System and method for enabling authentication at different authentication strength-performance levels

US 6,915,426 B1
Filed: 07/21/2000
Issued: 07/05/2005
Est. Priority Date: 07/23/1999
Status: Expired due to Term

First Claim

Patent Images

1. An authentication method, comprising:

(a) generating a plurality of authentication tags for a message, each of said plurality of authentication tags reflecting a different authentication strength; and

(b) transmitting said plurality of authentication tags in association with said message to at least one receiver;

wherein two or more of said plurality of authentication tags are generated using a nested structure that includes a plurality of inner functions that are each operative on a particular collection of message parts to produce a plurality of intermediate hash results, wherein a plurality of distinct combinations of one or more of said plurality of intermediate hash results are used by an outer hash function to produce said two or more authentication tags.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for generating a plurality of authentication tags using a plurality of authentication mechanisms is disclosed. The plurality of authentication tags can reflect different authentication strength-performance levels. It is a feature of the present invention that a receiver is afforded increased flexibility in adaptively choosing strength-performance levels. It is a further feature of the present invention that multiple authentication tags can be used in multicast environments, where different receivers may have different processor capabilities or security policies.

70 Citations

View as Search Results

21 Claims

1. An authentication method, comprising:
- (a) generating a plurality of authentication tags for a message, each of said plurality of authentication tags reflecting a different authentication strength; and
  
  (b) transmitting said plurality of authentication tags in association with said message to at least one receiver;
  
  wherein two or more of said plurality of authentication tags are generated using a nested structure that includes a plurality of inner functions that are each operative on a particular collection of message parts to produce a plurality of intermediate hash results, wherein a plurality of distinct combinations of one or more of said plurality of intermediate hash results are used by an outer hash function to produce said two or more authentication tags.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 1, wherein the method is carried out utilizing a system including a manager.
  - 8. The method of claim 1, wherein the method is carried out utilizing a system including a local security and resource manager.
  - 9. The method of claim 1, wherein the method is carried out utilizing a system including a network application.
  - 10. The method of claim 1, wherein the method is carried out utilizing a system including a security association and key management module.
  - 11. The method of claim 1, wherein the method is carried out utilizing a system including a security services module.
  - 12. The method of claim 11, wherein the security services module includes a partial authentication portion.
  - 13. The method of claim 11, wherein the security services module includes a higher-speed lower-strength portion.
  - 14. The method of claim 11, wherein the security services module includes a lower-speed higher-strength portion.

2. An authentication method, comprising:
- (a) generating a plurality of collections of parts of said message;
  
  (b) processing each of said plurality of collections of message parts using a respective inner hash function to produce a plurality of intermediate hash results;
  
  (c) processing a plurality of distinct combinations of said plurality of intermediate hash results using an outer hash function to produce a plurality of authentication tags; and
  
  (d) transmitting said plurality of authentication tags in association with said message to at least one receiver.
- View Dependent Claims (3, 4, 5, 6, 15, 16, 17, 18, 19, 20, 21)
- - 3. The method of claim 2, wherein said plurality of collections of parts of said message are distinct.
  - 4. The method of claim 2, wherein a collection of parts of said message is a collection of bits.
  - 5. The method of claim 2, wherein a single inner hash function is used to create said plurality of intermediate hash results.
  - 6. The method of claim 2, wherein two inner functions are used to produce a first and a second intermediate hash result, wherein said first intermediate hash result is processed using an outer function to produce a first authentication tag, said second intermediate hash result is processed using said outer function to produce a second authentication tag, and said first and second intermediate hash results are processed using said outer function to produce a third authentication tag.
  - 15. The method of claim 2, wherein the method is carried out utilizing a system including a local security and resource manager.
  - 16. The method of claim 2, wherein the method is carried out utilizing a system including a network application.
  - 17. The method of claim 2, wherein the method is carried out utilizing a system including a security association and key management module.
  - 18. The method of claim 2, wherein the method is carried out utilizing a system including a security services module.
  - 19. The method of claim 18, wherein the security services module includes a partial authentication portion.
  - 20. The method of claim 19, wherein the security services module includes a higher-speed lower-strength portion.
  - 21. The method of claim 20, wherein the security services module includes a lower-speed higher-strength portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Heyman, Michael D., Carman, David W., Sherman, Alan T.
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Ho, Thomas

Application Number

US09/621,058
Time in Patent Office

1,810 Days
Field of Search

713/201, 713/166, 713/156, 713159-161, 713/163, 713/169, 713/170, 713175-176, 714/49, 714/52, 380/229, 709/203, 705/67
US Class Current

713/168
CPC Class Codes

G06Q 20/3674   involving authentication

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/34   Encoding or coding, e.g. Hu...

H04L 63/0823   using certificates cryptogr...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/164   at the network layer

H04L 63/205   involving negotiation or de...

H04L 9/12   Transmitting and receiving ...

H04L 9/3242   involving keyed hash functi...

System and method for enabling authentication at different authentication strength-performance levels

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enabling authentication at different authentication strength-performance levels

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links