WO2002091668A2 - Method and system for data integrity protection - Google Patents
Method and system for data integrity protection Download PDFInfo
- Publication number
- WO2002091668A2 WO2002091668A2 PCT/EP2002/003931 EP0203931W WO02091668A2 WO 2002091668 A2 WO2002091668 A2 WO 2002091668A2 EP 0203931 W EP0203931 W EP 0203931W WO 02091668 A2 WO02091668 A2 WO 02091668A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- data item
- distance
- predetermined
- data
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
Definitions
- This invention relates to a method and system of authenticating a message received via a transmission channel .
- Data integrity and authenticity are fundamental expectations in any secure data communications system, and they comprise an assurance that information has not been modified by someone who is not authorized to do so.
- Data integrity may be provided by Message Authentication Codes (MACs) .
- MACs Message Authentication Codes
- MACs are used for the integrity protection of data communications payload, since they provide a computationally efficient way of protecting large amounts of data.
- streaming data applications refers to a technique for transferring data such that it can be processed as a steady and continuous stream.
- Streaming technologies are becoming increasingly important with the growth of the Internet, because most users do not have fast enough access to downloading large multimedia files quickly.
- the client browser or plug-in can start processing the data before the entire file has been transmitted, e.g. for the display of pictures, animations or videos or the playing of audio presentations.
- multimedia services are also part of the emerging third generation mobile telecommunications services.
- MACs are based on a symmetric shared secret between the sender and the . receiver.
- the secret value is called the key.
- the secret key is an input variable to the MAC calculation. Only somebody who possesses the correct secret key is able to calculate the MAC value for an arbitrary message.
- a MAC value is an integrity check value that is calculated from and appended to the original message data. Upon receiving a message protected by a MAC, the receiver calculates a MAC check value on the basis of the received data. If the MAC check value is equal to the received integrity check value, the message is accepted as authentic. Examples of known MACs include the so-called Keyed-Hashing for Message Authentication
- HMAC hypertext transfer protocol
- MACs are used to provide data integrity protection in many data communication protocols. Examples of protocols supporting MACs include the IETF TLS, the SSH and the IPSec protocols. ,
- Bit errors during the transmission of the message or the first data item which was calculated on the basis of the original message may cause the calculated second data item to differ from the received first data item.
- the bit errors if the calculated second data item is sufficiently close to the first data item, the bit errors do not cause the message to be rejected at the receiver even though the calculated second data item differs from the first data item. Therefore, the number of re-transmissions due to bit errors is small. Consequently, it is an advantage of the invention that it increases the throughput of a transmission channel with bit errors.
- the first and second predetermined rules are secret, i.e. only known to the transmitter and the receiver, respectively, or they are based upon a secret key value, such that the result of the rule is hard to predict without knowledge of the secret key.
- the use of a secret key has the advantage that the security of the method is ensured and a flexible method is provided, as the predetermined rules may be publicly known and used with a plurality of different keys .
- a message may include data packets, streaming data, multimedia data such as video, television broadcast, video on demand, videoconferencing, voice, audio, animations, or graphics data, or other types of data, preferably comprising data where few bit errors do not corrupt the quality or usefulness of the data significantly.
- the first and second data items may represent numerical values, character strings, bit sequences or other suitable data formats.
- the first and second data items will also be called tags in the following.
- the first and second data items are cryptographic digests or other suitable MAC values calculated by a MAC mechanism.
- the predetermined distance value, and thus the tolerated distance between the second and the first data item may be adjusted to the known or expected error rate of a transmission channel. Consequently, an adversary can only change a small number of bits of the order of the bit error rate of the transmission channel.
- the method further comprises the step of processing the message conditioned on a result of the step of comparing the calculated first distance with a predetermined distance value
- the received message is only processed when the comparison yields a desired result. Otherwise, the message may be rejected or made subject to further authentication or verification procedures .
- the step of processing the message comprises the step of accepting the message if the calculated first distance is smaller than the predetermined distance value.
- the message and the first data item may be received via a transmission channel, e.g. a transmission channel of a communications network, a broadcasting network, a synchronous communications system, an asynchronous communications system, a packet based communications system, or the like.
- a transmission channel e.g. a transmission channel of a communications network, a broadcasting network, a synchronous communications system, an asynchronous communications system, a packet based communications system, or the like.
- the method according to the invention is particularly advantageous in connection with wireless transmission channels.
- the wireless communications may be radio-based communications, e.g. using BluetoothTM (Bluetooth is a trademark owned by Telefonaktiebolaget LM Ericsson, Sweden), W-CDMA, GSM, CDMA-2000, TCP/IP, WAP or another suitable protocol.
- the wireless communications may be based on other electromagnetic radiation such as IR, on acoustic signals, or another wireless communications technology.
- the step of generating the second data item comprises the step of applying a predetermined permutation to a third data item derived from the message.
- the third data item may be the received message or a data item which is a result of an initial processing of the received message.
- a few bit changes in a binary representation of the message result in a few bit changes in the corresponding second data item, as the permutation only changes the order of bits and not the number of zeros and ones.
- the number of bit errors is preserved by a permutation.
- the permutation is a secret permutation, or it is based on a secret key value, thereby ensuring the security of the method.
- the step of generating the second data item comprises the step of combining a fourth data item derived from the message with a predetermined fifth data item, it is difficult for an intruder to forge a message by a simple bit operation.
- the step of combining a fourth data item derived from the message with a predetermined fifth data item comprises the step of inserting predetermined binary sequences at predetermined positions of the fourth data item. It is an advantage of this embodiment of the invention that an inversion of all bits of a message sequence by an intruder may easily be detected.
- the distance may be calculated by any suitable distance calculation function, such as the Hamming distance for bit sequences, the difference between numerical values, etc.
- the distance calculation function implements a distance measure, i.e. a measure of difference with certain mathematical properties of being homogenous, subadditive and positive, thereby providing a distance calculation with properties which may be described mathematically.
- a distance measure i.e. a measure of difference with certain mathematical properties of being homogenous, subadditive and positive, thereby providing a distance calculation with properties which may be described mathematically.
- the calculated distance is a Hamming distance, the distance depends only on the number of bit errors, it has well-known properties and may be efficiently calculated.
- the term hash value comprises a data item generated from an input sequence, e.g. a bit sequence, according to a predetermined rule.
- the hash value is smaller than the input sequence and is generated such that it is unlikely that two different input sequences result in the same hash value.
- the hash value is generated by a universal hash function or an almost universal hash function.
- the security of the method according to the invention is particularly high.
- the method further comprises the step of repeating the steps a)-e) with different permutations. It is an advantage of the invention that it results in a small tag value and provides a high level of security.
- the method further comprises the step of encrypting the calculated hash value, additional security is provided.
- the step of generating the second data item on the basis of the received message further comprises the step of generating the second data item on the basis of a second secret key code
- a high level of forgery protection is achieved.
- the digest calculation of the second data item is based on a cryptographic method, i.e. a method using a secret key as one of the inputs, and the distance between the cryptographic digests are compared. Consequently, a high level of protection is provided in a single operation without the need for further authenticity verification steps.
- the first and second key codes may be different key codes or the same key code, and the first and second predetermined rules may be different rules or algorithms or they may be the same rule.
- the first and second key codes are a shared secret of the sender and the recipient of the message.
- the first and second predetermined rules are a MAC mechanism.
- the invention further relates to a method of transmitting a message from a transmitter to a receiver via a transmission channel, the method comprising the steps of at the transmitter generating a first data item according to a first predetermined rule on the basis of the message;
- the generated first data item has a size which is smaller than a size of the message.
- the step of generating the first data item comprises the step of calculating a hash function on the basis of a sixth data item derived from the message. Hence, the transmitted first data item is smaller than the message.
