Cloud authentication of layer 2-connected member devices via an IP-connected active device

US 10,341,117 B2
Filed: 07/18/2017
Issued: 07/02/2019
Est. Priority Date: 12/22/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a first network device to a second network device, a request to authenticate the first network device with a cloud management platform, wherein the first network device is connected to the second network device via a Layer 2 connection, and wherein the second network device is connected to the cloud management platform via an IP (Internet Protocol) connection;

receiving, by the first network device from the second network device, an encrypted nonce generated by the cloud management platform in response to the request, the encrypted nonce being encrypted using a public key of the first network device;

decrypting, by the first network device, the encrypted nonce using a private key of the first network device to generate a decrypted nonce;

transmitting, by the first network device, the decrypted nonce to the second network device; and

receiving, by the first network device from the second network device, a token generated by the cloud management platform indicating that the first network device has been authenticated, wherein the first network device is a member switch in a stacking system and wherein the second network device is an active or master switch in the stacking system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for enabling cloud authentication of Layer 2-connected member devices via an IP-connected active device are provided. In one set of embodiments, the member device can transmit, to the active device, a request to authenticate the member device with a cloud management platform. The member device can further receive, from the active device, an encrypted nonce generated by the cloud management platform in response to the request, where the encrypted nonce is encrypted using a public key of the member device. The member device can decrypt the encrypted nonce using a private key of the member device to generate a decrypted nonce and can transmit the decrypted nonce to the active device. The member device can then receive, from the active device, a token generated by the cloud management platform indicating that the member device has been authenticated by the platform.

5 Citations

View as Search Results

18 Claims

1. A method comprising:
- transmitting, by a first network device to a second network device, a request to authenticate the first network device with a cloud management platform, wherein the first network device is connected to the second network device via a Layer 2 connection, and wherein the second network device is connected to the cloud management platform via an IP (Internet Protocol) connection;
  
  receiving, by the first network device from the second network device, an encrypted nonce generated by the cloud management platform in response to the request, the encrypted nonce being encrypted using a public key of the first network device;
  
  decrypting, by the first network device, the encrypted nonce using a private key of the first network device to generate a decrypted nonce;
  
  transmitting, by the first network device, the decrypted nonce to the second network device; and
  
  receiving, by the first network device from the second network device, a token generated by the cloud management platform indicating that the first network device has been authenticated, wherein the first network device is a member switch in a stacking system and wherein the second network device is an active or master switch in the stacking system.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the first network device does not have IP connectivity to the cloud management platform.
  - 3. The method of claim 1 wherein the token includes an identifier of the first network device, a timer value, and an electronic signature created via a public key of the cloud management platform.
  - 4. The method of claim 3 wherein the timer value indicates a time period over which the authentication of the first network device is valid.
  - 5. The method of claim 3 further comprising:
    - initiating a timer in accordance with the timer value; and
      
      upon expiration of the timer, transmitting the token to the second network device.
  - 6. The method of claim 5 wherein, upon receiving the token, the second 2 network device is configured to:
    - decrypt the electronic signature included in the SVT using a public key of the cloud management platform, the decrypted electronic signature including an identifier of the first network device;
      
      determining whether the identifier included in the decrypted electronic signature is correct; and
      
      if the identifier is correct, transmitting a message to the first network device indicating that the first network device has been re-authenticated.

7. A non-transitory computer-readable storage medium having stored therein instructions executable by a first network device, the instructions causing the first network device to:
- transmit, to a second network device, a request to authenticate the first network device with a cloud management platform, wherein the first network device is connected to the second network device via a Layer 2 connection, and wherein the second network device is connected to the cloud management platform via an IP (Internet Protocol) connection;
  
  receive, from the second network device, an encrypted nonce generated by the cloud management platform in response to the request, the encrypted nonce being encrypted using a public key of the first network device;
  
  decrypt the encrypted nonce using a private key of the first network device to generate a decrypted nonce;
  
  transmit the decrypted nonce to the second network device; and
  
  receive, from the second network device, a token generated by the cloud management platform indicating that the first network device has been authenticated, wherein the first network device is a member switch in a stacking system and wherein the second network device is an active or master switch in the stacking system.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable storage medium of claim 7 wherein 2 the first network device does not have IP connectivity to the cloud management platform.
  - 9. The non-transitory computer-readable storage medium of claim 7 wherein 2 the token includes an identifier of the first network device, a timer value, and an electronic signature created via a public key of the cloud management platform.
  - 10. The non-transitory computer-readable storage medium of claim 9 wherein the timer value indicates a time period over which the authentication of the first network device is valid.
  - 11. The non-transitory computer-readable storage medium of claim 9 wherein the instructions further cause the first network device to:
    - initiate a timer in accordance with the timer value; and
      
      upon expiration of the timer, transmit the token to the second network device.
  - 12. The non-transitory computer-readable storage medium of claim 11 wherein, upon receiving the token, the second network device is configured to:
    - decrypt the electronic signature included in the SVT using a public key of the cloud management platform, the decrypted electronic signature including an identifier of the first network device;
      
      determine whether the identifier included in the decrypted electronic signature is correct; and
      
      if the identifier is correct, transmit a message to the first network device indicating that the first network device has been re-authenticated.

13. A network device comprising:
- a processor; and
  
  a memory having stored therein program code that, when executed, causes the processor to;
  
  transmit, to another network device, a request to authenticate the network 6 device with a cloud management platform, wherein the network device is connected to said 7 another network device via a Layer 2 connection, and wherein said another network device is 8 connected to the cloud management platform via an IP (Internet Protocol) connection;
  
  receive, from said another network device, an encrypted nonce generated by the cloud management platform in response to the request, the encrypted nonce being encrypted using a public key of the network device;
  
  decrypt the encrypted nonce using a private key of the network device to generate a decrypted nonce;
  
  transmit the decrypted nonce to said another network device; and
  
  receive, from said another network device, a token generated by the cloud management platform indicating that the network device has been authenticated,wherein the network device is a member switch in a stacking system and wherein the said another network device is an active or master switch in the stacking system.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The network device of claim 13 wherein the network device does not have IP connectivity to the cloud management platform.
  - 15. The network device of claim 13 wherein the token includes an identifier of the network device, a timer value, and an electronic signature created via a public key of the cloud management platform.
  - 16. The network device of claim 15 wherein the timer value indicates a time period over which the authentication of the network device is valid.
  - 17. The network device of claim 15 wherein the program code further causes the processor to:
    - initiate a timer in accordance with the timer value; and
      
      upon expiration of the timer, transmit the token to said another network device.
  - 18. The network device of claim 17 wherein, upon receiving the token, said another network device is configured to:
    - decrypt the electronic signature included in the SVT using a public key of the cloud management platform, the decrypted electronic signature including an identifier of the network device;
      
      determine whether the identifier included in the decrypted electronic signature is 7 correct; and
      
      8 if the identifier is correct, transmit a message to the network device indicating that 9 the network device has been re-authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ruckus IP Holdings LLC
Original Assignee
ARRIS Enterprises LLC (CommScope Holding Company, Inc.)
Inventors
Sharma, Suman
Primary Examiner(s)
Gracia, Gary S

Application Number

US15/653,104
Publication Number

US 20180183604A1
Time in Patent Office

714 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Cloud authentication of layer 2-connected member devices via an IP-connected active device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud authentication of layer 2-connected member devices via an IP-connected active device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links