Methods and systems for unilateral authentication of messages
First Claim
1. A method for a mobile computing device to make authentication information available to a base computing device, the method comprising:
- creating authentication information, the authentication information including content data that includes data for updating a care-of address of the mobile computing device, a public key of the mobile computing device, a network address of the mobile computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a combination of the public key of the mobile computing device and a modifier, the digital signature generated by signing with a private key of the mobile computing device corresponding to the public key, the digital signature generated from data in the set;
the content data, a hash value of data including the content data; and
making the authentication information available to the base computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for authentication verifies the address of an information sender based on the sender'"'"'s address, public key, and a digital signature. A portion of the sender'"'"'s address is derived from the public key, such as by incorporating a portion of a hash of the public key with or without a modifier. The sender provides information including content data, the public key, the address, and the digital signature generated using the private key corresponding to the public key. Upon reception, the recipient verifies the address by recreating it from the public key. The signature is verified using the network address and public key. The recipient accepts the content data when both the address and signature are verified. The content data may include a communications parameter of the sender, such as a care-of address where the sender is a mobile device and the recipient is the sender'"'"'s home agent.
36 Citations
17 Claims
-
1. A method for a mobile computing device to make authentication information available to a base computing device, the method comprising:
-
creating authentication information, the authentication information including content data that includes data for updating a care-of address of the mobile computing device, a public key of the mobile computing device, a network address of the mobile computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a combination of the public key of the mobile computing device and a modifier, the digital signature generated by signing with a private key of the mobile computing device corresponding to the public key, the digital signature generated from data in the set;
the content data, a hash value of data including the content data; andmaking the authentication information available to the base computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium containing instructions for performing a method for a first computing device to make authentication information available to a second computing device, the method comprising:
-
creating authentication information, the authentication information including content data that include data for updating a care-of address of the first computing device, a public key of the first computing device, a network address of the first computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of data including the public key of the mobile computing device and a modifier selected for preventing address conflicts, the digital signature generated by signing with a private key of the first computing device corresponding to the public key, the digital signature generated from data in the set;
the content data, a hash value of data including the content data; andmaking the authentication information available to the second computing device.
-
-
9. A computer-readable storage medium having stored thereon a data structure, the data structure comprising:
-
content data that include data for updating a care-of address of a computing device; a public key of the computing device; a network address of the computing device, and a digital signature, the network address having a route prefix portion and a node-selectable portion that includes a portion of a hash value of a composite of the public key of the computing device and a modifier, and a digital signature, the digital signature generated by signing with a private key of the computing device corresponding to the public key, the digital signature generated from data in the set;
the content data, a hash value of data including the content data. - View Dependent Claims (10, 11, 12)
-
-
13. A method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including the content data, a public key of the first computing device, a first network address of the first computing device, and a digital signature; deriving a node-selectable portion of a second network address by taking a portion of a result of hashing a combination of the public key of the first computing device with a modifier; validating the digital signature by using the public key of the first computing device; and accepting the content data if the node-selectable portion of the second network address matches a corresponding portion of the first network address and if the validating shows that the digital signature was generated by the first computing device. - View Dependent Claims (14, 15, 16)
-
-
17. A computer-readable storage medium containing instructions for performing a method for a second computing device to authenticate content data made available by a first computing device, the method comprising:
-
accessing authentication information made available by the first computing device, the authentication information including the content data, a public key of the first computing device, a first network address of the first computing device, a modifier and a digital signature; deriving a node-selectable portion of a second network address by taking a portion of a result of hashing the public key of the first computing device; deriving a node-selectable portion of a second network address as a hash value of a composite of the modifier and the public key of the first computing device; validating the digital signature by using the public key of the first computing device; and accepting the content data if the node-selectable portion of the second network address matches a node-selectable portion of the first network address and if the validating shows that the digital signature was generated from a device having knowledge of a private key that corresponds to the public key of the first computing device.
-
Specification