Hitless manual cryptographic key refresh in secure packet networks

Assignee

• Nortel Networks Limited · CA

Inventors

• Richard Gauvreau · Aylmer, CA
• Michael Aalders · Ottawa, CA
• Kim Edwards · Mississauga, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/3247
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

In a hitless manual cryptographic key refresh scheme, a state machine is independently maintained at each network node. The state machine includes a first state, a second state, and a third state. In the first state, which is the steady state, a current cryptographic key is used both for generating signatures for outgoing packets and for authenticating signatures of incoming packets. In the second state, which is entered when a new cryptographic key is provisioned, the old (i.e. formerly current) key is still used for generating signatures for outgoing packets, however one or, if necessary, both of the old key and the newly provisioned key is used for authenticating signatures of incoming packets. In the third state, the new key is used for generating signatures for outgoing packets and either one or both of the old key and new key are used for authenticating signatures of incoming packets.