Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks

摘要

A method is described for substantially concurrently performing entity authentication operations and short-lived secret key distribution operations over an insecure communication channel between communication partners, wherein authenticity of communication partners is determined by possession of the long-lived shared secret key. The method includes a number of steps. Data flows are exchanged between the communication partners to define a composite key. At least a portion of the data flows have been encrypted or otherwise masked in a manner which utilizes the long-lived shared secret key. At least one authentication tag is passed between communication partners over the communication channel. The at least one authentication tag is based at least partially upon the composite key. The authentication tag is utilized to determine the authenticity of at least one communication partner.