Systems and methods for protecting data secrecy and integrity
First Claim
Patent Images
1. A method for processing data in a manner designed to protect the data'"'"'s secrecy and integrity, the method including:
- encrypting the data;
generating a first validation code for use in detecting modification to the encrypted data;
transmitting the encrypted data and the first validation code;
receiving the encrypted data and the first validation code;
performing an integrated processing pass on the encrypted data, the integrated processing pass being operable to decrypt the encrypted data and to use at least one internal state of the decryption process to generate a second validation code, the second validation code being operable to detect modification to the encrypted data or to the first validation code.
3 Assignments
0 Petitions
Accused Products
Abstract
A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.
-
Citations
15 Claims
-
1. A method for processing data in a manner designed to protect the data'"'"'s secrecy and integrity, the method including:
-
encrypting the data;
generating a first validation code for use in detecting modification to the encrypted data;
transmitting the encrypted data and the first validation code;
receiving the encrypted data and the first validation code;
performing an integrated processing pass on the encrypted data, the integrated processing pass being operable to decrypt the encrypted data and to use at least one internal state of the decryption process to generate a second validation code, the second validation code being operable to detect modification to the encrypted data or to the first validation code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
decrypting a block of encrypted data using a multi-round block cipher;
obtaining a first internal state of the multi-round block cipher;
performing a mixing operation on one or more mixing-function inputs and an input validation value, the mixing operation being operable to generate an output validation value, wherein;
the input validation value is derived, at least in part, from a predetermined value;
at least a first mixing-function input is derived, at least in part, from the first internal state of the multi-round block cipher; and
the second validation code is derived, at least in part, from the output validation value.
-
-
3. A method as in claim 2, in which performing the integrated processing pass on the encrypted data further includes:
-
obtaining a second internal state of the multi-round block cipher;
wherein at least a second mixing-function input is derived, at least in part, from the second internal state of the multi-round block cipher.
-
-
4. A method as in claim 3, in which the first internal state comprises a first output from a predefined round of the multi-round block cipher, and in which the second internal state comprises a second output from the predefined round of the multi-round block cipher.
-
5. A method as in claim 1, in which performing the integrated processing pass on the encrypted data includes:
-
decrypting at least a first portion of the encrypted data using first logic;
obtaining first and second intermediate internal states from the first logic;
performing a mixing operation on one or more mixing-function inputs and an input validation value, the mixing operation being operable to yield an output validation value, wherein;
a first mixing-function input is derived, at least in part, from the first intermediate internal state; and
a second mixing-function input is derived, at least in part, from the second intermediate internal state.
-
-
6. A method as in claim 5, in which the first logic comprises programming code stored on a computer-readable medium and executed by a processing unit.
-
7. A method as in claim 5, in which at least a portion of the first logic comprises an integrated circuit.
-
8. A method as in claim 1, in which transmitting the encrypted data and the first validation code includes writing the encrypted data and the first validation code to a storage device;
- and in which receiving the encrypted data and the first validation code includes loading the encrypted data and the first validation code from the storage device into a memory unit.
-
9. A method as in claim 1, further including:
-
checking the authenticity of the encrypted data, the checking including;
comparing the second validation code to the first validation code.
-
-
10. A method as in claim 9, further including:
preventing a use of the decrypted data if comparing the second validation code to the first validation code indicates that a predefined relationship between the first and second validation codes is not satisfied.
-
11. A method as in claim 1, wherein the data comprises an executable computer program.
-
12. A method for processing data to protect its secrecy and integrity, the method including:
-
encrypting the data;
generating a first validation code for use in detecting modification to the encrypted data;
transmitting the encrypted data and the first validation code;
wherein the encrypted data are configured to be decrypted using an integrated processing pass that is operable to produce decrypted data and to use at least one internal state of the decryption process to generate a second validation code, the second validation code being equal to the first validation code if the encrypted data were not modified before decryption. - View Dependent Claims (13, 14, 15)
performing an integrated processing pass on the encrypted data, the integrated processing pass including;
decrypting the encrypted data using first logic;
obtaining a first internal state from the first logic; and
using, at least in part, the first internal state to generate the first validation code.
-
-
14. A method as in claim 13, in which performing an integrated processing pass on the encrypted data further includes:
-
obtaining a second internal state from the first logic; and
using, at least in part, the second internal state to generate the first validation code.
-
-
15. A method as in claim 12, in which the data are encrypted using a block cipher selected from the group consisting of:
- Rijndael, the Tiny Encryption Algorithm, DES, and Blowfish.
Specification