| 摘要 |
Terminals <B>11</B> and <B>12</B> wish to establish a secure channel between them. Channel setup utilises security apparatus comprising session management servers <B>21,22</B> and/or public key certifying authority <B>30</B> all of which are connected by secure links. Initially terminals <B>11,12</B> establish secure links with session managers <B>21,22</B> using authentication and/or key exchange. They then establish a direct secure channel by transferring key information, possibly public keys, via these secure links and the security apparatus. These setup messages include information about the level of security on each link they traverse (eg whether encryption, authentication, signing were used) in its header. Thus a message arriving at a terminal will include a list of security information about every link it passed through. This information can then be used to decide whether to accept the establishment of the direct secure channel. |
