Browse Prior Art Database

Method for Generating and Verifying Message Authentication Codes In a High Speed Network

IP.com Disclosure Number: IPCOM000112352D
Original Publication Date: 1994-May-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 6 page(s) / 193K

Publishing Venue

IBM

Related People

Hershey, PC: AUTHOR [+6]

Abstract

This article describes a method for implementing a plurality of message authentication code algorithms in a high speed network environment using a finite state machine. Message Authentication Codes (MACs) are cryptographic check digits transmitted with and typically appended to a message by its originator and subsequently used by a recipient to verify the authenticity of the message (i.e., to detect unauthorized modification of the message during transmission or storage.) Although the term MAC is used in this article, it does not necessarily imply the use of the Data Encryption Algorithm as defined in the ANSI X9.9 standard for computing the check digits.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 37% of the total text.

Method for Generating and Verifying Message Authentication Codes
In a High Speed Network

      This article describes a method for implementing a plurality of
message authentication code algorithms in a high speed network
environment using a finite state machine.  Message Authentication
Codes (MACs) are cryptographic check digits transmitted with and
typically appended to a message by its originator and subsequently
used by a recipient to verify the authenticity of the message (i.e.,
to detect unauthorized modification of the message during
transmission or storage.)  Although the term MAC is used in this
article, it does not necessarily imply the use of the Data Encryption
Algorithm as defined in the ANSI X9.9 standard for computing the
check digits.  In the past, MAC generation and verification has been
accomplished using complex cryptographic algorithms requiring various
levels of logic including ANDs, ORs, multiplication, feedback,
iteration, etc.  This conventional approach is not suitable for
communications environments where data is transferred or processed at
very high speed (e.g., gigabits, terabits, or more per second.)  In
contrast, the method to be described by this invention is applicable
to any high speed communications environment in which message
authentication is required.

      Fig. 1 is a block diagram of a digital filter which is the
fundamental building block of the MAC generator and MAC verifier.
The digital filter is composed of three elements: an N-bit wide
address register, an address decoder and a Random Access Memory
(RAM).  The N-1 least significant address output bits of the RAM are
fed back as the N-1 most significant bits of the next address.  A
single bit of a serial input data stream serves as the least
significant bit of the next address.  The remaining RAM output bits
are used as external output lines.  (Analogous addressing schemes may
also be implemented using a parallel input data stream.  In this
case, the N-k least significant output bits of the RAM are fed back
as the N-k most significant bits of the next RAM address.  The next k
bits of the parallel data stream form the least significant k bits of
the next RAM address.  For simplicity, we shall consider only a
serial input data stream.)

      The RAM is programmed to process the serial input string in the
manner defined by a Finite State Machine (FSM) implementation of the
desired function to be performed.  For example, the RAM might be
programmed to scan the high-speed input serial data stream for a
pre-defined bit pattern, then output a second pattern when the
pre-defined pattern is detected.  The RAM might also be programmed to
output an algorithmic function of the input data stream, like the
one's complement.  The contents of the RAM may be permanent (i.e.,
Read-Only Memory) or may be loaded by an external device at system
initialization time.

      The ability of the FSM to implement a given algorithm depends
on...