1. Field of the Invention
The present invention concerns a method for generation of a secret session key for cryptographically securing a communication channel between a first communication partner and a second communication partner of the type wherein the first communication partner generates at least a first key parameter, receives at least one second key parameter generated by the second communication partner, and then generates the secret session key using the first key parameter and the second key parameter. The present invention further concerns an arrangement that is suitable for implementation of such a method.
2. Description of the Prior Art
In a communication between two communication partners, it is frequently necessary to protect the exchanged information from access (in particular from viewing) by unauthorized third parties. This is in particular necessary in the exchange of security-relevant information, for example an invoicing information, in order to prevent unauthorized manipulations or attempts at defrauding.
Such security-relevant or accounting-relevant information is exchanged in a number of fields between different communication partners. The communication partners participating in the information exchange normally are data processing devices that are appropriately designed and/or programmed for the communication. For example, in the field of franking machines it is known to exchange billing information over a communication channel between a franking machine and a remote data center. For example, in systems known as prepaid systems, postage can be loaded into the franking machine via such a communication channel. Secret key information that is used for the generation of the franking imprint can likewise be loaded into the franking machine.
In order to secure the communication between two data processing devices from unauthorized access and unauthorized viewing, the information exchange normally ensues encrypted. Techniques known as symmetrical encryption methods (for example DES, Triple DES, AES etc.) or asymmetrical encryption methods (for example RSA, EIGamal etc.) can be used. Due to the lower expenditure for the encryption and decryption of the information, symmetrical encryption methods generally are preferred for most applications for directly cryptographically securing the communication.
These symmetrical encryption methods require that secret information, for example a secret key, be known to both communication partners, the secret information being used for encryption and decryption. In order to avoid having to exchange the key as a whole between the communication partners, an exchange that would itself have to be protected and secured, methods for key generation of the general type described above are known in which key parameters are exchanged via an unsecured communication channel. These key parameters are then used by the respective communication partners in order to generate the secret key. The method is normally designed such that it is practically impossible to derive the secret session key from the exchanged key parameters with typically available computing power. An example of such a known method is the Diffie-Hellman Key Agreement, as described in U.S. Pat. No. 4,956,863.
To still further increase the security of the information exchange, it may be required to generate a new secret session key after a specific time. Generally, however, a new key is generated for each new communication session between the two communication partners.
These known methods may have the advantage of securing the communication between both communication partners by means of encryption using changing secret session keys. However, they exhibit the disadvantage that, as before, they do not protect against what are known as replay attacks, in which one of the two communication partners is simulated by a third party by replaying recorded old messages exchanged between the two communication partners; the third party thus appears to be the other (legitimate) communication partner. The third party in fact cannot directly attain access to security-relevant data, since as before the secret session key is not known to the third party, but the third party can request unsecured services or information from the communication partner that make a combined attack easier for the third party in order to attain access to security-relevant information.