• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    To protect against hardware Trojans, external microcomputer networks [1, 2] encrypt and decrypt the data in ICT systems.
    公开号:CH712099A2
    申请号:CH00163/16
    申请日:2016-02-08
    公开日:2017-08-15
    发明作者:Filbrandt Jan
    申请人:Filbrandt Jan;
    IPC主号:
    专利说明:

    Description Technical Field Today, we can assume that each computer also includes IT components with hardware Trojans, transmit and receive technology that store all data separately and provide insight into confidential data. Even when computers are not connected to computer networks, it is possible to activate radio-controlled IT components that generate mechanical, acoustic or electromagnetic waves with confidential data content and are received by other mobile devices, satellites, bedbugs or / and be forwarded via the internet. In the case of these IT components, the previous protective devices for software data encryption, data transmission via virtual private networks, firewalls or routers do not work.
    To protect against hardware Trojans an ICT architecture with IT components for encrypting and decrypting the data is presented, which are connected via external interfaces of the computer in commercially available devices, systems, access to the storage media of the computer and attacks of hardware Trojans with several cooperating microcomputer networks fend off.
    Hardware Trojans Scope and Procedures for Protecting Confidential Information from Unauthorized Access Users are becoming increasingly interested in protecting their data from unauthorized use and wanting to leverage IT convenience worldwide and communicate with other people.
    To protect against hardware Trojans an ICT architecture with IT components for encrypting and decrypting the data is presented, which are connected via external interfaces of the computer in commercially available devices, systems and the internal storage media with user read / write authorization can access. The data processing is divided in the individual IT components, for example in the keyboard, mouse, in the display on several microcomputers, the reading, encoding, storing confidential data excerpts, reading and storing non-confidential data and sending the data, especially the Separate data, so that from the data of a microcomputer with the hardware Trojaner not the sensitive data can be reconstructed.
    The confidential data of the user computer are protected by several interconnected subsystems for data entry, data processing, authentication and data output, in which IT components are included with the networked microcomputers.
    When entering confidential data are redirected via the data entry subsystem, encrypted and received in the user's computer of the PC, notebook, tablet, mobile phone, or robot, etc., further processed and stored. The procedure for encrypting the data across different channels involves the following rules and conditions:
    Data entry [0007] The microcomputers in this method together form an external network [1,2], which separates the data flow in the user computer at the data source, divides the duplex operation into two separate channels with simplex operation and controls the data traffic between the data source Transmitters and data source receivers.
    Data entry via the keyboard The data is input via an external device which is connected to the user's computer, for example a keyboard and an IT protection component for the data acquisition.
    In this keyboard only components for signal conversion, digitizing and forwarding the input data without buffer are included, which send the input data directly to the input of the active receiving microcomputer in IT protection component via the de-multiplexer.
    The receiving microcomputer transmits the non-confidential data to the user's computer and the confidential data to one of the coding microcomputer in the IT protection component and receives from the user's computer a list of each entered characters and data of the authentication Microcomputer network, which input data is to be handled as confidential and the data processing microcomputer network in the IT protection component, at which position in the file, database, XML document, content memory etc. the next character is to be entered , The functioning of the microcomputer networks for authentication and data processing will be presented separately on the following pages.
    The receiving microcomputer sequentially distributes an input original character and the positions for finding further coding characters in two to m coding texts to the next receiving encoding microcomputer i of the network having 1 to n microcomputers in the iT-protection component.
    Each coding microcomputer is assigned a time slot by the receiving microcomputer, in which this data can receive, for example, a series circuit of annular, coupled flip-flops, each one flip-flop activates the readiness of the coding microcomputer when the flip-flop Data output has the binary value one. This value changes with the data input clock on the receiving microcomputer. If the server is a new one
    Input character on the keyboard, then the data output value of the next flip-flop becomes one and the other flip-flops of the series circuit have the data output value zero, whereby the data input to the other coding microcomputer is deactivated. When the last flip flop is deactivated, the next cycle begins and the first flip flop is reactivated. If the input character is to be split again, then several encoding microcomputers are switched to receive and use an extended character set of the keyboard, for example after conversion - alphanumeric values into numeric numbers and - numeric integers into numeric floating point numbers, for example the numerical one For example, integer 3 is divided into freely selectable ratios of 1/3 + 1/6 + 1/2, for example, and the corresponding values 1.0.5 and 1.5 are transmitted to three encoding microcomputers.
    By dividing the hexadecimal code of an alphanumeric character, for example, the hexadecimal number F is divided in the arbitrary ratio 1/4 + 1/8 + 5/8 and the associated values 4, 2 and 10 transmitted to three coding microcomputer.
    The number of characters of the character set for the representation of the confidential text can be chosen freely and adapted to the required complexity.
    In the time window, the coding microcomputer receives the start positions in texts with deterministic strings for generating random strings in coded list form, for example for two texts [3] - data packet checksum - A character of the confidential text v - absolute position pO of the confidential text in the user document Absolute position p (x1, t1) of the character z11 in the first text t1 - Number n of characters in the string z11 to z1n with i = 1 (1) n - Absolute position p1 (x1, t2) of the character z21 in the second text t2 - Number m of characters in the string z21 to z2m with j = 1 (1) m - Algorithm of the authentication microcomputer - Algorithm of the input-receive microcomputer - Algorithm of the coding microcomputer [0017] The texts originate from freely selectable, publicly known, various e-books and are stored in a memory such as EPROM, crystal, etc. The encoding microcomputer decodes the list of the receive microcomputer, checks the checksum, searches the absolute positions of the characters in the first and second text z11 through z1n and z21 through z2m to match the number of characters in the string, and checks for blanks. In the case of spaces, the algorithm continues to search until the next valid character. The found alphanumeric characters z11 to z1 n and z21 to z2m are transformed into numeric characters Z11 to Z1N and Z21 to Z2M, added to the algorithm of the coding microcomputer and checked in which range of values the sum can be classified. K1 <sum <K2 K3 <sum 2 <K4 to
    Ki <sum i <Ki + 1 The next position of the character is calculated according to the value range according to various rules 1 to N, so that the position of the code character is different for several inputs and the characters from all areas of the coding text are the same often used for coding, for example, for text 1
    Rule 1 (sum in the value range 1) Z11 + Z12 + ... + Z1N
    Rule 2 (sum in the value range 2) Z11 * Z12 + Z13 * Z14 + ... + Z1 (N-
    1) * Z1 N
    Rule 3 (sum in the value range 3) Z11 * 10 + Z12 * 100 + ... + Z1N * 100 [0019] If coding texts are too short, a multiple of the total number of characters in the text is subtracted until the position is again within the coding Text is. At this position, further strings with a varying number of characters can be cyclically selected according to the same algorithm and the next position calculated until the probability for decrypting the code is low enough and at the last determined position the alphanumeric character z1N resp. z2M in the text 1 resp. Text 2 is found for coding.
