Multi-user secret decay
First Claim
1. A computer-implemented method, comprising:
- receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network;
receiving, at the first device, a communication from the second device comprising a second version of the secret information;
detecting an allowable change in a count from at least one of independent counters of the first device and the second device;
determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information;
generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and
storing, at the first device, the third version of the secret information.
0 Assignments
0 Petitions
Accused Products
Abstract
Secret information, such as seeds, codes, and keys, can be automatically renegotiated between at least one sender and at least one recipient. Various mechanisms, such as counters, events, or challenges, can be used to trigger automatic renegotiations through various requests or communications. These changes can cause the current secret information to diverge from older copies of the secret information that might have been obtained by unintended third parties. In some embodiments, a secret can be configured to “decay” over time, or have small changes periodically introduced that can be determined to be valid by an authorized party, but can reduce the effectiveness of prior versions of the secret information.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network; receiving, at the first device, a communication from the second device comprising a second version of the secret information; detecting an allowable change in a count from at least one of independent counters of the first device and the second device; determining, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information; generating, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first version of secret information; and storing, at the first device, the third version of the secret information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computing device, comprising:
-
a processor; and a memory device including instructions that, when executed by the processor, cause the computing device to; receive, at a first device, a computer-generated first version of secret information to be used for securing computer network communications between the first device and a second device communicatively coupled to the first device via the computer network; receive, at the first device, a communication from the second device comprising a second version of the secret information; detect an allowable change in a count from at least one of independent counters of the first device and the second device; determine, at the first device, that the second version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the first version of the secret information and the second version of the secret information; generate, at the first device, a third version of the secret information based at least in part on the communication received from the second device and the first secret information; and store, at the first device, the third version of the secret information. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method, comprising:
-
receiving, at a first device, computer-generated secret information to be used for securing computer network communications from a second device communicatively coupled to the first device via the computer network; receiving, at the first device, a communication from the second device comprising an updated version of the secret information; determining, at the first device, that at least one previous communication from the second device based at least in part on a previously-updated version of the secret information was not received; detecting an allowable change in a count from at least one of independent counters of the first device and the second device; determining, at the first device, that the updated version of the secret information is valid, based at least in part on the allowable change and on an allowable type of deviation between the secret information and the updated version of the secret information; store, at the first device, the updated secret information; and send, from the first device, a request for authorization to the second device via the computer network, the request containing the updated secret information. - View Dependent Claims (18, 19, 20)
-
Specification