SAC Authentication Protocol
The secure authenticated channel interface in Windows Media Device Manager provides two-way challenge-response authentication based on digital certificates. Parameter encryption is performed using the Data Encryption Standard (DES).
In the authentication process, four messages must be passed between the calling component and the called component. In the following descriptions, A is the calling component and B is the called component. Most of these messages contain more than one item.
Message 1, A sends to B:
- A random message generated by component A.
Message 2, B sends to A:
- A random message generated by component B.
- The digital signature, using the private key of component B, of the combined random messages from A and B.
- The certificate of component B.
Message 3, A sends to B:
- The digital signature, using the private key of component A, of the combined random messages.
- The certificate of component A.
Message 4, B sends to A:
- The digital signature, using the private key of component B, of a random session key generated by component B.
- The same session key encrypted with the public key of component A.
© 1999 Microsoft Corporation. All rights reserved.
