公开(公告)号：US5515439A

公开(公告)日：1996-05-07

申请号：US336605

申请日：1994-11-09

申请人： David Bantz ,  Frederic Bauchot ,  Eliane D. Bello ,  Shay Kutten ,  Hugo Krawczyk ,  Amir Herzberg ,  Yishay Mansour

发明人： David Bantz ,  Frederic Bauchot ,  Eliane D. Bello ,  Shay Kutten ,  Hugo Krawczyk ,  Amir Herzberg ,  Yishay Mansour

IPC分类号： G09C1/00 ,  H04J13/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/16 ,  H04L9/30 ,  H04L9/32

CPC分类号： H04L9/0844 ,  H04L9/0891 ,  H04L2209/80

摘要： In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements: the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.

摘要翻译： 在通信系统中，描述了允许两个用户已经建立了通过唯一会话新鲜度证明来识别的通信会话的方法，通过使用组合以下元素的交换证书来发送和验证变量的新值：新值 所述变量，两个用户已知的公用秘密密钥，表示在当前通信会话期间在两个用户之间传送的所述变量的值的数量的交换计数器和会话新鲜度证明。 通过加密地组合交换证书的元素来提供对潜在窃听者和入侵者的保护。 当交换计数器达到最大值时，通过中断当前通信会话并打开一个新特性的新特性会话新鲜度证明来获得进一步的保护; 从而避免当交换计数器重置为其初始值时会话新鲜度相同的值被使用的风险。 因此，会话新鲜度证明和交换计数器的一对给定的值将永远不会被使用一次以上，从而使得窃听和重播来自入侵者的攻击更加困难。 优选地，用于打开新的通信会话的方法使用已知的基于公用秘密密钥的认证方法。