Various client and server platforms utilize authentication protocol suites to protect communication across a wide area network (WAN), e.g., the Internet. The authentication protocol suite can include Transport Layer Security (TLS), Secure Sockets Layer (SSL) version 3.0, SSL version 2.0, and/or Private Communications Transport (PCT). These authentication protocols are based on a client/server model. Typically, a client sends a message to a server, and the server responds with the information needed to authenticate itself. The client and server perform an additional exchange of session keys (e.g., cryptography keys), and the authentication dialogue ends. When authentication is completed, secure communication can begin between the server and the client using the secret keys established during the authentication process.
An authentication protocol can be layered between the application protocol layer and the transport layer (e.g., the transmission control protocol (TCP) layer), where it can secure and send application data to the transport layer. Because the authentication protocol works between the application layer and the transport layer, it can support multiple application layer protocols. The authentication protocol assumes that a connection-oriented transport, typically TCP, is in use. The authentication protocol allows client/server applications to detect the security risks, such as message tampering, message interception, and message forgery.
The authentication protocol includes a handshake protocol. The handshake protocol usually takes two roundtrips to complete between a client and a server. If the client has previously established a secured session with the server, the handshake protocol also enables the client to resume the secured session and thus reducing the latency associated with re-establishing the secured session. The session resume feature, however, is not useful in applications where a client needs to communicate with many different servers. Normally, these two roundtrips do not significantly delay network communication. However, some network environments utilize high-latency relays (e.g., in rural areas). In some cases, the high-latency relay is only active during certain periods of time (e.g., a moving vehicle, a satellite, a drone, etc.). In these cases, the two roundtrips of the handshake protocol represent a significant challenge in secured network communication.
The figures depict various embodiments of this disclosure for purposes of illustration only. One skilled in the art will readily recognize from the following discussion that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of embodiments described herein.