摘要 |
A system and method for establishing a mutual entity authentication and a shared secret between two devices using displayed values on each device. Unique first private keys and first public keys are assigned to both devices. The public keys are exchanged between the two devices. Both devices compute a shared secret from their own private keys and the received public keys. Both devices compute, exchange, and verify their key authentication codes of the shared secret. If verification is successful, both devices use the shared secret to generate a displayed value. One or more users compare the displayed values and provide an indication to the devices verifying whether the displays match. If the displays match, then the devices compute a shared master key, which is used either directly or via a later-generated session key for securing message communications between the two devices.
|