Method and apparatus for securing network management communications

US 20050097201A1
Filed: 10/30/2003
Published: 05/05/2005
Est. Priority Date: 10/30/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing secure network management communications within a communication network, the communication network including a plurality of network elements each adapted to generate and process legacy network management messages in conformance with a legacy management system, the method comprising the steps of:

embedding a first legacy network management message within a first Simple Network Management Protocol (SNMP) message at a first network element;

transmitting the first SNMP message over the network to a second network element; and

extracting the first legacy network management message from the first SNMP message at the second network element.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for exchanging legacy network management messages securely. Legacy management messages are embedded as a user-defined object within SNMP messages. The SNMP messages are transmitted to managed nodes using a secure version of SNMP, such as SNMPv3. The managed nodes extract and process the legacy management messages from the SNMP messages. Any legacy response message is embedded within an SNMP message and transmitted back to the management station, which extracts the legacy response for processing. The method and system thereby allow legacy network management systems to be maintained, while adding a feature which permits more secure communication of the legacy management messages.

Citations

18 Claims

1. A method of providing secure network management communications within a communication network, the communication network including a plurality of network elements each adapted to generate and process legacy network management messages in conformance with a legacy management system, the method comprising the steps of:
- embedding a first legacy network management message within a first Simple Network Management Protocol (SNMP) message at a first network element;
  
  transmitting the first SNMP message over the network to a second network element; and
  
  extracting the first legacy network management message from the first SNMP message at the second network element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the step of transmitting the first SNMP message comprises transmitting the first SNMP message in conformance with a secure version of SNMP.
  - 3. The method of claim 2 wherein the step of transmitting the first SNMP message comprises transmitting the first SNMP message in conformance with SNMP version 3 (SNMPv3).
  - 4. The method of claim 1 wherein the legacy management system provides less security than SNMP.
  - 5. The method of claim 1 comprising the further steps of:
    - generating the first legacy network management message at the first network element; and
      
      processing the first legacy network management message at the second network element.
  - 6. The method of claim 5 comprising the further steps of:
    - generating a second legacy network management message at the second network element in response to the first legacy network management message;
      
      embedding the second legacy network management message within a second SNMP message at the second network element;
      
      transmitting the second SNMP message over the network to the first network element; and
      
      extracting the second legacy network management message from the second SNMP message at the first network element.
  - 7. The method of claim 1 wherein the first network element is a management station, and wherein the second network element is a node.
  - 8. The method of claim 1 wherein the first network element is a node, and wherein the second network element is a management station.

9. A network management system within a communication network, the communication network including a management station and a node, comprising:
- a legacy interface at the management station for generating a first legacy network management message in conformance with a legacy network management protocol;
  
  a Simple Network Management Protocol (SNMP) initiator at the management station for embedding the first legacy network management message within a first SNMP message and for transmitting the first SNMP message to the node;
  
  an SNMP agent at the node for receiving the first SNMP message and for extracting the first legacy network management message from the first SNMP message; and
  
  a legacy agent at the node for processing the legacy network management message in conformance with the legacy network management protocol.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9 wherein the SNMP initiator is adapted to transmit the first SNMP message in conformance with a secure version of SNMP.
  - 11. The system of claim 10 wherein the SNMP initiator is adapted to transmit the first SNMP message in conformance with SNMP version 3 (SNMPv3).
  - 12. The system of claim 9 wherein the legacy network management protocol provides less security than SNMP.

13. A Simple Network Management Protocol (SNMP) initiator at a management station within a communication network, comprising:
- instructions for receiving a legacy network management message which conforms to a legacy network management protocol;
  
  instructions for embedding the legacy network management message within an SNMP message; and
  
  instructions for transmitting the SNMP message to a node within the communication network.
- View Dependent Claims (14)
- - 14. The SNMP initiator of claim 13 wherein the legacy network management protocol provides less security than SNMP.

15. A Simple Network Management Protocol (SNMP) agent at a node within a communication network, comprising:
- instructions for receiving a first SNMP message from a management station within a communication network;
  
  instructions for extracting a first legacy network management message from the first SNMP message, the first legacy network management message conforming to a legacy network management protocol; and
  
  instructions for sending the first legacy network management message to a legacy agent at the node.
- View Dependent Claims (16, 17, 18)
- - 16. The SNMP agent of claim 15 wherein the legacy network management protocol provides less security than SNMP.
  - 17. The SNMP agent of claim 15 further comprising:
    - instructions for receiving a second legacy network management message from the legacy agent;
      
      instructions for embedding the second legacy network management message within a second SNMP message; and
      
      instructions for transmitting the second SNMP message to the management station.
  - 18. The SNMP agent of claim 17 wherein the legacy network management protocol provides less security than SNMP.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel SA (Nokia Corporation)
Original Assignee
Alcatel SA (Nokia Corporation)
Inventors
Benhamou, Leon

Application Number

US10/695,952
Publication Number

US 20050097201A1
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/022   Multivendor or multi-standa...

H04L 41/28   Restricting access to netwo...

Method and apparatus for securing network management communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing network management communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links