Method and system for changing security information in a computer network

US 20040034771A1
Filed: 08/13/2002
Published: 02/19/2004
Est. Priority Date: 08/13/2002
Status: Active Grant

First Claim

Patent Images

1. A method of changing encryption information in a computer network, the method including:

providing at least first cryptographic information and second cryptographic information; and

defining a first validity period for the first cryptographic information and a second validity period for the second cryptographic information wherein the first and second validity periods overlap.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of, and system for, changing encryption information in a computer network is provided. The method includes providing at least first cryptographic information and second cryptographic information. A first validity period is provided for the first cryptographic information and a second validity period is provided for the second cryptographic information wherein the first and second validity periods overlap.

196 Citations

48 Claims

1. A method of changing encryption information in a computer network, the method including:
- providing at least first cryptographic information and second cryptographic information; and
  
  defining a first validity period for the first cryptographic information and a second validity period for the second cryptographic information wherein the first and second validity periods overlap.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, which includes providing the first validity period with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.
  - 3. The method of claim 1, which includes providing the first cryptographic information with a first identifier and second cryptographic information with a second identifier thereby to identify the first and second cryptographic information respectively.
  - 4. The method of claim 1, which includes providing the first cryptographic information in the form of a first private/public key pair and the second cryptographic information in the form of a second private/public key pair.
  - 5. The method of claim 1, which includes providing the first cryptographic information in the form of a first cryptographic algorithm and the second cryptographic information in the form of a second cryptographic algorithm.
  - 6. The method of claim 1, wherein the first and the second cryptographic information includes first encryption information provided on a user device, the method including updating the first encryption information on the user device via the computer network with second encryption information when the user device accesses the computer network using the first encryption information.

7. A method of processing encrypted data in a computer network, the method including:
- receiving the encrypted data from a user device, the encrypted data being encrypted using one of first and second encryption information, the first encryption information being valid for a first validity period and the second encryption information being valid for a second validity period;
  
  identifying which one of the first and the second encryption information has been used to encrypt the encrypted data thereby to identify associated decryption information; and
  
  decrypting the encrypted data with the associated decryption information if the encryption information is within an associated validity period.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein the first and second validity periods overlap and the first validity period is prior in time relative to the second validity period.
  - 9. The method of claim 7, which includes identifying the first encryption information from a first identifier and the second encryption information from a second identifier.
  - 10. The method of claim 9, wherein the first identifier is associated with a first private/public key pair and the second identifier is associated with a second private/public key pair.
  - 11. The method of claim 9, wherein the first identifier is associated with a first encryption algorithm and the second identifier is associated with a second encryption algorithm.
  - 12. The method of claim 7, wherein the encrypted data is user authentication data for authenticating use of the computer network by the user device, the first and the second encryption information being provided on the user device, the method including:
    - identifying when the first encryption information has been used to encrypt the authentication data;
      
      decrypting the encrypted data with decryption information associated with the first encryption information; and
      
      updating the first encryption information on the user device via the computer network with the second encryption information.

13. A method of changing security information in a computer network, the method including:
- providing at least first security information and second security information; and
  
  defining a first validity period for the first security information and a second validity period for the second security information wherein the first and second validity periods overlap.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13, which includes providing the first validity period with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.
  - 15. The method of claim 13, which includes providing the first and second security information in the form of first and second cryptographic information, the first cryptographic information being provided with a first identifier and the second cryptographic information being provided with a second identifier thereby to identify the first and second cryptographic information respectively.
  - 16. The method of claim 15, which includes providing the first cryptographic information in the form of a first private/public key pair and the second cryptographic information in the form of a second private/public key pair.
  - 17. The method of claim 15, which includes providing the first cryptographic information in the form of a first cryptographic algorithm and the second security information in the form of a second cryptographic algorithm.
  - 18. The method of claim 13, which includes providing the first and the second security information in the form of first and second user passwords.
  - 19. The method of claim 18, which includes providing a plurality of passwords with validity periods that overlap.
  - 20. The method of claim 19, which includes providing each validity period with a different expiry date so that the validity periods overlap in time.

21. A method of processing data in a computer network, the method including:
- receiving data from a user device, the data being secured using one of first and second security information;
  
  identifying which one of the first and the second security information secures the data;
  
  determining if the identified security information that secures the data is within a validity period associated with the security information; and
  
  processing the data with the identified security information when it is within its associated validity period.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the security information is one of a password, an encryption algorithm, and an encryption key.

23. A machine-readable medium embodying a sequence of instructions that, when executed by the machine, cause the machine to:
- provide at least first cryptographic information and second cryptographic information; and
  
  define a first validity period for the first cryptographic information and a second validity period for the second cryptographic information wherein the first and second validity periods overlap.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The machine-readable medium of claim 23, wherein the first validity period is provided with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.
  - 25. The machine-readable medium of claim 23, wherein the first cryptographic information is provided with a first identifier and the second cryptographic information is provided with a second identifier thereby to identify the first and second cryptographic information respectively.
  - 26. The machine-readable medium of claim 23, wherein the first cryptographic information is in the form of a first private/public key pair and the second cryptographic information is in the form of a second private/public key pair.
  - 27. The machine-readable medium of claim 23, wherein the first cryptographic information is in the form of a first cryptographic algorithm and the second cryptographic information is in the form of a second cryptographic algorithm.
  - 28. The machine-readable medium of claim 23, wherein the first and the second cryptographic information includes first encryption information provided on a user device, and the machine-readable medium updates the first encryption information on the user device via the computer network with second encryption information when the user device access the computer network using the first encryption information.

