Network encryption key rotation
First Claim
Patent Images
1. A method for key rotation by a headend device, the method comprising:
- providing an initial counter value to a station;
incrementing the initial counter value at the headend device based on a non-linear function to produce a headend incremented counter value; and
sending a key rotation communication from the headend device to the station, the key rotation communication comprising a new network encryption key and the headend incremented counter value, the key rotation communication to replace a previous network encryption key with the new network encryption key,wherein the headend incremented counter value authenticates the key rotation communication based, at least in part, on the headend incremented counter value matching a station incremented counter value that is derived from the initial counter value and the non-linear function.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for authenticating key rotation communications. Key rotation communications can include a key counter known to both a headend device and a station. Comparison between a local key counter and the key counter included in the key rotation communication can be used to authenticate the key rotation communication.
-
Citations
20 Claims
-
1. A method for key rotation by a headend device, the method comprising:
-
providing an initial counter value to a station; incrementing the initial counter value at the headend device based on a non-linear function to produce a headend incremented counter value; and sending a key rotation communication from the headend device to the station, the key rotation communication comprising a new network encryption key and the headend incremented counter value, the key rotation communication to replace a previous network encryption key with the new network encryption key, wherein the headend incremented counter value authenticates the key rotation communication based, at least in part, on the headend incremented counter value matching a station incremented counter value that is derived from the initial counter value and the non-linear function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for key rotation performed by a station, the method comprising:
-
receiving, at the station, an initial counter value from a headend device; receiving, at the station, a key rotation communication comprising a new network key and a headend incremented counter value, wherein the headend incremented counter value is based on the initial counter value and a non-linear function at the headend device; locally incrementing, at the station, the initial counter value based on the non-linear function to produce a station incremented counter value; and authenticating the key rotation communication based, at least in part, on comparing the headend incremented counter value and the station incremented counter value. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A headend system comprising:
-
a processor; and memory storing instructions therein which, when executed by the processor, cause the headend system to; generate a new network key; provide an initial counter value to a station; increment a previous counter value based on a non-linear function to produce a headend incremented counter value; and transmit a key rotation communication including the new network key and the headend incremented counter value to the station, wherein the headend incremented counter value authenticates the key rotation communication based, at least in part, on the headend incremented counter value matching a station incremented counter value that is derived from the initial counter value and the non-linear function. - View Dependent Claims (18, 19)
-
-
20. A station, comprising:
-
an interface to receive a key rotation communication from a headend device; a processor; and memory storing instructions therein which, when executed by the processor, cause the station to; decrypt the key rotation communication to derive a new network key and a headend incremented counter value, wherein the headend incremented counter value has been incremented by the headend device based, at least in part, on a previous counter value and a non-linear function; independently increment the previous counter value based on the non-linear function to produce a station incremented counter value; and authenticate the key rotation communication based, at least in part, on a comparison between the headend incremented counter value and the station incremented counter value.
-
Specification