Method and apparatus for reporting unauthorized attempts to access nodes in a network computing system

US 7,113,995 B1
Filed: 10/19/2000
Issued: 09/26/2006
Est. Priority Date: 10/19/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a node for managing attempts to access the node, the method comprising:

receiving, by the node, a packet from a source, wherein the packet includes a first key, wherein the first key is a partition key associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node receiving the packet can determine which of the partitions of the multi-partitioned network can access the node receiving the packet;

determining, by the node, whether the packet is from a partition authorized to access the node by determining whether the first key matches a second key for the node;

dropping, by the node, the packet without a response to the source of the packet if the first key does not match the second key;

storing, by the node, information from the packet; and

sending, by the node, the information to a selected recipient in response to a selected event.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method in a node for managing authorized attempts to access the node. A packet is received from a source, wherein the packet includes a first key. A determination is made as to whether the first key matches a second key for the node. The packet is dropped without a response to the source if the first key does not match the second key. Information from the packet is stored in response to this absence of a match. The information is sent to a selected recipient in response to a selected event, which may be, for example, either immediately or in response to polling to see if the information is present.

Citations

25 Claims

1. A method in a node for managing attempts to access the node, the method comprising:
- receiving, by the node, a packet from a source, wherein the packet includes a first key, wherein the first key is a partition key associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node receiving the packet can determine which of the partitions of the multi-partitioned network can access the node receiving the packet;
  
  determining, by the node, whether the packet is from a partition authorized to access the node by determining whether the first key matches a second key for the node;
  
  dropping, by the node, the packet without a response to the source of the packet if the first key does not match the second key;
  
  storing, by the node, information from the packet; and
  
  sending, by the node, the information to a selected recipient in response to a selected event.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the selected event is a request from the recipient for the information.
  - 3. The method of claim 1, wherein the selected event is an occurrence of a trap.
  - 4. The method of claim 1, wherein the selected event is a periodic event.
  - 5. The method of claim 1 further comprising:
    - incrementing a counter source if the first key does not match the second key.
  - 6. The method of claim 5, wherein the selected event occurs when the counter exceeds a threshold value.
  - 7. The method of claim 1, wherein the node comprises at least one device private to the node and at least one device shared with at least one of the partitions of the multi-partition network.
  - 8. The method of claim 1, wherein the information includes at least one of a source local identifier, a destination local identifier, the key value, a global identifier address.
  - 9. The method of claim 7, wherein the selected recipient is a subnet manager attached to a subnet that is responsible for configuring and managing switches, routers and channel adapters of the subnet.

10. A method in a node for reporting access violations, the method comprising:
- receiving a packet from a source, wherein the packet includes authentication information, wherein the authentication information is associated with a particular partition of a multi-partioned network having a plurality of partitions, and is used such that the node that received the packet can determine which of the partitions of the multi-partitioned network can access the node that received the packet;
  
  verifying the received authentication information to determine if the packet is from a partition authorized to access the node;
  
  dropping the packet without a response to the source if the received authentication information is unverified;
  
  storing information from the packet; and
  
  sending the information to a selected recipient in response to a selected event.
- View Dependent Claims (11)
- - 11. The method of claim 10, wherein the node comprises at least one device private to the node and at least one device shared with at least one of the partitions of the multi-partition network.

12. A data processing system comprising:
- a bus system;
  
  a channel adapter unit connected to a system area network fabric;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive a packet from a source, wherein the packet includes a first key, wherein the first key is a partition key associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the data processing system can determine which of the partitions of the multi-partitioned network can access the data processing system;
  
  determine whether the first key mates a second key for the data processing system;
  
  drop the packet without a response to the source if the first key does not match the second key;
  
  store information from the packet; and
  
  send the information to a selected recipient in response to a selected event.

13. A node comprising:
- receiving means for receiving a packet from a source, wherein the packet includes a first key, wherein the first key is a partition key associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node can determine which of the partitions of the multi-partitioned network can access the network node;
  
  determining means for determining whether the packet is from a partition authorized to access the node by determining whether the first key matches a second key for the node;
  
  dropping means for dropping the packet without a response to the source if the first key does not match the second key;
  
  storing means for storing information from the packet; and
  
  sending means for sending the information to a selected recipient in response to a selected event.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The node of claim 13, wherein the selected event is a request from the recipient for the information.
  - 15. The node of claim 13, wherein the selected event is an occurrence of a trap.
  - 16. The node of claim 13, wherein the selected event is a periodic event.
  - 17. The node of claim 13 comprising:
    - incrementing means for incrementing a counter source if the first key does not match the second key.
  - 18. The node of claim 17, wherein the selected event occurs when the counter source exceeds a threshold value.
  - 19. The node of claim 13, wherein the node comprises at least one device private to the node and at least one device shared with at least one of the partitions of the multi-partition network.
  - 20. The node of claim 13, wherein the information includes at least one of a source local identifier, a destination local identifier, the key value, a global identifier address.
  - 21. The node of claim 19, wherein the selected recipient is a subnet manager attached to a subnet that is responsible for configuring and managing switches, routers and channel adapters of the subnet.

22. A node comprising:
- receiving means for receiving a packet from a source, wherein the packet includes authentication information, wherein the authentication information is associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node can determine which of the partitions of the multi-partitioned network can access the node;
  
  verifying means for verifying the received authentication information to determine if the packet is from a partition authorized to access the node;
  
  dropping means for dropping the packet without a response to the source if the received authentication information is unverified;
  
  storing means for storing information from the packet; and
  
  sending means for sending the information to a selected recipient in response to a selected event.
- View Dependent Claims (23)
- - 23. The node of claim 22, wherein the node comprises at least one device private to the node and at least one device shared with at least one of the partitions of the multi-partition network.

24. A computer program product in a computer readable medium for use in a node for managing attempts to access the node, the computer program product comprising:
- first instructions for receiving a packet from a source, wherein the packet includes a first key, wherein the first key is a partition key associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node can determine which of the partitions of the multi-partitioned network can access the network node;
  
  second instructions for determining whether the packet is from a partition at authorized to access the node by determining whether the first key matches a second key for the node;
  
  third instructions for dropping the packet without a response to the source if the first key does not match the second key;
  
  fourth instructions for storing information from the packet; and
  
  fifth instructions for sending the information to a selected recipient in response to a selected event.

25. A computer program product in a computer readable medium for use in a node for reporting access violations, the computer program product comprising:
- first instructions for receiving a packet from a source, wherein the packet includes authentication information, wherein the authentication information is associated with a particular partition of a multi-partitioned network having a plurality of partitions, and is used such that the node can determine which of the partitions of the multi-partitioned network can access the node;
  
  second instructions for verify the received authentication information to determine if the packet is from a partition authorized to access the node;
  
  third instructions for dropping the packet without a response to the source if the received authentication information is unverified;
  
  fourth instructions for storing information from the packet; and
  
  fifth instructions for sending the information to a selected recipient in response to a selected event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LinkedIn Corporation (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Thurber, Steven Mark, Recio, Renato John, Beukema, Bruce Leroy, Pfister, Gregory Francis, Neal, Danny Marvin
Primary Examiner(s)
Jaroenchonwanit, Bunjob
Assistant Examiner(s)
SHIN, KYUNG H

Application Number

US09/692,348
Time in Patent Office

2,168 Days
Field of Search

713/201, 713/162, 713/185, 709/222, 709/220, 709/229
US Class Current

709/229
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/10 for controlling access to d...

Method and apparatus for reporting unauthorized attempts to access nodes in a network computing system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for reporting unauthorized attempts to access nodes in a network computing system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links