Preventing replay attacks without user involvement. A method according to
one embodiment of the invention includes recording a serial number that
was verified following a previous request to access a resource, and later
receiving a request to access the resource. A serial number is acquired
from the source of the request and then updated by increasing its value.
The updated serial number is verified by comparing it with the recorded
serial number, and access to the resource is granted only if the value of
the updated serial number exceeds the value of the recorded serial