System and method for a single request—single response protocol with mutual replay attack protection

摘要

Various embodiments of a system and method for a single request-single response protocol with mutual replay attack protection are described. Embodiments include a system that receives multiple single request messages, each of which include a respective nonce, timestamp, and digital signature. The system may create a record of previously received nonces that, at any given time, may include multiple message nonces received within a valid period of time prior to that given time. To validate a given single request message, the system verifies the digital signature of the message, determines that the timestamp of the message indicates a time within the valid period of time prior to the current time, and determines that the nonce of the message is not present within the record of previously received nonces. The system sends a single response message that includes the same nonce as the validated message.

主权项

1. A computer-implemented method, comprising:
receiving, at a server system, a request message comprising a nonce, a timestamp based on a time at which the request message was generated, and a digital signature of the request message; accessing a record of previously received nonces; modifying the record to remove one or more of the previously received nonces corresponding to messages that were received outside of a valid period of time; and validating the request message by at least verifying the digital signature of the request message, determining that the timestamp of the request message is within the valid period of time, and determining that the nonce of the request message is not included in the modified record of previously received nonces.