Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Packet header designating cryptographically protected data
Reexamination Certificate
2006-02-07
2006-02-07
Caldwell, Andrew (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Packet header designating cryptographically protected data
C713S168000, C380S268000
Reexamination Certificate
active
06996712
ABSTRACT:
A data authentication system that at the sender produces for a plurality of data packets a plurality of “integrity checks” by selecting an integrity function from a family or set of integrity functions, selecting a number of bytes from a given packet and manipulating the bytes in accordance with the selected integrity function to produce the integrity check. The system then selects corresponding bytes or bytes that are offset from the corresponding bytes from a next packet and produces a next associated integrity check using the same or another selected integrity check function, and so forth. The system encrypts the integrity checks associated with the plurality of data packets using, for example, a shared secret key, and produces an integrity block. The system then sends the encrypted integrity block and the data packets to the intended recipients. A recipient decrypts the integrity block using the shared secret key and reproduces the integrity checks. It then uses the integrity checks to authenticate the associated data packets by manipulating selected data bytes in accordance with selected integrity check functions. The recipient thus authenticates a plurality of data packets by performing a single decryption operation and a plurality of relatively fast integrity check operations using a selection of integrity check functions that are unknown to an interloper. The sender may also include in a transmission one or more extraneous, or “chaff,” data packets, which are data packets that intentionally fail the associated integrity checks. The sender may, for example, include in a transmission multiple sets of packets with the same sequence numbers. The recipient readily determines which of the packets with the same sequence numbers are valid using the appropriate integrity check. However, an interloper who cannot decipher the encrypted integrity block cannot as easily determine which of the packets are valid, and thus, cannot determine which packets to alter and/or how to alter these packets without detection by the integrity checks.
REFERENCES:
patent: 4924513 (1990-05-01), Herbison et al.
patent: 5081678 (1992-01-01), Kaufman et al.
patent: 5266942 (1993-11-01), Stoller
patent: 5349642 (1994-09-01), Kingdon
patent: 5440633 (1995-08-01), Augustine et al.
patent: 5625693 (1997-04-01), Rohatgi et al.
patent: 5850449 (1998-12-01), McManis
patent: 5946467 (1999-08-01), Pathakis et al.
patent: 5948119 (1999-09-01), Bock et al.
patent: RE36752 (2000-06-01), Koopman, Jr. et al.
patent: 6327660 (2001-12-01), Patel
Rivest, Chaffing and Winnowing: Confidentiality Without Encryption, Apr. 24, 1998.
Menezes et al., Handbook of Applied Cryptography, 1997, CRC Press, pp. 323-327.
Rivest, “Chaffing and Winnowing: Confidentiality Without Encryption”, Apr. 24, 1998, http//theory.Ics.mit.edu/-rivest/chaffing.txt.
Hanna Stephen R.
Perlman Radia J.
Caldwell Andrew
Kudirka & Jobse LLP
Nguyen Minh Dieu
Sun Microsystems Inc.
LandOfFree
Data authentication system employing encrypted integrity blocks does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data authentication system employing encrypted integrity blocks, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data authentication system employing encrypted integrity blocks will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3625168