DOCSLIB.ORG

US 2007/0043.668A1 Baxter Et Al

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
US 2007/0043.668A1 Baxter Et Al US 2007.0043.668A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2007/0043.668A1 Baxter et al. (43) Pub. Date: Feb. 22, 2007 (54) METHODS AND SYSTEMS FOR Related U.S. Application Data NEGOTABLE-INSTRUMENT FRAUD PREVENTION (63) Continuation of application No. 10/371,984, filed on Feb. 20, 2003, now Pat. No. 7,072,868. (75) Inventors: Craig A. Baxter, Castle Rock, CO (US); John Charles Ciaccia, Parker, Publication Classification CO (US); Rodney J. Esch, Littleton, CO (US) (51) Int. Cl. G06Q 99/00 (2006.01) Correspondence Address: (52) U.S. Cl. ................................................................ 705/50 TOWNSEND AND TOWNSEND AND CREW, LLP (57) ABSTRACT TWO EMBARCADERO CENTER EIGHTH FLOOR SAN FRANCISCO, CA 94111-3834 (US) An authentication value is provided in a magnetic-ink field of a negotiable instrument. The authentication value is (73) Assignee: First Data Corporation, Greenwood derived from application of an encryption algorithm defined Village, CO (US) by a secure key. The authentication value may be used to authenticate the instrument through reapplication of the (21) Appl. No.: 11/481,062 encryption algorithm and comparing the result with the authentication value. The instrument is authenticated if there (22) Filed: Jul. 3, 2006 is a match between the two. 530 instrument Presented at Port of Sae instrument Conveyed to First Financial MCR line Scanned and instrument 534 Institution Authenticated at Point of Sale 538 Electronic Package Generated with MICR-Line Information andlor image 542 Electronic Package Generated with Electronic Package Transmitted to First MCR-Line information andlor image Financial Institution 544 Provisional Funds Credited by First Financial institution 548 Electronic Package Sent to Clearing Electronic Package Sent to Drawee --- Institution Financial institution 549 Clearing Institution Authenticates Drawee Financial Institution -- instrument Authenticates instrument 552 Clearing institution Credits First Drawee Financial Institution Credits Financianstitution First Financial institution 554 Clearing institution Sends Electronic Package to Drawee Financial Institution Drawee Financial institution Credits Clearing institution Patent Application Publication Feb. 22, 2007 Sheet 1 of 7 US 2007/0043.668A1 99.' Patent Application Publication Feb. 22, 2007 Sheet 2 of 7 US 2007/0043.668A1 204 Receive Bulklnstrument-Preparation information 208 initialize instrument Counter 212 Retrieve instrument-Preparation information for instrument 216 -1 Determine Applicable Encryption Algorithm 220 Apply Encryption Algorithm 224 Print Check with Authentication Value in MICR Line (with Encryption-Marker Value) All instruments Printed? Augment instrument Counter Fig. 2 Patent Application Publication Feb. 22, 2007 Sheet 3 of 7 US 2007/0043.668A1 220 304 Select lodentified Set of Digits 308 Select Applicable Encryption Key implement Secure-Key Encryption 312 with Selected Key 316 Apply Cryptographic Hashing Fig. 3 Scan MICR line of instrument Select identified Set of Digits Apply identified Secure-Key Encryption with identified Key ompare Result wit Authentication Value Different 405 Decline instrument Accept instrument Fig. 4 Patent Application Publication Feb. 22, 2007 Sheet 4 of 7 US 2007/0043.668A1 Scan MICR line of Instrument 45 4. Transmit MCR-line information to 408 MICR Reader Authentication Authority 412 Authentication Authority Parses - MCR-line information 416 Authentication Authority Applies identified Encryption Algorithm Same Authentication Value Different 424 Authentication Authority issues Authentication Authority issues Decline Code Accept Code Fig. 4B Patent Application Publication Feb. 22, 2007 Sheet 5 of 7 US 2007/0043.668A1 2-9||9 (61-)VG Patent Application Publication Feb. 22, 2007 Sheet 6 of 7 US 2007/0043.668A1 530 instrument Presented at Point of Sale instrument Conveyed to First Financials 532 MICR Line Scanned and instrument 534 Institution Authenticated at Point of Sale 536 538 MgRineAthleticated scanned at First and Financiainstrument Electronic Package Generated with Institution MCR-Line information andlor Image9 540 542 Electronic Package Generated with Electronic Package Transmitted to First MICR-Line