Browse Prior Art Database

Encryption on handheld device with remote server support

IP.com Disclosure Number: IPCOM000210519D
Publication Date: 2011-Sep-07
Document File: 4 page(s) / 28K

Publishing Venue

The IP.com Prior Art Database

Abstract

Handheld devices like mobile phone; I-Pad, etc have strong IO capability but low compute capability. Strong just in time encryptions needs high compute capability which cannot provide by a handheld device. Future handheld devices will have stronger compute capability however the attacker will also have stronger compute capability. Hence the encryption algorithm must use longer keys and as a result the compute effort to encrypt a message will also increase. That means handheld devices will always be easier to attack normal computers. There are no known solutions to overcome this unbalanced ration of compute power between handheld device and attacker if high encryption strength is required. The idea is to use remote compute power of a trusted server to get strong encryption / decryption without the need of high compute capacity inside the handheld device by using the strong IO capability of the handheld device.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

Page 01 of 4

Encryption on handheld device with remote server support

The method described below off-loads the main compute workload from a device with low compute power to a trusted instant with high compute power. The advantage is the possibility of strong encryption on small devices with good IO capability like mobile phones etc. Currently no encryption method or protocol uses this idea. A user wants to send confidential information over an insecure connection to a trusted server over a handheld device. E.g. a medic in a hospital wants to send highly confidential data from his mobile phone the central database of the hospital or want to download highly confidential data to his mobile phone.

Let's assume, on a handheld device we have an application that requests a data stream (one time pad) of random numbers created by a cryptographically strong random number generator or true random number generator (hardware random number generator). The source of this data is a trusted server with high compute capability. This data stream is encrypted by an algorithm that allows fast decryption. Because the data stream is a random number stream it is extreme hard to break the encryption, even if the encryption algorithm is cryptographically weak because the attacker cannot use any strategy except brute force because of the random character of the plain text (data stream). If the random stream is generated by a true random number generator it can be stored in the host and deleted after one usage.

Then this encryption method is using a one time pad. That means the encrypted message is not breakable. On the handheld device the incoming data stream is decrypted and used to encrypt the outgoing message by a fast algorithm by using the function c = f(s,p) where s is the incoming random number stream and p is the plain text. On the receiver the incoming message is decrypted by using the random number stream and an other fast algorithm p = g(s,c) that is the inverse function of the function used for encryption p = g(s, f(s,p)) . An "exclusive or" or a shuffle operation are examples for the algorithms f(s,p) and g(s,c).

Only if the receiver of the outgoing message knows the data stream that was used to encrypt the plain text message the encrypted message can be decrypted. The receiver of the encrypted message could be the server which has created the random number stream or a third device receiving the random number stream at the same moment when its receives the encrypted text. Because decryption does not need a large amount of compute capacity the third device could be also a hand held device like the sender of the encrypted message.

Broadcasting is also possible. First the server sends the decryption key for the encrypted random number stream to some devices. Then the sender requests the encrypted random number and broadcasts the encrypted message. Everybody can receive the encrypted message and encrypted data stream but only those who have the decryption key...