Currently, server to server communication requires secure channel and authentication to prevent unauthorized access of confidential data. One authentication strategy involves Secure Sockets Layer (SSL)/Transport Layer Security (TLS) mutual authentication, which requires two certificates (e.g., server and client certificates). However, issuing, managing, and installing certificates can be difficult to manage and requires a relatively complex process to validate certificates. SSL/TSL provides an efficient mechanism for securely identifying servers on the internet using a trusted certificate authority, but is not practical for client-side authentication.
Another authentication strategy is an implementation of JavaScript Object Notation (JSON) Web Tokens. Using this strategy, a client is assigned a set of credentials that may be used for obtaining limited use tokens, which expire after a set period. Using this scheme in conjunction with server-based SSL/TLS encryption is secure. However, attackers may gain access to the tokens or credentials that are exchanged between the client and server if the encryption layer is broken. Once the credentials or tokens are intercepted the attackers gains access.
Accordingly, an efficient authentication mechanism is desired.