METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL
First Claim
1. A method for authenticating network entities in a fibre channel network, the method comprising:
- receiving a fibre channel authentication message from a first network entity at a second network entity in a fibre channel network, wherein the authentication message provides information for authenticating or reauthenticating the first network entity in the fibre channel network;
determining that both the first network entity and the second network entity support security;
verifying that the first network entity corresponds to an entry in an authentication table associated with the second network entity;
receiving first network entity verification information that confirms the identify of the first network entity.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
52 Citations
25 Claims
-
1. A method for authenticating network entities in a fibre channel network, the method comprising:
-
receiving a fibre channel authentication message from a first network entity at a second network entity in a fibre channel network, wherein the authentication message provides information for authenticating or reauthenticating the first network entity in the fibre channel network; determining that both the first network entity and the second network entity support security; verifying that the first network entity corresponds to an entry in an authentication table associated with the second network entity; receiving first network entity verification information that confirms the identify of the first network entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification