Method and apparatus for data authentication in a data communication environment
First Claim
1. An article of manufacture for allowing a data processing system to determine an authentication tag to be used in conjunction with transfer of data using a communication channel comprising:
- a computer readable medium having computer program code embodied therein, the program code comprising;
means for partitioning said data into a plurality of blocks in a system memory;
means for encoding each of said blocks to create a word that represents both a value of each of said blocks and an identifier of each of said blocks;
means for applying a pseudo-random function to each said word to create a plurality of enciphered words;
means for combining said plurality of enciphered words to create a tag;
means for combining the tag and at least some data to create a data packet; and
means for transmitting the data packet over the communication channel.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing data authentication, within a data communication environment, in a manner which is simple, fast, and provably secure. A data message to be sent is partitioned into data blocks. Each data block is combined with a block index to create a word. A pseudo-random function is applied to each word to create a plurality of enciphered data strings. An identifying header, comprising the identity of the sender and a counter value, is also enciphered using a pseudo-random function. These enciphered data strings and header are logically combined to create a tag. As the enciphering of a particular word occurs independent of the other words, each block can be enciphered independently of the others. The method and system can thus be performed and structured in either a parallel or pipelined fashion. A receiving component or system generates a second tag which can then be compared with the transmitted tag to determine message authentication.
78 Citations
20 Claims
-
1. An article of manufacture for allowing a data processing system to determine an authentication tag to be used in conjunction with transfer of data using a communication channel comprising:
-
a computer readable medium having computer program code embodied therein, the program code comprising; means for partitioning said data into a plurality of blocks in a system memory; means for encoding each of said blocks to create a word that represents both a value of each of said blocks and an identifier of each of said blocks; means for applying a pseudo-random function to each said word to create a plurality of enciphered words; means for combining said plurality of enciphered words to create a tag; means for combining the tag and at least some data to create a data packet; and means for transmitting the data packet over the communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 16)
-
-
7. An article of manufacture for allowing a data processing system to determine an authentication tag to be used in conjunction with transfer of data using a communication channel comprising:
a computer readable medium having computer program code embodied therein, the program code comprising; means for partitioning said data into a plurality of blocks; means for combining with each of said blocks a block identifier to create a word; means for applying pseudo-random function to (i) each said word and (ii) an identifier for said data to create a plurality of enciphered words; means for combining said plurality of enciphered words to create a tag; means for combining the tag and at least some data to create a data packet; and means for transmitting the data packet over the communication channel. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. An article of manufacture for allowing a data processing system to determine authenticity of a received data packet from a communication channel comprising:
-
a computer readable medium having computer program code embodied therein, the program code comprising; means for receiving a received data packet; means for extracting received data, a received tag and a received time variant parameter from the received data packet; means for generating a local tag from at least the received data, the received time variant parameter and a local key; and means for comparing the received tag and the local tag to determine data authenticity of the received data packet. - View Dependent Claims (15, 17, 18, 19, 20)
-
Specification