Systems and methods for protecting data secrecy and integrity

US 7,940,928 B2
Filed: 02/29/2008
Issued: 05/10/2011
Est. Priority Date: 12/22/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method of generating a cryptographic validation value for use in authenticating data, the method performed by a computer system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the system to perform the method, the method including:

receiving a piece of encrypted data;

obtaining an input validation value from the encrypted data;

dividing, by the processor, the input validation value into a first segment and a second segment;

using at least a first function to combine the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result;

using at least a second function to combine the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result;

generating, by the processor, a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result;

generating, by the processor, a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result;

forming, by a processor, an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result; and

using the output validation value to authenticate the piece of encrypted data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.

Citations

20 Claims

1. A method of generating a cryptographic validation value for use in authenticating data, the method performed by a computer system comprising a processor and a memory encoded with program instructions that, when executed by the processor, cause the system to perform the method, the method including:
- receiving a piece of encrypted data;
  
  obtaining an input validation value from the encrypted data;
  
  dividing, by the processor, the input validation value into a first segment and a second segment;
  
  using at least a first function to combine the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result;
  
  using at least a second function to combine the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result;
  
  generating, by the processor, a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result;
  
  generating, by the processor, a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result;
  
  forming, by a processor, an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result; and
  
  using the output validation value to authenticate the piece of encrypted data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, in which the third segment is further derived, at least in part, from the second segment, and in which the fourth segment is further derived, at least in part, from the first segment.
  - 3. The method of claim 2, in which the fourth segment is further derived, at least in part, from the first input from the cryptographic cipher function.
  - 4. The method of claim 1, in which the first function comprises a logical exclusive-or, and in which the second function comprises an addition function.
  - 5. The method of claim 1, in which the first and second transformations include at least one bit-wise rotation operation.
  - 6. The method of claim 1, in which the first and second transformations include at least one logical exclusive-or operation.
  - 7. The method of claim 1, in which the first and second transformations include a bit-wise rotation operation, a logical exclusive-or operation, and an addition operation.
  - 8. The method of claim 1, in which the cryptographic cipher function comprises an implementation of the Tiny Encryption Algorithm.
  - 9. The method of claim 1, in which the cryptographic cipher function comprises a Rijndael block cipher.
  - 10. The method of claim 1, wherein the memory is further encoded with executable program instructions that, when executed by the processor cause the processor to perform a method further including the steps of:
    - dividing, by the processor, the output validation value into a fifth segment and a sixth segment;
      
      using at least a third function to combine the fifth segment with a third input from the cryptographic cipher function, whereby the third function produces a third result;
      
      using at least a fourth function to combine the sixth segment with a fourth input from the cryptographic cipher function, whereby the fourth function produces a fourth result;
      
      generating, by the processor, a third transformed result by performing at least a third transformation on a third value, the third value being derived, at least in part, from the third result;
      
      generating, by the processor, a fourth transformed result by performing at least a fourth transformation on a fourth value, the fourth value being derived, at least in part, from the fourth result;
      
      forming, by the processor, a-second output validation value by combining a seventh segment and an eighth segment, the seventh segment being derived, at least in part, from the third transformed result, and the eighth segment being derived, at least in part, from the fourth transformed result; and
      
      using the second output validation value to authenticate the piece of encrypted data.

11. A system for generating a cryptographic validation value for use in authenticating data, the system including:
- a port for obtaining an input validation value;
  
  one or more processing units, the one or more processing units dividing the input validation value into a first segment and a second segment;
  
  a first function for combining the first segment with a first input from a cryptographic cipher function, whereby the first function produces a first result; and
  
  a second function for combining the second segment with a second input from the cryptographic cipher function, whereby the second function produces a second result;
  
  wherein the one or more processing units generates a first transformed result by performing at least a first transformation on a first value, the first value being derived, at least in part, from the first result;
  
  wherein the one or more processing units generates a second transformed result by performing at least a second transformation on a second value, the second value being derived, at least in part, from the second result; and
  
  wherein the one or more processing units forms an output validation value by combining a third segment and a fourth segment, the third segment being derived, at least in part, from the first transformed result, and the fourth segment being derived, at least in part, from the second transformed result.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the one or more processing units implements one or more of the first function and the second function.
  - 13. The system of claim 11, in which the third segment is further derived, at least in part, from the second segment, and in which the fourth segment is further derived, at least in part, from the first segment.
  - 14. The system of claim 13, in which the fourth segment is further derived, at least in part, from the first input from the cryptographic cipher function.
  - 15. The system of claim 11, wherein at least one of the first function and the second function comprises at least one of a logical exclusive-or function and an addition function.
  - 16. The system of claim 11, wherein at least one of the first transformation and the second transformation comprises at least one of a logical exclusive-or operation, a bit-wise rotation operation, and an addition operation.
  - 17. The system of claim 11, wherein the cryptographic cipher function comprises an implementation of the Tiny Encryption Algorithm.
  - 18. The system of claim 11, wherein the cryptographic cipher function comprises a Rijndael block cipher.
  - 19. The system of claim 11, further including:
    - the one or more processing units dividing the output validation value into a fifth segment and a sixth segment;
      
      a third function for combining the fifth segment with a third input from the cryptographic cipher function to produce a third result; and
      
      a fourth function for combining the sixth segment with a fourth input from the cryptographic cipher function to produce a fourth result;
      
      wherein the one or more processing units generate a third transformed result by performing at least a third transformation on a third value, the third value being derived, at least in part, from the third result;
      
      wherein the one or more processing units generates a fourth transformed result by performing at least a fourth transformation on a fourth value, the fourth value being derived, at least in part, from the fourth result; and
      
      wherein the one or more processing units forms a second output validation value by combining a seventh segment and an eighth segment, the seventh segment being derived, at least in part, from the third transformed result, and the eighth segment being derived, at least in part, from the fourth transformed result.
  - 20. The system of claim 19, wherein the one or more processing units implements at least one of the third function and the fourth function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sibert, W. Olin
Primary Examiner(s)
Lanier; Benjamin E

Application Number

US12/040,738
Publication Number

US 20090010423A1
Time in Patent Office

1,166 Days
Field of Search

713/161, 713/168, 713/170
US Class Current

380/28
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2107   File encryption

H04L 2209/60   Digital content management,...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

H04L 9/0625   with splitting of the data ...

H04L 9/0637   Modes of operation, e.g. ci...

H04L 9/3242   involving keyed hash functi...

Systems and methods for protecting data secrecy and integrity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protecting data secrecy and integrity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links