The Message Authentication Code (MAC) can be computed to verify that a message transferred by a telecommunications network has not been altered. This method involves submitting sensitive elements of a message to DES with a secret key.
The originator appends the MAC to the message. The recipient uses the same elements and secret key to compute the MAC and compares it with the one sent by the originator. If the two agree, the message is accepted as valid.
The user chooses several parameters:
· Which fields to use in the MAC computation, the order of the fields, their format, and any editing criteria.
· Character coding (for example, whether or not data is represented in ASCII or EBCDIC).
· DES key management: although not part of DES, secure key storage and transmission are vital to the integrity of the MAC.
HSM transactions assume:
· The Host computer is responsible for all data editing. The HSM is supplied with a variable-length data field for MAC computation, and except for zero filling of the last 64-bit block, uses all supplied data in the order provided.
· All MACs are computed on ASCII data (EBCDIC data is converted to ASCII before computation).