System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment without comprising security

US 20110088094A1
Filed: 12/13/2010
Published: 04/14/2011
Est. Priority Date: 08/21/2001
Status: Active Grant

First Claim

Patent Images

1-43. -43. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen. Otherwise, when the received nonce value is not the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value falls within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask.

24 Citations

View as Search Results

65 Claims

1-43. -43. (canceled)

44. A method of processing out-of-order message packets, comprising:
- defining a maximum largest nonce value for a first session;
  
  comparing, with a secure communication module of a receiving client device, a nonce value of a received out-of-order message packet for a second session with a largest nonce value yet seen for said second session;
  
  adjusting, with said secure communication module of said receiving client device, a single replay attack acceptance window for said second session based on said largest nonce value yet seen;
  
  comparing, with said secure communication module of said receiving client device, said largest nonce value yet seen with said maximum largest nonce value; and
  
  resetting said largest nonce value yet seen for said second session when said largest nonce value yet seen exceeds said maximum largest nonce value.
- View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 45. The method of processing out-of-order message packets according to claim 44, further comprising:
    - designating, with said secure communication module of said receiving client device, said nonce value as said largest nonce value yet seen if said nonce value exceeds said largest nonce value yet seen.
  - 46. The method of processing out-of-order message packets according to claim 44, further comprising:
    - replacing, with said secure communication module of said receiving client device, said largest nonce value yet seen with said nonce value if said nonce value exceeds said largest nonce value yet seen.
  - 47. The method of processing out-of-order message packets according to claim 44, further comprising:
    - adjusting, with said secure communication module of said receiving client device, said single replay attack acceptance window if said nonce value exceeds said largest nonce value yet seen.
  - 48. The method of processing out-of-order message packets according to claim 44, further comprising:
    - designating, with said secure communication module of said receiving client device, said received out-of-order message packet as a replay attack.
  - 49. The method of processing out-of-order message packets according to claim 47, further comprising:
    - comparing, with said secure communication module of said receiving client device, said nonce value to a window mask value if said nonce value falls within said single replay attack acceptance window; and
      
      rejecting, with said secure communication module of said receiving client device, said received out-of-order message packet if said nonce value is within said window mask value.
  - 50. The method of processing out-of-order message packets according to claim 49, further comprising:
    - designating, with said secure communication module of said receiving client device, said received out-of-order message packet as part of a replay attack.
  - 51. The method of processing out-of-order message packets according to claim 44, further comprising:
    - comparing, with said secure communication module of said receiving client device, said nonce value to a window mask value if said nonce value falls within said single replay attack acceptance window; and
      
      accepting, with said secure communication module of said receiving client device, said received out-of-order message packet if said nonce value is outside said single replay attach acceptance window.
  - 52. The method of processing out-of-order message packets according to claim 51, further comprising:
    - designating, with said secure communication module of said receiving client device, said nonce value as a largest nonce value yet seen.
  - 53. The method of processing out-of-order message packets according to claim 44, further comprising:
    - adjusting a size of a range of acceptable nonce values within said single replay attach window.
  - 54. The method of processing out-of-order message packets according to claim 44, further comprising:
    - generating a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value.

55. A client device for processing out-of-order message packets, comprising:
- a secure communication module of said client device to define a maximum largest nonce value for a first session, to compare a nonce value of a received out-of-order message packet for a second session with a largest nonce value yet seen for said second session, to adjust a single replay attack acceptance window for said second session based on said largest nonce value yet seen, and to compare said largest nonce value yet seen with a maximum largest nonce value defined for a first session; and
  
  wherein said largest nonce value yet seen is reset for said second session when said largest nonce value yet seen exceeds said maximum largest nonce value.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
- - 56. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - designate said nonce value as said largest nonce value yet seen if said nonce value exceeds said largest nonce value yet seen.
  - 57. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module further:
    - replace said largest nonce value yet seen with said nonce value if said nonce value exceeds said largest nonce value yet seen.
  - 58. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - adjust a single replay attack acceptance window if said nonce value exceeds said largest nonce value yet seen.
  - 59. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - designate said received out-of-order message packet as a replay attack.
  - 60. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - compare said nonce value to a window mask value if said nonce value falls within said single replay attack acceptance window; and
      
      reject, with said secure communication module of said receiving client device, said received out-of-order message packet if said nonce value is within said window mask value.
  - 61. The client device for processing out-of-order message packets according to claim 60, wherein said secure communication module is adapted further to:
    - designate said received out-of-order message packet as part of a replay attack.
  - 62. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - compare said nonce value to a window mask value if said nonce value falls within said single replay attack acceptance window; and
      
      accept, with said secure communication module of said receiving client device, said received out-of-order message packet if said nonce value is outside said single replay attach acceptance window.
  - 63. The client device for processing out-of-order message packets according to claim 62, wherein said secure communication module is adapted further to:
    - designate said nonce value as a largest nonce value yet seen.
  - 64. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - adjust a size of a range of acceptable nonce values within said single replay attach window.
  - 65. The client device for processing out-of-order message packets according to claim 55, wherein said secure communication module is adapted further to:
    - generate a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jim Voris, Todd Lagimonier
Original Assignee
Jim Voris, Todd Lagimonier
Inventors
Lagimonier, Todd, Voris, Jim

Granted Patent

US 8,161,553 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0876   based on the identity of th...

H04L 63/14   for detecting or protecting...

H04L 63/1408   by monitoring network traff...

H04L 9/321   involving a third party or ...

H04W 12/02   Protecting privacy or anony...

H04W 12/041   Key generation or derivation

H04W 12/121   Wireless intrusion detectio...

System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment without comprising security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

65 Claims

Specification

Solutions

Use Cases

Quick Links

System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment without comprising security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

65 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links