Patent attributes
There is provided a system and method for managing authentication cookie encryption keys. The system comprises a computing device including a memory with authentication data having a key identifier and encrypted data with a session identifier. The key identifier references a key having a validity period, the key capable of decrypting the authentication data. A processor of the computing device can respond to user requests for information by retrieving the authentication data and transmitting it to a server. The server can then authenticate the user by verifying the encrypted session identifier using the referenced key. There is also provided a method by which a key server can manage encryption keys. The key server receives an encryption key having a validity period, receives a validity request, confirms or rejects the validity of the encryption key, and automatically invalidates the encryption key upon expiration of the validity period.
