LIGHT WEIGHT AUTHENTICATION AND SECRET RETRIEVAL
First Claim
Patent Images
1. A method for authenticating a message in a network, the method comprising:
- generating, in a sink device, a private key and a public key, wherein the private key comprises a plurality of sub-private keys; and
generating, in the sink device, a signature for the message, wherein the signature comprises a sub-private key and an authentication path associated with the sub-private key in a hash tree, wherein the hash tree is constructed during the generation of the sub-public keys.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authenticating a message in a network is provided. The method includes a step of generating, in a sink device, a private key and a public key. The private key includes a plurality of sub-private keys. The method further includes a step of generating, in the sink device, a signature for the message. The signature includes a sub-private key and an authentication path associated with the sub-private key in a hash tree. The hash tree is constructed during the generation of the sub-public keys.
-
Citations
25 Claims
-
1. A method for authenticating a message in a network, the method comprising:
-
generating, in a sink device, a private key and a public key, wherein the private key comprises a plurality of sub-private keys; and generating, in the sink device, a signature for the message, wherein the signature comprises a sub-private key and an authentication path associated with the sub-private key in a hash tree, wherein the hash tree is constructed during the generation of the sub-public keys. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In an authentication system, a method for a tag device to verify a message from a sink device, wherein the sink device has a computation capability greater than the tag device, the method comprising:
-
generating, in the sink device, a private key and a public key, wherein the private key comprises a plurality of sub-private keys and the public key comprises a plurality of sub-public keys; storing, in the sink device, the private key; generating, in the sink device, a signature for the message, wherein the signature comprises a sub-private key and an authentication path associated with the sub-private key in a hash tree, wherein the hash tree is constructed during the generation of the sub-public keys; and transmitting the public key, the message and the signature from the sink device to the tag device, wherein the sub-private keys are generated by a pseudorandom generator. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for uploading a message from a sink device into a tag device, wherein the sink device has a computation capability greater than the tag device, the method comprising:
-
generating, in the sink device, a private key, wherein the private key comprises a plurality of sub-private keys; hashing the sub-private keys; generating a public key by constructing a plurality of hash trees using the hashed sub-private keys as leaf nodes; encrypting the message into an encrypted message; generating a signature for the encrypted message in the sink device by selecting a sub-private key and an authentication path in a hash tree, wherein the hash tree is constructed during the generation of the public key; and transmitting the encrypted message and the signature to the tag device. - View Dependent Claims (13, 14, 15)
-
-
16. A method for a sink device to search an encrypted message stored in a tag device without decryption of the encrypted message, the sink device having a computation capability greater than the tag device, the method comprising:
-
hashing, in the sink device, a message to be a first hash value; hashing, in the sink device, a secret to be a second hash value, wherein the secret is shared between the sink device and the tag device; hashing, in the sink device, an index message to be a third hash value, wherein the index message is associated with the message; encrypting, in the sink device, the message by an operation of extrusive disjunction over the message, the first hash value, and the second hash value, and encrypting the index message by an operation of extrusive disjunction over the index message, the second hash value, and the third hash value; generating, in the sink device, a first signature for the encrypted message and the encrypted index message; and storing, in the tag device, the encrypted message and the encrypted index message. - View Dependent Claims (17, 18, 19)
-
-
20. A system comprising:
-
a sink device and a tag device, the sink device comprising; a memory for storing instructions and data; and a processor coupled to the memory, the processor operable to execute instructions stored in the memory for; generating a private key and a public key, wherein the private key comprises a plurality of sub-private keys; generating a signature for the message, wherein the signature comprises a sub-private key and an authentication path associated with the sub-private key in a hash tree, wherein the hash tree is constructed during the generation of the sub-public keys; and transmitting the public key, the message and the signature from the sink device to the tag device. - View Dependent Claims (21)
-
-
22. A system for uploading a message in a network, the system comprising:
-
a sink device and a tag device, the sink device comprising; a memory for storing instructions and data; and a processor coupled to the memory, the processor operable to execute instructions stored in the memory for; generating a private key, wherein the private key comprises a plurality of sub-private keys; hashing the sub-private keys; generating a public key by constructing a plurality of hash trees using the hashed sub-private keys as leaf nodes; encrypting the message into an encrypted message; generating a signature for the encrypted message by selecting a sub-private key and an authentication path associated with the sub-private key in a hash tree, wherein the hash tree is constructed during the generation of the public key; and transmitting the encrypted message and the signature to the tag device. - View Dependent Claims (23)
-
-
24. A system for searching an encrypted message within a network without decryption of the encrypted message, the system comprising:
a sink device and a tag device, the sink device comprising; a first memory for storing instructions and data; and a first processor coupled to the first memory, the first processor operable to execute instructions stored in the first memory for; hashing a message to be a first hash value; hashing a secret to be a second hash value, wherein the secret is shared between the sink device and the tag device; hashing an index message to be a third hash value, wherein the index message is associated with the message; encrypting the message by an operation of extrusive disjunction over the message, the first hash value, and the second hash value, and encrypting the index message by an operation of extrusive disjunction over the index message, the second hash value, and the third hash value; generating a first signature for the encrypted message and the encrypted index message; transmitting the encrypted message, the encrypted index message, and the first signature to the tag device; generating a search message by an operation of extrusive disjunction over the index message and the third hash value; generating a second signature for the search message in the sink device; and transmitting the search message and the second signature to the tag node. - View Dependent Claims (25)
Specification