Simple Authentication of Messages

US 20090138712A1
Filed: 11/21/2008
Published: 05/28/2009
Est. Priority Date: 11/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first synchronization message comprising a first authentication token;

applying a hash function to the first authentication token at least one time to generate a first hash result;

determining whether the first hash result matches a trusted bit string; and

when the first hash result matches the first trusted bit string, then (i) defining a time point boundary between a first and second synchronization period, wherein the time point boundary corresponds at least in part to the time the first synchronization message was received, and (ii) replacing the corresponding trusted bit string with the first authentication token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for using simple authenticated messages are disclosed for use with implementing (i) synchronization schemes, (ii) encoded control messaging schemes, and (iii) encrypted data communication schemes. Messages are authenticated by applying a secure hash function to one or more authentication tokens to produce hash results which are compared to stored trusted bit strings, wherein the stored trusted bit strings are replaced with the most-recently received authentication token whose corresponding hash result matched the stored bit string.

50 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a first synchronization message comprising a first authentication token;
  
  applying a hash function to the first authentication token at least one time to generate a first hash result;
  
  determining whether the first hash result matches a trusted bit string; and
  
  when the first hash result matches the first trusted bit string, then (i) defining a time point boundary between a first and second synchronization period, wherein the time point boundary corresponds at least in part to the time the first synchronization message was received, and (ii) replacing the corresponding trusted bit string with the first authentication token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first synchronization message is a member of a set of synchronization messages, wherein each synchronization message is associated with a unique sender, and wherein each synchronization message comprises an authentication token for comparison with a corresponding trusted bit string associated with the sender, and wherein the method further comprises:
    - receiving at least two synchronization messages of the set of synchronization messages;
      
      applying the hash function to the authentication token of each received synchronization message at least one time to generate a corresponding hash result for each received synchronization message;
      
      determining whether each received synchronization message'"'"'s corresponding hash result matches its corresponding trusted bit string;
      
      defining the time point boundary between the first and second synchronization periods based on the receipt times of each received synchronization message whose corresponding hash result matched its corresponding trusted bit string; and
      
      for each synchronization message whose corresponding hash result matched its corresponding trusted bit string, replacing the corresponding trusted bit string with the corresponding authentication token of the received synchronization message.
  - 3. The method of claim 1, wherein the first synchronization message is a member of a set of synchronization messages, wherein each synchronization message is associated with a unique sender, and wherein each synchronization message comprises an authentication token for comparison with a corresponding trusted bit string associated with the sender, and wherein each authentication token is associated with a synchronization message window, wherein the synchronization message window is a period of time during which a synchronization message must be received to be used for defining the time point boundary between two synchronization periods, and wherein the method further comprises:
    - receiving at least two synchronization messages of the set of synchronization messages;
      
      applying the hash function to the authentication token of each received synchronization message at least one time to generate a corresponding hash result for each received synchronization message;
      
      determining whether each received synchronization message was received within the synchronization message window associated with that message'"'"'s authentication token;
      
      determining whether each received synchronization message'"'"'s corresponding hash result matches its corresponding trusted bit string;
      
      defining the time point boundary between the first and second synchronization periods based on the receipt times of each received synchronization message whose corresponding hash result matched its corresponding trusted bit string and which was received within the synchronization message window associated with that message'"'"'s authentication token; and
      
      for each synchronization message whose corresponding hash result matched its corresponding trusted bit string, replacing the corresponding trusted bit string with the corresponding authentication token of the received synchronization message.
  - 4. The method of claim 2, wherein when multiple copies of a synchronization message having the same authentication token are received, the method further comprises:
    - defining the time point boundary between the first and second synchronization periods based on the time that the first copy of the synchronization message is received; and
      
      ignoring subsequently received copies of the synchronization message.
  - 5. The method of claim 1, further comprisingreceiving and storing at least one data message, wherein the at least one data message comprises encrypted data;
    - receiving a second synchronization message after receiving the at least one data message, wherein the second synchronization message comprises a second authentication token;
      
      applying the hash function to the second authentication token at least one time to generate a second hash result; and
      
      determining whether the second hash result matches the trusted bit string corresponding to the hash function, and when the second hash result matches the corresponding trusted bit string, then (i) defining a time point boundary between the second synchronization period and a third synchronization period based at least in part on the time that the second synchronization message was received, (ii) replacing the corresponding trusted bit string with the second authentication token, and (iii) decrypting the encrypted data with a decryption key based at least in part on the second authentication token.
  - 6. The method of claim 5, wherein the second synchronization message is received at a time during a synchronization message window, and wherein the method further comprises:
    - ignoring the at least one data message when the at least one data message is received at time after the start of the synchronization message window.
  - 7. The method of claim 5, wherein the second synchronization message is received at a time during a synchronization message window, and wherein the method further comprises:
    - ignoring the at least one data message when the at least one data message is received at time that is either (i) not during the first synchronization period, or (ii) after the start of the synchronization message window.
  - 8. The method of claim 5, further comprising:
    - determining whether the second synchronization message has been received at a time during the synchronization message window; and
      
