Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function
First Claim
Patent Images
1. A method of outputting an alert on a mobile device having a microprocessor, the method comprising:
- the microprocessor receiving data, chosen in a user interface, that identifies at least one first hash function;
the microprocessor identifying a secure connection between the mobile device and a destination server;
the microprocessor identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest;
the microprocessor determining that whether the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function;
in response to the determining that the second hash function is weak, the microprocessor outputting an alert that indicates that the second hash function is weak; and
the microprocessor repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak.
38 Citations
18 Claims
-
1. A method of outputting an alert on a mobile device having a microprocessor, the method comprising:
-
the microprocessor receiving data, chosen in a user interface, that identifies at least one first hash function; the microprocessor identifying a secure connection between the mobile device and a destination server; the microprocessor identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest; the microprocessor determining that whether the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function; in response to the determining that the second hash function is weak, the microprocessor outputting an alert that indicates that the second hash function is weak; and the microprocessor repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device comprising a microprocessor and a memory storing a plurality of instructions, wherein when the instructions are executed:
-
the microprocessor receives data, chosen in a user interface, that identifies at least one first hash function; the microprocessor identifies a secure connection between the mobile device and a destination server; the microprocessor identifies a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest; the microprocessor determines that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function; in response to the determining that the second hash function is weak, the microprocessor outputs an alert that indicates that the second hash function is weak; and the microprocessor repeats, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, identifying the hash digest and outputting the alert.
-
-
11. A non-transitory storage medium on which a plurality of executable instructions is stored, the instructions for performing the following on a mobile device:
-
receiving data, chosen in a user interface, that identifies at least one first hash function; identifying a secure connection between the mobile device and a destination server; identifying a hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using a second hash function and then encrypting the hash digest; determining that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function; in response to the determining that the second hash function is weak, outputting an alert that indicates that the second hash function is weak; and repeating, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, said identifying the hash digest and said outputting the alert.
-
-
12. A system for outputting an alert on a mobile device, the system comprising:
-
a server comprising a server microprocessor and a server memory storing a first plurality of instructions, wherein when the first plurality of instructions are executed, the server microprocessor identifies at least one first hash function chosen in a user interface at the server, and transmits data identifying the at least one first hash function to the mobile device, the data for use in determining whether a second hash function used to generate a hash digest received at the mobile device is weak; and the mobile device comprising a device microprocessor and a device memory storing a second plurality of instructions, wherein when the second plurality of instructions is executed by the device processor, the device microprocessor receives data, from the server, that identifies the at least one first hash function, the device microprocessor identifies a secure connection between the mobile device and a destination server, the device microprocessor identifies the hash digest that is used to form a digital signature of an associated certificate, the associated certificate belonging to a certificate chain that comprises a certificate associated with the destination server, and the digital signature having been formed by generating the hash digest using the second hash function and then encrypting the hash digest, the device microprocessor determines that the second hash function used to generate the digital signature is weak, based on the data that identifies the at least one first hash function, in response to the determining that the second hash function is weak, the device microprocessor outputs an alert that indicates that the second hash function is weak, and the device microprocessor repeats, for each hash digest of a plurality of hash digests being used to form a digital signature of an associated certificate belonging to the certificate chain, identifying the hash digest and outputting the alert.
-
-
13. A method of transmitting data to a mobile device from a server comprising a microprocessor, the method comprising:
-
the microprocessor identifying at least one first hash function chosen in a user interface at the server; and the microprocessor transmitting data identifying the at least one first hash function to the mobile device, the mobile device identifying a secure connection between the mobile device and a destination server, determining, based on the data identifying the at least one first hash function, that a second hash function is weak, wherein the second hash function is used to generate a hash digest that is encrypted to form a digital signature, and wherein the digital signature is for an associated certificate that belongs to a certificate chain associated with the destination server, and repeating said determining for each of a plurality of hash digests, wherein each hash digest of the plurality of hash digests is used to form a certificate digital signature of an associated certificate belonging to the certificate chain. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification