Authentication engine architecture and method

Cryptography – Particular algorithmic function encoding – Nbs/des algorithm

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C380S030000, C708S252000, C711S109000

Reexamination Certificate

active

08000469

ABSTRACT:
Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops. In one particular example of applying the invention in an authentication engine using the HMAC-SHA1 algorithm of the IPSec protocol, collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the ads, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.

REFERENCES:
patent: 4041292 (1977-08-01), Kindell
patent: 4754422 (1988-06-01), Sakai et al.
patent: 4801935 (1989-01-01), Cairns
patent: 5297206 (1994-03-01), Orton
patent: 5299319 (1994-03-01), Vassiliadis et al.
patent: 5548544 (1996-08-01), Matheny et al.
patent: 5796836 (1998-08-01), Markham
patent: 5870474 (1999-02-01), Wasilewski et al.
patent: 5936967 (1999-08-01), Baldwin et al.
patent: 5940877 (1999-08-01), Eickemeyer et al.
patent: 5943338 (1999-08-01), Duclose et al.
patent: 6111858 (2000-08-01), Greaves et al.
patent: 6216167 (2001-04-01), Momirov
patent: 6304657 (2001-10-01), Yokata et al.
patent: 6334190 (2001-12-01), Silverbrook et al.
patent: 7177421 (2007-02-01), Buer et al.
patent: 2001/0021253 (2001-09-01), Furuya et al.
patent: WO 01/80483 (2001-10-01), None
Sait, S.M., et al., “A Novel Technique for Fast Multiplication,” Computers and Communications, Conference Proceedings of the 1995 IEEE Fourteenth Annual International Phoenix Conference on Mar. 28-31, 1995, pp. 109-114.
Hao-Yung Lo, et al., “A High-Speed Self-Timing Carry-Completion for Direct Two's Complement Multipliers,” Circuits and Systems IEEE APCCAS 1998, The 1998 IEEE Asia-Pacific Conference on Nov. 24-27, 1998, pp. 643-646.
Ragab, A., et al., “An Efficient Message Digest Algorithm (MD) for Data Security,” Electrical and Electronic Technology, TENCON, Proceedings of IEEE Region 10 International Conference on vol. 1, Aug. 19-22, 2001, pp. 191-197.
Deepakumara, J., et al, “FPGA Implementation of MD5 Hash Algorithm,” Electrical and Computer Engineering, 2001, Canadian Conference on May 13-16, 2001, vol. 2, pp. 919-924.
International Search Report for Application No. PCT/US02/00642, Search completed on Oct. 17, 2002, The Netherlands.
Sedgewick, R., “Algorithms in C—Third Edition,” 1998, Addison Wesley, XP002163543, pp. 573-608.
“Secure Products VMS15,” VLSI Technology, Inc., Printed in USA, Document Control: VMS115, VI, 0, Jan. 1999, pp. 1-2.
“VMS115 Data Sheet,” VLSI Technology, Inc., a subsidiary of Philips Semiconductors, Revision 2:3, Aug. 10, 1999, pp. 1-64.
“Data Sheet 7751 Encryption Processor,” Network Security Processors, Jun. 1999, pp. 1-84.
Senie, D., “NAT Friendly Application Design Guidelines,” Amaranth Networks, Inc., NAT Working Group, Internet—Draft, Sep. 1999, pp. 1-7.
Floyd, Sally, et al., “Random Early Detection Gateways for Congestion Avoidance,” Lawrence Berkeley Laboratory, University of California, IEEE/ACM Transactions on Networking, Aug. 1993, pp. 1-32.
Egevang, K., et al, “The IP Network Address Translator (NAT),” Network Working Group, May 1994, pp. 1-10.
Pall, G.S., et al., “Microsoft Point-To-Point Encryption (MPPE) Protocol,” Microsoft Corporation, Network Working Group, Internet Draft, Oct. 1999, pp. 1-12.
Deutsch, P., “DEFLATE Compressed Data Format Specification Version 1.3,” Aladdin Enterprises, Network Working Group, May 1996, pp. 1-17.
Kent, S., “IP Authentication Header,” Network Working Group, Nov. 1998, pp. 1-22.
Kent, S. et al., “IP Encapsulating Security Payload (SP),” Network Working Group, Nov. 1998, pp. 1-22.
Maughan, D. et al., “Internet Security Association and Key Management Protocol (ISAKMP),” Network Working Group, Nov. 1998, pp. 1-20.
Harkins, D., et al, “The Internet Key Exchange (IKE),” Cisco Systems, Network Working Group, Nov. 1998, pp. 1-12.
Srisuresh, P., “Security Model with Tunnel-mode Ipsec for NAT Domains,” Lucent Technologies, Network Working Group, Oct. 1999, pp. 1-11.
Shenker, S., “Specification of Guaranteed Quality of Service,” Network Working Group, Sep. 1997, pp. 1-20.
Srisuresh, P. et al., “IP Network Address Translator (NAT) Terminology and Considerations,” Lucent Technologies, Network Working Group, Aug. 1999 pp. 1-30.
Kent, S. et al., “Security Architecture for the Internet Protocol,” Network Working Group, Nov. 1998, pp. 1-66.
“Compression for Broadband Data Communications,” BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-9.
“Securing and Accelerating e-Commerce Transactions,” BlueSteel Networks, Inc., Revision 2.0, Oct. 20, 1999, pp. 1-7.
“Securing Broadband Communications,” BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-10.
Analog Devices: “ADSP2141 SafeNetDPS User's Manual, Revision 6,” Analog Devices Technical Specifications, Mar. 2000, XP002163401, 87 pages.
C. Madson, R. Glenn: “RFC 2403—The Use of HMAS-MD5-96 within ESP and AH,” IETF Request for Comments, Nov. 1998, XP002163402, Retrieved from Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2403.html, 5 pages.
S. Kent, R. Atkinson: “RFC 2406-IP Encapsulating Security Payload (ESP),” IETF Request for Comments, Nov. 1998, XP002163400, Retrieved from the Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2406.html, 5 pages.
Keromytis, et al., “Implementing IPsec,” Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 1948-1952.
Pierson, et al., “Context-Agile Encryption for High Speed Communication Networks,” Computer Communications Review, Association for Computing Machinery, vol. 29, No. 1, Jan. 1999, pp. 35-49.
Sholander, et al, “The Effect of Algorithm-Agile Encryption on ATM Quality of Service,” Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 470-474.
Smirni, et al., “Evaluation of Multiprocessor Allocation Policies,” Technical Report, Vanderbilt University, Online, 1993, pp. 1-21.
Tarman, et al., “Algorithm-Agile Encryption in ATM Networks,” IEEE Computer, Sep. 1998, vol. 31, No. 1, pp. 57-64.
Wassal, et al., “A VLSI Architecture for ATM Algorithm-Agile Encryption,” Proceedings Ninth Great Lakes Symposium on VLSI, Mar. 4-6, 1999, pp. 325-328.
Analog Devices: “Analog Devices and IRE Announce First DSP-Based Internet Security System-On-A-Chip,” Analog Devices Press Release, Online, Jan. 19, 1999, pp. 1-3. http://content.analog.com/pressrelease/prdisplay/0,1622,16,00.html.
3Com: “3Com Launches New Era of Network Connectivity,” 3Com Press Release, Jun. 14, 1999, pp. 1-3.
Schneier, B., “Applied Cryptography, Second Edition,” 1996, John Wiley & Sons, New York, pp. 436-445.
Touch, Joseph D., “Performance Analysis of MD5”, Computer Communications Review, Association for Computing Machinery, New York, vol. 25, No. 44, Oct. 1, 1995, pp. 77-86.
Bellare, et al., “Message Authentication Using Hash Functions—The HMAC Construction,” vol. 2, No. 1, 1996, pp. 1-5.
Stallings, w., “SHA: The Secure Wash Algorithm Putting Message Digests to

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Authentication engine architecture and method does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Authentication engine architecture and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication engine architecture and method will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2729307

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.