Abstract: For an encryption-protected decentralized and replicated blockchain file storage system maintained and managed by a channel of peers, the invention creates the additional levels of trust that are needed for peer voter authentication and transaction proposal endorsement. The invention effectively excludes hostile agents from influencing or impersonating legitimate voter peers through the mathematical strength of the K-of-N mechanism based on secret sharing with cryptographic hashing. In a further embodiment an extension to nested signatures is disclosed to enforce signing order.

Abstract: A method by which a hardware security module can attest remotely to its measure of trust as determined by its security certifications and the Level of Assurance it can be relied on to support without the human witnessing elements that are currently used to validate this trust. In a further embodiment the Level of Assurance can be transported to a second hardware security module.

Abstract: For an encryption-protected decentralized and replicated blockchain file storage system maintained and managed by a channel of peers, the invention creates the additional levels of trust that are needed for peer voter authentication and transaction proposal endorsement. The invention effectively excludes hostile agents from influencing or impersonating legitimate voter peers through the mathematical strength of the K-of-N mechanism based on secret sharing with cryptographic hashing. In a further embodiment an extension to nested signatures is disclosed to enforce signing order.

Abstract: A method by which a hardware security module can attest remotely to its measure of trust as determined by its security certifications and the Level of Assurance it can be relied on to support without the human witnessing elements that are currently used to validate this trust. In a further embodiment the Level of Assurance can be transported to a second hardware security module.

Abstract: A method for encryption and sealing of a plaintext file by hashing the plaintext file to produce a plaintext hash, encrypting the plaintext file to produce ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash. This provides verification for non-repudiation and protects against undetected malware corrupting the plaintext or ciphertext files.

Abstract: A device and method for file encryption and decryption with a cryptographic processor reconstituting a file encryption key from a version of the key which has been shrouded with a network authorization code. This meets a need for restricted communication and data containment by limiting access to a pre-defined community-of-interest, so that no one outside of that community can decrypt encrypted content.

Abstract: A method for encryption and sealing of a plaintext file by hashing the plaintext file to produce a plaintext hash, encrypting the plaintext file to produce ciphertext, hashing the ciphertext to produce a ciphertext hash, hashing the plaintext hash and the ciphertext hash to produce a result hash, and sealing the ciphertext together with the result hash. This provides verification for non-repudiation and protects against undetected malware corrupting the plaintext or ciphertext files.

Abstract: A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.

Abstract: A portable encryption device with logon access controlled by an encryption key, with an on board cryptographic processor for reconstituting the encryption key from a plurality of secrets generated by a secret sharing algorithm, optionally shrouded with external secrets using an invertible transform resistant to quantum computing attacks. Another embodiment provides file decryption controlled by a file encryption key, with the on board cryptographic processor reconstituting the file encryption key from a version of the file encryption key which has been shrouded with a network authorization code. A method for encryption of a plaintext file by hashing, compressing, and encrypting the plaintext file, hashing the ciphertext, hashing the plaintext hash and the ciphertext hash, and sealing the ciphertext together with the resulting hash. A portable encryption device for performing the method is also disclosed.