- the invention further relates to a communications system comprising
- first processing means adapted to calculate a first data item according to a first predetermined rule on the basis of a message
- a transmitter adapted to transmit the message and the generated first data item via a transmission channel;
- a receiver adapted to receive the transmitted message and the transmitted first data item;
- the invention further relates to an apparatus comprising
- a receiver adapted to receive a message and a corresponding first data item generated according to a first predetermined rule
- first processing means adapted to
- the apparatus may be any electronic equipment or part of such electronic equipment, where the term electronic equipment includes computers, such as stationary and portable PCs, stationary and portable radio communications equipment.
- portable radio communications equipment includes mobile radio terminals such as mobile telephones, pagers, communicators, e.g. electronic organisers, smart phones, PDAs, or the like.
- the apparatus is a mobile radio terminal;
- the invention further relates to a data signal embodied in a carrier wave for use in a method described above and in the following, the data signal comprising a message body and a first data item.
- the invention further relates to a computer program comprising program code means for performing all the steps of the method described above and in the following when said program is run on a microprocessor.
- the invention further relates to a computer program product comprising program code means stored on a computer readable medium for performing the method described above and in the following when said computer program product is run on a microprocessor.
- fig. 1 shows a flow diagram of a method according to a first embodiment of the invention
- fig. 2 shows a schematic view of a mapping according to an embodiment of the invention
- figs. 3a-b illustrate the difference between examples of distance functions according to embodiments of the invention
- fig. 4 shows a schematic view of a method according to a second embodiment of the invention
- fig. 5 shows a block diagram of a communications system according to an embodiment of the invention.
- figs. 6a-c show examples of message formats according to embodiments of the invention.
- Fig. 1 shows a flow diagram of a method according to a first embodiment of the invention where integrity protection is provided to a message m 104 during the transmission of the message from a transmitting side 101 via a transmission channel 108 to a receiving side 110.
- a MAC value z 105 is calculated using a MAC function 102.
- the MAC function takes the message m and a secret key k 103 as inputs.
- the MAC value z 105 is combined with the original message m 104 by a concatenation function 106 or a combining circuit.
- the resulting combined message 107 is sent to the receiving side 110 via a transmission channel 108.
- the alterations may be caused by transmission errors, or they may be due to modifications of the message by, for example, an unauthorised intruder.
- the received message m' 114 and the received MAC 116 are extracted from the received combined message 111 by an extraction function 101 or an extraction circuit.
- a MAC value z' ' is calculated using the MAC function 112.
- the MAC function 112 implements the same algorithm as the MAC function 102 used at the transmitting side, and the secret key k 113 is the same key as the secret key 103 used for calculating the original MAC value z 105.
- a distance d(z',z'') between the received MAC value z' 116 and the calculated value z' ' 115 is calculated by a distance calculation function 117 which is based on a distance function d(-,-).
- the calculated distance d is compared to a predetermined threshold t. If the distance d is larger than the threshold t, the message is rejected in step 119, otherwise the message is accepted in step 120.
- the MAC method according to the invention allows an adversary to change some information in a data stream. However, an adversary is not able to change more than a small amount of the information. When transmitting data with a lot of information, this is not beneficial for an adversary.
- Fig. 2 shows a schematic view of a mapping according to an embodiment of the invention.
- a MAC is a function f 206 which is a mapping from a message space M 201 to a tag space Z.
- the cardinality of Z is less than the cardinality of M in order to keep the tag size, and, consequently, the required transmission overhead for transmitting the tag is small.
- a disadvantage of the prior art MAC methods is that a message is rejected, if the calculated tag value differs from the received tag value, irrespective of how much the received message differs from the original message.
- a distance function d(-,-) is defined on the tag space Z 208. Furthermore, let D(-,-) be a distance function defined on the message space M 201, and let ti 204 and t 2 212 be predetermined threshold values.
- Step 1 The transmitter and the receiver in a communications system share a secret value k 207. They may further agree on a distance function d and a threshold t 2 212.
- Step 3 The message m 202 and the tag z 209 are sent from the transmitter to the receiver via a communications channel .
