Systems and methods for protecting data secrecy and integrity
First Claim
1. A method of generating a cryptographic validation value for use in authenticating data, the method performed by a computer system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the system to perform the method, the method including:
- receiving a piece of encrypted data;
obtaining an input validation value from the encrypted data;
dividing, by the processor, the input validation value into a first segment and a second segment;
using at least a first function to combine the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result;
using at least a second function to combine the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result;
generating, by the processor, a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result;
generating, by the processor, a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result;
forming, by a processor, an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result; and
using the output validation value to authenticate the piece of encrypted data.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.
-
Citations
20 Claims
-
1. A method of generating a cryptographic validation value for use in authenticating data, the method performed by a computer system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the system to perform the method, the method including:
-
receiving a piece of encrypted data; obtaining an input validation value from the encrypted data; dividing, by the processor, the input validation value into a first segment and a second segment; using at least a first function to combine the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result; using at least a second function to combine the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result; generating, by the processor, a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result; generating, by the processor, a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result; forming, by a processor, an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result; and using the output validation value to authenticate the piece of encrypted data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for generating a cryptographic validation value for use in authenticating data, the system including:
-
a port for obtaining an input validation value; one or more processing units, the one or more processing units dividing the input validation value into a first segment and a second segment; a first function for combining the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result; and a second function for combining the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result; wherein the one or more processing units generates a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result; wherein the one or more processing units generates a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result; and wherein the one or more processing units forms an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification