found it myself).
1. Reading by the host of information about the token and its cryptogram;
2. The host generates a random number;
3. Cryptogram + random number + initial secret number = request;
4. The request is sent to the token for authentication;
5. The host calculates a new cryptogram and a new session encryption key;
6. The crypto1function is called in the token. The sent random number
(generated by the host) is calculated;
7. The token computes a new request;
8. The token computes a new cryptogram and a new session key;
9. The token compares the request sent by the host with what he got. If
there is a match, then the token declares the host to be authentic;
10. The token writes a new cryptogram over the newly formed request;
11. The host reads the new request and compares the cryptogram from it with the
new cryptogram it generated earlier. If there is a match, then the host recognizes the token as
authentic.