Secure configuration of authentication servers

US 8,515,996 B2
Filed: 05/19/2008
Issued: 08/20/2013
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying a plurality of nodes in communication with an authentication server in a network, each node identified by a node identifier;

assigning a plurality of secrets to the plurality of nodes so that each respective secret is assigned to a respective node and associated with its node identifier;

automatically generating a data structure comprising a list of associations between the assigned secrets and the node identifiers;

securing the data structure; and

sending the data structure to store in the authentication server, the authentication server using the assigned secrets to perform authentication for the plurality of nodes.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

56 Citations

View as Search Results

25 Claims

1. A method comprising:
- identifying a plurality of nodes in communication with an authentication server in a network, each node identified by a node identifier;
  
  assigning a plurality of secrets to the plurality of nodes so that each respective secret is assigned to a respective node and associated with its node identifier;
  
  automatically generating a data structure comprising a list of associations between the assigned secrets and the node identifiers;
  
  securing the data structure; and
  
  sending the data structure to store in the authentication server, the authentication server using the assigned secrets to perform authentication for the plurality of nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising integrating the data structure into an authentication server database.
  - 3. The method of claim 1, wherein securing the data structure comprises encrypting the data structure.
  - 4. The method of claim 1, wherein encrypting the data structure comprises encrypting the data structure with a password used for communications with the authentication server or a derivation thereof.
  - 5. The method of claim 1, wherein securing the data structure comprises embedding the data structure within a second data structure through the use of steganography.
  - 6. The method of claim 1, further comprising generating the plurality of secrets.
  - 7. The method of claim 1, wherein the assigning, generating a data structure, securing and sending are performed by an authentication management application executed at a computer that is distinct from the authentication server.
  - 8. The method of claim 1, further comprising associating each secret with a unique name of a node the secret is assigned to and saving the associated names in the data structure.
  - 9. The method of claim 1, wherein the network comprises a storage area network.
  - 10. The method of claim 9, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.
  - 11. The method of claim 1, further comprising:
    - obtaining the assigned secrets from the data structure by the authentication server.

12. A computer readable medium comprising computer executable instructions configured to cause a processor to perform a method comprising:
- identifying a plurality of nodes in communication with an authentication server in a network, each node identified by a node identifier;
  
  assigning a plurality of secrets to the plurality of nodes so that each respective secret is assigned to a respective node and associated with its node identifier;
  
  automatically generating a data structure comprising a list of associations between the assigned secrets and the node identifiers;
  
  securing the data structure; and
  
  sending the data structure to store in the authentication server, the authentication server using the assigned secrets to perform authentication for the plurality of nodes.
- View Dependent Claims (13, 14, 15)
- - 13. The computer readable medium of claim 12, wherein the method further comprises generating the plurality of secrets.
  - 14. The computer readable medium of claim 12, wherein the computer executable instructions are part of an authentication management application, and the processor is part of a computer that is distinct from the authentication server.
  - 15. The computer readable medium of claim 12, wherein the method further comprises associating each secret with a unique name of a node the secret is assigned to and saving the associated names in the data structure.

16. A device comprising a processor and a memory, the memory comprising a plurality of instructions executable at the processor and configured to cause the processor to:
- identify a plurality of nodes in communication with an authentication server in a network, each node identified by a node identifier;
  
  assign a plurality of secrets to the plurality of nodes so that each respective secret is assigned to a respective node and associated with its node identifier;
  
  automatically generate a data structure comprising a list of associations between the assigned secrets and the node identifiers;
  
  secure the data structure; and
  
  send the data structure to store in the authentication server, the authentication server using the assigned secrets to perform authentication for the plurality of nodes.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The device of claim 16, wherein the instructions are further configured to cause the processor to generate or otherwise establish the plurality of secrets.
  - 18. The device of claim 16, wherein the instructions are part of an authentication management application, and the device is distinct from the authentication server.
  - 19. The device of claim 16, wherein the instructions are further configured to cause the processor to associate each secret with a unique name of a node the secret is assigned to and save the associated names in the data structure.
  - 20. The device of claim 16, wherein the network comprises a storage area network.
  - 21. The device of claim 16, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.
  - 22. A storage area network comprising the device of claim 16.
  - 23. A Fibre Channel network comprising the device of claim 16.

24. A network comprising:
- a plurality of nodes;
  
  a computer executing an authentication management application; and
  
  an authentication server,wherein the computer executing the authentication management application is configured toidentify a plurality of nodes in communication with the authentication serve in a network, each node identified by a node identifier;
  
  assign a plurality of secrets to the plurality of nodes so that each respective secret is assigned to a respective node and associated with its node identifier,automatically generate a data structure comprising a list of associations between the assigned secrets and the node identifiers,secure the data structure, andsend the data structure to store in the authentication server; and
  
  the authentication server is configured touse the assigned secrets to perform authentication for the plurality of nodes.
- View Dependent Claims (25)
- - 25. The network of claim 24, wherein the network is selected from the group consisting of a Fibre Channel network and an iSCSI network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Emulex Design & Manufacturing Corp. (Broadcom, Inc.)
Inventors
Hofer, Larry Dean
Primary Examiner(s)
THAI, HANH B

Application Number

US12/123,401
Publication Number

US 20090287732A1
Time in Patent Office

1,919 Days
Field of Search

707790-793, 726/4, 726/11, 726/14, 726/30, 713/152, 713/161, 713/165, 713/166, 713/170, 713182-183, 380/256
US Class Current

707/790
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/955   using information identifie...

G06F 21/602   Providing cryptographic fac...

H04L 41/0856   by backing up or archiving ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

Secure configuration of authentication servers

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

56 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Secure configuration of authentication servers

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

56 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links