SECURE CONFIGURATION OF AUTHENTICATION SERVERS

US 20090287732A1
Filed: 05/19/2008
Published: 11/19/2009
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method for configuring an authentication server comprising:

assigning a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node;

generating a data structure comprising the assigned secrets;

securing the data structure; and

sending the data structure to an authentication server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

57 Citations

View as Search Results

25 Claims

1. A method for configuring an authentication server comprising:
- assigning a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node;
  
  generating a data structure comprising the assigned secrets;
  
  securing the data structure; and
  
  sending the data structure to an authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising integrating the data structure into an authentication server database.
  - 3. The method of claim 1, wherein securing the data structure comprises encrypting the data structure.
  - 4. The method of claim 1, wherein encrypting the data structure comprises encrypting the data structure with a password used for communications with the authentication server or a derivation thereof.
  - 5. The method of claim 1, wherein securing the data structure comprises embedding the data structure within a second data structure through the use of steganography.
  - 6. The method of claim 1, further comprising generating the plurality of secrets.
  - 7. The method of claim 1, wherein the assigning, generating a data structure, securing and sending are performed by an authentication management application executed at a computer that is distinct from the authentication server.
  - 8. The method of claim 1, further comprising associating each secret with a unique name of a node the secret is assigned to and saving the associated names in the data structure.
  - 9. The method of claim 1, wherein the network comprises a storage area network.
  - 10. The method of claim 9, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.
  - 11. The method of claim 1, further comprising:
    - obtaining the assigned secrets from the data structure by the authentication server; and
      
      using the assigned secrets by the authentication server to perform authentication for the plurality of nodes.

12. A computer readable medium comprising computer executable instructions configured to cause a processor to perform a method for configuring an authentication server, the method comprising:
- assigning a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node;
  
  generating a data structure comprising the assigned secrets;
  
  securing the data structure; and
  
  sending the data structure to an authentication server.
- View Dependent Claims (13, 14, 15)
- - 13. The computer readable medium of claim 12, wherein the method further comprises generating the plurality of secrets.
  - 14. The computer readable medium of claim 12, wherein the computer executable instructions are part of an authentication management application, and the processor is part of a computer that is distinct from the authentication server.
  - 15. The computer readable medium of claim 12, wherein the method further comprises associating each secret with a unique name of a node the secret is assigned to and saving the associated names in the data structure.

16. A device comprising a processor and a memory, the memory comprising a plurality of instructions executable at the processor and configured to cause the processor to:
- assign a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node;
  
  generate a data structure comprising the assigned secrets;
  
  secure the data structure; and
  
  send the data structure to an authentication server.

17. The device of claim 17, wherein the instructions are further configured to cause the processor to generate or otherwise establish the plurality of secrets.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The device of claim 17, wherein the instructions are part of an authentication management application, and the device is distinct from the authentication server.
  - 19. The device of claim 17, wherein the instructions are further configured to cause the processor to associate each secret with a unique name of a node the secret is assigned to and save the associated names in the data structure.
  - 20. The device of claim 17, wherein the network comprises a storage area network.
  - 21. The device of claim 17, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.
  - 22. A storage area network comprising the device of claim 17.
  - 23. A Fibre Channel network comprising the device of claim 17.

24. A network comprising:
- a plurality of nodes;
  
  a computer executing an authentication management application; and
  
  an authentication server,wherein the computer executing the authentication management application is configured toassign a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node,generate a data structure comprising the assigned secrets,secure the data structure, andsend the data structure to an authentication server; and
  
  the authentication server is configured toobtain the assigned secrets from the data structure, anduse the assigned secrets to perform authentication for the plurality of nodes.

25. The network of claim 25, wherein the network is selected from the group consisting of a Fibre Channel network and an iSCSI network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Emulex Design & Manufacturing Corp. (Broadcom, Inc.)
Inventors
HOFER, Larry Dean

Granted Patent

US 8,515,996 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/955   using information identifie...

G06F 21/602   Providing cryptographic fac...

H04L 41/0856   by backing up or archiving ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

SECURE CONFIGURATION OF AUTHENTICATION SERVERS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE CONFIGURATION OF AUTHENTICATION SERVERS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links