Server-client secret generation with cached data
First Claim
1. A method to generate shared secrets between a server and a client, the method comprising:
- transmitting, by the server, a plurality of encrypted secrets corresponding to a plurality of data blocks to the client, the plurality of encrypted secrets generated by encryption of each secret with a respective data block in the plurality of data blocks;
recovering, by the client, a first subset of secrets from the plurality of encrypted secrets, wherein the first subset of secrets corresponds to a first subset of data blocks including data cached at the client for application acceleration, and the first subset of data blocks is a subset of the plurality of data blocks;
encrypting a message at the client by use of the first subset of secrets;
transmitting, by the client, the message to the server;
recovering, by the server, the message by use of a second subset of secrets from the plurality of encrypted secrets, wherein the second subset of secrets corresponds to a second subset of data blocks known by the server to be previously stored at the client and the second subset of data blocks is a subset of the plurality of data blocks; and
evaluating, by the server, a security status of the client and a security status of a connection between the server and the client in response to detecting one of;
a change in contents of the data cached at the client when the client has been connected to the server, a lack of change in the contents of the data cached at the client when the client has been disconnected from the server for a period of time, and a security response that contains decryptions of encrypted secrets serving as decoys.
5 Assignments
0 Petitions
Accused Products
Abstract
Technologies are provided for shared secret generation between a server and a client using cached data. In some examples, a server may send a number of encrypted secrets to a client that caches a number of data blocks previously provided by the server. Each of the encrypted secrets may be encrypted using a data block that may or may not be cached at the client. The client may then identify the encrypted secrets that correspond to data blocks in its cache and use those data blocks to recover those secrets. The client may then encrypt a message for the server using the recovered secrets. Upon reception of the message, the server may then recover the message using its knowledge of the data blocks cached at the client.
11 Citations
19 Claims
-
1. A method to generate shared secrets between a server and a client, the method comprising:
-
transmitting, by the server, a plurality of encrypted secrets corresponding to a plurality of data blocks to the client, the plurality of encrypted secrets generated by encryption of each secret with a respective data block in the plurality of data blocks; recovering, by the client, a first subset of secrets from the plurality of encrypted secrets, wherein the first subset of secrets corresponds to a first subset of data blocks including data cached at the client for application acceleration, and the first subset of data blocks is a subset of the plurality of data blocks; encrypting a message at the client by use of the first subset of secrets; transmitting, by the client, the message to the server; recovering, by the server, the message by use of a second subset of secrets from the plurality of encrypted secrets, wherein the second subset of secrets corresponds to a second subset of data blocks known by the server to be previously stored at the client and the second subset of data blocks is a subset of the plurality of data blocks; and evaluating, by the server, a security status of the client and a security status of a connection between the server and the client in response to detecting one of;
a change in contents of the data cached at the client when the client has been connected to the server, a lack of change in the contents of the data cached at the client when the client has been disconnected from the server for a period of time, and a security response that contains decryptions of encrypted secrets serving as decoys. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A server configured to generate shared secrets with a client, the server comprising:
-
a memory configured to store instructions and a plurality of data blocks; and a processing module configured to; generate a plurality of encrypted secrets corresponding to the plurality of data blocks by encryption of each secret in a plurality of secrets by use of a respective data block in the plurality of data blocks; transmit the plurality of encrypted secrets to the client; receive, from the client, a message encrypted by use of at least one secret from the plurality of encrypted secrets and an indication of a number of secrets from the plurality of encrypted secrets used to encrypt the message; and recover the message by iteratively using combinations and permutations of a first subset of secrets from the encrypted plurality of secrets to decrypt the message, wherein the first subset of secrets corresponds to a first subset of data blocks known by the server to be previously stored at the client that includes data cached at the client for application acceleration, and the first subset of data blocks is a subset of the plurality of data blocks, and wherein the number of secrets indicated by the client is employed to reduce a number of the combinations and permutations attempted in order to recover the message. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A client configured to generate shared secrets with a server, the client comprising:
-
a memory configured to store instructions and a first subset of data blocks that includes data cached at the client for acceleration of a web application, wherein the first subset of data blocks is a subset of a plurality of data blocks; and a processing module configured to; receive, from the server, a plurality of encrypted secrets corresponding to the plurality of data blocks; recover a first subset of secrets from the plurality of encrypted secrets, wherein the first subset of secrets corresponds to the first subset of data blocks; encrypt a message by use of the first subset of secrets; transmit the message to the server; and in response to one of a conclusion or a pause of a session of the web application, indicate the memory as available although the memory still comprises the first subset of data blocks that includes the data cached at the client for the acceleration of the web application in order to prevent the first subset of data blocks from consuming visible amounts of the memory and impacting other systems or applications operating on the client. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification