Hi Ulf!
Thanks for your attention to my case. Well... When you tell me:
"That would be possible either with an applet-generated UUID, or with a server-generated one that gets sent to the applet via a <param> tag."
I suppose that i dont explain all that you must to know. When i want to use something to create my key in runtime, it must be something that i can get in runtime, and do not have the key stored in the applet. So, i need to use something else, and the idea is to use de applet size (for example), and in server a store in a file the size of all my jars, by authorized client. So, when we receive a message from a web server of our client, i will receive a key and a client id. In our server i create de key, with the fields that is suppose to be, and i will get the size of this client jar file saved in a file (for example, or database). If the keys match so the message is valid.
It is more clear now?