Hardware root of trust (HROT) for internet protocol (IP) communications

US 9,509,587 B1
Filed: 03/19/2015
Issued: 11/29/2016
Est. Priority Date: 03/19/2015
Status: Active Grant

First Claim

Patent Images

1. A method of operating a data communication system to determine hardware trust for Internet Protocol (IP) communications, the method comprising:

in a network probe system, transferring network probe packets having an originating IP address, a destination IP address, and an IP Hardware Root-of-Trust (HRoT) reporting parameter;

in a plurality of IP routers, receiving the network probe packets through IP input interfaces, routing the probe packets from the IP input interfaces to IP output interfaces based on the destination IP address, and responsive to the IP HRoT reporting parameter, encoding IP router Hardware Identifiers (HW IDs) and transferring probe response packets to the network probe system that indicate the encoded IP router HW IDs, the IP input interfaces, and the IP output interfaces; and

in the network probe system, processing the probe response packets to identify an end-to-end IP communication path for the originating IP address and the destination IP address based on the IP input interfaces and the IP output interfaces and responsively determining hardware trust status for the end-to-end IP communication path based on the encoded IP router HW IDs.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system determines Hardware Root-of-Trust (HRoT) trust for Internet Protocol (IP) communications. A probe transfers probe packets having an originating IP address, destination IP address, and IP HRoT reporting parameter. IP routers receive the probe packets through input interfaces and route the probe packets from the input interfaces to output interfaces. Responsive to the IP HRoT reporting parameter, the IP routers encode router Hardware Identifiers (HW IDs) for transfer in probe responses to the probe system. The probe responses indicate the encoded router HW IDs, IP input interfaces, and IP output interfaces. The probe system processes the probe responses to identify an end-to-end IP communication path for the originating IP address and destination IP address based on the IP interfaces. The network probe system determines hardware trust status for the end-to-end IP communication path based on the encoded IP router HW IDs.

38 Citations

View as Search Results

20 Claims

1. A method of operating a data communication system to determine hardware trust for Internet Protocol (IP) communications, the method comprising:
- in a network probe system, transferring network probe packets having an originating IP address, a destination IP address, and an IP Hardware Root-of-Trust (HRoT) reporting parameter;
  
  in a plurality of IP routers, receiving the network probe packets through IP input interfaces, routing the probe packets from the IP input interfaces to IP output interfaces based on the destination IP address, and responsive to the IP HRoT reporting parameter, encoding IP router Hardware Identifiers (HW IDs) and transferring probe response packets to the network probe system that indicate the encoded IP router HW IDs, the IP input interfaces, and the IP output interfaces; and
  
  in the network probe system, processing the probe response packets to identify an end-to-end IP communication path for the originating IP address and the destination IP address based on the IP input interfaces and the IP output interfaces and responsively determining hardware trust status for the end-to-end IP communication path based on the encoded IP router HW IDs.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein determining the hardware trust status for the end-to-end IP communication path further comprises determining if all of reported ones of the IP output interfaces are coupled to reported ones of the IP input interfaces or IP address endpoints.
  - 3. The method of claim 1 wherein the IP HRoT reporting parameter comprises an IP port number.
  - 4. The method of claim 1 further comprising:
    - in a plurality of Software Defined Network (SDN) IP flow controllers that connect the IP routers, receiving the network probe packets through flow controller input interfaces, forwarding the network probe packets from the flow controller input interfaces to flow controller output interfaces, and responsive to the IP HRoT reporting parameter, encoding IP flow controller HW IDs and transferring additional probe response packets to the network probe system that indicate the encoded IP flow controller HW IDs, the flow controller input interfaces, and the flow controller output interfaces; and
      
      the network probe system processing the additional probe response packets to identify an end-to-end SDN communication path for the end-to-end IP communication path based on the flow controller input interfaces and the flow controller output interfaces and responsively determining the hardware trust status for the end-to-end IP communication path also based on the encoded IP flow controller HW IDs.
  - 5. The method of claim 4 wherein determining the hardware trust status for the end-to-end IP communication path further comprises determining if all reported ones of the flow controller output interfaces are coupled to reported ones of the flow controller input interfaces or IP address endpoints.
  - 6. The method of claim 5 wherein the IP HRoT reporting parameter comprises an IP port number.
  - 7. The method of claim 1 further comprising:
    - the network probe system transferring the network probe packets in Ethernet frames having an Ethernet HRoT reporting parameter;
      
      in a plurality of Ethernet switches that connect the IP routers, receiving the network probe packets through Ethernet input interfaces, switching the Ethernet packets from the Ethernet input interfaces to Ethernet output interfaces, and responsive to the Ethernet HRoT reporting parameter, encoding Ethernet switch HW IDs and transferring additional probe response packets to the network probe system that indicate the encoded Ethernet switch HW IDs, the Ethernet input interfaces, and the Ethernet output interfaces; and
      
