摘要 |
The inventation relates to a method for setting up a secure session between a first entity and a second entity. In an embodiment, the first entity is a user authentication device and the second entity is an application running on a platform. The method comprisesgenerating a first random number. Auser enters a first string, derived from said number, into the second entity. Further, the method includes applying a one-way function to the first string or to a derivative thereof, obtaining an encoded string. The method also comprises transmitting the encoded string to an intermediate node that is in connection to the first entity and the second entity. Further, the method comprise the step of sharing a second random number with the second entity. The method also comprises a step of deriving a secret key from the first and the second string. |