| 摘要 |
Methods and systems for secure channel initialization transaction security between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: choosing a random client ephemeral private key at a client network element; utilizing the client ephemeral private key and the shared secret to create a client ephemeral public key at the client network element; forwarding the client ephemeral public key in a channel initialization request to a server network element; selecting a random server ephemeral private key at the server network element; using the server ephemeral private key and the shared secret to create a server ephemeral public key at the server network element; creating a high entropy shared secret based on the client ephemeral public key and the server ephemeral private key; creating a message authentication code 'MAC' and encrypting a payload with the high-entropy shared secret; sending the encrypted payload and the server ephemeral public key to the client network element; utilizing the server ephemeral public key and the client ephemeral private key to derive the high-entropy shared secret; and decrypting the payload and verifying the MAC with the high-entropy shared secret.
|