- Step 4 The receiver receives a message m/ 203 and a tag z' 213.
- Step 7 The receiver accepts the message m' 203 if and only if t 2 > d 2 .
- steps 2 through 7 may be repeated for a plurality of messages using the same function and the same key.
- the message may be further processed at the receiver.
- a request for re-transmission may be sent from the receiver to the transmitter or other measures may be taken, such as informing a user, generating an event, sending a notification to the transmitter, or the like.
- a preferred distance function on the messages is the Hamming distance.
- the Hamming distance between two tuples is defined as the number of positions in which their components differ.
- the Hamming distance between the binary tuples (0,0,1,1,1) and (1,1,0,0,1) is equal to four.
- the Hamming distance between the message m and the message m' will be denoted h (m,m/ ). More formally, h may be defined as
- the Hamming distance between the sent and received messages corresponds to the number of errors during transmission.
- a MAC according to the invention should, preferably, have the property that a message is accepted, if the distance between the sent and received message sequences is small. For example, if only a few errors occur during transmission, the receiver should still accept the message.
- a MAC method according to the invention is constructed such that all messages with h(m,m') ⁇ ti are always accepted, i.e., if not more than ti errors occur or somebody alters not more than ti bits during transmission, the message is accepted.
- the Hamming distance may also be used as a distance function.
- different distance functions may be used.
- a distance function ⁇ on elements in Z is defined as: V z, z' e Z,
- h is the Hamming distance
- g is the function: fx if x ⁇ t, g( ⁇ )
- the bit sequences z 301 and z' ' 312 have the same Hamming distance 4 as in the example of fig. 3a.
- the bit positions 301b, 301c, 301d, 301f and 312b, 312c, 312d, 312f, where the tags differ are clustered in the beginning of the sequences and, correspondingly, the distance function ⁇ yields a difference of 10:
- the blocks 303 and 318 differ by three bits, hence g(z ⁇ , as t 2 ⁇ 3.
- a corresponding construction may be defined for blocks of different length, e.g. in the case where the length of the message m is not an integer multiple of y.
- the message or one of the blocks may be padded, e.g. with zeros.
- Fig. 4 shows a schematic view of a method according to a second embodiment of the invention.
- the method according to this embodiment utilises three insights described in the following:
- a MAC according to the invention should have the property that a small distance between messages will result in a small distance between the corresponding tags.
- a mapping that has this property is a permutation. A permutation only changes the order of the bits in a sequence, but preserves the number of zeros and ones in the sequence. If two different binary sequences differ in, for example, n positions before a fixed permutation is applied on the sequences, the sequences will also differ in n positions after the permutation is applied.
- a construction of an efficient MAC includes the use of a function that has an image that is much smaller than the function pre-image.
- a function is called a hash function and its image a hash value.
- a hash may be constructed by dividing the message into blocks of equal size, applying a function with the desired cryptographic properties on each block, and then sum together all the different outputs, for example using a XOR function.
- the XOR sum, b ⁇ b 2 of the two sequences equals b n ⁇ b 2 ⁇ , b ⁇ 2 ⁇ b 22 , • • - , b ⁇ L ⁇ b 2L , i.e. the XOR is performed bitwise.
- a streaming MAC method comprises the following steps :
- Each message block has a predetermined size. Preferably, all message blocks have the same size. In this case, if the message length is not a multiple of 1, a fixed sequence may be appended so that the new message sequence becomes a multiple of 1.
- Step 2 Modify the message block sequence by inserting some fixed bits at predetermined positions of each message block, for example by appending a predetermined bit sequence. In the example of fig. 4, the same bit sequence 403, labelled 0 in fig. 4, is added to all blocks, resulting in the new message blocks 402a-402d.
- Step 3 Apply different permutations on each message block 402a-d, resulting in the message blocks 404a-d, and calculate the XOR sum 407a of the outputs 404a-d of the permutations.
