Authentication engine architecture and method
US7177421B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 4, 2001 |
| Grant date | Feb 13, 2007 |
| Priority date | — |
| Expiry date | Aug 23, 2023 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/125
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Provided is an architecture (hardware implementation) for an authentication engine to increase the speed at which multi-loop and/or multi-round authentication algorithms may be performed on data packets transmitted over a computer network. Authentication engines in accordance with the present invention apply a variety of techniques that may include, in various applications, collapsing two multi-round authentication algorithm (e.g., SHA1 or MD5 or variants) processing rounds into one; reducing operational overhead by scheduling the additions required by a multi-round authentication algorithm in such a matter as to reduce the overall critical timing path (“hiding the ads”); and, for a multi-loop (e.g., HMAC) variant of a multi-round authentication algorithm, pipelining the inner and outer loops. In one particular example of applying the invention in an authentication engine using the HMAC-SHA1 algorithm of the IPSec protocol, collapsing of the conventional 80 SHA1 rounds into 40 rounds, hiding the ads, and pipelining the inner and outer loops allows HMAC-SHA1 to be conducted in approximately the same time as conventional SHA1.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.