AU2001253888A1 - Authentication engine architecture and method - Google Patents
Authentication engine architecture and methodInfo
- Publication number
- AU2001253888A1 AU2001253888A1 AU2001253888A AU5388801A AU2001253888A1 AU 2001253888 A1 AU2001253888 A1 AU 2001253888A1 AU 2001253888 A AU2001253888 A AU 2001253888A AU 5388801 A AU5388801 A AU 5388801A AU 2001253888 A1 AU2001253888 A1 AU 2001253888A1
- Authority
- AU
- Australia
- Prior art keywords
- sha1
- authentication
- hmac
- algorithm
- rounds
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/125—Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations
Landscapes
- Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Stored Programmes (AREA)
- Communication Control (AREA)
- Storage Device Security (AREA)
Abstract
Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops. In one particular example of applying the invention in an authentication engine using the HMAC-SHA1 algorithm of the IPSec protocol, collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the ads, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.
Applications Claiming Priority (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US19715200P | 2000-04-13 | 2000-04-13 | |
| US60197152 | 2000-04-13 | ||
| US26142501P | 2001-01-12 | 2001-01-12 | |
| US60261425 | 2001-01-13 | ||
| US09827882 | 2001-04-04 | ||
| US09/827,882 US7177421B2 (en) | 2000-04-13 | 2001-04-04 | Authentication engine architecture and method |
| PCT/US2001/040507 WO2001080483A2 (en) | 2000-04-13 | 2001-04-11 | Authentication engine architecture and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| AU2001253888A1 true AU2001253888A1 (en) | 2001-10-30 |
Family
ID=27393706
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| AU2001253888A Abandoned AU2001253888A1 (en) | 2000-04-13 | 2001-04-11 | Authentication engine architecture and method |
Country Status (6)
| Country | Link |
|---|---|
| US (2) | US7177421B2 (en) |
| EP (1) | EP1273129B1 (en) |
| AT (1) | ATE304759T1 (en) |
| AU (1) | AU2001253888A1 (en) |
| DE (1) | DE60113395T2 (en) |
| WO (1) | WO2001080483A2 (en) |
Families Citing this family (58)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7996670B1 (en) | 1999-07-08 | 2011-08-09 | Broadcom Corporation | Classification engine in a cryptography acceleration chip |
| US6477646B1 (en) | 1999-07-08 | 2002-11-05 | Broadcom Corporation | Security chip architecture and implementations for cryptography acceleration |
| US7177421B2 (en) | 2000-04-13 | 2007-02-13 | Broadcom Corporation | Authentication engine architecture and method |
| US7328349B2 (en) * | 2001-12-14 | 2008-02-05 | Bbn Technologies Corp. | Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses |
| US20040064737A1 (en) * | 2000-06-19 | 2004-04-01 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses |
| US20040073617A1 (en) * | 2000-06-19 | 2004-04-15 | Milliken Walter Clark | Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail |
| US20020061107A1 (en) | 2000-09-25 | 2002-05-23 | Tham Terry K. | Methods and apparatus for implementing a cryptography engine |
| US7277542B2 (en) | 2000-09-25 | 2007-10-02 | Broadcom Corporation | Stream cipher encryption application accelerator and methods thereof |
| US7299355B2 (en) | 2001-01-12 | 2007-11-20 | Broadcom Corporation | Fast SHA1 implementation |
| US7200105B1 (en) | 2001-01-12 | 2007-04-03 | Bbn Technologies Corp. | Systems and methods for point of ingress traceback of a network attack |
| US7489779B2 (en) * | 2001-03-22 | 2009-02-10 | Qstholdings, Llc | Hardware implementation of the secure hash standard |
| US7249255B2 (en) * | 2001-06-13 | 2007-07-24 | Corrent Corporation | Apparatus and method for a hash processing system using multiple hash storage areas |
| US7360076B2 (en) | 2001-06-13 | 2008-04-15 | Itt Manufacturing Enterprises, Inc. | Security association data cache and structure |
| US7213148B2 (en) | 2001-06-13 | 2007-05-01 | Corrent Corporation | Apparatus and method for a hash processing system using integrated message digest and secure hash architectures |
| US20020191783A1 (en) * | 2001-06-13 | 2002-12-19 | Takahashi Richard J. | Method and apparatus for creating a message digest using a multiple round, one-way hash algorithm |
| US7266703B2 (en) | 2001-06-13 | 2007-09-04 | Itt Manufacturing Enterprises, Inc. | Single-pass cryptographic processor and method |
| US7861104B2 (en) | 2001-08-24 | 2010-12-28 | Broadcom Corporation | Methods and apparatus for collapsing interrupts |
| US7403615B2 (en) | 2001-08-24 | 2008-07-22 | Broadcom Corporation | Methods and apparatus for accelerating ARC4 processing |
| TWI230532B (en) * | 2002-03-05 | 2005-04-01 | Admtek Inc | Pipelined engine for encryption/authentication in IPSEC |
| US7237262B2 (en) * | 2002-07-09 | 2007-06-26 | Itt Manufacturing Enterprises, Inc. | System and method for anti-replay processing of a data packet |
| US7191341B2 (en) * | 2002-12-18 | 2007-03-13 | Broadcom Corporation | Methods and apparatus for ordering data in a cryptography accelerator |
| US7568110B2 (en) * | 2002-12-18 | 2009-07-28 | Broadcom Corporation | Cryptography accelerator interface decoupling from cryptography processing cores |
| US7181009B1 (en) | 2002-12-18 | 2007-02-20 | Cisco Technology, Inc. | Generating message digests according to multiple hashing procedures |
| US7434043B2 (en) | 2002-12-18 | 2008-10-07 | Broadcom Corporation | Cryptography accelerator data routing unit |
| US20040123123A1 (en) * | 2002-12-18 | 2004-06-24 | Buer Mark L. | Methods and apparatus for accessing security association information in a cryptography accelerator |
| US20040123120A1 (en) * | 2002-12-18 | 2004-06-24 | Broadcom Corporation | Cryptography accelerator input interface data handling |
| CN100449986C (en) * | 2003-01-28 | 2009-01-07 | 华为技术有限公司 | Method for raising operational speed of key-hashing method |
| US8041957B2 (en) * | 2003-04-08 | 2011-10-18 | Qualcomm Incorporated | Associating software with hardware using cryptography |
| US20040268123A1 (en) * | 2003-06-27 | 2004-12-30 | Nokia Corporation | Security for protocol traversal |
| US7908484B2 (en) * | 2003-08-22 | 2011-03-15 | Nokia Corporation | Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack |
| US7826614B1 (en) | 2003-11-05 | 2010-11-02 | Globalfoundries Inc. | Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation |
| US7747020B2 (en) * | 2003-12-04 | 2010-06-29 | Intel Corporation | Technique for implementing a security algorithm |
| US7684563B1 (en) * | 2003-12-12 | 2010-03-23 | Sun Microsystems, Inc. | Apparatus and method for implementing a unified hash algorithm pipeline |
| WO2005101793A1 (en) * | 2004-04-14 | 2005-10-27 | Nortel Networks Limited | Securing home agent to mobile node communication with ha-mn key |
| US20060136717A1 (en) | 2004-12-20 | 2006-06-22 | Mark Buer | System and method for authentication via a proximate device |
| US8295484B2 (en) | 2004-12-21 | 2012-10-23 | Broadcom Corporation | System and method for securing data from a remote input device |
| JP4549303B2 (en) * | 2005-02-07 | 2010-09-22 | 株式会社ソニー・コンピュータエンタテインメント | Method and apparatus for providing a message authentication code using a pipeline |
| US8059551B2 (en) * | 2005-02-15 | 2011-11-15 | Raytheon Bbn Technologies Corp. | Method for source-spoofed IP packet traceback |
| KR100581662B1 (en) | 2005-08-31 | 2006-05-22 | 주식회사 칩스앤미디어 | Common engine for plural hash functions having different algorithms |
| US7921303B2 (en) | 2005-11-18 | 2011-04-05 | Qualcomm Incorporated | Mobile security system and method |
