Non-disruptive authentication administration
First Claim
1. A method for network authentication administration, the method comprising:
- by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and
for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information.
7 Assignments
0 Petitions
Accused Products
Abstract
A configurable timer may be used for seamless authentication administration. A network administrator may set the timer value. Then the network administrator may begin to update the authentication configuration or key and the timer may begin to count down. While the timer counts down, the network device may still send outgoing packets using the old authentication configuration or key and may begin to authenticate incoming packets using both the old authentication configuration or key and the new authentication configuration or key. Once it expires, the network device may begin to send outgoing packets using just the new authentication configuration or key. The counter may then be reset and counted down again. Once the counter expires a second time, the new authentication configuration or key may be used for both incoming and outgoing packets. Two-timer implementations are also possible.
30 Citations
20 Claims
-
1. A method for network authentication administration, the method comprising:
-
by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A nontransitory program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for network authentication administration, the method comprising:
-
by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for network authentication administration, the apparatus comprising:
-
a memory; means for, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the apparatus with new configuration information; and means for, for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus for network authentication administration, the apparatus comprising:
-
a memory; an outgoing packet sender configured to; for a first time period upon receiving new network authentication information, send outgoing network packets using old network authentication information, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the apparatus with new configuration information; and for a second time period beginning upon expiration of the first time period, send outgoing network packets using the new network authentication information; and an incoming packet authenticator configured to; for the first time period, concurrently use both the old network authentication information and the new network authentication information to authenticate incoming network packets; and for the second time period, authenticate incoming network packets using both the old network authentication information and the new network authentication information. - View Dependent Claims (17, 18, 19, 20)
-
Specification