Authentication of remote appliance messages using an embedded cryptographic device
First Claim
1. A method for replacing an existing authentication keying variable K with a new authentication keying variable K′
- generated from K, the method comprising;
generating a first authentication word, W1, based on the existing keying variable K, a counter, C, and a master keying variable, KM;
selecting a portion of W1 as a first-portion of K′
; and
completing remaining portions of K′
by iteratively;
generating new authentication words, Wn based on C, KM, and a concatenation of a prior authentication word and K; and
selecting an additional portion of Wn as an additional portion of K′
.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating appliance messages sent between an appliance and an appliance communication center over an appliance communications network includes maintaining a shared message counter at both the appliance communication center. A shared message counter at both the appliance communication center and the remotely located appliance. An authentication algorithm is applied to the appliance message and the shared message counter to generate an authentication word. The appliance message is then transmitted to the appliance or the communication center along with the authentication word. Upon receiving the appliance message, the appliance or the communication center will apply an authentication algorithm to the appliance message and the shared counter to generate an authentication word. The generated authentication word may be compared to the word received with the appliance message to determine authenticity of the message.
-
Citations
31 Claims
-
1. A method for replacing an existing authentication keying variable K with a new authentication keying variable K′
- generated from K, the method comprising;
generating a first authentication word, W1, based on the existing keying variable K, a counter, C, and a master keying variable, KM;
selecting a portion of W1 as a first-portion of K′
; and
completing remaining portions of K′
by iteratively;
generating new authentication words, Wn based on C, KM, and a concatenation of a prior authentication word and K; and
selecting an additional portion of Wn as an additional portion of K′
. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- generated from K, the method comprising;
-
9. A replacement authentication key generator comprising:
-
a processing circuit; and
a memory coupled to the processing circuit, the memory storing instructions for execution by the processing circuit for;
generating a first authentication word, W1, based on the existing keying variable K, a counter, C, and a master keying variable, KM;
selecting a portion of W1 as a first portion of K′
; and
completing remaining portions of K′
by iteratively;
generating new authentication words, Wn based on C, KM, and a concatenation of a prior authentication word and K; and
selecting an additional portion of Wn as an additional portion of K′
. - View Dependent Claims (10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 29)
-
-
16. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
-
maintaining at an appliance communication center a shared message counter, the shared message counter shared between the communication center and a remotely located appliance;
applying an appliance message and the shared message counter, as stored in the communication center, to an authentication algorithm to generate a first authentication word; and
transmitting the appliance message and the first authentication word as an authenticated message to the appliance.
-
-
25. An appliance communication center comprising:
-
network connections terminating at appliances;
a processing circuit;
a memory storing a plurality of shared counters, each shared counter shared between the communication center and an appliance, the memory further storing instructions for;
maintaining at an appliance communication center a shared message counter, the shared message counter shared between the communication center and a remotely located appliance;
applying an appliance message and the shared message counter, as stored in the communication center, to an authentication algorithm to generate a first authentication word; and
transmitting the appliance message and the first authentication word as an authenticated message to the appliance.
-
-
28. In an appliance, an appliance message authentication device comprising:
-
a processor; and
a memory coupled to the processor, the memory storing instructions for execution by the processor for;
receiving the authenticated message at the appliance;
applying the shared message counter, as stored in the appliance, and the appliance message to the authentication algorithm to generate a second authentication word; and
comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message.
-
-
30. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
-
maintaining at an appliance a shared message counter, the shared message counter shared between the appliance and a remotely located appliance communication center;
applying an appliance message and the shared message counter, as stored in the appliance, to an authentication algorithm to generate a first authentication word; and
transmitting the appliance message and the first authentication word as an authenticated message to the appliance communication center. - View Dependent Claims (31)
-
Specification