1. Field of the Invention
The present invention generally relates to caches, and more specifically relates to a secure caching technique for shared distributed caches.
2. Related Art
Multiple systems in a distributed network commonly maintain a shared distributed cache. This cache maintains key/value pairs. A value is obtained from the cache and stored/updated in the cache using a corresponding key. This is a fairly common technique and is used in many different types of systems. However, this technique can expose a system to a potential security hole. If the key can be guessed, intruders can request and obtain information from the cache for which they are not authorized. This makes the cache unsuitable for maintaining security sensitive data if all parties that have access to the cache cannot be completely trusted.
As an example of this problem, assume that two parties communicate, via a cache, account history information regarding a set of recent transactions in a bank account for a user “Bob.” A first party obtains the account history information from a remote system and then caches the account history information for sharing with a second party. A naive implementation involves storing the account history information in the cache using a key such as “bob.accounthistory.” The problem with this approach is that the key is fairly guessable. Any party that reasonably understands the system might easily guess this key and obtain Bob's account history information.