The present invention relates generally to electronic data processing systems and more particularly to a system for protecting and authenticating data.
In electronic data handling systems such as computers and other data storage and communication systems, it is often necessary to prevent disclosure of sensitive data to unauthorized persons and to determine whether such data has been tampered with. This does not mean that the data must be kept absolutely secure. An outsider who is sufficiently determined can almost always gain access to an electronic system and tamper with any data therein. Rather, the need is for a fast, simple and economical way to protect sensitive data from being revealed to such an interloper and to determine whether the data has been altered.
In principle, data can be authenticated by means of a MAC (message authentication code). A MAC is calculated by passing the information through a MAC generator, yielding a MAC which is typically 64 bits long. This can be stored, and the information can be authenticated later by recalculating the MAC. If the stored MAC and the calculated MAC match, the information has not been interfered with. The MAC must, of course, itself be preserved from interference, i.e. from being adjusted by an outsider to match an adjustment to the information which it is calculated from. This is achieved by using a secret key in calculating the MAC. One convenient way of calculating a MAC, and the way which is preferred here, is by using a DES/DEA-like algorithm and a DES/DEA encrypting/decrypting unit, using a key and a cipher block chaining (CBC) technique. The process of generating a MAC by means of a DES/DEA unit is the same as the process of encrypting information by means of such a unit except that when a DES/DEA unit is used for encrypting information the encrypted information is contained in a stream of output blocks from the unit whereas when the unit is used for calculating a MAC all the output blocks except the last are discarded and the last block is retained and used as the MAC. If this technique is used, the MAC itself can be stored with the information, and only the key used for calculating it need be kept secret.
In practice, this technique of using a MAC for secure (validated) information storage is somewhat cumbersome, because the information to be checked is likely to be very considerable. At the beginning of a session, the user initiates a check, which involves calculating the MAC of the entire body of the stored information. At the end of the session, the user has to initiate the calculation of a fresh MAC for the entire body of the information; the new MAC will of course be different from the old one because the information has been changed by the user working on it during the session.
From the foregoing, it will be apparent that there remains a need for a fast, simple and economical way to to protect sensitive data in an electronic data handling system from being revealed to unauthorized persons and to determine whether such data has been tampered with.