US-12627480-B1 - Systems for quantum cyber resilience of digital assets in transit

Abstract

Embodiments of systems providing quantum cyber resilience protection of digital assets of a computer system in transit from tampering and/or decrypting including quantum computer cryptographic attacks.

Inventors

• Noel J. Grover
• Eric J. Mencke
• William Austin
• Joseph J. Helwig
• Clifford F. Cruz
• Bradley D. Pedersen
• Konrad J. Grutzmacher

Assignees

• VoiceIt Technologies, LLC

Dates

Publication Date

20260512

Application Date

20240131

Claims (20)

1. 1 . A computer-implemented digital asset protection system configured to protect a set of original files of digital assets as quantum incrypted data that is quantum cyber resilient, the system comprising: a random number generator configured to generate a random key; and a packager system isolated in a secure computing environment and securely connected to the random number generator, the packager system configured to protect the set of original files as quantum incrypted data by a set of protocols including: fragment each file into fragments each being a quantum element; inject each quantum element with a set of random noise seeded by the random number generator; and encrypt each quantum element using an encryption protocol and the random key; such that there is a set of quantum elements for the set of original files in which each quantum element has a random size that exceeds a threshold size with a total number of quantum elements for each file exceeding a threshold number, the set of random noise for each quantum element is a set of random sizes of noise at a set of random locations in the quantum element whereby decryption of the quantum element would produce corrupted data if the set of random noise is not correctly removed before decryption, and each quantum element has an element name that is a random string of alphanumeric characters having a common length; shuffle the set of quantum elements into a random order such that the set of quantum elements is configured to be stored in a non-volatile memory as a quantum incrypted data image for the set of original files; create a quantum element map that includes for each quantum element the corresponding quantum element name together with the random order and random size of that quantum element and the set of random sizes and the set of random locations of the set of random noise in that quantum element; create a quantum cryptography map including the quantum random key and a nonce value and for each file of the set of original files a set of element names of the quantum elements that correspond to each of the fragments of that file together with an original file name and a set of metadata for that file; and configure the quantum element map and the quantum cryptography map to be stored in a non-volatile memory as a quantum containment unit for the quantum incrypted data image.
2. 2 . The computer-implemented digital asset protection system of claim 1 wherein the random number generator is one of a software-based quantum random number generator, a hardware-based quantum random number generator, a random number generator, and a software-based pseudo random number generator that is physically within the secure computing environment or is connected to the secure computing environment by a secure network connected via using a double ratchet encryption and transmission control protocol.
3. 3 . The computer-implemented digital asset protection system of claim 1 wherein the set of protocols that includes fragment, inject and encrypt is performed in a protocol order selected from the set consisting of: (i) fragment then inject then encrypt, (ii) encrypt then fragment then inject, and (iii) encrypt then inject then fragment.
4. 4 . The computer-implemented digital asset protection system of claim 3 wherein the protocol order is variable for the set of original files, and wherein the quantum cryptography map includes the protocol order.
5. 5 . The computer-implemented digital asset protection system of claim 1 wherein the random size of a quantum element is not padded if a size of an original fragment of an original file is larger than the threshold size and is padded with a set of random noise to exceed the threshold size if the size of the original fragment of the original file is smaller than the threshold size.
6. 6 . The computer-implemented digital asset protection system of claim 1 wherein the threshold number of quantum elements is 32 and the threshold size of each quantum element is 256 bytes.
7. 7 . The computer-implemented digital asset protection system of claim 1 wherein the random size and the random string of each quantum element is one of a random value based on the random number generator, and wherein the set of random sizes at the set of random locations of the set of random noise are unique for each quantum element and each is one of a random value based on the random number generator, and wherein the random order is one of a random value based on the random number generator.
8. 8 . The computer-implemented digital asset protection system of claim 1 wherein the encryption algorithm is one of a set of quantum-resistant encryption algorithms approved by the National Institute of Standards and Technology.
9. 9 . The computer-implemented digital asset protection system of claim 1 wherein the set of original digital assets includes one or more of data, code, databases, training sets, weighting sets, text, ciphertext that is hardware and/or software encrypted data, digital content or digitally personal identifiable information, or any electronic or optical information in the form of a file, a record or an element as one of the set of digital assets that is at rest, in use or in transit.
10. 10 . The computer-implemented digital asset protection system of claim 1 wherein the set of protocols further comprises: add a set of decoy files to the set of original files, each decoy file formed of a random amount of random noise, wherein the packager system is programmed to selectively apply the set of protocols to each decoy file based at least on a setting for the set of decoy files, whereby the packager system is configured to apply only the protocol to fragment each decoy file into quantum elements or to selectively apply up to all of the protocols of the set of protocols to each decoy file, wherein the quantum cryptography map further includes an indication for each file of the set of original files of whether the file is a decoy file and an indication of what protocols of the set of protocols to apply to a decoy file.
11. 11 . The computer-implemented digital asset protection system of claim 10 wherein the packager system is programmed to variably configure the quantum incrypted data image based at least on a setting for a level of incryption, whereby the packager system determines a different number of decoy files to add as the set of decoy files based on the setting for the level of incryption and a total number of original files in the original set of files.
