The protocol can be specified as follows in security protocol notation, where Alice is authenticating herself to Bob using a server S:
One problem with this protocol is that A and B do not know if each other have a copy of the key. Another problem is that although the server tells B that A used a nonce, B doesn't know if this was a replay of an old message.
See also: Kerberos, Otway-Rees, Wide Mouth Frog.