- Step 4 Repeat step 3 y times, preferably using different permutations, resulting in the message blocks 405a-d through 406a-d and the corresponding XOR sums 407a-d.
- An optimal choice of y may depend on the message size and/or the error rate of the transmission channel.
- Step 5 Concatenate all the different XOR sums 407a-c into one hash value q 408.
- the steps 1-5 may be repeated once or several times with the hash value 408 as input and with a new set of permutations, preferably with a smaller value of y, in order to generate a small hash sequence while providing a strong forgery protection.
- the resulting hash value may be encrypted by taking for example the XOR sum with the output of a pseudo-random function. Then the hash value, possibly encrypted, is the streaming MAC tag of the message m.
- k secret key value k secret key value
- m message to be authenticated z authentication information or message tag.
- t 2 a threshold design integer value.
- q intermediate hash value n binary length of the message m.
- a and b be indices labelling the repetitions of step 3 above and the message blocks, respectively, i.e. 1 ⁇ a ⁇ y and 1 ⁇ b ⁇ 1.
- k a secret key value.
- P, (a,b)(x) be a permutation that takes as input a binary sequence x of length L and as output a permuted sequence of x.
- P ⁇ , (a,b) is completely determined by the secret key K and the indices a,b.
- P k , (a ,b) is selected uniformly distributed over all possible permutations on the set ⁇ 1,2,...,L ⁇ . This is an advantage, because, given a series of R permutations,
- bits from predetermined positions of m may be concatenated into a block.
- the blocks m' 2 ,b 2 ,...,m' ⁇ ,b ⁇ are illustrated as blocks 402a-402d in fig. 4.
- all b ⁇ . may be chosen to be a binary all zero sequence of length r.
- r may be chosen to be equal to t 2 .
- Step 6 Let PRF(k) be a binary sequence of a size equal to the size of q.
- PRF is a cryptographic secure pseudo-random function.
- Let z PRF(K) ⁇ q.
- Step7 The transmitter sends (m, z) over the channel.
- the receiver receives a pair (r ⁇ / , z' ) .
- the receiver calculates the tag z' ' of m' according to Step 1- 6. If the distance d(z',z'') ⁇ y • t 2 , the message is accepted, otherwise it is rejected.
- the distance function d is the distance function ⁇ described in connection with figs. 3a-b.
- another distance function may be used, e.g. the Hamming distance or a distance function based on the Hamming distance.
- the threshold y • t 2 may be replaced by a different threshold.
- PRF may be chosen to be seeded by k and the index i, i.e. PRF(k,i) .
- PRF encryption may be replaced with a different encryption function.
- the steps 1-5 may be repeated one or more times before continuing with step 6, each time using the calculated hash value q as an input m of the next iteration and, preferably, using a different set of permutations in each iteration.
- y is decreased in subsequent iterations in order to generate a hash value of a small size.
- the hash value q of the last iteration is then used in step 6.
- the partial hash values q a may be calculated according to different rules. For example q a may be calculated recursively as :
- Step 4: a 2. Go to Step 3.
- Fig. 5 shows a block diagram of a communications system according to an embodiment of the invention.
- the system comprises a transmitter 501 and a receiver 506 which communicate via a transmission channel 505.
- the transmitter comprises a processing unit 503 which is connected to a storage medium 502 and a transmitter unit 504.
- the receiver 506 comprises a processing unit 508 which is connected to a storage medium 507 and a receiver unit 509.
- the storage medium 502 of the transmitter 501 On the storage medium 502 of the transmitter 501, computer-executable code is stored which, when loaded in the processing unit 503, is adapted to implement a MAC algorithm according to the invention. Furthermore, relevant parameters for the MAC algorithm, such as a secret key, threshold values, block lengths, etc., are also stored on the storage medium 502. The message payload to be transmitted may also be stored on the storage medium 502.
- the communication between the transmitter 501 and the receiver 506 may, for example, be implemented as a layered protocol stack, e.g. according to the OSI model.
