| 摘要 |
<p>A protocol (i.e. method) and corresponding apparatuses for calculating a session key. Two peers with knowledge of a common Diffie-Hellman permanent key, K<SUB>perrn</SUB>, and the identity and public key of the other peer. A first peer chooses a first ephemeral private key x and calculates the first corresponding ephemeral public key g<SUP>x</SUP>, which is sent to the second peer. The second peer calculates a second ephemeral public key g<SUP>y</SUP> in the same manner, and an ephemeral shared key K<SUB>eph</SUB>, hashes g<SUP>y</SUP>, K<SUB>eph</SUB>, K<SUB>perm</SUB>, and its identity, and sends g<SUP>y</SUP> and the hash to the first peer. The first peer calculates K<SUB>eph</SUB>, verifies the hash, and hashes g<SUP>x</SUP>, K<SUB>eph</SUB>, K<SUB>pem</SUB>, and its identity, and sends it to the second peer that verifies this hash. Thereafter, both peers obtain a session key by hashing K<SUB>eph</SUB>. The apparatuses may then use the session key to establish a secure authenticated channel (SAC).</p> |
