Method to authenticate packet payloads
First Claim
Patent Images
1. A method for authenticating a packet, comprising:
- receiving a packet, the packet comprising a header and a payload;
computing a first message authentication code based at least in part on a pseudo-header derived from at least some of the packet header;
wherein at least one of the source and destination port fields in the pseudo-header has a value different from the corresponding source and destination port field in the packet header; and
comparing the first message authentication code with a second message authentication code in the header to authenticate the packet.
24 Assignments
0 Petitions
Accused Products
Abstract
An architecture for authenticating packets is provided that includes: an input 322 operable to receive a packet, the packet comprising at least one of a transport, session and presentation header portion and a transport agent 312 operable to compute a first message authentication code based on at least some of the contents of the packet and compare the first message authentication code with a second message authentication code in the at least one of a transport, session, and presentation header portion to authenticate the packet.
132 Citations
49 Claims
-
1. A method for authenticating a packet, comprising:
-
receiving a packet, the packet comprising a header and a payload;
computing a first message authentication code based at least in part on a pseudo-header derived from at least some of the packet header;
wherein at least one of the source and destination port fields in the pseudo-header has a value different from the corresponding source and destination port field in the packet header; and
comparing the first message authentication code with a second message authentication code in the header to authenticate the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 37)
-
-
14. A packet, comprising:
-
a transport layer header portion, the transport layer header portion comprising;
a source port field;
a destination port field;
a sequence number field; and
an option field, wherein the option field comprises an authentication option, the authentication option comprising a message authentication code; and
a payload. - View Dependent Claims (15, 16, 17)
-
-
18. A method for authenticating packets, comprising:
-
receiving a packet comprising a header and a payload, wherein the header comprises a transport header portion;
in a first mode, discarding the packet when the transport header portion does not include a valid authentication option field; and
in a second, different mode, discarding the packet when the transport header portion includes an authentication option field. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for authenticating packets, comprising:
-
assembling a packet comprising a header and a payload, the header including transport header portion, wherein in a first mode, including in the transport header portion a valid authentication option field; and
in a second, different mode, not including in the transport header portion a valid authentication option field; and
thereafter transmitting the packet. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
-
38. An architecture for authenticating packets, comprising:
-
an input operable to receive a packet including a header and payload, the header comprising a transport header portion; and
a transport agent operable to compute a first message authentication code based on at least some of the contents of the packet and compare the first message authentication code with a second message authentication code in the transport header portion to authenticate the packet. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
Specification