[ Crypto ] Simple Authentication Procedure

The Simple Authentication Procedure.



Notation：
t：time stamp.
r：random number.
ID：identifier of Client.
PW：a password of client.
h(X)：a one-way hash function
α, α'：two secure one-way hash functions.

Authentication Process：

Client->Server：t, r, ID, α
1) Generate t
2) Generate r
3) Compute α=h(t, r, ID,PW)

Server->Client：accept/reject
1) Compute α'=h(t, r, ID,PW)
2) Verify α' and α
3) Verify t

PW has been pre-stored in Server database. If α' is equal to α authentication is passed. The time stamp can be avoided reply attack, It is record client sent time.