Method and system for generating ciphertext and message authentication codes utilizing shared hardware

US 7,725,719 B2
Filed: 11/08/2005
Issued: 05/25/2010
Est. Priority Date: 11/08/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware, said method comprising:

receiving plaintext message data at an authenticated encryption unit, wherein said authenticated encryption unit comprises a first authenticated encryption hardware module and a second authenticated encryption hardware module;

generating a first message authentication code associated with a first authenticated encryption mode of operation utilizing said plaintext message data and said first authenticated encryption hardware module;

receiving authenticated encryption mode selection data wherein the authenticated encryption mode selection data indicates selection of a dual mode, a dual mode comprising a mode in which two or more message authentication codes are generated substantially simultaneously; and

generating ciphertext message data and a second message authentication code associated with a second authenticated encryption mode of operation utilizing said plaintext message data and said second authenticated encryption hardware module;

wherein generating said first message authentication code and generating said ciphertext and said second message authentication code are performed substantially simultaneously.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for generating ciphertext and message authentication codes utilizing shared hardware are disclosed. According to one embodiment, a method is provided of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware. In the described embodiment, plaintext message data is received at an authenticated encryption unit which comprises first and second authenticated encryption hardware modules. Thereafter, a first message authentication code (MAC) associated with a first authenticated encryption mode and a second MAC associated with a second authenticated encryption mode are generated. More specifically, the first MAC is generated utilizing the plaintext message data and first authenticated encryption hardware module and ciphertext message data and the second MAC are generated utilizing the plaintext message data and second authenticated encryption hardware module.

Citations

28 Claims

1. A method of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware, said method comprising:
- receiving plaintext message data at an authenticated encryption unit, wherein said authenticated encryption unit comprises a first authenticated encryption hardware module and a second authenticated encryption hardware module;
  
  generating a first message authentication code associated with a first authenticated encryption mode of operation utilizing said plaintext message data and said first authenticated encryption hardware module;
  
  receiving authenticated encryption mode selection data wherein the authenticated encryption mode selection data indicates selection of a dual mode, a dual mode comprising a mode in which two or more message authentication codes are generated substantially simultaneously; and
  
  generating ciphertext message data and a second message authentication code associated with a second authenticated encryption mode of operation utilizing said plaintext message data and said second authenticated encryption hardware module;
  
  wherein generating said first message authentication code and generating said ciphertext and said second message authentication code are performed substantially simultaneously.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said method further comprises receiving authenticated encryption mode selection data,said first message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said first authenticated encryption mode of operation, andsaid second message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said second authenticated encryption mode of operation.
  - 3. The method of claim 1, said method further comprising:
    - receiving authenticated encryption mode selection data;
      
      providing a selected message authentication code of said first message authentication code and said second message authentication code at an output of said authenticated encryption unit in response to a receipt of said authenticated encryption mode selection data.
  - 4. The method of claim 1, said method further comprising:
    - generating a third message authentication code utilizing said first message authentication code and said second message authentication code.
  - 5. The method of claim 4, whereingenerating said third message authentication code comprises concatenating said first message authentication code and said second message authentication code.
  - 6. The method of claim 1, wherein generating said ciphertext message data comprises performing a counter mode block cipher operation.
  - 7. The method of claim 1, wherein said first authenticated encryption mode of operation comprises Galois/Counter Mode and said second authenticated encryption mode of operation comprises Counter with Cipher-Block Chaining Message Authentication Code Mode.

8. A machine-readable medium having a plurality of instructions executable by a machine embodied therein, wherein said plurality of instructions when executed cause said machine to perform a method of generating ciphertext message data and message authentication codes utilizing shared authenticated encryption unit hardware, said method comprising:
- receiving plaintext message data at an authenticated encryption unit, wherein said authenticated encryption unit comprises a first authenticated encryption hardware module and a second authenticated encryption hardware module;
  
  generating a first message authentication code associated with a first authenticated encryption mode of operation utilizing said plaintext message data and said first authenticated encryption hardware module;
  
  receiving authenticated encryption mode selection data wherein the authenticated encryption mode selection data indicates selection of a dual mode, a dual mode comprising a mode in which two or more message authentication codes are generated substantially simultaneously; and
  
  generating ciphertext message data and a second message authentication code associated with a second authenticated encryption mode of operation utilizing said plaintext message data and said second authenticated encryption hardware module;
  
  wherein generating said first message authentication code and generating said ciphertext and said second message authentication code are performed substantially simultaneously.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The machine-readable medium of claim 8, whereinsaid method further comprises receiving authenticated encryption mode selection data,said first message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said first authenticated encryption mode of operation, andsaid second message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said second authenticated encryption mode of operation.
  - 10. The machine-readable medium of claim 8, said method further comprising:
    - receiving authenticated encryption mode selection data;
      
      providing a selected message authentication code of said first message authentication code and said second message authentication code at an output of said authenticated encryption unit in response to a receipt of said authenticated encryption mode selection data.
  - 11. The machine-readable medium of claim 8, said method further comprising:
    - generating a third message authentication code utilizing said first message authentication code and said second message authentication code.
  - 12. The machine-readable medium of claim 11, whereingenerating said third message authentication code comprises concatenating said first message authentication code and said second message authentication code.
  - 13. The machine-readable medium of claim 8, wherein generating said ciphertext message data comprises performing a counter mode block cipher operation.
  - 14. The machine-readable medium of claim 8, wherein said first authenticated encryption mode of operation comprises Galois/Counter Mode and said second authenticated encryption mode of operation comprises Counter with Cipher-Block Chaining Message Authentication Code Mode.

15. An apparatus for generating ciphertext message data and message authentication codes comprising:
- means for receiving plaintext message data at an authenticated encryption unit, wherein said authenticated encryption unit comprises a first authenticated encryption hardware module and a second authenticated encryption hardware module;
  
  means for generating a first message authentication code associated with a first authenticated encryption mode of operation utilizing said plaintext message data and said first authenticated encryption hardware module;
  
  means for receiving authenticated encryption mode selection data wherein the authenticated encryption mode selection data indicates selection of a dual mode, a dual mode comprising a mode in which two or more message authentication codes are generated substantially simultaneously; and
  
  means for generating ciphertext message data and a second message authentication code associated with a second authenticated encryption mode of operation utilizing said plaintext message data and said second authenticated encryption hardware module;
  
  wherein said first message authentication code and said ciphertext and said second message authentication code are generated substantially simultaneously.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The apparatus of claim 15, whereinsaid apparatus further comprises means for receiving authenticated encryption mode selection data,said first message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said first authenticated encryption mode of operation, andsaid second message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said second authenticated encryption mode of operation.
  - 17. The apparatus of claim 15, further comprising:
    - means for receiving authenticated encryption mode selection data;
      
      means for providing a selected message authentication code of said first message authentication code and said second message authentication code at an output of said authenticated encryption unit in response to a receipt of said authenticated encryption mode selection data.
  - 18. The apparatus of claim 15, further comprising:
    - means for generating a third message authentication code utilizing said first message authentication code and said second message authentication code.
  - 19. The apparatus of claim 18, whereinsaid means for generating said third message authentication code comprises means for concatenating said first message authentication code and said second message authentication code.
  - 20. The apparatus of claim 15, wherein said means for generating said ciphertext message data comprises means for performing a counter mode block cipher operation.
  - 21. The apparatus of claim 15, wherein said first authenticated encryption mode of operation comprises Galois/Counter Mode and said second authenticated encryption mode of operation comprises Counter with Cipher-Block Chaining Message Authentication Code Mode.

22. An authenticated encryption unit for generating ciphertext message data and message authentication codes comprising:
- a first input to receive plaintext message data;
  
  a first authenticated encryption hardware module to generate a first message authentication code associated with a first authenticated encryption mode of operation utilizing said plaintext message data;
  
  a second input to receive authenticated encryption mode selection data wherein the authenticated encryption mode selection data indicates selection of a dual mode, a dual mode comprising a mode in which two or more message authentication codes are generated substantially simultaneously; and
  
  a second authenticated encryption hardware module to generate ciphertext message data and a second message authentication code associated with a second authenticated encryption mode of operation utilizing said plaintext message data;
  
  wherein said first message authentication code and said ciphertext and said second message authentication code are generated substantially simultaneously.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The authenticated encryption unit of claim 22, whereinsaid authentication encryption unit further comprises a second input to receive authenticated encryption mode selection data,said first message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said first authenticated encryption mode of operation, andsaid second message authentication code is generated in response to a determination that said authenticated encryption mode selection data indicates said second authenticated encryption mode of operation.
  - 24. The authenticated encryption unit of claim 22, further comprising:
    - a second input to receive authenticated encryption mode selection data, andan output to provide a selected message authentication code of said first message authentication code and said second message authentication code in response to a receipt of said authenticated encryption mode selection data.
  - 25. The authenticated encryption unit of claim 22, further comprising:
    - a third authenticated encryption hardware module to generate a third message authentication code utilizing said first message authentication code and said second message authentication code.
  - 26. The authenticated encryption unit of claim 25, whereinsaid third message authentication code is generated by concatenating said first message authentication code and said second message authentication code.
  - 27. The authenticated encryption unit of claim 22, wherein said second authenticated encryption hardware module comprises a counter mode block cipher module.
  - 28. The authenticated encryption unit of claim 22, wherein said first authenticated encryption mode of operation comprises Galois/Counter Mode and said second authenticated encryption mode of operation comprises Counter with Cipher-Block Chaining Message Authentication Code Mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Schaffer, Scott J., Sandberg, Melanie J.
Primary Examiner(s)
Dada; Beemnet W

Application Number

US11/268,981
Publication Number

US 20070106896A1
Time in Patent Office

1,659 Days
Field of Search

713/170, 713/176, 713/180, 713/181, 380/28, 380/30, 380/259
US Class Current

713/170
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/3242   involving keyed hash functi...

H04L 9/50   using hash chains, e.g. blo...

Method and system for generating ciphertext and message authentication codes utilizing shared hardware

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for generating ciphertext and message authentication codes utilizing shared hardware

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links