Method and apparatus for disabling algorithms in a device

US 9,698,983 B2
Filed: 10/09/2012
Issued: 07/04/2017
Est. Priority Date: 10/09/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, at a network management device, an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device;

determining, at the network management device, whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach;

generating, at the network management device, a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself;

instructing, by the network management device, the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and

determining, by the network management device, that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for enabling removal or disabling of weak algorithms may include a processor and memory storing executable computer program code that cause the apparatus to at least perform operations including receiving an indication of one or more algorithms utilized by a communication device. The computer program code may further cause the apparatus to determine whether one or more of the algorithms are identified as a weak algorithm. The computer program code may further cause the apparatus to enable provision of a message to the communication device instructing the communication device to remove, disable, or assign at least one condition to at least one detected weak algorithm among the algorithms. Corresponding methods and computer program products are also provided.

Citations

14 Claims

1. A method comprising:
- receiving, at a network management device, an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device;
  
  determining, at the network management device, whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach;
  
  generating, at the network management device, a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself;
  
  instructing, by the network management device, the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and
  
  determining, by the network management device, that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein prior to enabling provision of the message, the method further comprises:
    - instructing the communication device to execute a detected first strong cryptographic module of the one or more cryptographic modules to facilitate communications with a network device, wherein the first strong cryptographic module prevents at least a security breach.
  - 3. The method of claim 1, further comprising:
    - requesting a network entity to update the detected weak cryptographic module in response to determining that the communication device executes a detected strong cryptographic module to communicate with the network device, wherein the detected strong cryptographic module prevents at least a security breach.
  - 4. The method of claim 1, wherein:
    - enabling provision of the message triggers the communication device to determine that an operator of a network device is approved to provide the message in the instance when the communication device determines that the operator is listed in a file indicating approved operators.
  - 5. The method of claim 1, wherein:
    - the indication of the one or more cryptographic modules residing on the communication device is received in response to performing a security scan via a local area network.
  - 6. The method of claim 1, wherein:
    - the determined output comprises a sequence of interleaved predetermined values and random values.
  - 7. The method of claim 1, wherein in an instance when a predefined number of consecutive output values have occurred, the detected weak cryptographic module disables itself.

8. An apparatus comprising:
- at least one computer processor; and
  
  at least one non-transitory memory device including computer program code stored thereon that, when executed by the at least one computer processor, cause the apparatus to perform at least the following;
  
  receive an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device;
  
  determine whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach;
  
  generate a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself;
  
  instruct the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the software implementing the detected weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and
  
  determine that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein prior to enable provision of the message, the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
    - instruct the communication device to execute a detected first strong cryptographic module of the one or more cryptographic modules to facilitate communications with the apparatus, wherein the first strong cryptographic module prevents at least a security breach.
  - 10. The apparatus of claim 8, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
    - request a network entity to update the detected weak cryptographic module in response to determining that the communication device executes a detected strong cryptographic module to communicate with the apparatus, wherein the detected strong cryptographic module prevents at least a security breach.
  - 11. The apparatus of claim 8, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
    - enable the provision of the message which triggers the communication device to determine that an operator of the apparatus is approved to provide the message in the instance when the communication device determines that the operator is listed in a file indicating approved operators.
  - 12. The apparatus of claim 8, wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
    - receive the indication of the one or more cryptographic modules residing on the communication device in response to performing a security scan via a local area network.
  - 13. The apparatus of claim 8, wherein:
    - the determined output comprises a sequence of interleaved predetermined values and random values.
  - 14. The apparatus of claim 8, wherein in an instance when a predefined number of consecutive output values have occurred, the detected weak cryptographic module disables itself.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Technologies Oy (Nokia Corporation)
Inventors
Holtmanns, Silke, Lindholm, Rune
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US14/419,316
Publication Number

US 20150222433A1
Time in Patent Office

1,729 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/06   for supporting key manageme...

H04L 63/20   for managing network securi...

H04L 67/34   involving the movement of s...

H04L 9/14   using a plurality of keys o...

H04L 9/16   the keys or algorithms bein...

H04W 12/00   Security arrangements; Auth...

H04W 12/04   Key management, e.g. using ...

H04W 12/122   Counter-measures against at...

H04W 12/35   Protecting application or s...

H04W 12/37   Managing security policies ...

H04W 4/70   Services for machine-to-mac...

Method and apparatus for disabling algorithms in a device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for disabling algorithms in a device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links