System for efficiently handling cryptographic messages containing nonce values
First Claim
1. A method of processing out-of-order message packets, comprising:
- obtaining a maximum largest nonce value;
comparing, with said secure communication module of said receiving client device, a nonce value of a received out-of-order message packet with a largest nonce value yet seen;
adjusting, with said secure communication module of said receiving client device, a size of a range of acceptable nonce values within a single replay attack acceptance window, where said size of said range is based on said largest nonce value yet seen;
comparing, with said secure communication module of said receiving client device, said largest nonce value yet seen with said maximum largest nonce value; and
resetting said largest nonce value yet seen and generating a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen. Otherwise, when the received nonce value is not the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value falls within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask.
37 Citations
43 Claims
-
1. A method of processing out-of-order message packets, comprising:
-
obtaining a maximum largest nonce value; comparing, with said secure communication module of said receiving client device, a nonce value of a received out-of-order message packet with a largest nonce value yet seen; adjusting, with said secure communication module of said receiving client device, a size of a range of acceptable nonce values within a single replay attack acceptance window, where said size of said range is based on said largest nonce value yet seen; comparing, with said secure communication module of said receiving client device, said largest nonce value yet seen with said maximum largest nonce value; and resetting said largest nonce value yet seen and generating a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for processing out-of-order message packets, said apparatus comprising:
-
a receiving communication interface configured to transmit and receive a plurality of packets; and a receiving controller, wherein said receiving controller is configured to; obtain a maximum largest nonce value; compare a nonce value of a received out-of-order message packet and a largest nonce value yet seen; adjust a size of a range of acceptable nonce values within a single replay attack acceptance window, where said size of said range is based on said largest nonce value yet seen; compare said largest nonce value yet seen with said maximum largest nonce value; and resetting said largest yet seen and generating a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable storage medium on which is embedded one or more computer programs, said one or more computer programs implementing a method of processing out-of-order message packets, said one or more computer programs comprising a set of instructions for:
-
obtaining a maximum largest nonce value; comparing, with said secure communication module of said receiving client device, a nonce value of a received out-of-order message packet and a largest nonce value yet seen; adjusting, with said secure communication module of said receiving client device, a size of a range of acceptable nonce values within a single replay attack acceptance window, where said size of said range is based on said largest nonce value yet seen; comparing, with said secure communication module of said receiving client device, said largest nonce value yet seen with said maximum largest nonce value; and resetting said largest nonce value yet seen and generating a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for processing out-of-order message packets in a peer-to-peer configuration, comprising:
-
a first peer configured to provide secure communication; a second peer configured to provide said secure communication; and a receiving secure communication module configured to be executed by said first peer and second peer, wherein said receiving secure communication module is configured to; obtain a maximum largest nonce value; compare a nonce value of a received out-of-order packet to a largest nonce value yet seen; adjust a size of a range of acceptable nonce values within a single replay attack mask, where said size of said range is based on said largest nonce value yet seen; compare said largest nonce value yet seen with said maximum largest nonce value; and reset said largest nonce value yet seen and generate a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. A receiving interceptor device for processing out-of-order message packets, said receiving interceptor device comprising:
-
a network interface; an expected sequence register configured to enumerate an expected sequence number of a message packet received out-of-order from a second network device; and a receiving controller, wherein said receiving controller is configured to; obtain a maximum largest nonce value; compare a nonce value to of a received out-of-order message packet with a largest nonce value yet seen; adjust a size of a range of acceptable nonce values within a single replay attack mask, where said size of said range is based on said largest nonce value yet seen; compare said largest nonce value yet seen with said maximum largest nonce value; and reset said largest nonce value yet seen and generate a new cryptographic key when said largest nonce value yet seen exceeds said maximum largest nonce value. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
-
Specification