System and method for selectively authenticating data

US 6,842,860 B1
Filed: 07/21/2000
Issued: 01/11/2005
Est. Priority Date: 07/23/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating an authentication tag for a message, comprising:

processing a portion of the message using a first function to produce an interim output; and

processing the interim output using a second function to produce the authentication tag;

wherein the message includes a number of message parts, and wherein the portion of the message processed is selected by using a pseudorandom probabilistic function to determine whether each message part is provided as input to said first function.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A high-speed, low-strength authentication mechanism is disclosed. This mechanism is based on a partial message authentication code, wherein a message authentication code is applied only to some portion of the message. By applying an authentication algorithm only to selected parts of the message, significant time can be saved while maintaining acceptable security.

83 Citations

View as Search Results

20 Claims

1. A method for generating an authentication tag for a message, comprising:
- processing a portion of the message using a first function to produce an interim output; and
  
  processing the interim output using a second function to produce the authentication tag;
  
  wherein the message includes a number of message parts, and wherein the portion of the message processed is selected by using a pseudorandom probabilistic function to determine whether each message part is provided as input to said first function.
- View Dependent Claims (2, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein said message parts are 64-bit words.
  - 7. The method of claim 1, wherein the method is carried out utilizing a system including a local security and resource manager.
  - 8. The method of claim 1, wherein the method is carried out utilizing a system including a network application.
  - 9. The method of claim 1, wherein the method is carried out utilizing a system including a security association and key management module.
  - 10. The method of claim 1, wherein the method is carried out utilizing a system including a security services module.
  - 11. The method of claim 10, wherein the security services module includes a partial authentication portion.
  - 12. The method of claim 10, wherein the security services module includes a higher-speed lower-strength portion.
  - 13. The method of claim 10, wherein the security services module includes a lower-speed higher-strength portion.

3. A method for generating an authentication tag for a message, comprising:
- processing a portion of the message using a first function to produce an interim output; and
  
  processing the interim output using a second function to produce the authentication tag;
  
  wherein the message includes a number of message parts, and wherein the portion of the message processed is selected by;
  
  defining a message selection percentage p; and
  
  using a pseudorandom probabilistic function, uniform over an interval [1, 2L], where L=1/p and p is a message selection percentage, to determine offsets between message parts which are provided as input to said first function.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 3, wherein the method is carried out utilizing a system including a local security and resource manager.
  - 15. The method of claim 3, wherein the method is carried out utilizing a system including a network application.
  - 16. The method of claim 3, wherein the method is carried out utilizing a system including a security association and key management module.
  - 17. The method of claim 3, wherein the method is carried out utilizing a system including a security services module.
  - 18. The method of claim 17, wherein the security services module includes a partial authentication portion.
  - 19. The method of claim 18, herein the security services module includes a higher-speed lower-strength portion.
  - 20. The method of claim 19, wherein the security services module includes a lower-speed higher-strength portion.

4. A device for generating an authentication tag for a message, comprising:
- a first hashing module that processes a portion of the message to produce an interim output; and
  
  a second hashing module that processes said interim output to produce the authentication tag;
  
  wherein the message includes a number of message parts, and wherein the portion of the message processed is selected by using a pseudorandom probabilistic function to determine whether each message part is provided as input to said first hashing module.
- View Dependent Claims (5)
- - 5. The device of claim 4, wherein said message parts are 64-bit words.

6. A device for generating an authentication tag for a message, comprising:
- a first hashing module that processes a portion of the message to produce an interim output; and
  
  a second hashing module that processes said interim output to produce the authentication tag;
  
  wherein the message includes a number of message parts, and wherein the portion of the message processed is selected by;
  
  defining a message selection percentage p; and
  
  using a pseudorandom probabilistic function, uniform over an interval [1, 2L], where L=1/p and p is a message selection percentage, to determine offsets between message parts which are provided as input to said first hashing module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Branstad, Dennis K., Carman, David W.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/621,059
Time in Patent Office

1,635 Days
Field of Search

380/30, 380/229, 713/201, 713/166, 713/156, 713/160, 713/159, 713/161, 713/163, 713/169, 713/170, 713/175, 713/176, 709/203, 705/67, 714/49, 714/52
US Class Current

713/170
CPC Class Codes

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 9/12   Transmitting and receiving ...

H04L 9/3242   involving keyed hash functi...

System and method for selectively authenticating data

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for selectively authenticating data

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links