hash algorithm to perform a second many-to-few bit mapping and thereby provide a pseudo-random message digest. The message digest may be truncated to provide a deterministic encryption key. The information file to be protected is then encrypted with the encryption key, and thereafter the encryption key is destroyed by the file manager of the host system. The encrypted information file and the constant value then are concatenated, and the result is operated upon by a secure hash algorithm to provide a message integrity code. The constant value and a constant value checksum are inserted as headers at the beginning of the encrypted file, and the message integrity code, a redundant constant value, and a redundant constant value checksum are added as trailers at the end of the encrypted file. Any alteration of the encrypted file is reflected by the message integrity code. If a comparison of the constant value and redundant constant value indicates a match, the encryption key may be regenerated. If no match occurs, the checksums are tested to determine which of the constant value and redundant constant value is correct in order to regenerate the encryption key.

WHAT IS CLAIMED IS:

A method of protecting an information file from unauthorized access, which comprises the following steps:

combining a constant value and a secret plural bit sequence in accordance with an algebraic function to shuffle bits, perform a first many-to-few bit mapping, and produce a first pseudo-random result;
performing a secure hash operation on said first pseudo-random result to effect a second many-to-few bit mapping and produce a second pseudo-random result;
extracting a pseudo-random, symmetric encryption key from said second pseudo-random result;
encrypting said information file in accordance with said pseudo-random, symmetric encryption key to form an encrypted information file; and
concatenating said constant value to a beginning of said information file.

A Vigenère Square with custom alphabet.
Image courtesy of Peter Drubetskoy peter@skyredoubt.com. See more of Peter's work at www.skyredoubt.com

The Vigenère Square

By extending the Vigenère Square with a new custom alphabet, users continue operating with a tried and true method with increased security, without the cost and risk of changeover. PACid extends today's encryption techniques in the same way, reducing risks while saving costs.