In the prior art, several references respectively illustrate protocols for forming composite keys among cryptographically communicating nodes. Further, they discuss authentication as a process independent of the establishment of session keys. These references include Ehrsam et al, U.S. Pat. No. 4,227,253, "Cryptographic Communication Security for Multiple Doman Networks", issued Oct. 7, 1980; Matyas et al, U.S. Pat. No. 4,218,738, "Method for Authenticating the Identity of a User of an Information System", issued Aug. 19, 1980; and Meyer and Matyas, "Cryptography--New Dimension in Computer Data Security", John Wiley & Sons, pp. 293-299, 343-347, and 679-683, 1982.
It is an aim of cryptography to transform plain text messages into ciphered text that can withstand intense cryptanalysis. Relatedly, encipherment and decipherment reference that set of one-to-one and onto transformations which respectively map a set of plain text strings into a set of cryptographic strings and vice versa. Alternatively, a feedback arrangement may be constructed upon a cryptographic transformation, yielding a pseudorandom bit stream generator, and the output of such a generator may be exclusively OR'ed with a clear text datastream to produce a ciphered datastream.
A key identifies the specific mapping function. Typically, the key used by a sending node in selecting the function for converting plain text to ciphered text would be the same as the key used by a receiving node in selecting the function for converting from ciphered text to plain text. Such is not a limitation but merely a convenience. Relatedly, each node would possess those keys of the other nodes from which ciphered traffic was to be expected.
One method for penetrating even a cryptographically secure system is to record the cryptographic traffic used to access a target node and subsequently inject the playback into a path to said target node. One defense is to secure the change of the encrypting/decrypting keys from session to session. Of course, such measures would not foil an unauthorized source in possession of the keys from accessing the target node. Thus, "authentication" may be considered to be a process which proves that someone or something is valid or genuine. Among the methods described by Meyer and Matyas is the use of a session key formed as a function of information independently furnished by each of the participating nodes. For example, if a pair of nodes exchanged encrypted random numbers and combined the received number with its locally generated number, they both could compute the same session key. Such a composite key would not permit key reconstruction by wiretap and playback of an encrypted random number in the designated node at a later time.
The Ehrsam patent describes and claims one form of session key protocol in which an intermediate encryption mechanism (cross-domain keys) is used for exchanging session key information between nodes on one hand and protecting the identity of the node master keys on the other. The Matyas patent involves a node sending a pattern to a terminal requiring the terminal to modify the pattern and remit its modification back to the host to permit a comparison match.