摘要 |
<p>A two-element authentication system ensuring adequate safety against "Replacement" attacks and "KCI" attacks. In the two-element authentication system, cross-authentication between a terminal of the user and the authenticating device of a server is performed by using a short sequence inputted by the user and secret information relating to record information recorded in the storages of the authenticating devices of the user terminal and the server to establish session keys. Through an initialization processing, record information is created according to the short sequence and recorded in the storages of the authenticating devices. The user terminal performs the authentication protocol by using the short sequence and the record information recorded in the storage, while the authenticating device of the server does the same by using the record information recorded in the storage. Every time the session keys are created, the record information is changed by a secret value updating devices. With this, the safety is adequately ensured.</p> |