Simple authentication of messages

US 8,549,296 B2
Filed: 11/21/2008
Issued: 10/01/2013
Est. Priority Date: 11/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computing device, a set of at least two synchronization messages, wherein each synchronization message of the at least two synchronization message comprises a respective authentication token for comparison with a respective corresponding trusted bit string associated with the respective unique sender;

applying, by the computing device, a hash function to the authentication token of each received synchronization message of the set at least one time to generate a corresponding hash result for each received synchronization message;

determining, by the computing device, whether the hash result for each received synchronization message matches the corresponding trusted bit string for the unique sender associated with the received synchronization message;

defining, by the computing device, a time point boundary between a first time synchronization period and a second time synchronization period using a value that is determined based at least in part on receipt times of each received synchronization message of the set whose corresponding hash result matched its corresponding trusted bit string; and

for each received synchronization message whose respective corresponding hash result matched its respective corresponding trusted bit string, replacing, by the computing device, the corresponding trusted bit string with the corresponding authentication token of the received synchronization message, wherein the unhashed authentication token replaces the corresponding trusted bit string.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for using simple authenticated messages are disclosed for use with implementing (i) synchronization schemes, (ii) encoded control messaging schemes, and (iii) encrypted data communication schemes. Messages are authenticated by applying a secure hash function to one or more authentication tokens to produce hash results which are compared to stored trusted bit strings, wherein the stored trusted bit strings are replaced with the most-recently received authentication token whose corresponding hash result matched the stored bit string.

28 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a computing device, a set of at least two synchronization messages, wherein each synchronization message of the at least two synchronization message comprises a respective authentication token for comparison with a respective corresponding trusted bit string associated with the respective unique sender;
  
  applying, by the computing device, a hash function to the authentication token of each received synchronization message of the set at least one time to generate a corresponding hash result for each received synchronization message;
  
  determining, by the computing device, whether the hash result for each received synchronization message matches the corresponding trusted bit string for the unique sender associated with the received synchronization message;
  
  defining, by the computing device, a time point boundary between a first time synchronization period and a second time synchronization period using a value that is determined based at least in part on receipt times of each received synchronization message of the set whose corresponding hash result matched its corresponding trusted bit string; and
  
  for each received synchronization message whose respective corresponding hash result matched its respective corresponding trusted bit string, replacing, by the computing device, the corresponding trusted bit string with the corresponding authentication token of the received synchronization message, wherein the unhashed authentication token replaces the corresponding trusted bit string.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein each authentication token is associated with a synchronization message window, wherein the synchronization message window is a period of time during which a synchronization message must be received to be used for defining the time point boundary between two synchronization periods, and wherein the method further comprises:
    - determining whether each received synchronization message of the set was received within the synchronization message window associated with the authentication token of the received synchronization message;
      
      defining the time point boundary between the first and second synchronization periods based on the receipt times of each received synchronization message whose corresponding hash result matched its corresponding trusted bit string and which was received within the synchronization message window associated with that message'"'"'s authentication token; and
      
      for each synchronization message whose corresponding hash result matched its corresponding trusted bit string, replacing the corresponding trusted bit string with the corresponding authentication token of the received synchronization message.
  - 3. The method of claim 1, wherein when multiple copies of a synchronization message having the same authentication token are received, the method further comprises:
    - defining the time point boundary between the first and second synchronization periods based on the time that the first copy of the synchronization message is received; and
      
      ignoring subsequently received copies of the synchronization message.
  - 4. The method of claim 1, further comprisingreceiving and storing at least one data message, wherein the at least one data message comprises encrypted data;
    - receiving a second synchronization message of the set after receiving the at least one data message, wherein the second synchronization message comprises a second authentication token;
      
      applying the hash function to the second authentication token at least one time to generate a second hash result; and
      
      determining whether the second hash result matches the trusted bit string corresponding to the hash function, and when the second hash result matches the corresponding trusted bit string, then (i) defining a time point boundary between the second synchronization period and a third synchronization period based at least in part on the time that the second synchronization message was received, (ii) replacing the corresponding trusted bit string with the second authentication token, and (iii) decrypting the encrypted data with a decryption key based at least in part on the second authentication token.
  - 5. The method of claim 4, wherein the second synchronization message is received at a time during a synchronization message window, and wherein the method further comprises:
    - ignoring the at least one data message when the at least one data message is received at time after the start of the synchronization message window.
  - 6. The method of claim 4, wherein the second synchronization message is received at a time during a synchronization message window, and wherein the method further comprises:
    - ignoring the at least one data message when the at least one data message is received at time that is either (i) not during the first synchronization period, or (ii) after the start of the synchronization message window.
  - 7. The method of claim 4, further comprising:
    - determining whether the second synchronization message has been received at a time during the synchronization message window; and
      
      when the second synchronization message is received at a time during the synchronization message window, then (i) defining the time point boundary between the second synchronization period and the third synchronization period based at least in part on the time that the second synchronization message was received, and (ii) decrypting the encrypted data with a decryption key based at least in part on the second authentication token; and
      
      when the second synchronization message is received at a time after the end of the synchronization message window, then decrypting the encrypted data with a decryption key based at least in part on the second authentication token.
  - 8. The method of claim 1, wherein the received synchronization messages further comprise iteration numbers, and wherein the method further comprises:
    - determining a number of times to apply the hash function to the received respective authentication tokens based on the iteration numbers; and
      
      applying the first hash function to the received authentication token the respective determined number of times to generate the corresponding hash result.
  - 9. The method of claim 4, wherein the encrypted data comprises a new first trusted bit string, and wherein the method further comprises replacing at least one of the trusted bit strings with the new first trusted bit string.
  - 10. The method of claim 1, wherein the value that is based at least in part on the multiple receipt times of each received synchronization message further comprises at least one of:
    - an average of the receipt times;
      
      an average of a subset of the receipt times;
      
      a receipt time selected from the receipt times; and
      
      a weighted value that is based at least in part on applying at least one weight to at least one receipt time of the multiple receipt times, wherein the at least one weight is associated with at least one of the unique senders or a receipt time of at least one of the unique senders.

