Out-of band authentication method and system for communication over a data network
First Claim
1. A method for out-of-band authentication of data streams transmitted over a communication network comprising a sender, a receiver, a sender control module, and a receiver control module, comprising the steps of:
- transmitting a first stream of data over a first channel connecting the sender with the receiver;
receiving, by said sender control module, said first stream of data from said sender;
extracting, by said sender control module, a first pattern from said first stream of data, said first pattern comprising a sequence of message units from said first stream of data;
generating authentication data of said first stream of data by said sender control module based on said first pattern extracted from said first stream of data;
transmitting said authentication data from the sender control module to the receiver control module over a second channel connecting the sender control module with the receiver control module;
checking authenticity of a second stream of data received over said first channel by said receiver control module using said authentication data;
exchanging a control message comprising first synchronization data between the sender control module and the receiver control module over said second channel;
sending, by the receiver control module, a resynchronization request to said sender control module,wherein said resynchronization request comprises second synchronization data univocally identifying a second pattern extracted from the second stream of data, andwherein the second synchronization data comprises a hash value of said second pattern extracted from the second stream of data.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for out-of-band authentication of messages transmitted, e.g. as packets, on a communication network, whereby a first stream of data is received by a sender control module from a sender; the first stream of data is transmitted over a first channel, e.g. a non-secure data channel, toward a receiver control module; the sender control module generates authentication data of the first stream of data; the authentication data are transmitted from the sender control module to the receiver control module on a second channel, e.g. a secure data channel, distinct from the first channel; and a stream of data received by the receiver control module is checked using the authentication data. Before sending the authentication data, the sender control module transmits a control message including synchronization data to the receiver control module over the second channel.
26 Citations
20 Claims
-
1. A method for out-of-band authentication of data streams transmitted over a communication network comprising a sender, a receiver, a sender control module, and a receiver control module, comprising the steps of:
-
transmitting a first stream of data over a first channel connecting the sender with the receiver; receiving, by said sender control module, said first stream of data from said sender; extracting, by said sender control module, a first pattern from said first stream of data, said first pattern comprising a sequence of message units from said first stream of data; generating authentication data of said first stream of data by said sender control module based on said first pattern extracted from said first stream of data; transmitting said authentication data from the sender control module to the receiver control module over a second channel connecting the sender control module with the receiver control module; checking authenticity of a second stream of data received over said first channel by said receiver control module using said authentication data; exchanging a control message comprising first synchronization data between the sender control module and the receiver control module over said second channel; sending, by the receiver control module, a resynchronization request to said sender control module, wherein said resynchronization request comprises second synchronization data univocally identifying a second pattern extracted from the second stream of data, and wherein the second synchronization data comprises a hash value of said second pattern extracted from the second stream of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for out-of-band authenticating streams of data transmitted over a communication network, comprising:
-
a sender control module comprising a processor configured to receive a first stream of data from a sender and to; extract a first pattern from said first stream of data, said first pattern comprising a sequence of message units from said first stream of data, and generate authentication data of said first stream of data based on said first pattern extracted from said first stream of data; a receiver control module comprising a processor configured to check said authentication data; a first channel connecting said sender to a receiver, the first channel configured to transmit said first stream of data from said sender toward said receiver; and a second channel connecting said sender module and said receiver module configured to transmit said authentication data, wherein said processor of said receiver control module is further configured to send a resynchronization request to said sender control module, wherein said resynchronization request comprises synchronization data univocally identifying a second pattern extracted from a second stream of data, and wherein said synchronization data comprises a hash value of said second pattern extracted from the second stream of data. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification