主权项 |
1. A method to generate shared secrets between a server and a client, the method comprising:
transmitting, by the server, a plurality of encrypted secrets corresponding to a plurality of data blocks to the client, the plurality of encrypted secrets generated by encryption of each secret with a respective data block in the plurality of data blocks; recovering, by the client, a first subset of secrets from the plurality of encrypted secrets, wherein the first subset of secrets corresponds to a first subset of data blocks including data cached at the client for application acceleration, and the first subset of data blocks is a subset of the plurality of data blocks; encrypting a message at the client by use of the first subset of secrets; transmitting, by the client, the message to the server; recovering, by the server, the message by use of a second subset of secrets from the plurality of encrypted secrets, wherein the second subset of secrets corresponds to a second subset of data blocks known by the server to be previously stored at the client and the second subset of data blocks is a subset of the plurality of data blocks; and evaluating, by the server, a security status of the client and a security status of a connection between the server and the client in response to detecting one of: a change in contents of the data cached at the client when the client has been connected to the server, a lack of change in the contents of the data cached at the client when the client has been disconnected from the server for a period of time, and a security response that contains decryptions of encrypted secrets serving as decoys. |