Showing papers on "Message authentication code published in 1991"
Patent•
22 Aug 1991
TL;DR: In this paper, the authors proposed a distributed authentication system that prevents unauthorized access to any computer system in a distributed environment, where authentication depends on the correctness of the entire set of responses rather than on the response to a single question, which provides a significant increase in the probability of detecting and preventing unauthorized computer access.
Abstract: A distributed authentication system that prevents unauthorized access to any computer system in a distributed environment. Authentication using the present invention involves three distinct phases. In the first phase, user passwords are generated by the computer system and encrypted on a coded card together with a message authentication code to prevent alterations prior to any access attempts. These are complex and impersonal enough not to be easily guessed. This coded card must be used whenever requesting access to the system. Second, in addition to supplying a password, the user is required to correctly respond to a set of randomly selected authentication challenges when requesting access. The correct responses may vary between the right response, a wrong response or no response depending on some predetermined variable, e.g., the day of the week or hour of the day. The dual randomness thus introduced significantly reduces the usefulness of observed logon information. Third, at random times during the session, the user is required again to respond to selected authentication challenges. This detects piggybacking attempts. Since authentication depends on the correctness of the entire set of responses rather than on the response to a single question, the present invention provides a significant increase in the probability of detecting and preventing unauthorized computer access.
112 citations
Patent•
IBM1
TL;DR: In this article, a control vector checking code repository (30) is linked to the cryptographic facility (4) by one of several means, such as physically secure data communications link (60).
Abstract: The invention includes a control vector checking code repository (30) located either within the same system as the cryptographic facility (4) or alternately remotely from the system containing the cryptographic facility (4). The control vector checking code repository (30) will be linked to the cryptographic facility (4) by one of several means. A first means for linking the repository to the cryptographic facility would include a physically secure data communications link (60). A second means for connecting the repository to the cryptographic facility would be by using an insecure channel with authentication, wherein either a modification detection code or alternately a message authentication code would be transmitted to the cryptographic facility and then the desired control vector checking code would be transmitted over the link. The cryptographic facility (4) will include a code authorization mechanism (24) to compare the transmitted MAC or MDC with a corresponding value computed from the received control vector checking code. If the two values of the MDC or the MAC compare, then the control vector checking code is authenticated and loaded into the control vector checking unit (16) for carrying out the control vector checking operations desired.
40 citations
01 Oct 1991
TL;DR: The authors present the design of a simple, general protocol which satisfies a set of policy rules for the propagation of authentication trust across realm boundaries and shares the simplicity and generality goals of the protocol outlined by A. D. Birrell et al.
Abstract: Summary form only given. The authors define formally and rationalize a set of policy rules for the propagation of authentication trust across realm boundaries. The use of these rules helps limit global security exposures that ensue whenever an authentication service is compromised. The authors present the design of a simple, general protocol which satisfies these rules and shares the simplicity and generality goals of the protocol outlined by A. D. Birrell et al. (1986) and of the protocols implemented in Kerberos V (J. Kohl and C. Neuman, 1990) and in SPX (J. J. Tardo and K. Alagappan 1991). >
37 citations
02 Dec 1991
TL;DR: The authors discuss technical options to achieve adequate privacy and fraud control for portable communication systems and concentrate on the privacy of conversations on the radio link only.
Abstract: The authors discuss technical options to achieve adequate privacy and fraud control for portable communication systems. As the goal is to provide privacy at least comparable to that provided by wireline, the authors concentrate on the privacy of conversations on the radio link only. A high-level description of the portable communications system is presented, which provides a basis for further discussion. Message encryption is considered, the process by which a cipher function is applied to the portable communications systems data streams in order to deter eavesdroppers. Some background on public-key cryptography and some information regarding implementation of public-key techniques in low-power portable units are given. Key agreement and authentication protocols are outlined. >
27 citations
Patent•
27 Feb 1991TL;DR: In this article, a method of message authentication in an encrypted communication system with over-the-channel rekeying features the ability of a communication unit (107) to authenticate (1709) a re-keying message (701) from a key management controller (101) using a message number comparison.
