Authenticated Key Agreement Phase Sample Clauses

Authenticated Key Agreement Phase. After the successful login with TS, all three participants communicate for the secure key agreement with privacy preserved. Figure 4 shows the steps of it and the detailed processes are as follows.  Step 1: After TS receives the message <XA, YA, CA-TS>, it computes XXX’ = YAXOR ê(d, XA) and decrypts CA- TS using KA-TS to withdraw MA and IDB. Then, TS computes VA’ = H(IDTS||XXX||d) and MA’=H(VA’||XXX’||IDB) and checks whether MA’ equals to MA. If not, TS stops the request. Otherwise, TS chooses a random number RTS and computes NTS = H(IDTS||IDB||RTS), G= NTSXOR H(XXX||IDB) and CTS- B= KB-TS(XXX||NTS||G). Then, TS sends the message <XA, CTS-B> to B.  Step 2: Upon receiving<XA, CTS-B> from TS, B decrypts CTS-Busing KB-TS to withdraw XXX, NTS and G. After that, B computes G’ = NTSXOR H(IDB||XXX) and checks if G’ equals to G. If not, this session is aborted.  Step 3: Otherwise, B chooses a random number RB and computes XB = ê(RB, P), ZB = ê(RB, XA), VB’ = V3 XOR WB’, SKB=H(ZB||XXX||IDB), S=H(SKB||XXX||IDB),MB = H(VB’||XXX||IDB||KB-TS), and request. Otherwise, TS computes CTS-A= KA-TS(S ||XXX||IDB), and sends the message < CTS-A, XB > to A.  Step 5: Upon receiving < CTS-A, XB > from TS, A decrypts CTS-A using KA-TS to withdraw S, XXX and IDB. After that, A computes ZA = ê(RA, XB), SKA = H(ZA||XXX||IDB) and S’=H(SKA||XXX||IDB) and checks if S’ equals to S. If not, the session is terminated. After the successful authenticated key agreement phase, the agreed session key (SKA=SKB) could be used to provide confidentiality on the prescription. It means that B could send an encrypted prescription message based on the symmetric key cryptosystem using SKB to A via TS. Then, A could decrypt the message using SKA and perform necessary processes for health treatment.

Authenticated Key Agreement Phase. This phase is to establish a secure session key between two mobile devices, UA and UB, by helping of AuC after the authentication. AuC needs to be involved in this phase because UA and UB could not believe each other due to no credibility between them. The phase shown in Fig. 3 is performed as follows • [AP 1] UA→UB UA inputs XXX and PWA, generates a random number a and computes YA as in (4), RA as in (5), CIDA as in (6) and MACA as in (7). After that, UA sends {RA, CIDA, MACA} to UB. YÆ = Va⊕h(PWÆ||rÆ) (4) RÆ = ga (5) CIDÆ = IDÆ⊕(PUÆuC )a (6) MACÆ = h(YÆ||RÆ||IDÆ) (7) • [AP 2] UB→AuC UB inputs IDB and PWB, generates a random number b and computes YB as in (8), RB as in (9), CIDB as in (10) and MACB as in (11). After that, UB sends {RB, CIDB, MACB, RA, CIDA, MACA } to AuC. YB = VB ⊕h(PWB||rB) (8) RB = gb (9) CIDB = IDB⊕(PUÆuC )b (10)

Authenticated Key Agreement Phase. Fig.5 illustrates authenticated key agree- ment phase. The steps are performed as follows. Step 1 If U wishes to establish a session key with Sj , he/her inputs the smart card into a card reader, opens the login application software, and imprints biometric B∗ at the sensor. Then the biometrics authentication process of smart card compares the newly captured B∗ with the stored B. If d(B∗, B) ≥ τ , that means U will get a connection refused response. If d(B∗, B) < τ , that means U will get a connection accepted re- sponse. Then U will get a connection accepted response. Then U inputs his/her pass- word PWU , and the card reader extracts RU by computing ZU ⊕h (PWU ||B). Then U chooses a random integer number a, computes KUR = TaTk(x), C1 = EKUR (IDU ||IDSj ||RU ). Af- ter that, U sends {Ta(x), IDU , C1} to Sj. Step 2 Upon receiving {Ta(x), IDU , C1}, Sj computes RSj = SSj ⊕ h(IDSj ), and chooses a random integer number b, computes KSj R = TbTk(x), C2 = EKS R (IDSj ||IDU ||RSj ). Then Sj sends {Ta(x), IDU , C1, Tb(x), IDSj , C2} to RC . Step 3 Upon receiving {Ta(x), IDU , C1, Tb(x), IDSj , C2}, RC computes KRU = TkTa(x) , KRSj = TkTb(x) ,and then decrypts C1, C2 as follows:DKRU (C1) = {IDU , IDSj , RU }, DKRSj