Encryption security in a network system

US 20060031936A1
Filed: 10/22/2004
Published: 02/09/2006
Est. Priority Date: 04/04/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method for enhancing the security of a network having one or more network devices including one or more network infrastructure devices capable of exchanging messages, the method comprising the steps of:

a. generating a plurality of encryption keys;

b. encrypting some or all of the messages exchanged between two or more of the network infrastructure devices, or exchanged within one or more of the network infrastructure devices, with one or more of the plurality of encryption keys; and

c. in the course of the message exchanges, replacing one or more of the one or more encryption keys with one or more replacement encryption keys.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enhancing the security of signal exchanges in a network system. The system and method include a process and means for generating one or more replacement encryption key sets based on information and events. The information that may cause the generation of a replacement encryption key set includes, but is not limited to, a specified period of time, the level and/or type of signal traffic, and the signal transmission protocol and the amount of data sent. A key manager function initiates the replacement encryption key process based on the information. The replacement encryption key set may be randomly or pseudo-randomly generated. Functions attached to the network system required to employ encryption key sets may have encryption key sets unique to them or shared with one or more other attached functions. The system and method may be employed in a wireless, wired, or mixed transmission medium environment.

Citations

28 Claims

1. A method for enhancing the security of a network having one or more network devices including one or more network infrastructure devices capable of exchanging messages, the method comprising the steps of:
- a. generating a plurality of encryption keys;
  
  b. encrypting some or all of the messages exchanged between two or more of the network infrastructure devices, or exchanged within one or more of the network infrastructure devices, with one or more of the plurality of encryption keys; and
  
  c. in the course of the message exchanges, replacing one or more of the one or more encryption keys with one or more replacement encryption keys.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein at least one of the plurality of encryption keys is designated for transmission selected from the group consisting of multicast transmissions, for broadcast transmissions, and unicast transmissions.
  - 3. The method of claim 1 wherein some or all of the plurality of encryption keys are replaced as a function of the number of encrypted messages, randomly, or the amount of information exchanged during the message exchanges.
  - 4. The method of claim 1 wherein at least one of the one or more network infrastructure devices is selected from the group consisting of wireless access points, routers, VPN gateways, and switches.
  - 5. The method of claim 1 wherein the plurality of encryption keys are randomly generated.
  - 6. The method of claim 1 wherein the one or more replacement encryption keys are randomly generated.
  - 7. The method of claim 1 wherein the encryption keys are protocol encryption keys.
  - 8. The method of claim 1 further comprising the step of replacing one or more of the one or more replacement encryption keys.
  - 9. The method of claim 8 wherein the step of replacing one or more of the one or more replacement keys is performed on a basis that is different from the basis for first replacing the one or more plurality of encryption keys, wherein the basis for replacement is selected from the group consisting of incremental replacement, random replacement, pseudo-random replacement, and mathematical algorithm replacement.
  - 10. The method of claim 1 wherein the messages are exchanged across a transmission medium selected from the group consisting of wired, radio frequency, WAN, VPN, infrared, RPR ring, PON, and Ethernet over First Mile.

11. A method for enhancing the security of a network including one or more network devices capable of providing access to the network for one or more attached functions, the method comprising the steps of:
- a. generating a plurality of encryption keys for use in encrypting message exchanges between the one or more attached functions and the network;
  
  b. using the plurality of encryption keys in the message exchanges between the one or more network access devices and the one or more attached functions;
  
  c. generating one or more replacement encryption keys; and
  
  d. during the session, replacing one or more of the plurality of encryption keys with the one or more replacement encryption keys at non-regular intervals.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 12. The method of claim 11 wherein the plurality of encryption keys and the one or more replacement encryption keys are randomly generated.
  - 13. The method of claim 11 wherein at least one of the one or more network access devices generates and transmits the plurality of encryption keys and the one or more replacement encryption keys.
  - 14. The method of claim 11 wherein at least two of the plurality of encryption keys is unique to each attached function.
  - 15. The method of claim 11 wherein some or all of the plurality of encryption keys are replaced as a function of the number of encrypted messages, randomly, or as a function of the amount of information exchanged.
  - 16. The method of claim 11 further comprising the step of replacing one or more of the one or more replacement encryption keys.
  - 17. The method of claim 16 wherein the step of replacing one or more of the one or more replacement keys is performed on a basis that is different from the basis for first replacing the one or more plurality of encryption keys, wherein the basis for replacement is selected from the group consisting of incremental replacement, random replacement, pseudo-random replacement, and mathematical algorithm replacement.
  - 18. The method of claim 11 wherein at least one of the plurality of encryption keys is designated for multicast transmissions or broadcast transmissions.
  - 19. The method of claim 11 wherein at least one of the plurality of encryption keys is associated with a transmission protocol.
  - 20. The method of claim 11 wherein at least one of the plurality of encryption keys is associated with a set of transmission protocols.
  - 21. The method of claim 11 wherein at least one of the plurality of encryption keys is a retained encryption key that is not replaced when others of the plurality of encryption keys are replaced.

22. A method for enhancing the security of a network including one or more network devices capable of providing access to the network, the method comprising the steps of:
- a. generating a plurality of encryption keys for use in encrypting messages between the one or more network access devices and one or more attached functions;
  
  b. encrypting some or all of the messages with one or more of the plurality of encryption keys; and
  
  c. in the course of exchanging messages with the one or more attached functions, without authenticating, transmitting to the one or more attached functions one or more replacement encryption keys to replace one or more of the one or more encryption keys.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The method of claim 22 wherein the plurality of encryption keys and the one or more replacement encryption keys are randomly generated.
  - 24. The method of claim 22 wherein at least one of the one or more network devices generates the one or more encryption keys and the one or more replacement encryption keys.
  - 25. The method of claim 22 wherein at least one of the attached functions is selected from the group consisting of an internet interface function, a VPN interface function, and a wireless interface function.
  - 26. The method of claim 22 wherein some or all of the plurality of encryption keys are replaced as a function of the number of encrypted messages, randomly, or as a function of the amount of information exchanged during the message exchanges.
  - 27. The method of claim 22 further comprising the step of replacing one or more of the one or more replacement encryption keys.
  - 28. The method of claim 27 wherein the step of replacing one or more of the one or more replacement keys is performed on a basis that is different from the basis for first replacing the one or more plurality of encryption keys, wherein the basis for replacement is selected from the group consisting of incremental replacement, random replacement, pseudo-random replacement, and mathematical algorithm replacement.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Original Assignee
Enterasys Networks Incorporated (Extreme Networks, Inc.)
Inventors
Graham, Richard W., Nelson, David B.

Application Number

US10/971,905
Publication Number

US 20060031936A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/0457   wherein the sending and rec...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/16   the keys or algorithms bein...

Encryption security in a network system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption security in a network system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links