| 摘要 |
PROBLEM TO BE SOLVED: To provide a strong and lightweight authentication scheme based on challenge response exchange between two endpoints sharing pre-shared secrecy.SOLUTION: In a security mechanism, key management is integrated with authentication. An endpoint in a system provides mutual authentication by setting pre-shared secrecy during the provisioning, and preparing the database of a client on the server side. The system includes a random number generator for generating a random number (nonce) used only once, and a key generator generating a secret key and a session key. The nonce and key are valid during single session, and useful for providing a safe authentication between sessions. Furthermore, it can be adapted to a datagram transport layer security protocol (DTLS), and is integrated with a limited application layer protocol (CoAP) for a limited device. |
