The invention relates in general to communication systems and more specifically to methods and systems for validating the integrity of transmitted data.
Conventional communication systems utilize encryption or encipherment techniques for several purposes including authentication, key distribution, confidential data transmissions and non-repudiation. Data is often encrypted using a key, transmitted through a communication channel, and decrypted (deciphered) at a receiver using another key. A common method of encrypting for confidentiality includes modulo two adding, or otherwise mixing, a pseudo random “key stream” with the data stream. At the receiving end, a copy of the key stream is used to decode or decrypt the transmitted message to obtain the original data. The key stream used at the receiving end, however, must be applied to the incoming transmitted data stream in an appropriate timing and order. If the decrypting key stream is not synchronized to the encrypting key stream, the data cannot be decrypted properly. In order to maintain accurate reception of data, techniques are used to detect an out-of-synchronization situation where the system determines that the decrypting key stream is not properly being applied to the incoming data.
Although encryption methods may provide for secrecy for the transmitted data by requiring a key to decode the message, encryption does not necessarily prevent tampering of the data by third parties. Further, encryption does not always provide an indication that the data has not been received as transmitted. For many encryption schemes, the integrity of the transmitted data must be validated using an additional mechanism or process. Message digests are used to secure the integrity of data but do not typically provide secrecy. Message digest methods allow a communication system to determine whether a data in a transmitted message has been manipulated or corrupted, either intentionally by an unscrupulous party or due to system errors. In one such method, a hash function or checksum function calculation is applied to the contents of the message or to an agreed-upon portion of the message. The results of the calculation are appended to the message as a message digest, allowing verification at the other end that an independent copy of the message digest calculated from the received message contents agrees with the received message digest. This procedure can be applied either to the message as a whole, or separately to each packet in the message, or both. In any case, a message digest mismatch may mean either the message or digest were accidentally corrupted in transmission or a deliberate attempt was made to alter or tamper with the message contents. In addition to corruption and tampering, a mismatch may indicate that the message digest has been applied incorrectly. For example, if the data is also being encrypted for confidentiality, a mismatch will occur if the key streams have been incorrectly synchronized.
Conventional systems do not utilize transmission bandwidth efficiently to provide out-of-synchronization and data integrity detection. In many communication systems, transmission bandwidth is inefficiently used by transmitting synchronization information through the communication channel. In these systems, the level of integrity of the data increases with the use of bandwidth. In other words, larger or longer message digests result in more robust systems at the cost of valuable bandwidth.