Abstract: A method of message authentication in an encrypted communication system with over-the-channel rekeying features the ability of a communication unit (107) to authenticate (1709) a rekeying message (701) from a key management controller (101) using a message number (1517A) comparison, thereby preventing outside interference from unauthorized rekeying message transmissions.
27 citations
Patent•
26 Mar 1991TL;DR: In this paper, the authentication of system status OSWs in a trunked communication system is provided by first verifying (411) that a received system ID (313) matches a pre-programmed system ID before the information in the status OSW is programmed into a communication unit.
Abstract: Authentication of system status OSWs in a trunked communication system is provided by first verifying (411) that a received system ID (313) matches a pre-programmed system ID A system status OSW must then be matched twice before the information in the system status OSW is programmed into a communication unit (115), thus limiting the possibility of false decoding of system status OSWs
15 citations
21 May 1991
TL;DR: The goal of this paper is to discuss techniques for the protection of the authenticity of information through the large number of practical constructions for symmetric authentication and digital signatures.
Abstract: The goal of this paper is to discuss techniques for the protection of the authenticity of information. The theoretical background is sketched, but most attention is paid to overview the large number of practical constructions for symmetric authentication and digital signatures.
11 citations
01 Oct 1991
TL;DR: A novel identity-based signature scheme based on M.O. Rabin's (1979) algorithm is proposed, which can be used to sign a message by doing several multiplication operations and several addition operations.
Abstract: A novel identity-based signature scheme based on M.O. Rabin's (1979) algorithm is proposed. Senders can sign a message by doing several multiplication operations and several addition operations. The verifier can also easily check the authenticity of the message. From the viewpoint of computation time, the proposed scheme is more efficient than the existing schemes. >
11 citations
21 Oct 1991
TL;DR: A detailed example is given of how a formal specification language has been used to specify an international banking standard on message authentication.
Abstract: A detailed example is given of how a formal specification language has been used to specify an international banking standard on message authentication. It illustrates how a specification language can be used to specify and validate a standard.
10 citations
01 Oct 1991
TL;DR: A technique for storing, processing, and transmitting highly sensitive information over a computer network in the Industrial Technology Research Institute's application system and the concept of the digital signature is used to let authorized users execute authentication programs and extract information.
Abstract: A technique for storing, processing, and transmitting highly sensitive information over a computer network in the Industrial Technology Research Institute's application system is described. Both secrecy information and user passwords for accessing this information are encrypted by using the public key cryptosystem of the RSA (River-Shamir-Adleman) scheme and El Gamal public key cryptosystem. Based on the special characteristics of this system where the development system and product system are located in different computers, the concept of the digital signature is used to let authorized users execute authentication programs and extract information. >
7 citations
20 May 1991
TL;DR: The authors describe and combine data formats for security information based on international standards from several standardization bodies for user authentication, peer-entity authentication and access control in large distributed systems.
Abstract: It is shown how security information for user authentication, peer-entity authentication and access control is created and utilized in large distributed systems. The protection mechanisms used are hash functions, and symmetric and asymmetric cryptography. The authors describe and combine data formats for security information based on international standards from several standardization bodies. >
01 Oct 1991
TL;DR: Four aspects of information security on database systems are discussed: confidentiality (ensuring information is not subject to unauthorized disclosure); integrity, integrity, inference, inference and authentication.
Abstract: Summary form only given. Four aspects of information security on database systems are discussed: confidentiality (ensuring information is not subject to unauthorized disclosure); integrity (ensuring information is not subject to unauthorized and undetected modification); inference (ensuring information cannot be deduced from observable); and authentication (ensuring that the invokee of the message knows the invoker's identity). These four aspects specific to distributed database systems are discussed for both message in the communication channel and data in the distributed databases. >
01 Oct 1991
TL;DR: The Axytrans hold-down system (HDS) has been chosen by the Belgian PTT for their money transport and is under investigation by several other authorities.
Abstract: Using advanced techniques provided by information technology, especially authentication techniques using industrial cryptography. the Axytrans system provides protected transport of money and valuables. Making transported goods worthless but identifiable, makes physical violence useless and saves lives. The Axytrans hold-down system (HDS) has been chosen by the Belgian PTT for their money transport and is under investigation by several other authorities. >