| 摘要 |
<p>A cryptogram-key distribution system is provided with node-A, node-B, and an authentication server (S). The authentication server (S) generates a session key, upon receiving a first nonce generated by node-A and a second nonce generated by node-B. The authentication server (S) transmits, to node-A, the value of a first-message authentication code, and a first cryptogram that was obtained by encrypting the first nonce, the session key, and first additional information, using a first secret key. The authentication server (S) transmits, to node-B, the value of a second-message authentication code, and a second cryptogram that was obtained by encrypting the second nonce, the session key, and second additional information, using a second secret key. Node-A obtains the session key and the first additional information, by decrypting the first cryptogram using the first secret key, and also authenticates the session key using the value of the first-message authentication code. Node-B obtains the session key and the second additional information, by decrypting the second cryptogram using the second secret key, and also authenticates the session key using the value of the second-message authentication code.</p> |
