Computing device communication with replay protection
First Claim
1. A system for preventing a replay attack comprising:
- a transmission medium for transmitting information;
a client computing device arranged to connect to said transmission medium, said client computing device including a message to be sent over said transmission medium, a cryptographic key, and a plurality of alteration algorithms for periodically changing said cryptographic key, whereby a value to be appended to said message may be periodically changed;
a server computing device arranged to connect to said transmission medium and receive said message and said appended value, said server computing device including said cryptographic key, and said plurality of alteration algorithms, whereby-said server may calculate its own version of said value to compare with said received value to prevent a replay attack.
2 Assignments
0 Petitions
Accused Products
Abstract
A replay attack prevention technique uses a secret algorithm exchanged between client and servers computers. The algorithm is used to periodically alter a special replay key. The replay key may then be used to alter the message sent or alter the digest appended to the message such that the message and or its digest varies as time progresses. An unscrupulous third party who replays a stolen operation message would be unaware of the replay key and its variation. Any stolen message that is replayed by the third party would not include the time varying aspect as expected by the server computer. The server computer would thus be able to detect the attempted fraud. The secret replay key may be exchanged during the communication session in an encrypted form, or may be exchanged earlier.
29 Citations
21 Claims
-
1. A system for preventing a replay attack comprising:
-
a transmission medium for transmitting information;
a client computing device arranged to connect to said transmission medium, said client computing device including a message to be sent over said transmission medium, a cryptographic key, and a plurality of alteration algorithms for periodically changing said cryptographic key, whereby a value to be appended to said message may be periodically changed;
a server computing device arranged to connect to said transmission medium and receive said message and said appended value, said server computing device including said cryptographic key, and said plurality of alteration algorithms, whereby-said server may calculate its own version of said value to compare with said received value to prevent a replay attack. - View Dependent Claims (2, 3, 4, 5, 6)
an algorithm identifier that identifies one of said plurality of alteration algorithms to be used by said client and server computing devices to automatically change said value for a particular transmission.
-
-
5. The system of claim 1 wherein said client computing device further includes:
an encryption apparatus for encrypting said message and said appended value before transmission to said server computing device.
-
6. The system of claim 5 wherein said server computing device further includes:
a decrypting apparatus for decrypting said message and said appended value when received from said client computing device.
-
7. A method for preventing a replay attack comprising:
-
exchanging a plurality of key alteration algorithms between a client computing device and a server computing device;
exchanging a cryptographic key between said client and said server;
calculating a value using said key alteration algorithm;
appending said value to a message;
transmitting said message and said appended value from said client to said server;
calculation of its own version of said value by said server using said key alteration algorithm; and
comparison of said received value to said calculated value by said server, whereby a replay attack is prevented. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
calculation of said digest from said message using said cryptographic key by said client.
-
-
9. The method of claim 7 wherein said value is a digest, said method further comprising:
calculation of a version of said digest from said message using said cryptographic key by said server.
-
10. The method of claim 7 further comprising:
alteration of said cryptographic key using said key alternation algorithm by said client.
-
11. The method of claim 7 further comprising:
alteration of said cryptographic key using said key alternation algorithm by said server.
-
12. The method of claim 7 further comprising:
exchanging an algorithm identifier between said client and said server that identifies one of said alteration algorithms to be used by said client and server to automatically change said value for a particular transmission.
-
13. The method of claim 7 further comprising:
-
establishing a secure session between said client and said server; and
encrypting said message and said appended value before transmission to said server.
-
-
14. The method of claim 7 further comprising:
-
reception of said message and said appended value from a third party by said server;
comparing said value to a newly calculated value; and
rejecting said message received from said third party.
-
-
15. A method for preventing a replay attack comprising:
-
exchanging a plurality of key alteration algorithms between a client computing device and a server computing device;
exchanging a cryptographic key between said client and said server;
receiving a message and an appended value from said client;
calculating of its own version of said value by said server using said key alteration algorithm; and
comparing said received value to said calculated value by said server, whereby a replay attack is prevented. - View Dependent Claims (16, 17, 18, 19, 20, 21)
calculating a version of said digest from said message using said cryptographic key by said server.
-
-
18. The method of claim 15 further comprising:
altering said cryptographic key using said key alternation algorithm by said server.
-
19. The method of claim 18 further comprising:
-
receiving said message and an appended value from a third party by said server;
comparing said value to a value newly calculated from said altered cryptographic key; and
rejecting said message received from said third party.
-
-
20. The method of claim 15 further comprising:
exchanging an algorithm identifier between said client and said server that identifies one of said alteration algorithms to be used by said client and server to automatically change said value for a particular transmission.
-
21. The method of claim 15 further comprising:
-
receiving said message and said appended value from a third party by said server;
comparing said value to a newly calculated value; and
rejecting said message received from said third party.
-
Specification