      when the second synchronization message is received at a time during the synchronization message window, then (i) defining the time point boundary between the second synchronization period and the third synchronization period based at least in part on the time that the second synchronization message was received, and (ii) decrypting the encrypted data with a decryption key based at least in part on the second authentication token; and
      
      when the second synchronization message is received at a time after the end of the synchronization message window, then decrypting the encrypted data with a decryption key based at least in part on the second authentication token.
  - 9. The method of claim 1, wherein the received synchronization message further comprises an iteration number, and wherein the method further comprises:
    - determining a number of times to apply the hash function to the received authentication token based on the iteration number; and
      
      applying the first hash function to the received authentication token the determined number of times to generate the first hash result.
  - 10. The method of claim 5, wherein the encrypted data comprises a new first trusted bit string, and wherein the method further comprises replacing the first trusted bit string with the new first trusted bit string.

11. A method comprising:
- receiving a message comprising a first authentication token;
  
  applying a hash function to the first authentication token at least one time to generate a first hash result;
  
  determining whether the first hash result matches a first trusted bit string;
  
  when the first hash result matches the first trusted bit string, then (i) setting a first bit to a first logic value, and (ii) replacing the first trusted bit string with the first authentication token;
  
  when the first hash result does not match the first trusted bit string, then determining whether the first hash result matches a second trusted bit string; and
  
  when the first hash result matches the second trusted bit string, then (i) setting the first bit to a second logic value, and (ii) replacing the second trusted bit string with the first authentication token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising:
    - discarding the message when the first hash result does not match one of either the first trusted bit string or the second trusted bit string.
  - 13. The method of claim 11, wherein the received message further comprises a second authentication token, wherein the first authentication token is associated with the first bit, and wherein the second authentication token is associated with a second bit, and wherein the method further comprises:
    - applying the hash function to the second authentication token at least one time to generate a second hash result;
      
      determining whether the second hash result matches a third trusted bit string;
      
      when the second hash result matches the third trusted bit string, then (i) setting the second bit to the first logic value, and (ii) replacing the third trusted bit string with the second authentication token;
      
      when the second hash result does not match the third trusted bit string, then determining whether the second hash result matches a fourth trusted bit string; and
      
      when the second hash result matches the fourth trusted bit string, then (i) setting the second bit to the second logic value, and (ii) replacing the fourth trusted bit string with the second authentication token.
  - 14. The method of claim 13, further comprising:
    - discarding the message when either (i) the first hash result does not match one of either the first trusted bit string or the second trusted bit string, or (ii) the second hash result does not match one of either the third trusted bit string or the fourth trusted bit string.
  - 15. The method of claim 11, wherein the steps of determining whether the first hash result matches the first or second trusted bit strings further comprise determining whether an iteration number associated with the first authentication token is less than a current max iteration number, and wherein the method further comprises:
    - updating the current max iteration number with the iteration number associated with the first authentication token when (i) the first hash result matches the first or second trusted bit string and (ii) the iteration number associated with the first authentication token is less than the current max iteration number.
  - 16. The method of claim 15 wherein the current max iteration number equals the iteration number of the most recent authentication token (i) that was received prior to receiving the first authentication token, (ii) whose hash result matched one of either the first or second trusted bit strings, and (iii) whose iteration number was less than the previous max iteration number.
  - 17. The method of claim 13, wherein the steps of determining whether the first hash result matches the first or second trusted bit strings further comprises determining whether an iteration number associated with the first authentication token is less than a current max iteration number, and wherein the steps of determining whether the second hash result matches the third or fourth trusted bit strings further comprise determining whether the iteration number associated with the second authentication token is also less than the current max iteration number, and wherein the method further comprises:
    - updating the current max iteration number when (i) the first hash result matches either the first or second trusted bit strings, and the iteration number associated with the first authentication token is less than the current max iteration number, or (ii) the second hash result matches either the third or fourth trusted bit strings, and the authentication token associated with the second authentication token is less than the current max iteration number; and
      
      wherein the current max iteration number is updated with the lesser of (i) the iteration number associated with the first authentication token or (ii) the iteration number associated with the second authentication token.
  - 18. The method of claim 17, wherein the current max iteration number equals the lesser iteration number of the most recent authentication token (i) that was received prior to receiving the message comprising the first and second authentication tokens, (ii) whose hash result matched any of the first, second, third, fourth trusted bit strings, and (iii) whose iteration number was less than the previous max iteration number.
  - 19. The method of claim 13 wherein the first and second bits correspond to bits of a state machine.
  - 20. The method of claim 13 wherein the first and second bits correspond to bits of an entry in an index of actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Driscoll, Kevin Raymond

Granted Patent

US 8,549,296 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 9/12   Transmitting and receiving ...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

Simple Authentication of Messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Simple Authentication of Messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links