Entity authentication using public key cryptography

Extends and clarifies ISO 9798 entity authentication standard

Signed challenge/response protocol:

Server sends server nonce SN

Client generates client nonce CN

Client signs SN and CN and returns to server

Server verifies signature on the data

Mutual authentication uses a three-pass protocol

Server sends client signed SC as final step

Inclusion of CN prevents the previous chosen-protocol attacks

Vulnerable to other attacks unless special precautions are taken

https://www.bestitdocuments.com/Samples