IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0478947
(2000-01-06)
|
발명자
/ 주소 |
|
출원인 / 주소 |
- Intertrust Technologies, Corp.
|
대리인 / 주소 |
Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P.
|
인용정보 |
피인용 횟수 :
127 인용 특허 :
0 |
초록
▼
A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to pr
A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.
대표청구항
▼
1. A method for processing data in a manner designed to protect the data's secrecy and integrity, the method including:encrypting the data;generating a first validation code for use in detecting modification to the encrypted data;transmitting the encrypted data and the first validation code;receivin
1. A method for processing data in a manner designed to protect the data's secrecy and integrity, the method including:encrypting the data;generating a first validation code for use in detecting modification to the encrypted data;transmitting the encrypted data and the first validation code;receiving the encrypted data and the first validation code;performing an integrated processing pass on the encrypted data, the integrated processing pass being operable to decrypt the encrypted data and to use at least one internal state of the decryption process to generate a second validation code, the second validation code being operable to detect modification to the encrypted data or to the first validation code. 2. A method as in claim 1, in which performing the integrated processing pass on the encrypted data includes:decrypting a block of encrypted data using a multi-round block cipher;obtaining a first internal state of the multi-round block cipher;performing a mixing operation on one or more mixing-function inputs and an input validation value, the mixing operation being operable to generate an output validation value, wherein:the input validation value is derived, at least in part, from a predetermined value;at least a first mixing-function input is derived, at least in part, from the first internal state of the multi-round block cipher; andthe second validation code is derived, at least in part, from the output validation value. 3. A method as in claim 2, in which performing the integrated processing pass on the encrypted data further includes:obtaining a second internal state of the multi-round block cipher;wherein at least a second mixing-function input is derived, at least in part, from the second internal state of the multi-round block cipher. 4. A method as in claim 3, in which the first internal state comprises a first output from a predefined round of the multi-round block cipher, and in which the second internal state comprises a second output from the predefined round of the multi-round block cipher. 5. A method as in claim 1, in which performing the integrated processing pass on the encrypted data includes:decrypting at least a first portion of the encrypted data using first logic;obtaining first and second intermediate internal states from the first logic;performing a mixing operation on one or more mixing-function inputs and an input validation value, the mixing operation being operable to yield an output validation value, wherein:a first mixing-function input is derived, at least in part, from the first intermediate internal state; anda second mixing-function input is derived, at least in part, from the second intermediate internal state. 6. A method as in claim 5, in which the first logic comprises programming code stored on a computer-readable medium and executed by a processing unit. 7. A method as in claim 5, in which at least a portion of the first logic comprises an integrated circuit. 8. A method as in claim 1, in which transmitting the encrypted data and the first validation code includes writing the encrypted data and the first validation code to a storage device; and in which receiving the encrypted data and the first validation code includes loading the encrypted data and the first validation code from the storage device into a memory unit. 9. A method as in claim 1, further including:checking the authenticity of the encrypted data, the checking including:comparing the second validation code to the first validation code. 10. A method as in claim 9, further including:preventing a use of the decrypted data if comparing the second validation code to the first validation code indicates that a predefined relationship between the first and second validation codes is not satisfied. 11. A method as in claim 1, wherein the data comprises an executable computer program. 12. A method for processing data to protect its secrecy and integrity, the method including:encrypting the data;generating a first validation code for use in detecting modification to the encrypted data;transmitting the encrypted data and the first validation code;wherein the encrypted data are configured to be decrypted using an integrated processing pass that is operable to produce decrypted data and to use at least one internal state of the decryption process to generate a second validation code, the second validation code being equal to the first validation code if the encrypted data were not modified before decryption. 13. A method as in claim 12, in which generating a first validation code includes:performing an integrated processing pass on the encrypted data, the integrated processing pass including:decrypting the encrypted data using first logic;obtaining a first internal state from the first logic; andusing, at least in part, the first internal state to generate the first validation code. 14. A method as in claim 13, in which performing an integrated processing pass on the encrypted data further includes:obtaining a second internal state from the first logic; andusing, at least in part, the second internal state to generate the first validation code. 15. A method as in claim 12, in which the data are encrypted using a block cipher selected from the group consisting of: Rijndael, the Tiny Encryption Algorithm, DES, and Blowfish.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.