Method and system for disaster recovery in network systems
First Claim
1. A system which maintains secure communications with a secure service despite a server-failure comprises:
- a primary server operable to provide the secure service, wherein the primary server receives validation information from a user and validates the user based on the validation information;
message authentication information comprising a first portion and a second portion, wherein the primary server sends to the user the message authentication information upon validation of the user, and thereafter, the primary server receives a message from the user including at least some of the message authentication information;
a data repository generating and storing a plurality of keys;
a server failure protocol operable to detect that the primary server has failed and divert subsequent messages away from the failed primary server; and
a backup server operable to receive the diverted messages, authenticate the diverted messages, and perform a requested operation of the secure service upon authentication of the diverted messages, wherein while authenticating the diverted messages, the backup server is operable to (a) identify a particular key of the plurality of keys based on the first portion of the message authentication information included in the diverted message, (b) calculate a value using the particular key, (c) compare the value to the second portion of the message authentication information included in the diverted message, and (d) determine that the diverted message is authentic based on the comparison.
5 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing and backing-up a set of security keys are disclosed. The keys are generated first at a backup site and then are transmitted from the backup site to the primary site. The primary site then uses these keys to generate message authentication code for messages generated at the primary site. A portion of the key information is transmitted to a client site in the message. The client site then provides the message authentication code back to the service in a subsequent request. The message authentication code generated at the primary site is readable by the backup site. The primary site then takes the portion of the key information and uses this to verify the received message authentication code. In alternative embodiments the actual values used for generating the message authentication code are not transmitted in the message nor are the exposed to the public side of the service.
-
Citations
27 Claims
-
1. A system which maintains secure communications with a secure service despite a server-failure comprises:
-
a primary server operable to provide the secure service, wherein the primary server receives validation information from a user and validates the user based on the validation information; message authentication information comprising a first portion and a second portion, wherein the primary server sends to the user the message authentication information upon validation of the user, and thereafter, the primary server receives a message from the user including at least some of the message authentication information; a data repository generating and storing a plurality of keys; a server failure protocol operable to detect that the primary server has failed and divert subsequent messages away from the failed primary server; and a backup server operable to receive the diverted messages, authenticate the diverted messages, and perform a requested operation of the secure service upon authentication of the diverted messages, wherein while authenticating the diverted messages, the backup server is operable to (a) identify a particular key of the plurality of keys based on the first portion of the message authentication information included in the diverted message, (b) calculate a value using the particular key, (c) compare the value to the second portion of the message authentication information included in the diverted message, and (d) determine that the diverted message is authentic based on the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of maintaining secure communications with a secure service despite a server-failure comprising:
-
providing, by a primary server, the secure service; generating, by a backup server, a plurality of keys; storing the plurality of keys; receiving, by the primary server, validation information, and validating a user based on the received validation information; sending, to the validated user, message authentication information; detecting that the primary server has failed and thereafter providing, by a backup server, the secure service; receiving a secure service request comprising at least some of the message authentication information, wherein the received the message authentication information comprises a first portion and a second portion; directing the received secure service request to a backup server for processing; authenticating the received secure service request, wherein the authenticating comprises; identifying, based on the first portion of the received message authentication information, a particular key of the plurality of keys, calculating a value using the particular key, comparing the value to the second portion of the received message authentication information, and determining that the received secure service request is authentic based on the comparing; and performing, by the backup server, an operation requested in the authenticated received secure service request. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification