Methods and systems for authenticating messages
First Claim
1. A method for generating a cryptographic address, the method comprising:
- concatenating a public key and a modifier;
executing a first hash function on the concatenated public key and modifier to yield a result;
concatenating a portion of the address that is not node-selectable and at least a portion of the yield of the first hash function to create a network address;
determining a value for the modifier for use by the first hash function by executing a second hash function on the public key and an initial value for the modifier; and
repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is an authentication mechanism that provides much of the security of heavyweight authentication mechanisms, but with lower administrative and communicative overhead while at the same time not being limited to a 64-bit limit on the length of a cryptographic hash value. Removal of this limitation is achieved by increasing the cost of both address generation and brute-force attacks by the same parameterized factor while keeping the cost of address use and verification constant. The address owner computes two hash values using its public key and other parameters. The first hash value is used by the owner to derive its network address. The purpose of the second hash is to artificially increase that computational complexity of generating new addresses and, consequently, the cost of brute-force attacks. As another measure against brute-force attacks, the routing prefix (i.e., the non-node selectable portion) of the address is included in the first hash input.
-
Citations
53 Claims
-
1. A method for generating a cryptographic address, the method comprising:
-
concatenating a public key and a modifier;
executing a first hash function on the concatenated public key and modifier to yield a result;
concatenating a portion of the address that is not node-selectable and at least a portion of the yield of the first hash function to create a network address;
determining a value for the modifier for use by the first hash function by executing a second hash function on the public key and an initial value for the modifier; and
repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable medium containing instructions for performing a method for generating a cryptographic address, the method comprising:
-
concatenating a public key and a modifier;
executing a first hash function on the concatenated public key and modifier to yield a result;
concatenating a portion of the address that is not node-selectable and at least a portion of the yield of the first hash function to create a network address;
determining a value for the modifier for use by the first hash function by executing a second hash function on the public key and an initial value for the modifier; and
repeating the execution of the second hash function while changing the value of the modifier until the second hash function yields a target result.
-
-
8. A method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including content data, a network address of the first computing device, a public key of the first computing device, and a modifier;
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and the modifier;
computing a second hash value using a second hash function, the input to the second hash function including a concatenation of the public key and the modifier; and
accepting the content data if the second hash value matches a target result, and the first hash value matches a second corresponding portion of the network address. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer-readable medium containing instructions for performing a method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including content data, a network address of the first computing device, a public key of the first computing device and a modifier;
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and the modifier;
computing a second hash value using a second hash function, the input to the second hash function including a concatenation of the public key and the modifier; and
accepting the content data if the second hash value matches a target result, and the first hash value matches a second corresponding portion of the network address.
-
-
15. A method for a computing device to derive a node-selectable portion of a network address from a public key of the computing device, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and a modifier, the modifier value set by a second hash function;
computing a second hash value using the second hash function, the input to the second hash function including a concatenation of the public key and the modifier;
comparing a portion of the second hash value with a target result;
if the portion does not match the target result, modifying the value of the modifier, concatenating the modifier with the public key, and repeating the computing of a second hash function and comparing;
setting the node-selectable portion of the network address to a portion of the first hash value; and
checking to see if the network address as set is already in use and if the network address as set is already in use, repeating the computing of the first hash value, the setting of the node-selectable portion of the network address, and the checking to see if the network address is already in use. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A computer-readable medium containing instructions for performing a method for a computing device to derive a node-selectable portion of a network address from a public key of the computing device, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including a concatenation of the public key and a modifier, the modifier value set by a second hash function;
computing a second hash value using the second hash function, the input to the second hash function including a concatenation of the public key and the modifier;
comparing a portion of the second hash value with a target result;
if the portion does not match the target result, modifying the value of the modifier, concatenating the modifier with the public key, and repeating the computing of a second hash function-and comparing;
setting the node-selectable portion of the network address to a portion of the first hash value; and
checking to see if the network address as set is already in use and if the network address as set is already in use, repeating the computing of the first hash value, the setting of the node-selectable portion of the network address, and the checking to see if the network address is already in use.
-
-
22. A computer-readable medium having stored thereon a data structure, the data structure comprising:
-
a first data field containing data representing a public key of a computing device;
a second data field containing data representing a modifier value; and
a third data field containing data representing a portion of a network of the computing device that is not node-selectable.
-
-
23. A computer-readable medium having stored thereon a data structure for a network address for a computing device, the data structure comprising:
-
a first data field representing a portion of the network address of the computing device that is not node-selectable;
a second data field representing a security parameter that defines the level of security provided by a cryptographic process employed to generate at least a part of the network address; and
a third data field representing a node-selectable portion of the network address. - View Dependent Claims (24)
-
-
25. A method for securing at least a portion of a message, the portion of the message comprising more and less rapidly changing data, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including the more rapidly changing data and a modifier, the modifier value set by a second hash function;
computing a second hash value using the second hash function, the input to the second hash function including the less rapidly changing data and the modifier; and
comparing at least a portion, of the second hash value with a target value and, if they do not match, then repeating the producing of the second hash value with a different value of the modifier. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. A computer-readable medium containing instructions for performing a method for securing at least a portion of a message, the portion of the message comprising more and less rapidly changing data, the method comprising:
-
computing a first hash value using a first hash function, the input to the first hash function including the more rapidly changing data and a modifier, the modifier value set by a second hash function;
computing a second hash value using the second hash function, the input to the second hash function including the less rapidly changing data and the modifier; and
comparing at least a portion of the second hash value with a target value and, if they do not match, then repeating the producing of the second hash value with a different value of the modifier.
-
-
32. A method for authenticating at least a portion of a message, the portion of the message comprising more and less rapidly changing data, the method comprising:
-
retrieving a modifier and a first hash value;
producing a second hash value by hashing the less rapidly changing data and the modifier;
producing a third hash value by hashing the more rapidly changing data and the modifier; and
if at least a portion of the second hash value matches a target value, and if at least a portion of the third hash value matches the first hash value, then accepting the portion of the message as authentic. - View Dependent Claims (33)
-
-
34. A computer-readable medium containing instructions for performing a method for authenticating at least a portion of a message, the portion of the message comprising more and less rapidly changing data, the method comprising:
-
producing a second hash value by hashing the less rapidly changing data and the modifier;
producing a third hash value by hashing the more rapidly changing data and the modifier; and
if at least a portion of the second hash value matches a target value, and if at least a portion of the third hash value matches the first hash value, then accepting the portion of the message as authentic.
-
-
35. A method for creating a cryptographic hash value, the method comprising:
-
computing a first cryptographic hash value from a first message using a first cryptographic hash function, where the first cryptographic hash value is for authenticating the message; and
computing a second cryptographic hash value from a second message using a second cryptographic hash function, the second hash value belonging to a target subset of all possible hash values obtainable from the second cryptographic hash function, wherein the first message is at least in part derived from some portions of the second message. - View Dependent Claims (36, 37, 38)
-
-
39. A computer-readable medium containing instructions for performing a method for creating a cryptographic hash value, the method comprising:
-
computing a first cryptographic hash value from a first message using a first cryptographic hash function, where the first cryptographic hash value is for authenticating the message; and
computing a second cryptographic hash value from a second message using a second cryptographic,hash function, the second hash value belonging to a target subset of all possible hash values obtainable from the second cryptographic hash function, wherein the first message is at least in part derived from some portions of the second message.
-
-
40. A method for creating a cryptographic hash value, the method comprising:
-
computing a first hash value from a message using a first cryptogrpahic hash function;
modifying the message and re-computing the first hash value until the first hash value belongs to a target subset of all possible hash values, the modification made to the message being such that the original message can be recovered by undoing the modification;
computing a second hash value from the message using a second cryptographic hash function; and
making the message and the second hash value available for subsequent verification. - View Dependent Claims (41, 42, 43, 44, 45, 46)
-
-
47. A computer-readable medium containing instructions for performing a method for creating a cryptographic hash value, the method comprising:
-
computing a first hash value from a message using a first cryptogrpahic hash function;
modifying the message and re-computing the first hash value until the first hash value belongs to a target subset of all possible hash values, the modification made to the message being such that the original message can be recovered by undoing the modification;
computing a second hash value from the message using a second cryptographic hash function; and
making the message and the second hash value available for subsequent verification.
-
-
48. A method for verifying a cryptographic hash value, the method comprising:
-
obtaining a modified message and a first hash value;
computing a second hash value from the modified message using a first cryptographic hash function;
computing a third hash value from the modified message using a second cryptographic hash function;
verifying that the second hash value belongs to a target subset of all possible hash values;
verifying that the first hash value and at least a portion of the third hash value match; and
recovering an original message by undoing a modification done to the original message by a party that created the original message. - View Dependent Claims (49, 50, 51, 52)
-
-
53. A computer-readable medium containing instructions for performing a method for verifying a cryptographic hash value, the method comprising:
-
obtaining a modified message and a first hash value;
computing a second hash value from the modified message using a first cryptographic hash function;
computing a third hash value from the modified message using a second cryptographic hash function;
verifying that the second hash value belongs to a target subset of all possible hash values;
verifying that the first hash value and at least a portion of the third hash value match; and
recovering an original message by undoing a modification done to the original message by a party that created the original message.
-
Specification