摘要 |
An access-control system includes a counter, and a secure memory location that is configured to contain a parameter that binds the contents of the counter to the data that is being protected. Each time the data is accessed, the counter is incremented and the binding parameter is updated, based on this new count. When a subsequent access is requested, the stored binding parameter is compared to a value corresponding to the binding of the current value of the counter with the data. If either the current value of the counter differs from the count that was used to produce the binding parameter, or the current data differs from the data that was used to produce the binding parameter, the new binding value will not correspond to the stored binding parameter, and access is denied. In this manner, a sequential access to the protected data can be enforced, thereby precluding a replay attack. Note that the data being protected may be data that is used to control access to other protected material, thereby expanding the scope of security protection to this other protected material.
|