System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment without comprising security
First Claim
1. A method of processing out-of-order message packets, comprising:
- defining a maximum largest nonce value for a first session;
receiving, at a physical receiving client device, an out-of-order message packet associated with a nonce value;
comparing, with a secure communication module of said physical receiving client device, said nonce value of said received out-of-order message packet for a second session with a largest nonce value yet received for said second session by said physical receiving client device;
adjusting, with said secure communication module of said physical receiving client device, a size of a single replay attack acceptance window for said second session based on said largest nonce value yet received;
comparing, with said secure communication module of said physical receiving client device, said largest nonce value yet received with said maximum largest nonce value; and
resetting said largest nonce value yet received for said second session when said largest nonce value yet received exceeds said maximum largest nonce value.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for determining the validity of a received cryptographic message while ensuring for out-of-order messages is utilized to provide for secure communications among peers in a network. In particular, a secure communication module may be configured to accept the cryptographic message in response to a received nonce value of the received message is greater than the largest nonce value yet seen. Otherwise, when the received nonce value is not the largest nonce value yet seen, the secure communication module may be configured to compare the received nonce value with a nonce acceptance window. If the received nonce value falls outside the nonce acceptance window, the secure communication module may be further configured to reject the received message and assume that a replay attack has been detected. If the received nonce value falls within the nonce acceptance window, the secure communication module may be further configured to determine if the received nonce value has been seen before by comparing the received nonce value with a replay window mask. If the received nonce has been seen before, the secure communication module may be further configured to reject the received message and assume a replay attack. Otherwise, the secure communication module may be further configured to accept the message and add the received nonce value to the replay window mask.
38 Citations
22 Claims
-
1. A method of processing out-of-order message packets, comprising:
-
defining a maximum largest nonce value for a first session; receiving, at a physical receiving client device, an out-of-order message packet associated with a nonce value; comparing, with a secure communication module of said physical receiving client device, said nonce value of said received out-of-order message packet for a second session with a largest nonce value yet received for said second session by said physical receiving client device; adjusting, with said secure communication module of said physical receiving client device, a size of a single replay attack acceptance window for said second session based on said largest nonce value yet received; comparing, with said secure communication module of said physical receiving client device, said largest nonce value yet received with said maximum largest nonce value; and resetting said largest nonce value yet received for said second session when said largest nonce value yet received exceeds said maximum largest nonce value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A physical receiving client device for processing out-of-order message packets, comprising:
-
a physical receiving client device to receive an out-of-order message packet associated with a nonce value; a secure communication module of said physical receiving client device to define a maximum largest nonce value for a first session, to compare said nonce value of said received out-of-order message packet for a second session with a largest nonce value yet received by said physical receiving client device for said second session, to adjust a size of a single replay attack acceptance window for said second session based on said largest nonce value yet received, and to compare said largest nonce value yet received with a maximum largest nonce value defined for a first session; and wherein said largest nonce value yet received is reset for said second session when said largest nonce value yet received exceeds said maximum largest nonce value. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification