Enabling stateless server-based pre-shared secrets

US 7,346,773 B2
Filed: 01/12/2004
Issued: 03/18/2008
Est. Priority Date: 01/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:

based on a first local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;

receiving the first encrypted information from the first client at a first time;

based on the first local key, validating an authentication code received with the first encrypted information and decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;

receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;

deriving a second derived key from a shared secret key that was included in the first decrypted information; and

based on the second derived key, further protecting an ensuing conversation between the first client and the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client'"'"'s state information. The client'"'"'s state information may include, for example, the client'"'"'s authentication credentials, the client'"'"'s authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client'"'"'s state information. When the server needs the client'"'"'s state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client'"'"'s own state information in encrypted form, the server does not need to store any client'"'"'s state information permanently.

41 Citations

View as Search Results

29 Claims

1. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:
- based on a first local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;
  
  receiving the first encrypted information from the first client at a first time;
  
  based on the first local key, validating an authentication code received with the first encrypted information and decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;
  
  receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;
  
  deriving a second derived key from a shared secret key that was included in the first decrypted information; and
  
  based on the second derived key, further protecting an ensuing conversation between the first client and the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as recited in claim 1, further comprising the steps of:
    - removing the first client state information from server memory before the first time; and
      
      removing the first encrypted information from server memory before the first time.
  - 3. A method as recited in claim 1, further comprising the steps of:
    - before sending the first encrypted information to the first client, calculating a first authentication code based on both the first local key, the server'"'"'s identity, and encrypted client state information; and
      
      before sending the first encrypted information to the first client, encrypting the first client state information and including the authentication code with a result of the encrypting of the first client state information to produce the first encrypted information.
  - 4. A method as recited in claim 3, further comprising the steps of:
    - after decrypting the first encrypted information that was received from the first client, calculating a second authentication code based on both the first local key and encrypted client state information that was included in the first decrypted information; and
      
      determining whether the second authentication code matches an authentication code that was included in the first decrypted information.
  - 5. A method as recited in claim 4, wherein the first client state information includes a value that uniquely identifies the first client.
  - 6. A method as recited in claim 1, further comprising the steps of:
    - before sending the first encrypted information to the first client, encrypting a first lifetime value along with the first client state information to produce the first encrypted information.
  - 7. A method as recited in claim 6, further comprising the steps of:
    - after decrypting the first encrypted information that was received from the first client, determining, based on both a second time value and a lifetime value that was included in the first decrypted information, whether the first client state information has expired.
  - 8. A method as recited in claim 1, further comprising the steps of:
    - selecting the first local key from among a plurality of keys, wherein each key in the plurality of keys is associated with a different index value and the server'"'"'s identity; and
      
      sending, to the first client, an index value that is associated with the first local key.
  - 9. A method as recited in claim 8, further comprising the steps of:
    - receiving, from the first client, the index value that is associated with the first local key and the server'"'"'s identity;
      
      wherein the step of decrypting the first encrypted information comprises the step of decrypting the first encrypted information based on a key that is associated with an index value that was received from the first client.
  - 10. A method as recited in claim 1, wherein a first server performs the step of encrypting the first client state information to produce the first encrypted information, and wherein the method further comprises the steps of:
    - a second server encrypting the first client state information, based on a second local key that is not known to the first client, to produce second encrypted information, wherein the second server differs from the first server, and wherein the second local key differs from the first local key;
      
      the second server receiving the second encrypted information from the first client;
      
      the second server validating an authentication code received with the second encrypted information and decrypting the second encrypted information that was received from the first client, thereby producing second decrypted information;
      
      receiving a second message that has been encrypted based on a third derived key that was derived from the first shared secret key;
      
      deriving a fourth derived key from a shared secret key that was included in the second decrypted information; and
      
      based on the fourth derived key, further protecting an ensuing conversation between the first client and the second server.

11. A method of avoiding the storage of client state on a server, the method comprising the computer-implemented steps of:
- selecting a local key from among a plurality of keys that are not known to a client, wherein each key in the plurality of keys is associated with a different index value;
  
  calculating a first authentication code based on client encrypted state information, the server'"'"'s identity, and the local key, wherein the client state information includes both a shared secret key and a value that uniquely identifies the client;
  
  based on the local key, encrypting the client state information and a first lifetime value and grouping an encrypted result with the authentication code thereby producing encrypted information;
  
  sending, to the client, both the encrypted information and a particular index value that is associated with the local key;
  
  receiving the encrypted information and the particular index value;
  
  based on a particular key that is associated with the particular index value for the server'"'"'s identity, decrypting the received encrypted information, thereby producing decrypted information;
  
  calculating a second authentication code based on both the particular key, the server'"'"'s identity and client encrypted state information that was included in the decrypted information;
  
  determining whether the second authentication code matches an authentication code that was included in the decrypted information;
  
  determining, based on both a current time value and a lifetime value that was included in the decrypted information, whether the client state information has expired;
  
  receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
  
  deriving a second derived key from a shared secret key that was included in the first decrypted information; and
  
  based on the second derived key, further protecting an ensuing conversation between the client and the server.

12. A method of storing client state on a client, the method comprising the computer-implemented steps of:
- securely storing encrypted client state information that was generated by encrypting, based on a local key, a server'"'"'s identity and client state information that includes a shared secret key;
  
  sending the encrypted client information to a first server that stores the local key; and
  
  sending the same encrypted client information to a second server that stores the local key;
  
  wherein the second server differs from the first server but is identified by the same server identity.
- View Dependent Claims (13)
- - 13. A method as recited in claim 12, further comprising the steps of:
    - receiving, from the first server, a message that has been encrypted based on a derived key that was derived from the shared secret key; and
      
      receiving, from the second server, a message that has been encrypted based on a derived key that was derived from the shared secret key.

14. A method of storing client state on a client, the method comprising the computer-implemented steps of:
- securely storing encrypted client state information that was generated by encrypting, based on a local key, a server'"'"'s identity and client state information that includes a shared secret key;
  
  sending the encrypted client information to a first server that stores the local key, wherein the local key is identified by the first server'"'"'s identity; and
  
  sending the encrypted client information to a second server that stores the local key, wherein the local key is identified by the second server'"'"'s identity;
  
  wherein the second server differs from the first server, and wherein the second server is uniquely identified by a server identity.
- View Dependent Claims (15)
- - 15. A method as recited in claim 14, further comprising the steps of:
    - receiving, from the first server, a message that has been encrypted based on a derived key that was derived from the shared secret key; and
      
      receiving, from the second server, a message that has been encrypted based on a derived key that was derived from the shared secret key.

16. A method of receiving client state from a client, the method comprising the computer-implemented steps of:
- based on a local key that is not known to a client, encrypting client state information to produce encrypted information, wherein the client state information includes a shared secret key;
  
  receiving, from the client, a Transport Security Layer (TLS) Handshake Protocol extended ClientHello message that contains the encrypted information in an extension data field of the message; and
  
  based on the local key, decrypting the encrypted information that was received from the client, thereby producing decrypted information that includes the shared secret key.

17. A computer-readable storage medium carrying one or more sequences of instructions for avoiding the storage of client state on a server, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- based on a local key that is not known to a first client, encrypting first client state information to produce first encrypted information, wherein the first client state information includes a first shared secret key;
  
  receiving the first encrypted information from the first client at a first time;
  
  based on the local key, decrypting the first encrypted information that was received from the first client, thereby producing first decrypted information;
  
  receiving a first message that has been encrypted based on a first derived key that was derived from the first shared secret key;
  
  deriving a second derived key from a shared secret key that was included in the first decrypted information; and
  
  based on the second derived key, further protecting an ensuing conversation between the client and the server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - removing the first client state information from memory before the first time; and
      
      removing the first encrypted information from memory before the first time.
  - 19. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - before sending the first encrypted information to the first client, calculating a first code based on both the local key, the server'"'"'s identity and client encrypted state information; and
      
      before sending the first encrypted information to the first client, including the first code along with an encrypted result that includes the first client state information to produce the first encrypted information.
  - 20. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - after decrypting the first encrypted information that was received from the first client, calculating a second authentication code based on the server'"'"'s identity, the local key, and client encrypted state information that was included in the first decrypted information; and
      
      determining whether the second authentication code matches an authentication code that was included in the first decrypted information.
  - 21. A computer-readable storage medium as recited in claim 19, wherein the first client state information includes a value that uniquely identifies the first client.
  - 22. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - before sending the first encrypted information to the first client, encrypting a first lifetime value along with the first client state information to produce the first encrypted information.
  - 23. A computer-readable storage medium as recited in claim 22, further comprising instructions for performing the steps of:
    - after decrypting the first encrypted information that was received from the first client, determining, based on both a second time value and a lifetime value that was included in the first decrypted information, whether the first client state information has expired.
  - 24. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - selecting the local key from among a plurality of keys, wherein each key in the plurality of keys is associated with a different index value; and
      
      sending, to the first client, an index value that is associated with the local key.
  - 25. A computer-readable storage medium as recited in claim 24, further comprising instructions for performing the steps of:
    - receiving, from the first client, the index value that is associated with the local key;
      
      wherein the step of decrypting the first encrypted information comprises the step of decrypting the first encrypted information based on a key that is associated with an index value that was received from the first client.
  - 26. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - generating the server'"'"'s identity;
      
      based on the local key, encrypting second client state information to produce second encrypted information, wherein the second client state information includes a second shared secret key that differs from the first shared secret key, and wherein the local key is not known to a second client that differs from the first client;
      
      receiving the second encrypted information from the second client;
      
      based on the local key, decrypting the second encrypted information that was received from the second client, thereby producing second decrypted information;
      
      receiving a second message that has been encrypted based on a third derived key that was derived from the second shared secret key;
      
      deriving a fourth derived key from a shared secret key that was included in the second decrypted information; and
      
      based on the fourth derived key, further protecting an ensuing conversation between the second client and the server.
  - 27. A computer-readable storage medium as recited in claim 17, further comprising instructions for performing the steps of:
    - based on a third derived key that was derived from the shared secret that was included in the first decrypted information, encrypting a second message to produce an encrypted message; and
      
      sending the encrypted message to the second client.

28. An apparatus for avoiding the storage of client state on a server, comprising:
- means for encrypting, based on a local key that is not known to a client, client state information to produce encrypted information, wherein the client state information includes a shared secret key;
  
  means for receiving the encrypted information from the client;
  
  means for decrypting, based on the local key, the encrypted information that was received from the client, thereby producing decrypted information;
  
  means for receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
  
  means for deriving a second derived key from a shared secret key that was included in the decrypted information; and
  
  means for decrypting, based on the second derived key, the message.

29. An apparatus for avoiding the storage of client state on a server, comprising:
- a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
  
  a processor;
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  computing the server'"'"'s identity;
  
  encrypting, based on a local key that is not known to a client, client state information to produce encrypted information, wherein the client state information includes a shared secret key;
  
  receiving the encrypted information from the client;
  
  decrypting, based on the local key, the encrypted information that was received from the client, thereby producing decrypted information;
  
  receiving a message that has been encrypted based on a first derived key that was derived from the shared secret key;
  
  deriving a second derived key from a shared secret key that was included in the decrypted information; and
  
  based on the second derived key, further protecting an ensuing conversation between the client and the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Cam-Winget, Nancy, Zhou, Hao, McGrew, David A., Salowey, Joseph, Jakkahalli, Padmanabha C.
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
Lashley; Laurel

Application Number

US10/756,634
Publication Number

US 20050154873A1
Time in Patent Office

1,527 Days
Field of Search

713/155, 709/203, 726/5
US Class Current

713/155
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 67/14   Session management for real...

H04L 9/0822   using key encryption key

H04L 9/0841   involving Diffie-Hellman or...

Enabling stateless server-based pre-shared secrets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling stateless server-based pre-shared secrets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links