This invention relates in general to the field of security for communications and more particularly to the secure transportation of information over a communications network by use of randomly selected security algorithms.
The recent explosion in the number of people, organizations and businesses making use of the global communications network, i.e. the Internet, has brought forth a new era of electronic exchange of information and commerce. Associated with such use is the growing need for improvement in the ability to transmit sensitive, personal or confidential information and financial data without fear or concern of its loss or disclosure to others. The secure exchange of volatile information is a primary concern for vendor""s and consumer s alike. The need to be able to conduct secured transmissions is especially critical in the banking industry and in the use of credit cards and their associated financial transactions.
The current systems for securing sensitive transmission of information and data is subject to compromise. Just the possibility of such a security compromise prevents the full and efficient use of the Internet or other communications networks by those needing secure transmissions of their data. Recent efforts by a number of large financial and technical associations have not yet produced a viable, secure, and international solution.
With the current restrictions on the exportation of cryptographic algorithms, secure communication facilities have had to be bound to a lowest common denominator. That is, applications developed with secure facilities are required to use one specific algorithm that has been given special export, or internationalization status. In this way all xe2x80x9csecurexe2x80x9d applications contain a single point of vulnerability. For example, if a secure data stream is transmitted over a network, and a non-authorized party gains access to that information it is vulnerable due to the fact that the security method is an industry constant. Further, in the event the current industry standard security algorithm is compromised, all applications using that algorithm are vulnerable.
All current security applications are based on a single, de facto, industry standard which is the property of a single company. However, a security model based on a single algorithm, is also a model having a single point of failure.
The current invention provides the ability to utilize an almost infinite number of security algorithms. Security of the model increases with the number of available algorithms. A security model with such a capability is an improvement by several orders of magnitude over the security provided by a single algorithm model.
Other advantages and attributes of this invention will be readily discernable upon a reading of the text hereinafter.
An object of this invention is to provide the software based mechanism for the secure transportation of volatile information across a private or public network.
An additional object of this invention is to provide a robust, secure, and scalable security model not bound by a single security algorithm.
An additional object of this invention is to provide an application process to securely service a client""s transmission on a communications network.
An additional object of this invention is to provide a specified security server implementation of a client""s request for secured transmission on a communications network.
An additional object of this invention is to provide a means for encoding a client""s transmission over a communication network that is unique to that client and transmission.
An additional object of this invention is to provide to a client requesting secured transmission on a communication network a means of doing so without the client needing knowledge of specific encryption algorithms.
An additional object of this invention is to provide a server application which upon request by the client sends a randomly selected encryption object to the client to facilitate secure communication between the client and the server.
An additional object of this invention is to provide a means for decoding a client""s transmission over a communication network that is unique to that client and transmission.
An additional object of this invention is to provide a means for binding a decryption algorithm to a client""s application for decoding a transmission which was encoded by a complementary randomly selected encryption algorithm.
An additional object of this invention is to provide a plurality of complement security algorithms in encryption and decryption algorithm pairs in a security algorithm library.
An additional object of this invention is to provide a plurality of encryption algorithms with each encryption algorithm capable of encoding a client""s transmission on a communication network.
An additional object of this invention is to provide a plurality of decryption algorithms, with each decryption algorithm capable of decoding a client""s transmission on a communication network where such transmission was encoded by a complementary encoding algorithm.
An additional object of this invention is to provide for the binding of a randomly selected security algorithm from a security algorithm library to an application of a user.
A further object of this invention is to provide the requesting application with randomly selected complement pairs of encryption and decryption algorithms as needed.
These objects, and other objects expressed or implied in this document, are accomplished by a system for secure communications over a communication medium having a server accessible via the medium; an application program communicating with the server via the medium; a plurality of security algorithms accessible to the server; means, responsive to an initiating event, for randomly selecting a security algorithm from said plurality; means for selecting a complimentary security algorithm from said plurality and communicating same to the application program; means for dynamically enabling the server to process, through the selected security algorithm, information the server transacts via the medium; and means for dynamically enabling the application program to process, through the complimentary security algorithm, information it transacts with the server via the medium. The initiating event can be a request for secure communications sent from the application program to the server via the medium. The communication can be uni-directional from the server such that the security algorithm selected by the server encodes information sent by the server to the application program, and the complimentary security algorithm downloaded by the server to the application decodes information received by the application program from the server. The communication can also be uni-directional in the other direction such that the complimentary security algorithm encodes information sent by the application program to the server, and the selected security algorithm decodes information received by the server. The communications can also be bi-directional. Also in the case of bi-directional secure communications, the selected algorithm and its complimentary algorithm can be the same so that both the server and the application use complimentary halves of the same algorithm.