Secure maintenance messaging in a digital communications network

US 6,880,088 B1
Filed: 11/19/1999
Issued: 04/12/2005
Est. Priority Date: 11/19/1999
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus for performing secure transmission of messages between a module and a device, comprising:

means for receiving a security message, including a challenge, from a module;

means for determining a response based upon the challenge; and

a next challenge; and

means for transmitting the response and the next challenge to the module;

wherein the next challenge is generated by the device;

wherein the receiving means receives at least one authenticated security message from the module after transmitting the response and the next challenge; and

wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an apparatus and method for performing secure messaging in a digital communications network, a module sends a registration message including an initial challenge and an identification of itself to the server. In response, the server sends a message, including a response to the module'"'"'s challenge and a challenge to the module from the server, to the module based on the value and service of the initial challenge. The module uses the validity of the server'"'"'s response to determine whether a transmitted message is authentic. A valid response corresponds to an authentic message. Alternatively, a server may initiate communications with a module. Once the initial communication is established, messaging typically continues for all transactions between the server and the module for one or more classes of transactions. The authentication process is repeated for each message.

48 Citations

View as Search Results

52 Claims

1. An apparatus for performing secure transmission of messages between a module and a device, comprising:
- means for receiving a security message, including a challenge, from a module;
  
  means for determining a response based upon the challenge; and
  
  a next challenge; and
  
  means for transmitting the response and the next challenge to the module;
  
  wherein the next challenge is generated by the device;
  
  wherein the receiving means receives at least one authenticated security message from the module after transmitting the response and the next challenge; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, wherein the transmitting means includesmeans for including in the response, a message identifying an operation to be performed by the module.
  - 3. The apparatus of claim 1, wherein the transmitting means includes means for including the response and the next challenge in a cell or a packet.

4. An apparatus for performing secure transmission of messages between a module and a device, comprising:
- means for transmitting a security message, including a challenge, to a device;
  
  means for receiving a next security message, including a response based upon the challenge, from the device; and
  
  means for determining a status of the next security message based upon the validity of the response;
  
  wherein the transmitting means transmits at least one authenticated security message from the module after receiving the next security message; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (5, 6, 7)
- - 5. The apparatus of claim 4, wherein the receiving means includes means for receiving a next challenge from the device, and wherein the determining means includesmeans for determining a next response based upon the next challenge.
  - 6. The apparatus of claim 5, wherein the transmitting means includesmeans for including the identification of the status and the next response in a cell or a packet.
  - 7. The apparatus of claim 4, wherein the receiving means includesmeans for receiving from the device, a message identifying an operation to be performed by the module, and wherein the apparatus further includes means for executing the operation.

8. A system for performing secure transmission of a message between a module and a device connected via a network, comprising:
- a device;
  
  a module; and
  
  an apparatus associated with the device for receiving and transmitting messages, the apparatus including means for receiving a security message, including a challenge, from the module;
  
  means for determining a response based upon the challenge and a next challenge; and
  
  means for transmitting the response and the next challenge to the module;
  
  wherein the next challenge is generated by the device;
  
  wherein the receiving means receives at least one authenticated security message from the module after transmitting the response and the next challenge; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein the transmitting means includes means for including a message identifying an operation to be performed by the module.
  - 10. The system of claim 8, wherein the transmitting means includes means for including the next challenge in a cell or a packet.
  - 11. The system of claim 8, further including a means for implementing a root module, interfaced with the network, for routing the messages between the device and the module.

12. A system for performing secure transmission of a message between a module and a device connected via a network, comprising:
- a device;
  
  a module; and
  
  an apparatus associated with the module for receiving and transmitting messages, the apparatus including means for transmitting a security message, including a challenge, to the device;
  
  means for receiving a next security message, including a response based upon the challenge, from the device; and
  
  means for determining a status of the next security message based upon the validity of the response;
  
  wherein the transmitting means transmits at least one authenticated security message from the module after receiving the next security message; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the receiving means includes means for receiving a next challenge from the device;
    - andwherein the determining means includes means for determining a next response based upon the next challenge.
  - 14. The system of claim 12, wherein the receiving means includesmeans for receiving from the device, a message identifying an operation to be performed by the module, and wherein the system further includes means for executing the operation.
  - 15. The system of claim 12, wherein the transmitting means includesmeans for transmitting the identification of the status and the next response in a cell or a packet.
  - 16. The system of claim 12, further includingmeans for implementing a root module, interfaced with the network, for routing the messages between the device and the module.
  - 17. The system of claim 16, whereinthe apparatus is contained within the root module.

18. A method for performing secure transmission of a message between a module and a device, comprising the steps of:
- receiving a security message, including a challenge, from a module;
  
  determining a response based upon the challenge and generating a next challenge; and
  
  transmitting to the module the response and the next challenge;
  
  wherein the receiving means receives at least one authenticated security message from the module after transmitting the response and the next challenge; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the transmitting step includes the substep of transmitting to the module, a message identifying an operation to be performed by the module.
  - 20. The method of claim 18, wherein the transmitting step includes the substep of including the response and the next challenge in a cell or a packet.

21. A method for performing secure transmission of a message between a module and a device, comprising the steps of:
- transmitting a security message, including a challenge, to a device;
  
  receiving a next security message, including a response based upon the challenge, from the device; and
  
  determining a status of the next security message based upon the validity of the response;
  
  wherein the transmitting means transmits at least one authenticated security message from the module after receiving the next security message; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein the receiving step includes the substep of receiving a next challenge from the device, andthe determining step includes the substep of determining, based upon the next challenge, a next response.
  - 23. The method of claim 22, wherein the transmitting step includes the substep oftransmitting the identification of the status and the next response in a cell or a packet.
  - 24. The method of claim 21, wherein the transmitting step includes the substep ofreceiving from the device a message identifying an operation to be performed by the module, and further including the step of executing the operation.

