FIPS PUB 196 ENTITY AUTHENTICATION USING PUBLIC KEY CRYPTOGRAPHY

部分原文

3.3 Mutual authentication protocol

The following mutual entity authentication protocol is based on Section 522. “Three pass
authentication”, ofISO/IEC 9798-3. Certain authentication token fields and protocol steps are
specified in greater detail in this section than in ISO/IEC 9798-3. Either entity may choose to
terminate the authentication exchange at any time. Figure 2 illustrates this exchange
The authentication protocol refers to entities A and B as “initiator” and “responder”. This
differs from terminology used to describe unilateral authentication in Section 3.2. because each
entity acts as both a claimant and a verifier in die protocol below.
It is important to note that the success of an entity’s authentication, according to this standard,
is not dependent on die information contained in the text fields. As described in Section 2.1. the
authentication of an entity depends on two things: (1) the verification of the claimant’s binding
with its key pair, and (2) the verification ofthe claimant’s digital signature on the random number
challenge. How text field information is used once an entity’s authenticity is verified is beyond
the scope of this standard.

Mutual entity authentication occurs as follows:

符号说明在下方

符号说明