Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1999-06-14
2003-10-14
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S171000
Reexamination Certificate
active
06633980
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to communication between two computing devices. More specifically, the present invention relates to a cryptographic technique for preventing a replay attack during such communication.
BACKGROUND OF THE INVENTION
During communication between two computing devices, it is always possible that an unscrupulous third party that is unauthorized may listen to the communication, may tamper with the communication, or may attempt to send spurious communications of its own. One particular attempt at fraud in the communications field is known as a “replay attack.”
FIG. 1
illustrates a prior art arrangement
100
that illustrates a replay attack. Shown is a client computer
102
communicating with a server computer
104
over any suitable known communication medium
106
. In the course of this communication, client
102
sends operation message
108
to server computer
104
. Message
108
may or may not be encrypted and may or may not be part of a secure session. In this illustration, an unscrupulous third party
110
uses any suitable means to detect the transmission of operation message
108
from client
102
to server
104
. Because third party
110
detects message
108
in its entirety and is not seeking to understand message
108
, it is irrelevant to third party
110
whether the message is encrypted or not.
As part of the replay attack, third party
210
takes message
108
captured earlier and resends it at a later time to server computer
104
which may be unaware that message
108
is coming from a third party. If the replay attack is implemented successfully the server will believe that message
108
is coming from client
102
when actually it is being transmitted by third party
110
. Because server
104
is unaware of the origin of the message, it may perform the operation present in the message unaware that the message did not come from client
102
. Depending upon the content of operation message
108
, the results of server
104
performing this operation again may have disastrous results. For example, message
108
might be a command to delete particular data, modify data, increment a user's balance by particular amount, disgorge funds electronically, release sensitive information, etc.
Even if client
102
and server
104
had used sophisticated encryption to encrypt message
108
the server will be unaware that the message from the third party is bogus because the third party has replayed message
108
in it entirety and in its encrypted form. The illicit benefit received by third party
110
would not be the understanding of message
108
, but the consequences of the operation performed by server
104
when it receives message
108
once again.
Accordingly, what is desired is a system and technique by which a replay attack during communication between computing devices may be prevented.
SUMMARY OF THE INVENTION
A replay attack prevention technique is disclosed that uses a secret algorithm exchanged between client and servers computers. The algorithm is used to periodically alter a special replay key. The replay key may then be used to alter the message sent or alter the digest appended to the message such that the message and or its digest varies as time progresses. An unscrupulous third party who replays a stolen operation message would be unaware of the replay key and its variation. Any stolen message that is replayed by the third party would not include the time varying aspect as expected by the server computer. The server computer would thus be able to detect the attempted fraud.
Preferably, the client and server exchange the secret algorithm before communication begins. The secret replay key may be exchanged at the beginning of the communication session in an encrypted form, or may be exchanged earlier. Because the replay key preferably never appears along with the message, and because the digest cannot be used to discover the replay key, the replay key is kept secret from third parties.
In a system embodiment of the invention, a client computing device and a server computing device communicate over a transmission medium. The client includes a message to be sent to the server over the transmission medium, a cryptographic key, and an alteration algorithm. The alteration algorithm is used to periodically change the cryptographic key, whereby a value to be appended to the message is periodically changed. The server receives the message and the appended value from the client. The server includes the same cryptographic key as in the client, and the same alteration algorithm. Thus, the server may calculate its own version of the value to compare with the received value from the client. A replay attack is prevented because a third party has neither the key or algorithm.
In a variation on this embodiment, the value is a digest calculated from the message using the cryptographic key. In this variation, the server has its own version of the digest calculated from the received message using the cryptographic key. In another embodiment, any number of alteration algorithms are held by the client and server along with an algorithm identifier that identifies which algorithm to be used for a particular transmission.
REFERENCES:
patent: 5606609 (1997-02-01), Houser et al.
patent: 5889861 (1999-03-01), Ohashi et al.
patent: 6105133 (2000-08-01), Fielder et al.
Beyer Weaver & Thomas LLP
Smithers Matthew
LandOfFree
Computing device communication with replay protection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computing device communication with replay protection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computing device communication with replay protection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3165374