Description:FIELD OF THE INVENTION

[0001] The present invention relates to a data protection system that enables users to securely safeguard their sensitive information by transforming it through a series of cryptographic and obfuscation processes. In addition, the system ensures that data is encrypted and decrypted using a mapping technique combined with secure key generation, thereby preventing unauthorized access and maintaining data confidentiality.

BACKGROUND OF THE INVENTION

[0002] In the current era, where vast amounts of personal and organizational data are stored and transmitted electronically, the risk of data breaches, cyber-attacks, and information theft has increased significantly. Conventional encryption methods, while effective to an extent, are often susceptible to evolving attack vectors and may not provide sufficient obfuscation or adaptability to emerging threats. Furthermore, the complexity of key management and the lack of layered security measures can leave critical data vulnerable, especially in environments where users may not possess technical expertise.

[0003] In many situations, the security of confidential data relies on the strength of cryptographic keys and the robustness of the encryption protocols employed. However, if the key generation process is predictable or if the encryption method is widely known and targeted, attackers may exploit these weaknesses to compromise protected information. Additionally, traditional systems often lack mechanisms for securely mapping and storing encryption keys and associated metadata, leading to potential data loss or unauthorized recovery. The absence of real-time monitoring and backup of cryptographic assets further exacerbates the risk of data compromise.

[0004] US20140013452A1 discloses embodiments of the invention broadly described, introduce systems and methods for protecting data at a data protection hub using a data protection policy. One embodiment of the invention discloses a method for protecting unprotected data. The method comprises receiving a data protection request message comprising unprotected data and one or more policy parameters, determining a data protection transformation using the policy parameters, performing the data protection transformation on the unprotected data to generate protected data, and sending the protected data.

[0005] EP0706118A1 discloses a data-protection system which permits authorized users to use a target data through a simple operation but does not permit unauthorized users to use the program even though they may be able to copy it. A data-protecting system in which a center prepares a special algorithm which is secretly held by the center only, the center prepares a secret algorithm exclusively for the data and for the user by applying the center algorithm to the data and the user identifier which are inherent to the data and the user, and are well-known to the public and are used without any change, and supplies the secret algorithm to the user and to the data supplier and then when it happens that the data supplier must supply a data to the user, the data supplier prepares the same and a specific encryption key between the data that is to be supplied and the user by inputting the user identifier to the secret algorithm of the data that is to be supplied, encrypts part or whole of the data that is to be supplied directly or indirectly based on the encryption key and supplies it to the user, and the user prepares the same encryption key between the data that is supplied and the user based upon the data identifier that is supplied and his own secret algorithm and decrypts the encrypted data directly or indirectly.

[0006] As discussed in prior art, various systems and data protection methods have been developed, focusing on key generation, encryption, and storage. However, these conventional systems do not address the combined need for unpredictable key management, secure storage of encryption paths, and multi-layered obfuscation. In addition, these existing systems also often fail to provide a solution that integrates cryptographically secure randomization, data mapping, and encoding techniques.

[0007] In order to overcome the aforementioned drawbacks, there exists a need in the art to develop a system that requires to enable secure acquisition, encryption, and storage of sensitive information by providing cryptographic key generation, mapping, and obfuscation techniques. In addition, the developed system also needs to facilitate management of passwords and data protection operations, thereby ensuring both the security and accessibility of digital information in diverse use cases.

OBJECTS OF THE INVENTION

[0008] The principal object of the present invention is to overcome the disadvantages of the prior art.

[0009] An object of the present invention is to develop a system that safeguards sensitive information, ensuring that only authorized individuals’ access or modify the information, which reduces the risk of data breaches and protects users from identity theft or fraud.

[0010] Another object of the present invention is to develop a system that addresses the risk of accidental or malicious data loss by enabling secure storage and reliable recovery of information, giving users peace of mind that their data remains intact and retrievable.

[0011] Another object of the present invention is to develop a system that helps users comply with privacy regulations and legal standards, by securing personal and confidential data, thereby reducing the risk of penalties and supporting users’ rights to privacy.

[0012] Another object of the present invention is to develop a system that promotes trust by providing data protection, which reassures users that their information is handled with care and integrity, thereby strengthening relationships between users and service providers.

