System and method for adaptive cryptographically synchronized authentication
First Claim
Patent Images
1. A system for authenticating message data to be exchanged between a sender and a receiver, comprising:
- a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data; and
an authentication module that generates an authentication tag using said selected authentication mechanism, said authentication tag being appended to said message data;
wherein a portion of a message associated with the message data is processed using a first function that is utilized at least in part to produce the authentication tag;
wherein said portion of said message processed is selected by using a pseudorandom probabilistic function;
wherein said message is partitioned into regions, each region including a number of message parts, and providing one message part from each region as input to said first function.
12 Assignments
0 Petitions
Accused Products
Abstract
A system and method for implementing adaptive cryptographically synchronized authentication is disclosed. The authentication system includes a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data. The variation in the level of authentication assurance can be based on one or more factors such as the current security conditions and the available CPU utilization.
-
Citations
19 Claims
-
1. A system for authenticating message data to be exchanged between a sender and a receiver, comprising:
-
a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data; and an authentication module that generates an authentication tag using said selected authentication mechanism, said authentication tag being appended to said message data; wherein a portion of a message associated with the message data is processed using a first function that is utilized at least in part to produce the authentication tag; wherein said portion of said message processed is selected by using a pseudorandom probabilistic function; wherein said message is partitioned into regions, each region including a number of message parts, and providing one message part from each region as input to said first function.
-
-
2. A system for authenticating message data to be exchanged between a sender and a receiver, comprising:
-
a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data; a security association and key management module that establishes security associations for said plurality of authentication mechanisms; and an authentication module that includes support for said plurality of authentication mechanisms, wherein said authentication module generates an authentication tag using an authentication mechanism selected by said control, said authentication tag being appended to said message data; wherein a portion of a message associated with the message data is processed using a first function that is utilized at least in part to produce the authentication tag; wherein said portion of said message processed is selected by using a pseudorandom probabilistic function; wherein said message is partitioned into regions, each region including a number of message parts, and providing one message part from each region as input to said first function. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for authenticating message data to be exchanged between a sender and a receiver, comprising:
-
a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data; a security association and key management module that establishes security associations for said plurality of authentication mechanisms; and an authentication module that includes support for said plurality of authentication mechanisms, wherein said authentication module generates an authentication tag using an authentication mechanism selected by said control, said authentication tag being appended to said message data; wherein a portion of a message associated with the message data is processed using a first function that is utilized at least in part to produce the authentication tag; wherein said portion of said message processed is selected by using a pseudorandom probabilistic function; wherein means is included for partitioning said message into regions, each region including a number of message parts, and providing one message part from each region as input to said first function.
-
-
19. A system for authenticating message data to be exchanged between a sender and a receiver, comprising:
-
a controller that dynamically selects one of a plurality of authentication mechanisms to be used in providing authentication for an exchange of message data; a security association and key management module that establishes security associations for said plurality of authentication mechanisms; and an authentication module that includes support for said plurality of authentication mechanisms, wherein said authentication module generates an authentication tag using an authentication mechanism selected by said control, said authentication tag being appended to said message data; wherein a portion of a message associated with the message data is processed using a first function that is utilized at least in part to produce the authentication tag; wherein said portion of said message processed is selected by using a pseudorandom probabilistic function; wherein said portion of said message processed is selected by; defining a message selection percentage p; and using said pseudorandom probabilistic function, uniform over an interval [1,2L], where L=1/p and p is a message selection percentage, to determine offsets between message parts which are provided as input to said first function.
-
Specification