WO2001080483A3 - Authentication engine architecture and method - Google Patents

Authentication engine architecture and method Download PDF

Info

Publication number
WO2001080483A3
WO2001080483A3 PCT/US2001/040507 US0140507W WO0180483A3 WO 2001080483 A3 WO2001080483 A3 WO 2001080483A3 US 0140507 W US0140507 W US 0140507W WO 0180483 A3 WO0180483 A3 WO 0180483A3
Authority
WO
WIPO (PCT)
Prior art keywords
sha1
authentication
hmac
algorithm
rounds
Prior art date
Application number
PCT/US2001/040507
Other languages
French (fr)
Other versions
WO2001080483A2 (en
Inventor
Mark Buer
Patrick Y Law
Zheng Qi
Original Assignee
Broadcom Corp
Mark Buer
Patrick Y Law
Zheng Qi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Broadcom Corp, Mark Buer, Patrick Y Law, Zheng Qi filed Critical Broadcom Corp
Priority to AU2001253888A priority Critical patent/AU2001253888A1/en
Priority to DE60113395T priority patent/DE60113395T2/en
Priority to AT01927441T priority patent/ATE304759T1/en
Priority to EP01927441A priority patent/EP1273129B1/en
Publication of WO2001080483A2 publication Critical patent/WO2001080483A2/en
Publication of WO2001080483A3 publication Critical patent/WO2001080483A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/125Parallelization or pipelining, e.g. for accelerating processing of cryptographic operations

Abstract

Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a manner as to reduce the overall critical timing path ('hiding the ads'); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops. In one particular example of applying the invention in an authentication engine using the HMAC-SHA1 algorithm of the IPSec protocol, collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the ads, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.
PCT/US2001/040507 2000-04-13 2001-04-11 Authentication engine architecture and method WO2001080483A2 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
AU2001253888A AU2001253888A1 (en) 2000-04-13 2001-04-11 Authentication engine architecture and method
DE60113395T DE60113395T2 (en) 2000-04-13 2001-04-11 METHOD AND ARCHITECTURE FOR AUTHENTICATION
AT01927441T ATE304759T1 (en) 2000-04-13 2001-04-11 METHOD AND ARCHITECTURE FOR AUTHENTICATION
EP01927441A EP1273129B1 (en) 2000-04-13 2001-04-11 Authentication engine architecture and method

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US19715200P 2000-04-13 2000-04-13
US60/197,152 2000-04-13
US26142501P 2001-01-12 2001-01-12
US60/261,425 2001-01-13
US09/827,882 2001-04-04
US09/827,882 US7177421B2 (en) 2000-04-13 2001-04-04 Authentication engine architecture and method

Publications (2)

Publication Number Publication Date
WO2001080483A2 WO2001080483A2 (en) 2001-10-25
WO2001080483A3 true WO2001080483A3 (en) 2002-04-04

Family

ID=27393706

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2001/040507 WO2001080483A2 (en) 2000-04-13 2001-04-11 Authentication engine architecture and method

Country Status (6)

Country Link
US (2) US7177421B2 (en)
EP (1) EP1273129B1 (en)
AT (1) ATE304759T1 (en)
AU (1) AU2001253888A1 (en)
DE (1) DE60113395T2 (en)
WO (1) WO2001080483A2 (en)

