Separating Message Authentication Code Generation From Checking
Original Publication Date: 1987-Mar-01
Included in the Prior Art Database: 2005-Feb-01
This article describes a message authentication method wherein generation of a message authentication code (MAC) by the message transmitter and the use of it by the receiver to check the message are separate and distinct functions such that the receiver is denied the capability to regenerate the MAC. In other words, the method is such that MAC checking does not imply a capability for MAC generation, which, if available, might be misused to produce a fraudulent MAC on an altered or substituted message. The described method utilizes cryptographic techniques which have been previously described [*]. Fig. 1 illustrates two hosts 10 and 20 at respective domains in a network, and represents an environment in which the described method of MAC generation and checking would apply.