Authentication of remote appliance messages using an embedded cryptographic device
First Claim
1. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
- maintaining at an appliance communication center a first shared message counter that counts messages communicated between the appliance communication center and a first appliance, the first shared message counter shared between the communication center and the first appliance;
maintaining at the appliance communication center a second shared message counter that counts messages communicated between the appliance communication center and a second appliance, the second shared message counter provides a count separate from a count provided by the first shared message counter;
generating a first authentication word by applying an appliance message, a shared authentication keying variable K shared between the appliance communication center and the first appliance, and the first shared message counter, as stored in the communication center, to an authentication algorithm;
transmitting the appliance message and the first authentication word as an authenticated message to the first appliance;
receiving the authenticated message at the first appliance;
applying a third shared message counter, the shared authentication keying variable, as stored in the first appliance, and the appliance message to the authentication algorithm to generate the second authentication word;
comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message;
installing a master keying variable within the first appliance and the appliance communication center; and
changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating appliance messages sent between an appliance and an appliance communication center over an appliance communications network includes maintaining a shared message counter at both the appliance communication center. A shared message counter at both the appliance communication center and the remotely located appliance. An authentication algorithm is applied to the appliance message and the shared message counter to generate an authentication word. The appliance message is then transmitted to the appliance or the communication center along with the authentication word. Upon receiving the appliance message, the appliance or the communication center will apply an authentication algorithm to the appliance message and the shared counter to generate an authentication word. The generated authentication word may be compared to the word received with the appliance message to determine authenticity of the message.
52 Citations
11 Claims
-
1. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
-
maintaining at an appliance communication center a first shared message counter that counts messages communicated between the appliance communication center and a first appliance, the first shared message counter shared between the communication center and the first appliance; maintaining at the appliance communication center a second shared message counter that counts messages communicated between the appliance communication center and a second appliance, the second shared message counter provides a count separate from a count provided by the first shared message counter; generating a first authentication word by applying an appliance message, a shared authentication keying variable K shared between the appliance communication center and the first appliance, and the first shared message counter, as stored in the communication center, to an authentication algorithm; transmitting the appliance message and the first authentication word as an authenticated message to the first appliance; receiving the authenticated message at the first appliance; applying a third shared message counter, the shared authentication keying variable, as stored in the first appliance, and the appliance message to the authentication algorithm to generate the second authentication word; comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message; installing a master keying variable within the first appliance and the appliance communication center; and changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
-
a plurality of appliances including a first appliance and a second appliance; and an appliance communication center including; network connections terminating at the appliances; a processing circuit; a memory storing a master keying variable shared between the appliance communication center and the first appliance, an authentication keying variable shared between the appliance communication center and the first appliance, and a plurality of shared counters including a first shared message counter and a second shared message counter, the first shared message counter shared between the appliance communication center and the first appliance, the second shared message counter shared between the communication center and the second appliance, the first shared message counter configured to provide a count separate from a count provided by the second shared message counter, the first and second shared message counters configured to be non-resettable, the memory further storing instructions for; maintaining at the appliance communication center the first shared message counter; generating a first authentication word by applying an appliance message, a shared authentication keying variable, and the first shared message counter, as stored in the appliance communication center, to an authentication algorithm; transmitting the appliance message and the first authentication word as an authenticated message to the first appliance; and transmitting a command to the first appliance to change the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm. - View Dependent Claims (8)
-
-
9. A system comprising:
-
an appliance communication center; a first appliance including; a first shared message counter shared between the first appliance and the appliance communication center; a shared master keying variable shared between the first appliance and the appliance communication center; a shared authentication keying variable shared between the first appliance and the appliance communication center; a processor; and a memory coupled to the processor, the memory storing instructions for execution by the processor for; receiving an authenticated message, including a first authentication word and an appliance message, at the first appliance; generating a second authentication word by applying the first shared message counter, the shared authentication keying variable, and the appliance message to an authentication algorithm; and comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message; and a second appliance separate from the first appliance; wherein the appliance communication center including a second shared message counter and a third shared message counter, the second shared message counter shared between the appliance communication center and the first appliance, the third shared message counter shared between the communication center and the second appliance, and the third shared message counter configured to provide a count separate from a count provided by the second shared message counter; wherein the memory further stores instructions for generating a new shared authentication keying variable, upon the first appliance receiving a command from the appliance communication center, by applying the shared authentication keying variable and the shared master keying variable to the authentication algorithm. - View Dependent Claims (10)
-
-
11. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
-
maintaining at a first appliance a first non-resettable shared message counter, the first non-resettable shared message counter shared between the first appliance and a remotely located appliance communication center; maintaining at the appliance communication center a second non-resettable shared message counter that counts messages communicated between the appliance communication center and the first appliance; maintaining at the appliance communication center a third non-resettable shared message counter that counts messages communicated between the appliance communication center and a second appliance, the third non-resettable shared message counter provides a count separate from a count provided by the second non-resettable shared message counter; generating a first authentication word by applying an appliance message, a shared authentication keying variable shared between the first appliance and the appliance communication center, and the first non-resettable shared message counter, as stored in the first appliance, to an authentication algorithm; transmitting the appliance message and the first authentication word as an authenticated message to the appliance communication center; receiving the authenticated message at the appliance communication center; applying the second non-resettable shared message counter, the shared authentication keying variable, as stored in the appliance communication center, and the appliance message to the authentication algorithm to generate a second authentication word; comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message; installing a master keying variable within the first appliance and the appliance communication center; and changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable.
-
Specification