1. Field of Invention
The present invention relates to an information security authentication system, and more particularly to, a symmetric dynamic authentication and key exchange system and a method thereof.
2. Related Art
With popularization of computers, networks and various wireless handheld information devices, lots of information exchange procedures between one person and the other person are completed gradually through computers and networks. However, in order to ensure the mutual confidence level for the both parties and the transfer confidentiality of information in a network in an information exchange procedure, a 3rd party certification authority is provided. After the both parties are authorized to perform certification at the certification authority, and obtain a public key and a private key for encryption/decryption, information transferred between the both parties may be encrypted/decrypted. When the certification authority is invaded, certification data recorded at the certification authority will also be leaked, so that a great quantity of information flows out and is malignantly used. Also, the encryption/decryption keys obtained by the both parties at the certification authority are fixed, and when the transferred information is skimmed, and cracked through a brute force attack method or cracked through a symmetric key algorithm, the transferred information does not have any confidentiality anymore.
Also, a conventional information transfer system is provided with an automatic repeat request fault-tolerant mechanism. Namely, when receiving erroneous transferred information, a receiving end sends repeat request information to a sending end, until the receiving end receives correct transferred information. This manner will place a burden on a network, and may also waste lots of time at the same time.