本文档规定了跨域基于密码的认证密钥交换机制，所有这些机制都是基于四方密码的认证密钥交换（4PAKE）协议。这种协议允许两个通信实体仅使用它们与各自的域身份验证服务器共享的登录密码来建立共享会话密钥。认证服务器被认为是标准公钥基础设施（PKI）的一部分，充当临时认证机构（CA），认证用户随后可以用来交换和同意作为会话密钥的密钥材料。购买本文件时可获得的所有当前修订均包含在购买本文件中。

This document specifies mechanisms for cross-domain password-based authenticated key exchange, all of which are four-party password-based authenticated key exchange (4PAKE) protocols. Such protocols let two communicating entities establish a shared session key using just the login passwords that they share with their respective domain authentication servers. The authentication servers, assumed to be part of a standard public key infrastructure (PKI), act as ephemeral certification authorities (CAs) that certify key materials that the users can subsequently use to exchange and agree on as a session key.All current amendments available at time of purchase are included with the purchase of this document.