Authentication system and apparatus therefor

Abstract

In the case where a prover A proves the validity of a pretender B to a verifier C, B receives an initial response x' created by A, randomizes it with a random component and sends it as x', and randomizes an inquiry .beta. from C with the random component and sends it as .beta.' to A. A proves, for the received randomized inquiry .beta.', the validity of B by a secret key s randomized with a random number r and then sends it as a proved response z to B. B removes the random component from the proved response z and sends it as A's proof to C for verification. B keeps secret the procedures for randomizing the initial response x' and the inquiry, thereby maintaining secret the correlation between A-B interactions (x', .beta.', z) nand B-C interactions (x', .beta., z'). In the case of proving the validity of a message m of a signature client B to the verifier C by attaching a signature of A to the message m, B receives an initial response x' created by A and randomizes it with a random component to create a randomized response x', creates a randomized inquiry .beta.' containing a random component by use of the randomized response x' and the message m, and sends the randomized inqiury .beta.' to A. A proves, for the randomized inqiury .beta.', its validity by a secret key s randomized with a random number r and then sends it as a proved response z to B. B removes the random component from the proved response z to create a derandomized response z', which is sent to C for verification.