Non-disruptive authentication administration

US 8,340,300 B2
Filed: 08/27/2007
Issued: 12/25/2012
Est. Priority Date: 09/17/2002
Status: Active Grant

First Claim

Patent Images

1. A method for network authentication administration, the method comprising:

by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and

for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A configurable timer may be used for seamless authentication administration. A network administrator may set the timer value. Then the network administrator may begin to update the authentication configuration or key and the timer may begin to count down. While the timer counts down, the network device may still send outgoing packets using the old authentication configuration or key and may begin to authenticate incoming packets using both the old authentication configuration or key and the new authentication configuration or key. Once it expires, the network device may begin to send outgoing packets using just the new authentication configuration or key. The counter may then be reset and counted down again. Once the counter expires a second time, the new authentication configuration or key may be used for both incoming and outgoing packets. Two-timer implementations are also possible.

30 Citations

View as Search Results

20 Claims

1. A method for network authentication administration, the method comprising:
- by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and
  
  for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the length of the first time period is substantially similar to the length of the second time period.
  - 3. The method of claim 2 wherein the length of the first time period is the same as the length of the second time period.
  - 4. The method of claim 1 whereinthe old network authentication information comprises old configuration or key information;
    - andthe new network authentication information comprises new configuration or key information.
  - 5. The method of claim 1, further comprising:
    - after the second time period, authenticating incoming network packets using the new network authentication information.

6. A nontransitory program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for network authentication administration, the method comprising:
- by a network device having a memory, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the network device with new configuration information; and
  
  for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The program storage device of claim 6 wherein the length of the first time period is substantially similar to the length of the second time period.
  - 8. The program storage device of claim 7 wherein the length of the first time period is the same as the length of the second time period.
  - 9. The program storage device of claim 6 whereinthe old network authentication information comprises old configuration or key information;
    - andthe new network authentication information comprises new configuration or key information.
  - 10. The program storage device of claim 6, the method further comprising:
    - after the second time period, authenticating incoming network packets using the new network authentication information.

11. An apparatus for network authentication administration, the apparatus comprising:
- a memory;
  
  means for, for a first time period upon receiving new network authentication information, sending outgoing network packets using old network authentication information and concurrently using both the old network authentication information and the new network authentication information to authenticate incoming network packets, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the apparatus with new configuration information; and
  
  means for, for a second time period beginning upon expiration of the first time period, sending outgoing network packets using the new network authentication information and authenticating incoming network packets using both the old network authentication information and the new network authentication information.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11 wherein the length of the first time period is substantially similar to the length of the second time period.
  - 13. The apparatus of claim 12 wherein the length of the first time period is the same as the length of the second time period.
  - 14. The apparatus of claim 11 whereinthe old network authentication information comprises old configuration or key information;
    - andthe new network authentication information comprises new configuration or key information.
  - 15. The apparatus of claim 11, further comprising:
    - means for, after the second time period, authenticating incoming network packets using the new network authentication information.

16. An apparatus for network authentication administration, the apparatus comprising:
- a memory;
  
  an outgoing packet sender configured to;
  
  for a first time period upon receiving new network authentication information, send outgoing network packets using old network authentication information, the first time period comprising an amount of time greater than or equal to a predicted amount of time to update network devices in a network containing the apparatus with new configuration information; and
  
  for a second time period beginning upon expiration of the first time period, send outgoing network packets using the new network authentication information; and
  
  an incoming packet authenticator configured to;
  
  for the first time period, concurrently use both the old network authentication information and the new network authentication information to authenticate incoming network packets; and
  
  for the second time period, authenticate incoming network packets using both the old network authentication information and the new network authentication information.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The apparatus of claim 16 wherein the length of the first time period is substantially similar to the length of the second time period.
  - 18. The apparatus of claim 17 wherein the length of the first time period is the same as the length of the second time period.
  - 19. The apparatus of claim 16 whereinthe old network authentication information comprises old configuration or key information;
    - andthe new network authentication information comprises new configuration or key information.
  - 20. The apparatus of claim 16 wherein the incoming packet authenticator is further configured to, after the second time period, authenticate incoming network packets using the new network authentication information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Foundry Networks LLC (Broadcom, Inc.)
Inventors
Lin, Felix Changmin
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US11/895,884
Publication Number

US 20070294748A1
Time in Patent Office

1,947 Days
Field of Search

380/278, 713/171, 713/726, 726/3, 726/4, 726/21
US Class Current

380/278
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 9/0891   Revocation or update of sec...

H04L 9/32   including means for verifyi...

Non-disruptive authentication administration

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Non-disruptive authentication administration

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links