Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Title:||Entity Authentication Using Public Key Cryptography|
|Published:||February 18, 1997|
|Abstract:||[Withdrawn October 19, 2015] This standard specifies two challenge-response protocols by which entities in a computer system may authenticate their identities to one another. These may be used during session initiation, and at any other time that entity authentication is necessary. Depending on which protocol is implemented, either one or both entities involved may be authenticated. The defined protocols are derived from an international standard for entity authentication based on public key cryptography, which uses digital signatures and random number challenges. Authentication based on public key cryptography has an advantage over many other authentication schemes because no secret information has to be shared by the entities involved in the exchange. A user (claimant) attempting to authenticate oneself must use a private key to digitally sign a random number challenge issued by the verifying entity. This random number is a time variant parameter which is unique to the authentication exchange. If the verifier can successfully verify the signed response using the claimant's public key, then the claimant has been successfully authenticated.|
|Citation:||Federal Inf. Process. Stds. (NIST FIPS) - 196|
|Keywords:||access control, authentication, challenge-response, computer security, cryptographic modules, cryptography, Federal Information Processing Standard (FIPS), telecommunications security|
|Research Areas:||Computer Security, Federal Information Processing Standards|
|PDF version:||Click here to retrieve PDF version of paper (476KB)|