| CPC H04L 9/0825 (2013.01) [H04L 9/0861 (2013.01); H04L 9/0891 (2013.01); H04L 9/3242 (2013.01)] | 17 Claims |
|
1. A method performed by a peer device in a Media Access Control Security (MACsec) group, the method comprising:
detecting that the peer device only supports a two-valued association number (AN) with which to identify secure association keys (SAKs), the two-valued AN being either a first value or a second value;
in response to detecting that the peer device only supports the two-valued AN, setting a key server priority of the peer device to a highest priority;
participating in a key server election with other peer devices in the MACsec group; and
while acting as a key server of the MACsec group:
generating a sequence of SAKs, wherein each generated SAK is identified by the two-valued AN, wherein a newly generated SAK in the sequence of SAKs is identified by the two-valued AN being set to the second value when a SAK generated immediately prior to the newly generated SAK is identified by the two-valued AN being set to the first value, and wherein the newly generated SAK is identified by the two-valued AN being set to the first value when the SAK generated immediately prior to the newly generated SAK is identified by the two-valued AN being set to the second value; and
distributing each generated SAK and the two-valued AN that identifies the generated SAK to the other peer devices in the MACsec group.
|