Handling key rotation problems
First Claim
1. A method comprising:
- generating, via a processor of a computing device, a new key pair having a new public key and a new private key;
retaining a copy of an old key pair having an old public key and and an old private key so the old public key and the old private key are not lost when the new private key and new public key are installed;
installing the new public key at all locations where the old public key resides;
installing the new private key at all locations where the old private key resides;
testing the new key pair to identify whether the keys function properly; and
responsive to detecting the keys are not functioning properly, performing key rollback by reinstalling the old private key and discontinuing use of the new private key.
7 Assignments
0 Petitions
Accused Products
Abstract
Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into trust sets and policies may apply at any level within the key store. Policies may identify when to rotate key sets. When rotating key sets, a new public key and a new private key may be generated. The new public/private keys may be installed at locations where the old public/private keys reside. As the new public/private keys are installed, they may be tested. If problems with the new public/private keys occur, the new public/private keys may be rolled back to the old public/private keys for locations experiencing problems. Remedial action may then be taken to resolve the problems.
33 Citations
20 Claims
-
1. A method comprising:
-
generating, via a processor of a computing device, a new key pair having a new public key and a new private key; retaining a copy of an old key pair having an old public key and and an old private key so the old public key and the old private key are not lost when the new private key and new public key are installed; installing the new public key at all locations where the old public key resides; installing the new private key at all locations where the old private key resides; testing the new key pair to identify whether the keys function properly; and responsive to detecting the keys are not functioning properly, performing key rollback by reinstalling the old private key and discontinuing use of the new private key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
memory; a processor microprocessor coupled to the memory; executable instructions, that when executed on the processor, configure the system to at least; generate a new key pair having a new public key and a new private key; install the new public key at all locations where an old public key resides, the installation of the new public key comprising prepending the new public key to at least some instances of the old public key; install the new private key at all locations where an old private key resides; test the new key pair to identify whether the keys function properly; and detect a problem with the new public key, the new private key, or the new public key and the new private key, and, responsive to detecting a problem, reinstall the old private key resulting in key rollback. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A machine-readable storage media containing executable instructions that, when executed, configure a system to at least:
-
generate a new key pair having a new public key and a new private key; install the new public key at all locations where an old public key resides; install the new private key at all locations where an old private key resides; test the new key pair to identify whether the keys function properly; detect a problem with the new public key, the new private key, or the new public key and the new private key, and, responsive to detecting a problem, identifying whether the problem was detected within a key rollback time period; and responsive to the problem being detected within the key rollback time period, reinstall the old private key resulting in key rollback. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification