Method and apparatus for disabling algorithms in a device
First Claim
1. A method comprising:
- receiving, at a network management device, an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device;
determining, at the network management device, whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach;
generating, at the network management device, a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself;
instructing, by the network management device, the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and
determining, by the network management device, that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response.
2 Assignments
0 Petitions
Accused Products
Abstract
An apparatus for enabling removal or disabling of weak algorithms may include a processor and memory storing executable computer program code that cause the apparatus to at least perform operations including receiving an indication of one or more algorithms utilized by a communication device. The computer program code may further cause the apparatus to determine whether one or more of the algorithms are identified as a weak algorithm. The computer program code may further cause the apparatus to enable provision of a message to the communication device instructing the communication device to remove, disable, or assign at least one condition to at least one detected weak algorithm among the algorithms. Corresponding methods and computer program products are also provided.
-
Citations
14 Claims
-
1. A method comprising:
-
receiving, at a network management device, an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device; determining, at the network management device, whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach; generating, at the network management device, a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself; instructing, by the network management device, the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and determining, by the network management device, that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus comprising:
-
at least one computer processor; and at least one non-transitory memory device including computer program code stored thereon that, when executed by the at least one computer processor, cause the apparatus to perform at least the following; receive an indication of one or more cryptographic modules each implementing a cryptographic algorithm residing on a communication device; determine whether a cryptographic module of the one or more cryptographic modules is identified as a weak cryptographic module, wherein the weak cryptographic module is at least susceptible to a security breach; generate a message that comprises at least one shared key and input challenge data and that, when processed by the weak cryptographic module, results in the generation of predefined output values that signify that the weak cryptographic module should remove or disable itself; instruct the communication device to execute the detected weak cryptographic module to process the message comprising the at least one shared key and the input challenge data, wherein the software implementing the detected weak cryptographic module removes or disables itself in response to detecting that its generated output values comprise the predefined output values; and determine that the weak cryptographic module has been removed or disabled based on receiving an authentication value from an authentication attempt with the communication device that produces an invalid response. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification