Methods and systems for unilateral authentication of messages

US 7,203,837 B2
Filed: 04/12/2001
Issued: 04/10/2007
Est. Priority Date: 04/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for a mobile computing device to make authentication information available to a base computing device, the method comprising:

creating authentication information, the authentication information including content data that includes data for updating a care-of address of the mobile computing device, a public key of the mobile computing device, a network address of the mobile computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a combination of the public key of the mobile computing device and a modifier, the digital signature generated by signing with a private key of the mobile computing device corresponding to the public key, the digital signature generated from data in the set;

the content data, a hash value of data including the content data; and

making the authentication information available to the base computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for authentication verifies the address of an information sender based on the sender'"'"'s address, public key, and a digital signature. A portion of the sender'"'"'s address is derived from the public key, such as by incorporating a portion of a hash of the public key with or without a modifier. The sender provides information including content data, the public key, the address, and the digital signature generated using the private key corresponding to the public key. Upon reception, the recipient verifies the address by recreating it from the public key. The signature is verified using the network address and public key. The recipient accepts the content data when both the address and signature are verified. The content data may include a communications parameter of the sender, such as a care-of address where the sender is a mobile device and the recipient is the sender'"'"'s home agent.

36 Citations

View as Search Results

17 Claims

1. A method for a mobile computing device to make authentication information available to a base computing device, the method comprising:
- creating authentication information, the authentication information including content data that includes data for updating a care-of address of the mobile computing device, a public key of the mobile computing device, a network address of the mobile computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a combination of the public key of the mobile computing device and a modifier, the digital signature generated by signing with a private key of the mobile computing device corresponding to the public key, the digital signature generated from data in the set;
  
  the content data, a hash value of data including the content data; and
  
  making the authentication information available to the base computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as in claim 1 wherein the authentication information is made available to the base computing device by sending a message incorporating the authentication information to the base computing device.
  - 3. A method as in claim 1, wherein the base computing device is a home agent for the mobile computing device, and wherein the network address of the mobile computing device is a home address of the mobile computing device.
  - 4. A method as in claim 1, wherein the base computing device is a correspondent of the mobile computing device, and wherein the network address of the mobile computing device is a home address of the mobile computing device.
  - 5. A method as in claim 1, wherein the public key and the private key together form an uncertified key pair.
  - 6. A method as in claim 1, wherein the authentication information further includes data for preventing a replay attack.
  - 7. A method as in claim 6, wherein the data for preventing a replay attack are in the set:
    - time stamp, data identifying the second computing device as an intended recipient of the authentication information.

8. A computer-readable storage medium containing instructions for performing a method for a first computing device to make authentication information available to a second computing device, the method comprising:
- creating authentication information, the authentication information including content data that include data for updating a care-of address of the first computing device, a public key of the first computing device, a network address of the first computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of data including the public key of the mobile computing device and a modifier selected for preventing address conflicts, the digital signature generated by signing with a private key of the first computing device corresponding to the public key, the digital signature generated from data in the set;
  
  the content data, a hash value of data including the content data; and
  
  making the authentication information available to the second computing device.

9. A computer-readable storage medium having stored thereon a data structure, the data structure comprising:
- content data that include data for updating a care-of address of a computing device;
  
  a public key of the computing device;
  
  a network address of the computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a composite of the public key of the computing device and a modifier, anda digital signature, the digital signature generated by signing with a private key of the computing device corresponding to the public key, the digital signature generated from data in the set;
  
  the content data, a hash value of data including the content data.
- View Dependent Claims (10, 11, 12)
- - 10. A computer-readable storage medium as in claim 9, wherein the network address of the computing device is a home address of the computing device.
  - 11. A computer-readable storage medium as in claim 9, wherein the modifier is used only if deriving the node-selectable portion with the public key results in a network address that is in use by another device.
  - 12. A computer-readable storage medium as in claim 9, wherein the data structure further includes data for preventing a replay attack.

13. A method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
- accessing authentication information made available by the first computing device, the authentication information including the content data, a public key of the first computing device, a first network address of the first computing device, and a digital signature;
  
  deriving a node-selectable portion of a second network address by taking a portion of a result of hashing a combination of the public key of the first computing device with a modifier;
  
  validating the digital signature by using the public key of the first computing device; and
  
  accepting the content data if the node-selectable portion of the second network address matches a corresponding portion of the first network address and if the validating shows that the digital signature was generated by the first computing device.
- View Dependent Claims (14, 15, 16)
- - 14. A method as in claim 13, further comprising:
    - determining whether to accept the content data based on a time stamp in the authentication information.
  - 15. A method as in claim 13, wherein the content data include data for updating a communications parameter for the first computing device, the method further comprising:
    - updating a record of a communications parameter for the first computing device.
  - 16. A method as in claim 15, wherein the communications parameter is a care-of address of the first computing device, and wherein updating includes updating a routing table maintained by the second computing device.

17. A computer-readable storage medium containing instructions for performing a method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
- accessing authentication information made available by the first computing device, the authentication information including the content data, a public key of the first computing device, a first network address of the first computing device, a modifier and a digital signature;
  
  deriving a node-selectable portion of a second network address by taking a portion of a result of hashing the public key of the first computing device;
  
  deriving a node-selectable portion of a second network address as a hash value of a composite of the modifier and the public key of the first computing device;
  
  validating the digital signature by using the public key of the first computing device; and
  
  accepting the content data if the node-selectable portion of the second network address matches a node-selectable portion of the first network address and if the validating shows that the digital signature was generated from a device having knowledge of a private key that corresponds to the public key of the first computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
O'Shea, Gregory, Roe, Michael
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Parthasarathy; Pramila

Application Number

US09/833,922
Publication Number

US 20020152380A1
Time in Patent Office

2,189 Days
Field of Search

None
US Class Current

713/170
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 2209/60   Digital content management,...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 9/3247   involving digital signatures

H04W 8/26   Network addressing or numbe...

Methods and systems for unilateral authentication of messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for unilateral authentication of messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others