Network device identity authentication

US 7,240,364 B1
Filed: 11/09/2000
Issued: 07/03/2007
Est. Priority Date: 05/20/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of managing a telecommunications network, comprising:

retrieving, through a management system, a current set of identifiers from a network device having at least two cards;

said identifiers comprising at least two physical identifiers and at least one logical identifier, wherein at least one of said at least two physical identifiers is associated with each of said at least two cards;

authenticating an identity of the network device using at least one of said at least two physical identifiers; and

automatically updating said management system to reflect changes made to any of said at least two physical identifiers that were not used to authenticate said network device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and apparatus for authenticating the identities of network devices within a telecommunications network. In particular, multiple identifiers associated with a network device are retrieved from and used to identify the network device. Use of multiple identifiers provides fault tolerance and supports full modularity of hardware within a network device. Authenticating the identity of a network device through multiple identifiers allows for the possibility that hardware associated with one or more of the identifiers may be removed from the network device. For example, a network device may still be automatically authenticated even if more than one card within the device are removed as long as at least one card corresponding to an identifier being used for authentication is within the device during authentication. In addition, the present invention allows for dynamic authentication, that is, the NMS is able to update its records, including the identifiers, over time as cards (or other hardware) within network devices are removed and replaced.

Citations

21 Claims

1. A method of managing a telecommunications network, comprising:
- retrieving, through a management system, a current set of identifiers from a network device having at least two cards;
  
  said identifiers comprising at least two physical identifiers and at least one logical identifier, wherein at least one of said at least two physical identifiers is associated with each of said at least two cards;
  
  authenticating an identity of the network device using at least one of said at least two physical identifiers; and
  
  automatically updating said management system to reflect changes made to any of said at least two physical identifiers that were not used to authenticate said network device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein retrieving the current set of identifiers from the network device comprises:
    - reading the current set of identifiers from a plurality of non-volatile memories located on a plurality of cards within the network device.
  - 3. The method of claim 2, wherein the plurality of non-volatile memories comprise registers.
  - 4. The method of claim 2, wherein the plurality of non-volatile memories comprise programmable read only memories (PROMs).
  - 5. The method of claim 1, wherein the management system comprises a network management system (NMS).
  - 6. The method of claim 1, wherein the management system comprises a command line interface (CLI).
  - 7. The method of claim 1, wherein prior to retrieving, through the management system, the current set of identifiers from the network device, the method further comprises:
    - connecting the management system to the network device using a network address assigned to the network device.
  - 8. The method of claim 7, wherein the network address assigned to the network device comprises an Internet Protocol (IP) address and said logical identifier comprises the IP address.

9. A method of managing a telecommunications network, comprising:
- detecting a request to add a network device having at least two cards to the telecommunications network;
  
  retrieving an initial set of at least two physical identifiers from the network device, wherein at least one of said initial set of at least two physical identifiers is associated with each of said at least two cards;
  
  storing the initial set of identifiers in a storage unit accessible by a management system;
  
  retrieving, through the management system, a current set of at least two physical identifiers from the network device, wherein at least one of said current set of at least two physical identifiers is associated with each of said at least two cards;
  
  authenticating an identity of the network device using the current set of identifiers; and
  
  updating the stored initial set of identifiers with any of the retrieved current identifiers that do not match the stored initial identifiers;
  
  wherein said authenticating step comprises;
  
  comparing the retrieved current set of identifiers with the stored initial set of identifiers; and
  
  authenticating the identity of the network device if at least one of the retrieved current identifiers matches at least one of the stored initial identifiers.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method of claim 9, further comprising:
    - posting a user notification indicating failed authentication if at least one of the retrieved current identifiers does not match at least one of the stored initial identifiers.
  - 11. The method of claim 10, further comprising:
    - receiving a user authentication of the network device identity; and
      
      replacing the stored initial set of identifiers with the retrieved current set of identifiers.
  - 12. The method of claim 10, further comprising:
    - detecting a user supplied new network address for the network device; and
      
      updating a record associated with the network device with the new network address.
  - 13. The method of claim 9, wherein storing the initial set of identifiers comprises adding the identifiers to an Administration Managed Device table in a management system data repository.

14. A method of managing a telecommunications network, comprising:
- detecting a request to add a network device having at least two cards to the telecommunications network;
  
  retrieving an initial set of at least two physical identifiers from the network device, wherein at least one of said initial set of at least two physical identifiers is associated with each of said at least two cards;
  
  converting the initial set of identifiers into a first composite value;
  
  storing the first composite value in a storage unit accessible by a management system;
  
  retrieving, through the management system, a current set of at least two physical identifiers from the network device, wherein at least one of said current set of at least two physical identifiers is associated with each of said at least two cards; and
  
  authenticating an identity of the network device using at least one of said current set of at least two physical identifiers;
  
  wherein authenticating an identity of the network device using the current set of identifiers comprises, for each retrieved identifier;
  
  dividing the first composite value by one of the retrieved identifiers to form a division result;
  
  converting the remaining retrieved identifiers into a second composite value;
  
  comparing the division result to the second composite value; and
  
  authenticating the identity of the network device if at least one of the division results matches one of the second composite values.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14, wherein the wherein the initial set of identifiers and the current set of identifiers further comprise at least one logical identifier.
  - 16. The method of claim 14, wherein the physical identifiers comprise at least one Media Access Control (MAC) address.
  - 17. The method of claim 14, wherein the network device includes an internal bus and wherein the physical identifiers comprise at least one internal address used for communication over the internal bus.
  - 18. The method of claim 14, wherein each of the physical identifiers comprises a serial number for the associated card.
  - 19. The method of claim 18, wherein each of the physical identifiers further comprises a part number for the associated card.

20. A method of managing a telecommunications network, comprising:
- authenticating an identity of a network device having at least two cards using a current set of at least two physical identifiers retrieved from the network device and a stored set of at least two physical identifiers associated with the network device, wherein at least one of said at least two physical identifiers is associated with each of said at least two cards; and
  
  updating the stored set of identifiers when at least one but not all of the current identifiers match the stored identifiers.

21. A method of managing a telecommunications network, comprising:
- connecting a management system to a network device having at least two cards using a network address assigned to the network device;
  
  retrieving a current set of at least two physical identifiers from a network device, wherein at least one of said at least two physical identifiers is associated with each of said at least two cards; and
  
  authenticating an identity of the network device using the current set of at least two physical identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ciena Corporation
Original Assignee
Ciena Corporation
Inventors
Branscomb, Brian, Black, Darryl, Perry, James R
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US09/711,054
Time in Patent Office

2,427 Days
Field of Search

713/200, 713/201, 726/5, 726/6, 726/9
US Class Current

726/9
CPC Class Codes

G06F 11/2097   maintaining the standby con...

H04L 2101/677   Multiple interfaces, e.g. m...

H04L 41/085   Retrieval of network config...

H04L 41/12   Discovery or management of ...

H04L 61/4541   Directories for service dis...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

Network device identity authentication

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Network device identity authentication

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links