Summary of the Invention
The present invention provides a computerized key management system that is inexpensive, automated, and increases organizational performance. It is decentralized to the individual communicating elements, yet it is completely capable of managing and minimizing sensitive data flow across inter and intra organizational information systems. It provides a low cost rational solution with a maximum of flexibility and a maximum of security.
A primary objective of the present invention is to support the privacy of local area networks and modem user groups through controlled compartmentalization and privatization of information. A principal objective is to minimize organizational information sensitivities through enforced information specification and information flow control. A user given access to a single custom label addressing set for private communications is able to communicate privately with managers who are given a “dictionary” of thousands of labels. All of these labels can be accurately tracked, maintained and controlled. A single label can be used to provide private, secure communications to an entire organization or to any specified subset thereof.
The present invention is primarily directed to a label management system that is completely independent of any specific encoding algorithm, yet is useable with any of them. The present embodiment uses the Data Encryption Standard (DES), yet various specialized privacy algorithms can also be used transparently.
An important overall purpose of the present invention is to provide a cryptographic label key creation system that can minimize the sensitivity of encrypted messages by creating a unique transactional key which can be used by a cryptographic algorithm, such as DES, to scramble or encipher a plain text file. By using the present invention, both the sender and the receivers who use the transactional key know not only that it is unique to the message being sent, but also that the message could not even have been sent unless certain conditions had been met.
A preferred, working embodiment of the present invention is compatible with Microsoft Corporation’s Windows operating environment. It also has automated rekey capability that provides it with a unique precise control of networks.
The present invention is directed to an integrated, computerized approach that has particular advantages over all other known key management systems. The present system utilizes unique access control techniques and data manipulation techniques to provide a maximization of security, yet has a simplified designed use that allows even the most unsophisticated person to use it. A plurality of variable length passphrases are used to modify other variables that may be embedded in the computer program or obtained from an outside source. In this way, each passphrase can be used to control one aspect of the communication environment. For example, in the present invention, seven aspects are controlled. These are the how, why, where, who to, who from, what and when. In the language of the application environment, they are the identification of the network over which the communicated transmission will or has taken place; the purpose of the communication; the place where the communication originated; the person, persons, groups or organizations to whom the communication is being or has been sent; the originator of the communication; the classification of the communication including the file name of the message; and the environment of the communication including the date stamp of the message.
To accomplish its purposes and objectives, the present invention utilizes one or more labels that are appended to a message. In the preferred embodiment, the labels are encrypted, concatenated and appended to a separately encrypted message. In this way, the labels can be stripped off and separately decrypted.
Access to both the sending and receiving of a communication is provided by a unique access control module in which a portable key disk is utilized to store unique initializing vectors that are used to generate a key.
These and other objectives, advantages, and features of the present invention will be expounded upon and set forth in, or apparent from, the accompanying detailed description of a presently preferred embodiment of the invention.
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved