To handle these more complicated scenarios, we have developed two token-based mechanisms for authentication. The first type is based on certificates and allows for flexible verification due to its public-key nature. The second type, known as “crypto auth tokens”, is symmetric-key based, and hence more restrictive, but also much more scalable to a high volume of requests. Crypto auth tokens rely on pseudorandom functions to generate independently-distributed keys for distinct identities.
Finally, we provide (mock) examples which illustrate how both of our token primitives can be used to authenticate real-world flows within our infrastructure, and how a token-based approach to authentication can be used to handle security more broadly in other infrastructures which have strict performance requirements and where relying on TLS alone is not enough.
Category / Keywords: cryptographic protocols / authentication, secret-key cryptography Date: received 3 May 2018, last revised 7 May 2018 Contact author: klewi at cs stanford edu Available format(s): PDF | BibTeX Citation Version: 20180510:203314 (All versions of this report) Short URL: ia.cr/2018/413