Authentication of remote appliance messages using an embedded cryptographic device

US 7,234,062 B2
Filed: 12/27/2000
Issued: 06/19/2007
Est. Priority Date: 07/18/2000
Status: Active Grant

First Claim

Patent Images

1. In an appliance communication network, a method for authenticating appliance messages, the method comprising:

maintaining at an appliance communication center a first shared message counter that counts messages communicated between the appliance communication center and a first appliance, the first shared message counter shared between the communication center and the first appliance;

maintaining at the appliance communication center a second shared message counter that counts messages communicated between the appliance communication center and a second appliance, the second shared message counter provides a count separate from a count provided by the first shared message counter;

generating a first authentication word by applying an appliance message, a shared authentication keying variable K shared between the appliance communication center and the first appliance, and the first shared message counter, as stored in the communication center, to an authentication algorithm;

transmitting the appliance message and the first authentication word as an authenticated message to the first appliance;

receiving the authenticated message at the first appliance;

applying a third shared message counter, the shared authentication keying variable, as stored in the first appliance, and the appliance message to the authentication algorithm to generate the second authentication word;

comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message;

installing a master keying variable within the first appliance and the appliance communication center; and

changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating appliance messages sent between an appliance and an appliance communication center over an appliance communications network includes maintaining a shared message counter at both the appliance communication center. A shared message counter at both the appliance communication center and the remotely located appliance. An authentication algorithm is applied to the appliance message and the shared message counter to generate an authentication word. The appliance message is then transmitted to the appliance or the communication center along with the authentication word. Upon receiving the appliance message, the appliance or the communication center will apply an authentication algorithm to the appliance message and the shared counter to generate an authentication word. The generated authentication word may be compared to the word received with the appliance message to determine authenticity of the message.

52 Citations

View as Search Results

11 Claims

1. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
- maintaining at an appliance communication center a first shared message counter that counts messages communicated between the appliance communication center and a first appliance, the first shared message counter shared between the communication center and the first appliance;
  
  maintaining at the appliance communication center a second shared message counter that counts messages communicated between the appliance communication center and a second appliance, the second shared message counter provides a count separate from a count provided by the first shared message counter;
  
  generating a first authentication word by applying an appliance message, a shared authentication keying variable K shared between the appliance communication center and the first appliance, and the first shared message counter, as stored in the communication center, to an authentication algorithm;
  
  transmitting the appliance message and the first authentication word as an authenticated message to the first appliance;
  
  receiving the authenticated message at the first appliance;
  
  applying a third shared message counter, the shared authentication keying variable, as stored in the first appliance, and the appliance message to the authentication algorithm to generate the second authentication word;
  
  comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message;
  
  installing a master keying variable within the first appliance and the appliance communication center; and
  
  changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising incrementing the third shared message counter, as stored in the first appliance, after receiving a genuine authenticated message at the first appliance.
  - 3. The method of claim 1, wherein generating a first authentication word by applying comprises:
    - establishing a working register R, comprising at least bytes R0, R1, R2, R3;
      
      initializing R3 to a directional code, representing a transmission from the appliance communication center to the first appliance;
      
      initializing at least R2, R1, and R0 to a plurality of bytes C2, C1, and C0 of the first shared message counter, as stored in the communication center, respectively;
      
      iteratively performing at least one arithmetic, logical and shifting operation on R; and
      
      setting the first authentication word equal to the value contained in R.
  - 4. The method of claim 3, wherein iteratively performing at least one arithmetic, logical and shifting operation on R comprises iteratively performing, as many times as there are bytes in K, the steps of:
    - establishing an index, equal to the greater of;
      
      a non-zero constant; and
      
      a number of bytes in the appliance message less one; and
      
      iteratively performing, a number of times equal to the index plus one;
      
      forming P as a dot product of R2 and R0;
      
      forming Q as a bitwise exclusive or of P with a constant expression ‘
      
      01010101’
      
      ;
      
      forming S by adding Q to K;
      
      forming S by end around rotating S;
      
      forming T as the bitwise exclusive or of S and R3;
      
      forming F as the bitwise exclusive or of T with a byte of the appliance message; and
      
      replacing R3 with R2, R2 with R1, R1 with R0, and R0 with F.
  - 5. The method of claim 4, wherein the non-zero constant is at least 3.
  - 6. The method of claim 1, further comprising incrementing the first shared message counter, as stored in the communication center, after transmitting the authenticated message to the first appliance.

