Failure recovery mechanism to re-establish secured communications

What is claimed is: 1 . A computer-implemented method, comprising: receiving, from a server machine, a first message generated in connection with a first master token; detecting an error condition associated with the first message; transmitting, to the server machine, a second message generated in connection with a pre-provisioned key that includes a request for a new master token; receiving, from the server machine, a third message that includes a second master token; and transmitting, to the server machine, a fourth message generated in connection with the second master token. 2 . The method of claim 1 , further comprising: requesting entity authentication data from an application program that resides on the client machine; and receiving the entity authentication data from the application program; wherein the second message includes the entity authentication data. 3 . The method of claim 1 , further comprising: requesting user authentication data from an application program that resides on the client machine; and receiving the user authentication data from the application program; wherein the second message includes the user authentication data. 4 . The method of claim 1 , wherein the first set of session keys is encoded according to an encoding scheme that is undetectable by the client machine. 5 . The method of claim 1 , wherein the first master token includes a first set of session keys. 6 . The method of claim 1 , wherein the second master token includes a second set of session keys 7 . The method of claim 1 , wherein the second message includes logging and error information. 8 . The method of claim 1 , further comprising encrypting the second message based on a pre-shared public key that has been previously deployed to the client machine. 9 . A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor unit to perform the steps of: establishing a secure communication channel with a server machine via a first set of session keys; detecting an error condition associated with a first message received from the server machine; transmitting, to the server machine, a second message, based on a pre-provisioned key that is not included in the first set of session keys, that includes first key exchange data; and reestablishing a secure communication channel with the server machine via the key exchange data. 10 . The non-transitory computer-readable storage medium of claim 9 , wherein the first set of session keys is encoded according to an encoding scheme that is undetectable by the client machine. 11 . The non-transitory computer-readable storage medium of claim 9 , wherein reestablishing a secure communication channel with the server machine comprises receiving, from the client machine, a third message that includes second key exchange data. 12 . The non-transitory computer-readable storage medium of claim 9 , wherein reestablishing a secure communication channel with the server machine comprises receiving, from the client machine, a third message that includes a second master token that includes the second set of session keys. 13 . The non-transitory computer-readable storage medium of claim 9 , wherein the second message is an unencrypted message that includes logging and error information. 14 . The non-transitory computer-readable storage medium of claim 9 , wherein the second message is encrypted based on a pre-shared public key that has been previously deployed to the client machine. 15 . The non-transitory computer-readable storage medium of claim of claim 14 , wherein the pre-shared public key is based on Rivest-Shamir-Adleman (RSA) public-private keys. 16 . A client machine, comprising: a processor; and a memory coupled to the processor and including a base authentication module and a key exchange module; wherein, when executed by the processor, the base authentication module is configured to: establish a secure communication channel with a server machine via a first set of session keys, and fail to authenticate a first message received from the server machine; and wherein, when executed by the processor, the key exchange module is configured to: transmit, to the server machine, a second message, based on a pre-provisioned key that is not included in the first set of session keys, that includes first key exchange data, and reestablish a secure communication channel with the client machine via the first key exchange data. 17 . The server machine of claim 16 , wherein the first set of session keys is encoded according to an encoding scheme that is undetectable by the client machine. 18 . The server machine of claim 16 , wherein the second message is an unencrypted message that includes logging and error information. 19 . The server machine of claim 16 , wherein the second message is encrypted based on a pre-shared public key that has been previously deployed to the client machine. 20 . The server machine of claim 16 , wherein the second message is an encrypted message that includes payload data.