US 12,323,519 B1
Detecting and removing inactive encryption keys during encryption key rollover events
Jerry Kawata, Nepean (CA); and Manjunath Ramappa Tahasildar, Ottawa (CA)
Assigned to Juniper Networks, Inc., Sunnyvale, CA (US)
Filed by Juniper Networks, Inc., Sunnyvale, CA (US)
Filed on Dec. 27, 2022, as Appl. No. 18/146,638.
Int. Cl. H04L 9/08 (2006.01)
CPC H04L 9/0891 (2013.01) [H04L 9/0825 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
installing, on a first network device, a new receive encryption key;
starting, by the first network device, a first timer associated with deleting an old receive encryption key;
providing, by the first network device and to a second network device, a first message identifying the new receive encryption key;
determining, by the first network device, whether packet counts, successfully decrypted with the old receive encryption key, have changed;
determining, by the first network device, whether the first timer has expired based on the packet counts, successfully decrypted with the old receive encryption key, not changing;
determining, by the first network device, whether the new receive encryption key has successfully decrypted a packet based on the first timer expiring; and
deleting, by the first network device, the old receive encryption key from the first network device based on the new receive encryption key successfully decrypting the packet.