System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment without compromising security
First Claim
1. A method of processing messages, comprising:
- comparing a nonce value of a received message with a largest nonce value yet seen;
comparing said nonce value to an acceptance window in response to said nonce value not exceeding said largest nonce value yet seen; and
rejecting said received message in response to said nonce value falling outside said acceptance window.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen. Otherwise, when the received nonce value is not the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value falls within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask.
54 Citations
43 Claims
-
1. A method of processing messages, comprising:
-
comparing a nonce value of a received message with a largest nonce value yet seen;
comparing said nonce value to an acceptance window in response to said nonce value not exceeding said largest nonce value yet seen; and
rejecting said received message in response to said nonce value falling outside said acceptance window. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for processing messages, said apparatus comprising:
-
a communication interface configured to transmit and receive a plurality of packets; and
a controller, wherein said controller is configured to;
compare a nonce value of a received message and a largest nonce value yet seen;
compare said nonce value to an acceptance window in response to said nonce value not exceeding said largest nonce value yet seen; and
reject said received message in response to said nonce value falling outside said acceptance window. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer readable storage medium on which is embedded one or more computer programs, said one or more computer programs implementing a method of processing messages, said one or more computer programs comprising a set of instructions for:
-
comparing a nonce value of a received message and a largest nonce value yet seen;
comparing said nonce value to an acceptance window in response to said nonce value not exceeding said largest nonce value yet seen; and
rejecting said received message in response to said nonce value not falling within said acceptance window. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for processing messages in a peer-to-peer configuration, comprising:
-
a first peer configured to provide secure communication;
a second peer configured to provide said secure communication; and
a secure communication module configured to be executed by said first peer and second peer, wherein said secure communication module is configured to;
compare said nonce value to a filter in response to a nonce value of a received packet not exceeding a largest nonce value yet seen;
compare said nonce value to a replay mask; and
accept said received packet in response to said comparison of said nonce value and said replay mask being false. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. An interceptor device for processing messages, said interceptor device comprising:
-
a network interface;
an expected sequence register configured to enumerate an expected sequence number of a packet received from a second network device;
a memory configured to store a replay mask; and
a controller, wherein said controller is configured to;
compare said nonce value to a filter in response to a sequence number of a received packet via said network interface does not exceed a largest sequence number yet seen retrieved from said expected sequence register;
compare said sequence number to said replay mask retrieved from said memory; and
accept said received packet in response to said comparison of said sequence number and said replay mask is false. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
-
Specification