Method for key rotation
First Claim
1. A method for cryptographic key rotation, the method comprising:
- providing a cryptographic key rotation request to a client device to implement a cryptographic key rotation between the client device and a remote computing server, wherein the cryptographic key rotation causes the client device to generate one or more new cryptographic keys that are used to replace one or more pre-existing cryptographic keys stored at the client device and the remote computing server;
in response to receiving the key rotation request, generating a new asymmetric cryptographic key pair comprising a new private cryptographic key and a new public cryptographic key defining a public/private cryptographic key pair;
generating, at the client device, a key rotation communication that includes the new public cryptographic key of the new asymmetric cryptographic key pair, wherein the client device maintains the new private cryptographic key and does not transmit the new private cryptographic key pair to the remote computing server;
at the client device, using a pre-existing private cryptographic key of a pre-existing asymmetric cryptographic key pair to cryptographically sign the key rotation communication;
transmitting, via a network, to the remote computing server the cryptographically signed key rotation communication;
completing the cryptographic key rotation, wherein the completing includes;
(i) after transmitting the cryptographically signed key rotation communication, replacing, at the client device, the pre-existing private cryptographic key with the new private cryptographic key by ceasing a use of the pre-existing private cryptographic key in future communications with the remote computing server; and
(ii) after receiving, at the remote computing server, the cryptographically signed key rotation communication, decrypting by the remote computing server the cryptographically signed key rotation communication with a pre-existing public cryptographic key of the pre-existing asymmetric cryptographic key pair, replacing the pre-existing public cryptographic key with the new public cryptographic obtained from the cryptographically signed key rotation communication, wherein the remote computing server uses the new public cryptographic key in the future communications with the client device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
-
Citations
14 Claims
-
1. A method for cryptographic key rotation, the method comprising:
-
providing a cryptographic key rotation request to a client device to implement a cryptographic key rotation between the client device and a remote computing server, wherein the cryptographic key rotation causes the client device to generate one or more new cryptographic keys that are used to replace one or more pre-existing cryptographic keys stored at the client device and the remote computing server; in response to receiving the key rotation request, generating a new asymmetric cryptographic key pair comprising a new private cryptographic key and a new public cryptographic key defining a public/private cryptographic key pair; generating, at the client device, a key rotation communication that includes the new public cryptographic key of the new asymmetric cryptographic key pair, wherein the client device maintains the new private cryptographic key and does not transmit the new private cryptographic key pair to the remote computing server; at the client device, using a pre-existing private cryptographic key of a pre-existing asymmetric cryptographic key pair to cryptographically sign the key rotation communication; transmitting, via a network, to the remote computing server the cryptographically signed key rotation communication; completing the cryptographic key rotation, wherein the completing includes; (i) after transmitting the cryptographically signed key rotation communication, replacing, at the client device, the pre-existing private cryptographic key with the new private cryptographic key by ceasing a use of the pre-existing private cryptographic key in future communications with the remote computing server; and (ii) after receiving, at the remote computing server, the cryptographically signed key rotation communication, decrypting by the remote computing server the cryptographically signed key rotation communication with a pre-existing public cryptographic key of the pre-existing asymmetric cryptographic key pair, replacing the pre-existing public cryptographic key with the new public cryptographic obtained from the cryptographically signed key rotation communication, wherein the remote computing server uses the new public cryptographic key in the future communications with the client device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for key rotation comprising:
-
initiating cryptographic key rotation for a user account of a multi-factor authentication platform, wherein an authenticating device participates in authentication with the multi-factor authentication platform by generating an authentication response to an authentication request and signing the authenticating response using a first private cryptographic key of a first asymmetric key set, wherein the first asymmetric key set includes the first private cryptographic key that is stored by the authenticating device and a first public cryptographic key that is stored by the multi-factor authentication platform; in response to initiating the cryptographic key rotation, generating, at the authenticating device, a second symmetric cryptographic key; signing, at the authenticating device, the second symmetric cryptographic key with the first private cryptographic key; transmitting, by the authenticating device, the signed second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to; (i) disable authentication that uses a first symmetric cryptographic key; and (ii) enable authentication that uses the second symmetric cryptographic key.
-
Specification