PROVIDING SECURE NETWORKS

US 20160373441A1
Filed: 06/16/2015
Published: 12/22/2016
Est. Priority Date: 06/16/2015
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

determining one or more nodes in a network system with at least one port that is enabled for security enabled services;

provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key;

associating each connectivity association with a virtual service network (VSN); and

mutually authenticating nodes on each VSN based on each respective connectivity association key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations generally relate to providing secure networks. In some implementations, a method includes determining one or more nodes in a network system with at least one port that is enabled for security enabled services. The method also includes provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key. The method also includes associating each connectivity association with a virtual service network (VSN). The method also includes mutually authenticating nodes on each VSN based on each respective connectivity association key.

Citations

20 Claims

1. A computer-implemented method comprising:
- determining one or more nodes in a network system with at least one port that is enabled for security enabled services;
  
  provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key;
  
  associating each connectivity association with a virtual service network (VSN); and
  
  mutually authenticating nodes on each VSN based on each respective connectivity association key.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the one or more ports are Ethernet ports.
  - 3. The method of claim 1, further comprising enabling multiple encryption keys to be derived from the connectivity association key.
  - 4. The method of claim 1, further comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV).
  - 5. The method of claim 1, further comprising scrambling the connectivity association key.
  - 6. The method of claim 1, further comprising advertising media access control security (MACsec) capabilities for the node.
  - 7. The method of claim 1, further comprising building VSN trees based on mutual authentication.

8. A non-transitory computer-readable storage medium carrying program instructions thereon, the instructions when executed by one or more processors cause the one or more processors to perform operations comprising:
- determining one or more nodes in a network system with at least one port that is enabled for security enabled services;
  
  provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key;
  
  associating each connectivity association with a virtual service network (VSN); and
  
  mutually authenticating nodes on each VSN based on each respective connectivity association key.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein the one or more ports are Ethernet ports.
  - 10. The computer-readable storage medium of claim 8, wherein the instructions further cause the one or more processors to perform operations comprising enabling multiple encryption keys to be derived from the connectivity association key.
  - 11. The computer-readable storage medium of claim 8, wherein the instructions further cause the one or more processors to perform operations comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV).
  - 12. The computer-readable storage medium of claim 8, wherein the instructions further cause the one or more processors to perform operations comprising scrambling the connectivity association key.
  - 13. The computer-readable storage medium of claim 8, wherein the instructions further cause the one or more processors to perform operations comprising advertising media access control security (MACsec) capabilities for the node.
  - 14. The computer-readable storage medium of claim 8, wherein the instructions further cause the one or more processors to perform operations comprising building VSN trees based on mutual authentication.

15. A system comprising:
- one or more processors; and
  
  logic encoded in one or more tangible media for execution by the one or more processors and when executed operable to perform operations comprising;
  
  determining one or more nodes in a network system with at least one port that is enabled for security enabled services;
  
  provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key;
  
  associating each connectivity association with a virtual service network (VSN); and
  
  mutually authenticating nodes on each VSN based on each respective connectivity association key.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the one or more ports are Ethernet ports.
  - 17. The system of claim 15, wherein the logic when executed is further operable to perform operations comprising enabling multiple encryption keys to be derived from the connectivity association key.
  - 18. The system of claim 15, wherein the logic when executed is further operable to perform operations comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV).
  - 19. The system of claim 15, wherein the logic when executed is further operable to perform operations comprising scrambling the connectivity association key.
  - 20. The system of claim 15, wherein the logic when executed is further operable to perform operations comprising advertising media access control security (MACsec) capabilities for the node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Extreme Networks, Inc.
Original Assignee
Avaya Incorporated
Inventors
SIRIVARA, Seema

Application Number

US14/740,454
Publication Number

US 20160373441A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 9/0861   Generation of secret inform...

H04L 9/3273   for mutual authentication n...

PROVIDING SECURE NETWORKS

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING SECURE NETWORKS

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links