| 摘要 |
An apparatus, system, and method to provide an initial and an on-going authentication mechanism with which two executable entities may unilaterally or bilaterally authenticate the identity, origin, and integrity of each other. In one instance, the authentication mechanisms are implemented within a dynamically loaded, modular, cryptographic system. The initial authentication mechanism may include digitally signed challenge and possibly encrypted response constructs that are alternately passed between the authenticating and authenticated executable entities. A chain of certificates signed and verified with the use of asymmetric key pairs may also be part of the initial authentication mechanism. Representative asymmetric key pairs include a run-time key pair, a per-instance key pair, and a certifying authority master key pair. The on-going authentication mechanism may include a nonce variable having a state associated therewith. The state may be both time and incidence varying and may be combined in an obfuscating or encrypted manner into data passed between the executable entities. The initial and ongoing authentication mechanisms may have instances implemented without the use of export-regulated cryptography.
|
