HARDWARE ROOT OF TRUST (HROT) FOR SOFTWARE-DEFINED NETWORK (SDN) COMMUNICATIONS

US 20170048242A1
Filed: 10/24/2016
Published: 02/16/2017
Est. Priority Date: 03/19/2015
Status: Active Grant

First Claim

Patent Images

1. A method of operating a Software-Defined Network (SDN) to determine hardware trust for SDN communications, the method comprising:

an SDN probe system transferring network probe packets having an originating address, a destination address, and a Hardware Root-of-Trust (HRoT) reporting parameter;

a plurality of SDN flow controllers receiving the network probe packets through SDN input interfaces, routing the probe packets from the SDN input interfaces to SDN output interfaces based on the destination address and responsive to the HRoT reporting parameter, encoding SDN flow controller Hardware Identifiers (HW IDs) and transferring probe response packets to the SDN probe system that indicate the encoded SDN flow controller HW IDs, the SDN input interfaces, and the SDN output interfaces; and

the SDN probe system processing the probe response packets to identify an end-to-end communication path for the originating address and the destination address based on the SDN input interfaces and the SDN output interfaces and responsively determining hardware trust status for the end-to-end communication path based on the encoded SDN flow controller HW IDs.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Software-Defined Network (SDN) determines hardware trust for SDN communications. A probe system transfers probe packets having an originating address, destination address, and Hardware Root-of-Trust (HRoT) reporting parameter. SDN flow controllers receive the probe packets through input interfaces and route the packets from the input interfaces to output interfaces based on the destination address. Responsive to the HRoT reporting parameter, the SDN flow controllers encode SDN flow controller Hardware Identifiers (HW IDs) and transfer response packets that indicate the encoded SDN flow controller HW IDs, the SDN input interfaces, and the SDN output interfaces. The probe system processes the response packets to identify an end-to-end communication path for the originating address and the destination address based on the input interfaces and the output interfaces. The probe system determines hardware trust status for the end-to-end communication path based on the encoded SDN flow controller HW IDs.

14 Citations

View as Search Results

20 Claims

1. A method of operating a Software-Defined Network (SDN) to determine hardware trust for SDN communications, the method comprising:
- an SDN probe system transferring network probe packets having an originating address, a destination address, and a Hardware Root-of-Trust (HRoT) reporting parameter;
  
  a plurality of SDN flow controllers receiving the network probe packets through SDN input interfaces, routing the probe packets from the SDN input interfaces to SDN output interfaces based on the destination address and responsive to the HRoT reporting parameter, encoding SDN flow controller Hardware Identifiers (HW IDs) and transferring probe response packets to the SDN probe system that indicate the encoded SDN flow controller HW IDs, the SDN input interfaces, and the SDN output interfaces; and
  
  the SDN probe system processing the probe response packets to identify an end-to-end communication path for the originating address and the destination address based on the SDN input interfaces and the SDN output interfaces and responsively determining hardware trust status for the end-to-end communication path based on the encoded SDN flow controller HW IDs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the SDN probe system determining the hardware trust status for the end-to-end communication path further comprises the SDN probe system determining if all reported ones of the SDN output interfaces are coupled to reported ones of the SDN input interfaces or to endpoints.
  - 3. The method of claim 1 further comprising:
    - the plurality of SDN flow controllers routing the probe packets from the SDN input interfaces to the SDN output interfaces comprises the plurality of SDN flow controllers routing the probe packets during one or more time cycles; and
      
      further comprisingthe plurality of the SDN flow controllers, responsive to the HRoT reporting parameter, indicating one or more time cycle identifiers for the one or more time cycles in the probe response packets; and
      
      the SDN probe system processing the one or more time cycle identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 4. The method of claim 1 further comprising:
    - a Network Function Virtualization (NFV) server receiving the network probe packets through NFV input interfaces, routing the probe packets from the NFV input interfaces to NFV output interfaces based on the destination address and responsive to the HRoT reporting parameter, encoding NFV Hardware Identifiers (HW IDs) and transferring probe response packets to the SDN probe system that indicate the encoded NFV HW IDs, the NFV input interfaces, and the NFV output interfaces.
  - 5. The method of claim 4 further comprising:
    - the SDN probe system processing the probe response packets to identify the end-to-end communication path further comprises processing the probe response packets to identify the end-to-end communication path based on the NFV input interfaces and the NFV output interfaces; and
      
      the SDN probe system determining the hardware trust status for the end-to-end communication path based on the encoded NFV HW IDs.
  - 6. The method of claim 5 wherein the SDN probe system determining the hardware trust status for the end-to-end communication path further comprises the SDN probe system determining if all reported ones of the SDN output interfaces and the NVF output interfaces are coupled to reported ones of the SDN input interfaces, the NFV input interfaces, or endpoints.
  - 7. The method of claim 5 wherein:
    - the NFV server routing the probe packets from the NFV input interfaces to NFV output interfaces based on the destination address comprises routing the probe packets from the NFV input interfaces to NFV output interfaces during one or more NFV time cycles; and
      
      further comprisingthe NFV server, responsive to the HRoT reporting parameter, indicating one or more NFV time cycle identifiers for the NFV time cycles in the probe response packets; and
      
      the SDN probe system processing the NFV time cycle identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 8. The method of claim 5 wherein:
    - the NFV server routing the probe packets from the NFV input interfaces to NFV output interfaces based on the destination address comprises routing the probe packets from the NFV input interfaces to NFV output interfaces using one or more virtual routers; and
      
      further comprisingthe NFV server, responsive to the HRoT reporting parameter, indicating one or more virtual router identifiers for the virtual routers in the probe response packets; and
      
      the SDN probe system processing the one or more virtual router identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 9. The method of claim 1 wherein the HRoT reporting parameter comprises a port number.
  - 10. The method of claim 1 wherein the HRoT reporting parameter comprises an Internet Protocol (IP) port number.

11. A Software-Defined Network (SDN) to determine hardware trust for SDN communications, the SDN comprising:
- an SDN probe system configured to transfer network probe packets having an originating address, a destination address, and a Hardware Root-of-Trust (HRoT) reporting parameter;
  
  a plurality of SDN flow controllers configured to receive the network probe packets through SDN input interfaces, route the probe packets from the SDN input interfaces to SDN output interfaces based on the destination address and responsive to the HRoT reporting parameter, encode SDN flow controller Hardware Identifiers (HW IDs) and transfer probe response packets to the SDN probe system that indicate the encoded SDN flow controller HW IDs, the SDN input interfaces, and the SDN output interfaces; and
  
  the SDN probe system configured to process the probe response packets to identify an end-to-end communication path for the originating address and the destination address based on the SDN input interfaces and the SDN output interfaces and responsively determine hardware trust status for the end-to-end communication path based on the encoded SDN flow controller HW IDs.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The SDN of claim 11 wherein the SDN probe system is configured to determine if all reported ones of the SDN output interfaces are coupled to reported ones of the SDN input interfaces or to endpoints.
  - 13. The SDN of claim 11 wherein:
    - the plurality of SDN flow controllers are configured to route the probe packets during one or more time cycles; and
      
      further comprisingthe plurality of SDN flow controllers are configured, responsive to the HRoT reporting parameter, to indicate one or more time cycles identifiers for the one or more tie cycles in the probe response packets; and
      
      the SDN probe system is configured to process the one or more time cycle identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 14. The SDN of claim 11 further comprising:
    - a Network Function Virtualization (NFV) server configured to receive the network probe packets through NFV input interfaces, route the probe packets from the NFV input interfaces to NFV output interfaces based on the destination address, and responsive to the HRoT reporting parameter, encode NFV Hardware Identifiers (HW IDs) and transfer probe response packets to the SDN probe system that indicate the encoded NFV HW IDs, the NFV input interfaces, and the NFV output interfaces.
  - 15. The SDN of claim 14 further comprising:
    - the SDN probe system configured to process the probe response packets to identify the end-to-end communication path for the originating address and the destination address based on the NFV input interfaces and the NFV output interfaces; and
      
      the SDN probe system configured to determine the hardware trust status for the end-to-end communication path based on the encoded NFV HW IDs.
  - 16. The SDN of claim 15 wherein the SDN probe system is configured to determine if all reported ones of the SDN output interfaces and the NVF output interfaces are coupled to reported ones of the SDN input interfaces, the NFV input interfaces, or endpoints.
  - 17. The SDN of claim 15 wherein:
    - the NFV server is configured to route the probe packets from the NFV input interfaces to NFV output interfaces during one or more NFV time cycles; and
      
      further comprisingthe NFV server configured, responsive to the HRoT reporting parameter, to indicate one or more NFV time cycle identifiers for the NFV time cycles in the probe response packets; and
      
      the SDN probe system configured to process the NFV time cycle identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 18. The SDN of claim 15 wherein:
    - the NFV server is configured to route the probe packets from the NFV input interfaces to NFV output interfaces using one or more virtual routers; and
      
      further comprisingthe NFV server configured, responsive to the HRoT reporting parameter, to indicate one or more virtual router identifiers for the virtual routers in the probe response packets; and
      
      the SDN probe system configured to process the one or more virtual router identifiers to validate the end-to-end communication path for the originating address and the destination address.
  - 19. The SDN of claim 11 wherein the HRoT reporting parameter comprises a port number.
  - 20. The SDN of claim 11 wherein the HRoT reporting parameter comprises an Internet Protocol (IP) port number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Marquardt, Ronald R., Paczkowski, Lyle Walter, Rajagopal, Arun

Granted Patent

US 9,843,581 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 43/106   using time related informat...

H04L 45/02   Topology update or discovery

H04L 45/036   Updating the topology betwe...

H04L 45/26   Route discovery packet

H04L 45/38   Flow based routing

H04L 45/586   of virtual routers

H04L 45/64   using an overlay routing layer

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/74   Address processing for routing

H04L 49/70   Virtual switches

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 69/22   Parsing or analysis of headers

HARDWARE ROOT OF TRUST (HROT) FOR SOFTWARE-DEFINED NETWORK (SDN) COMMUNICATIONS

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

HARDWARE ROOT OF TRUST (HROT) FOR SOFTWARE-DEFINED NETWORK (SDN) COMMUNICATIONS

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links