Approaches for automatically switching message authentication keys
First Claim
Patent Images
1. A method, the method comprising:
- testing a date-time value received in each of a plurality of data segments on a connection at a first endpoint of two endpoints;
wherein the first endpoint of the two endpoints is configured to use the date-time value to determine when a data segment that carries the date-time value was sent by the other endpoint of the two endpoints;
wherein the plurality of data segments are received after an establishment of the connection, and wherein the date-time value represents an amount of time elapsed since the connection was established; and
selecting a next message authentication key, from among a plurality of stored message authentication keys stored at the first endpoint, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Approaches are disclosed for switching transport protocol connection keys. A method of automatically changing a message authentication key at each of two endpoints of a connection in a telecommunications network comprises testing a date-time value received in each of a plurality of data segments on the connection; and selecting a next message authentication key, from among a plurality of stored message authentication keys, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic.
33 Citations
20 Claims
-
1. A method, the method comprising:
-
testing a date-time value received in each of a plurality of data segments on a connection at a first endpoint of two endpoints; wherein the first endpoint of the two endpoints is configured to use the date-time value to determine when a data segment that carries the date-time value was sent by the other endpoint of the two endpoints; wherein the plurality of data segments are received after an establishment of the connection, and wherein the date-time value represents an amount of time elapsed since the connection was established; and selecting a next message authentication key, from among a plurality of stored message authentication keys stored at the first endpoint, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
-
a processor; a network interface coupled to the processor and coupled to the network for receiving packet flows therefrom; a volatile or non-volatile computer-readable storage medium coupled to the processor and comprising one or more stored sequences of instructions which, when executed by the processor, cause the processor to perform the steps of; testing a date-time value received in each of a plurality of data segments on a connection at a first endpoint of two endpoints; wherein the first endpoint of the two endpoints is configured to use the date-time value to determine when a data segment that carries the date-time value was sent by the other endpoint of the two endpoints; wherein the plurality of data segments are received after an establishment of the connection, and wherein the date-time value represents an amount of time elapsed since the connection was established; and selecting a next message authentication key, from among a plurality of stored message authentication keys stored at the first endpoint, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable tangible storage medium carrying one or more sequences of instructions, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
testing a date-time value received in each of a plurality of data segments on a connection at a first endpoint of two endpoints; wherein the first endpoint of the two endpoints is configured to use the date-time value to determine when a data segment that carries the date-time value was sent by the other endpoint of the two endpoints; wherein the plurality of data segments are received after an establishment of the connection, and wherein the date-time value represents an amount of time elapsed since the connection was established; and selecting a next message authentication key, from among a plurality of stored message authentication keys stored at the first endpoint, for use in authenticating subsequently received data segments, when the date-time value matches a specified characteristic. - View Dependent Claims (18, 19, 20)
-
Specification