29. A machine-readable medium embodying a sequence of instructions that, when executed by the machine cause the machine to:
- receive encrypted data from a user device, the encrypted data being encrypted using one of first and second encryption information, the first encryption information being valid for a first validity period and the second encryption information being valid for a second validity period;
  
  identify which one of the first and the second encryption information has been used to encrypt the encrypted data thereby to identify associated decryption information; and
  
  decrypt the encrypted data with the associated decryption information if the encryption information is within an associated validity period.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The machine-readable medium of claim 29, wherein the first and second validity periods overlap and the first validity period is prior in time relative to the second validity period.
  - 31. The machine-readable medium of claim 29, wherein the first encryption information is identified from a first identifier and the second encryption information is identified from a second identifier.
  - 32. The machine-readable medium of claim 31, wherein the first identifier is associated with a first private/public key pair and the second identifier is associated with a second private/public key pair.
  - 33. The machine-readable medium of claim 31, wherein the first identifier is associated with a first encryption algorithm and the second identifier is associated with a second encryption algorithm.
  - 34. The machine-readable medium of claim 29, wherein the encrypted data is user authentication data for authenticating use of the computer network by the user device, the first and the second encryption information being provided on the user device, and the machine-readable medium:
    - identifies when the first encryption information has been used to encrypt the authentication data;
      
      decrypts the encrypted data with decryption information associated with the first encryption information; and
      
      updated the first encryption information on the user device via the computer network with the second encryption information.

35. A machine-readable medium embodying a sequence of instructions that, when executed by the machine cause the machine to:
- provide at least first security information and second security information; and
  
  define a first validity period for the first security information and a second validity period for the second security information wherein the first and second validity periods overlap.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42)
- - 36. The machine-readable medium of claim 35, wherein the first validity period is provided with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.
  - 37. The machine-readable medium of claim 35, wherein the first and second security information is provided in the form of first and second cryptographic information, the first cryptographic information being provided with a first identifier and the second cryptographic information being provided with a second identifier thereby to identify the first and second cryptographic information respectively.
  - 38. The machine-readable medium of claim 37, wherein the first cryptographic information is in the form of a first private/public key pair and the second cryptographic information is in the form of a second private/public key pair.
  - 39. The machine-readable medium of claim 37, wherein the first cryptographic information is in the form of a first cryptographic algorithm and the second security information is in the form of a second cryptographic algorithm.
  - 40. The machine-readable medium of claim 37, wherein the first and second security information is in the form of first and second user passwords.
  - 41. The machine-readable medium of claim 40, wherein a plurality of passwords is provided with validity periods that overlap.
  - 42. The machine-readable medium of claim 41, wherein each validity period is provided with a different expiry date so that the validity periods overlap in time.

43. A machine-readable medium embodying a sequence of instructions that, when executed by the machine cause the machine to:
- receive data from a user device, the data being secured using one of first and second security information;
  
  identify which one of the first and the second security information secures the data;
  
  determine if the identified security information that secures the data is within a validity period associated with the security information; and
  
  process the data with the identified security information when it is within its associated validity period.
- View Dependent Claims (44)
- - 44. The machine-readable medium of claim 43, wherein the security information is one of a password, an encryption algorithm, and an encryption key.

45. A computer system which includes a server to:
- provide at least first cryptographic information and second cryptographic information; and
  
  define a first validity period for the first cryptographic information and a second validity period for the second cryptographic information wherein the first and second validity periods overlap.
- View Dependent Claims (46)
- - 46. The system of claim 45, wherein the first validity period is provided with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.

47. A computer system which includes a server to:
- receive encrypted data from a user device, the encrypted data being encrypted using one of first and second encryption information, the first encryption information being valid for a first validity period and the second information being valid for a second validity period;
  
  identify which one of the first and the second encryption information has been used to encrypt the encrypted data thereby to identify associated decryption information; and
  
  decrypt the encrypted data with the associated decryption information if the encryption information is within an associated validity period.

48. A computer system including:
- means for receiving encrypted data from a user device, the encrypted data being encrypted using one of first and second encryption information, the first encryption information being valid for a first validity period and the second information being valid for a second validity period;
  
  means for identifying which one of the first and the second encryption information has been used to encrypt the encrypted data thereby to identify associated decryption information; and
  
  means for decrypting the encrypted data with the associated decryption information if the encryption information is within an associated validity period.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Channel IP BV
Original Assignee
Ipass Incorporated (Pareteum Corp.)
Inventors
Edgett, Jeff Steven, Sunder, Singam

Granted Patent

US 7,961,884 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06F 2221/2137   Time limited access, e.g. t...

G06Q 20/14   specially adapted for billi...

G06Q 20/3829   involving key management

H04L 63/0457   wherein the sending and rec...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0892   by using authentication-aut...

H04L 63/108   when the policy decisions a...

Method and system for changing security information in a computer network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for changing security information in a computer network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links