×

Method for key rotation

  • US 10,063,531 B2
  • Filed: 08/24/2017
  • Issued: 08/28/2018
  • Est. Priority Date: 07/27/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for cryptographic key rotation, the method comprising:

  • providing a cryptographic key rotation request to a client device to implement a cryptographic key rotation between the client device and a remote computing server, wherein the cryptographic key rotation causes the client device to generate one or more new cryptographic keys that are used to replace one or more pre-existing cryptographic keys stored at the client device and the remote computing server;

    in response to receiving the key rotation request, generating a new asymmetric cryptographic key pair comprising a new private cryptographic key and a new public cryptographic key defining a public/private cryptographic key pair;

    generating, at the client device, a key rotation communication that includes the new public cryptographic key of the new asymmetric cryptographic key pair, wherein the client device maintains the new private cryptographic key and does not transmit the new private cryptographic key pair to the remote computing server;

    at the client device, using a pre-existing private cryptographic key of a pre-existing asymmetric cryptographic key pair to cryptographically sign the key rotation communication;

    transmitting, via a network, to the remote computing server the cryptographically signed key rotation communication;

    completing the cryptographic key rotation, wherein the completing includes;

    (i) after transmitting the cryptographically signed key rotation communication, replacing, at the client device, the pre-existing private cryptographic key with the new private cryptographic key by ceasing a use of the pre-existing private cryptographic key in future communications with the remote computing server; and

    (ii) after receiving, at the remote computing server, the cryptographically signed key rotation communication, decrypting by the remote computing server the cryptographically signed key rotation communication with a pre-existing public cryptographic key of the pre-existing asymmetric cryptographic key pair, replacing the pre-existing public cryptographic key with the new public cryptographic obtained from the cryptographically signed key rotation communication, wherein the remote computing server uses the new public cryptographic key in the future communications with the client device.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×