Approaches for switching transport protocol connection keys
First Claim
1. A method of switching transport protocol connection keys, the method comprising the computer-implemented steps of:
- within one communication session;
a first computer network node sending a keychange request message from the first network node to a second node, wherein said keychange request message causes the second node to accept, from the first computer network node, subsequent non-confirmed first-key messages that are digitally signed with a first key and subsequent non-confirmed second-key messages that are digitally signed with a second key;
wherein the second key is a next key in a pre-provisioned list of keys for the first and second nodes and a message digitally signed with a particular key from the pre-provisioned list of keys can be accepted using only the particular key;
the first computer network node receiving a first response message from the second node acknowledging the receipt of the keychange request message;
based on the first response message, the first computer network node accepting, from the second node, the subsequent non-confirmed first-key messages digitally signed with the first key and the subsequent non-confirmed second-key messages digitally signed with the second key;
the first computer network node receiving a first subsequent message digitally signed with the second key from the second node;
the first computer network node determining that there are no remaining non-confirmed first-key messages to be received digitally signed with the first key, and in response thereto, only accepting second-key messages digitally signed with the second key from the second node and sending a second subsequent message digitally signed with the second key to the second node, wherein said second subsequent message causes the second node to accept only the second-key messages digitally signed with the second key.
1 Assignment
0 Petitions
Accused Products
Abstract
Approaches are disclosed for switching transport protocol connection keys. A first node sends a keychange request message to a second node, causing the second node to accept subsequent messages digitally signed with a first or second key. The second node sends an acknowledgment message to the first node, causing the first node to accept subsequent messages digitally signed with the first or second key. The first node receives a new message digitally signed with the second key from the second node and determines that there are no remaining messages to be received digitally signed with the first key. In response thereto, the first node only accepts messages digitally signed with the second key and sends a message signed with the second key to the second node, causing the second node to only accept messages digitally signed with the second key.
20 Citations
32 Claims
-
1. A method of switching transport protocol connection keys, the method comprising the computer-implemented steps of:
within one communication session; a first computer network node sending a keychange request message from the first network node to a second node, wherein said keychange request message causes the second node to accept, from the first computer network node, subsequent non-confirmed first-key messages that are digitally signed with a first key and subsequent non-confirmed second-key messages that are digitally signed with a second key; wherein the second key is a next key in a pre-provisioned list of keys for the first and second nodes and a message digitally signed with a particular key from the pre-provisioned list of keys can be accepted using only the particular key; the first computer network node receiving a first response message from the second node acknowledging the receipt of the keychange request message; based on the first response message, the first computer network node accepting, from the second node, the subsequent non-confirmed first-key messages digitally signed with the first key and the subsequent non-confirmed second-key messages digitally signed with the second key; the first computer network node receiving a first subsequent message digitally signed with the second key from the second node; the first computer network node determining that there are no remaining non-confirmed first-key messages to be received digitally signed with the first key, and in response thereto, only accepting second-key messages digitally signed with the second key from the second node and sending a second subsequent message digitally signed with the second key to the second node, wherein said second subsequent message causes the second node to accept only the second-key messages digitally signed with the second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
9. An apparatus for switching transport protocol connection keys, comprising:
-
one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to perform the steps of; within one communication session; sending a keychange request message from a first network node to a second node, wherein said keychange request message causes the second node to accept, from the first network node, subsequent non-confirmed first-key messages that are digitally signed with a first key and subsequent non-confirmed second-key messages that are digitally signed with a second key; wherein the second key is a next key in a pre-provisioned list of keys for the first and second nodes and a message digitally signed with a particular key from the pre-provisioned list of keys can be accepted using only the particular key; receiving a first response message from the second node acknowledging the receipt of the keychange request message; based on the first response message, accepting, from the second node, the subsequent non-confirmed first-key messages digitally signed with the first key and the subsequent non-confirmed second-key messages digitally signed with the second key; receiving a first subsequent message digitally signed with the second key from the second node; determining that there are no remaining non-confirmed first-key messages to be received digitally signed with the first key, and in response thereto, only accepting second-key messages digitally signed with the second key from the second node and sending a second subsequent message digitally signed with the second key to the second node, wherein said second subsequent message causes the second node to accept only the second-key messages digitally signed with the second key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus for switching transport protocol connection keys, comprising:
for one communication session; means for sending a keychange request message from a first network node to a second node, wherein said keychange request message causes the second node to accept, from the first network node, subsequent non-confirmed first-key messages that are digitally signed with a first key and subsequent non-confirmed second-key messages that are digitally signed with a second key; wherein the second key is a next key in a pre-provisioned list of keys for the first and second nodes and a message digitally signed with a particular key from the pre-provisioned list of keys can be accepted using only the particular key; means for receiving a first response message from the second node acknowledging the receipt of the keychange request message; based on the first response message, means for accepting, from the second node, the subsequent non-confirmed first-key messages digitally signed with the first key and the subsequent non-confirmed second-key messages digitally signed with the second key; means for receiving a first subsequent message digitally signed with the second key from the second node; means for determining that there are no remaining first-key messages to be received digitally signed with the first key, and in response thereto, only accepting second-key messages digitally signed with the second key from the second node and sending a second subsequent message digitally signed with the second key to the second node, wherein said second subsequent message causes the second node to accept only the second-key messages digitally signed with the second key. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
25. A computer-readable medium, being a non-transitory signal, carrying one or more sequences of instructions for switching transport protocol connection keys, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
within one communication session; sending a keychange request message from a first network node to a second node, wherein said keychange request message causes the second node to accept, from the first network node, subsequent non-confirmed first-key messages that are digitally signed with a first key and subsequent non-confirmed second-key messages that are digitally signed with a second key; wherein the second key is a next key in a pre-provisioned list of keys for the first and second nodes and a message digitally signed with a particular key from the pre-provisioned list of keys can be accepted using only the particular key; receiving a first response message from the second node acknowledging the receipt of the keychange request message; based on the first response message, accepting, from the second node, the subsequent non-confirmed first-key messages digitally signed with the first key and the subsequent non-confirmed second-key messages digitally signed with the second key; receiving a first subsequent message digitally signed with the second key from the second node; determining that there are no remaining non-confirmed first-key messages to be received digitally signed with the first key, and in response thereto, only accepting second-key messages digitally signed with the second key from the second node and sending a second subsequent message digitally signed with the second key to the second node, wherein said second subsequent message causes the second node to accept only the second-key messages digitally signed with the second key. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
Specification