Authenticated encryption method and apparatus

US 20080084996A1
Filed: 07/13/2007
Published: 04/10/2008
Est. Priority Date: 10/05/2006
Status: Abandoned Application

First Claim

Patent Images

1. An authenticated encryption method comprising operations of:

receiving first data;

encrypting the first data, using a secret key, to form encrypted data;

forming second data by effecting a deterministic combination of the encrypted data with data characteristic of the first data; and

forming a message authentication code, MAC, in dependence on the second data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authenticated encryption method and apparatus are described in which plaintext data is encrypted, using a secret key, to form ciphertext data. A message authentication code, MAC, is also formed in dependence on a combination of the ciphertext data and data characteristic of the plaintext data. The ciphertext data and the MAC are then output, for example, for storage to a storage medium. In a preferred embodiment a block cipher operating in GCM mode is adapted to cause the stored message authentication code to be dependent on the plaintext data.

67 Citations

View as Search Results

22 Claims

1. An authenticated encryption method comprising operations of:
- receiving first data;
  
  encrypting the first data, using a secret key, to form encrypted data;
  
  forming second data by effecting a deterministic combination of the encrypted data with data characteristic of the first data; and
  
  forming a message authentication code, MAC, in dependence on the second data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, further comprising receiving additional data, the MAC being formed in dependence on the additional data as well as in dependence on the second data.
  - 3. A method according to claim 1, comprising the further step of storing the encrypted data and the MAC to a storage medium.
  - 4. A method according to claim 1, wherein the second data is forming by effecting a deterministic combination, other than an Exclusive OR function, of the encrypted data with the first data.
  - 5. A method according to claim 1, wherein the second data is forming by effecting a deterministic combination of the encrypted data with a hash of the first data.
  - 6. A method according to claim 1, wherein the first data is encrypted using a block cipher operating in the Counter Mode, the MAC being formed by applying Galois/Counter Mode authentication to data comprising the second data.
  - 7. A method according to claim 6, further comprising receiving additional data, the MAC being formed by applying Galois/Counter Mode authentication to data comprising both the second data and the additional data.
  - 8. A method according to claim 6, comprising the further step of storing the encrypted data and the MAC to a storage medium.
  - 9. A method according to claim 7, comprising the further step of storing the encrypted data, the MAC and the additional data to a storage medium.
  - 10. A method according to claim 6, wherein the second data is forming by effecting a deterministic combination, other than an Exclusive OR function, of the encrypted data with the first data.
  - 11. A method according to claim 6, wherein the second data is forming by effecting a deterministic combination of the encrypted data with a hash of the first data.

12. Authenticated encryption apparatus comprising:
- an input interface arranged to receive first data;
  
  an encryption arrangement arranged to use a secret key to encrypt the first data to form encrypted data;
  
  a MAC-generation arrangement arranged to receive as inputs the first data in its form prior to encryption and said encrypted data, the MAC-generation arrangement being further arranged to form second data in dependence on the first data and the encrypted data and then to form a message authentication code, MAC, in dependence on the second data; and
  
  an output interface arranged to output the encrypted data and the MAC.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. Apparatus according to claim 12, wherein the input interface is further arranged to receive additional data, the MAC-generation arrangement being further arranged to receive the additional data as a said input and to form the second data in dependence on the additional data as well as in dependence on the first data in its form prior to encryption, and said encrypted data.
  - 14. Apparatus according to claim 12, wherein the output interface is a storage medium interface arranged to write the encrypted data and the MAC to a storage medium.
  - 15. Apparatus according to claim 12, wherein the MAC-generation arrangement is arranged to form the second data by effecting a deterministic combination, other than an Exclusive OR, of the encrypted data with the first data.
  - 16. Apparatus according to claim 12, wherein the MAC-generation arrangement is arranged to form the second data by effecting a deterministic combination of the encrypted data with a hash of the first data.
  - 17. Apparatus according to claim 12, wherein the encryption arrangement is arranged to encrypt the first data using a block cipher operating in the Counter Mode, and the MAC-generation arrangement is arranged to form said MAC by applying Galois/Counter Mode authentication to data comprising the second data.
  - 18. Apparatus according to claim 17, wherein the input interface is further arranged to receive additional data;
    - the MAC-generation arrangement being arranged to form said MAC by applying Galois/Counter Mode authentication to data comprising both the second data and the additional data.
  - 19. Apparatus according to claim 17, wherein the output interface is a storage medium interface arranged to write the encrypted data and the MAC to a storage medium.
  - 20. Apparatus according to claim 18, wherein the output interface is a storage medium interface arranged to write the encrypted data, the MAC and the additional data to a storage medium.
  - 21. Apparatus according to claim 17, wherein the MAC-generation arrangement is arranged to form the second data by effecting a deterministic combination, other than an Exclusive OR, of the encrypted data with the first data.
  - 22. Apparatus according to claim 17, wherein the MAC-generation arrangement is arranged to form the second data by effecting a deterministic combination of the encrypted data with a hash of the first data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Chen, Liqun, Buckingham, Jonathan Peter

Application Number

US11/827,907
Publication Number

US 20080084996A1
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3242   involving keyed hash functi...

Authenticated encryption method and apparatus

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticated encryption method and apparatus

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links