[0013] Another object of the present invention is to develop a system that allows the user to access and process their information efficiently, with streamlined and secure data management, thereby reducing time spent on data retrieval and minimizing disruptions caused by data-related incidents.

[0014] Yet another object of the present invention is to develop a system that helps the user to avoid the significant financial costs and reputational damage associated with such incidents, by preventing data breaches and loss, thereby supporting long-term sustainability and growth.

[0015] The foregoing and other objects, features, and advantages of the present invention will become readily apparent upon further review of the following detailed description of the preferred embodiment as illustrated in the accompanying drawings.

SUMMARY OF THE INVENTION

[0016] The present invention relates to a data protection system that allows users to securely encrypt and decrypt their information by modifying the original data with cryptographic keys and encoding it into a non-standard format, enhancing data security against interception or tampering. Additionally, the system stores essential encryption parameters safely and monitors their integrity to ensure reliable data protection over time.

[0017] According to an embodiment of the present invention, a data protection system, comprising a data acquisition unit to facilitate inputting of a string to be protected, a key generation module to generate a cryptographic key, the key generation module includes SHA-256, SHA-512 and AES (Advanced Encryption Standard) encryption protocols, a binary tree generation module to generate a random binary tree along with traversals by a cryptographically secure shuffle of a character set, the binary tree is used to encrypt and decrypt the string by mapping characters of the string to tree paths associated with the binary tree, a storage module for storing the key and the traversals and an obfuscation module to encode string into morse code.

[0018] According to another embodiment of the present invention, the system further includes a non-transitory computer-readable medium storing instructions which, when executed by one or more processors, cause one or more processors to acquire the string to be encrypted or decrypted, receive a password, generating the cryptographic key, modifying the string with the key, generating and traversing the binary tree and encoding string into morse code, the keys and traversals are periodically backed up from the storage module, health of the keys and traversals is periodically monitored and a user interface is associated with the system to provide options including register passwords, encrypt data, decrypt data, and exit.

[0019] While the invention has been described and shown with particular reference to the preferred embodiment, it will be apparent that variations might be possible that would fall within the scope of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

[0020] These and other features, aspects, and advantages of the present invention will become better understood with regard to the following description, appended claims, and accompanying drawings where:
Figure 1 exemplarily illustrates a schematic diagram depicting workflow of a data protection system.

DETAILED DESCRIPTION OF THE INVENTION

[0021] The following description includes the preferred best mode of one embodiment of the present invention. It will be clear from this description of the invention that the invention is not limited to these illustrated embodiments but that the invention also includes a variety of modifications and embodiments thereto. Therefore, the present description should be seen as illustrative and not limiting. While the invention is susceptible to various modifications and alternative constructions, it should be understood, that there is no intention to limit the invention to the specific form disclosed, but, on the contrary, the invention is to cover all modifications, alternative constructions, and equivalents falling within the spirit and scope of the invention as defined in the claims.

[0022] In any embodiment described herein, the open-ended terms "comprising," "comprises,” and the like (which are synonymous with "including," "having” and "characterized by") may be replaced by the respective partially closed phrases "consisting essentially of," consists essentially of," and the like or the respective closed phrases "consisting of," "consists of, the like.

[0023] As used herein, the singular forms “a,” “an,” and “the” designate both the singular and the plural, unless expressly stated to designate the singular only.

[0024] The present invention relates to a data protection system that is accessed by a user to protect their digital information by applying a multi-layered approach involving secure key creation, randomized data structuring, and encoding techniques. In addition, the system also supports periodic backup and health checks of security parameters, providing a user-friendly environment for managing encrypted data and ensuring its availability and integrity whenever needed.

[0025] Referring to Figure 1, a schematic diagram depicting workflow of a data protection system is illustrated, comprising a data acquisition unit, which facilitates input of a string that needs to be protected. The data acquisition unit serves as an entry point for the system. The data acquisition unit is responsible for capturing or receiving the string (data) that needs to be secured. In an embodiment of the present invention, the data acquisition unit can be a user interface, an API endpoint, or a sensor input.

[0026] The primary role of data acquisition unit is to ensure that the data to be protected is accurately and securely acquired for further processing. The proper data acquisition is foundational in the system, as errors or vulnerabilities at this stage may compromise the entire security process.

[0027] A key generation module is critical for ensuring the confidentiality and integrity of the data. The key generation module generates cryptographic keys by utilizing cryptographic protocols such as SHA-256 and SHA-512 (which are secure hash functions) and AES (a widely adopted symmetric encryption standard). These keys are then used to encrypt and decrypt the data, making it unreadable to unauthorized users. The combination of hashing (for integrity and password processing) and AES (for encryption) aligns with best practices in modern data protection, ensuring that sensitive information remains confidential and tamper-proof.

[0028] A binary tree generation module introduces an additional layer of complexity and randomness to the data protection process by generating a random binary tree structure by shuffling a character set using cryptographically secure methods. The traversals of this tree are used to further obfuscate or transform the data, making unauthorized decryption significantly more difficult. The use of cryptographically secure randomization is essential to prevent predictable patterns that attackers might exploit, thereby enhancing the overall security of the system.

[0029] The binary tree is used to encrypt and decrypt the string by mapping characters of the string to tree paths associated with the binary tree. The system introduces an effective approach for encryption and decryption by utilizing the structure and traversal properties of a binary tree. Each character of the input string is mapped to a specific path or node within a randomly generated binary tree. The process begins by converting the characters of the string (often using their ASCII values) and then inserting them into the binary tree according to a defined logic, such as using ASCII values as comparative measures for placement, or by pairing characters and performing arithmetic operations before insertion.

[0030] During encryption, the tree is constructed so that each character occupies a unique position based on the mapping strategy. For instance, consecutive characters can be paired, and their values manipulated (e.g., by summing ASCII values with position indices) before being inserted into the tree, which creates a complex structure where the relationship between the original string and its encrypted form is obscured by the tree's topology and traversal order.

[0031] Once the binary tree is fully constructed, a specific traversal method, such as level order, in-order, or pre-order is used to generate the encrypted output. The traversal sequence determines the order in which the characters are read out from the tree, effectively permuting the original data in a way that is only reversible with knowledge of the tree structure and traversal method, which adds a strong layer of confusion and diffusion, making cryptanalysis and pattern recognition significantly more challenging for attackers.

[0032] For decryption, the process is reversed. The encrypted string is used to reconstruct the binary tree in the same manner as during encryption. By applying the inverse traversal or mapping procedure, the system retrieves the original character sequence, which ensures that only parties with access to the correct binary tree structure and traversal logic successfully decrypts the data.

[0033] A method for encrypting the string comprises steps of:
• Step 1: Acquiring the String
The process begins with capturing the string that needs to be encrypted. In an embodiment of the present invention, this might be user input, data from a file, or any other form of digital information that requires protection.
• Step 2: Receiving a Password
Next, the user provides a password. The password acts as the basis for generating a cryptographic key, introducing a layer of user-specific security. Only those with the correct password is able to proceed with encryption or decryption.
• Step 3: Generating a Cryptographic Key Based on the Password
The key generation module uses the provided password to create a cryptographic key, which is typically accomplished by applying cryptographic hash functions (such as SHA-256 or SHA-512) and possibly encryption protocols (like AES) to the password, ensuring the key is both strong and unique for each session or user.
• Step 4: Modifying the String by Adding Halves of the Key to the Beginning and End
The generated cryptographic key is split into two halves. One half is appended to the beginning of the original string, and the other half to the end. This step creates a modified string, making the plaintext less recognizable and adding a layer of obfuscation even before the main encryption process begins.
• Step 5: Generating a Random Binary Tree and Traversals by Cryptographically Secure Shuffle
The binary tree is constructed using the modified string. The character set from the modified string is shuffled using a cryptographically secure method, ensuring randomness and unpredictability. The binary tree structure, along with its traversals (such as level order, in-order, or pre-order), is then used to permute the string further, serving as the core encryption, which utilizes both substitution and permutation, making cryptanalysis more difficult.
• Step 6: Saving the Encrypted String in a File
Finally, the resulting encrypted string is stored in a file, which ensures that the encrypted data is preserved for future retrieval and decryption, while also allowing for secure transmission or storage.

[0034] A method for decrypting the encrypted string comprises steps of:
• Step 1: Acquiring the Encrypted String
The decryption process starts by retrieving the encrypted string, typically from a file where it was previously stored.
• Step 2: Receiving the Password
The user is prompted to enter the password that was used during encryption. This step ensures that only authorized users can access the original data.
• Step 3: Generating the Key from the Password
The system uses the password to regenerate the cryptographic key, following the same procedure as in the encryption process, which guarantees that the key used for decryption matches the one used for encryption.
• Step 4: Reconstructing the Binary Tree from Stored Traversals
Using the stored traversal information and the character set, the binary tree is reconstructed exactly as it was during encryption. This is crucial, as the correct tree structure is necessary to accurately map the encrypted data back to its original form.
• Step 5: Traversing the Binary Tree to Map Characters and Arrive at the Modified String
The system traverses the reconstructed binary tree according to the same logic used during encryption, recovering the modified string (i.e., the original string with the halves of the key at the beginning and end)
• Step 6: Removing Halves of the Key from the Beginning and End to Obtain the Original String
Finally, the halves of the cryptographic key are stripped from the beginning and end of the modified string, revealing the original plaintext string as input by the user.

[0035] A storage module is responsible for securely storing the generated cryptographic key and the binary tree traversal information. Secure storage is a m foundation of the system, as improper handling or exposure of keys may render even the strongest encryption useless. In an alternated embodiment of the present invention, the storage module may utilize secure hardware, encrypted databases, or other secure storage arrangement to ensure that only authorized processes or users can access these sensitive elements

[0036] An obfuscation module adds another layer of protection by encoding the data string into Morse code. While Morse code itself is not a cryptographic method, it serves as an additional obfuscation step, making the data less immediately recognizable and adding complexity for potential attackers. Obfuscation techniques like this slow down attackers and provide defence in depth, especially when combined with strong encryption.

[0037] A non-transitory computer-readable medium (such as a hard drive, SSD, or memory chip) contains the instructions that, when executed by one or more processors, automate the following operations:
• a. Acquire the string to be encrypted or decrypted: Ensures the system receives the correct input data.
• b. Receive a password: Adds an authentication step, ensuring that only authorized users to initiate encryption or decryption, supporting access control best practices.
• c. Generate the cryptographic key: Uses the key generation module to create a secure key based on the password or other inputs.
• d. Modify the string with the key: Applies cryptographic transformations (encryption/decryption) to the data using the generated key.
• e. Generate and traverse the binary tree: Employs the binary tree module to further transform or obfuscate the data.
• f. Encode the string into Morse code: Finalizes the obfuscation process before storage or transmission.

[0038] The system ensures consistency, repeatability, and security in its data protection operations by integrating these steps into a set of executable instructions.

[0039] The system ensures the ongoing security and availability of cryptographic keys and binary tree traversal data by implementing a periodic backup strategy. Periodic backups involve copying these critical elements from the storage module to a secure secondary location on a scheduled basis such as daily, weekly, or at another interval determined by system requirements and risk assessments.

[0040] This approach protects against data loss due to accidental deletion, hardware failure, cyberattacks, or other disasters. By regularly backing up the keys and traversals, the system maintains the ability to restore encrypted data even if the original storage becomes compromised. In an alternated embodiment of the present invention, using a combination of full, incremental, or differential backups, enhance balance data protection with storage efficiency and recovery speed.

[0041] To further enhance security and data integrity, the system periodically monitors the health of stored keys and traversals. Health monitoring involves regularly checking for signs of corruption, unauthorized alteration, or loss of these critical data elements. In an embodiment of the present invention, health monitoring includes automated integrity checks, validation routines, and alert to detect anomalies or failures. Regular monitoring ensures that any issues are identified and addressed promptly, reducing the risk of data loss or compromised security. This proactive approach is a recognized best practice in data protection, as it helps maintain the reliability and recoverability of backup data, and ensures that restoration processes will function correctly when needed.

[0042] The system incorporates a user interface designed to facilitate secure and user-friendly interaction with its core functions. Through the user interface, users are provided with clear options to register passwords, encrypt data, decrypt data, and exit the system. The password registration feature allows users to securely create and manage credentials, which are essential for generating cryptographic keys. The encryption and decryption options guide users through the respective processes, ensuring that data protection operations are accessible even to non-technical users. The exit option provides a straightforward way to terminate the session securely, thereby reducing the likelihood of user error, thereby supporting the overall security and effectiveness of the system.

[0043] The present invention works best in the following manner, where the data acquisition unit allows the user to input the string that needs protection. Once the string is entered, the system prompts the user to provide the password. This password is processed by the key generation module, which utilizes SHA-256, SHA-512, and AES encryption protocols to generate the cryptographic key. The string is then modified by appending halves of this generated key to its beginning and end, forming the modified string. Next, the binary tree generation module creates the random binary tree through the cryptographically secure shuffle of the character set associated with the modified string. The system generates and stores the traversals of this binary tree, which are later used for mapping and encrypting the string. The modified string is then encrypted by mapping its characters to specific paths within the binary tree.

[0044] In continuation, after encryption, the obfuscation module encodes the resulting string into Morse code, adding the additional layer of data protection. The encrypted and obfuscated string, along with the key and traversal data, is saved in the storage module. The system also features periodic backup and health monitoring of keys and traversals to ensure data integrity and security. For decryption, the process is reversed, the encrypted string is acquired, the password is received, and the key is regenerated. The binary tree is reconstructed from stored traversals, and the string is decrypted by mapping the characters back through the tree. Finally, the system removes the halves of the key from the beginning and end of the string to retrieve the original input. Throughout, the user interface facilitates actions such as registering passwords, encrypting data, decrypting data, and exiting the system.

[0045] Although the field of the invention has been described herein with limited reference to specific embodiments, this description is not meant to be construed in a limiting sense. Various modifications of the disclosed embodiments, as well as alternate embodiments of the invention, will become apparent to persons skilled in the art upon reference to the description of the invention. , Claims:1) A data protection system, comprising:

i) a data acquisition unit to facilitate inputting of a string to be protected;

ii) a key generation module to generate a cryptographic key;

iii) a binary tree generation module to generate a random binary tree along with traversals by a cryptographically secure shuffle of a character set;

iv) a storage module for storing said key and said traversals;

v) an obfuscation module to encode string into morse code; and

vi) a non-transitory computer-readable medium storing instructions which, when executed by one or more processors, cause one or more processors to
a. acquire said string to be encrypted or decrypted;
b. receive a password;
c. generating said cryptographic key;
d. modifying said string with said key;
e. generating and traversing said binary tree; and
f. encoding string into morse code.

2) The system as claimed in claim 1, wherein said key generation module includes SHA-256, SHA-512 and AES (Advanced Encryption Standard) encryption protocols.

3) The system as claimed in claim 1, wherein said binary tree is used to encrypt and decrypt said string by mapping characters of said string to tree paths associated with said binary tree.

4) The system as claimed in claim 1, wherein a method for encrypting said string comprises steps of:

i) acquiring said string;

ii) receiving a password;

iii) generating a cryptographic key by said key generation module based on said password;

iv) modifying said string by adding halves of said key to beginning and end of said string creating a modified string;

v) generating a random binary tree along with traversals by a cryptographically secure shuffle of a character set associated with said modified string to encrypt said string; and

vi) saving said encrypted string in a file.

5) The system as claimed in claim 1, wherein a method for decrypting said encrypted string comprises steps of:

i) acquiring said encrypted string;

ii) receiving said password;

iii) generating said key from said password;

iv) reconstructing said binary tree from said stored traversals;

v) traversing said binary tree to map said characters and arrive at said modified string; and

vi) removing halves of said key from beginning and end of said modified string to obtain said string.

6) The system as claimed in claim 1, wherein said keys and traversals are periodically backed up from said storage module.

7) The system as claimed in claim 1, wherein health of said keys and traversals is periodically monitored.

8) The system as claimed in claim 1, wherein a user interface is associated with said system to provide options including register passwords, encrypt data, decrypt data, and exit.