Non-cryptographic addressing

US 20060020807A1
Filed: 06/22/2005
Published: 01/26/2006
Est. Priority Date: 03/27/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

a) extracting a first network address from a first message, the first network address identifying a first node and including a hash of at least one cryptographically generated address parameter, one of the parameters being a first public key associated with the first node;

b) extracting a second network address from a second message, the second network address identifying a second node and excluding a hash of a second public key associated with the second node and of the same type as the first public key;

c) identifying the first network address as a cryptographically generated address or an extended cryptographically generated address;

d) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographically generated address authentication scheme or an extended cryptographically generated address authentication scheme;

e) identifying the second network address as a non-cryptographically generated address; and

f) authenticating the second message using the second address and a second authentication scheme which is not the same as the first authentication scheme.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To allow down-level devices to participate in a network controlled by a protocol including CGAS or ECGAs, the CGA or ECGA authentication may be made optional to allow the down-level devices to execute non-CGA or non-ECGA versions of network protocols, while at the same time allowing the use of CGA- and/or ECGA-authenticated versions of he same protocols. To identify non-cryptographic addresses (e.g., non-CGA and non-ECGA), the address bits of a non-CGA or non-ECGA such that the address cannot be or is probably not an encoding of the hash of a public key. In this manner, a receiving node may properly identify the capabilities of the sending node, perform an appropriate authentication of the message containing the non-cryptographic address, and/or prioritize processing of information contained in the message with the non-cryptographic address.

173 Citations

View as Search Results

20 Claims

1. A method comprising:
- a) extracting a first network address from a first message, the first network address identifying a first node and including a hash of at least one cryptographically generated address parameter, one of the parameters being a first public key associated with the first node;
  
  b) extracting a second network address from a second message, the second network address identifying a second node and excluding a hash of a second public key associated with the second node and of the same type as the first public key;
  
  c) identifying the first network address as a cryptographically generated address or an extended cryptographically generated address;
  
  d) authenticating the first message using the first network address and a first authentication scheme, the first authentication scheme including a cryptographically generated address authentication scheme or an extended cryptographically generated address authentication scheme;
  
  e) identifying the second network address as a non-cryptographically generated address; and
  
  f) authenticating the second message using the second address and a second authentication scheme which is not the same as the first authentication scheme.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein identifying the second network address includes comparing a node-selectable portion of the second network address with a predetermined value.
  - 3. The method of claim 1, wherein identifying the second network address includes determining a non-cryptographic value, hashing the non-cryptographic value, and comparing at least a portion of the hash of the non-cryptographic value with at least a portion of a node-selectable portion of the second network address, the non-cryptographic value excluding the second public key of the same type as the first public key.
  - 4. The method of claim 3, wherein determining the non-cryptographic value includes retrieving the non-cryptographic value from a data store.
  - 5. The method of claim 3, wherein determining the non-cryptographic value includes determining a first input value from the second network address, retrieving the second input value from a data store, and concatenating the first input value and the second input value.
  - 6. The method of claim 5, wherein retrieving the second input value from the data store includes selecting the second input value from a set of two or more possible input values including a first possible second input value and a second possible second input value.
  - 7. The method of claim 6, wherein determining the non-cryptographic value includes determining a first non-cryptographic value and a second non-cryptographic value, the first non-cryptographic value including a concatenation of the first input value and the first possible second input value, the second non-cryptographic value including a concatenation of the first input value and the second possible second input value, and wherein comparing at least a portion of the hash of the non-cryptographic value with the at least a portion of a node-selectable portion of the second network address includes comparing at least a portion of a hash of the first non-cryptographic value with at least a portion of a node-selectable portion of the second network address and comparing at least a portion of a hash of the second non-cryptographic value with the at least a portion of a node-selectable portion of the second network address.
  - 8. The method of claim 5, further comprising repetitively concatenating a predetermined value with a modifier value and hashing the concatenation of the predetermined value and the modifier value until a time parameter or a security parameter is met, selecting one of the modifier values based on the hash values, and the second input value including the selected modifier value.
  - 9. The method of claim 8, the first input value including the predetermined value.
  - 10. The method of claim 1, further comprising sending a third message to the second node, the third message not requiring authentication with the first authentication scheme.
  - 11. The method of claim 10, further comprising sending a fourth message to the first node, the fourth message requiring authentication with the first authentication scheme.
  - 12. The method of claim 1, further comprising prioritizing in processing of information contained in the first message above processing information contained in the second message.
  - 13. The method of claim 12, further comprising extracting a third network address from a third message, the third network address being incapable of authentication by the first or second authentication scheme, and prioritizing processing of the third message below processing of the second message.

14. A computer readable medium having stored thereon a data structure representing a network address uniquely identifying a node of a network, comprising:
- a) a first data portion containing a routing prefix for routing an Internet Protocol packet to a destination network; and
  
  b) a second data portion, concatenated with the first data portion, the second data portion containing at least a portion of a hash of a value, the value being distinguishable from a public key, the first data portion and the second data portion uniquely identifying the node.
- View Dependent Claims (15, 16)
- - 15. The computer readable medium of claim 14, wherein the second data portion includes an input parameter used in generating the hash of the value.
  - 16. The computer readable medium of claim 14, wherein the second data portion is created by a device other than the node uniquely identified by the first data portion and the second data portion.

17. One or more computer readable media having computer executable components comprising:
- a) means for extracting a sender'"'"'s address from a received message;
  
  b) means for identifying the sender'"'"'s address as a non-cryptographic network address;
  
  c) means for identifying the sender'"'"'s address as a cryptographically generated network address or an extensible cryptographically generated network address; and
  
  d) means for authenticating the identified cryptographically generated network address or extensible cryptographically generated network address, the means for authenticating including means for hashing a public key associated with the sender'"'"'s address.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer readable media of claim 17, wherein the means for identifying a non-cryptographic address includes means for concatenating a first input value and a second input value, means for hashing the concatenation of the first input value and the second input value, and means for comparing the hash of the concatenation with at least a portion of a node selectable portion of the sender'"'"'s address.
  - 19. The one or more computer readable media of claim 17, wherein the first input value includes a predetermined value known to a node receiving the received message.
  - 20. The method of claim 19, further comprising means for selecting the second input value from a plurality of possible second input values known to the node receiving the received message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Aura, Tuomas, Roe, Michael

Granted Patent

US 8,261,062 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/64   Self-signed certificates

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 67/10   in which an application is ...

H04L 69/24   Negotiation of communicatio...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

Non-cryptographic addressing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

173 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Non-cryptographic addressing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

173 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links