Envaulting is the process of transforming information (referred to as plaintext) using a diffusion algorithm (usually a standard cipher such as 256-bit Advanced Encryption Standard) and a bit removing algorithm, to make the information unreadable to anyone except those authorized to view it.
In the process, the plaintext is first diffused to form ciphertext. Then, a number of selected bits are removed from the ciphertext. The process outputs two results: ciphertext that is missing information (referred to as envaulted data) and a group of removed bits (referred to as data fragments).
To reverse the process, i.e. to de-vault information, the envaulted data must first be joined with the data fragments, using a join algorithm, so that the removed bits are inserted back to their original places, and then the ciphertext must be decrypted.
Confidentiality is protected because information is ciphered and the ciphertext is then made irrecoverable by removing bits from it. The ciphertext can be successfully decrypted only after inserting the removed bits back to their exact places.
Data integrity is protected because the data fragments form a unique fingerprint of the original information. If the envaulted data is altered in any way, joining it with the data fragments does not produce a valid ciphertext and decryption will fail.
However, the limited availability of envaulting can be converted into a strength in cases where availability of certain data is wanted to depend on a user's current access to e.g. a network resource. For example, local data remaining unavailable until a controlled network access to a data fragment storage is established. The limited availability can therefore be used to remotely control and monitor different users’ or user groups’ access to the original information.
Envault Corporation has filed international patent applications protecting the envaulting method and several implementation level solutions.
WIPO ASSIGNS PATENT TO ENVAULT FOR "METHOD AND ARRANGEMENT FOR PROTECTING FILE-BASED INFORMATION" (FINNISH INVENTORS)
Jan 09, 2011; GENEVA, Jan. 9 -- Publication No. WO/2011/001030 was published on Jan. 06. Title of the invention: "METHOD AND ARRANGEMENT FOR...
Publication No. WO/2009/083635 Published on July 9, Assigned to Envault Oy for Non Real Time Content Protection Method (Finnish Inventor)
Jul 16, 2009; GENEVA, July 16 -- Ville Ollikainen, Finland, has developed a method and apparatus for protecting non real time content. The...