Increased communication security

US 10,237,260 B2
Filed: 07/26/2017
Issued: 03/19/2019
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first computer system; and

a second computer system,wherein said first computer system is configured to generate a Constrained Application Protocol (CoAP) message including authentication data and message data, and wherein said first computer system is further configured to communicate said CoAP message for delivery to said second computer system, andwherein said second computer system is configured to perform message validation based on said authentication data, wherein said second computer system is configured to determine that said CoAP message is invalid if at least one condition is not met, wherein said at least one condition includes whether a payload of said CoAP message is at least a predetermined size, and wherein said second computer system is configured to perform, if said CoAP message is valid, at least one operation associated with said CoAP message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may include a first computer system and a second computer system. The first computer system may be configured to generate a Constrained Application Protocol (CoAP) message including authentication data and message data. The first computer system may be further configured to communicate the CoAP message for delivery to the second computer system. The second computer system may be configured to perform message validation based on the authentication data.

Citations

26 Claims

1. A system comprising:
- a first computer system; and
  
  a second computer system,wherein said first computer system is configured to generate a Constrained Application Protocol (CoAP) message including authentication data and message data, and wherein said first computer system is further configured to communicate said CoAP message for delivery to said second computer system, andwherein said second computer system is configured to perform message validation based on said authentication data, wherein said second computer system is configured to determine that said CoAP message is invalid if at least one condition is not met, wherein said at least one condition includes whether a payload of said CoAP message is at least a predetermined size, and wherein said second computer system is configured to perform, if said CoAP message is valid, at least one operation associated with said CoAP message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of Claim 1, wherein said at least one operation is selected from a group consisting of:
    - an operation associated with a method code in said CoAP message;
      
      an operation associated with an option in said CoAP message; and
      
      a communication of a second CoAP message, associated with said CoAP message, from said second computer system to said first computer system.
  - 3. The system of Claim 1, wherein said second computer system is configured to perform, if said CoAP message is invalid, at least one other operation associated with said CoAP message.
  - 4. The system of claim 3, wherein said at least one other operation is selected from a group consisting of:
    - ignoring said CoAP message; and
      
      limiting access of said first computer system to said second computer system.
  - 5. The system of claim 1, wherein said second computer system is further configured to perform said message validation by accessing an authentication mechanism identifier from said message data, and wherein said second computer system is further configured to perform said message validation using an authentication mechanism associated with said authentication mechanism identifier.
  - 6. The system of claim 5, wherein said authentication mechanism is selected from a group consisting of hash-based message authentication code (HMAC) utilizing a MD5 hash function, HMAC utilizing a SHA-1 hash function, HMAC utilizing a SHA256 hash function, HMAC utilizing a SHA512 hash function, OAuth, OAuth 2.0, and OpenID.
  - 7. The system of claim 1, wherein said second computer system is configured to:
    - generate second authentication data based on at least a portion of said CoAP message; and
      
      compare said second authentication data to said authentication data to determine whether said CoAP message is valid.
  - 8. The system of claim 7, wherein said second computer system is configured to:
    - access a unique identifier from said CoAP message, wherein said unique identifier is associated with said first computer system;
      
      access a key based on said unique identifier;
      
      generate said second authentication data using said key;
      
      if said second authentication data correlates to said authentication data, determine that said CoAP message is valid; and
      
      if said second authentication data does not correlate to said authentication data, determine that said CoAP message is invalid.
  - 9. The system of claim 7, wherein said second computer system is configured to generate said second authentication data using an authentication mechanism, and wherein said authentication mechanism is associated with an authentication mechanism identifier of said CoAP message.
  - 10. The system of claim 1, wherein said second computer system is configured to:
    - determine a length of said authentication data based on an authentication mechanism identifier of said CoAP message;
      
      remove a portion of said CoAP message based on said length, wherein said portion of said CoAP message includes at least a portion of said authentication data; and
      
      if said CoAP message is free of said payload responsive to removal of said portion of said CoAP message, remove a payload marker from said CoAP message.
  - 11. The system of claim 1, wherein said at least one condition further includes a condition selected from a group consisting of:
    - said CoAP message includes a unique identifier associated with said first computer system;
      
      said CoAP message includes a nonce;
      
      a nonce of said CoAP message is different from another nonce associated with a previously-received message; and
      
      a key associated with said first computer system is accessed.
  - 12. The system of claim 1, wherein said second computer system is configured to receive said CoAP message using Datagram Transport Layer Security (DTLS).
  - 13. The system of claim 1, wherein said message data is selected from a group consisting of data associated with a header, data associated with a token, data associated with at least one option, data associated with a payload marker, and data associated with at least a portion of a payload.

