Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

US 8,295,486 B2
Filed: 09/28/2007
Issued: 10/23/2012
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of outputting an alert on a mobile device having a microprocessor, the method comprising:

the microprocessor receiving data, chosen in a user interface, that identifies at least one first hash function;

the microprocessor identifying a secure connection between the mobile device and a destination server;

the microprocessor identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest;

the microprocessor determining that whether the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function;

in response to the determining that the second hash function is weak, the microprocessor outputting an alert that indicates that the second hash function is weak; and

the microprocessor repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak.

38 Citations

View as Search Results

18 Claims

1. A method of outputting an alert on a mobile device having a microprocessor, the method comprising:
- the microprocessor receiving data, chosen in a user interface, that identifies at least one first hash function;
  
  the microprocessor identifying a secure connection between the mobile device and a destination server;
  
  the microprocessor identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest;
  
  the microprocessor determining that whether the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function;
  
  in response to the determining that the second hash function is weak, the microprocessor outputting an alert that indicates that the second hash function is weak; and
  
  the microprocessor repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the data that identifies the at least one first hash function is received from a server coupled to the mobile device.
  - 3. The method of claim 1, wherein the user interface is provided at a user the mobile device.
  - 4. The method of claim 1, wherein each of the at least one first hash function is identified as being weak, and wherein the second hash function is determined to be weak if the second hash function matches any of the at least one first hash function identified by the data that identifies the at least one first hash function.
  - 5. The method of claim 1, wherein each of the at least one first hash function is identified as being sufficiently strong, and wherein the second hash function is determined to be weak if the second hash function does not match any of the at least one first hash function identified by the data that identifies the at least one first hash function.
  - 6. The method of claim 1, wherein the secure connection is one of a secure sockets layer connection and a transport layer security connection.
  - 7. The method of claim 1, wherein the destination server comprises a web server.
  - 8. The method of claim 2, wherein the server coupled to the mobile device comprises a message management server.
  - 9. The method of claim 2, wherein the data that identifies the at least one first hash function is received in the form of security policy data from the server coupled to the mobile device.

10. A mobile device comprising a microprocessor and a memory storing a plurality of instructions, wherein when the instructions are executed:
- the microprocessor receives data, chosen in a user interface, that identifies at least one first hash function;
  
  the microprocessor identifies a secure connection between the mobile device and a destination server;
  
  the microprocessor identifies a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest;
  
  the microprocessor determines that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function;
  
  in response to the determining that the second hash function is weak, the microprocessor outputs an alert that indicates that the second hash function is weak; and
  
  the microprocessor repeats, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, identifying the hash digest and outputting the alert.

11. A non-transitory storage medium on which a plurality of executable instructions is stored, the instructions for performing the following on a mobile device:
- receiving data, chosen in a user interface, that identifies at least one first hash function;
  
  identifying a secure connection between the mobile device and a destination server;
  
  identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest;
  
  determining that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function;
  
  in response to the determining that the second hash function is weak, outputting an alert that indicates that the second hash function is weak; and
  
  repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert.

12. A system for outputting an alert on a mobile device, the system comprising:
- a server comprising a server microprocessor and a server memory storing a first plurality of instructions, wherein when the first plurality of instructions are executed,the server microprocessor identifies at least one first hash function chosen in a user interface at the server, and transmits data identifying the at least one first hash function to the mobile device, the data for use in determining whether a second hash function used to generate a hash digest received at the mobile device is weak; and
  
  the mobile device comprising a device microprocessor and a device memory storing a second plurality of instructions, wherein when the second plurality of instructions is executed by the device processor,the device microprocessor receives data, from the server, that identifies the at least one first hash function,the device microprocessor identifies a secure connection between the mobile device and a destination server,the device microprocessor identifies the hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using the second hash function and then encrypting the hash digest,the device microprocessor determines that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function,in response to the determining that the second hash function is weak, the device microprocessor outputs an alert that indicates that the second hash function is weak, andthe device microprocessor repeats, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, identifying the hash digest and outputting the alert.

13. A method of transmitting data to a mobile device from a server comprising a microprocessor, the method comprising:
- the microprocessor identifying at least one first hash function chosen in a user interface at the server; and
  
  the microprocessor transmitting data identifying the at least one first hash function to the mobile device, the mobile deviceidentifying a secure connection between the mobile device and a destination server,determining, based on the data identifying the at least one first hash function, that a second hash function is weak, wherein the second hash function is used to generate a hash digest that is encrypted to form a digital signature, and wherein the digital signature is for an associated certificate that belongs to a certificate chain associated with the destination server, andrepeating said determining for each of a plurality of hash digests, wherein each hash digest of the plurality of hash digests is used to form a certificate digital signature of an associated certificate belonging to the certificate chain.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, wherein each of the at least one first hash function is identified as being weak.
  - 15. The method of claim 13, wherein each of the at least one first hash function is identified as being sufficiently strong, such that the second hash function is deemed to be weak if it does not match any of the at least one first hash function identified by the data transmitted to the mobile device.
  - 16. The method of claim 13, further comprising outputting a listing of a plurality of first hash functions in the user interface, and receiving input specifying one or more selected first hash functions from the plurality of first hash functions, wherein the at least one first hash function identified at the server comprises the one or more selected first hash functions.
  - 17. The method of claim 16, wherein the listing is output as a menu comprising a plurality of check box controls, wherein each check box control corresponds to one of the plurality of first hash functions in the listing, and wherein any one of the plurality of first hash functions in the listing is selectable by activating the corresponding check box control.
  - 18. The method of claim 13, wherein the data transmitted to the mobile device is in the form of security policy data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher L., Brown, Michael K., Brown, Michael S.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US11/863,712
Publication Number

US 20090089584A1
Time in Patent Office

1,852 Days
Field of Search

None
US Class Current

380/270
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 12/106   Packet or message integrity

Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others