Efficient authentication for mobile and pervasive computing
First Claim
1. A method performed by a computing device to provide authentication for a message, the method comprising:
- generating by the computing device an encrypted message by encrypting with an encryption key an encryption combination of the message and a nonce;
generating by the computing device an authentication code based on a result of an authentication combination of the message and the nonce modulo a divisor;
sending by the computing device the encrypted message and the authentication code to another computing device with access to the encryption key wherein upon receiving the encrypted message and the authentication code, the other computing device decrypts the received encrypted message with the encryption key and extracts the message and the nonce, regenerates the authentication code based on the authentication combination of the extracted message and the extracted nonce modulo the divisor, and when the generated authentication code matches the regenerated authentication code, verifies integrity and authenticity of the extracted message; and
receiving the encrypted message and authentication code at the other computing device and verifying the integrity and authenticity of the encrypted message by decrypting the message, extracting the nonce, regenerating the authentication code, and comparing the regenerating authentication code to the generated authentication code.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for authenticating messages is provided. A message authentication system generates an encrypted message by encrypting with a key a combination of a message and a nonce. The message authentication system generates a message authentication code based on a combination of the message and the nonce modulo a divisor. To decrypt and authenticate the message, the message authentication system generates a decrypted message by decrypting with the key the encrypted message and extracts the message and the nonce. The message authentication system then regenerates a message authentication code based on a combination of the extracted message and the extracted nonce modulo the divisor. The message authentication system then determines whether the regenerated message authentication code matches the original message authentication code. If the codes match, then the integrity and authenticity of the message are verified.
-
Citations
27 Claims
-
1. A method performed by a computing device to provide authentication for a message, the method comprising:
-
generating by the computing device an encrypted message by encrypting with an encryption key an encryption combination of the message and a nonce; generating by the computing device an authentication code based on a result of an authentication combination of the message and the nonce modulo a divisor; sending by the computing device the encrypted message and the authentication code to another computing device with access to the encryption key wherein upon receiving the encrypted message and the authentication code, the other computing device decrypts the received encrypted message with the encryption key and extracts the message and the nonce, regenerates the authentication code based on the authentication combination of the extracted message and the extracted nonce modulo the divisor, and when the generated authentication code matches the regenerated authentication code, verifies integrity and authenticity of the extracted message; and receiving the encrypted message and authentication code at the other computing device and verifying the integrity and authenticity of the encrypted message by decrypting the message, extracting the nonce, regenerating the authentication code, and comparing the regenerating authentication code to the generated authentication code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method performed by a computing device to provide authentication for a message, the method comprising:
-
generating by the computing device an encrypted message by encrypting with a key an encryption combination of the message and a nonce, the encrypting being based on a block cipher; generating by the computing device an authentication code based on a result of an authentication combination of the message and the nonce modulo a divisor; sending by the computing device the generated encrypted message and the generated authentication code to another computing device with access to the key and the divisor so that the other computing device can verify the integrity and authenticity of encrypted message; and receiving the encrypted message and authentication code at the other computing device and verifying the integrity and authenticity of the encrypted message. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. One or more computer-readable storage media that are not a transitory, propagating signal storing computer-executable instructions for controlling a device to generate an authentication code for a message, the instructions comprising:
-
instructions that generate an encrypted message by encrypting with an encryption key a concatenation of the message and a nonce; instructions that generate an authentication code by generating a dividend by multiplying the message by an authentication key and adding the nonce and setting the authentication code to the dividend modulo a divisor that is a prime number; instructions that send to another device the generated encrypted message and the generated authentication code so that the other device can decrypt the generated encrypted message using the encryption key to generate a decrypted message and a decrypted nonce and regenerate the authentication code using the decrypted message, the decrypted nonce, and the divisor to verify integrity and authenticity of the decrypted message; and instructions that verify the integrity and authenticity of an encrypted message.
-
-
20. One or more computer-readable storage media that are not a transitory, propagating signal storing computer-executable instructions for controlling a device to generate an authentication code for a message, the instructions comprising:
-
instructions that generate an encrypted message using a key as a concatenation of an initialization vector, an encrypted nonce part, and an encrypted message part, the encrypted message being encrypted with a block cipher; instructions that generate an authentication code by generating a dividend by adding the message and a nonce and setting the authentication code to the dividend modulo a divisor that is a power of two; instructions that send to another device the generated encrypted message and the generated authentication code so that the other device can decrypt the generated encrypted message using the key to generate a decrypted message and a decrypted nonce and regenerate the authentication code using the decrypted message, the decrypted nonce, and the divisor to verify integrity and authenticity of the decrypted message; and instructions that verify the integrity and authenticity of an encrypted message. - View Dependent Claims (21, 22)
-
-
23. One or more computer-readable storage media that are not a transitory, propagating signal storing computer-executable instructions for controlling a device to verify the integrity and authenticity of an encrypted message, the instructions comprising:
-
instructions that receive the encrypted message and an authentication code; instructions that decrypt the received encrypted message with an encryption key; instructions that extract a message and an nonce from the decrypted message; instructions that generates an authentication code based on an authentication combination of the extracted message and the extracted nonce modulo a divisor; and instructions that, when the generated authentication code matches the received authentication code, verifies the integrity and authenticity of the extracted message. - View Dependent Claims (24, 25, 26, 27)
-
Specification