Using Security Levels in Optical Network

US 20150128223A1
Filed: 06/11/2012
Published: 05/07/2015
Est. Priority Date: 06/11/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method of path computation through nodes of a communications network from an ingress node to an egress node, to meet a desired security level against unauthorised physical access to the path, the method having the steps of:

receiving a request for selection of a new path through the nodes and links of the network, using a record of a connectivity of the nodes and links and having indications of a security level associated with at least some parts of the nodes and links, the security level being indicative of security against unauthorised physical access to the path, andselecting the path according to at least the indications of security level, and according to the desired security level for the path.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Path computation through nodes of a communications network to meet a desired security level against unauthorised physical access to the path, involves receiving a request (200) for selection of a new path, and using a record (210) of connectivity of the nodes and links with indications of a security level against unauthorised physical access to the path. This can enable the path routing to be made so as to assure a given level of security of the underlying hardware of nodes and links, in networks where not all parts can provide such security. Nodes can report their current security levels to update the record. A previously selected path can be validated by comparing indicated current security levels of the nodes of the path with the desired security level.

24 Citations

View as Search Results

20 Claims

1. A method of path computation through nodes of a communications network from an ingress node to an egress node, to meet a desired security level against unauthorised physical access to the path, the method having the steps of:
- receiving a request for selection of a new path through the nodes and links of the network, using a record of a connectivity of the nodes and links and having indications of a security level associated with at least some parts of the nodes and links, the security level being indicative of security against unauthorised physical access to the path, andselecting the path according to at least the indications of security level, and according to the desired security level for the path.
- View Dependent Claims (2, 3, 4, 5, 6, 16)
- - 2. The method of claim 1 having the step of passing updates of current security levels from the nodes to the record to update the record.
  - 3. The method of claim 1, at least one of the links having wavelength division multiplexed channels, and the indications of a security level of at least some parts of the nodes and links comprising an indication of a security level of at least one of the wavelength multiplexed channels, and the method having the step of allocating a wavelength multiplex channel according to the indications.
  - 4. The method of claim 1, having the step of sending to a network management system a report of security levels of constituent parts of the chosen path based on the indications.
  - 5. The method of claim 1, having the step of sending traffic along the selected path.
  - 6. The method of claim 1, having the subsequent step of setting up the chosen path by sending messages to the nodes along the path, and validating the security level at at least some of the nodes along the path.
  - 16. Apparatus for a communications network, configured to carry out the method of claim 1.

7. A method of validating a chosen path through nodes of a communications network from an ingress node to an egress node, to meet a desired security level for the path against unauthorised physical access to the path, having the steps of:
- sending a request to each of the nodes of the chosen path to indicate a security level for at least part of the path through that node, the security level being indicative of security against unauthorised physical access to the path andcomparing the indicated security levels for the nodes with the desired level to validate the chosen path.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7 having the step of passing the indicated security levels to the ingress node, and carrying out the comparing at the ingress node.
  - 9. The method of claim 7, having the step of carrying out the comparing step at the respective node, and sending a result of the comparison to the ingress node.
  - 10. The method of claim 7, the request comprising an RSVP path message, and having the step of sending the indication from each node to the ingress node using an RESV message.

11. A method of reporting a current security level at a node to a record of a connectivity of nodes and links of a communications network, the record also having indications of security levels associated with at least some parts of the nodes and links, the method having the steps of:
- detecting at the node a current level of security against unauthorised physical access to parts of a path through the node, andsending an indication of the detected current level of security to the record, for updating the record with the current security level.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, the indications of security level comprising an indication of one of at least three possible levels of security.
  - 13. The method of claim 11, wherein one of the levels of security comprises whether the respective node has a guard device operating to prevent unauthorised reconfiguration of an output port of the node to leak an optical signal which is broadcast by the node to all output ports and normally blocked at all but a desired one of the output ports.
  - 14. The method of claim 11, wherein the network is an optical network, and one of the levels of security comprises whether the respective node has a physical block operating to prevent unauthorised access to an optical path of a spare output port to which an optical signal is normally broadcast.
  - 15. The method of claim 11, the network having at least one link having wavelength division multiplexed channels, and the indication of a security level comprising an indication of a security level of at least one of the wavelength multiplexed channels.

17. A node of a communications network configured to cooperate with a remote path computation element to validate a chosen path through nodes of the communications network from an ingress node to an egress node, to meet a desired security level for the path against unauthorised physical access to the path, the node having:
- a security level monitoring part configured to detect a current level of security against unauthorised physical access to parts of the chosen path through the node,an interface part configured to receive a request from the path computation element for an indication of the current security level for at least part of the chosen path through that node, and configured to send the indication to the path computation element in response to the request.
- View Dependent Claims (18, 19)
- - 18. The node of claim 17, having a comparator configured to compare the current level of security with the desired level in response to the request, and the interface part being configured to send the result of the comparison as the indication of the current level of security for this part of the chosen path.
  - 19. The node of claim 17, the request comprising an RSVP path message, and node being configured to send the indication by sending an RESV message to the ingress node.

20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Magri, Roberto, Bottari, Giulio

Application Number

US14/406,907
Publication Number

US 20150128223A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04J 14/0267   Optical signaling or routing

H04L 45/42   Centralised routing

H04L 63/10   for controlling access to d...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Using Security Levels in Optical Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using Security Levels in Optical Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links