摘要 |
A method and a system for exchanging a key among three-party using a smart card and a recording medium thereof are provided to improve the security by performing an authentication and key exchange between a client and a client without exposing session key information, which is exchanged between the clients, to a server. A method for exchanging a key among three-party using a smart card includes the steps of: selecting a first random number and a second random number as a predetermined random number at a smart card of a source client, transmitting an encryption sentence having the second random number to a server, and transmitting the encryption sentence having the first random number to a target client(310); transmitting the encryption sentence having the second random number to the target client(320); selecting third and fourth random numbers as a predetermined random number in the smart card of the target client, decoding the encryption sentence having the second random number, calculating the second random number, calculating a session key using the second and fourth random numbers(330), and transmitting the encryption sentence having the third and fourth random numbers to the source client(340); and decoding the encryption sentence having the third and fourth random numbers in the smart card of the source client, calculating the session key using the second and fourth random numbers, and sharing the session key(350).
|