PROTOCOL AND METHOD FOR CLIENT-SERVER MUTUAL AUTHENTICATION USING EVENT-BASED OTP,申请号CA20072590989-传众专利搜索

PROTOCOL AND METHOD FOR CLIENT-SERVER MUTUAL AUTHENTICATION USING EVENT-BASED OTP

申请公布号：CA2590989(A1)

申请号：CA20072590989

申请日期：2007.06.05

申请公布日期：2008.12.05

申请人：

DIVERSINET CORP.

发明人：TESLENKO, KONSTANTIN;MACHANI, SALAH E.

分类号：H04L9/32;H04L9/14

主分类号：H04L9/32

摘要：<p>The invention consists of a method of authenticating and encrypting a client - server communication, comprising the steps of: a) generating a first one-time password (OTP1) and a second one-time password (OTP2) from a cryptographic token; b) generating an encryption key (K_ENC) and a MAC key (K_MAC) based on OTP2; c) preparing and protecting the client data using K_ENC and K_MAC; d) sending a request messa ge from the client to the server, the request message containing the protected clien t data, a cryptographic token identifier (TID) and OTP1; e) validating OTP1 at the server, and generating OTP2 at the server upon successful validation; f) deriving K_ENC and K_MAC from OTP2 at the server; g) processing the request message and generating result data h) encrypting the result data using K_ENC and creating a digest using K_MAC; i) sending the encrypted result data to the client; and i) decrypting the result data at the client using K ENC and verifying the authenticity of the result data using K_MAC.</p>