MANAGING KEY ROTATIONS WITH MULTIPLE KEY MANAGERS
First Claim
1. A method comprising:
- generating, by a network device, a request to obtain a resource object stored in a clustered network database that stores keys;
transmitting, by the network device, the request to the clustered network database;
receiving, by the network device, a response to the request;
determining, by the network device, based on a value of the resource object carried in the response, whether permission to update the keys is permitted, wherein a first value of the resource object grants permission to update the keys and a second value of the resource object does not grant permission to update the keys, wherein the first value and the second value are different;
determining, by the network device, whether any of the keys expired in response to determining that the value of the resource object corresponds to the first value indicating that permission is granted to update the keys, and wherein other network devices that are configured to update the keys are prevented from updating the keys stored in the clustered network database while the network device is granted permission to update the keys;
generating, by the network device, a new key for each key of the keys that expired, in response to determining that one or more of the keys expired;
storing, by the network device, the new key for each key of the one or more of the keys at the clustered network database; and
releasing, by the network device, the resource object back to the clustered network database.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, a device, and a non-transitory storage medium are provided to generate and transmit a request to obtain a resource object stored in a clustered network database that stores keys; determine based on a value of the resource object carried in a response, whether permission to update the keys is permitted, wherein a first value of the resource object grants permission and a second value of the resource object does not grant permission; determine whether any of the keys expired in response to receiving permission, wherein other network devices configured to update the keys are prevented from updating the keys while the network device is granted permission; generate a new key for each key of the keys that expired; and store the new key for each key; and release the resource object back to the clustered network database.
77 Citations
20 Claims
-
1. A method comprising:
-
generating, by a network device, a request to obtain a resource object stored in a clustered network database that stores keys; transmitting, by the network device, the request to the clustered network database; receiving, by the network device, a response to the request; determining, by the network device, based on a value of the resource object carried in the response, whether permission to update the keys is permitted, wherein a first value of the resource object grants permission to update the keys and a second value of the resource object does not grant permission to update the keys, wherein the first value and the second value are different; determining, by the network device, whether any of the keys expired in response to determining that the value of the resource object corresponds to the first value indicating that permission is granted to update the keys, and wherein other network devices that are configured to update the keys are prevented from updating the keys stored in the clustered network database while the network device is granted permission to update the keys; generating, by the network device, a new key for each key of the keys that expired, in response to determining that one or more of the keys expired; storing, by the network device, the new key for each key of the one or more of the keys at the clustered network database; and releasing, by the network device, the resource object back to the clustered network database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network device comprising:
-
a communication interface; a memory, wherein the memory stores instructions; and a processor, wherein the processor executes the instructions to; generate a request to obtain a resource object stored in a clustered network database that stores keys; transmit, via the communication interface, the request to the clustered network database; receive, via the communication interface, a response to the request; determine based on a value of the resource object carried in the response, whether permission to update the keys is permitted, wherein a first value of the resource object grants permission to update the keys and a second value of the resource object does not grant permission to update the keys, wherein the first value and the second value are different; determine whether any of the keys expired in response to a determination that the value of the resource object corresponds to the first value indicating that permission is granted to update the keys, and wherein other network devices that are configured to update the keys are prevented from updating the keys stored in the clustered network database while the network device is granted permission to update the keys; generate a new key for each key of the keys that expired, in response to determining that one or more of the keys expired; store the new key for each key of the one or more of the keys at the clustered network database; and release the resource object back to the clustered network database. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory, computer-readable storage medium storing instructions executable by a processor of a computational device, which when executed cause the computational device to:
-
generate a request to obtain a resource object stored in a clustered network database that stores keys; transmit the request to the clustered network database; receive a response to the request; determine based on a value of the resource object stored carried in the response, whether permission to update the keys is permitted, wherein a first value of the resource object grants permission to update the keys and a second value of the resource object does not grant permission to update the keys, wherein the first value and the second value are different; determine whether any of the keys expired in response to a determination that the value of the resource object corresponds to the first value indicating that permission is granted to update the keys, and wherein other network devices that are configured to update the keys are prevented from updating the keys stored in the clustered network database while the network device is granted permission to update the keys; generate a new key for each key of the keys that expired, in response to determining that one or more of the keys expired; store the new key for each key of the one or more of the keys at the clustered network database; and release the resource object back to the clustered network database. - View Dependent Claims (17, 18, 19, 20)
-
Specification