The background description provided herein is for the purpose of generally presenting the context of the disclosure. Work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present disclosure.
Some networked computer applications require a client to connect to a server that hosts an application. In some of those applications, such as voice over internet protocol (VoIP) telephony, Internet games, movie and music subscriptions, and the like, the client has a unique identifier and employs a session initiation protocol (SIP) to connect to the server. The SIP can employ a standard hashing or message digest algorithm to verify the client's identity. One standard message digest algorithm is known as “MD5”. MD5 is described in detail in Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321, which is hereby incorporated by reference in its entirety.
The MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit “fingerprint” or “message digest” of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm can be employed in digital signature applications to verify the identity of a client.
Referring now to FIG. 1, a functional block diagram depicts a computer network 10 that employs MD5. Network 10 includes a network device 12 that communicates with a server 14 via an internet 16. Examples of a network device 12 include a VoIP telephone, a gaming console, a computer, a television, a digital sound recording player, and the like. Network device 12 executes application layer software that includes a message digest module 20. Message digest module 20 calculates a message digest for network device 12 and sends the message digest to server 14. The message digest is based on a message and uniquely identifies network device 12.
Examples of messages include data that is unique to associated users such as e-mail addresses, account numbers, software serial numbers, and the like. The message can also include all or part of digital files and/or memory locations that are included in network device 12 and a challenge 32 that is described below. Server 14 calculates a message digest based on the message and compares it to the message digest from network device 12. If the message digests match then network device 12 is authorized to use services of server 14. In some embodiments server 14 communicates a challenge phrase to network device 12. The message can then also include the challenge phrase and message digest module 20 then calculates the message digest based in part on the challenge phrase.
Message digest module 20 includes several modules that implement associated steps of RFC 1321. An append bits module 22 appends padding bits to the message in accordance with RFC 1321 §3.1. An append length module 24 appends a 64-bit representation of b to the padded message, where b is the length of the message before the padding bits were added. An initialization module 26 initializes four 32-bit wide, i.e. word, buffers or registers in accordance with RFC 1321 §3.3. The registers are designated as A, B, C, and D and contain the message digest as it is being calculated. A sequential MD5 calculation module 28 processes the padded message appended with the 64-bit representation of b, hereinafter referred to as the complete message. The processing occurs in accordance with RFC 1321 §3.4. Results of the processes are accumulated in buffers A, B, C, and D, which also contain the final message digest after the last 16-bit block is processed.
Referring now to FIG. 2, a data diagram shows network messages that can flow between network device 12 and server 14 during the SIP. Network device 12 sends a registration request 30 to server 14. Server 14 then replies with a challenge 32, such as a pseudo-random number. Network device 12 generates a message digest 34 based on challenge 32 and the identifying data and sends the message digest to server 14. Server 14 compares the message digest from network device 12 to a second message digest that server 14 generated based on challenge 32 and a copy of the identifying data. If the message digests match then server 14 communicates an acknowledgement 36 to network device 12 and allows network device 12 to use a server application.