Unified end-to-end security methods and systems for operating on insecure networks

摘要

Secure transmission of a message is achieved by using a one-time encryption key derived at the receiver and the sender from information present at both the sender and the receiver, but wherein the information from which the encryption key is derived is not transmitted between the sender and the receiver. A plurality of bytes, known as a master signature, is randomly generated and stored at the sender, wherein each byte is uniquely identified by an address. A first random subset of this plurality of bytes, called an access signature, and the addresses in the master signature of the bytes in this access signature, are stored at the receiver. To generate an encryption key, the receiver selects a second random subset of bytes, known as a session signature, from the access signature and sends the addresses in the master signature of the bytes in this session signature to the sender. The sender uses these addresses to identify the bytes in this session signature which bytes are used at both the sender and the receiver to derive the encryption key. If desired, these bytes can be used directly as the encryption key but preferably, these bytes are passed through a session signature-to-session key converter using an irreversible algorithm to generate a one-time encryption key to be used to encrypt the message to be sent between the sender and the receiver. The master signature can also be derived from the digitized video image of the user, which allows a card containing the master signature to be used as described above but also with a video monitor to visually identify the user.