| US 7,581,093 B2 | ||
| Hitless manual cryptographic key refresh in secure packet networks | ||
| Richard Gauvreau, Aylner (Canada); Michael Aalders, Nepean (Canada); and Kim Edwards, Orleans (Canada) | ||
| Assigned to Nortel Networks Limited, St. Laurent, Quebec (Canada) | ||
| Filed on Dec. 22, 2003, as Appl. No. 10/740,416. | ||
| Prior Publication US 2005/0138352 A1, Jun. 23, 2005 | ||
| Int. Cl. H04L 29/06 (2006.01) | ||
| U.S. Cl. 713—153 [713/160; 713/176; 713/180; 726/3; 726/12; 726/13; 726/14; 380/28; 380/278] | 31 Claims |
| 1. A computer-readable medium storing instructions which, when executed by a network node in a system wherein cryptographic
keys are manually refreshed, cause said node to:
use cryptographic keys according to a first state, a second state, and a third state, said network node in said first state
using a current cryptographic key in respect of outgoing packets and incoming packets, said network node in said second state
using said current cryptographic key in respect of outgoing packets and using at least one of said current cryptographic key
and a new cryptographic key in respect of incoming packets, said network node in said third state using said new cryptographic
key in respect of outgoing packets and using at least one of said current cryptographic key and said new cryptographic key
in respect of incoming packets;
transition from said first state to said second state upon being provisioned with said new cryptographic key;
commence a delay period upon said transition from said first state into said second state;
transition from said second state to said third state upon the elapsing of said delay period in said second state without
receipt of a packet in respect of which said new cryptographic key has been used; and
upon receipt, while in said second state during said delay period, of a packet in respect of which said new cryptographic
key has been used, transition from said second state to said first state and use said new cryptographic key as the current
cryptographic key.
|