12. 12 . A computer-implemented digital asset protection system configured to protect a set of original files of digital assets as quantum incrypted data that is quantum cyber resilient when the set of original files is transmitted from a first computing node operably connected by a network to a second computing node, the system comprising: a packager system operably configured to be stored and executed from a volatile memory of a first computing node and operably connected to a random number generator configured to generate a random key, the packager system being configured to package the set of original files by: using a set of quantum hybrid ciphers seeded by the random key and processed in a pseudo random cipher order to incrypt a set of quantum elements for the set of original files in which each quantum element has a random size that exceeds a threshold size and has an anonymized quantum element name and in which a total number of quantum elements for the set of original files exceeds a threshold number; using the random key to package the set of quantum elements in a random element order as a quantum incrypted data; creating a quantum containment unit that includes: the random key; the pseudo random cipher order of the plurality of quantum hybrid ciphers; for each file of the set of original files a set of quantum element names of the quantum elements for that file; and for each quantum element the quantum element name and a location of the quantum element in the quantum encrypted data based on the random element order of the set of quantum elements; and operably transmit the quantum incrypted data and the quantum containment unit to the second computing node; and an unpackager system operably configured to be stored and executed from a volatile memory of the second computing node and that includes a set of quantum random ciphers and is configured to operably receive the quantum containment unit and the quantum incrypted data in the volatile memory of the second computing node, and to unpackage the original set of files by: using the quantum containment unit to: unpackage the quantum elements from the quantum incrypted data; dicrypt each of the quantum elements processed in the pseudo random cipher order; restore the set of quantum elements by reordering the random element order of the quantum elements for each original file; and restore the original file name for each original file.
13. 13 . The computer-implemented digital asset protection system of claim 12 wherein the random number generator in one of a software-based quantum random number generator, a hardware-based quantum random number generator, a random number generator, and a software-based pseudo random number generator.
14. 14 . A computer-implemented digital asset protection system configured to be executed by a networked computer system having two or more nodes to protect a set of original files of digital assets, the digital asset protection system comprising: a packager system executing on a first node and operably configured to use a set of random seeds and a set of hybrid cryptography ciphers that includes at least one standard cipher and a plurality of non-standard ciphers to incrypt the set of original files as incrypted data in a set of ciphertexts with each ciphertext having a corresponding cryptex that includes information used to determine a dynamic cipher stack, a set of cipher keys, and a set of meta data unique to that ciphertext; and an unpackager system executing on a second node and operably configured to dicrypt the incrypted data of each ciphertext in the set of ciphertexts using the corresponding cryptex to restore the set of original files, wherein the set of ciphertexts and the corresponding cryptexes incrypted by the first node are operably communicated over the networked computer system to the second node as incrypted data that is quantum cyber resilient as data in transit representing the set of original files of digital assets.
15. 15 . The computer-implemented digital asset protection system of claim 14 , wherein the packager system further includes a protocol of adding a set of decoy files to the set of original files, each decoy file formed of a random amount of random noise, and wherein the cryptex includes an indication for each file of the set of original files of whether the file is a decoy file.
16. 16 . The computer-implemented digital asset protection system of 14 , wherein the set of ciphertexts includes one or more quantum incrypted data ciphertexts, and the corresponding cryptex for each ciphertext is a quantum containment unit, the dynamic cipher stack includes at least one standard cipher as a first cipher or a last cipher in the cipher stack and a pseudo randomized number, selection, and order of four or more non-standard ciphers in the cipher stack, the set of random seeds includes one or more random number seeds generated by one of a standard pseudo-random number generator source, a random number generator source, or a quantum random number generator source, and the set of cipher keys includes one or more keys and/or nonces generated for each of the set of cipher keys.
17. 17 . The computer-implemented digital asset protection system of claim 14 , wherein the packager system incrypts each ciphertext of incrypted data as a set of pieces each having an obfuscated piece name and the set of pieces arranged in a random element order based on the set of random seeds with the random element order and the obfuscated piece name stored as meta data in the corresponding cryptex, and wherein the unpackager system dicrypts each ciphertext using the corresponding cryptex by accessing the set of pieces based on the obfuscated pieces names and reordering the set of pieces arranged in the random element order to restore an original order to the set of pieces and then using the dynamic cipher stack and the set of cipher keys and the meta data in the corresponding cryptex to restore the original set of files with an original set of file names for each original file from the set of meta data.
18. 18 . The computer-implemented digital asset protection system of claim 14 , wherein the packager system further includes a protocol of injecting random noise generated from the set of random seeds into each piece of the set of pieces by determining a set of random locations in the piece based on the set of random seeds and injecting random noise at each random location of the set of random locations, and wherein the cryptex includes information representing the set of random locations.
19. 19 . The computer-implemented digital asset protection system of claim 14 , wherein the digital asset protection system is a streaming communication system for data in transit having a transmitter node in the first node configured with the packager system to operate in a low-latency mode that blends and salts the set of ciphertexts and the corresponding set of cryptexes with a symmetric secret into packets of a data stream to be communicated over an unsecure channel to a receiver node in the second node which has prior access to the symmetric secret and is configured with an unpackager system to reconstitute the data stream as the set of ciphertexts using the corresponding set of cryptexes that are unsalted with the symmetric secret before the data in transit is restored by dicryption.
20. 20 . The computer-implemented digital asset protection system of claim 14 , wherein the digital asset protection system is a data transfer system for data in transit having a transmitter node in the first node configured with the packager system configured to operate in a normal mode that blends and salts the set of ciphertexts and the corresponding set of cryptexes with a symmetric secret into packets of a bulk data transfer to be communicated over an unsecure channel to a receiver node in the second node which has prior access to the symmetric secret and is configured with an unpackager system to reconstitute the bulk data transfer as the set of ciphertexts using the corresponding set of cryptexes that are unsalted with the symmetric secret before the data in transit is restored by dicryption.

Description

REFERENCE TO RELATED APPLICATIONS This application claims the benefit of: U.S. Provisional Application Ser. No. 63/482,468 (filed Jan. 31, 2023),U.S. Provisional Application Ser. No. 63/590,714 (filed Oct. 16, 2023),U.S. Provisional Application Ser. No. 63/592,354 (filed Oct. 23, 2023),U.S. Provisional Application Ser. No. 63/627,513 (filed Jan. 31, 2024),U.S. Provisional Application Ser. No. 63/627,588 (filed Jan. 31, 2024),U.S. Provisional Application Ser. No. 63/627,638 (filed Jan. 31, 2024), andU.S. Provisional Application Ser. No. 63/627,664 (filed Jan. 31, 2024). The disclosure of each of the prior applications is considered part of and is incorporated by reference in the disclosure of this application. TECHNICAL FIELD The present disclosure relates generally to protecting data at rest to assure secure storage of data. More particularly, the present disclosure relates to providing quantum cyber resilience protection of digital assets to be stored at cold rest in non-volatile memory of a computer system from tampering and/or decrypting including by quantum computer cryptographic attacks. BACKGROUND Cryptography is used to protect the secrecy, integrity and authenticity of messages and information. In modern computer and information technology (IT) systems, numerous cryptographic standards and techniques have been developed for digital information (data and/or code) that employ digital encryption, signatures, and authentication to secure and protect this information. See, Schneier, B., Applied Cryptography (1993); Wong, D., Real World Cryptography, (2021). Most cryptography techniques are used to protect digital messages and information in transit, typically by using an encryption key protocol. One of the critical challenges with use of encryption key protocols is that the level of security for such protocols is directly related to both the length of the message and the length of the encryption key. As computing power has increased, brute force attacks to crack encryption keys have resulted in the need to increase the length of encryption keys to increase the number of possible key combinations. Current encryption protocols are referred to as standard ciphers because they are vetted by organizations or agencies such as the National Institute of Standards and Technology (NIST). Examples of current standard encryption algorithms are the Advanced Encryption Standard (AES) protocols which typically use keys with either 128 bits (2128=3.4e+38 possibilities) or 256 bits (2256=1.2e+77 possibilities). The total time needed to try all such possibilities for AES 128-bit keys would require at least tens to thousands of years using conventional computer systems, thereby making such protocols well-suited for protecting relatively shorter messages and data in transit from attacks by classical computers. Digital assets such as data/code that is stored at cold rest in non-volatile memory/cold storage systems such as a hard disk drive or solid-state drive present additional security challenges. Such data/code in cold storage can include the operating systems and certain application programs that are loaded at startup and then used to boot up and run a computer system. The data/code in these files are often referred to as a boot image. Various cryptographic solutions have been developed to protect data at cold rest from tampering including the boot image and the entire non-volatile cold storage system for a computer system. Hardware approaches for encrypting the entire cold storage system are described, for example, in U.S. Pat. Nos. 8,473,754, 9,575,903, 9,785,801, 9,996,479, 10,691,837, 10,992,453 and 11,243,893, as well as U.S. Publ. Nos. 2020/0159888 and 2020/0117810. Other approaches for protecting data at rest in cold storage are described, for example, in U.S. Pat. Nos. 8,782,436, 9,419,796, 9,767,306, 10,360,395, 10,476,664, 10,860,744, 10,860,745, 11,297,166, 11,641,347, 11,777,724, and 11,550,883, as well as U.S. Publ. No. 2020/0195446, 2021/0306145, and 2023/0291545. Over the last fifty years as the performance and power of computer systems has continued to increase, the size of a typical boot image and of cold storage systems has increased from kilobytes to gigabytes or even terabytes. This increase in size can present security challenges when using conventional cryptographic techniques as the larger the size of an encrypted file, the easier it can be to attack or hack such a file. Such attacks are often based on finding patterns and relationships in such large files when an encryption key is not truly random or when arrangements of data can be inferred. In recent years, a different kind of challenge to conventional encryption techniques has arisen based on the potential use of quantum computing and artificial intelligence powered attacks. The potential power of quantum decryption is encouraging hackers to employ a harvest-now-decrypt-later tactic to steal sensitive conventionally encrypted data today using c