Showing papers on "Data Authentication Algorithm published in 1987"

Data communication systems and methods

Abstract: In order to improve the security of message transmission from a terminal apparatus in an electronic banking or other data communications system a check-sum or MAC is computed from the data within the message in dependence upon a cryptographic key. This MAC is issued as a "challenge" to the user who is also equipped with a separate portable token for computing a "response" in dependence upon a second cryptographic key which is unique to his token. This "response" is then entered into the terminal and appended to the message as its authentication code before transmission. A recipient of the message and authentication code equipped with the same cryptographic keys can therefore check both the contents of the message and the correct identity of the sender by computing an expected authentication code from the received message and comparing it with the code received.

Electronic document authentication

Abstract: Digital signature techniques such as the Rivest-Shamir-Adleman (RSA) scheme can be used to establish both the authenticity of a document and the identity of its originator. However, because of the computationally-intensive nature of the RSA algorithm, most digital signature schemes make use of a checksum technique to summarize or represent the document, and then digitally sign the checksum. Message authentication codes (MACs), based on the Data Encryption Standard (DES), are often used for this purpose. It is shown that cryptographic checksums that are intended to detect fraudulent messages must be on the order of 128 bits in length, and the ANSI X9.9-1986 message authentication standard is criticized on that basis. In addition, architectural arguments are advanced to illustrate the advantages of a checksum algorithm that is not based on the use of cryptography and does not require the use of a secret key. Manipulation detection codes (MDC) are defined as a class of checksum algorithms that can detect both accidental and malicious modifications of an electronic message or document, without requiring the use of a cryptographic key.

A single public-key authentication scheme for multiple users

Abstract: This paper proposes a new user authentication scheme, which does not require a management file for users' passwords. It has a high security, realizing the authentication of a large number of users by a single public key. Because of this property, the proposed system has merits in the application to off-line and mutual authentication. The scheme is also useful in the authentication in a large system with a large number of users. The system is constructed using the public-key digital signature and a oneway function with the commutative property. An example is presented where RSA is employed as the digital signature and the congruent exponential function is employed as the one-way function. It is described that the security of the proposed system appears to be equivalent to that of RSA or the digital signature based on RSA. Following the same idea, a digital signature system is proposed, where the authentication of a large number of users can be performed by a single public-key. A variation of the scheme is presented which has the same performance as the proposed scheme.

TRASEC: national security system for EFTs in Belgium

Abstract: TRASEC (TRAnsaction SECurity) is the standard security system for EFT (Electronic Funds Transfer) between corporate customers and Belgian financial institutions. TRASEC ensures the integrity and authentication of EFT and is easily integrated in any automated environment. The customer's system consists of a condensing module and an authentication module. The condensing module is a one-way-function, implemented as a program on the customer's computer, which condenses a tranfer file to a digest. The digest is the input of the authentication module, which calculates a electronic signature (MAC). This authentication module is a smart card which contains the message authentication algorithm (based on DES), password management, secret keys, passwords, sequence number, etc.

Message authentication and dynamic passwords

Abstract: The security of transactions flowing across a communications network is of ever increasing importance. In many such circumstances it is important not only to protect the messages from passive interception but also, and often of greater importance, to be able to detect any active attack against messages. An active attack may take the form of an interceptor tampering with the message: altering it, adding information, removing information and so on. While it is almost impossible to prevent an active attack there are many mechanisms to ensure, with a high probability, that such an attack may be detected and hence rendered harmless. The techniques to allow detection and thus audit take many forms of which the most common are normally cryptographically based and depend upon the generation, before transmission of the message, of a check-sum which is then appended to the message. The theory underlying this approach works on the basis that if a would-be fraudster changes any part of the message in any way then the check-sum will no longer be correct and thus the recipient of such message can compute, for himself, the expected check-sum, compare it with that received in the message and if they disagree will know the message has been altered. If on the other hand the expected and received check-sums agree then he knows with a high probability that the message has not been altered. This probability is dependent upon the amount of information within the check-sum (i.e. the longer it is) the lower the probability of an undetected alteration.

Distributed-protocol authentication scheme

Abstract: The purpose of this RFC is to focus discussion on authentication problems in the Internet and possible methods of solution. The proposed solutions this document are not intended as standards for the Internet at this time. Rather, it is hoped that a general consensus will emerge as to the appropriate solution to authentication problems, leading eventually to the adoption of standards. This document suggests mediated access-control and authentication procedures suitable for those cases when an association is to be set up between users belonging to different trust environments.