- one of the layers of the protocol stack may include an implementation of the MAC algorithm according to the invention, where the MAC algorithm receives a message payload from a higher layer, and the resulting tag value is combined with the message payload and sent to a lower layer of the layered protocol stack which initiates the transmission of the message via the transmitter unit 504.
- the message is received by the receiver unit 509 and processed by the lowest layers of the protocol stack at the receiver. The received message is routed to the processor 508.
- computer- executable code is stored which is adapted to implement the corresponding MAC algorithm at the receiver 506 when loaded in the processing unit 508.
- the corresponding parameters for the MAC algorithm are also stored on the storage medium 503.
- the message payload and the received tag value are forwarded to the MAC program module executed on the processor 508. Based on the comparison of tag values, the received message may either be passed to a higher layer of the protocol stack or a re-transmission of the message may be initiated. Furthermore, the message may be stored on the storage medium 507.
- the storage media may include magnetic tape, optical disc, digital video disk (DVD) , compact disc (CD or CD- ROM) , mini-disc, hard disk, floppy disk, ferro-electric memory, electrically erasable programmable read only memory (EEPROM) , flash memory, EPROM, read only memory
- ROM read only memory
- SRAM static random access memory
- DRAM dynamic random access memory
- ferromagnetic memory optical storage
- charge coupled devices smart cards, etc.
- the processing units may include a microprocessor, an application-specific integrated circuit, or another integrated circuit, a smart card, or the like.
- Fig. 6a shows a first example of a message format according to an embodiment of the invention.
- the message comprises a header 601 comprising information such as routing information, information about the length of the following message, information about whether authentication is to be applied, sender identification, etc.
- the message further comprises a message body 602 comprising the information to be transmitted and the tag value 603 calculated according to a MAC function according to the invention.
- Fig. 6b shows a second example of a message format according to an embodiment of the invention.
- the message comprising a header 601, a message body 602 and a tag value 603, is divided into smaller data packets 604a-e.
- the division into the packets 604a-e may, for example, be performed by a lower layer of a protocol stack at the transmitter, and each of the packets 604a-e may include header information according to the communications protocol used.
- the message 602 and the tag value 603 are reconstructed from the received smaller messages 404a-e before the authentication check is performed.
- Fig. 6c shows a third example of a message format according to an embodiment of the invention.
- the message body 602 is divided into smaller messages 605b, 606b, and 607b, and respective tag values 605c, 606c, and 607c are calculated for each of the smaller messages 605b, 606b, and 607b.
- the messages 605-607 each message comprising respective header information 605a, 606a, 607a, respectively, message bodies 605b, 606b, 607b, respectively, and tag values 605c, 606c, 607c, respectively, are sent to the receiver.
- the authentication check is performed for each of the messages 605-607 prior to the reconstruction of the message 602 from the message bodies, 605b, 606b, and 607b.
- the tag value may be combined with the message body in a different way, e.g. by prepending the tag value or placing it at predetermined positions within the message body.
- other ways of splitting up the message and/or including header information may be used, including the use of no header information or the sending of the tag value and the message body separately.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Power Engineering (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Radar Systems Or Details Thereof (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/476,138 US7298840B2 (en) | 2001-05-03 | 2002-04-09 | Method and system for data integrity protection |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP01610046A EP1255372B1 (en) | 2001-05-03 | 2001-05-03 | Method and system for data integrity protection |
EP01610046.3 | 2001-05-03 | ||
US28996701P | 2001-05-09 | 2001-05-09 | |
US60/289,967 | 2001-05-09 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2002091668A2 true WO2002091668A2 (en) | 2002-11-14 |
WO2002091668A3 WO2002091668A3 (en) | 2003-01-09 |
Family
ID=26077310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2002/003931 WO2002091668A2 (en) | 2001-05-03 | 2002-04-09 | Method and system for data integrity protection |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2002091668A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100337442C (en) * | 2003-06-27 | 2007-09-12 | 华为技术有限公司 | A method of data integrity protection in WLAN |
JP2010502068A (en) * | 2006-08-22 | 2010-01-21 | ノキア シーメンス ネットワークス ゲゼルシャフト ミット ベシュレンクテル ハフツング ウント コンパニー コマンディトゲゼルシャフト | Authentication method |
WO2016103187A1 (en) * | 2014-12-22 | 2016-06-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for packet redundancy removal |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001015382A1 (en) * | 1999-08-21 | 2001-03-01 | Kent Ridge Digital Labs | Legitimacy protection of electronic document and a printed copy thereof |
-
2002
- 2002-04-09 WO PCT/EP2002/003931 patent/WO2002091668A2/en not_active Application Discontinuation
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001015382A1 (en) * | 1999-08-21 | 2001-03-01 | Kent Ridge Digital Labs | Legitimacy protection of electronic document and a printed copy thereof |
Non-Patent Citations (1)
Title |
---|
FRIEDRICHS B: "AUTHENTISCHE UND ZUVERLASSIGE MOBILKOMMUNIKATION FUR SICHERHEITSRELEVANTE ANWENDUNGEN AUTHENTIC AND RELIABLE MOBILE COMMUNICATION FOR SAFETY-RELATED APPLICATIONS PART 1: REQUIREMENTS AND BASIC ALGORITHMS" FREQUENZ, SCHIELE UND SCHON GMBH. BERLIN, DE, vol. 49, no. 1/2, 1995, pages 17-27, XP000503766 ISSN: 0016-1136 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100337442C (en) * | 2003-06-27 | 2007-09-12 | 华为技术有限公司 | A method of data integrity protection in WLAN |
JP2010502068A (en) * | 2006-08-22 | 2010-01-21 | ノキア シーメンス ネットワークス ゲゼルシャフト ミット ベシュレンクテル ハフツング ウント コンパニー コマンディトゲゼルシャフト | Authentication method |
WO2016103187A1 (en) * | 2014-12-22 | 2016-06-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and system for packet redundancy removal |
US9665441B2 (en) | 2014-12-22 | 2017-05-30 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for packet redundancy removal |
Also Published As
Publication number | Publication date |
---|---|
WO2002091668A3 (en) | 2003-01-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1255372B1 (en) | Method and system for data integrity protection | |
RU2340108C2 (en) | Efficient encryption and authentication for data processing systems | |
US9698993B2 (en) | Hashing prefix-free values in a signature scheme | |
US6948067B2 (en) | Efficient encryption and authentication for data processing systems | |
US7415109B2 (en) | Partial encryption and full authentication of message blocks | |
US7167984B2 (en) | Method and device for generating approximate message authentication codes | |
US8744078B2 (en) | System and method for securing multiple data segments having different lengths using pattern keys having multiple different strengths | |
US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
US10938575B2 (en) | Signature compression for hash-based signature schemes | |
US20050262418A1 (en) | Message authentication | |
US7894608B2 (en) | Secure approach to send data from one system to another | |
Ge et al. | Approximate Message Authentication Codes for $ N $-ary Alphabets | |
US8190892B2 (en) | Message authentication code with blind factorization and randomization | |
US20090279696A1 (en) | System and method of performing authentication | |
US10924287B2 (en) | Digital signature technique | |
WO2002091668A2 (en) | Method and system for data integrity protection | |
US11095452B2 (en) | Out-of-band authentication in group communications | |
Munir et al. | Key Generation and Verification for Image Authentication | |
CN111711947A (en) | Service resource adaptation method and device based on mobile terminal | |
Miller | A hash-chain based method for full or partial authentication of communication in a real-time wireless environment | |
CN115484082A (en) | Data transmission method, data transmission device and server | |
Shaker | Proposed Digital Signature Using One Time Pad | |
Upadhy | An Experimental Study of Message | |
Ma et al. | A Novel Image Authentication Approach Using an Overlap-Based Shared Secret for Collaborative Wireless Sensors | |
KR20170109958A (en) | Information security device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10476138 Country of ref document: US |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase in: |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |