Modern Encryption from the Beginning : The Split-Key
April 24, 2020
Today we can experience a whole new world of encryption due to a man who led the way in cryptography. Thanks to Whitfield Diffie and his invention of public-key cryptography, we started down a path to provide privacy over digital communications and commerce.
Before public keys, cryptography systems relied on symmetric keys. The symmetric keys were unreliable and challenging because the same key passed down from person to person, which increased the chances of compromise. Because of this, Diffie forged a new path. He wanted to provide everything from his one-way authentication scheme along with uniquely delivering encryption and decryption. These two ideas merged into the invention of splitting up the key.
Diffie created two different keys, one public and one private, to ensure privacy and decrypt the messages that were encrypted. The public key would perform the job of scrambling a plain text message, which included a secret trapdoor built into it so that outsiders are not able to read it. On the other hand, the private key unlocked the trapdoor message to allow the holder to read it. This public key system provides everyone the ability to generate a unique key pair where no outsider can gain separate components.
These public-private keys started up modern-day encryption. It was able to solve many problems such as untrustworthy administrators, the privacy of communication, the authenticity of senders and documents, and electronic commerce. Whitfield Diffie’s invention of the split key was able to unlock the door to a new way of encryption and has forever transformed the way we think of encryption.
While some technologies such as Pretty Good Privacy (PGP) still rely on a public and private-key methodology, breakthroughs such as the split key have leed to innovations in encryption, including the Portable Encrypting File System (PEFS). A PEFS takes the benefits of split-key encryption even further. With the split key, the sender can safely transmit a message to the intended recipient, but the sender has no control over the recipient forwarding on the decrypted message. The sender was able to protect the data in transit but has lost control of data once the recipient decrypts it.
A PEFS integrates with any modern file system, so any data which is protected is portable to other devices allowing the data to remain encrypted at all times. In SecureCircle’s patented implementation of a PEFS, the file is never decrypted, so control over the data always remains even if recipients try to forward the file to third parties.
The SecureCircle agent monitors each request to data within the PEFS and ensures the device, users, and application are allowed access to the content. SecureCircle has a feature called Application Allowed List, which allows only specific applications to access to protected files. Applications not on the Allowed List are only allowed to copy, move, and rename files.
The original file and the protected file have the same MD5 checksum because to the host operating system and applications, the original file and PEFS protected file are identical.
Building upon the early innovation of split key encryption, our PEFS enables users to transparently access protected data without having to know any encryption key. Users with authorization will see no change in their workflow. Unauthorized users will see access denied errors when attempting to access protected data. The PEFS handles the operation of encryption and decryption while our Data Access Security Broker (DASB) manages access control policies that allow users to interact with the data.
Prevent Data Breaches
Let’s discuss your unique cybersecurity challenges and needs.
If you want to notified when we post the newest content about mitigating insider threats, data breaches, protecting source code, and DASB, please subscribe to our SecureCircle newsletter.