摘要 |
A system and method for authenticating a client application to a service. During registration, an application requesting access to a service receives a service identifier, which can be authenticated. The application can generate and send to the service an application-service key, based upon the authenticated identifier and a secret application key, a service-application identifier based upon the authenticated service identifier and an application identifier, and a registration nonce, all of which can be stored at the server. During authentication, the client sends the application-service identifier to the service, which the server can use to lookup the stored registration data. The server sends the registration nonce to the client, which can compute a proof of possession of the service-application key and send to the server. The server can compute its own version of the key, which is compared with the received key for authentication purposes. |