WO2019150175A1 - Authenticated packets from identified sources - Google Patents
Authenticated packets from identified sources Download PDFInfo
- Publication number
- WO2019150175A1 WO2019150175A1 PCT/IB2018/050707 IB2018050707W WO2019150175A1 WO 2019150175 A1 WO2019150175 A1 WO 2019150175A1 IB 2018050707 W IB2018050707 W IB 2018050707W WO 2019150175 A1 WO2019150175 A1 WO 2019150175A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- destination server
- identification
- hmac
- source
- key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
Definitions
- source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc.
- source IP Internet Protocol
- source MAC Media Access Control
- an identification symbol representing the source machine itself etc.
- the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc.
- HMAC keyed-hash message authentication code
- the source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.
- HMAC keyed-hash message authentication code
- the destination server maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
- HMAC message authentication code
- identification packet Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet.
- the destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously.
- the destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet.
- HMAC keyed-hash message authentication code
Abstract
Here we have different source machines when booted up send an identification packet to the destination server with information containing source IP address, source MAC address, an identification symbol representing the source machine itself, etc. Also the source machine and the destination server secretly choose a key which is used in generating a HMAC attached to the end of the message forming the data or identification packet by the source machine. The destination server verifies the authentication of the message by matching the HMAC generated by it using the same secret key against the HMAC sent by the source machine as part of the identification or data packet.
Description
Authenticated Packets from Identified Sources
In this invention we have different source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc. In addition to this the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc. The source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.The destination server on the other hand maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
machine(encryption is done by using a private key stored in the text section of the destination server program) as the value in cache or main memory, and an updated copy of the hash map is maintained in persistent storage. This hash map gets populated when identification packets are sent by new source machines that are booted up. The destination server program then generates the keyed-hash
message authentication code (HMAC) by using the secret cryptographic key which is decrypted using a private key stored in the text section of the destination server program to verify data integrity and the authentication of the identification message by matching it against the HMAC sent by the source machine as part of the
identification packet. Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet. The destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously. The destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet.
Claims
Claims
Following is the claim for this invention: -
1> In this invention we have different source machines which communicate to a destination server. These source machines when booted up send an identification packet to the destination server with information containing source IP (Internet Protocol) address, source MAC (Media Access Control) address, an identification symbol representing the source machine itself, etc. In addition to this the source machine and the destination server secretly choose a cryptographic key which is used in generating a keyed-hash message authentication code (HMAC) along with a cryptographic hash function like MD5(Message-Digest 5), SHA-l(Secure Hash Algorithm 1), etc. The source machine also attaches the generated keyed-hash message authentication code (HMAC) for the identification message by using the above chosen secret key in the end forming the identification packet.The destination server on the other hand maintains a hash map of identification symbol as the key and the encrypted form of the secretly chosen key by it and the source
machine(encryption is done by using a private key stored in the text section of the destination server program) as the value in cache or main memory, and an updated copy of the hash map is maintained in persistent storage. This hash map gets populated when identification packets are sent by new source machines that are booted up. The destination server program then generates the keyed-hash
message authentication code (HMAC) by using the secret cryptographic key which is decrypted using a private key stored in the text section of the destination server program to verify data integrity and the authentication of the identification message by matching it against the HMAC sent by the source machine as part of the
identification packet. Subsequent data packets after identification packet sent by the source machine contains the identification symbol and the generated keyed-hash message authentication code (HMAC) for the data message attached in the end forming the data packet. The destination server program then reads the identification symbol from the data packet and fetches the encrypted form of secret cryptographic key. Note that the secret cryptographic key is decrypted using a private key or symmetric key(since same key is used for encryption) by the destination server program which is stored in the text section of the destination server program as mentioned previously. The destination server program then generates the keyed-hash message authentication code (HMAC) to verify data integrity and the authentication of the data message by matching it against the HMAC sent by the source machine as part of the data packet. The above novel technique by which authenticated packets are sent by the source machine to the destination server program is the claim for this invention.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2018/050707 WO2019150175A1 (en) | 2018-02-05 | 2018-02-05 | Authenticated packets from identified sources |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2018/050707 WO2019150175A1 (en) | 2018-02-05 | 2018-02-05 | Authenticated packets from identified sources |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2019150175A1 true WO2019150175A1 (en) | 2019-08-08 |
Family
ID=67477929
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2018/050707 WO2019150175A1 (en) | 2018-02-05 | 2018-02-05 | Authenticated packets from identified sources |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2019150175A1 (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040199774A1 (en) * | 2003-04-07 | 2004-10-07 | Vasileios Zissimopoulos | Secure method for roaming keys and certificates |
-
2018
- 2018-02-05 WO PCT/IB2018/050707 patent/WO2019150175A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040199774A1 (en) * | 2003-04-07 | 2004-10-07 | Vasileios Zissimopoulos | Secure method for roaming keys and certificates |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10652015B2 (en) | Confidential communication management | |
US9985782B2 (en) | Network bound decryption with offline encryption | |
US7996675B2 (en) | Host identity protocol method and apparatus | |
US10263965B2 (en) | Encrypted CCNx | |
US11329835B2 (en) | Apparatus and method for authenticating IoT device based on PUF using white-box cryptography | |
CN101938500B (en) | Method and system for verifying source address | |
CN105025019A (en) | Data safety sharing method | |
US20190268145A1 (en) | Systems and Methods for Authenticating Communications Using a Single Message Exchange and Symmetric Key | |
EP3627763B1 (en) | Password authentication using white-box | |
US10404451B2 (en) | Apparatus and method for message communication | |
CN113347198B (en) | ARP message processing method, device, network equipment and storage medium | |
GB2488753A (en) | Encrypted communication | |
US10764065B2 (en) | Admissions control of a device | |
WO2017008556A1 (en) | Authentication method and device for wireless access point and management platform | |
CN111147236A (en) | Encryption and decryption method and system based on RSA and AES | |
WO2019150175A1 (en) | Authenticated packets from identified sources | |
WO2022174739A1 (en) | Message sending method, signature information generating method, and device | |
WO2018166333A1 (en) | Method and device for content verification | |
WO2021129681A1 (en) | Scheduling method and apparatus, and medium and device | |
CN105122774B (en) | Control the write-access to the resource in RELOAD networks | |
Ohba et al. | Definition of master key between pana client and enforcement point | |
ES2936141T3 (en) | Method to create a remote electronic signature using the fido protocol | |
Jacobs | Providing better confidentiality and authentication on the Internet using Namecoin and MinimaLT | |
JP6549518B2 (en) | Proxy device for content delivery network, transfer device, client device and program | |
JP2011015042A (en) | Encryption communication device, encryption communication method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 18903720 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 18903720 Country of ref document: EP Kind code of ref document: A1 |