ADMISSIONS CONTROL OF A DEVICE

US 20170163427A1
Filed: 10/23/2014
Published: 06/08/2017
Est. Priority Date: 10/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a control device, a first device in a communication fabric that supports memory semantic operations between the first device and a second device; and

performing, by the control device, an admissions control process with the first device to determine whether the first device is authorized to communicate over the communication fabric.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A control device performs an admissions control process with a first device to determine whether the first device is authorized to communicate over the communication fabric that supports memory semantic operations.

Citations

15 Claims

1. A method comprising:
- detecting, by a control device, a first device in a communication fabric that supports memory semantic operations between the first device and a second device; and
  
  performing, by the control device, an admissions control process with the first device to determine whether the first device is authorized to communicate over the communication fabric.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - in response to the admissions control process succeeding, enabling, by the control device, communication by the first device over the communication fabric.
  - 3. The method of claim 2, wherein enabling, by the control device, the communication by the first device over the communication fabric comprises instructing a switch to enable routing of packets for the first device.
  - 4. The method of claim 3, wherein detecting the first device comprises detecting the first device that is newly connected to or newly activated in the communication fabric, wherein the switch is to route packets of the newly connected or newly activated first device just to the control device until the admissions control process succeeds.
  - 5. The method of claim 1, further comprising:
    - in response to the admissions control process succeeding, sending, by the control device, a transaction integrity key to the first device, the transaction integrity key used in providing security for transactions of the first device.
  - 6. The method of claim 1, wherein performing the admissions control process uses a security element to verify the first device.
  - 7. The method of claim 6, wherein the security element is at least one of a public key, a private key, and a certificate.
  - 8. The method of claim 1, further comprising:
    - determining, by the control device, whether the first device supports a security header in transactions over the communication fabric; and
      
      in response to determining that the first device does not support the security header, configuring, by the control device, a gateway to act as a proxy for the first device, the proxy to insert the security header for a transaction of the first device.
  - 9. The method of claim 8, wherein configuring the gateway further comprises configuring the gateway that performs at least one selected from among:
    - inserting or modifying an access key in a packet on behalf of the first device to access a resource over the communication fabric, changing a component identifier in the packet for communication involving the first device, and restricting transaction types that are allowed for the first device.

10. A control device comprising:
- at least one processor to;
  
  determine whether a first device supports a security feature;
  
  in response to determining that the first device supports the security feature,perform admissions control to determine whether the first device is authorized to communicate over a communication fabric that supports memory semantic operations, andsend a key to the first device to implement the security feature; and
  
  in response to determining that the first device does not support the security feature,configure a gateway to act as a proxy for the first device to implement the security feature.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The control device of claim 10, wherein the key is for generating a security value to include in a transaction packet sent by the first device over the communication fabric.
  - 12. The control device of claim 10, wherein the admissions control comprises performing a challenge-response process or retrieving a certificate from the first device.
  - 13. The control device of claim 10, wherein the at least one processor is to further, in response to determining that the first device supports the security feature, configure the switch to enable routing of packets between the first device and other devices connected to the communication fabric.
  - 14. The control device of claim 10, wherein the configuring of the gateway further comprises configuring the gateway that performs at least one selected from among:
    - inserting or modifying an access key in a packet on behalf of the first device to access a resource over the communication fabric, changing a component identifier in the packet for communication involving the first device, and restrict transaction types that are allowed for the first device.

15. An article comprising at least one non-transitory machine-readable storage medium storing instructions that upon execution cause a gateway to:
- in response to an admissions control process authorizing a first device to communicate over a communication fabric that supports memory semantic operations, implement a security feature on behalf of the first device, wherein the security feature includes generating a security value and inserting the security value into a security header of a packet received from the first device; and
  
  perform policy enforcement comprising at least one selected from among;
  
  inserting or modifying an access key in a packet on behalf of the first device to access a resource over the communication fabric, changing a component identifier in the packet for communication involving the first device, and restricting transaction types that are allowed for the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Krause, Michael R., Edwards, Nigel

Granted Patent

US 10,230,531 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/56   Financial cryptography, e.g...

H04L 45/72   Routing based on the source...

H04L 63/0281   Proxies

H04L 63/0823   using certificates cryptogr...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

ADMISSIONS CONTROL OF A DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

ADMISSIONS CONTROL OF A DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links