Families Citing this family (58)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6477646B1 (en) 1999-07-08 2002-11-05 Broadcom Corporation Security chip architecture and implementations for cryptography acceleration
US7600131B1 (en) 1999-07-08 2009-10-06 Broadcom Corporation Distributed processing in a cryptography acceleration chip
US7177421B2 (en) 2000-04-13 2007-02-13 Broadcom Corporation Authentication engine architecture and method
US7328349B2 (en) * 2001-12-14 2008-02-05 Bbn Technologies Corp. Hash-based systems and methods for detecting, preventing, and tracing network worms and viruses
US20040073617A1 (en) * 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20040064737A1 (en) * 2000-06-19 2004-04-01 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses
US20020061107A1 (en) 2000-09-25 2002-05-23 Tham Terry K. Methods and apparatus for implementing a cryptography engine
US7277542B2 (en) 2000-09-25 2007-10-02 Broadcom Corporation Stream cipher encryption application accelerator and methods thereof
EP1360795B1 (en) 2001-01-12 2006-08-09 Broadcom Corporation Implentation of the SHA1 algorithm
US7200105B1 (en) 2001-01-12 2007-04-03 Bbn Technologies Corp. Systems and methods for point of ingress traceback of a network attack
US7489779B2 (en) * 2001-03-22 2009-02-10 Qstholdings, Llc Hardware implementation of the secure hash standard
US7266703B2 (en) 2001-06-13 2007-09-04 Itt Manufacturing Enterprises, Inc. Single-pass cryptographic processor and method
US7213148B2 (en) 2001-06-13 2007-05-01 Corrent Corporation Apparatus and method for a hash processing system using integrated message digest and secure hash architectures
US20020191783A1 (en) * 2001-06-13 2002-12-19 Takahashi Richard J. Method and apparatus for creating a message digest using a multiple round, one-way hash algorithm
US7360076B2 (en) 2001-06-13 2008-04-15 Itt Manufacturing Enterprises, Inc. Security association data cache and structure
US7249255B2 (en) * 2001-06-13 2007-07-24 Corrent Corporation Apparatus and method for a hash processing system using multiple hash storage areas
US7403615B2 (en) 2001-08-24 2008-07-22 Broadcom Corporation Methods and apparatus for accelerating ARC4 processing
US7861104B2 (en) 2001-08-24 2010-12-28 Broadcom Corporation Methods and apparatus for collapsing interrupts
TWI230532B (en) * 2002-03-05 2005-04-01 Admtek Inc Pipelined engine for encryption/authentication in IPSEC
US7237262B2 (en) * 2002-07-09 2007-06-26 Itt Manufacturing Enterprises, Inc. System and method for anti-replay processing of a data packet
US7181009B1 (en) 2002-12-18 2007-02-20 Cisco Technology, Inc. Generating message digests according to multiple hashing procedures
US20040123120A1 (en) * 2002-12-18 2004-06-24 Broadcom Corporation Cryptography accelerator input interface data handling
US20040123123A1 (en) * 2002-12-18 2004-06-24 Buer Mark L. Methods and apparatus for accessing security association information in a cryptography accelerator
US7568110B2 (en) * 2002-12-18 2009-07-28 Broadcom Corporation Cryptography accelerator interface decoupling from cryptography processing cores
US7434043B2 (en) 2002-12-18 2008-10-07 Broadcom Corporation Cryptography accelerator data routing unit
US7191341B2 (en) * 2002-12-18 2007-03-13 Broadcom Corporation Methods and apparatus for ordering data in a cryptography accelerator
CN100449986C (en) * 2003-01-28 2009-01-07 华为技术有限公司 Method for raising operational speed of key-hashing method
US8041957B2 (en) * 2003-04-08 2011-10-18 Qualcomm Incorporated Associating software with hardware using cryptography
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
US7908484B2 (en) * 2003-08-22 2011-03-15 Nokia Corporation Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack
US7826614B1 (en) 2003-11-05 2010-11-02 Globalfoundries Inc. Methods and apparatus for passing initialization vector information from software to hardware to perform IPsec encryption operation
US7747020B2 (en) * 2003-12-04 2010-06-29 Intel Corporation Technique for implementing a security algorithm
US7684563B1 (en) * 2003-12-12 2010-03-23 Sun Microsystems, Inc. Apparatus and method for implementing a unified hash algorithm pipeline
CN1969526B (en) 2004-04-14 2010-10-13 北方电讯网络有限公司 Securing home agent to mobile node communication with HA-MN key
US20060136717A1 (en) 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
US8295484B2 (en) 2004-12-21 2012-10-23 Broadcom Corporation System and method for securing data from a remote input device
JP4549303B2 (en) * 2005-02-07 2010-09-22 株式会社ソニー・コンピュータエンタテインメント Method and apparatus for providing a message authentication code using a pipeline
US8059551B2 (en) * 2005-02-15 2011-11-15 Raytheon Bbn Technologies Corp. Method for source-spoofed IP packet traceback
KR100581662B1 (en) 2005-08-31 2006-05-22 주식회사 칩스앤미디어 Common engine for plural hash functions having different algorithms
US7921303B2 (en) 2005-11-18 2011-04-05 Qualcomm Incorporated Mobile security system and method
US7995584B2 (en) * 2007-07-26 2011-08-09 Hewlett-Packard Development Company, L.P. Method and apparatus for detecting malicious routers from packet payload
US8363827B2 (en) * 2007-12-03 2013-01-29 Intel Corporation Method and apparatus for generic multi-stage nested hash processing
GB0812593D0 (en) * 2008-07-09 2008-08-20 Univ Belfast Data security devices and methods
JP2010128392A (en) * 2008-11-28 2010-06-10 Canon Inc Hash processing apparatus and hash processing method
US20110019814A1 (en) * 2009-07-22 2011-01-27 Joseph Roy Hasting Variable sized hash output generation using a single hash and mixing function
US8514855B1 (en) * 2010-05-04 2013-08-20 Sandia Corporation Extensible packet processing architecture
WO2013095547A1 (en) * 2011-12-22 2013-06-27 Intel Corporation Apparatus and method of execution unit for calculating multiple rounds of a skein hashing algorithm
US8874933B2 (en) * 2012-09-28 2014-10-28 Intel Corporation Instruction set for SHA1 round processing on 128-bit data paths
US10097345B2 (en) * 2015-04-14 2018-10-09 PeerNova, Inc. Secure hash algorithm in digital hardware for cryptographic applications
US11070380B2 (en) 2015-10-02 2021-07-20 Samsung Electronics Co., Ltd. Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method
US10262164B2 (en) 2016-01-15 2019-04-16 Blockchain Asics Llc Cryptographic ASIC including circuitry-encoded transformation function
US10454670B2 (en) * 2016-06-10 2019-10-22 Cryptography Research, Inc. Memory optimization for nested hash operations
CN107835071B (en) * 2017-11-03 2020-02-21 中国人民解放军国防科技大学 Method and device for improving operation speed of key-in-hash method
US10372943B1 (en) 2018-03-20 2019-08-06 Blockchain Asics Llc Cryptographic ASIC with combined transformation and one-way functions
US10404454B1 (en) 2018-04-25 2019-09-03 Blockchain Asics Llc Cryptographic ASIC for derivative key hierarchy
CN111899104B (en) * 2018-11-27 2023-12-01 创新先进技术有限公司 Service execution method and device
CN112564922B (en) * 2020-12-22 2022-07-26 创元网络技术股份有限公司 Multifunctional integrated high-speed HMAC-SHA1 password recovery method based on mimicry calculation
US11714620B1 (en) 2022-01-14 2023-08-01 Triad National Security, Llc Decoupling loop dependencies using buffers to enable pipelining of loops