    The position of the coded confidential character is determined unlike previously not in the text, but within the string in the font that the user uses on his keyboard. For example, for a keyboard with the following character set, the first character in the character set is at position 1, the second at position 2, the kth character at position K, and the last character at position O with k = 1 (1) o:
    Characters ABCDEFGH I ... M ... =
    Position 1 2 3 4 5 6 7 8 9 ... k ... o The position of the coded, confidential character can be calculated according to various formulas by addition, alternately addition and subtraction or subtraction of the individual positions and with different algorithms in each case be determined by another coder microcomputer. For two texts, the position of the coded character can be determined, for example, according to the rule of mutual addition and subtraction according to P (k, zs) = P (z1, Zs) -P (z2, Zs) + P (v, Zs), where the abbreviations ZS for character set P position of the character in the character set k encoded character v confidential character z1 the character at the last determined position in the text 1 z2 the character at the last determined position in the text 2 are used.
    The coding microcomputer determines from the character set at position P (k) the coded character via its algorithm by testing whether the position has a negative value, a value in the range of the character set or a positive value greater than the range of the character set ,
    In the case of a negative value, the algorithm adds once or several times the position value of the last character in the character set until the result delivers a value in the range of the character set.
    In the case of the positive value being greater than the range of the character set, the algorithm subtracts once or more times the position value of the last character in the character set until the result provides a value in the range of the character set.
    In the case where the position has a value in the range of the character set, then the associated coded character k is selected at the position determined and stored in the coding list, for example, the following characters were cached z1 characters G position 7 z2 characters H position 8 V Characters C position 3 [0026] and the position calculated according to the rule P (k) = P (z1) -P (z2) + P (v) = 7-8 + 3 = 2. The coded character k at position 2 in the character set is the character B.
    The results are encrypted by the transmitter microcomputer and sent via a de-multiplexing circuit to the user computer and stored in lists of confidential data in databases, XML documents or similar media in the following structure: - data packet checksum - characters of the confidential Text k - Absolute position pO of the confidential text in the user document - Absolute position p (x1, t1) of the character z11 in the text 11 - Number n of the string z11 to z1 n with i = 1 (1) n - Absolute position p1 (x1, t2) of the character z21 in the text 12 - number m of the string z21 to z2m with j = 1 (1) m - algorithm of the authentication microcomputer - algorithm of the input-receiving microcomputer - algorithm of the coding microcomputer With the saving In the absolute positions, the coded texts can be changed, moved or copied without any loss of information, with only the absolute position pO of the confidential text in the user document t is changed by the data processing microcomputer network.
    At present GPU with several 1000 cores are already offered in ASIC, so that in corporate or security-critical applications, the granularity can be adjusted by a higher number of microcomputers, the complexity can be flexibly increased and also information in larger amounts of data can be digitized.
    In safety-critical applications, the microcomputer are networked over several hierarchy levels and equipped with different algorithms and rules for calculating the position, so that if necessary, each character can be calculated in larger confidential amounts of data with another set of rules.
    The data format of the character is separately recorded in the list and encrypted.
    The microcomputers are not connected to one another via bus lines and are individually networked by independent, logical electronic data elements via shielded connections. The coding IT component is executed completely in shielded technology and covered with an artificial hologram and Faraday cage, which is optically measured and to which a checksum or several partial checksums are formed. Changes due to external interference can thus be determined by changing the checksum.
    As a result, the radiation of electromagnetic fields, waves, the manipulation of the safety technology and the electromagnetic, electrostatic or electrical coupling or contacting is prevented, in particular the data access via ICT espionage technology, for example, in very small circuits produced with electron beam lithography and at Low temperatures, line resistances close to zero ohms are operated in satellites on a earth orbit that receive sensitive data at processing frequencies in the THz range or are built into the user's computer and store the user data in encrypted data containers that only spies have access to and are hidden from. The data can be received by the hardware Trojan via coupling elements in the size of half the processing wavelength at less than 0.15 mm and in direct contacts such as needles as antennas on hardware Trojaner contacts, interfaces in the microcomputer network including up to processing wavelengths in the infrared data and in espionage Network are processed further. For this reason, artificial intelligence should also be distributed across multiple microcomputers, and each microcomputer should be able to perform only highly specialized functions, and conceal the interaction of the microcomputers and the decryption of sensitive data unauthorized users, robots and similar handling devices.
    Data input via the mobile phone or tablet When entering data via mobile phone or tablet should not be directly confidential data exchanged because of the built-in ICT-espionage technology, but only indirectly by previous recording, digitizing example with XML, WSDL and coding with the same method as in the keyboard input via a data entry microcomputer network. The confidential, encoded data can be transmitted during the conversation or during data communication via mobile phone or tablet on a second channel, in the modulation signal or in a multimedia, video, text or similar file embedded.
    Data entry via the mouse Data input via the mouse is processed by the receiving microcomputer of the IT protection component according to confidential or non-confidential data contents which are coded or not coded by the coding microcomputer according to the same method as in the keyboard input.