information andlor image Financial institution Provisional- Funds Credited by First 544 Financial Institution 546 548 Electronic Package Sent to Clearing - Electronic Package Sent to Drawee institution Financial lnstitution 547 549 Clearing institution Authenticates Drawee Financial Institution instrument Authenticates instrument Clearing institution Credits Firsta 550 Drawee Financial Institution Credits- 552 Financial institution First Financial institution Clearing institutiona Sends Electronic 554 Package to Drawee Financial Institution 556 Drawee Financial institution Credits Clearing institution Fig. 5B Patent Application Publication Feb. 22, 2007 Sheet 7 of 7 US 2007/0043.668A1 o- Computer 610b Readable Storage Media 610a input Output Storage Computer CPU(S) Readable Storage Device(s) Device(s) Device(s) Media Reader Communications Processing Working System Acceleration Memory Operating System 618 Other Code (Programs) Fig. 6 US 2007/0043.668A1 Feb. 22, 2007 METHODS AND SYSTEMS FOR instrument, where the authentication value is derived from NEGOTIABLE-INSTRUMENT FRAUD application of a encryption algorithm defined by a secure PREVENTION key. Such a feature may then be used to authenticate the instrument through reapplication of the encryption algo BACKGROUND OF THE INVENTION rithm and comparing the result with the authentication 0001) This application is related to negotiable instru value. The instrument is authenticated only if there is a ments. More specifically, this application is related to meth match between the two. This feature is manifested in various ods and Systems for preventing fraudulent use of negotiable embodiments. instruments. 0006 In a first set of embodiments, a document is pro 0002) A significant concern among financial institutions, vided for conducting a financial transaction. The document as well as among businesses and individuals who accept comprises information fields for providing written informa negotiable instruments generally, is the level of fraud that tion to qualify the document as a negotiable instrument. It exists in connection with negotiable instruments. This fraud also comprises a magnetic-ink field having characters is manifested in the use of checks, certified checks, travel printed on the document withink that comprises a magnetic ers' checks, and the like. Because of this concern, a variety material. The magnetic-ink field includes an authentication of techniques have been developed to permit detection of value derived through application of an encryption algo fraudulent instruments and thereby reduce the incidence of rithm defined by a secure key to information also printed on fraud. These techniques may generally be grouped accord the document. In one such embodiment, the encryption ing to two classifications. Techniques in the first classifica algorithm may be one of a plurality of possible encryption tion rely on comparing characteristics of negotiable instru algorithms, each of which is defined by a secure key. In such ments presented for payment with lists of characteristics an instance, the magnetic-ink field may further include an known to identify valid instruments. For example, a list of encryption-marker value that defines which of the plurality valid serial numbers for negotiable instruments issued by a of possible encryption algorithms corresponds to the encryp particular financial institution may be maintained so that tion algorithm. In different embodiments, the encryption when an instrument is presented for payment, a comparison algorithm may comprise a stream cipher or may comprise a may be made between the serial number of the presented block cipher. In addition, in some instances the authentica instrument and the list of valid serial numbers. If there is no tion value may be further derived through application of a match, the instrument may be declined. The success of these cryptographic hashing, such as may be based on a cyclic types of techniques is limited by the ease with which redundancy code. Examples of negotiable instruments that counterfeiters may deduce the relatively simple manner in may be provided with such embodiments include drafts, which serial numbers or other characteristics are assigned. Such as checks, and notes. 0003) Techniques in the second classification incorporate 0007. In another set of embodiments, a method is pro fraud-prevention devices directly into the negotiable instru Vided for producing a document. Preparation information for ments themselves. In some cases, such devices are used in the document is received. An encryption algorithm defined a uniform fashion, such as when they are applied in sub by a secure key is applied to selected portions of the stantially the same way to all negotiable instruments issued preparation information to derive an authentication value. by a particular financial institution. Examples of such The document is then printed with information fields for devices include watermarks, pantograph patterns, holo providing written information to qualify the document as a graphs, and the like incorporated directly into the paper of negotiable instrument. A magnetic-ink field is printed on the the instrument. Because these devices are not unique to any document withink that comprises a magnetic material, with particular instrument,
Load more

Recommended publications
  • Foreword by Whitfield Diffie Preface About the Author Chapter 1
    Applied Cryptography: Second Edition - Bruce Schneier Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C by Bruce Schneier Wiley Computer Publishing, John Wiley & Sons, Inc. ISBN: 0471128457 Pub Date: 01/01/96 Foreword By Whitfield Diffie Preface About the Author Chapter 1—Foundations 1.1 Terminology 1.2 Steganography 1.3 Substitution Ciphers and Transposition Ciphers 1.4 Simple XOR 1.5 One-Time Pads 1.6 Computer Algorithms 1.7 Large Numbers Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.1 Introduction to Protocols 2.2 Communications Using Symmetric Cryptography 2.3 One-Way Functions 2.4 One-Way Hash Functions 2.5 Communications Using Public-Key Cryptography 2.6 Digital Signatures 2.7 Digital Signatures with Encryption 2.8 Random and Pseudo-Random-Sequence Generation Chapter 3—Basic Protocols 3.1 Key Exchange 3.2 Authentication 3.3 Authentication and Key Exchange 3.4 Formal Analysis of Authentication and Key-Exchange Protocols 3.5 Multiple-Key Public-Key Cryptography 3.6 Secret Splitting 3.7 Secret Sharing 3.8 Cryptographic Protection of Databases Chapter 4—Intermediate Protocols 4.1 Timestamping Services 4.2 Subliminal Channel 4.3 Undeniable Digital Signatures 4.4 Designated Confirmer Signatures 4.5 Proxy Signatures 4.6 Group Signatures 4.7 Fail-Stop Digital Signatures 4.8 Computing with Encrypted Data 4.9 Bit Commitment 4.10 Fair Coin Flips 4.11 Mental Poker 4.12 One-Way Accumulators 4.13 All-or-Nothing Disclosure of Secrets Page 1 of 666 Applied Cryptography: Second Edition - Bruce
    [Show full text]
  • Ontario Superior Court of Justice
    CourtFileNo.: CV-17- -OOCP ONTARIO SUPERIOR COURT OF JUSTICE MATTER OF a Proceeding under the Class Proceedings Act, 1992, S.O. 1992, C. 6 ARLENE MCDOWELL and BRYAN MADRYGA Plaintiffs - and- FORTRESS REAL CAPITAL INC., FORTRESS REAL DEVELOPMENTS INC., JAWAD RA TH ORE, VINCENZO PETROZZA, LAMB CALGARY INC., ORCHARD CALGARY INC., BUILDING & DEVELOPMENT MORTGAGES CANADA INC., ILDINA GALATI, FFM CAPITAL INC., ROSALIA SPADAFORA, KRISH KOCHHAR, TONY MAZZO LI, SAUL PERLOV, FMP MORTGAGE INVESTMENTS INC., MICHAEL DARAMOLA, TONINO AMENDOLA, GRAHAM MCWATERS, DEREK SORRENTI, GRANT MORGAN, SORRENTI LAW PROFESSIONAL CORPORATION, OLYMPIA TRUST COMPANY Defendants STATEMENT OF CLAIM TO THE DEFENDANT(S): A LEGAL PROCEEDING HAS BEEN COMMENCED AGAINST YOU by the Plaintiff. The Claim made against you is set out in the following pages. IF YOU WISH TO DEFEND THIS PROCEEDING, you or an Ontario lawyer acting for you must prepare a Statement of Defence in Form l 8A prescribed by the Rules of Civil Procedure, serve it on the Plaintiff lawyer or, where the Plaintiff do not have a lawyer, serve it on the Plaintiff, and file it, with proof of service, in this court office, WITHIN TWENTY DAYS after this Statement of Claim is served on you, if you are served in Ontario. If you are served in another province or territory of Canada or in the United States of America, the period for serving and filing your Statement of Defence is forty days. If you are served outside Canada and the United States of America, the period is sixty days. Instead of serving and filing a Statement of Defence, you may serve and file a Notice of Intent to Defend in Form 18B prescribed by the Rules of Civil Procedure.
    [Show full text]
  • Security Analysis of Data Method Using MIPS Encryption Algorithm (MEA) Sangeeta
    Security Analysis of data Method using MIPS Encryption Algorithm (MEA) Sangeeta [email protected] ABSTRACT The MEA is an integral approach of block cipher and transposition cipher method. It takes 64 bit plain text input and produces 64 bit cipher text as in IDEA with modified key schedule to avoid possibilities of weak keys. It further makes transposition of the 64 bit cipher text to 128 bit end cipher text for disk storage. The increased length of end cipher text is a trade-off between the degree of increased security to SI and the nominal cost of storage media in the present state_of_the_art development. Keywords: Encryption, Decryption, Block cipher, Transposition cipher, MEA 1. INTRODUCTION Since PCs can be utilized to rapidly break credulous cryptosystems one should utilize encryption calculations that are free from and scientific shortcomings and that are computationally infeasible to break by making splitting additional tedious. In the meantime, the computational multifaceted nature of encryption and unscrambling ought to be inside sensible points of confinement since they speak to handling overheads too. One calculation that is accepted to give a sensible trade off among these necessities depends on the Data Encryption Standards (DES) [4,5,10]. For as far back as 20 years, the best security the greater part of us have caught wind of has been given by DES. In spite of the fact that there has been a shortcoming of shrouded trapdoors through s- encloses DES [6,10], still it has been a decent and secure calculation against the mid seventies innovations. Presently with the appearance of rapid PCs it is confronting more feedback for not sufficiently giving security due to its 56 bit key size.
    [Show full text]
  • 7.4.2 DES Algorithm DES Is a Feistel Cipher Which Processes Plaintext Blocks of N =64Bits, Producing 64-Bit Ciphertext Blocks (Figure 7.8)
    252 Ch. 7 Block Ciphers 7.4.2 DES algorithm DES is a Feistel cipher which processes plaintext blocks of n =64bits, producing 64-bit ciphertext blocks (Figure 7.8). The effective size of the secret key K is k =56bits; more precisely, the input key K is speci®ed as a 64-bit key, 8 bits of which (bits 8; 16;::: ;64) may be used as parity bits. The 256 keys implement (at most) 256 of the 264! possible bijec- tions on 64-bit blocks. A widely held belief is that the parity bits were introduced to reduce the effective key size from 64 to 56 bits, to intentionally reduce the cost of exhaustive key search by a factor of 256. K K plaintext P 56 56 ciphertext C K 64key 64 −1 PCDESC DES P Figure 7.8: DES input-output. Full details of DES are given in Algorithm 7.82 and Figures 7.9 and 7.10. An overview follows. Encryption proceeds in 16 stages or rounds. From the input key K, sixteen 48-bit subkeys Ki are generated, one for each round. Within each round, 8 ®xed, carefully selected 6-to-4 bit substitution mappings (S-boxes) Si, collectively denoted S, are used. The 64-bit plaintext is divided into 32-bit halves L0 and R0. Each round is functionally equivalent, taking 32-bit inputs Li−1 and Ri−1 from the previous round and producing 32-bit outputs Li and Ri for 1 ≤ i ≤ 16, as follows: Li = Ri−1; (7.4) Ri = Li−1 ⊕ f(Ri−1;Ki); where f(Ri−1;Ki)=P (S(E(Ri−1) ⊕ Ki))(7.5) Here E is a ®xed expansion permutation mapping Ri−1 from 32 to 48 bits (all bits are used once; some are used twice).
    [Show full text]
  • A Advanced Encryption Standard See AES AES 35–64 AES Process And
    Index A DFC and DFC v2 196, 199 E2 196 Advanced Encryption Standard see AES FEAL and FEAL-NX 194, 198, 202–203 AES 35–64 FOX 199 AES process and finalists 196 FROG 196 algebraic attack 60 GOST 194 bottleneck attack 58 Grand Cru 198 key schedule 45, 178 Hasty Pudding Cipher 196 related-key attack 62 Hierocrypt-L1 and Hierocrypt-3 198 s-box 44, 50, 191 Hight 200 side-channel cryptanalysis 63 ICE 195 square attack 55 IDEA 194, 198, 205–207 algebraic attack see AES KASUMI 178, 185, 207–212 amplified boomerang attack see differential KFC 199 cryptanalysis Khazad 198 authenticated encryption 82–85 Khufu and Khafre 194 CCM 83 LION and LIONESS 195 EAX 84 LOKI, LOKI91, and LOKI97 194, 196 Lucifer 13, 194 B Madygra 194 Magenta 196 block cipher MARS 196, 198 3-way 195 mCrypton 200 Akelarre 195 Mercy 199 Anubis 191, 198 MISTY 185, 191, 195, 198, 207 BaseKing 195 MULTI2 194 BEAR 195 Nimbus 198 Blowfish 195 Noekeon 198 Camellia 198 NUSH 198 CAST-128 and CAST-256 195, 196 PES and IPES 194 CIPHERUNICORN-A 198 PRESENT 191, 200, 217–218 CIPHERUNICORN-E 198 Q 198 Clefia 200 RC2 194 Crypton 196 RC5 179, 195, 212–214 CS-Cipher 198 RC6 196, 198 DEAL 179, 196 REDOC II 194 DES-based variants see DES Rijndael see AES, 195 L.R. Knudsen and M.J.B. Robshaw, The Block Cipher Companion, Information Security 221 and Cryptography, DOI 10.1007/978-3-642-17342-4, © Springer-Verlag Berlin Heidelberg 2011 222 Index SAFER and variants 195, 196, 198 boomerang attack 162 SC2000 198 countermeasures 184 SEA 200 definition of difference 145 Serpent 178, 196, 197 difference distribution
    [Show full text]
  • Introduction to Cryptography
    Introduction to Cryptography By Marcus K. G. Adomey Chief Operations Manager AfricaCERT Email: [email protected] OVERVIEW . Cryptography Definition Terminology History Goal and Services . Types of Cryptography Symmetric Key Cryptography Asymmetric Key Cryptography Hash Functions CRYPTOGRAPHY Definition Terminology History Goal and Services Cryptography Definition Cryptography is the science of using mathematics to encrypt and decrypt data. Phil Zimmermann Cryptography is the art and science of keeping messages secure. Bruce Schneier The art and science of concealing the messages to introduce secrecy in information security is recognized as cryptography. Cryptography Terminologies A message is plaintext (sometimes called cleartext). The process of disguising a message in such a way as to hide its substance is encryption. An encrypted message is ciphertext. The process of turning ciphertext back into plaintext is decryption. A cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. Cryptography Terminology A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services. A cryptosystem is also referred to as a cipher system. The various components of a basic cryptosystem are as follows − . Plaintext . Encryption Algorithm . Ciphertext . Decryption Algorithm . Encryption Key . Decryption Key Cryptography Terminology While cryptography is the science of securing data, cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers. Cryptology embraces both cryptography and cryptanalysis. Cryptography History of Cryptography History of Cryptography History of Cryptography As civilizations evolved, human beings got organized in tribes, groups, and kingdoms.
    [Show full text]
  • Towards a Unifying View of Block Cipher Cryptanalysis
    Towards a unifying view of block cipher cryptanalysis David Wagner⋆ University of California, Berkeley Abstract. We introduce commutative diagram cryptanalysis, a frame- work for expressing certain kinds of attacks on product ciphers. We show that many familiar attacks, including linear cryptanalysis, differential cryptanalysis, differential-linear cryptanalysis, mod n attacks, truncated differential cryptanalysis, impossible differential cryptanalysis, higher- order differential cryptanalysis, and interpolation attacks can be ex- pressed within this framework. Thus, we show that commutative diagram attacks provide a unifying view into the field of block cipher cryptanal- ysis. Then, we use the language of commutative diagram cryptanalysis to compare the power of many previously known attacks. Finally, we introduce two new attacks, generalized truncated differential cryptanaly- sis and bivariate interpolation, and we show how these new techniques generalize and unify many previous attack methods. 1 Introduction How do we tell if a block cipher is secure? How do we design good ciphers? These two questions are central to the study of block ciphers, and yet, after decades of research, definitive answers remain elusive. For the moment, the art of cipher evaluation boils down to two key tasks: we strive to identify as many novel cryptanalytic attacks on block ciphers as we can, and we evaluate new designs by how well they resist known attacks. The research community has been very successful at this task. We have accu- mulated a large variety of different attack techniques: differential cryptanalysis, linear cryptanalysis, differential-linear attacks, truncated differential cryptanal- ysis, higher-order differentials, impossible differentials, mod n attacks, integrals, boomerangs, sliding, interpolation, the yo-yo game, and so on.
    [Show full text]
  • My Crazy Boss Asked Me to Design a New Block Cipher. What's Next?
    Advanced Block Cipher Design My crazy boss asked me to design a new block cipher. What’s next? Pascal Junod University of Applied Sciences Western Switzerland Pascal Junod -- Advanced Block Cipher Design 1 ECRYPT II Summer School - May 31st, 2011, Albena, Bulgaria Outline •High-Level Schemes •Confusion •Diffusion •Key-Schedule •Beyond the Design Pascal Junod -- Advanced Block Cipher Design 2 ECRYPT II Summer School - May 31st, 2011, Albena, Bulgaria Introduction Pascal Junod -- Advanced Block Cipher Design 3 ECRYPT II Summer School - May 31st, 2011, Albena, Bulgaria Some Simple Facts • As of today, nobody knows how to design a (mathematically proven) secure block cipher. • Problem related to fundamental open questions in mathematics/computer science • A secure block cipher is a block cipher that nobody can break... • A good block cipher is a secure block cipher that people like to implement. Pascal Junod -- Advanced Block Cipher Design 4 ECRYPT II Summer School - May 31st, 2011, Albena, Bulgaria So many Designs in the Hierocrypt G-DES Wild... LOKI MacGuffin LION RC2 Akellare Coconut98 DFC Square E0 Twofish Anubis CAST Skipjack CS-Cipher DEAL Shark RC5 Rijndael IDEA Camellia Aria Present Noekeon Magenta DES-X Threefish RC6 Seed Mars FOX Serpent BassOmatic GOST DES MESH 3-Way E2 TEA Blowfish Misty XTEA Triple DES Cipherunicorn BEAR CLEFIA FEAL XXTEA 5 Madryga Designing a New Block Cipher • Several good and bad reasons: • Faster/smaller than any other one ✔ • With «better» security guarantees than any other one ✔✔ • My boss crazily asked me to design a new, secret (!) and patented (!!) block cipher ~ • Not enough proposals/diversity in the wild ✖ • I desperately need to publish something to finish my PhD thesis ! ✖ Pascal Junod -- Advanced Block Cipher Design 6 ECRYPT II Summer School - May 31st, 2011, Albena, Bulgaria Designing a New Block Cipher • Claude E.
    [Show full text]
  • APPLIED CRYPTOGRAPHY, SECOND EDITION: Protocols, Algorithms, and Source Code in C:Table of Contents
    To access the contents, click the chapter and section titles. Applied Cryptography, Second Edition: Protocols, Algorthms, and Source Code in C (cloth) (Publisher: John Wiley & Sons, Inc.) Author(s): Bruce Schneier ISBN: 0471128457 Publication Date: 01/01/96 Brief Full Advanced Search Search Tips Search this book: Foreword by Whitfield Diffie Preface About the Author Chapter 1—Foundations 1.1 Terminology 1.2 Steganography 1.3 Substitution Ciphers and Transposition Ciphers 1.4 Simple XOR 1.5 One-Time Pads 1.6 Computer Algorithms 1.7 Large Numbers Part I—Cryptographic Protocols Chapter 2—Protocol Building Blocks 2.1 Introduction to Protocols 2.2 Communications Using Symmetric Cryptography 2.3 One-Way Functions 2.4 One-Way Hash Functions 2.5 Communications Using Public-Key Cryptography 2.6 Digital Signatures 2.7 Digital Signatures with Encryption 2.8 Random and Pseudo-Random-Sequence Generation Chapter 3—Basic Protocols 3.1 Key Exchange 3.2 Authentication 3.3 Authentication and Key Exchange 3.4 Formal Analysis of Authentication and Key-Exchange Protocols 3.5 Multiple-Key Public-Key Cryptography 3.6 Secret Splitting 3.7 Secret Sharing 3.8 Cryptographic Protection of Databases Chapter 4—Intermediate Protocols 4.1 Timestamping Services 4.2 Subliminal Channel 4.3 Undeniable Digital Signatures 4.4 Designated Confirmer Signatures 4.5 Proxy Signatures 4.6 Group Signatures 4.7 Fail-Stop Digital Signatures 4.8 Computing with Encrypted Data 4.9 Bit Commitment 4.10 Fair Coin Flips 4.11 Mental Poker 4.12 One-Way Accumulators 4.13 All-or-Nothing Disclosure
    [Show full text]
  • United States Patent (19) 11 Patent Number: 5,724,428 Rivest 45) Date of Patent: Mar
    US005724428A United States Patent (19) 11 Patent Number: 5,724,428 Rivest 45) Date of Patent: Mar. 3, 1998 54 BLOCK ENCRYPTIONALGORTHM WITH 5,351.299 9/1994 Matsuzaki et al. ....................... 38037 DATA-DEPENDENT ROTATIONS 5,454,039 9/1995 Coppersmith et al. ................... 380/28 75) Inventor: Ronald L. Rivest, Arlington, Mass. OTHER PUBLICATIONS Ronald L. Rivest, “The RC5 Encryption Algorithm". Dr. 73) Assignee: RSA Data Security, Inc.. Redwood Dobb's Journal, Jan. 1995 pp. 146-148. City, Calif. Applied Cryptography, Protocols, Algorithms, and Source Code in C, Bruce Schneier, pp. 154-185: 219–272. (21) Appl. No.: 548,318 "A High Performance Encryption Algorithm." W.E. 22 Filed: Nov. 1, 1995 Madryga, Computer Secuirty, pp. 557-570. (51) Int. Cl. ........................... H04L 9/06 Primary Examiner Thomas H. Tarcza 52 U.S. Cl. .................. 380/37:380/28; 380/43 Assistant Examiner-Pinchus M. Laufer (58) Field of Search .................................. 380/37, 42, 43, Attorney, Agent, or Firm-Nixon & Vanderhye PC. 380/44, 46, 57, 28, 9.50; 364/717 57 ABSTRACT 56 References Cited A simple encryption and decryption device has been devel oped. The underlying algorithm is a fast block cipher that U.S. PATENT DOCUMENTS may be implemented efficiently in hardware or software. 4.078,152 3/1978 Tuckerman, III ......................... 380/37 The algorithm makes heavy use of data-dependent rotations. 4,157,454 6/1979 Becker .............. ... 380/37 The amount of each rotation depends on the data being 4.249,180 2/1981 Eberde et al. ... 380/37 encrypted and intermediate encryption results. The variables 4,255,811 3/1981 Adler .......
