US Patent 11516275 Subscription-notification mechanisms for synchronization of distributed states

A method of rotating assigned credentials for client devices registering with servers may include determining that assigned credentials for a client device are expired; in response to determining that the assigned credentials have expired, generating new credentials for the client device; sending the new credentials to the client device; generating an encrypted version of the new credentials and storing the encrypted version of the new credentials at the server during a grace period, where during the grace period the client device can be authenticated using the assigned credentials or the new credentials; and deleting the encrypted version of the new credentials at an expiration of the grace period.