    In the time window, a coding microcomputer receives, for example, for two texts for generating random strings this list - Data packet checksum - A character of the confidential text v - Absolute position pO of the confidential text in the user document - Absolute position p (x1, t1) of the character z11 in the first text t1 - number n of the string z11 to z1n with i = 1 (1) n - absolute position p1 (x1, t2) of the character z21 in the second text t2 - number m of the string z21 to z2m with j = 1 ( 1) m - Algorithm of the Authentication Microcomputer - Algorithm of the Input Receive Microcomputer - Algorithm of the Encoding Microcomputer
    - A character / group of characters to the mouse handling data with non-confidential content to navigate, mark data and select GUI data processing functions via GUI
    When selecting data processing functions, for example for copying, inserting or deleting marked, confidential data, the receiving microcomputer sends the mouse handling data to the memory receiving device.
    Microcomputer, which transmits the data to the data processing microcomputer network, in which the associated stored list data of individual characters or character groups are changed.
    Data Entry via the Microphone Data input via the microphone is recorded in data protected environments that can not be scanned by internal or external transmit / receive ICT systems. The microphone is a commercially available device and consists of electronic components for analog / digital signal conversion, digitizing, without electronic memory components. The data input signal is transmitted to the IT protection component, further processed. Possible techniques for data preparation are the signal conversion of • tone> analog-to-digital conversion> digitization of the amplitude of the signal> into a sequence of hexadecimal characters The confidential data, after signal conversion, is converted into hexadecimal characters using the same method of encoding the characters as protected by the keystroke.
    Data entry via robots Data input via robots with different sensors, for example spectrometers, ultrasound for recording human data for assessing his health status, his intelligence, responsiveness, stress tolerance, life expectancy, for detecting cracking in nuclear reactors, for controlling and regulating military radar installations Missile defense systems, from computer-based decision-making systems in medicine, politics and the stock market, to electricity networks, to generating digital currencies, digital shares, digital property, and to record confidential data, are converted to hexadecimal characters directly behind the data source without cache, after signal conversion, to antennas and similarly acting information technology to the IT protection component and encoded the confidential data using the same procedure as for data input via the keyboard and further processed.
    Data Entry via the Video Channel Data inputs via the video channel of an electronic camera are recorded in data-protected environments that can not be scanned by internal or external transmit / receive ICT systems. The electronic camera is today a complex ICT system with memory components and for capturing confidential data only partially suitable because the data on the mobile device in unprotected environments can be ordered and received by unauthorized persons. However, the video can be used as a medium for importing encoded confidential data with appropriate multimedia software. Thus, the data for each channel can be recorded separately and randomly distributed, embedded or / and inserted into the video.
    Data entry of still and moving pictures When entering confidential pictures, films, picture and film clips, an artificial hologram [4] is applied to the lens, the surface of which is timed by a stochastic electromagnetic, magnetic, mechanical or electrical signal i changing that the incident light beams in the polarization (dx, dy, dz) and direction (dx, dy.dz) on the light receiver are individually unrecognizable as another cross-correlated signal for the observer, and non-confidential image areas are displayed as they are. The stochastic signal is generated with an IT component in which for each pixel individually another stochastic, discrete-time signal section Sk (Xk + i - xk, yk + i -yk, zk + 1 -zk, tk + 1 - tk) of several microcomputers with N> = 3 + 2 * (i - 1), i = 1 (1) 0 calculated from random strings in different texts N> = 3 + 2 * (i-1), i = 1 (1) 0 where the characters in the texts are formatted into numerical values, as in the case of data input via the keyboard, and are added and subtracted alternately, so that a unique alphanumeric character is created again after the re-formatting. For the numerical values, a microcomputer calculates the coordinates for the surface changes, for example via a correspondence table in which for each numerical value of an alphanumeric character the associated signal section Sk (xk + 1-xk, yk + 1 -yk, zk + -, - zk, tk + 1 - tk) is stored with the absolute position data.
    After the data entry, the data is further processed and stored encoded in a storage medium on the user computer.
    The surface construction consists of - several, movable, transparent zones, which are excited by stochastic signals and change the polarization (dx, dy, dz) and the direction (dx, dy.dz) of the incident light; a layer 1 with checkerboard pattern of alternating structured and unstructured square surface elements; a checkerboard pattern of alternating metallic and clear square layers 2, the metal layer being deposited either on the structured surface or underneath the structured, transparent surface; a transparent layer 3; a checkerboard pattern of alternating metallic and clear square layers 4, the metal layer being deposited on the structured surface or underneath the structured, transparent surface. a pattern of structured and non-structured square layers 5 alternating with checkerboard patterns. The structures of layers 1 and 5 are fixed, as in the chessboard, so that the black fields are the structured fields of layer 1 and the white fields are the structured fields of layer 5 are. The thickness of the layers and size of the squares is dimensioned so that light radiates through the surface material, from which metal in layer 4 is reflected to the metal in layer 2 and from the metal in layer 2 through the lenses of the objective to the photon Receiver of the camera is reflected. A layer 6 contains oscillating reflectors with different reflectivities and structures similar to a Fresnel lens for switching the light beam and changing the positioning, so that the smallest image excerpts are emitted at positions and only after passing through the decoding light broker system in the original order the authorized, authenticated receiver be displayed [7]. - The surface is moved in a plane back and forth so that the incident light on the metal surface after the shift through the transparent layers radiates and the image is completely displayed on the photo-receiver.
    Data processing between data input and output In the near future, quantum computers will be a thousand times faster than classical computers that crack encrypted data produced by today's methods and recognize patterns, rules in unstructured data.
    For encryption, for this reason, a method is presented, which increases the complexity for data encryption depending on the time-limited disclosure date and confidentiality and meets the following conditions: 1 The bandwidth of the stochastic digital signal is greater than digital useful signal 2 The stochastic, digital Signal is calculated by microcomputers by selecting characters from a well-known stochastic string 3 The stochastic string is made up of several individual strings of different texts A, B, C, D etc., for example, on art, history and literature in different languages whose characters are continuous be addressed and stored so that a program can find the calculated position, the memory address and the associated character in the text. 4 For the selected character, two to n characters are formatted into a numeric value according to the length of the text and the required complexity, from which the position of the next character is calculated by adding the previous position and the numerical value after formatting the alphanumeric character and adding the procedure Need repeated several times, where the number of following characters from the current position varies with each iteration depending on the selected microcomputer algorithm or by the addition and subtraction of the numeric values of strings the final position of the character is calculated in the coding text. The characters can come from different texts, for example a coding text in the memory of the coding microcomputer and another in the memory of the microcomputer network. 5 By combining numerical values from the algorithm and the formatted values from the text, stochastic signals can be generated with relatively simple algorithms in the microcomputers, which can not be cracked even by quantum computers up to the time-limited disclosure date. 6 The characters of the encoded texts and the entered character are formatted into numeric values and the encoded numeric character is added, subtracted or alternately added and subtracted in combinations, for example, via the relationship k (position (x, y)) = a (position (x, y)) - b (position (x, y)) + c (position (x, y), numeric) + v (input character, relative position (order of input)). 7 Depending on the confidentiality of the information and the expected level of ICT technology by the time the information is published, for example, doubling the computer performance every two years, the complexity is increased if necessary and the encrypted character is added by adding further numerical value pairs from key texts with the property wp (i). = x ((i), position (x, y)) - y ((i), position (x, y)) via the relationship k (position (x, y)) = sum wp (i) + c (position (x, y)) + v (input character, position (order of input)) with i = 1 (1) N calculated. 8 The encrypted characters are stored in a list with values from the first to the xth dimension in different dimensions individually depending on the algorithm in the microcomputer software and filled the other fields with other pseudo-random characters, so that a quantum computer will not find out later It is possible to know the order in which the characters were entered and the complexity can be increased as required by using several dimensions. Also, dimensions of time-varying data such as videos, multimedia data, moving images, images of follies, spatial objects are represented by several dimensions. The coded data k for decrypting are also encrypted in the microcomputer network for data processing using the same method as for the input data, whereby the different key texts are also partially stored in the microcomputer and in the microcomputer network on a fixed medium such as a hologram, ROM, etc. become. The method for decrypting the coding text characters a, b, c, x (i), y (i) selects the associated algorithm for an initial value and thus determines the position of the re-coding text character from one of the texts A. , B, C, D etc. According to further rules of the algorithm, one or more characters are selected in the focus area from which, after the alphanumeric formatting into numerical characters has been formatted, the number of characters to the next locality or the next position is determined , The search of other localities can be continued if necessary. The last find location is a location where the next character matching the encoding text character is searched. For decryption, only the numerical or alphanumeric value for the distance between the last determined positions and the position of the keyword is stored in the data processing but not the ciphertext itself, so that complex data structures generated by simple algorithms and initial values in the microcomputer network are not stored by High performance computers can be cracked. The coded data K is stored on the computer and the data for encryption and decryption optionally on the computer or on an external, protected medium. 12 Shifts and changes of text excerpts are only displayed in changed position data K for the output medium and have no influence on the memory addressing. The values are calculated by the microcomputer software and stored in the value list of all data for a character in the field "Position data for the output medium". 13 Encryption is performed individually, in pairs or in triplets using different algorithms on one or more microcomputers, depending on the frequency of errors. When decrypting, the results are compared to verify the correct calculation.
    The microcomputers in this method together form an external network consisting of the ICT component authentication, data input, processing and output communicating with each other via protected data channels.
    The user authenticates for dialing into the microcomputer networks for inputting, processing and outputting the data over several key elements.
    The encrypted data from the data input is stored and maintained in the user's computer along with the non-confidential data. For manipulations with the mouse, the data processing microcomputer network takes over the list with the control, position and text length data and maintains the associated data on the user's computer for position changes, text displacements, deletion of text excerpts, etc.
    The confidential and non-confidential data is synchronized by the data processing microcomputer network, distributed to the data output channels upon request for data output, and sent to the associated data output microcomputer network.
    Authentication When logging in, the data for authenticating from a microcomputer network with four security keys (S,) is checked according to the following procedure: 1. Entry and verification of the user data via a combination of security elements from fingerprint, eye scan, multi-spectral recording of the finger, Venous and arterial plexus, blood flow through a sample of blood vessels, etc. Si 2nd issue and display of a TAN S2
    3. Enter a user chip card into an external device to calculate the comparison TAN 4. Enter the user password S3 5. Confirm correct input of the password 6. Enter the TAN S4
    7. Calculation and output of the associated comparison TAN 8. Input of the comparison TAN into the microcomputer network 9. Validation of the comparison TAN by a microcomputer 10. Enabling the microcomputer network for data input, processing and output via the various data input and output channels.
    The data is transmitted encrypted by ultrasound, mechanical movements or electromagnetic waves from the data source to the data sink fitting the input and output channels and the data processing microcomputers.
    The state "the user may access the application" is regularly checked by the microcomputer network with eye scan, sensors for measuring the pulse rate, the infrared distribution or by observing the user behavior and interrupted when exceeding user-specific limits.
    After authentication, data entry and processing, the user can retrieve the data via various protected channels.
    The user communicates with the authentication microcomputer network before data entry which data is next to be treated confidentially.
    For this, the authentication microcomputer network sends an identifier for the next confidential data and its algorithm ID to the data input and output receiving microcomputer, which enter this data in the lists with the current data and duplicate it for the next data inputs ,
    If the user decides that the next data is non-confidential, then the authentication microcomputer network sends a matching tag and its algorithm ID to the data input and output-receive microcomputer that uses it Enter data in the lists with the current data for the next data entry.
    Data Output During data output, the encrypted data is passed via simplex channels to a data output microcomputer network. The simplex channel is intended to be transmissive only in one direction and to prevent data traffic in two directions as in duplex operation.
