| 摘要 |
A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider. |
