Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

US 9,015,486 B2
Filed: 09/10/2012
Issued: 04/21/2015
Est. Priority Date: 09/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of outputting an alert on a mobile device, the method comprising:

receiving data that identifies both at least one first hash function and at least one application, wherein each of the at least one first hash function identified in the data is identified as being weak;

identifying a public key associated with a first certificate of a plurality of certificates belonging to a certificate chain;

repeating, for each of the plurality of certificates belonging to the certificate chain,identifying a second hash function used to digitally sign the certificate; and

determining whether the second hash function used to digitally sign the certificate is weak, based on the data,wherein the second hash function used to digitally sign the certificate is determined to be weak if;

the second hash function used to digitally sign the certificate matches any of the at least one first hash function identified in the data, andthe determining is being performed for an application identified in the data; and

outputting the alert when, for at least one certificate of the plurality of certificates belonging to the certificate chain, the second hash function used to digitally sign the at least one certificate is determined to be weak.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, devices, and methods for outputting an alert on a mobile device to indicate the use of a weak hash function are disclosed herein. In one example embodiment, the method comprises receiving data (e.g. from a server) that identifies at least one first hash function, identifying a hash digest generated using a second hash function, determining if the second hash function is weak using the received data, and outputting an alert indicating that the second hash function is weak if it is determined that the second hash function is weak.

Citations

20 Claims

1. A method of outputting an alert on a mobile device, the method comprising:
- receiving data that identifies both at least one first hash function and at least one application, wherein each of the at least one first hash function identified in the data is identified as being weak;
  
  identifying a public key associated with a first certificate of a plurality of certificates belonging to a certificate chain;
  
  repeating, for each of the plurality of certificates belonging to the certificate chain,identifying a second hash function used to digitally sign the certificate; and
  
  determining whether the second hash function used to digitally sign the certificate is weak, based on the data,wherein the second hash function used to digitally sign the certificate is determined to be weak if;
  
  the second hash function used to digitally sign the certificate matches any of the at least one first hash function identified in the data, andthe determining is being performed for an application identified in the data; and
  
  outputting the alert when, for at least one certificate of the plurality of certificates belonging to the certificate chain, the second hash function used to digitally sign the at least one certificate is determined to be weak.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the data that identifies both the at least one first hash function and the at least one application is received from a first server.
  - 3. The method of claim 2, wherein the first server comprises a message management server.
  - 4. The method of claim 2, wherein the data is received from the first server in the form of security policy data.
  - 5. The method of claim 1, wherein the data that identifies both the at least one first hash function and the at least one application is received through a user interface on the mobile device.
  - 6. The method of claim 1, wherein the method is performed, at least in part, by the mobile device.
  - 7. The method of claim 1, wherein the method is performed, at least in part, by a second device coupled to the mobile device.
  - 8. The method of claim 7, wherein the second device coupled to the mobile device comprises a proxy server.

9. A mobile device comprising a processor and a memory, wherein the mobile device is programmed to execute a plurality of instructions which, when executed, cause the processor to:
- receive data that identifies both at least one first hash function and at least one application, wherein each of the at least one first hash function identified in the data is identified as being weak;
  
  identify a public key associated with a first certificate of a plurality of certificates belonging to a certificate chain;
  
  repeat, for each of the plurality of certificates belonging to the certificate chain,identifying a second hash function used to digitally sign the certificate; and
  
  determining whether the second hash function used to digitally sign the certificate is weak, based on the data,wherein the second hash function used to digitally sign the certificate is determined to be weak if;
  
  the second hash function used to digitally sign the certificate matches any of the at least one first hash function identified in the data, andthe determining is being performed for an application identified in the data; and
  
  output an alert when, for at least one certificate of the plurality of certificates belonging to the certificate chain, the second hash function used to digitally sign the at least one certificate is determined to be weak.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The mobile device of claim 9, wherein the data that identifies both the at least one first hash function and the at least one application is received from a first server.
  - 11. The mobile device of claim 10, wherein the first server comprises a message management server.
  - 12. The mobile device of claim 10, wherein the data is received from the first server in the form of security policy data.
  - 13. The mobile device of claim 9, wherein the data that identifies both the at least one first hash function and the at least one application is received through a user interface on the mobile device.

14. A non-transitory computer-readable medium on which a plurality of executable instructions is stored, the instructions for causing a mobile device to:
- receive data that identifies both at least one first hash function and at least one application, wherein each of the at least one first hash function identified in the data is identified as being weak;
  
  identify a public key associated with a first certificate of a plurality of certificates belonging to a certificate chain;
  
  repeat, for each of the plurality of certificates belonging to the certificate chain,identifying a second hash function used to digitally sign the certificate; and
  
  determining whether the second hash function used to digitally sign the certificate is weak, based on the data,wherein the second hash function used to digitally sign the certificate is determined to be weak if;
  
  the second hash function used to digitally sign the certificate matches any of the at least one first hash function identified in the data, andthe determining is being performed for an application identified in the data; and
  
  output an alert when, for at least one certificate of the plurality of certificates belonging to the certificate chain, the second hash function used to digitally sign the at least one certificate is determined to be weak.

15. A method of transmitting data to a mobile device from a server, the method comprising the server:
- identifying both at least one first hash function and at least one application, wherein each of the at least one first hash function is identified as being weak; and
  
  transmitting data identifying the at least one first hash function and the at least one application to the mobile device, the mobile device;
  
  identifying a public key associated with a first certificate of a plurality of certificates belonging to a certificate chain; and
  
  repeating, for each of the plurality of certificates belonging to the certificate chain,identifying a second hash function used to digitally sign the certificate; and
  
  determining whether the second hash function used to digitally sign the certificate is weak, based on the data,wherein the second hash function used to digitally sign the certificate is determined to be weak if;
  
  the second hash function used to digitally sign the certificate matches any of the at least one first hash function identified in the data, andthe determining is being performed for an application identified in the data; and
  
  outputting an alert when, for at least one certificate of the plurality of certificates belonging to the certificate chain, the second hash function used to digitally sign the at least one certificate is determined to be weak.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, wherein each of the at least one first hash function is identified as being weak.
  - 17. The method of claim 15, further comprising outputting a listing of a plurality of first hash functions in a user interface, and receiving input specifying one or more selected first hash functions from the plurality of first hash functions, wherein the at least one first hash function identified at the server comprises the one or more selected first hash functions.
  - 18. The method of claim 17, wherein the listing is output as a menu comprising a plurality of check box controls, wherein each check box control corresponds to a corresponding one of the plurality of first hash functions in the listing, and wherein any one of the plurality of first hash functions in the listing is selectable by activating the corresponding check box control.
  - 19. The method of claim 15, wherein the data transmitted to the mobile device is in the form of security policy data.
  - 20. The method of claim 15, wherein the server comprises a message management server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Bender, Christopher L., Brown, Michael K., Brown, Michael S.
Primary Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US13/608,549
Publication Number

US 20130007454A1
Time in Patent Office

953 Days
Field of Search

None
US Class Current

713/170
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 12/106   Packet or message integrity

Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, devices, and methods for outputting alerts to indicate the use of a weak hash function

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links