Hitless manual cryptographic key refresh in secure packet networks

Assignee

• Nortel Networks Limited · CA

Inventors

• Richard Gauvreau · Aylmer, CA
• Michael Aalders · Ottawa, CA
• Kim Edwards · Mississauga, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3247
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In a hitless manual cryptographic key refresh scheme, a state machine may be independently maintained at each network node. The state machine may include a first state, a second state, and a third state. In the first state, which may be the steady state, a current cryptographic key may be used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key may still be used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key may be used for authenticating signatures of incoming packets. In the third state, the new key may be used for generating signatures for outgoing packets and either one or both of the old key and new key may be used for authenticating signatures of incoming packets.