14. A system comprising:
- a first computer system; and
  
  a second computer system,wherein said first computer system is configured to generate a Constrained Application Protocol (CoAP) message including authentication data and message data, and wherein said first computer system is further configured to communicate said CoAP message for delivery to said second computer system, andwherein said second computer system is configured to perform message validation based on said authentication data, wherein said second computer system is configured to determine that said CoAP message is invalid if at least one condition is not met, wherein said at least one condition includes whether said CoAP message includes a unique identifier associated with said first computer system, and wherein said second computer system is configured to perform, if said CoAP message is valid, at least one operation associated with said CoAP message.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of Claim 14, wherein said at least one operation is selected from a group consisting of:
    - an operation associated with a method code in said CoAP message;
      
      an operation associated with an option in said CoAP message; and
      
      a communication of a second CoAP message, associated with said CoAP message, from said second computer system to said first computer system.
  - 16. The system of Claim 14, wherein said second computer system is configured to perform, if said CoAP message is invalid, at least one other operation associated with said CoAP message.
  - 17. The system of claim 16, wherein said at least one other operation is selected from a group consisting of:
    - ignoring said CoAP message; and
      
      limiting access of said first computer system to said second computer system.
  - 18. The system of claim 14, wherein said second computer system is further configured to perform said message validation by accessing an authentication mechanism identifier from said message data, and wherein said second computer system is further configured to perform said message validation using an authentication mechanism associated with said authentication mechanism identifier.
  - 19. The system of claim 18, wherein said authentication mechanism is selected from a group consisting of hash-based message authentication code (HMAC) utilizing a MD5 hash function, HMAC utilizing a SHA-1 hash function, HMAC utilizing a SHA256 hash function, HMAC utilizing a SHA512 hash function, OAuth, OAuth 2.0, and OpenID.
  - 20. The system of claim 14, wherein said second computer system is configured to:
    - generate second authentication data based on at least a portion of said CoAP message; and
      
      compare said second authentication data to said authentication data to determine whether said CoAP message is valid.
  - 21. The system of claim 20, wherein said second computer system is configured to:
    - access a unique identifier from said CoAP message, wherein said unique identifier is associated with said first computer system;
      
      access a key based on said unique identifier;
      
      generate said second authentication data using said key;
      
      if said second authentication data correlates to said authentication data, determine that said CoAP message is valid; and
      
      if said second authentication data does not correlate to said authentication data, determine that said CoAP message is invalid.
  - 22. The system of claim 20, wherein said second computer system is configured to generate said second authentication data using an authentication mechanism, and wherein said authentication mechanism is associated with an authentication mechanism identifier of said CoAP message.
  - 23. The system of claim 14, wherein said second computer system is configured to:
    - determine a length of said authentication data based on an authentication mechanism identifier of said CoAP message;
      
      remove a portion of said CoAP message based on said length, wherein said portion of said CoAP message includes at least a portion of said authentication data; and
      
      if said CoAP message is free of a payload responsive to removal of said portion of said CoAP message, remove a payload marker from said CoAP message.
  - 24. The system of claim 14, wherein said at least one condition further includes a condition selected from a group consisting of:
    - said CoAP message includes a nonce;
      
      a nonce of said CoAP message is different from another nonce associated with a previously-received message;
      
      a payload of said CoAP message is at least a predetermined size; and
      
      a key associated with said first computer system is accessed.
  - 25. The system of claim 14, wherein said second computer system is configured to receive said CoAP message using Datagram Transport Layer Security (DTLS).
  - 26. The system of claim 14, wherein said message data is selected from a group consisting of data associated with a header, data associated with a token, data associated with at least one option, data associated with a payload marker, and data associated with at least a portion of a payload.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Idaax Technologies Private Limited
Original Assignee
Idaax Technologies Private Limited
Inventors
Sharma, Vishnu
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Kaplan, Benjamin A

Application Number

US15/660,910
Publication Number

US 20170324725A1
Time in Patent Office

601 Days
Field of Search

726 5, 713151, 713181
US Class Current
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 51/212   using filtering or selectiv...

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 9/3242   involving keyed hash functi...

Increased communication security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Increased communication security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links