METHOD FOR KEY ROTATION

摘要

A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.

主权项

1. A method for key rotation comprising:
initiating key rotation for a user account of a multi-factor authentication platform; wherein an authenticating device associated with the user account may participate in authentication by generating a one-time password using a first symmetric cryptographic key; wherein the authenticating device may alternatively participate in authentication by generating an authenticating message and signing the authenticating message using a first private cryptographic key of a first asymmetric key set; wherein the first asymmetric key set includes the first private cryptographic key and a first public cryptographic key; generating, at the authenticating device, a second symmetric cryptographic key; signing, at the authenticating device, the second symmetric cryptographic key with the first private cryptographic key; transmitting, at the authenticating device, the signed second symmetric cryptographic key to the multi-factor authentication platform; verifying, at the multi-factor authentication platform, the signed second symmetric cryptographic key using the first public cryptographic key; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key.