1. Field of the Invention
The present invention relates generally to computer networks, and more particularly but not exclusively to authentication protocols for network security services.
2. Description of the Background Art
A computer network allows server computers to provide various services to devices connected to the network. For sensitive transactions, a secure connection may be established between a server computer and a device. For example, Secure Sockets Layer (SSL) technology may be employed with the Hyper Text Transfer Protocol (HTTP) to provide a secure connection between two computers using a protocol referred to as “HTTP over SSL” (HTTPS). A problem with HTTPS is that it uses certificates and uses full encryption of transmitted data, resulting in relatively high processing overhead. Thus, although HTTPS is adequate for most sensitive transactions, HTTPS may not be suitable in applications where authentication needs to be performed often and relatively fast, such as in services providing information about network addresses. On the Internet, for example, there are various categories of websites including those that provide inappropriate information, perpetuate fraudulent activities, distribute spywares and other malicious codes, to name a few examples. Information about these websites may be maintained in a database in a server computer, which provides the information as a service to subscribing devices. Communications between the server computer and the subscribing devices have to be relatively secure to prevent unauthorized devices from accessing the service or otherwise compromising the information received by the subscribing devices. However, requiring a fully secured connection, such as an HTTPS connection, between the server computer and the subscribing devices may slow down access to the service.