System and method for updating an encryption key across a network

摘要

Systems and methods are provided for generating subsequent encryption keys by a client device as one of a plurality of client devices across a network. Each client device is provided with the same key generation information and the same key setup information from an authentication server. Each client device maintains and stores its own key generation information and key setup information. Using its own information, each client device generates subsequent encryption keys that are common or the same across devices. These subsequent encryption keys are generated and maintained the same across devices without any further instruction or information from the authentication server or any other client device. Additionally, client devices can recover the current encryption key by synchronizing information with another client device.

主权项

1. A method for generating encryption keys by a client device, wherein the client device is one of a plurality of client devices in a network and each client device is provided with key generation information comprising computer-executable instructions for a derivation method and a derivation index adjustment, comprising:
establishing a secure channel between an authentication server and the client device; receiving from the authentication server via the secure channel key setup information comprising a derivation key, a derivation index, an initial expiration period, and an expiration interval; in response to the client device receiving the key setup information, generating an initial encryption key using the derivation method, the derivation key, and the derivation index, wherein the client device uses the initial encryption key to encrypt a first message to at least one of the plurality of client devices across the network and to decrypt a second message from one of the plurality of client devices across the network prior to expiration of the initial expiration period; in response to the client device determining that the initial expiration period has expired: generating a current derivation index by adjusting the derivation index previously received from the authentication server by the derivation index adjustment; generating a current expiration period based on the initial expiration period and the expiration interval previously received from the authentication server; and generating a subsequent encryption key using the derivation method, the derivation key previously received from the authentication server, and the current derivation index, wherein the subsequent encryption key is valid until the current expiration period expires; and in response to the client device determining that the current expiration period has expired: adjusting the current derivation index by the derivation index adjustment; updating the current expiration period by the expiration interval previously received from the authentication server; and generating a next subsequent encryption key using the derivation method, the derivation key previously received from the authentication server, and the current derivation index, wherein the next subsequent encryption key is valid until the current expiration period expires.