Method and system for changing security information in a computer network

US 7,961,884 B2
Filed: 08/13/2002
Issued: 06/14/2011
Est. Priority Date: 08/13/2002
Status: Active Grant

First Claim

Patent Images

1. A method of changing encryption information in a computer network, the method comprising:

generating at least first cryptographic key information and second cryptographic key information configured for being utilized for network access, the first cryptographic key information including a first encryption key and a first identifier and the second cryptographic key information including a second encryption key and a second identifier, wherein the first and second identifiers identify the first and second cryptographic keys respectively;

determining a first validity period for the first cryptographic key information, a second validity period for the second cryptographic key information, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;

receiving, from a user device, encrypted data and one of the first and second identifiers;

identifying which one of the first and the second encryption keys has been used to encrypt the data, wherein the identifying is based on which of the first and second identifiers was received along with the encrypted; and

updating the first encryption key on the user device via the computer network with the second encryption key after the user device accesses the computer network using the first encryption key during an overlap period of the first and the second validity periods.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of, and system for, changing encryption information in a computer network is provided. The method includes providing at least first cryptographic information and second cryptographic information. A first validity period is provided for the first cryptographic information and a second validity period is provided for the second cryptographic information wherein the first and second validity periods overlap.

103 Citations

View as Search Results

33 Claims

1. A method of changing encryption information in a computer network, the method comprising:
- generating at least first cryptographic key information and second cryptographic key information configured for being utilized for network access, the first cryptographic key information including a first encryption key and a first identifier and the second cryptographic key information including a second encryption key and a second identifier, wherein the first and second identifiers identify the first and second cryptographic keys respectively;
  
  determining a first validity period for the first cryptographic key information, a second validity period for the second cryptographic key information, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;
  
  receiving, from a user device, encrypted data and one of the first and second identifiers;
  
  identifying which one of the first and the second encryption keys has been used to encrypt the data, wherein the identifying is based on which of the first and second identifiers was received along with the encrypted; and
  
  updating the first encryption key on the user device via the computer network with the second encryption key after the user device accesses the computer network using the first encryption key during an overlap period of the first and the second validity periods.
- View Dependent Claims (2)
- - 2. The method of claim 1, wherein the first cryptographic key information includes a first private/public key pair and the second cryptographic key information includes a second private/public key pair.

3. A method for processing encrypted network access credentials in a computer network, the method including:
- receiving an encrypted network access credential and one of a first identifier and a second identifier from a user device, the encrypted network access credential being encrypted using one of first and second encryption algorithms, the first encryption algorithm being valid for a first validity period and the second encryption algorithm being valid for a second validity period, the first encryption algorithm associated with the first identifier and the second encryption algorithm associated with the second identifier thereby to identify the first and second encryption algorithms respectively;
  
  identifying which one of the first and the second encryption algorithms has been used to encrypt the encrypted network access credential, wherein the identifying includes using the one of the first identifier and the second identifier as an index for finding the one of the first and the second encryption algorithms in a database storing the first and second encryption algorithms;
  
  determining, based on the first and second validity periods, that the one of the first and second encryption algorithms is valid;
  
  decrypting the encrypted network access credential using the one of the first and second encryption algorithms to form a decrypted network access credential;
  
  granting access to the network based on the decrypted network access credential; and
  
  updating the first encryption algorithm on the user device via the computer network with the second encryption algorithm after the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 3, wherein the first and second validity periods overlap and the first validity period is prior in time relative to the second validity period.
  - 5. The method of claim 3, wherein the first identifier is associated with a first private/public key pair and the second identifier is associated with a second private/public key pair.
  - 6. The method of claim 3, wherein the encrypted network access credential is user authentication data for authenticating use of the computer network by the user device, the first and the second encryption algorithms being provided on the user device, the method including:
    - identifying when the first encryption algorithm has been used to encrypt the network access credential; and
      
      decrypting the encrypted network access credential with a decryption algorithm associated with the first encryption algorithm.

7. A method of changing security information in a computer network, the method comprising:
- generating at least first security information and second security information configured for being utilized for network access, the first security information including first encryption key and a first identifier and the second security information including second encryption key and a second identifier thereby to identify the first and second security keys respectively;
  
  presenting a first validity period for the first security information, a second validity period for the second security information, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;
  
  receiving encrypted data and one of the first and second identifiers, wherein the encrypted data was encrypted using one of the first encryption key and the second encryption key;
  
  identifying, based on which one of the first and second identifiers was received, which one of the first and the second encryption keys has been used to encrypt encrypted data thereby to identify an associated decryption algorithm; and
  
  updating the first encryption key on the user device via the computer network with the second encryption key when the user device accesses the computer network using the first encryption information during an overlap period of the first and the second validity periods.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 which includes providing the first cryptographic key in the form of a first private/public key pair and the second cryptographic key in the form of a second private/public key pair.
  - 9. The method of claim 7, which includes providing the first cryptographic key is associated with a first cryptographic algorithm and the second cryptographic key in association with a second cryptographic algorithm.
  - 10. The method of claim 7, which includes providing the first and the second security information in the form of first and second user passwords.
  - 11. The method of claim 10, which includes providing a plurality of passwords with validity periods that overlap.
  - 12. The method of claim 11, which includes providing each validity period with a different expiry date so that the validity periods overlap in time.

13. A method of processing data in a computer network, the method comprising:
- receiving data from a user device, the data being secured using one of a first and second encryption algorithms, and the data including an identifier indicating the one of the first and second encryption algorithms used in securing the data;
  
  identifying, based on the identifier, which one of the first and the second encryption algorithms secures the data;
  
  determining the identified encryption algorithm that secures the data is within a validity period associated with the identified encryption algorithm;
  
  processing the data with a decryption algorithm after the determining the identified security information is within the validity period; and
  
  updating the first encryption algorithm on the user device via the computer network with the second encryption algorithm after the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.
- View Dependent Claims (14)
- - 14. The method of claim 13, wherein the encryption algorithm is associated with one of a password, and an encryption key.

15. A machine-readable medium embodying a sequence of instructions that, when executed by the machine, cause the machine to:
- generate at least first cryptographic information and second cryptographic information configured to be utilized for network access, the first cryptographic information including first encryption key and a first identifier and the second cryptographic information including second encryption key and a second identifier thereby to identify the first and second cryptographic keys respectively;
  
  present a first validity period for the first cryptographic information, a second validity period for the second cryptographic information, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;
  
  identify, based on the first and second identifiers, which one of the first and the second encryption keys has been used to encrypt encrypted data thereby to identify associated decryption information; and
  
  update the first encryption key on the user device via the computer network with the second encryption key when the user device accesses the computer network using the first encryption key during an overlap period of the first and the second validity periods.
- View Dependent Claims (16, 17, 18)
- - 16. The machine-readable medium of claim 15, wherein the first encryption key is part of a first private/public key pair and the second encryption key is part of a second private/public key pair.
  - 17. The machine-readable medium of claim 15, wherein the first encryption key is associated with a first cryptographic algorithm and the second encryption key is associated with a second cryptographic algorithm.
  - 18. The machine-readable medium of claim 15, wherein the first and the second cryptographic information includes first encryption information provided on a user device, and the first encryption information being updated on the user device via the computer network with second encryption information when the user device accesses the computer network using the first encryption information.