    Data output via display The confidential data is first decrypted in the display of a microcomputer network and output with its own graphics circuits via a multiplexer, which mixes the data with the non-confidential data so that all data is displayed. The input data is character-by-character reproduced by individual microcomputers by loading the encrypted data from the data processing medium of the user computer and decrypting the signal excerpts. The confidential characters are obtained according to the same algorithms as in the data input via different data channels of microcomputers with the same algorithms as in the data input encoding micro recorders, whereby only the formula for the positions in the character set according to the position of the confidential character P ( v) is converted and the confidential character is output to the result.
    For safety, the calculation can also be performed by a plurality of microprocessors and, in the case of unequal results, the decryption can be repeated again.
    The data output of videos whose data has been encrypted with artificial holograms, either the image encrypted or decrypted can be displayed on the display. In a non-confidential environment, the data is encrypted and spatially distributed so that the data can not be captured by a spy camera in a user's location. An artificial hologram [8, 11] is mounted on the display and the eye positions of the authorized user are recorded via the display camera and the artificial hologram is controlled by the microcomputer network in such a way that only in the user viewing direction the artificial hologram radiation properties of the data acquisition to be decoded ie the encrypted signal containing the convolution with the input hologram whose Z-transform is Hk (i * x, j * y, k * z, TP) is decrypted by the convolution with the artificial output hologram whose Z-transform 1 / Hk (i * x, fy, k * z, I * P) so that the confidential data becomes visible.
    When viewing the video via mini display [5], the artificial decryption hologram is mounted on the mini-display and displayed completely.
    The artificial hologram for decoding is constructed similarly to the data input of still and moving images only on a different scale.
    The surface construction again consists of several movable, transparent zones, which are excited by stochastic signals and change the polarization (dx, dy, dz) and the direction (dx, dy.dz) of the emitting light. a layer 1 with checkerboard pattern of alternating structured and unstructured square surface elements - a checkerboard pattern of alternating metallic and clear square layers 2, the metal layer being deposited on the structured surface or under the transparent, structured surface. a transparent layer 3 - a checkerboard pattern of alternating metallic and clear square layers 4, the metal layer being applied on the structured surface or under the transparent, structured surface. - An alternating patterned and non-patterned square layers 5 with checkerboard patterns. - Three further layers contain oscillating reflectors with different reflectivities and structures similar to a Fresnel lens for switching the light beam and changing the positioning, so that smallest image sections are emitted at positions and only after passing through the decoding light mediation system in the original order to the authorized, authenticated recipient are displayed [7]. The structures of layers 1 and 6 are fixed, as in the chessboard, so that the black fields are the structured fields of layer 1 and the white fields are the structured fields of layer 5. The thickness of the layers and the size of the squares are dimensioned so that light, for example, is emitted by one or more LEDs, laser diodes etc. through the surface material, from which metal in layer 4 is reflected to the metal in layer 2 and from the metal in layer 2 is reflected to the user. - The surface is moved in a plane back and forth so that the incident light on the metal surface after the shift through the transparent layers radiates and the image is completely displayed on the photo-receiver.
    In familiar environments, the encrypted video is displayed decrypted on the display, and in unfamiliar environments, depending on the complexity of the Z-transform of the input artificial hologram, control of the associated artificial output hologram for re-convolution of the encrypted signal is calculated by the microcomputer network such that a stochastic signal for changing the polarization (dx, dy, dz) and the direction (dx, dy.dz) of the emitting light is generated and only the user [12] can see this.
    Data output via notebook, mobile phone or tablet The commercially available notebook, mobile phone or tablet contains an interface for connecting the external data output microcomputer network, which receives the encrypted data, as decrypted in the data output via display and processed by its own graphics chips / cards and forwards to a multiplex network that merges the data with the confidential data and non-confidential data that is not encrypted after the data input via the common non-confidential structural data from the data memory from the data processing between the data input and the data output. The multiplex network is directly integrated in the display at an interface immediately in front of the display devices that are not coupled to each other, to other devices or data-generating ICT structures, and that do not include a memory device. Due to data and mobile data entry limitations, data is separated into data output channels via the data output microcomputer network and output via protected data channels from protected data output devices using the same procedure described in the chapters Data Output via Display and Data Output via Headphones.
    Data output via headphones The commercially available headphone consists of electronic components for digital / analogue signal conversion, digitization without electronic memory components, which is controlled by a data output microcomputer network. The encrypted confidential data from the data input via microphone are loaded from the data memory, decrypted in the microcomputer network using the same procedure as for the data output via the display and converted into an analog signal, for example: • A sequence of encrypted, hexadecimal characters> Decryption> Digital-Analogue Conversion> Speech The data output microcomputer network is integrated into the headphone via an external interface between the loudspeaker component without memory technology and the connection technology and contains components for the coupling of electrons, photons, magnetic, electromagnetic fields and / or mechanical oscillations and fields that only allow data to be delivered in one direction from the data source to the data sink.
    Data output via robots Robots contain various controllable and controllable handling devices with different complexity, for example in automotive production, in the control and regulation of aircraft, rockets, ships, cars, trains, message switching equipment, servers, computer networks, chemical plants, medical technology, pharmaceuticals and biotechnology processes and use sensitive data that is used in the control loop or in the controller. Depending on reliability and security requirements, redundant systems and components are also used, and critical components are protected against hardware trojans and other espionage activities with a data output microcomputer network that is integrated into the IT components via an external interface and the confidential data is not created until immediately before Decrypts the application and forwards it to the IT components for the control and regulation without artificial intelligence whose individual data do not allow conclusions to be drawn on the confidential data. The artificial intelligence is included in the microcomputer network, and the data in a single microcomputer of the microcomputer network does not allow for conclusions to the confidential data. The data is encrypted using the same procedure as keyboard input, delivered to the data output microcomputer network via protected simplex channels. The data output microcomputer network responds to the control and regulation, decrypts the associated data in real time and delivers it to the receiving component of the handling device. In the case of increased security requirements, the data is encrypted and decrypted by several microcomputers using different algorithms, the results are compared and the data is transmitted to the IT components of the handling device only when they match.
    Data output on analogue film The data are displayed via mini-display and recorded with an analogue camera without electronic memory technology. To decrypt encrypted video recordings, an artificial hologram is inserted between the film and the display. The decryption works just like on the data output via the display on a different scale.
    Data output on artificial hologram hardware Trojans can activate the data output on the screen in company buildings and radio-installed spy cameras, for example in pharmaceutical or biotechnology research and record the data displayed, store, compress and if necessary via appropriate data channels to the Forward unwanted recipient. For privacy purposes, an artificial hologram is mounted on the display or placed as a standalone system between the display and the user, digitizing the view, for example, in the size of a sign and the light waves of each display section in different directions and times (dt, dx, dy, dz) Space scatters so that even from several cameras in the room data output can not be easily reconstructed. The artificial hologram [10, 11] is controlled over the viewing direction of the user, thereby changing the direction of the light waves that the light waves are focused to multiple focal points in the space in front of the user and only the user either directly or via a micro lens matrix glasses [12] with a lightwave direction multiplexer can observe the data output.
    The artificial hologram for decoding is constructed similarly to the data input of still and moving images only on a larger scale.
    The surface construction [6] again consists of several moving, transparent zones excited by stochastic signals and changing the polarization (dx, dy, dz) and the direction (dx, dy.dz) of the incident light. a layer 1 with checkerboard pattern of alternating structured and unstructured square surface elements - a checkerboard pattern of alternating metallic and clear square layers 2, the metal layer being deposited on the structured surface or underneath the transparent, structured surface. a transparent layer 3 - a checkerboard pattern of alternating metallic and clear square layers 4, the metal layer being deposited on the structured surface or underneath the transparent, structured surface. A pattern of structured and unstructured square layers, alternating with checkerboard patterns 5 The structures of layers 1 and 5 are attached, as in the chessboard, so that the black fields are the structured fields of layer 1 and the white fields are the structured fields of layer 5 , The thickness of the layers and the size of the squares are dimensioned so that light, for example, is emitted by one or more LEDs, laser diodes etc. through the surface material, from which metal in layer 4 is reflected to the metal in layer 2 and from the metal in layer 2 is reflected to the user. Three further layers contain oscillating reflectors with different reflectivities and structures similar to a Fresnel lens for switching the light beam and changing the positioning, so that the smallest image excerpts are emitted at positions and only after passing through the decoding light mediator system in the original order the authorized, authenticated receiver be displayed [7]. - The surface is moved in a plane back and forth so that the incident light on the metal surface after the shift through the shifted, transparent layers radiates and the image is completely displayed on the photo-receiver.
    In familiar environments, the encrypted video is displayed decrypted on the display and, depending on the complexity of the Z-transform of the input artificial hologram, the associated artificial output hologram is calculated to re-convolution the encrypted signal by the microcomputer network to provide a stochastic signal to the computer Changing the polarization (dx, dy, dz) and the direction (dx, dy.dz) of the emitting light is generated and only the user can see this.
    Data output via control computer Control devices are connected to control devices of varying complexity, for example in automobile manufacturing, in the control of aircraft, rockets, ships, cars, trains, message exchanges, computer networks, chemical plants, pharmaceutical and biotechnology processes, the confidential ones Use data from the controller. Depending on reliability and security requirements, redundant systems and components are also used, and critical components are protected against hardware trojans and other espionage activities with a data-output microcomputer network that is integrated into the IT components via an external interface and the confidential data is not created until immediately before Decrypted application and forwards to the IT components for control without own artificial intelligence. The artificial intelligence is contained in the microcomputer network, whereby the data in a single microcomputer does not allow conclusions about the confidential data.
    The data is encrypted according to the same procedure as in the case of keyboard input, delivered via protected simplex channels to the data output microcomputer network. The data output microcomputer network responds to the controller, decrypts the associated data in real time, and delivers it to the receiving component of the handle.
    With increased security requirements, the data is encrypted and decrypted by several microcomputers with different algorithms, compared the results and only when their conformity, the data transmitted to the IT components of the handle device.
    Data output to memory card, external storage media On hardware memory cards, external storage media, hardware trojans activated by other mobile devices and with built-in antennas in the size of less than 0.15 mm can also be integrated with the confidential data stored in IT components Forward spies. For security reasons, confidential data is stored encrypted on these IT devices only after data processing between the data input and output with the data output microcomputer network.
    Data output to printer In the commercially available printer, the data is received by the own microcomputer before the output, buffered, prepared for the control of the printer technology and printed out. The printer control can also integrate IT components with hardware Trojans, which are activated by other mobile devices and, with built-in antennas of less than 0.15 mm in size, transmit the stored confidential data to spies by radio. For security reasons, confidential data on these IT devices will only be decrypted and printed out in front of the data sink when data is output using a data output microcomputer network. The data output microcomputer network separates the data communication between the printer control and handling technology, forwards the signals of the printer control further to the handling technology and decrypts the confidential data only immediately before the data sink, which contains no electronics with data storage, antennas and is shielded. The decryption works according to the same procedure as for the data output via the control computer.
    Construction The protection technique consists of electronic components with commercial integrated circuits, wafer chips with microcomputers, ROM, RAM, DMA from different manufacturers, which are mounted on surfaces with interconnects on several layers and contact surfaces. The connections between the wafer-chip contacts and the pads are made with bonding machines or SD printers. The protective technology is clad with a Faraday cage and the surface is coated with an artificial hologram.
    The construction of a protected microcomputer network consists of several layers 1 artificial hologram 2 insulator 3 substrate 4 insulator 5 Faraday cage around all layers 6 insulator 7 interconnects to the composite elements Eben 1 8 insulating layer with vias 9 interconnects to the composite of the elements Eben 2 10 Insulating layer with through-holes ... 11 Conductor tracks for the assembly of the components Eben i 12 Insulating layer with plated-through holes ...
