Data authentication and protection system
First Claim
1. A data authentication system comprising:
- means for storing a body of data which consists of a plurality of individual messages; and
means, responsive to the plurality of messages in the means for storing, or producing an individual message authentication code (MAC) for each message and for producing a global MAC from the individual MACs.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure information storage system in which a directory stores identifying titles and pointers to areas of a memory storing respective messages. To protect the messages against unauthorized changes, a MAC (message authentication code) is calculated for them in known manner and stored in a register in a secure unit. This involves processing the whole of each message every time the MAC is checked or, if a message has been changed, a fresh MAC has to be calculated. To avoid this, a separate MAC is calculated for each message and stored in the directory, and a global MAC is calculated for the individual MAC'"'"'s (treating them as if they were a message) and stored in a secure register. To check a stored message, the global MAC is recalculated (thus verifying the MAC of the message), and the MAC of the message is recalculated (thus verifying the message). If the message is changed, its new MAC and a new global MAC are calculated. The system can be extended to a hierarchy of sub-global MAC'"'"'s.
-
Citations
19 Claims
-
1. A data authentication system comprising:
-
means for storing a body of data which consists of a plurality of individual messages; and means, responsive to the plurality of messages in the means for storing, or producing an individual message authentication code (MAC) for each message and for producing a global MAC from the individual MACs. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A data authentication system comprising:
-
means for storing a body of data which consists of a plurality of individual messages; means, responsive to the plurality of messages in the storage means, for producing an individual message authentication code (MAC) for each message and for producing a global MAC from the individual MACs; means for storing a plurality of keys in a security module, one of which keys is used for producing the MACs; and means for producing a hierarchy of two or more keys, with the lowest key being produced randomly for each messages and stored in the message, and being combined with the next key up the hierarchy to yield an encryption key. - View Dependent Claims (8, 9, 10)
-
-
11. A data authentication system comprising:
-
means for storing a body of data including a plurality of individual messages; means for producing a unique message key for each message; means for producing a key having an hierarchical level above the message keys; means for combining a key having an hierarchical level above the message keys with a message key for one of the messages to produce an encryption key for said message; and means for encrypting a message, producing an individual message authentication code (MAC) for a message, and producing a global MAC from individual MACs for all the messages. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification