System for efficiently handling cryptographic messages containing nonce values in a wireless connectionless environment
First Claim
1. A method of processing out-of-order data packets, comprising:
- obtaining a largest nonce value from among a plurality of nonce values of previous data packets;
adjusting, at a receiving device, a size of a range of acceptable nonce values within an acceptance window based around said largest nonce value;
accepting, at said receiving device, a newly received out-of-order data packet including a newly received nonce value when said newly received nonce value is within said acceptance window; and
resetting said largest nonce value to said newly received nonce value when said accepted, newly received nonce value exceeds said largest nonce value.
5 Assignments
0 Petitions
Accused Products
Abstract
A secure communication module that accepts a cryptographic message if a nonce value for the received message is greater than the largest nonce value yet seen. If the received nonce value is not the largest nonce value yet seen, the secure communication module compares the received nonce value with a nonce acceptance window. If the nonce value falls outside the nonce acceptance window, the secure communication module rejects the received message and assumes a replay attack. Alternatively, if the nonce value falls within the nonce acceptance window, the secure communication module compares the received nonce value with a replay window mask. If comparison with the replay window mask indicates that the received nonce value has been seen before, the secure communication module rejects the received message and assumes a replay attack. Otherwise, the secure communication module accepts the message and adds the received nonce value to the replay window mask.
37 Citations
12 Claims
-
1. A method of processing out-of-order data packets, comprising:
-
obtaining a largest nonce value from among a plurality of nonce values of previous data packets; adjusting, at a receiving device, a size of a range of acceptable nonce values within an acceptance window based around said largest nonce value; accepting, at said receiving device, a newly received out-of-order data packet including a newly received nonce value when said newly received nonce value is within said acceptance window; and resetting said largest nonce value to said newly received nonce value when said accepted, newly received nonce value exceeds said largest nonce value. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of processing out-of-order data packets, comprising:
-
obtaining a largest nonce value from among a plurality of nonce values of previous data packets; adjusting, at a receiving device, a size of a range of acceptable nonce values within an acceptance window based around said largest nonce value; accepting, at said receiving device, a newly received out-of-order data packet including a newly received nonce value when said newly received nonce value is within said acceptance window; and adjusting said size of said range of acceptable nonce values within said acceptance window when said accepted, newly received nonce value exceeds said largest nonce value. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of rejecting a replay attack in out-of-order data packets, comprising:
-
obtaining a largest nonce value from among a plurality of nonce values of previous data packets; adjusting, at a receiving device, a size of a range of acceptable nonce values within an acceptance window based around said largest nonce value; and rejecting, at said receiving device, a newly received out-of-order data packet including a newly received nonce value when said newly received nonce value is outside of said acceptance window. - View Dependent Claims (12)
-
Specification
-
- Resources
-
Current AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
Original AssigneeTeleCommunication Systems Inc (Comtech Telecommunications Corporation)
-
InventorsLagimonier, Todd, Voris, Jim
-
Primary Examiner(s)PYZOCHA, MICHAEL J
-
Application NumberUS13/902,074Publication NumberTime in Patent Office767 DaysField of Search726/22, 713/170US Class Current1/1CPC Class CodesH04L 63/04 for providing a confidentia...H04L 63/0876 based on the identity of th...H04L 63/14 for detecting or protecting...H04L 63/1408 by monitoring network traff...H04L 9/321 involving a third party or ...H04W 12/02 Protecting privacy or anony...H04W 12/041 Key generation or derivationH04W 12/121 Wireless intrusion detectio...
