Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1997-04-18
2001-09-11
Cangialosi, Salvatore (Department: 2732)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S170000
Reexamination Certificate
active
06289451
ABSTRACT:
FIELD OF THE INVENTION
The invention relates generally to the field of communications, and more particularly to a system and method for efficiently providing a, authenticated communications channel, that facilitates detection of tampering, for transferring information between a source device and a destination device over a network.
BACKGROUND OF THE INVENTION
Digital networks have been developed to facilitate the transfer of information, including data and programs, among digital computer systems and other digital devices. A variety of types of networks have been developed and implemented, including so-called “wide-area networks” (WANs), “local area networks” (LANs), which transfer information using diverse information transfer methodologies. Generally, LANs are implemented over relatively small geographical areas, such as within an individual office facility or the like, for transferring information within a particular office, company or similar type of organization. On the other hand, WANs are implemented over relatively large geographical areas, and may be used to transfer information between LANs, between devices that are not connected to LANs, and the like. WANs also include public networks, such as the Internet, which can carry information for a number of companies.
Several problems have arisen in connection with transfer of information over networks, particularly public networks. One problem is privacy, so that, if information to be transferred from a source device to a destination device over the network is intercepted by a third device, the intercepting device cannot determine what the actual information is. A second problem is tamper detection, so that, if information transferred from the source device to the destination device has been intercepted and tampered with by a third device, the tampering can be detected. A final problem is to ensure that information received by the destination device is “authentic,” that is, that, if the information indicates that it has been transmitted by the source device, it (that is, the information) has actually be transmitted by the source device and not by a third device.
All of these problems are addressed by communication methodology as follows. When the source device has information (“INF”) to be transferred, the source device first processes the information using a hash function to generate a hash value, that is, HASH(INF). Generally, a hash function takes an input value, in this case “INF,” and generates therefrom an output value, in this case “HASH(INF),” that
(1) is of fixed length, even though the length of the input value may vary;
(2) is such that the hash value generated using the hash function is highly likely to be unique; that is, that it is highly unlikely that different input values would “hash” to the same hash value; and
(3) is such that, given the hash value “HASH(INF),” the input cannot be determined, with a high degree of probability, even if the hash function is known, that is, the hash function is not invertible.
With respect to condition (2) above, it is generally possible that different input values may hash to the same hash value, but if the number of possible hash values is made large enough, it would be extremely unlikely that two different input values would actually hash to the same hash value. If, for example, the length of the hash value is selected to be 128 digital data bits, then the number of possible different hash values would be 2
128
(which corresponds to approximately 10
38
), which is an extremely large number. A number of hash functions are known, including, for example, those described in B. Schneier, “Applied Cryptography,” 2d Edition (Wiley) (hereinafter “Schneier”), chapter 18, incorporated herein by reference. As will be described below, the destination device will be aware of the particular hash function used by the source device.
After generating the hash value HASH(INF), the source device will concatenate the hash value to the information to be transferred, thereby to generate an information packet “INF|HASH)(INF)”(where “|” represents the concatenation operation). The “HASH(INF)” portion of the information packet represents a signature value for the information portion “INF.”
Finally, the source device will encrypt the entire information packet INF|HASH(INF), thereby to generate a message packet E
K
—
KEY
(INF|HASH(INF)) to be transferred. The source device may use any encryption methodology, which will be known by the destination device. A number of encryption methodologies are known, including, for example, those as described in Parts II and III of Schneier, which is also incorporated herein by reference. Generally, encryption is performed in relation to one or more encryption key values (represented above by the subscript “E_KEY”). In one methodology, the source device can use a particular key value, which is also known by the destination device and which, as will be described below, will be used by the destination device in decrypting the message packet. In another methodology, which is known as the “public key/private key” encryption methodology, the source device will encrypt the information packet INF|HASH(INF) in relation to one value PRIV_S, termed the private key, to generate a message packet E
PRIV
—
S
(INF|HASH(INF)) for transfer to the destination device.
When the destination device receives a message packet which is purportedly from the particular source device, it (that is, the destination device) will initially perform a decryption operation to generate a decrypted information packet D
D
—
KEY
(E
E
—
KEY
(INF|HASH(INF))) using a decryption methodology and decryption key value “E_KEY” which will be related to the particular encryption methodology and encryption key value used by the source device. Decryption methodologies useful with the encryption techniques described in Parts II and III of Schneier are also described therein. If the source and destination devices are not using the public key/private key encryption methodology, the decryption key value “D_KEY” may be the same as the encryption key value “E_KEY” used by the source device in encrypting the operation. If the decryption key value “D_KEY” and the encryption key value “E_KEY” are the same, the encryption methodology is generally referred to as a symmetric cipher; an illustrative symmetric cipher is the Data Encryption Algorithm (“DEA”) specified by the Data Encryption Standard (“DES”) described in chapter 12 of Schneier. On the other hand, if the source and destination devices are using the public key/private key encryption methodology, then the key value used by the destination device would be the source device's public key value PUB_S, in which case the destination device would generate the decrypted information packet D
PUB
—
S
(INF|HASH(INF))).
The encryption of the message packet that is transferred between the source and destination devices ensures that the information in the packet will be private, to a high probability, particularly if the encryption and decryption keys are maintained in secrecy and not known by potential interceptors. However, encryption does not verify that the information packet has not been tampered with by a third device, nor does encryption by itself necessarily verify that the information packet was, in fact, transmitted by the particular source device which the destination device believes transmitted it. To accomplish this, the destination device will initially assume that the decrypted information packet D
D
—
KEY
(E
E
—
KEY
(INF|HASH(INF))) has the structure INF|HASH(INF)′, that is, that it has an information packet with a hash value appended thereto, with the hash value being of the same length as the hash value of the information packet that was encrypted by the source device. Using the same hash function as the source device would use in generating the information packet, the destination device generates a hash value from the information portion of the packet, that is, HASH(INF&p
Cangialosi Salvatore
Chapin Barry W.
Chapin & Huang , L.L.C.
Sun Microsystems Inc.
LandOfFree
System and method for efficiently implementing an... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for efficiently implementing an..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for efficiently implementing an... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2519768