Manualshelf

User's Manual

ManualsBrandsEUTRONSEC ManualsElectronicsUSB Webidentity
21222324252627282930
24
Request for Challenge
Return Challenge
Computer
Server
Get Response
R
e
s
p
o
n
s
e
+
m
a
s
k
e
d
U
s
e
r
-
ID
(1)
(2)
(3)
(
4
)
(5)
Response = AES( challenge, AES-key )
Figure 5.3 – Sequence Challenge/Response for authentication operation
1. In the first phase the client (browser) sends an http request to the web server (get, post).
2. The web server responds to the request by generating a challenge which is sent to the client.
3. The client queries the token by transmitting the challenge sent by the server for generating the response.
4. The token computes the response on board by running: response = AES ( challenge, AES-key )
and then the client sends the server the response + user-id in encrypted format.
5. The server carries out all necessary operations for recalculating the response. As described at figure 5.4 the
server computer the AES key (AES-key) locally by running a hash of the User-Id and then an AES
computation by using the Server Secret as a key. The result, that is the client secret key, is used as a key for
carrying out the AES of the challenge previously sent by the client. The result is the response recalculated by
the server: if it turns out to be identical to the response sent by the client it means that the client is in
possession of a valid token, that is, generated and initialized by the same service and therefore containing the
same Server Secret. From a conceptual point of view, the computation of the client secret key can be
considered as a hashing.