Enabling stateless server-based pre-shared secrets
First Claim
1. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:
- based on a first local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;
receiving the first encrypted information from the first client at a first time;
based on the first local key, validating an authentication code received with the first encrypted information and decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;
receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;
deriving a second derived key from a shared secret key that was included in the first decrypted information; and
based on the second derived key, further protecting an ensuing conversation between the first client and the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client'"'"'s state information. The client'"'"'s state information may include, for example, the client'"'"'s authentication credentials, the client'"'"'s authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client'"'"'s state information. When the server needs the client'"'"'s state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client'"'"'s own state information in encrypted form, the server does not need to store any client'"'"'s state information permanently.
62 Citations
29 Claims
-
1. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:
-
based on a first local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;
receiving the first encrypted information from the first client at a first time;
based on the first local key, validating an authentication code received with the first encrypted information and decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;
receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;
deriving a second derived key from a shared secret key that was included in the first decrypted information; and
based on the second derived key, further protecting an ensuing conversation between the first client and the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:
-
selecting a local key from among a plurality of keys that are not known to a client, wherein each key in the plurality of keys is associated with a different index value;
calculating a first authentication code based on client encrypted state information, the server'"'"'s identity, and the local key, wherein the client state information includes both a shared secret key and a value that uniquely identifies the client;
based on the local key, encrypting the client state information and a first lifetime value and grouping an encrypted result with the authentication code thereby producing encrypted information;
sending, to the client, both the encrypted information and a particular index value that is associated with the local key;
receiving the encrypted information and the particular index value;
based on a particular key that is associated with the particular index value for the server'"'"'s identity, decrypting the received encrypted information, thereby producing decrypted information;
calculating a second authentication code based on both the particular key, the server'"'"'s identity and client encrypted state information that was included in the decrypted information;
determining whether the second authentication code matches an authentication code that was included in the decrypted information;
determining, based on both a current time value and a lifetime value that was included in the decrypted information, whether the client state information has expired;
receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
deriving a second derived key from a shared secret key that was included in the first decrypted information; and
based on the second derived key, further protecting an ensuing conversation between the client and the server.
-
-
12. A method of storing client state on a client, the method comprising the computer-implemented steps of:
-
securely storing encrypted client state information that was generated by encrypting, based on a local key, a server'"'"'s identity and client state information that includes a shared secret key;
sending the encrypted client information to a first server that stores the local key; and
sending the same encrypted client information to a second server that stores the local key;
wherein the second server differs from the first server but is identified by the same server identity. - View Dependent Claims (13)
-
-
14. A method of storing client state on a client, the method comprising the computer-implemented steps of:
-
securely storing encrypted client state information that was generated by encrypting, based on a local key, a server'"'"'s identity and client state information that includes a shared secret key;
sending the encrypted client information to a first server that stores the local key, wherein the local key is identified by the first server'"'"'s identity; and
sending the encrypted client information to a second server that stores the local key, wherein the local key is identified by the second server'"'"'s identity;
wherein the second server differs from the first server, and wherein the second server is uniquely identified by a server identity. - View Dependent Claims (15)
-
-
16. A method of receiving client state from a client, the method comprising the computer-implemented steps of:
-
based on a local key that is not known to a client, encrypting client state information to produce encrypted information, wherein the client state information includes a shared secret key;
receiving, from the client, a Transport Security Layer (TLS) Handshake Protocol extended ClientHello message that contains the encrypted information in an extension data field of the message; and
based on the local key, decrypting the encrypted information that was received from the client, thereby producing decrypted information that includes the shared 11 secret key.
-
-
17. A computer-readable medium carrying one or more sequences of instructions for avoiding the storage of client state on a server, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
based on a local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;
receiving the first encrypted information from the first client at a first time;
based on the local key, decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;
receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;
deriving a second derived key from a shared secret key that was included in the first decrypted information; and
based on the second derived key, further protecting an ensuing conversation between the client and the server. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for avoiding the storage of client state on a server, comprising:
-
means for encrypting, based on a local key that is not known to a client, client state information to produce encrypted information, wherein the client state information includes a shared secret key;
means for receiving the encrypted information from the client;
means for decrypting, based on the local key, the encrypted information that was received from the client, thereby producing decrypted information;
means for receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
means for deriving a second derived key from a shared secret key that was included in the decrypted information; and
means for decrypting, based on the second derived key, the message.
-
-
29. An apparatus for avoiding the storage of client state on a server, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
a processor, one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
computing the server'"'"'s identity;
encrypting, based on a local key that is not known to a client, client state information to produce encrypted information, wherein the client state information includes a shared secret key;
receiving the encrypted information from the client;
decrypting, based on the local key, the encrypted information that was received from the client, thereby producing decrypted information;
receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
deriving a second derived key from a shared secret key that was included in the decrypted information; and
based on the second derived key, further protecting an ensuing conversation between the client and the server.
-
Specification