公开(公告)号：CA2134013A1

公开(公告)日：1995-06-04

申请号：CA2134013

申请日：1994-10-21

Applicant: IBM

Inventor： KUTTEN SHAY ,  KRAWCZYK HUGO ,  HERZBERG AMIR ,  MANSOUR YISHAY ,  BAUCHOT FREDERIC ,  BANTZ DAVID ,  DAL BELLO ELIANE

IPC: G09C1/00 ,  H04J13/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/16 ,  H04L9/30 ,  H04L9/32 ,  H04L9/28

Abstract: In a communications system, a method is described allowing two users having established a communication session identified by a unique session freshness proof, to transmit and validate a new value of a variable by using an exchange certificate which combines the following elements : the new value of the variable, a common secret key known by both users, an exchange counter representative of the number of values of said variable transmitted between the two users during the current communication session and a session freshness proof. Protection against potential eavesdroppers and intruders is provided by combining cryptographically the elements of the exchange certificate. Further protection is obtained by interrupting the current communication session and opening a new one characterized by a new unique session freshness proof when the exchange counter reaches its maximum value; thus avoiding the risk that the same value of the session freshness keeps being used when the exchange counter is reset to its initial value. Consequently a given pair of values of the session freshness proof and of the exchange counter will never be used more than one time, making eavesdropping and, replaying attacks from intruders more difficult. Preferably, the method used for opening a new communication session uses already known authentication methods based on the common secret key.