摘要 |
A multi-stage login procedure and system involves a first stage in which a login ID and a public key (encrypted) is transmitted from a client computer to a server computer and a key-exchange key (encrypted) is provided from the server computer to the client computer. In a second stage, a first split symmetric key and a server authentication string is generated and encrypted by the client computer and then transmitted to the server computer. In addition, the server computer generates a second split symmetric key and combines the same with the first split symmetric key to obtain a complete symmetric key for encrypting further communications from the server to the client computer. The server also generates a client authentication string, encrypts the same and transmits the encrypted string, the server authentication string (encrypted and incremented) and the second split symmetric key (encrypted) to the client computer. In a third stage, the client computer uses the server authentication string to authenticate the server. In addition, the client computer combines the second split symmetric key with the first split symmetric key to obtain the complete symmetric key for encrypting further communications from the client computer to the server computer. The client computer also decrypts, increments and encrypts the client authentication string and transmits the same to the server. The server then uses the client authentication string (after decryption and decrementation) to authenticate the client computer. Thereafter, the server provides the client computer with a first split symmetric persistent storage key (encrypted), which the client computer combines (after decryption) with a one-way hash value to obtain a persistent storage key for use by the client computer to communication information to and from persistent storage.
|