7. A system comprising:
- a plurality of appliances including a first appliance and a second appliance; and
  
  an appliance communication center including;
  
  network connections terminating at the appliances;
  
  a processing circuit;
  
  a memory storing a master keying variable shared between the appliance communication center and the first appliance, an authentication keying variable shared between the appliance communication center and the first appliance, and a plurality of shared counters including a first shared message counter and a second shared message counter, the first shared message counter shared between the appliance communication center and the first appliance, the second shared message counter shared between the communication center and the second appliance, the first shared message counter configured to provide a count separate from a count provided by the second shared message counter, the first and second shared message counters configured to be non-resettable, the memory further storing instructions for;
  
  maintaining at the appliance communication center the first shared message counter;
  
  generating a first authentication word by applying an appliance message, a shared authentication keying variable, and the first shared message counter, as stored in the appliance communication center, to an authentication algorithm;
  
  transmitting the appliance message and the first authentication word as an authenticated message to the first appliance; and
  
  transmitting a command to the first appliance to change the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm.
- View Dependent Claims (8)
- - 8. The appliance communication center of claim 7, wherein the memory further stores instructions for incrementing the first shared message counter, as stored in the appliance communication center, after transmitting the authenticated message to the first appliance.

9. A system comprising:
- an appliance communication center;
  
  a first appliance including;
  
  a first shared message counter shared between the first appliance and the appliance communication center;
  
  a shared master keying variable shared between the first appliance and the appliance communication center;
  
  a shared authentication keying variable shared between the first appliance and the appliance communication center;
  
  a processor; and
  
  a memory coupled to the processor, the memory storing instructions for execution by the processor for;
  
  receiving an authenticated message, including a first authentication word and an appliance message, at the first appliance;
  
  generating a second authentication word by applying the first shared message counter, the shared authentication keying variable, and the appliance message to an authentication algorithm; and
  
  comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message; and
  
  a second appliance separate from the first appliance;
  
  wherein the appliance communication center including a second shared message counter and a third shared message counter, the second shared message counter shared between the appliance communication center and the first appliance, the third shared message counter shared between the communication center and the second appliance, and the third shared message counter configured to provide a count separate from a count provided by the second shared message counter;
  
  wherein the memory further stores instructions for generating a new shared authentication keying variable, upon the first appliance receiving a command from the appliance communication center, by applying the shared authentication keying variable and the shared master keying variable to the authentication algorithm.
- View Dependent Claims (10)
- - 10. The appliance message authentication device of claim 9, wherein the memory stores instructions for execution by the processor for incrementing the first shared message counter, as stored in the first appliance, after receiving a genuine authenticated message at the first appliance.

11. In an appliance communication network, a method for authenticating appliance messages, the method comprising:
- maintaining at a first appliance a first non-resettable shared message counter, the first non-resettable shared message counter shared between the first appliance and a remotely located appliance communication center;
  
  maintaining at the appliance communication center a second non-resettable shared message counter that counts messages communicated between the appliance communication center and the first appliance;
  
  maintaining at the appliance communication center a third non-resettable shared message counter that counts messages communicated between the appliance communication center and a second appliance, the third non-resettable shared message counter provides a count separate from a count provided by the second non-resettable shared message counter;
  
  generating a first authentication word by applying an appliance message, a shared authentication keying variable shared between the first appliance and the appliance communication center, and the first non-resettable shared message counter, as stored in the first appliance, to an authentication algorithm;
  
  transmitting the appliance message and the first authentication word as an authenticated message to the appliance communication center;
  
  receiving the authenticated message at the appliance communication center;
  
  applying the second non-resettable shared message counter, the shared authentication keying variable, as stored in the appliance communication center, and the appliance message to the authentication algorithm to generate a second authentication word;
  
  comparing the first authentication word and the second authentication word to determine authenticity of the authenticated message;
  
  installing a master keying variable within the first appliance and the appliance communication center; and
  
  changing, within the first appliance, the shared authentication keying variable by applying the shared authentication keying variable and the master keying variable to the authentication algorithm to generate a new shared authentication keying variable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Haier US Appliance Solutions, Inc. DBA GE Appliances (Haier Group Company)
Original Assignee
General Electric Company
Inventors
Hershey, John Erik, Evans, Scott Charles, Daum, Wolfgang
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
Dinh; Minh

Application Number

US09/748,441
Publication Number

US 20030001721A1
Time in Patent Office

2,365 Days
Field of Search

713168-170, 713/181, 713/201, 380/262, 380/265, 700/236, 700/241, 705/400, 709/208
US Class Current

713/181
CPC Class Codes

H04L 12/2803   Home automation networks

H04L 12/2818   from a device located outsi...

H04L 2012/2843   Mains power line

H04L 2012/285   Generic home appliances, e....

H04L 67/125   involving control of end-de...

H04L 9/0891   Revocation or update of sec...

H04L 9/32   including means for verifyi...

Authentication of remote appliance messages using an embedded cryptographic device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of remote appliance messages using an embedded cryptographic device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links