DISCOVERY OF SECURE NETWORK ENCLAVES
First Claim
1. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, the method comprising:
- at a host device, receiving a packet over the network;
in the host device, analyzing the packet, the analyzing comprising;
identifying a chain of one or more markers in the packet, each marker indicating an enclave;
determining an enclave in which the host device is located based on the chain of one or more markers.
2 Assignments
0 Petitions
Accused Products
Abstract
A hierarchical key generation and distribution mechanism for a computer system in which devices are organized into secure enclaves. The mechanism enables network access to be tailored to approximate minimum needed privileges for each device. At the lowest level of the hierarchy, keys are used to form security associations between devices. Keys at each level of the hierarchy are generated from keys at a higher level of the hierarchy and key derivation information. Key derivation information is readily ascertainable, either from identifiers for devices or from within messages, supporting hardware offload of cryptographic functions. Because keys may be generated based on the enclaves in which the hosts participating in a security association are located, the system includes a mechanism by which devices can discover the enclave in which they are located.
-
Citations
20 Claims
-
1. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, the method comprising:
-
at a host device, receiving a packet over the network; in the host device, analyzing the packet, the analyzing comprising; identifying a chain of one or more markers in the packet, each marker indicating an enclave; determining an enclave in which the host device is located based on the chain of one or more markers. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, the method comprising:
-
at an intermediary device configured in a network enclave, receiving a packet over the network; in the intermediary device, analyzing the packet to determine whether the packet contains a value requesting that intermediary devices place markers in packets addressed to the host; when the packet contains the value requesting that intermediary devices place markers in packets addressed to the host, appending a marker indicating an enclave to a field in at least one packet addressed to the host. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A method of operating a computer system to provide secure communications, the computer system comprising a plurality of host devices interconnected by a network and organized into enclaves, the method comprising:
-
from a first host device, sending a first packet to a second device; at one or more intermediary devices coupled in a network path between the first host and the second host, detecting the first packet and recording an indication of the first host; from the second host, sending a second packet to the first host; at each of the one or more intermediary devices, identifying the second packet based on the recorded indication of the first host and adding to the second packet an indicator of the enclave of the intermediary device; and at the first host, determining an enclave of the first host based on an indicator added by an intermediary of the one or more intermediary devices. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification