176 results about "Message integrity" patented technology

The present invention provides encryption schemes and apparatus which securely generate a cipher-text which in itself contains checks for assuring message integrity. It also provides compatible decryption schemes confirming message integrity. The encryption scheme generates a cipher-text with message integrity in a single pass with little additional computational cost, while retaining at least the same level of security as schemes based on a MAC. One embodiment encrypts a plain-text message by dividing the plain-text message into a multitude of plain-text blocks and encrypting the plain-text blocks to form a multitude of cipher-text blocks. A single pass technique is used in this process to embed a message integrity check in the cipher-text block. A message integrity check is embedded in the cipher-text blocks by embedding a set of pseudo random numbers, which may be dependent, but are pair-wise differentially uniform. We also describe an embodiment which is highly parallelizable.

A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

The present invention comprises a system and method for communicating with a traffic signal by which at least one communication controller and integrated light controller are coupled by a high frequency (“HF”) coupler to a power line for transmission. In each of the directions of communication, specific transmission methods and data protocols are used over the communication link. The communication link protocol used for communication between the integrated light controller and the communication controller provides a robust method for framing data within a message structure that provides byte-by-byte synchronization and message integrity through a parity check per byte, and a checksum calculation.

A method of encrypting a message for message integrity is provided. In the method, a random number is generated, a first ciphertext is generated by encrypting the message by using the generated random number, a hash value of the first ciphertext is calculated, an encryption key is generated by using the hash value of the first ciphertext and a shared key, a second ciphertext is generated by encrypting the random number by using the encryption key, and the first and second ciphertexts are combined.

An encryption/decryption method and system. The method comprises the steps of encrypting a plaintext message by dividing the plaintext message into a multitude of plaintext blocks and encrypting the plaintext blocks to form a multitude of cyphertext blocks. A single pass technique is used in the method to embed a message integrity check in the cyphertext blocks. The method further comprises the steps of decrypting the cyphertext blocks to re-form the plaintext blocks, and testing the message integrity check in the cyphertext blocks to test the integrity of the re-formed plaintext blocks.

The present invention incorporates methodologies developed in the Internet Engineering Task Force (IETF) Internet Protocol Security (IPSEC) Working Group into asynchronous transfer mode (ATM) and frame relay (FR) signaling to provide message integrity and origin authentication. In one implementation the invention provides a virtual private network (VPN) infrastructure with call control message integrity, origin verification, and transit network filtering. The invention utilizes a set of control plane messages based on the IPSEC authentication header (AH) methodology to provide these security mechanisms for ATM and FR network switching equipment and signaling protocols. This abstract itself is not intended to limit the scope of this patent. The scope of the present invention is pointed out in the appending claims.

JSON (JavaScript Object Notation) message integrity is provided using a digital signature scheme. The digital signature scheme implements a set of processing rules for creating and representing digital signatures using a JSON signature syntax. The syntax preferably comprises a set of named elements, including a reference element, a signature information element, and a signature element. In one embodiment, a machine-implemented method for signing a JSON message begins by constructing a reference element for each data object in the JSON message to be signed. The data object is identified by a reference identifier. The reference element includes the reference identifier, a pointer (such as a URI) to a digest method, and a digest generated by applying the digest method to the data object or a given function of the data object. Then, a signature information element is constructed for one or more of the reference elements corresponding to the one or more data objects in the message that are being signed. The signature information element includes a pointer to a signature method, as well as one or more reference elements, or a canonical form of the one or more reference elements. Then, a signature element is constructed. The signature element includes the signature information element, and a signature value generated by applying the signature method (identified in the signature information element) to the signature information element. The signature element is the JSON message signature. The signature enables a sending entity (such as a Web browser or Web server) to generate a digest on all or parts of a JSON message and then to secure the digests using a signing key.

A communications protocol is used to provide data privacy, message integrity, message freshness, and user authentication to telemetric traffic, such as to and from implantable medical devices in a body area network. In certain embodiments, encryption, message integrity, and message freshness are provided through use of token-like nonces and ephemeral session-keys derived from device identification numbers and pseudorandom numbers.

A computer implemented method and system for secure aggregated event reports. The method comprises determining, by a device, that a status change has occurred at the device; receiving, by the device, a status change report from one or more child devices; generating, by the device, a device status change record; generating a record verification field, comprising: combining a nonce, an event type, and a unique device identifier; generating a message integrity check code for the combined nonce, event type and device identifier; and appending the message integrity check code to the device status change record; appending the device status change record to the received status change report; and transmitting, by the device, the status change report to one or more parent devices toward a head end system.

A method of protecting a broadcast frame, the method comprising broadcasting a beacon and a maintenance beacon frame (MBF) from an access point (AP) to a plurality of terminals during a maintenance beacon waiting period (MBWP); and broadcasting broadcast management frames (BMFs) from the AP to the plurality of terminals during a broadcast management frame waiting period (BMFWP), wherein the MBF comprises a BMFs message integrity code (MIC) field including a BMFs MIC calculated from concatenated BMFs to be sent in a current beacon interval.

The present invention discloses an improvement in conventional lock and key mechanical fastening devices. This complete electronic security system utilizes a radio standard and communications protocol such as bluetooth, asymmetric cryptography encryption algorithms for authentication, confidentiality and non-repudiation purposes such as GPG, and a magnetic lock mechanism.

A magnetic lock is mounted on the frame and can be set between locked and unlocked positions. The lock mechanism selectively blocks and unblocks the access opening depending on the authenication communication provided by both the emmiter (I.E. Cell Phone) and the magnetic lock. The receiving device (GPG de-encryptor) will be embedded inside the lock itself and will be responsible for verifying message integrity and origin by calculating the hash value of the received message and comparing it against the decoded signature (the original hash). If the hash from the emitter (IE Cell Phone) and the hash on the receiver (IE Magnetic Lock) side do not match, then the received message is not identical to the message which the sender “signed”, or the sender's identity is wrong, thus the magnetic lock device will not open, and an signal can be emitted via SMS thus allerting of an anomality.

The emmiter (I.E. Cell Phone) will be provided with a software code for it to encrypt the message signaling a lock/unlock status to the magnetic lock using his private key, then a second encryption is performed using the receiver's public key thus achieving authentication, non-repudiation, and confidentiality.

One example embodiment of the present invention discloses a method for processing an application packet for transmission, includes breaking the application packet into a plurality of segments, creating first pseudorandom bits, and generating partial tags based on each of the plurality of segments and portions of the first pseudorandom bits associated with each of the plurality of segments. The method further including combining the partial tags including a last partial tag associated with a last segment of the application packet to create an accumulated tag, generating an authentication tag based on the accumulated tag and second pseudorandom bits, storing the authentication tag, and transmitting the plurality of segments including the authentication tag.

Systems and methods of providing strong authentication for a client device to sign-up with an online service. Authentication can involve verifying user's identity, message authentication, message integrity and nonrepudiation. The security procedures may, in some cases, be sufficient to verify all of these parameters. In other cases, the sign-up procedure needs to be combined with other information in order to verify the user's real identity.

The invention discloses a method and a device for checking management frames in wireless local area networks. The method comprises: judging whether a management frame carries an MIC (message integrity checkout) message when receiving the management frame; utilizing a pre-configured key to check the message integrity of parts in the management frame except the MIC message when the MIC message is carried and obtaining an MIC check value; and judging the management frame legal when the MIC check value is identical with the MIC message carried by the management frame, otherwise judging the management frame illegal. In the invention, by adding the MIC message to the management frame, a management frame receiver can judge the legitimacy of the received management frame so as to avoid spoofing attack based on the management frame.

The invention discloses an updating method of an air key, a terminal and a base station. The method comprises the following step: the terminal updates a hashing computing value AMSID <*> of a terminal identification when switching or updating the position or exiting an idle mode, and the updated AMSID <*> computes authorization keys AK and message integrity protection keys CMAC KEYS and/or a traffic stream encryption keys TEK. The invention realizes the updating of the air key.

A system and method for authenticating and encrypting messages for secure transmission is disclosed. A frame to be transmitted between devices comprises a frame header and a frame body. The frame body includes a security sequence number (SSN), frame payload, and message integrity code (MIC). The SSN is incremented by one for each frame transmitted using a same pairwise temporal key (PTK). A nonce is formed using the frame header and the SSN. Counter blocks Ctr_i and a first input block B₀ are created using the nonce. Payload blocks B_i are created from the frame payload. The frame payload encrypted by sequentially applying the blocks of payload data B_i and corresponding counter blocks Ctr_i to a cipher function. The MIC is computed by cipher block chaining a cipher function applied to blocks B₀ and B_i, and counter block Ctr₀. The cipher functions all use the PTK.

The embodiment of the invention provides a communication system, a verification device, and a verification and signature method for message identity, and relates to the technical field of communication. The invention provides a mobile access user terminal, and verification of message identity transmitted by the access user terminal in the form of PON and radio broadcasting. The system comprises a signature device and a verification device, wherein the signature device is used for transmitting a message carrying a first signature value; and the verification device is used for receiving the message, which carries the first signature value and is transmitted by the signature device, acquiring sharing key words for verifying the message, computing a second signature value of the message according to the sharing key words and comparing the second signature value with the first signature value, if the second signature value is equal to the first signature value, the message is valid, otherwise, the IP message is invalid. The technical scheme can be widely used in communication systems or computer networks.

Embodiments of the invention provide systems and methods for a cipher then segment approach in a Power Line Communication (PLC). A node or device generates frames to be transmitted to a destination node in the PLC network. A processor in the node is configured to generate a data payload comprising data to be sent to the destination node. The processor divides the data payload into two or more payload segments and encrypts the payload segments. The processor creates a frame for each of the encrypted payload segments, wherein each frame comprises a message integrity code. The processor creates a segment identifier for each frame using the message integrity code and an authentication key that is shared with the destination PLC node. The segment identifier is added to each frame.