Message authentication
First Claim
1. A method for the authentication of data communicated from an originator computer device to a destination computer device, comprising:
- generating, at the originator computer device, a random bit array;
generating, at the originator computer device, a digest of data using a private key according to a keyed-hashing technique, said data including said random bit array and temporal validity information defined at the originator computer device and representing the temporal validity of the data;
transmitting the data together with the digest from the originator computer device to the destination computer device;
searching in a key table for a key that is identical to a current login key random bit array and terminating a connection between the originator computer device and the destination computer device in response to finding a key identical to the current login key random bit array in the key table;
storing the random bit array of the current login key in the key table until the current login key expires;
verifying, at the destination computer device, an authenticity of the data received at the destination computer device based on the digest received at the destination computer device and the private key at the destination computer device; and
verifying, at the destination computer device, a temporal validity of the data received at the destination computer device based on the temporal validity information included in the data received at the destination computer device,wherein the private key used for generating the digest of data at the originator computer device and for verifying the authenticity of the data received at the destination computer device is shared by the originator computer device and the destination computer device.
0 Assignments
0 Petitions
Accused Products
Abstract
For the authentication of messages communicated in a distributed system from an originator to a destination a keyed-hashing technique is used according to which data to be authenticated is concatenated with a private (secret) key and then processed to the cryptographic hash function. The data are transmitted together with the digest of the hash function from the originator to the destination. The data comprises temporal validity information representing the temporal validity of the data. For example the setup key of a communication is therefore only valid within a given time interval that is dynamically defined by the communication originator. After the time interval is exceeded the setup key is invalid and cannot be reused again.
-
Citations
4 Claims
-
1. A method for the authentication of data communicated from an originator computer device to a destination computer device, comprising:
-
generating, at the originator computer device, a random bit array; generating, at the originator computer device, a digest of data using a private key according to a keyed-hashing technique, said data including said random bit array and temporal validity information defined at the originator computer device and representing the temporal validity of the data; transmitting the data together with the digest from the originator computer device to the destination computer device; searching in a key table for a key that is identical to a current login key random bit array and terminating a connection between the originator computer device and the destination computer device in response to finding a key identical to the current login key random bit array in the key table; storing the random bit array of the current login key in the key table until the current login key expires; verifying, at the destination computer device, an authenticity of the data received at the destination computer device based on the digest received at the destination computer device and the private key at the destination computer device; and verifying, at the destination computer device, a temporal validity of the data received at the destination computer device based on the temporal validity information included in the data received at the destination computer device, wherein the private key used for generating the digest of data at the originator computer device and for verifying the authenticity of the data received at the destination computer device is shared by the originator computer device and the destination computer device. - View Dependent Claims (2)
-
-
3. A distributed system comprising:
-
an originator computer device; and a destination computer device, wherein the originator computer device is configured to generate a random bit array, generate a digest of data using a private key according to a keyed-hashing technique, said data including said random bit array and temporal validity information defined by the originator computer device and representing the temporal validity of the data, and transmit the data together with the digest of the hash function from the originator computer device to the destination computer device, and the destination computer device is configured to search in a key table for a key that is identical to a current login key random bit array and terminate a connection between the originator computer device and the destination computer device in response to finding a key identical to the current login key random bit array in the key table, store the random bit array of the current login key in the key table until the current login key expires, verify an authenticity of the data received at the destination computer device based on the digest received at the destination computer device and the private key at the destination computer device, and verify a temporal validity of the data received at the destination computer device based on the temporal validity information included in the data received at the destination computer device, wherein the private key used for generating the digest of data at the originator computer device and for verifying the authenticity of the data received at the destination computer device is shared by the originator computer device and the destination computer device. - View Dependent Claims (4)
-
Specification