Method for key rotation
First Claim
1. A method for key rotation comprising:
- initiating key rotation for a user account of a multi-factor authentication platform;
wherein the authenticating device participates in authentication by generating an authenticating message and signing the authenticating message using a first pre-existing private cryptographic key of a first pre-existing asymmetric key set;
wherein the first pre-existing asymmetric cryptographic key set includes the first pre-existing private cryptographic key and a first pre-existing public cryptographic key;
after initiating the key rotation, generating, at the authenticating device, a second symmetric cryptographic key, wherein the second symmetric cryptographic key is different from the first pre-existing symmetric cryptographic key;
signing, at the authenticating device, the second symmetric cryptographic key with the first pre-existing private cryptographic key;
transmitting, at the authenticating device, the signed second symmetric cryptographic key to the multi-factor authentication platform;
verifying, at the multi-factor authentication platform, the signed second symmetric cryptographic key using the first pre-existing public cryptographic key;
configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first pre-existing symmetric cryptographic key; and
configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
186 Citations
19 Claims
-
1. A method for key rotation comprising:
-
initiating key rotation for a user account of a multi-factor authentication platform;
wherein the authenticating device participates in authentication by generating an authenticating message and signing the authenticating message using a first pre-existing private cryptographic key of a first pre-existing asymmetric key set;
wherein the first pre-existing asymmetric cryptographic key set includes the first pre-existing private cryptographic key and a first pre-existing public cryptographic key;after initiating the key rotation, generating, at the authenticating device, a second symmetric cryptographic key, wherein the second symmetric cryptographic key is different from the first pre-existing symmetric cryptographic key; signing, at the authenticating device, the second symmetric cryptographic key with the first pre-existing private cryptographic key; transmitting, at the authenticating device, the signed second symmetric cryptographic key to the multi-factor authentication platform; verifying, at the multi-factor authentication platform, the signed second symmetric cryptographic key using the first pre-existing public cryptographic key; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first pre-existing symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for key rotation comprising:
-
initiating key rotation for a user account of a multi-factor authentication platform;
wherein the authenticating device participates in authentication by generating an authenticating message and signing the authenticating message using a first pre-existing private cryptographic key of a first pre-existing asymmetric key set;
wherein the first pre-existing asymmetric cryptographic key set includes the first pre-existing private cryptographic key and a first pre-existing public cryptographic key;after initiating the key rotation, generating, at the multi-factor authentication platform, a second symmetric cryptographic key; signing, at the multi-factor authentication platform, the second symmetric cryptographic key with the first pre-existing public cryptographic key; transmitting, at the multi-factor authentication platform, the signed second symmetric cryptographic key to the authenticating device; verifying, at the authenticating device, the signed second symmetric cryptographic key using the first pre-existing private cryptographic key; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first pre-existing symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for key rotation comprising:
-
initiating key rotation for a user account of a multi-factor authentication platform, wherein initiating key rotation comprises initiating key rotation in response to detection of a compromise of the multi-factor authentication platform;
wherein the authenticating device participates in authentication by generating an authenticating message and signing the authenticating message using a first private cryptographic key of a first asymmetric key set;
wherein the first asymmetric key set includes the first private cryptographic key and a first public cryptographic key;generating, at the authenticating device, a second symmetric cryptographic key; signing, at the authenticating device, the second symmetric cryptographic key with the first private cryptographic key; transmitting, at the authenticating device, the signed second symmetric cryptographic key to the multi-factor authentication platform; verifying, at the multi-factor authentication platform, the signed second symmetric cryptographic key using the first public cryptographic key; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.
-
Specification