Abstract: A communication system including a first device (1a, 1a?) and a second device (1b, 1b?). The first device (1a, 1a?) comprises a memory storing first-device-specific identification data and the second device (1b, 1b?) comprises a memory storing second-device-specific identification data. The first device (1a, 1a?) is configured to receive a copy of the second-device-specific identification data and to store the copy in the memory of the first device (1a, 1a?) and the second device (1b, 1b?) is configured to receive a copy of the first-device-specific identification data and to store the copy in the memory of the second device (1b, 1b?). The first device (1a, 1a?) is configured to derive a first encryption key from the first-device-specific identification data and the received copy of the second-device-specific identification data.

Abstract: First and second devices store respective device data and private keys. The first-device data is additionally stored by the second device and by a proxy; and the second-device data is additionally stored by the first device and by the proxy. In a commitment phase, each of the first and second devices uses its respective device data, private key and a random nonce to generate a one-time first-device commitment value, which it sends to the proxy. In a checking phase, the devices communicate secret-key information to the proxy, which verifies the received one-time commitment values. In a digest phase, the proxy calculates a one-time digest, which it sends to the second device. The second device (101) then verifies the received one-time digest to authenticate the first device.