Cryptography – Particular algorithmic function encoding
Reexamination Certificate
2007-02-13
2007-02-13
Moise, Emmanuel L. (Department: 2137)
Cryptography
Particular algorithmic function encoding
C380S029000, C380S030000, C380S265000, C708S252000, C365S078000, C711S108000, C711S219000
Reexamination Certificate
active
09827882
ABSTRACT:
Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops. In one particular example of applying the invention in an authentication engine using the HMAC-SHA1 algorithm of the IPSec protocol, collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the ads, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.
REFERENCES:
patent: 4041292 (1977-08-01), Kindell
patent: 4754422 (1988-06-01), Sakai et al.
patent: 4801935 (1989-01-01), Cairns
patent: 5297206 (1994-03-01), Orton
patent: 5299319 (1994-03-01), Vassiliadis et al.
patent: 5548544 (1996-08-01), Matheny et al.
patent: 5796836 (1998-08-01), Markham
patent: 5870474 (1999-02-01), Wasilewski et al.
patent: 5936967 (1999-08-01), Baldwin et al.
patent: 5940877 (1999-08-01), Eickemeyer et al.
patent: 5943338 (1999-08-01), Duclos et al.
patent: 6111858 (2000-08-01), Greaves et al.
patent: 6216167 (2001-04-01), Momirov
patent: 6304657 (2001-10-01), Yokota et al.
patent: 6334190 (2001-12-01), Silverbrook et al.
patent: 2001/0021253 (2001-09-01), Furuya et al.
patent: WO 01/80483 (2001-10-01), None
Sait et al, A Novel Technique for Fast Multiplication, 1995, IEEE, 109-114.
Schneier, B., “Applied Cryptography, Second Edition”, 1996, John Wiley & Sons, New York, pp. 436-445.
Touch, Joseph D., “Perforamance Analysis of MD5”, Computer Communications Review, Association for Computing Machinery, New York, vol. 25, No. 44, Oct. 1, 1995, pp. 77-86.
Bellare, et al., “Message Authentication Using Hash Functions—The HMAC Construction”, vol. 2, No. 1, 1996, pp. 1-5.
Stallings, W., “SHA: The Secure Wash Algorithm Putting Message Digests to Work”, Dr. Dobbs Journal, Redwood City, CA, US, Apr. 1, 1994, pp. 32, 34.
Sait, S. M., et al. “A Novel Technique for Fast Multiplication.” Computers and Communicatins, Conference Proceedings of the 1995 IEEE Fourteenth Annual International Phoenix Conference on Mar. 28-31, 1995, pp. 109-114.
Hao-Yung Lo, et al. “A High-Speed Self-Timing Carry-Completion for Direct Two's Complement Multipliers.” Circuits and Systems IEEE APCCAS 1998. The 1998 IEEE Asia-Pacific congerence on Nov. 24-27, 1998, pp. 643-646.
Ragab, A. et al. “An Efficient Message Digest Algorithm (MD) for Data Security.” Electrical and Electronic Technology, TENCON. Proceedings of IEEE Region 10 International Conference on vol. 1, Aug. 19-22, 2001, pp. 191-197.
Deepakumara, J., et al. “FPGA Implementation of MD5 Hash Algorithm.” Electrical and Computer Engineering, 2001. Canadian Conference on May 13-16, 2001, vol. 2, pp. 919-924.
International Search Report for Application No. PCT/US02/00642; search completed on Oct. 17, 2002, The Netherlands.
Sedgewick. R. “Algorithms in C- Third Edition,”1998, Addison Wesley, XP002163543, pp. 573-608.
“Secure Products VMS115”, VLSI Technology, Inc., Printed in USA, Document Control: VMS115, VI,0, Jan. 1999, pp. 1-2.
“VMS115 Data Sheet”, VLSI Technology, Inc., a subsidiary of Philips Semiconductors, Revision 2:3, Aug. 10, 1999, pp. 1-64.
“Data Sheet 7751 Encryption Processor”, Network Security Processors, Jun. 1999, pp. 1-84.
Senie, D., “NAT Friendly Application Design Guidelines,” Amaranth Networks, Inc., NAT Working Group, Internet-Draft, Sep. 1999, pp. 1-7.
Floyd, Sally, et al., “Random Early Detection Gateways for Congestion Avoidance”, Lawrence Berkeley Laboratory, University of California, IEEE/ACM Transactions on Networking, Aug. 1993, pp. 1-32.
Egevang, K., et al., “The IP Network Address Translator (NAT)”, Network Working Group, May 1994, pp. 1-10.
Pall, G. S., et al., “Microsoft Point-To-Point Encryption (MPPE) Protocol”, Microsoft Corporation, Network Working Group, Internet Draft, Oct. 1999, pp. 1-12.
Deutsch, P., “Deflate Compressed Data Format Specification Version 1.3”, Aladdin Enterprises, Network Working Group, May 1996, pp. 1-17.
Kent, S., “IP Authentication Header”, Network Working Group, Nov. 1998, pp. 1-22.
Kent, S., et al., “IP Encapsulating Security Payload (ESP)”, Network Working Group, Nov. 1998, pp. 1-22.
Maughan, D., et al., “Internet Security Association and Key Management Protocol (ISAKMP)”, Network Working Group, Nov. 1998, pp. 1-20.
Harkins, D., et al., “The Internet Key Exchange (IKE)”, Cisco Systems, Network Working Group, Nov. 1998, pp. 1-12.
Srisuresh, P., “Security Model with Tunnel-mode Ipsec for NAT Domains”, Lucent Technologies, Network Working Group, Oct. 1999, pp. 1-11.
Shenker, S., “Specification of Guaranteed Quality of Service”, Network Working Group, Sep. 1997, pp. 1-20.
Srisuresh, P., et al., “IP Network Address Translator (NAT) Terminology and Considerations”, Lucent Technologies, Network Working Group, Aug. 1999, pp. 1-30.
Kent, S., et al., “Security Architecture for the Internet Protocol”, Network Working Group, Nov. 1998, pp. 1-66.
“Compression for Broadband Data Communications”, BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-9.
“Securing and Accelerating e-Commerce Transactions”, BlueSteel Networks, Inc., Revision 2.0, Oct. 20, 1999, pp. 1-7.
“Securing Broadband Communications”, BlueSteel Networks, Inc., Sep. 8, 1999, pp. 1-10.
Analog Devices: “ADSP2141 SafeNetDPS User's Manual, Revision 6”, Analog Devices Technical Specifications, Mar. 2000, XP002163401, 87 Pages.
C. Madson, R. Glenn: “RFC 2403- The Use of HMAC-MD5-96 within ESP and AH”, IETF Request for Comments, Nov. 1998, XP002163402, Retrieved from Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2403.html, 5 pages.
S. Kent, R. Atkinson: “RFC 2406-IP Encapsulating Security Payload (ESP)” IETF Request for Comments, Nov. 1998, XP002163400, Retrieved from the Internet on Mar. 20, 2001, http://www.faqs.org/rfcs/frc2406.html, 5 pages.
Keromytis, et al., “Implementing IPsec”, Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 1948-1952.
Pierson, et al., “Context-Agile Encryption for High Speed Communication Networks”, Computer Communications Review, Assocaition for Computing Machinery, vol. 29, No. 1, Jan. 1999, pp. 35-49.
Sholander, et al., “The Effect of Algorithm-Agile Encryption on ATM Quality of Service”, Global Telecommunications Conference (Globecom), IEEE, Nov. 3, 1997, pp. 470-474.
Smirni, et al., “Evaluation of Multiprocessor Allocation Policies”, Techical Report, Vanderbilt Univeristy, Online, 1993, pp. 1-21.
Tarman, et al., “Algorithm-Agile Encryption in ATM Networks”, IEEE Computer, Sep. 1998, vol. 31, No. 1, pp. 57-64.
Wassal, et al., “A VLSI Architecture for ATM Algorithm-Agile Encryption”, Proceedings Ninth Great Lakes Symposium on VLSI, Mar. 4-6, 1999, pp. 325-328.
Analog Devices: “Analog Devices and IRE Announce First DSP-Based Internet Security System-On-A-Chip”, Analog Devices Press Release, Online, Jan. 19, 1999, pp. 1-3. http://content.analog.com/pressrelease/prdisplay/0,1622,16,00.html.
3Com: “3
Buer Mark
Law Patrick Y.
Qi Zheng
Broadcom Corporation
Callahan Paul
Moise Emmanuel L.
Sterne Kessler Goldstein & Fox PLLC
LandOfFree
Authentication engine architecture and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication engine architecture and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication engine architecture and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3859288