Bcencryption (BCE) - a public-key based method to encrypt a data stream

Abstract

A system and method for a web browser to convert an unencrypted character string into a cipher-text string combines a public-key encryption algorithm with a unique and constantly changing salt key. A private “server-key”, a public “client-key” and a server session ID are generated by the server, and the client-key and the session ID are sent to the browser with the code used to encrypt the message. The session-based string can be a randomly generated set of characters which changes between established user sessions and the salt key can be formed from the server session ID string. The server contains the matching code necessary to decrypt the stream using the private key.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an RSA public key/private key RSA authentication scheme according to the prior art;

FIG. 2 illustrates an encryption method employing a rolling salt key based on a session ID, according to an embodiment of the invention;

FIG. 3 is a flowchart illustrating steps for an encryption method employing a rolling salt key based on a session ID string, according to an embodiment of the invention;

FIG. 4 is a flowchart illustrating details of steps whereby a salt key is created from a session ID string and used in an encryption step, according to an embodiment of the invention; and

FIG. 5 is a flowchart illustrating details of steps whereby a salt key created from a session ID string is used in an unencryption step, according to an embodiment of the invention.

Claims

1. A method of encrypting a data stream, comprising the steps of: providing a web browser;providing an application server;providing a communication channel;providing a data stream comprising an unencrypted text string, which string is further comprised of unencrypted text characters having numerical representations, mi;providing a public client key, a modulus and a server session ID string, wherein at least the public client key and session ID string are generated by the server;converting the unencrypted text string into a cipher-text string using a salt key, a public-key algorithm, the public client-key and the modulus, wherein the salt key is formed from the server session ID string.

2. The method of claim 1, further comprising: sending the public client key, the modulus and the session ID string across the communication channel to the browser together with an encryption code for encrypting each character of the unencrypted text string into at least one corresponding 3-digit cipher-text element.

3. The method of claim 1 further comprising using client-side JavaScript in the browser to implement encryption.

4. The method of claim 2, further comprising: providing a private server key;maintaining the private key on the server;transmitting at least one cipher-text element from the browser to the server; anddecrypting the cipher-text element using the public-key algorithm, the private key, the modulus and the salt key.

5. The method of claim 4, wherein the public key algorithm is the RSA public key algorithm and modulus, n, private key, d, and salt key, s, are used to recover at least one character m from at least cipher-text element, c, whereby m′=cd mod n and m=m′−s.

6. The method of claim 1, further comprising, within the step of converting the unencrypted text string into a cipher-text string, wherein the salt key is a number, s, representative of a character from the session ID added to the message m: creating an interim cipher-message element, m′, whereby m′=m+s, and converting m′ to a 3-digit cipher-text sequence.

7. The method of claim 2, further comprising padding two leading zeros when the cipher-text element is less than 10 and one leading zero when the cipher-text element is less than 100.

8. The method of claim 1, wherein a first salt key is a number representative of the first character of the session ID string.

9. The method of claim 1, wherein a first salt key is an ASCII decimal representation of any alphanumeric character of the session ID and the client and server contract or exchange information to specify the starting location for the first salt key in the session ID sequence.

10. The method of claim 6, further comprising, within the step of converting the unencrypted text string into a cipher-text string, rolling the salt key derived from the session ID string by taking a number representative of each successive alphanumeric character in the session ID string as a next salt value, si, for creating each successive interim message element m′i, whereby m′i=mi+si.

11. The method of claim 1, wherein the step of providing a server session ID string further comprises generating the session ID string as a randomly generated set of characters, which session ID string changes between established user sessions.

12. The method of claim 1, wherein the public client key is generated on the server and sent to the client.

13. The method of claim 2, wherein the conversion of each character of the unencrypted text string into a cipher-text element is unique with respect to that cipher-text element and the cipher-text element is only able to be unencrypted using a private key, the private key being stored on the application server.

14. The method of claim 13, wherein the server contains the matching code necessary to decrypt the stream using the private key.

15. The method of claim 8 further comprising, when converting the unencrypted text string of a target message and as each next unencrypted text character of a target message is encountered: converting each unencrypted text character to a next ASCII decimal number, m′i, representing said character,converting a next session ID alphanumeric character to its corresponding ASCII decimal value, which value is the next salt value, si;encrypting each next unencrypted text character to a cipher-text sequence, ci, using the next salt value, whereby m′i=mi+si and ci=(m′i)e mod n and storing ci as a next element of a cipher-text string in memory,restarting at the first session ID character in the session ID string if the end of the session ID is reached prior to completing the target message,skipping, during the creation of a next salt value, si, any non-alphanumeric characters embedded within the session ID string; andtransmitting the cipher-string when the end of the target message is reached.

16. A method for establishing cryptographic communications comprising the step of: encoding a digital message word signal M to a ciphertext word signal C, where M corresponds to a number representative of a message word or character and 0<M<n−1 where n is a composite number of the form n=p·q where p and q are prime numbers, and where C is a number representative of an encoded form of message word signal M, wherein said encoding step comprises the step of: transforming said message word signal M to an interim word signal M′ by salting M with a number representative of one or more alphanumeric characters of a session ID string and then further transforming M′ to said ciphertext word signal C whereby C=(M′)e (mod n), where e is a number relatively prime to (p−1)·(q−1).

17. The method of claim 16, wherein the step of transforming message word signal M to M′ is an iterative process for a plurality of numbers representative of message characters mi that compose message word signal M whereby each number mi is transformed to a corresponding interim message number m′i by concatenation with a rolling salt key si whereby m′i=mi+si.

18. The method according to claim 17 comprising the further step of: decoding said ciphertext word signal C to said message word signal M, wherein said decoding step comprises the step of: transforming said ciphertext word signal C, whereby: m′=cd (mod n) where d is a multiplicative inverse of e(mod(lcm((p−1), (q−1)))); and mi=m′i−si; and message word signal M is recovered from the iterative generation of successive message characters mi concatenated to form message word signal M.

19. The method of claim 16 where said encoding step includes the step of transforming M to C by the performance of a first ordered succession of invertible operations on M, wherein at least one step is transforming M to M′ by concatenating M with a rolling salt key derived from the session-ID string; and further comprising the step of: decoding C to M by the performance of a second ordered succession of invertible operations on C, where each of the invertible operations of said second succession is the inverse of a corresponding one of said first succession, and wherein the order of said operations in said second succession is reversed with respect to the order of corresponding operations in said first succession.

20. The method of claim 1 or 23, wherein the session-ID string has greater than 20 alphanumeric characters.

21. The method of claim 23, where n, p, q, e and d are chosen to not overload the computational capability of the browser during the encryption step.

22. A cryptographic method, comprising combining an asymmetric algorithm or public-key encryption approach with a rolling salt key to encrypt a data stream between an HTTP client and an HTTP application container using a client-side and server-side coding pair.

23. The method of claim 22 wherein the rolling salt key is derived from a session based ID string.

24. A cryptographic communications system, comprising: a communications channel;an encoding means coupled to the channel and adapted for transforming a transmit message element m to a ciphertext element C and for transmitting C on the channel, where m corresponds to a number representative of a message character and 0≦m≦(n−1), where n is a composite number of the form n=p·q where p and q are prime numbers, and where C corresponds to a number representative of an enciphered form of the message element and corresponds to C=(m′)e (mod n) where e is a number relatively prime to the least common multiple of (p−1,q−1) and where m′=m+s, s being a current salt value, anda decoding means coupled to the channel and adapted for receiving C from said channel and for transforming C to a receive message element M′, where M′ corresponds to a number representative of a deciphered form of C and corresponds to M′≡cd(mod n) where d is a multiplicative inverse of e(mod(lcm((p−1),(q−1)))),a session ID unique to a communications session, the session ID having a sequence of at least one alphanumeric character,wherein s is an ASCII decimal representation of a character in the session ID string, andwherein, as each successive transmit message character is encountered, the next character in the session ID string is used to form the current salt value.

25. The system of claim 24 further comprising: means for transmitting said cipher-text c from a first terminal to a second terminal, and wherein said second terminal includes means for decoding said cipher-text c to a message m, said second terminal including: means for transforming said ciphertext word signal c to said message word signal m′, whereby m′=cd mod n and m′=m+s, wherein s is a salt value added to message m upon an earlier encryption step.

26. The system of claim 24 wherein said encoding means further comprises: means for transforming said message character m to one or more interim ciphertext elements m′, each message character m corresponding to a number representative of a portion of said interim ciphertext element in the range 0<m<(n−1), and means for transforming each of said interim cipher-text element m′ to a cipher-text element c, c corresponding to a number representative of an encoded form of said interim cipher-text element m′, whereby c=(m′)e mod n.

27. The system of claim 26 further comprising: means for transmitting said signed cipher-text element c or a plurality of such elements from said first terminal to said second terminal, wherein said second terminal includes means for decoding said signed cipher-text element or plurality of elements to said message character m, said second terminal including: means for transforming each of said signed cipher-text elements c to one of said interim cipher-text elements m′, whereby m′=(c)d mod n; and means for transforming said interim cipher-text elements m′ to said message characters m, whereby m=m′−s.

28. The system of claim 24, where n, p, q, e and d are chosen to not overload the computational capability of the browser during the encryption computations.