Abstract
Cryptographic protocols for key establishment normally include some means to allow participants to ensure that a key is new and not replayed from an old protocol run. When the key is generated by a mutually trusted server this is usually achieved by sending with the key a quantity known to be new. A different general method for achieving freshness in this context is proposed. A number of specific example protocols are given which have some practical advantages over previous published protocols.