    [Show full text]
  • (12) United States Patent (10) Patent No.: US 6,182,216 B1 Luyster (45) Date of Patent: Jan
    US006182216B1 (12) United States Patent (10) Patent No.: US 6,182,216 B1 Luyster (45) Date of Patent: Jan. 30, 2001 (54) BLOCK CIPHER METHOD nology Laboratory National Institute of Standards and Technology. (76) Inventor: Frank C. Luyster, 100 Riverside La., Riverside, CT (US) 06878 Burton S. Kaliski Jr. and Yiqun Lisa Yin, On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm, (*) Notice: Under 35 U.S.C. 154(b), the term of this Lecture Notes in Computer Science, vol. 963, pp. 171-184, patent shall be extended for 0 days. Aug. 1995. (21) Appl. No.: 09/154.391 (List continued on next page.) (22) Filed: Sep. 16, 1998 Related U.S. Application Data Primary Examiner Thomas R. Peeso (60) Provisional application No. 60/059,142, filed on Sep. 17, 1997, provisional application No. 60/062.992, filed on Oct. (74) Attorney, Agent, or Firm-Cantor Colburn LLP 23, 1997, provisional application No. 60/064.331, filed on Oct. 30, 1997, provisional application No. 60/094,632, filed (57) ABSTRACT on Jul. 30, 1998, provisional application No. 60/096,788, filed on Aug. 17, 1998, provisional application No. 60/096, A data encryption System for encrypting an n-bit block of 921, filed on Aug. 18, 1998, and provisional application No. 60/098,905, filed on Sep. 2, 1998. input in a plurality of rounds is presented, where n is preferably 128 bits or more. The data encryption system (51) Int. Cl. ................................................. G06F 1/26 includes a computing unit for the execution of each round; (52) U.S. Cl.
    [Show full text]
  • Cryptanalysis of Akelarre 1 Description of Akelarre
    Cryptanalysis of Akelarre Niels Ferguson Bruce Schneier DigiCash bv Counterpane Systems Kruislaan 419 101 E Minnehaha Parkway 1098 VA Amsterdam, Netherlands Minneap olis, MN 55419, USA [email protected] [email protected] July 23, 1997 Abstract We showtwo practical attacks against the Akelarre blo ck cipher. The b est 42 attack retrieves the 128-bit key using less than 100 chosen plaintexts and 2 o -line trial encryptions. Our attacks use a weakness in the round function that preserves the parity of the input, a set of 1-round di erential character- istics with probability1, and the lackofavalanche and one-way prop erties in the key-schedule. We suggest some ways of xing these immediate weak- nesses, but conclude that the algorithm should be abandoned in favor of b etter-studied alternatives. 1 Description of Akelarre Akelarre [AGMP96A , AGMP96B ] is a 128-bit blo ck cipher that uses the same overall structure as idea [LMM91 ]; instead of idea's 16-bit sub-blo cks Akelarre uses 32-bit sub-blo cks. Furthermore, Akelarre do es not use mo dular multiplica- tions, but instead uses a combination of a 128-bit key-dep endent rotate at the b eginning of each round, and rep eated key additions and data-dep endent rota- 1 tions in its MA-b ox called an \addition-rotation structure" in Akelarre. Akelarre is de ned for a variable-length key and a variable numb er of rounds. The authors recommend using Akelarre with four rounds and a 128-bit key; this is the version that we will cryptanalyze.
    [Show full text]