| US7995584B2 (en) * | 2007-07-26 | 2011-08-09 | Hewlett-Packard Development Company, L.P. | Method and apparatus for detecting malicious routers from packet payload |
| US8363827B2 (en) * | 2007-12-03 | 2013-01-29 | Intel Corporation | Method and apparatus for generic multi-stage nested hash processing |
| GB0812593D0 (en) * | 2008-07-09 | 2008-08-20 | Univ Belfast | Data security devices and methods |
| JP2010128392A (en) * | 2008-11-28 | 2010-06-10 | Canon Inc | Hash processing apparatus and hash processing method |
| US20110019814A1 (en) * | 2009-07-22 | 2011-01-27 | Joseph Roy Hasting | Variable sized hash output generation using a single hash and mixing function |
| US8514855B1 (en) * | 2010-05-04 | 2013-08-20 | Sandia Corporation | Extensible packet processing architecture |
| US9405537B2 (en) * | 2011-12-22 | 2016-08-02 | Intel Corporation | Apparatus and method of execution unit for calculating multiple rounds of a skein hashing algorithm |
| US8874933B2 (en) * | 2012-09-28 | 2014-10-28 | Intel Corporation | Instruction set for SHA1 round processing on 128-bit data paths |
| US10097345B2 (en) * | 2015-04-14 | 2018-10-09 | PeerNova, Inc. | Secure hash algorithm in digital hardware for cryptographic applications |
| US11070380B2 (en) | 2015-10-02 | 2021-07-20 | Samsung Electronics Co., Ltd. | Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method |
| US10262164B2 (en) * | 2016-01-15 | 2019-04-16 | Blockchain Asics Llc | Cryptographic ASIC including circuitry-encoded transformation function |
| US10454670B2 (en) * | 2016-06-10 | 2019-10-22 | Cryptography Research, Inc. | Memory optimization for nested hash operations |
| CN107835071B (en) * | 2017-11-03 | 2020-02-21 | 中国人民解放军国防科技大学 | Method and device for improving operation speed of key-in-hash method |
| US10372943B1 (en) | 2018-03-20 | 2019-08-06 | Blockchain Asics Llc | Cryptographic ASIC with combined transformation and one-way functions |
| US10256974B1 (en) | 2018-04-25 | 2019-04-09 | Blockchain Asics Llc | Cryptographic ASIC for key hierarchy enforcement |
| CN111899104B (en) * | 2018-11-27 | 2023-12-01 | 创新先进技术有限公司 | Service execution method and device |
| CN112564922B (en) * | 2020-12-22 | 2022-07-26 | 创元网络技术股份有限公司 | Multifunctional integrated high-speed HMAC-SHA1 password recovery method based on mimicry calculation |
| US11714620B1 (en) | 2022-01-14 | 2023-08-01 | Triad National Security, Llc | Decoupling loop dependencies using buffers to enable pipelining of loops |
Family Cites Families (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5870474A (en) | 1995-12-04 | 1999-02-09 | Scientific-Atlanta, Inc. | Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers |
| US4041292A (en) * | 1975-12-22 | 1977-08-09 | Honeywell Information Systems Inc. | High speed binary multiplication system employing a plurality of multiple generator circuits |
| JPS60140428A (en) * | 1983-12-28 | 1985-07-25 | Hitachi Ltd | Divider |
| US4801935A (en) * | 1986-11-17 | 1989-01-31 | Computer Security Corporation | Apparatus and method for security of electric and electronic devices |
| EP0478731A4 (en) | 1990-04-04 | 1993-09-22 | International Business Machines Corporation | Early scism alu status determination apparatus |
| US5297206A (en) | 1992-03-19 | 1994-03-22 | Orton Glenn A | Cryptographic method for communication and electronic signatures |
| US5548544A (en) | 1994-10-14 | 1996-08-20 | Ibm Corporation | Method and apparatus for rounding the result of an arithmetic operation |
| US5936967A (en) | 1994-10-17 | 1999-08-10 | Lucent Technologies, Inc. | Multi-channel broadband adaptation processing |
| US5796836A (en) | 1995-04-17 | 1998-08-18 | Secure Computing Corporation | Scalable key agile cryptography |
| US5943338A (en) | 1996-08-19 | 1999-08-24 | 3Com Corporation | Redundant ATM interconnect mechanism |
| US6111858A (en) | 1997-02-18 | 2000-08-29 | Virata Limited | Proxy-controlled ATM subnetwork |
