Method and system for disaster recovery in network systems

US 8,059,821 B1
Filed: 12/27/2006
Issued: 11/15/2011
Est. Priority Date: 12/27/2006
Status: Active Grant

First Claim

Patent Images

1. A system which maintains secure communications with a secure service despite a server-failure comprises:

a primary server operable to provide the secure service, wherein the primary server receives validation information from a user and validates the user based on the validation information;

message authentication information comprising a first portion and a second portion, wherein the primary server sends to the user the message authentication information upon validation of the user, and thereafter, the primary server receives a message from the user including at least some of the message authentication information;

a data repository generating and storing a plurality of keys;

a server failure protocol operable to detect that the primary server has failed and divert subsequent messages away from the failed primary server; and

a backup server operable to receive the diverted messages, authenticate the diverted messages, and perform a requested operation of the secure service upon authentication of the diverted messages, wherein while authenticating the diverted messages, the backup server is operable to (a) identify a particular key of the plurality of keys based on the first portion of the message authentication information included in the diverted message, (b) calculate a value using the particular key, (c) compare the value to the second portion of the message authentication information included in the diverted message, and (d) determine that the diverted message is authentic based on the comparison.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for managing and backing-up a set of security keys are disclosed. The keys are generated first at a backup site and then are transmitted from the backup site to the primary site. The primary site then uses these keys to generate message authentication code for messages generated at the primary site. A portion of the key information is transmitted to a client site in the message. The client site then provides the message authentication code back to the service in a subsequent request. The message authentication code generated at the primary site is readable by the backup site. The primary site then takes the portion of the key information and uses this to verify the received message authentication code. In alternative embodiments the actual values used for generating the message authentication code are not transmitted in the message nor are the exposed to the public side of the service.

Citations

27 Claims

1. A system which maintains secure communications with a secure service despite a server-failure comprises:
- a primary server operable to provide the secure service, wherein the primary server receives validation information from a user and validates the user based on the validation information;
  
  message authentication information comprising a first portion and a second portion, wherein the primary server sends to the user the message authentication information upon validation of the user, and thereafter, the primary server receives a message from the user including at least some of the message authentication information;
  
  a data repository generating and storing a plurality of keys;
  
  a server failure protocol operable to detect that the primary server has failed and divert subsequent messages away from the failed primary server; and
  
  a backup server operable to receive the diverted messages, authenticate the diverted messages, and perform a requested operation of the secure service upon authentication of the diverted messages, wherein while authenticating the diverted messages, the backup server is operable to (a) identify a particular key of the plurality of keys based on the first portion of the message authentication information included in the diverted message, (b) calculate a value using the particular key, (c) compare the value to the second portion of the message authentication information included in the diverted message, and (d) determine that the diverted message is authentic based on the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1 wherein the backup server only provides the secure service upon detection that the primary server has failed.
  - 3. The system of claim 1 further comprising:
    - a second protocol operable to detect that the primary site has resumed the ability to provide the secure service and direct succeeding messages to the primary server for processing.
  - 4. The system of claim 1 wherein the primary server failure is caused by at least one of:
    - a computer failure;
      
      a physical disaster; and
      
      an overflow need.
  - 5. The system of claim 1 wherein the secure service is postage generation.
  - 6. The system of claim 1 wherein the validation information comprises:
    - a user ID; and
      
      a password.
  - 7. The system of claim 1 wherein the message authentication information further comprises:
    - an expiration time.
  - 8. The system of claim 1 wherein the backup server generates the plurality of keys.
  - 9. The system of claim 1 wherein the first portion is a key ID and the second portion is a comparison value.
  - 10. The system of claim 9 wherein the key ID is a pointer.
  - 11. The system of claim 1 further comprising:
    - an active key table, located on the date repository, which stores the plurality of keys which are active; and
      
      an inactive key table, located on the data repository, which stores the plurality of keys which were previously active keys.
  - 12. The system of claim 11 wherein the backup server populates the inactive key table by rolling over the previously active keys into the inactive key table upon generating new keys for the active key table.
  - 13. The system of claim 11 wherein a diverted message of the diverted messages is not authenticated when the particular key is not stored in the active key table.
  - 14. The system of claim 11 wherein a diverted message of the diverted messages is not authenticated when the particular key is not stored in the active key table or the inactive key table.

15. A method of maintaining secure communications with a secure service despite a server-failure comprising:
- providing, by a primary server, the secure service;
  
  generating, by a backup server, a plurality of keys;
  
  storing the plurality of keys;
  
  receiving, by the primary server, validation information, and validating a user based on the received validation information;
  
  sending, to the validated user, message authentication information;
  
  detecting that the primary server has failed and thereafter providing, by a backup server, the secure service;
  
  receiving a secure service request comprising at least some of the message authentication information, wherein the received the message authentication information comprises a first portion and a second portion;
  
  directing the received secure service request to a backup server for processing;
  
  authenticating the received secure service request, wherein the authenticating comprises;
  
  identifying, based on the first portion of the received message authentication information, a particular key of the plurality of keys,calculating a value using the particular key,comparing the value to the second portion of the received message authentication information, anddetermining that the received secure service request is authentic based on the comparing; and
  
  performing, by the backup server, an operation requested in the authenticated received secure service request.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. The method of claim 15 wherein the backup server is not operable to provide the secure service while the primary server is operable to provide the secure service.
  - 17. The method of claim 15 further comprising:
    - detecting that the primary site has resumed the ability to provide the secure service and directing succeeding messages to the primary server for processing.
  - 18. The method of claim 15 wherein the primary server failure is caused by at least one of:
    - a computer failure;
      
      a physical disaster; and
      
      an overflow need.
  - 19. The method of claim 15 wherein the secure service is postage generation.
  - 20. The system of claim 15 wherein the validation information comprises:
    - a user ID; and
      
      a password.
  - 21. The method of claim 15 wherein the message authentication information further comprises:
    - an expiration time.
  - 22. The method of claim 15 wherein the first portion is a key ID and the second portion is a comparison value.
  - 23. The method of claim 15 wherein the key ID is a pointer.
  - 24. The method of claim 15 wherein the plurality of keys are stored in a table comprising:
    - an active key table, which stores the plurality of keys which are active; and
      
      an inactive key table, which stores the plurality of keys which were previously active keys.
  - 25. The method of claim 24 further comprising:
    - populating the inactive key table by rolling over the previously active keys into the inactive key table upon generating new keys for the active key table.
  - 26. The method of claim 24 further comprising:
    - denying the authentication of the diverted message when the particular key is not stored in the active key table.
  - 27. The method of claim 24 further comprising:
    - denying the authentication of the diverted message when the particular key is not stored in the active key table or the inactive key table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auctane LLC (Stamps.com, Inc.)
Original Assignee
Stamps.com, Inc.
Inventors
Begen, Geoffrey Charles
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
GUIRGUIS, MICHAEL M

Application Number

US11/616,537
Time in Patent Office

1,784 Days
Field of Search

713/156, 714/6, 714/4.11, 380/286, 726/6
US Class Current

380/286
CPC Class Codes

G06F 11/2038   with a single idle spare pr...

G06F 11/2097   maintaining the standby con...

H04L 63/068   using time-dependent keys, ...

H04L 63/20   for managing network securi...

H04L 69/40   for recovering from a failu...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/14   using a plurality of keys o...

H04L 9/3242   involving keyed hash functi...

Method and system for disaster recovery in network systems

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for disaster recovery in network systems

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links