19. A machine-readable medium embodying a sequence of instructions that, when executed by the machine, cause the machine to:
- receive an encrypted network access credential and one of a first identifier and a second identifier from a user device, the encrypted network access credential being encrypted using one of first and second encryption algorithm, the first encryption algorithm being valid for a first validity period and the second encryption algorithm being valid for a second validity period, the first encryption algorithm being associated with the first identifier and the second encryption algorithm being associated with the second identifier thereby to identify the first and second encryption algorithms respectively;
  
  identify which one of the first and the second encryption algorithms has been used to encrypt the encrypted network access credential, wherein the identifying includes using the one of the first identifier and the second identifier as an index for finding the one of the first and the second encryption algorithms in a database storing the first and second encryption algorithms;
  
  determine, based on the first and second validity periods, that the one of the first and second encryption algorithms is valid;
  
  decrypt the encrypted network access credential using the one of the first and second encryption algorithms to form a decrypted network access credential;
  
  grant access to the network based on the decrypted network access credential; and
  
  update the first encryption algorithm on the user device via the computer network with the second encryption algorithm after the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.
- View Dependent Claims (20, 21)
- - 20. The machine-readable medium of claim 19, wherein the first identifier is associated with a first private/public key pair and the second identifier is associated with a second private/public key pair.
  - 21. The machine-readable medium of claim 19, wherein the encrypted network access credential is user authentication data for authenticating use of the computer network by the user device, the first and the second encryption algorithms being provided on the user device, and the machine-readable medium further including a sequence of instructions that, when executed by the machine cause the machine to:
    - identify when the first encryption algorithm has been used to encrypt the network access credential; and
      
      decrypt the encrypted network access credential with decryption information associated with the first encryption algorithm.

22. A machine-readable medium embodying a sequence of instructions that, when executed by the machine cause the machine to:
- generate at least first security information and second security information configured to be utilized for network access, the first security information including a first encryption key and a first identifier and the second security information including a second encryption key and a second identifier thereby to identify the first and second security keys respectively;
  
  present a first validity period for the first encryption key, a second validity period for the second encryption key, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;
  
  receiving encrypted data and one of the first and second identifiers, wherein the encrypted data was encrypted using one of the first encryption key and the second encryption key;
  
  identify, based on which one of the first and second identifiers was received, which one of the first and the second encryption keys has been used to encrypt encrypted data thereby to identify associated decryption key; and
  
  updating the first encryption key on the user device via the computer network with the second encryption key when the user device accesses the computer network using the first encryption key during an overlap period of the first and the second validity periods.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The machine-readable medium of claim 22, wherein the first encryption key is associated with a first private/public key pair and the second encryption key is associated with a second private/public key pair.
  - 24. The machine-readable medium of claim 22, wherein the first encryption key is associated with a first cryptographic algorithm and the second encryption key is associated a second cryptographic algorithm.
  - 25. The machine-readable medium of claim 22, wherein the first and second security information include first and second user passwords.
  - 26. The machine-readable medium of claim 25, wherein a plurality of passwords is provided with validity periods that overlap.
  - 27. The machine-readable medium of claim 26, wherein each validity period is provided with a different expiry date so that the validity periods overlap in time.

28. A machine-readable medium embodying a sequence of instructions that, when executed by the machine cause the machine to:
- receive data from a user device, the data being secured using one of first and second security algorithms, and the data including an identifier indicating the one of the first and second security algorithms used in securing the data;
  
  identify, based on the identifier, which one of the first and the second security algorithms secures the data;
  
  determine if the identified security algorithms that secures the data is within a validity period associated with the security algorithm;
  
  process the data with the identified security algorithm after the determining the identified security algorithm is within the validity period; and
  
  updating the first encryption on the user device via the computer network with the second encryption algorithm when the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.
- View Dependent Claims (29)
- - 29. The machine-readable medium of claim 28, wherein the security algorithm is associated with at least one of a password, an encryption algorithm, and an encryption key.

30. A computer system comprising:
- an encryption module configured togenerate at least first cryptographic information and second cryptographic information configured to be utilized for network access, the first cryptographic information including first encryption key and a first identifier and the second cryptographic information including second encryption key and a second identifier thereby to identify the first and second cryptographic information respectively;
  
  receive encrypted data and one of the first or second identifiers, wherein the encrypted data was encrypted using one of the first encryption key and the second encryption key;
  
  a customization tool to present a first validity period for the first cryptographic information, a second validity period for the second cryptographic information, an expiry date for the first validity period, and an expiry date for the second validity period, wherein the expiry date of the first validity period precedes the expiry date of the second validity period so that the first and second validity periods overlap in time;
  
  an identification module to identify, based on which one of the first and second identifiers has been received, which one of the first and the second encryption keys has been used to encrypt encrypted data thereby to identify associated decryption information; and
  
  an update module to update the first encryption information on the user device via the computer network with the second encryption information when the user device accesses the computer network using the first encryption information during an overlap period of the first and the second validity periods.
- View Dependent Claims (31)
- - 31. The system of claim 30, wherein the first validity period is provided with an expiry date that precedes an expiry date of the second validity period so that the first and second validity periods overlap in time.

32. A computer system comprising:
- a network server to receive encrypted network access credentials and one of a first identifier and a second identifier from a user device, the encrypted network access credential being encrypted using one of first and second encryption algorithm, the first encryption algorithm being valid for a first validity period and the second encryption algorithm being valid for a second validity period, the first encryption algorithm associated with the first identifier and the second encryption algorithm associated with the second identifier thereby to identify the first and second encryption algorithms respectively;
  
  a network connection module to identify which one of the first and the second encryption algorithms has been used to encrypt the encrypted network access credential, wherein the identifying includes using the one of the first identifier and the second identifier as an index for finding the one of the first and the second encryption algorithms in a database storing the first and second encryption algorithms;
  
  a validity determination module to determine, based on the first and second validity periods, that the one of the first and second encryption algorithms is valid;
  
  a decryption module to decrypt the encrypted network access credential using the one of the first and second encryption algorithm to form a decrypted network access credential;
  
  an access granting module to grant access to the network based on the decrypted network access credential; and
  
  an update module to update the first encryption algorithm on the user device via the computer network with the second encryption algorithm after the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.

33. A computer system comprising:
- means for receiving an encrypted network access credential and one of a first identifier and a second identifier from a user device, the encrypted network access credential being encrypted using one of a first and second encryption algorithms, the first encryption algorithm being valid for a first validity period and the second encryption algorithm being valid for a second validity period, the first encryption algorithm associated with the first identifier and the second encryption algorithm associated with the second identifier thereby to identify the first and second encryption algorithm respectively;
  
  means for identifying which one of the first and the second encryption algorithms has been used to encrypt the encrypted network access credential, wherein the identifying includes using the one of the first identifier and the second identifier as an index for finding the one of the first and the second encryption algorithms in a database storing the first and second encryption algorithm;
  
  means for determining, based on the first and second validity periods, that the one of the first and second encryption algorithms is valid;
  
  means for decrypting the encrypted network access credential using the one of the first and second encryption algorithms to form a decrypted network access credential;
  
  means for granting access to the network based on the decrypted network access credential; and
  
  means for updating the first encryption algorithm on the user device via the computer network with the second encryption algorithm when after the user device accesses the computer network using the first encryption algorithm during an overlap period of the first and the second validity periods.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Channel IP BV
Original Assignee
Ipass Incorporated (Pareteum Corp.)
Inventors
Sunder, Singam, Edgett, Jeff Steven
Primary Examiner(s)
LaForgia; Christian
Assistant Examiner(s)
Tolentino; Roderick

Application Number

US10/218,961
Publication Number

US 20040034771A1
Time in Patent Office

3,227 Days
Field of Search

380/277, 380/278, 380/279, 380/259, 726/1, 726/2, 713/171, 705/71
US Class Current

380/277
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

G06F 2221/2137   Time limited access, e.g. t...

G06Q 20/14   specially adapted for billi...

G06Q 20/3829   involving key management

H04L 63/0457   wherein the sending and rec...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0892   by using authentication-aut...

H04L 63/108   when the policy decisions a...

Method and system for changing security information in a computer network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

Method and system for changing security information in a computer network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others