    13 Conductors for Bonding the Components Plane N 14 Insulation Layer with Vias 15 Integrated Circuit Chips and Electronic, Optical, Magnetic, and Mechanical Devices 16 Bond Wiring or 3D Printing Metal Coating 17 Insulating Layer and Layer Edge 18 Faraday's Cage around All Layers 19 Insulator 20 Artificial hologram The Faraday cage protects against radiation of electromagnetic waves, dissipates the heat and is permeable to light waves via optical fibers for data exchange between the microcomputer network and computers, handling devices to the data input and output channels and the data processing on the user's computer on the the confidential and non-confidential data is stored.
    Because of today's nanotechnology technology, the structures can be made in the nanometer range and there is the residual risk that espionage technology is incorporated into the protection technology and the first position values and the number of contiguous signs to determine the next position decrypted and thus cracked the code can be.
    In the construction, therefore, as far as possible the complete protection technology should be surrounded by a thick metal layer in order to prevent other signal transmitters for ultrasound, light, vibrations in the installed, commercially available IT components from the disclosure of confidential data and should only connect via fiber optic cable between the external protection technology and the information technology in the individual components.
    To test for tampering with the protection technique, the original hologram is measured and compared with a previously made measurement hologram made from the reflected light rays of the original hologram from different measurement sites.
    Architecture of the IT Protection Network Key Processor Unit (KPU) contains KPU (KP1, KP2, KP3, ...; KPN)
    Keyword processor (KPi)
    KPi contains (Algh, Algi2, Aign, ..., AlgiZ) with algorithms Aign with i = 1 (1) N and 1 = 1 (1) Z
    Confuser (Confusor - C)
    C contains (V-1, O) with vector V-1 for positioning the next characters in the string and the original character O.
    Switch (S) S contains (V0, KPil) the vector V0 of the first position in the text of the allocated keyword processor ΚΡΝ from the switching processor [0090] memory (Memory-M)
    权利要求:
    Claims (13)
    [1]
    M contains (Ο) memory with the contents of the original character / part of the original character. Deconfusor (Deconfusor - D) D contains (Vi, K, CP). Vector V-ι for positioning the first / next character in the string and, the key character JC and the confuser of the image Confusor Picture on the display / in front of the lens CP. CP contains (0 * R (x_kl, yrs, Zxy, delta t)) with a controllable, noise modulated, time- and spatially-variable, artificial hologram. These are folded discrete-time values of vectors of the original image O with noise-modulated, time-discrete values R matching the artificial hologram between user computer and user. [0094] DP contains the O original image from the transposed values of the calculated reciprocals of the Z-transform of the noise signal in the artificial hologram 1 / Z (0 * R / R). Figures Figure 1 Microcomputer Network Plant Figure 2 Method of Data Encryption with E-Book Data Figure 3 Artificial hologram construction mounted on a lens for encoding image data and construction mounted on the display of the camera artificial hologram for decoding image data Fig. 4 Construction in artificial hologram for generating parallel rays of incident rays from different directions with different inclination angles Fig. 5 Layer with temporally variable structured reflector deposits Fig. 6 Reflector construction for generating parallel rays of incoming beams from different angles in the xyz direction Fig. 7 Projector with time-varying artificial hologram for generating beams in different directions and construction for displaying multi-dimensional image and image sequences Fig. 8 Artificial temporally variable hologram for display generating beams in different directions to display partially encrypted, multi-dimensional images and image sequences, and construction to display the decrypted, multi-dimensional images and image sequences. claims
    1. To protect confidential user data from hardware Trojans, the connections between the data entry data store and the data store data output are separated in a user computer and an external microcomputer network is interchanged, which encrypts / decrypts the confidential data and the non-confidential and encrypted / decrypted data in the forwarding the original string to the receiver and consisting of individual microcomputers with specialized IT functions, which are shielded from each other and decoupled from the other microcomputers and can process, store and transfer their own data via a network of electronic components and circuits that direct data communication between the coding and switching microcomputer is prevented [1].
    [2]
    2. Each coding microcomputer generates according to its own rules stochastic data from deterministic data for encrypting and decrypting auxiliary characters from arbitrary electronic strings and uses depending on the granularity characters from a finer division of the character code or multiple characters and receives from the switching microcomputer code-specific data for positioning, microcomputer hierarchy level, granularity, sign and original / auxiliary character, determines from the positioning of the character in a freely selectable electronic string and calculated from the first and some consecutive characters depending on the rule used, the next positioning in one or more lteration / s until the character is found at the last position and calculates from the original / auxiliary character and found characters the encoded original / auxiliary character and the data for the next positioning and transfers this data to the next one n coding microcomputer in the next lower microcomputer hierarchy level until the lowest microcomputer hierarchy level is reached and returns this data to the switch microcomputer [2].
    [3]
    3. Text-encrypted multiple positioning and coding of individual characters with multiple microcomputers, which are allocated via switching microcomputer time window in which only the data communication between the coding and switching computer is possible.
    [4]
    4. For the character found at a position, the following two to n characters are formatted into a numeric value, depending on the length of the string and complexity required, from which the position of the next character is calculated and the procedure repeated several times as necessary The following characters with each iteration will vary depending on the algorithm selected or the final position of the character of a key text will be calculated by adding and subtracting the numeric values of the strings and the characters may come from different strings [3].
    [5]
    5. The stochastic string is made up of several individual strings of different texts A, B, C, D etc., for example, about art, history and literature in different languages, whose characters are continuously addressed and stored, so that a program on the calculated position, can find the memory address and the associated character in the text.
    [6]
    6. The complexity of data encryption is scalable by a refined division of the character set of alphanumeric and numeric characters and their processing by multiple microcomputers as well as multiple position calculations from the random order of characters converted into numeric numbers and their sum according to different classification criteria to different rules for the calculation of the next position lead and are determined by computers with different algorithms in different computer hierarchy levels and iterations.
    [7]
    7. The encrypted characters are stored in a list with values from the first to the xth dimension in different dimensions individually depending on the algorithm in the microcomputer software and filled the other fields with other pseudo-random characters, so that later a quantum computer not can find out in which order the characters were entered and the complexity can be arbitrarily increased by the use of several dimensions.
    [8]
    8. When recording and playing back moving or still images, an artificial hologram is attached to the lens of the camera [4], the display of the camera [5], the computer or the user's glasses [12] in the appropriate resolution for encryption and decryption composed of a plurality of movable transparent zones and reflecting surfaces in different layers excited by stochastic signals and changing the polarization (dx, dy, dz) and the direction (dx, dy, dz) of the incident light Layer 1 with checkerboard pattern of alternating structured and unstructured square surface elements, a checkered alternating metallic and clear square layer 2, the metal layer being applied to the structured surface, a transparent layer 3, a checkered alternating metallic and clear , square layer 4, wherein the Metal layer is applied to the structured surface, a checkerboard alternating patterned and unstructured, square layer 5, wherein the structures of the layers 1 and 5 are fixed as in the chessboard so that the black fields the structured fields of layer 1 and the white Fields are the structured fields of layer 5 [6].
    [9]
    9. Three further layers contain oscillating reflectors with different reflectivities and structures similar to a Fresnel lens for switching the light beam and changing the positioning, so that the smallest image excerpts are emitted at positions and only after passing through the decoding light mediator system in the original order the authorized, authenticated Recipients are displayed [7].
    [10]
    10. The layers are moved back and forth in a plane (horizontal, vertical and circular) so that the incident light shines on the metal surface in the checkerboard pattern after being shifted through the transparent layers and the image is completely imaged.
    [11]
    11. The artificial hologram consists of a checkerboard-like structure with surfaces on which mirrored, time-varying microreflectors light beam and changing the positioning, so that smallest image sections are emitted at positions and only after passing through the decoding light mediation system in the original order the legitimate, authenticated Recipients are displayed [7].
    [12]
    12. The artificial hologram consists of a checkerboard-like structure with surfaces, on which mirrored, time-varying micro-reflector arrays are mounted and non-mirrored surfaces that are oscillating so fast moving depending on the resolution and eye inertia that the reflected rays of the entire image displayed trouble-free become [8].
    [13]
    13. The microcomputers are not interconnected by bus lines and are individually networked through independent, logical electronic data elements over shielded connections, and together form an external network consisting of the ICT component authentication, data input, processing and output, which interact with each other communicate via protected data channels and also use the data memories of non-confidential data for the storage of their encrypted confidential data.
    类似技术:
    公开号 | 公开日 | 专利标题
    Elshamy et al.2013|Optical image encryption based on chaotic baker map and double random phase encoding
    US8429720B2|2013-04-23|Method and apparatus for camouflaging of data, information and functional transformations
    He et al.2009|Security enhanced optical encryption system by random phase key and permutation key
    US7454782B2|2008-11-18|Method and system for camouflaging access-controlled data
    Elshamy et al.2016|Optical image cryptosystem using double random phase encoding and Arnold’s Cat map
    Ramakrishnan2018|Cryptographic and Information Security Approaches for Images and Videos
    Yi et al.2015|Optical compression and encryption system combining multiple measurement matrices with fractional Fourier transform
    Su et al.2020|Optical color image encryption based on chaotic fingerprint phase mask in various domains and comparative analysis
    Madhusudhan et al.2021|A secure medical image transmission algorithm based on binary bits and Arnold map
    US6782101B1|2004-08-24|Encryption using fractal key
    Anees et al.2015|Construction of nonlinear component for block cipher based on one-dimensional chaotic map
    Su et al.2017|Single-lens Fourier-transform-based optical color image encryption using dual two-dimensional chaotic maps and the Fresnel transform
    Alif Siddiqua Begum et al.2018|Secure visual cryptography for medical image using modified cuckoo search
    Sinha et al.2018|Chaotic image encryption scheme based on modified arnold cat map and henon map
    CH712099A2|2017-08-15|System for protecting confidential data from hardware Trojan attacks in information technology systems.
    Abitha et al.2016|Secure communication based on Rubik's cube algorithm and chaotic baker map
    Aljuaid et al.2021|Secure patient data transfer using information embedding and hyperchaos
    Yadav et al.2021|Essential secret image sharing approach with same size of meaningful shares
    Renwick et al.2017|Practical architectures for deployment of searchable encryption in a cloud environment
    Wang et al.2018|Asymmetric color image cryptosystem using detour cylindrical-diffraction and phase reservation & truncation
    Bharathi et al.2021|Secure file storage using hybrid cryptography
    Piao et al.2019|Robust multidepth object encryption based on a computer-generated hologram with a cascaded structure
    Shen et al.2020|Optical single-channel cryptosystem based on the discrete wavelet transform and the chaotic standard map for multi-image
    Khanam et al.2017|Enhanced joint and separable reversible data hiding in encrypted images with high payload
    Shankar et al.2021|Secure and Optimal Secret Sharing Scheme for Color Images
    同族专利:
    公开号 | 公开日
    CH712099B1|2021-04-30|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2019-11-15| AZW| Rejection (application)|
    2020-05-29| AEN| Modification of the scope of the patent|Free format text: :DIE PATENTANMELDUNG WURDE AUFGRUND DES WEITERBEHANDLUNGSANTRAGS VOM 16.01.2020 REAKTIVIERT. |
    优先权:
    申请号 | 申请日 | 专利标题
    CH00163/16A|CH712099B1|2016-02-08|2016-02-08|System for protecting confidential data from hardware Trojan horse attacks in information technology systems.|CH00163/16A| CH712099B1|2016-02-08|2016-02-08|System for protecting confidential data from hardware Trojan horse attacks in information technology systems.|
    [返回顶部]