11. A method comprising:
- receiving, by a computing device, a first message and a second message from a sender, the first and second messages each comprising a first authentication token and a second authentication token that are each associated with the sender, and wherein each of the first and second authentication tokens is comparable with multiple trusted bit strings associated with the sender;
  
  applying a hash function to the first authentication token at least one time to generate a first hash result;
  
  determining whether the first hash result matches a first trusted bit string of the multiple trusted bit strings;
  
  when the first hash result matches the first trusted bit string, then (i) setting a first bit to a first logic value, wherein the first bit corresponds to one of a state machine and an entry in an index of actions, and (ii) replacing the first trusted bit string with the first authentication token, wherein the unhashed first authentication token replaces the first trusted bit string;
  
  when the first hash result does not match the first trusted bit string, then determining whether the first hash result matches a second trusted bit string of the multiple trusted bit strings; and
  
  when the first hash result matches the second trusted bit string, the (i) setting the first bit to a second logic value, and (ii) replacing the second trusted bit string with the first authentication token, wherein the unhashed first authentication token replaces the second trusted bit string.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, further comprising:
    - discarding the first message when the first hash result does not match one of either the first trusted bit string or the second trusted bit string.
  - 13. The method of claim 11, wherein the received first message further comprises a third authentication token, wherein the first authentication token is associated with the first bit, and wherein the third authentication token is associated with a second bit, and wherein the method further comprises:
    - applying the hash function to the third authentication token at least one time to generate a second hash result;
      
      determining whether the second hash result matches a third trusted bit string of the multiple trusted bit strings corresponding to the sender of the first message;
      
      when the second hash result matches the third trusted bit string, then (i) setting the second bit to the first logic value, and (ii) replacing the third trusted bit string with the second authentication token;
      
      when the second hash result does not match the third trusted bit string, then determining whether the second hash result matches a fourth trusted bit string of the multiple trusted bit strings corresponding to the sender of the first message; and
      
      when the second hash result matches the fourth trusted bit string, then (i) setting the second bit to the second logic value, and (ii) replacing the fourth trusted bit string with the second authentication token.
  - 14. The method of claim 13, further comprising:
    - discarding the first message when either (i) the first hash result does not match one of either the first trusted bit string or the second trusted bit string, or (ii) the third hash result does not match one of either the third trusted bit string or the fourth trusted bit string.
  - 15. The method of claim 11, wherein determining whether the first hash result matches the first or second trusted bit strings further comprise determining whether an iteration number associated with the first authentication token is less than a current max iteration number, and wherein the method further comprises:
    - updating the current max iteration number with the iteration number associated with the first authentication token when (i) the first hash result matches the first or second trusted bit string and (ii) the iteration number associated with the first authentication token is less than the current max iteration number.
  - 16. The method of claim 15, wherein the current max iteration number equals the iteration number of a most recent authentication token (i) that was received prior to receiving the first authentication token, (ii) whose hash result matched one of either the first or second trusted bit strings, and (iii) whose iteration number was less than the previous max iteration number.
  - 17. The method of claim 13, wherein determining whether the first hash result matches the first or second trusted bit strings further comprises determining whether an iteration number associated with the first authentication token is less than a current max iteration number, and wherein determining whether the second hash result matches the third or fourth trusted bit strings further comprise determining whether the iteration number associated with the third authentication token is also less than the current max iteration number, and wherein the method further comprises:
    - updating the current max iteration number when (i) the first hash result matches either the first or second trusted bit strings, and the iteration number associated with the first authentication token is less than the current max iteration number, or (ii) the second hash result matches either the third or fourth trusted bit strings, and an authentication token associated with the third authentication token is less than the current max iteration number; and
      
      wherein the current max iteration number is updated with the lesser of (i) the iteration number associated with the first authentication token or (ii) the iteration number associated with the third authentication token.
  - 18. The method of claim 17, wherein the current max iteration number equals the lesser iteration number of the most recent authentication token (i) that was received prior to receiving the first message comprising the first and third authentication tokens, (ii) whose hash result matched any of the first, second, third, or fourth trusted bit strings, and (iii) whose iteration number was less than the previous max iteration number.
  - 19. The method of claim 13 wherein the first and second bits correspond to bits of a state machine.
  - 20. The method of claim 13 wherein the first and second bits correspond to bits of an entry in an index of actions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Honeywell International Inc.
Original Assignee
Honeywell International Inc.
Inventors
Driscoll, Kevin Raymond
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
MEJIA, FELICIANO S

Application Number

US12/276,168
Publication Number

US 20090138712A1
Time in Patent Office

1,775 Days
Field of Search

713/168, 713170-185, 726/30
US Class Current

713/170
CPC Class Codes

H04L 2209/125   Parallelization or pipelini...

H04L 9/12   Transmitting and receiving ...

H04L 9/3236   using cryptographic hash fu...

H04L 9/50   using hash chains, e.g. blo...

Simple authentication of messages

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Simple authentication of messages

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links