| 摘要 |
<p>A method to allow a user to authenticate himself on a server of which he does not know the domain name makes use of an authentication protocol which combines shared secret techniques with asymmetric techniques. A secure remote password can be used for a user (10) to authenticate to a server (12) using his secret password together with the hybrid protocol, SRP. The user (10) then authenticates a server (12) using the hybrid protocol. At the same time, the user signs one of the messages relayed to the server (12) using a public key. This server (12) then issues the user a name certificate, which contains the public key of the subject, the name being conferred on the subject in various administrative fields such as serial number, validity period etc. Subsequently, the user (10) can authenticate himself to the server using the name certificate only using standard PKI techniques. <IMAGE></p> |