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5870474A (en) * 1995-12-04 1999-02-09 Scientific-Atlanta, Inc. Method and apparatus for providing conditional access in connection-oriented, interactive networks with a multiplicity of service providers
US4041292A (en) * 1975-12-22 1977-08-09 Honeywell Information Systems Inc. High speed binary multiplication system employing a plurality of multiple generator circuits
JPS60140428A (en) * 1983-12-28 1985-07-25 Hitachi Ltd Divider
US4801935A (en) * 1986-11-17 1989-01-31 Computer Security Corporation Apparatus and method for security of electric and electronic devices
JPH07122846B2 (en) * 1990-04-04 1995-12-25 インターナショナル・ビジネス・マシーンズ・コーポレーション 3-1 ALU device
US5297206A (en) * 1992-03-19 1994-03-22 Orton Glenn A Cryptographic method for communication and electronic signatures
US5548544A (en) * 1994-10-14 1996-08-20 Ibm Corporation Method and apparatus for rounding the result of an arithmetic operation
US5936967A (en) * 1994-10-17 1999-08-10 Lucent Technologies, Inc. Multi-channel broadband adaptation processing
US5796836A (en) * 1995-04-17 1998-08-18 Secure Computing Corporation Scalable key agile cryptography
US5943338A (en) * 1996-08-19 1999-08-24 3Com Corporation Redundant ATM interconnect mechanism
US6111858A (en) * 1997-02-18 2000-08-29 Virata Limited Proxy-controlled ATM subnetwork
AUPO799197A0 (en) * 1997-07-15 1997-08-07 Silverbrook Research Pty Ltd Image processing method and apparatus (ART01)
US5940877A (en) * 1997-06-12 1999-08-17 International Business Machines Corporation Cache address generation with and without carry-in
US6216167B1 (en) * 1997-10-31 2001-04-10 Nortel Networks Limited Efficient path based forwarding and multicast forwarding
US6304657B1 (en) * 1999-05-26 2001-10-16 Matsushita Electric Industrial Co., Ltd. Data encryption apparatus using odd number of shift-rotations and method
JP3864675B2 (en) * 2000-03-09 2007-01-10 株式会社日立製作所 Common key encryption device
US7177421B2 (en) 2000-04-13 2007-02-13 Broadcom Corporation Authentication engine architecture and method

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
BELLARE M: "MESSAGE AUTHENTICATION USING HASH FUNCTIONS - THE HMAC CONSTRUCTION", RSA LABORATORIES' CRYPTOBYTES, vol. 2, no. 1, 1996, pages 1 - 5, XP002184520 *
SCHNEIER B: "APPLIED CRYPTOGRAPHY, SECOND EDITION", 1996, JOHN WILEY & SONS, NEW YORK US, XP002184521 *
STALLINGS W: "SHA: THE SECURE HASH ALGORITHM PUTTING MESSAGE DIGESTS TO WORK", DR. DOBBS JOURNAL, REDWOOD CITY, CA, US, 1 April 1994 (1994-04-01), pages 32,34, XP000570561 *
TOUCH J D: "PERFORMANCE ANALYSIS OF MD5", COMPUTER COMMUNICATIONS REVIEW, ASSOCIATION FOR COMPUTING MACHINERY. NEW YORK, US, vol. 25, no. 4, 1 October 1995 (1995-10-01), pages 77 - 86, XP000541653, ISSN: 0146-4833 *

Also Published As

Publication number Publication date
US8000469B2 (en) 2011-08-16
DE60113395D1 (en) 2005-10-20
EP1273129A2 (en) 2003-01-08
ATE304759T1 (en) 2005-09-15
EP1273129B1 (en) 2005-09-14
AU2001253888A1 (en) 2001-10-30
DE60113395T2 (en) 2006-06-14
US20020001384A1 (en) 2002-01-03
WO2001080483A2 (en) 2001-10-25
US7177421B2 (en) 2007-02-13
US20070110230A1 (en) 2007-05-17

Similar Documents

Publication Publication Date Title
WO2001080483A3 (en) Authentication engine architecture and method
WO2002056538A3 (en) Implementation of the shai algorithm
CA2234982A1 (en) Apparatus and method for encrypting mpeg packets
WO2005117356A3 (en) Quarantine networking
WO2003054661A3 (en) Method and system for enabling content security in a distributed system
WO1999021337A3 (en) Method of encapsulation of data into transport packets of constant size
EP1289225A3 (en) System and method for providing encryption for rerouting of real time multi-media flows
WO2005109366A3 (en) Method and apparatus for controlling traffic in a computer network
CA2059172A1 (en) Authentication protocols in communication networks
WO2002102026A3 (en) Method and system for high-speed processing ipsec security protocol packets
GB0226384D0 (en) A method for forwarding and storing session packets according to preset and/or dynamic rules
AU2002365812A1 (en) Parallel computing system, method and architecture
EP1192781A2 (en) Distributed processing in a cryptography acceleration chip
EP1251670A3 (en) Negotiating secure connections through a proxy server
EP1916818A3 (en) Apparatus and method for selectively encrypting the payload portion of multimedia data sent over a network
WO2005114339A3 (en) Runtime adaptable protocol processor
WO2005077134A3 (en) A method and apparatus for a per-packet encryption system
WO2007117540A3 (en) System and method for time-out management
WO2003065207A3 (en) Pipelines of multithreaded processor cores for packet processing
WO2007044392A3 (en) Ccm encryption/decryption engine
EP1244264A3 (en) Illegal access data handling apparatus and method
WO2003048900A3 (en) System and method for compensating packet delay variations
WO2003056407A3 (en) Communication identifier for a physical device's avatar
WO2003034649A3 (en) Method and device for guaranteeing a calculation in a cryptographic algorithm
Whiting et al. AES key agility issues in high-speed IPSec implementations

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2001927441

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001927441

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWG Wipo information: grant in national office

Ref document number: 2001927441

Country of ref document: EP