[GPC] FW: Seeking contact with the Global Project Committee in regards to searchable, sortable, partially searchable encryption for the OWASP project

Kate Hartmann kate.hartmann at owasp.org
Tue Feb 22 17:20:22 EST 2011 

Can someone help John with his project idea?

 

Kate Hartmann

Operations Director

301-275-9403

 <http://www.owasp.org/> www.owasp.org 

Skype:  Kate.hartmann1

 

From: John Brumbelow [mailto:John-S-Brumbelow at Hotmail.com] 
Sent: Tuesday, February 22, 2011 7:52 PM
To: kate.hartmann at owasp.org
Subject: Seeking contact with the Global Project Committee in regards to searchable, sortable, partially searchable encryption for the OWASP project

 

Please help,

 

I’m trying to contact people related to the OWASP project at: 

 

http://www.owasp.org/index.php/Category:OWASP_Project

 

My name is John Brumbelow, and I am a software developer with over 20 years experience. I discovered a way to make a super encryption which is still searchable, sortable, partially sortable, wild-card-searchable, document-reference-searchable, all the while driven from a client process so that the server can never decipher the data. Literally, data is encrypted from a client driven process so that it never leaves the client unencrypted, and as such, the server never gets the data unencrypted, and can never decipher it, not ever.  And the means to encrypt/decrypt the data, as well as the data itself, it changes over time.

 

The premise of my idea is that even if an administrator on the server, or between the client and the server, tries to hack the process, they won’t be able to decipher the data ever. There is no such thing as a “snapshot” of the data sitting on the server, that over time, could be decrypted someday, if one could just gain admin rights to access it.

 

My idea is aimed to compliment “Open Web” technology, or “Cloud Based” systems. My idea works by replacing the central-data-repository (database) of applications, and have applications communicate in a client/server model to drive the encryption and decryption. This approach always protects the data from the server and administrators as it never leaves the client unencrypted. Further, all transactions upon the data, including searches, editing, creating, setting-up access to, and then some, are all also so encrypted from the central-data-repository. In the end, not only is the data encrypted, but also the transactions upon the data.

 

I would like to talk with some one related to the OWASP project, in regards to my idea, and also discuss my obfuscation idea, on how false-data and false-transactions would be created along side real ones, to further protect the data, so that, even if a villain went to a client, and tried to coerce them into revealing the data, there would be one final stage of protection.

 

Please have some one contact me at (678) 895 – 7309. I am on Eastern Standard Time.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/global-projects-committee/attachments/20110222/f1e62423/attachment.html

More information about the Global-projects-committee mailing list