Secure configuration of authentication servers

US 9,148,412 B2
Filed: 10/16/2014
Issued: 09/29/2015
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a processor operable for assigning a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node and associated with a node identifier of the respective node; and

a data structure comprising the plurality of assigned secrets and the node identifiers to which the respective secrets are associated;

wherein the device is operable to send the data structure to an authentication server, the authentication server being operable for obtaining an assigned secret of the plurality of assigned secrets from the data structure and to use the assigned secret to perform authentication for a node of the plurality of nodes.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention are directed to automatically populating a database of names and secrets in an authentication server by sending one or more lists of one or more names and secrets by a network management software to an authentication server. Furthermore, some embodiments provide that the lists being sent are encrypted and/or embedded in otherwise inconspicuous files.

85 Citations

View as Search Results

20 Claims

1. A device comprising:
- a processor operable for assigning a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node and associated with a node identifier of the respective node; and
  
  a data structure comprising the plurality of assigned secrets and the node identifiers to which the respective secrets are associated;
  
  wherein the device is operable to send the data structure to an authentication server, the authentication server being operable for obtaining an assigned secret of the plurality of assigned secrets from the data structure and to use the assigned secret to perform authentication for a node of the plurality of nodes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, wherein the processor is operable to generate or otherwise establish the plurality of secrets.
  - 3. The device of claim 1, wherein the processor is operable to secure the data structure.
  - 4. The device of claim 1, wherein the processor is operable to encrypt the data structure.
  - 5. The device of claim 1, wherein the processor is operable to embed the data structure within a second data structure through the use of steganography.
  - 6. The device of claim 1, wherein the network comprises a storage area network.
  - 7. The device of claim 6, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.

8. A system comprising:
- memory in a data structure comprising a plurality of assigned secrets and a plurality of node identifiers to which the respective secrets are associated; and
  
  an authentication processor in an authentication server operable for obtaining an assigned secret of the plurality of assigned secrets from the data structure and to use the assigned secret to perform authentication for a node of the plurality of nodes.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein the system comprises a processor operable to generate and assign a plurality of secrets to a plurality of nodes of a network, so that each respective secret is assigned to a respective node and associated with a node identifier of the plurality of node identifiers.
  - 10. The system of claim 9, wherein the processor is operable to communicate with the authentication server over the network.
  - 11. The system of claim 9, wherein the processor is operable to secure the data structure.
  - 12. The system of claim 9, wherein the processor is operable to encrypt the data structure.
  - 13. The system of claim 9, wherein the processor is operable to embed the data structure within a second data structure through the use of steganography.
  - 14. The system of claim 9, wherein the network comprises a storage area network.
  - 15. The system of claim 14, wherein the storage area network is a network selected from the group consisting of a Fibre Channel network, an iSCSI network and an FCoE network.
  - 16. The system of claim 8, wherein the authentication server is operable to decrypt the data structure.

17. A method for configuring an authentication processor in an authentication server comprising:
- generating a plurality of secrets;
  
  assigning the plurality of secrets to a plurality of nodes of a network, each secret being assigned to a node and each secret being associated with a node identifier of the respective node, thereby generating a plurality of secret assignments;
  
  securing the plurality of secret assignments; and
  
  communicating the secured plurality of secret assignments with an the authentication server.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the method comprises authenticating a node of the plurality of nodes according to a secret assignment of the plurality of secret assignments.
  - 19. The method of claim 17, wherein securing the plurality of secret assignments comprises encrypting the data structure.
  - 20. The method of claim 17, wherein securing the plurality of secret assignments comprises embedding the data structure within a second data structure through the use of steganography.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Emulex Corporation (Broadcom, Inc.)
Inventors
Hofer, Larry Dean
Primary Examiner(s)
THAI, HANH B

Application Number

US14/516,205
Publication Number

US 20150039884A1
Time in Patent Office

348 Days
Field of Search

707790-793, 707/803, 713/151, 713155-156
US Class Current

1/1
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/955   using information identifie...

G06F 21/602   Providing cryptographic fac...

H04L 41/0856   by backing up or archiving ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 63/20   for managing network securi...

Secure configuration of authentication servers

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure configuration of authentication servers

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links