Trying to get some feedback on this authentication/encryption protocol

I posted a question regarding a protocol I'm considering for an online
game. I've had some feedback, but not enough to feel decided if I
should use it or dismiss it. I hope I can get more feedback here.

My apologies if this is a bit long:

= Participants =
- Client
- Login Server, with user registry. Shares a secret symmetric key (K)
with each of the Game Servers.
- 1 or more Game Servers, shares a secret symmetric key with the Login

= Registration =
1. Client sends a registration request using HTTPS to the login server
with some login information.
2. Login server registers user and returns a unique (but random) Login
Server login token (T) in the response.

= Login to Login Server =

1. Client sends T using HTTPS to the login server.
2. The login server generates a random session key (S) and a timestamp
3. The login server encrypts user-id + Ts + S + nonce with the
symmetric key shared with the game server (E), it also creates a
digest (D) from user-id + timestamp + S.
4. The login server sends S + Ts + D + E + IP to game server to the
client as the response.

Note: There is some caching, so repeated requests within a certain
time will yield the same (E) from the server.

= Login to Game Server =
1. The client creates a random number R and encrypts it using S (C),
it also creates a digest of R (Dr)
2. The client sends E + D + C + Dr to the game server.
3. The Game Server decrypts E using K
4. The Game Server verifies that a digest of the decrypted data
matches D.
5. The Game Server checks Ts (we can assume the time of the servers
are well synchronized)
6. The Game Server decrypts C to R, then creates a digest and test
that against Dr
7. The Game Server performs similar steps as the client in (1),
creating C2 and Dr2.
8. The Game Server sends C2 + Dr2 to the client.
9. The client verifies that the decrypted C2 and Dr2 matches.
10. Encrypted communication starts using S.

Note: If Ts indicates that the session is expired in step 5, the
client is sent a response indicating it should connect to the login
server for new login credentials.

Are there any obvious issues/weaknesses with this protocol?


Relevant Pages

    ... With Tier3 applications, you choose the default user name that execution ... server processes will be created under. ... without privileges) to assume the persona/rights/privileges of the client on ... if you left the "Login Confirmation" checkbox ...
  • Re: Applet Consideration
    ... > the client applet to connect to the server. ... everything is sent as String. ... >> I made it so the client has absolutely no knowledge that the db exists. ... Each thread must be initialized by a login. ...
  • Re: Secure single sign on/automatic login?
    ... then checks the checkbox to automatically login. ... The client sends the login details to the webserver, ... I use the static value and the challenged recieved from the server to ... I want to achive authentication as described above. ...
  • Re: No username prompt SSHD
    ... it is the client side. ... The client takes the current user and passes that to the server as the ... To override this you must supply a username to the client in one of two ways: ... $ ssh -l login serveur ...
  • Re: XP Client Cant Log In To Server After Initial Setup
    ... and password but trying to login locally, ... I logged onto one of the client ... > see various folders on the Server. ... >> User are selected, together with the proper Computer, the client system ...