公开(公告)号：US20140040986A1

公开(公告)日：2014-02-06

申请号：US14048420

申请日：2013-10-08

Applicant: Access Co., Ltd.

Inventor： Najeeb Abdulrahiman ,  Lisa Guo

IPC: H04L29/06

CPC classification number: H04L63/08 ,  H04L63/0838 ,  H04L63/1466 ,  H04L67/146

Abstract: A method and system for preventing replay attacks on secure data transactions. A replay attack occurs when an unauthorized user intercepts a secure data transaction between a device and a central system and uses the intercepted data to gain access to the central system. One method for preventing such replay attacks is the use of a unique session identification number that is generated for each secure data transaction request. A replay attack is defeated using intercepted data since the unique session identification number is valid only for a completed session and may not be reused. When a device is connected to a server using either wireless or land-line connection, the device requests a session identification number from the server. The server generates and signals to the device a unique session identification number which the device then transmits back to the server along with a request for a secure data transaction. Upon verification of the correct unique session identification number, the server implements the requested data transaction. Termination of the requested transaction by the device signals the termination of the current secure data transaction. A new unique session identification number must be requested and issued in like fashion for any additional secure data transactions. The method and system offer the advantage of use with multiple available servers, in contrast to present methods which require that a device to communicate with a given server. Further, the present method offers reduced operation time since there is a single coupling/uncoupling for each data transaction.

Abstract translation: 一种用于防止对安全数据事务的重放攻击的方法和系统。 当未经授权的用户拦截设备和中央系统之间的安全数据事务时，会发生重播攻击，并使用拦截的数据来访问中央系统。 防止这种重放攻击的一种方法是使用为每个安全数据事务请求生成的唯一会话标识号。 使用拦截的数据，重播攻击被击败，因为唯一的会话标识号仅对于完成的会话有效，并且可能不被重复使用。 当设备使用无线或陆线连接连接到服务器时，设备将从服务器请求会话标识号。 服务器生成并向设备发信号，唯一的会话标识号码，然后设备随着对安全数据事务的请求而发送回服务器。 在验证正确的唯一会话标识号后，服务器实现所请求的数据事务。 设备终止所请求的交易将会指示当前安全数据事务的终止。 对于任何其他安全数据交易，必须以同样的方式请求和发出新的唯一会话标识号。 与需要设备与给定服务器通信的现有方法相反，该方法和系统提供了与多个可用服务器一起使用的优点。 此外，本方法提供了减少的操作时间，因为对于每个数据事务存在单个耦合/解耦。