Secure communication channel with token renewal mechanism

What is claimed is: 1 . A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of: receiving, from a client machine, a first message that is associated with a first sequence number included in a first master token; verifying that the first message includes a non-replayable identifier and that the first sequence number corresponds to a previously generated and stored sequence number; in response to verifying that the first message includes a non-replayable identifier, generating a second master token comprising a second sequence number that is different than both the first sequence number and the previously generated sequence number; and transmitting, to the client machine, a second message that includes the second master token. 2 . The non-transitory computer-readable storage medium of claim 1 , further comprising, prior to verifying, receiving one or more additional messages from the client machine. 3 . The non-transitory computer-readable storage medium of claim 1 , further comprising, transmitting, to the client machine, a third message that includes the second sequence number. 4 . The non-transitory computer-readable storage medium of claim 1 , wherein verifying that the first sequence number corresponds to the previously generated sequence number comprises determining that the first sequence number and the previously generated sequence number are equal to one another. 5 . The non-transitory computer-readable storage medium of claim 1 , wherein verifying that the first sequence number corresponds to the previously generated sequence number comprises determining that the first sequence number and the previously generated sequence number are within an allowable range of one another. 6 . The non-transitory computer-readable storage medium of claim 1 , wherein the previously generated sequence number is inaccessible by the client machine. 7 . A first peer machine, comprising: a processor; and a memory coupled to the processor and including a master token generator; wherein, when executed by the processor, the master token generator is configured to: receive, from a second peer machine, a first message that includes entity authentication data associated with the second peer machine and first key request data, transmit, to the second peer machine, a second message that includes entity authentication data associated with the first peer machine, second key request data, and a first master token issued by the first peer machine, wherein the first master token includes first key exchange data for encrypting messages transmitted to the first peer machine, and receive, from the second peer machine, a third message that includes a second master token issued by the second peer machine, wherein the second master token includes second key exchange data for encrypting messages transmitted to the first peer machine. 8 . The first peer machine of claim 7 , wherein the memory further includes a base authentication module, and, when executed by the processor, the base authentication module is configured to: authenticate the first message based on the entity authentication data associated with the second peer machine; and cause the second peer machine to authenticate the second message based on the entity authentication data associated with the first peer machine. 9 . The first peer machine of claim 7 , wherein, when executed by the processor, the master token generator is further configured to: receive, from the second peer machine, a fourth message that marked as renewable; determine that a current time exceeds at least one of a renewal time and an expiration time associated with the first master token; and in response, transmit, to the second peer machine, a fifth message that includes a third master token issued by the first peer machine, wherein the third master token includes third key exchange data for encrypting messages transmitted to the first peer machine. 10 . The first peer machine of claim 7 , wherein: the memory further includes a key exchange module, and when executed by the processor, the key exchange module is configured to: decrypt payload data included in the third message based on at least one session key included in a plurality of session keys associated with the first key exchange data. 11 . A method, comprising: receiving a plurality of messages from a client machine over a secure communication channel, wherein the plurality of messages includes a first message comprising at least two of user authentication data, entity authentication data, first key exchange data, and encrypted message data; and transmitting, to the client machine, a second message that includes a first master token comprising second key exchange data associated with the first key exchange data and at least one of a first renewal time and a first expiration time. 12 . The method of claim 11 , wherein the first message includes user authentication data, and further comprising: issuing a user identification token associated with the user authentication data and including an identifier associated with a user; and binding the user identification token to the master token, wherein the first master token further comprises an entity identifier associated with a server entity. 13 . The method of claim 12 , wherein the first message is associated with a service, and further comprising: issuing a service token that includes a data set specified by the service and included in the first message; and binding the service token to the first master token. 14 . The method of claim 12 , wherein the first message is associated with a service, and further comprising: issuing a service token that includes a data set specified by the service and included in the first message; and binding the service token to the user identification token. 15 . The method of claim 12 , wherein at least one of the first master token and the user identification token includes state information associated with the client machine. 16 . The method of claim 11 , further comprising: receiving, from the client machine, a third message that is marked as renewable; and transmitting, to the client machine, a fourth message that includes a second master token comprising third key exchange data and at least one of a second renewal time and a second expiration time. 17 . The method of claim 16 , wherein a current time is greater than the first renewal time and less than the first expiration time. 18 . The method of claim 16 , wherein a current time is greater than the first expiration time. 19 . The method of claim 16 , wherein the secure communication channel is part of a trusted services network. 20 . The method of claim 16 , wherein the third key exchange data is wrapped with at least one session key included in a plurality of session keys associated with the second key exchange data.