25. A computer program product, comprising:
- a computer-readable medium containing instructions for controlling a computer system to perform a method, the method including;
  
  receiving a security message, which includes a challenge from a module, determining a response based upon the challenge and a next challenge; and
  
  transmitting the response and the next challenge to the module;
  
  wherein the next challenge is generated by a device and the device is capable of communicating with the module;
  
  wherein receiving includes receiving at least one authenticated security message from the module after transmitting the response and the next challenge; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (26, 27)
- - 26. The computer program product of claim 25, wherein the transmitting step includes the substep of transmitting to the module a message identifying an operation to be performed by the module.
  - 27. The computer program product of claim 25, wherein the transmitting step includes the substep of transmitting the response and the next challenge in a cell or a packet.

28. A computer program product, comprising:
- a computer-readable medium containing instructions for controlling a computer system to perform a method, the method including;
  
  transmitting a security message, including a challenge, to a device;
  
  receiving a next security message, including a response based upon the challenge, from the device; and
  
  determining a status of the next security message based upon whether the response is valid;
  
  wherein the transmitting means transmits at least one authenticated security message from the module after receiving the next security message; and
  
  wherein the authenticated security message includes a new challenge and at least one of an operation field and a message field.
- View Dependent Claims (29, 30, 31)
- - 29. The computer program product of claim 28, wherein the receiving step includes the substep of receiving a next challenge from the device, and the determining step includes the substep of determining a next response based upon the next challenge.
  - 30. The computer program product of claim 29, wherein the transmitting step includes the substep of transmitting the identification of the status and the next response in a cell or a packet.
  - 31. The computer program product of claim 28, wherein the transmitting step includes the substep of receiving from the device a message identifying an operation to be performed by the module, and further including the step of executing the operation.

32. A system for performing secure transmission of a message between a module and a server connected via a network, comprising:
- a server; and
  
  a module having a hardware interface capable of mutually authenticating maintenance messages sent to and received from the server;
  
  wherein each maintenance message is authenticated by a challenge and a response sent by the module and server.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40)
- - 33. The system of claim 32, wherein the hardware interface includes:
    - means for transmitting a security message, including a challenge, to a server;
      
      means for receiving a next security message, including a response based upon the challenge, from the server; and
      
      means for determining a status of the next security message based upon a validity of the response.
  - 34. The system of claim 33, wherein the hardware interface further includes means for forcing a software reset of the module.
  - 35. The system of claim 33, further including means for transmitting an authenticated status message to a server and receiving an authenticated status message from the server.
  - 36. The system of claim 35, wherein the means for transmitting an authenticated status message to a server transmits the authenticated status message to the server upon detection of a hardware fault in a remote module.
  - 37. The system of claim 35, wherein the means for transmitting an authenticated status message to a server transmits the authenticated status message to the server upon detection of a software fault in a module.
  - 38. The system of claim 35, wherein the means for transmitting an authenticated status message to a server transmits the authenticated status message to the server upon an occurrence of a timeout event in a module.
  - 39. The system of claim 33, wherein a security message includes a maintenance message.
  - 40. The system of claim 33, wherein the hardware interface further-includes means for forcing a hardware reset of the module.

41. A system for performing secure transmission of a message between a module and a server connected via a network, comprising:
- a server;
  
  a proxy agent capable of sending and receiving messages to and from the server; and
  
  a module capable of sending and receiving maintenance messages to and from the proxy agent;
  
  wherein each maintenance message is authenticated by a challenge and a response sent by the module and server.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 42. The system of claim 41, further including a means for transmitting a non-authenticated status message from the module to the proxy agent upon detection of a software fault in the module.
  - 43. The system of claim 42, further including a means for transmitting a non-authenticated status message from the module to the proxy agent upon detection of a hardware fault in the module.
  - 44. The system of claim 43, further including a means for transmitting a non-authenticated status message to the proxy agent upon an occurrence of a timeout event in the module.
  - 45. The system of claim 44, wherein the proxy agent receives messages from the module and performs authentication operations on behalf of the module for status messages received from the module that are destined for the server.
  - 46. The system of claim 43, further including a means for transmitting an authenticated status message from the proxy agent to the server.
  - 47. The system of claim 42, wherein the proxy agent authenticates the status message.
  - 48. The system of claim 47, wherein the proxy agent transforms the authenticated status message into a non-authenticated status message and transmits the non-authenticated status message from the proxy agent to the module.
  - 49. The system of claim 41, further including a means for transmitting an authenticated status message from the server to the proxy agent.
  - 50. The system of claim 41, further including at least one redundant proxy and wherein a processor in the at least one redundant proxy performs validation and authentication of a maintenance message.
  - 51. The system of claim 50, wherein the at least one redundant proxy agent includes means to receive, validate, and authenticate a message when the processor in the proxy agent fails.
  - 52. The system of claim 50, wherein the at least one redundant proxy agent includes means to force a reset of the at least one redundant proxy when the processor in the proxy agent fails.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Gazier, Michael, Strawczynski, Leo
Primary Examiner(s)
Moise, Emmanuell L.

Application Number

US09/443,992
Time in Patent Office

1,971 Days
Field of Search

713/201, 713/200, 713/170, 705/26, 705/182, 705/27, 705/51, 705/52, 707/201, 707/202, 707/203, 707/8, 707/10, 709/220
US Class Current

726/12
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

Secure maintenance messaging in a digital communications network

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Secure maintenance messaging in a digital communications network

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links