BILATERAL AUTHENTICATION AND ENCRYPTION SYSTEM

摘要

A bilateral system for authenticating remote transceiving stations through use of station identifiers (IDs), and through use of passwords which are used only one time, and thereafter exchanging messages through use of an encrytion key which is changed after each system connection. Upon authentication, each of the stations independently creates a secret session encryption key in response to the other station's unique station identifier that is exchanged over a communication link in cleartext. The station identifiers are used as tags to look up a unique static secret and a unique dynamic secret which are known only by the two stations, but which are not exchanged over the communication link. The secrets are independently combined by a bit-shuffle algorithm, the result of which is applied to a secure hash function to produce a message digest. The secret session encryption key, a one-time password for the originating station, a one-time password for the receiving station, and a pseudo-random change value for updating the dynamic secret are derived from the message digest. The dynamic secret is updated by the pseudo-random change value and a prime constant after each system connection, thus causing the message digest to be updated upon the occurrence of a new system connection. Further, the system IDs also may be altered by a component of the message digest upon the occurrence of a new system connection to provide an additional protection against playback impersonation.