| AUPO799197A0 (en) * | 1997-07-15 | 1997-08-07 | Silverbrook Research Pty Ltd | Image processing method and apparatus (ART01) |
| US5940877A (en) | 1997-06-12 | 1999-08-17 | International Business Machines Corporation | Cache address generation with and without carry-in |
| US6216167B1 (en) | 1997-10-31 | 2001-04-10 | Nortel Networks Limited | Efficient path based forwarding and multicast forwarding |
| US6304657B1 (en) | 1999-05-26 | 2001-10-16 | Matsushita Electric Industrial Co., Ltd. | Data encryption apparatus using odd number of shift-rotations and method |
| JP3864675B2 (en) | 2000-03-09 | 2007-01-10 | 株式会社日立製作所 | Common key encryption device |
| US7177421B2 (en) | 2000-04-13 | 2007-02-13 | Broadcom Corporation | Authentication engine architecture and method |
-
2001
- 2001-04-04 US US09/827,882 patent/US7177421B2/en not_active Expired - Fee Related
- 2001-04-11 WO PCT/US2001/040507 patent/WO2001080483A2/en active IP Right Grant
- 2001-04-11 EP EP01927441A patent/EP1273129B1/en not_active Expired - Lifetime
- 2001-04-11 AT AT01927441T patent/ATE304759T1/en not_active IP Right Cessation
- 2001-04-11 DE DE60113395T patent/DE60113395T2/en not_active Expired - Lifetime
- 2001-04-11 AU AU2001253888A patent/AU2001253888A1/en not_active Abandoned
-
2007
- 2007-01-08 US US11/650,422 patent/US8000469B2/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| WO2001080483A3 (en) | 2002-04-04 |
| DE60113395D1 (en) | 2005-10-20 |
| ATE304759T1 (en) | 2005-09-15 |
| WO2001080483A2 (en) | 2001-10-25 |
| US20020001384A1 (en) | 2002-01-03 |
| EP1273129A2 (en) | 2003-01-08 |
| EP1273129B1 (en) | 2005-09-14 |
| US20070110230A1 (en) | 2007-05-17 |
| DE60113395T2 (en) | 2006-06-14 |
| US7177421B2 (en) | 2007-02-13 |
| US8000469B2 (en) | 2011-08-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2001253888A1 (en) | Authentication engine architecture and method | |
| WO2002056538A3 (en) | Implementation of the shai algorithm | |
| CA2234982A1 (en) | Apparatus and method for encrypting mpeg packets | |
| US20030014627A1 (en) | Distributed processing in a cryptography acceleration chip | |
| EP1251670A3 (en) | Negotiating secure connections through a proxy server | |
| MY143575A (en) | Lightweight input/output protocol | |
| WO2005117356A3 (en) | Quarantine networking | |
| GB2389736B (en) | A method for forwarding and storing session packets according to preset and/or dynamic rules | |
| EP1594030A3 (en) | Program update method and server | |
| EP1192782A2 (en) | Classification engine in a cryptography acceleration chip | |
| EP1381011A4 (en) | Data securing communication apparatus and method | |
| AU2002250599A1 (en) | Transport multiplexer management and control | |
| WO2005109366A3 (en) | Method and apparatus for controlling traffic in a computer network | |
| WO2002091665A3 (en) | Method and system for secure transcoding | |
| AU2003209290A1 (en) | Pipelines of multithreaded processor cores for packet processing | |
| GB9719818D0 (en) | Generalized security policy management system and method | |
| WO2002052764A3 (en) | Methods and systems for authenticating communications | |
| WO2007044392A3 (en) | Ccm encryption/decryption engine | |
| WO2003048900A3 (en) | System and method for compensating packet delay variations | |
| WO2004098112A3 (en) | Cryptoanalysis method and system | |
| WO2003034649A3 (en) | Method and device for guaranteeing a calculation in a cryptographic algorithm | |
| Zitterbart | Parallel Protocol Implementations an Transputers-Experiences with OSI TP4, OSI CLNP, and XTP | |
| CN109547487A (en) | Message treatment method, apparatus and system | |
| Pfeiffer et al. | Vector packet encapsulation: the case for a scalable ipsec encryption protocol | |
| US20200401731A1 (en) | Scalable encryption engine having partitionable data paths |