Systems and methods for providing secure multicast intra-cluster communication

US 9,043,598 B2
Filed: 05/05/2014
Issued: 05/26/2015
Est. Priority Date: 08/25/2011
Status: Active Grant

First Claim

Patent Images

1. A method for optimizing cluster node authentication to facilitate improved security of multicast communications, the method comprising:

performing, with a first network-connected computing device, an authentication handshake with a second network-connected computing device validly part of a cluster resulting in a successful mutual authentication with the second network-connected computing device;

receiving, with the first network-connected computing device, an encrypted cluster secret from the second network-connected computing device using a secure communication channel unique to the mutual authentication; and

decrypting, with the first network-connected computing device, the cluster secret using a session key generated during the authentication handshake, wherein the cluster secret enables the first network-connected computing device to securely communicate with the second network-connected computing device and every other one of a plurality of network-connected computing devices which is validly part of the cluster.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods which facilitate secure multicast communications between any valid node of a cluster using authentication between a node joining the cluster and any single node which is validly part of the cluster are disclosed. In accordance with embodiments, a cluster key is utilized to provide security with respect to intra-cluster communications. The cluster key of embodiments is shared by a node which is already part of the cluster with a node joining the cluster only after these two nodes mutually authenticate one another. The mutual authentication handshake of embodiments implements a protocol in which a session key is calculated by both nodes, thereby providing a secure means by which a cluster key may be shared. Having the cluster key, each node of the cluster is enabled to securely communicate with any other node of the cluster, whether individually (e.g., unicast) or collectively (e.g., multicast), according to embodiments.

26 Citations

18 Claims

1. A method for optimizing cluster node authentication to facilitate improved security of multicast communications, the method comprising:
- performing, with a first network-connected computing device, an authentication handshake with a second network-connected computing device validly part of a cluster resulting in a successful mutual authentication with the second network-connected computing device;
  
  receiving, with the first network-connected computing device, an encrypted cluster secret from the second network-connected computing device using a secure communication channel unique to the mutual authentication; and
  
  decrypting, with the first network-connected computing device, the cluster secret using a session key generated during the authentication handshake, wherein the cluster secret enables the first network-connected computing device to securely communicate with the second network-connected computing device and every other one of a plurality of network-connected computing devices which is validly part of the cluster.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the cluster secret comprises a symmetrical cryptographic key.
  - 3. The method of claim 1, further comprising:
    - determining, with the first network-connected computing device, when a third network-connected computing device has resigned from the cluster; and
      
      performing, with the first network-connected computing device, a mutual authentication handshake with one of the plurality of network-connected computing devices validly part of the cluster to obtain a new cluster secret when the third network-connected computing device is determined to have resigned from the cluster.
  - 4. The method of claim 1, wherein the second network-connected computing device validly part of the cluster is a peer node.
  - 5. The method of claim 1, further comprising sending, with the first network-connected computing device, one or more communications secured using the cluster secret to the second network-connected computing device or any of the plurality of network-connected computing devices which are validly part of the cluster.
  - 6. The method of claim 5, wherein the one or more communications comprise at least one of unicast communications or multicast communications.

7. A non-transitory computer readable medium having stored thereon instructions for optimizing cluster node authentication to facilitate improved security of multicast communications comprising machine executable code which when executed by a processor, causes the processor to perform steps comprising:
- performing an authentication handshake with one of a plurality of network-connected computing devices validly part of a cluster resulting in a successful mutual authentication with the one network-connected computing device;
  
  receiving an encrypted cluster secret from the one network-connected computing device using a secure communication channel unique to the mutual authentication; and
  
  decrypting the cluster secret using a session key generated during the authentication handshake, wherein the cluster secret enables secure communication with the one network-connected computing device and every other one of the plurality of network-connected computing devices which is validly part of the cluster.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable medium of claim 7, wherein the cluster secret comprises a symmetrical cryptographic key.
  - 9. The non-transitory computer readable medium of claim 7, further having stored thereon instructions comprising machine executable code which when executed by the processor, further causes the processor to perform steps further comprising:
    - determining when another of the plurality of network-connected computing devices has resigned from the cluster; and
      
      performing a mutual authentication handshake with one of the plurality of network-connected computing devices validly part of the cluster to obtain a new cluster secret when the other of the plurality of network-connected computing devices is determined to have resigned from the cluster.
  - 10. The non-transitory computer readable medium of claim 7, wherein the one network-connected computing device validly part of the cluster is a peer node.
  - 11. The non-transitory computer readable medium of claim 7, further having stored thereon instructions comprising machine executable code which when executed by the processor, further causes the processor to perform steps further comprising sending one or more communications secured using the cluster secret to the one network-connected computing device or any of the plurality of network-connected computing devices which are validly part of the cluster.
  - 12. The non-transitory computer readable medium of claim 11, wherein the one or more communications comprise at least one of unicast communications or multicast communications.

13. A network-connected computing device, comprising:
- a processor coupled to a memory and configured to execute programmed instructions stored in the memory to;
  
  perform an authentication handshake with a second network-connected computing device validly part of a cluster resulting in a successful mutual authentication with the second network-connected computing device;
  
  receive an encrypted cluster secret from the second network-connected computing device using a secure communication channel unique to the mutual authentication; and
  
  decrypt the cluster secret using a session key generated during the authentication handshake, wherein the cluster secret enables secure communication with the second network-connected computing device and every other one of a plurality of network-connected computing devices which is validly part of the cluster.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The network-connected computing device of claim 13, wherein the cluster secret comprises a symmetrical cryptographic key.
  - 15. The network-connected computing device of claim 13, wherein the processor coupled to the memory is further configured to execute programmed instructions stored in the memory to:
    - determine when another of the plurality of network-connected computing devices has resigned from the cluster; and
      
      perform a mutual authentication handshake with one of the plurality of network-connected computing devices validly part of the cluster to obtain a new cluster secret when the other of the plurality of network-connected computing devices is determined to have resigned from the cluster.
  - 16. The network-connected computing device of claim 13, wherein the one network-connected computing device validly part of the cluster is a peer node.
  - 17. The network-connected computing device of claim 13, wherein the processor coupled to the memory is further configured to execute programmed instructions stored in the memory to send one or more communications secured using the cluster secret to the one network-connected computing device or any of the plurality of network-connected computing devices which are validly part of the cluster.
  - 18. The network-connected computing device of claim 17, wherein the one or more communications comprise at least one of unicast communications or multicast communications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Clay, Philip Bryan
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US14/269,891
Publication Number

US 20140245390A1
Time in Patent Office

386 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/0869   for achieving mutual authen...

H04L 63/104   Grouping of entities

H04L 9/3273   for mutual authentication n...

Systems and methods for providing secure multicast intra-cluster communication

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing secure multicast intra-cluster communication

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links