Encryption using alternate authentication key
First Claim
1. A computer-implemented method for changing authentication keys when transmitting data, the method comprising:
- receiving a first data packet comprising a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key;
receiving an indication that subsequent data packets will include authentication values generated using a second authentication key;
receiving a second data packet comprising a second sender-generated authentication value and an encrypted second message;
applying the second authentication key to the second data packet to generate a recipient-generated authentication value;
when the recipient-generated authentication value that is generated using the second authentication key matches the second sender-generated authentication value, decrypting the encrypted second message; and
when the recipient-generated authentication value that is generated using the second authentication key does not match the second sender-generated authentication value;
applying the first authentication key to the second data packet to generate another recipient-generated authentication value; and
when the recipient-generated authentication value that is generated using the first authentication key matches the second sender-generated authentication value, decrypting the encrypted message using the first encryption key,wherein the first authentication key and the second authentication key comprise Message Authentication Code (MAC) keys, andwherein the first authentication key and the first encryption key are included in a first cipher specification.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods for changing authentication keys when transmitting data are provided. In one aspect, a method includes receiving a first data packet including a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key, and receiving an indication that subsequent packets will include authentication values generated using a second authentication key. The method also includes receiving a second packet includes a second sender-generated authentication value and an encrypted second message, and applying the second authentication key to the second packet to generate a recipient-generated authentication value. The encrypted second message is decrypted if these two authentication values match. Otherwise, the first authentication key is applied to the second packet to generate another recipient-generated authentication value. If these two authentication values match, the encrypted message is decrypted using the first encryption key. Systems and machine-readable media are also provided.
90 Citations
18 Claims
-
1. A computer-implemented method for changing authentication keys when transmitting data, the method comprising:
-
receiving a first data packet comprising a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key; receiving an indication that subsequent data packets will include authentication values generated using a second authentication key; receiving a second data packet comprising a second sender-generated authentication value and an encrypted second message; applying the second authentication key to the second data packet to generate a recipient-generated authentication value; when the recipient-generated authentication value that is generated using the second authentication key matches the second sender-generated authentication value, decrypting the encrypted second message; and when the recipient-generated authentication value that is generated using the second authentication key does not match the second sender-generated authentication value; applying the first authentication key to the second data packet to generate another recipient-generated authentication value; and when the recipient-generated authentication value that is generated using the first authentication key matches the second sender-generated authentication value, decrypting the encrypted message using the first encryption key, wherein the first authentication key and the second authentication key comprise Message Authentication Code (MAC) keys, and wherein the first authentication key and the first encryption key are included in a first cipher specification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for changing authentication keys when transmitting data, the system comprising:
-
a memory comprising instructions; and a processor configured to execute the instructions to; receive a first data packet comprising a first sender-generated authentication value generated using a first authentication key, and a first message encrypted using a first encryption key; receive a cipher specification notification indicating that subsequent data packets will include authentication values generated using a second authentication key; receive a second data packet comprising a second sender-generated authentication value and an encrypted second message; apply the second authentication key to the second data packet to generate a recipient-generated authentication value; when the recipient-generated authentication value that is generated using the second authentication key matches the second sender-generated authentication value, decrypt the encrypted second message; and when the recipient-generated authentication value that is generated using the second authentication key does not match the second sender-generated authentication value; apply the first authentication key to the second data packet to generate another recipient-generated authentication value; and when the recipient-generated authentication value that is generated using the first authentication key matches the second sender-generated authentication value, decrypt the encrypted message using the first encryption key, wherein the first authentication key and the second authentication key comprise Message Authentication Code (MAC) keys, and wherein the first authentication key and the first encryption key are included in a first cipher specification. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory machine-readable storage medium comprising machine-readable instructions for causing a processor to execute a method for changing authentication keys when transmitting data, the method comprising:
-
receiving a first data packet comprising a first sender-generated authentication value generated using a first Message Authentication Code (MAC) authentication key, and a first message encrypted using a first encryption key; receiving a cipher specification notification message over an encrypted channel that subsequent data packets will be generated according to a second cipher specification comprising a second MAC authentication key and a second encryption key; transmitting an acknowledgement that the second cipher specification notification has been received; receiving a second data packet comprising a second sender-generated authentication value and an encrypted second message; applying the second authentication key to the second data packet to generate a recipient-generated authentication value; when the recipient-generated authentication value that is generated using the second authentication key matches the second sender-generated authentication value, decrypting the encrypted second message using the second MAC encryption key; and when the recipient-generated authentication value that is generated using the second authentication key does not match the second sender-generated authentication value; applying the first authentication key to the second data packet to generate another recipient-generated authentication value; and when the recipient-generated authentication value that is generated using the first authentication key matches the second sender-generated authentication value, decrypting the encrypted message using the first encryption key, wherein the first MAC authentication key and the first encryption key are included in a first cipher specification.
-
Specification