The present invention relates to an
authenticated key exchange technique, and discloses a three-party
password-based
authenticated key exchange method which is provided with a
privacy protection. The method comprises the following steps: an initialization step, exchanging the reserved information by two
client subscribers which prepare to do
key exchange; a
client initialization stage, ciphering the information respectively by two
client subscribers which prepare to do
key exchange with the respective passwords and sharing passwords in the
server and transmitting to the
server together with the non-ciphered information; a
server procession stage, when the server receives the request information from the client, using an
oblivious transfer mechanism for
processing these information and generating different returning information aiming at each one in two client subscribers, and then respectively transmitting these information to corresponding client subscriber; a client
authorization step, when the client receives the returning information of the server, adopting a mechanism of normal
key exchange for
processing the returned information based on the
password itself in order to generate the seed of the conversation key, and generating the
authorization information with the seed of the conversation key for transmitting to the subscriber of the other side; and a conversation key generating step, if the
authorization information from the subscriber of the other side is authorized, generating the conversation key with the seed of the conversation key. Compared with prior art, the plan not only realizes the three-party
password-based
authenticated key exchange, but also simultaneously and effectively protects the privacy information comprising identity and participation action of the client subscriber which participates the key exchange.