      the network probe system, processing the additional probe response packets to identify an end-to-end Ethernet communication path for the end-to-end IP communication path based on the Ethernet input interfaces and the Ethernet output interfaces and responsively determining the hardware trust status for the end-to-end IP communication path also based on the encoded Ethernet switch HW IDs.
  - 8. The method of claim 7 wherein determining the hardware trust status for the end-to-end IP communication path comprises determining if all reported ones of the Ethernet output interfaces are coupled to reported ones of the Ethernet input interfaces or IP address endpoints.
  - 9. The method of claim 1 further comprisingthe network probe system transferring the network probe packets having a Network Function Virtualization (NFV) reporting parameter;
    - the IP routers identifying their NFV time slices response to the NFV reporting parameter and indicating the NFV time slices in the probe response packets; and
      
      in the network probe system, determining NFV trust status for the end-to-end IP communication path based on the NFV time slice indications for the IP routers.
  - 10. The method of claim 9 wherein the NFV reporting parameter comprises an IP port number.

11. A data communication system to determine hardware trust for Internet Protocol (IP) communications, the data communication system comprising:
- a network probe system configured to transfer network probe packets having an originating IP address, a destination IP address, and an IP Hardware Root-of-Trust (HRoT) reporting parameter;
  
  a plurality of IP routers configured to receive the network probe packets through IP input interfaces, route the probe packets from the IP input interfaces to IP output interfaces based on the destination IP address, and responsive to the IP HRoT reporting parameter, encode IP router Hardware Identifiers (HW IDs) and transfer probe response packets to the network probe system that indicate the encoded IP router HW IDs, the IP input interfaces, and the IP output interfaces; and
  
  the network probe system configured to process the probe response packets to identify an end-to-end IP communication path for the originating IP address and the destination IP address based on the IP input interfaces and the IP output interfaces and responsively determine hardware trust status for the end-to-end IP communication path based on the encoded IP router HW IDs.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The data communication system of claim 11 wherein the network probe system is configured to determine if all reported ones of the IP output interfaces are coupled to reported ones of the IP input interfaces or IP address endpoints.
  - 13. The data communication system of claim 11 wherein the IP HRoT reporting parameter comprises an IP port number.
  - 14. The data communication system of claim 11 further comprising:
    - a plurality of Software Defined Network (SDN) IP flow controllers that connect the IP routers and that are configured to receive the network probe packets through flow controller input interfaces, forward the network probe packets from the flow controller input interfaces to flow controller output interfaces, and responsive to the IP HRoT reporting parameters, encode IP flow controller HW IDs and transfer additional probe response packets to the network probe system that indicate the encoded IP flow controller HW IDs, the flow controller input interfaces, and the flow controller output interfaces; and
      
      the network probe system configured to process the additional probe response packets to identify an end-to-end SDN communication path for the end-to-end IP communication path based on the flow controller input interfaces and the flow controller output interfaces and responsively determine the hardware trust status for the end-to-end IP communication path also based on the encoded IP flow controller HW IDs.
  - 15. The data communication system of claim 14 wherein the network probe system is configured to determine if all reported ones of the flow controller output interfaces are coupled to reported ones of the flow controller input interfaces or IP address endpoints.
  - 16. The data communication system of claim 15 wherein the IP HRoT reporting parameter comprises an IP port number.
  - 17. The data communication system of claim 11 further comprising:
    - the network probe system transferring the network probe packets having an Ethernet HRoT reporting parameter;
      
      a plurality of Ethernet switches that connect the IP routers and that are configured to receive the network probe packets through Ethernet input interfaces, switch the Ethernet packets from the Ethernet input interfaces to Ethernet output interfaces, and responsive to the Ethernet HRoT reporting parameter, encode Ethernet switch HW IDs and transfer additional probe response packets to the network probe system that indicate the encoded Ethernet switch HW IDs, the Ethernet input interfaces, and the Ethernet output interfaces; and
      
      the network probe system is further configured to process the additional probe response packets to identify an end-to-end Ethernet communication path for the end-to-end IP communication path based on the Ethernet input interfaces and the Ethernet output interfaces and responsively determine the hardware trust status for the end-to-end IP communication path also based on the encoded Ethernet switch HW IDs.
  - 18. The data communication system of claim 17 wherein the network probe system configured to determine if all reported ones of the Ethernet output interfaces are coupled to reported ones of the Ethernet input interfaces or IP address endpoints.
  - 19. The data communication system of claim 11 wherein:
    - the network probe system is configured to transfer the network probe packets having a Network Function Virtualization (NFV) reporting parameter;
      
      the IP routers are configured to identify their NFV time slices response to the NFV reporting parameter and indicate the NFV time slices in the probe response packets; and
      
      the network probe system is configured to determine NFV trust status for the end-to-end IP communication path based on the NFV time slice indications for the IP routers.
  - 20. The data communication system of claim 19 wherein the NFV reporting parameter comprises an IP port number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Marquardt, Ronald R., Paczkowski, Lyle Walter, Rajagopal, Arun
Primary Examiner(s)
Phan, Tri H

Application Number

US14/662,870
Time in Patent Office

621 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 43/106   using time related informat...

H04L 45/02   Topology update or discovery

H04L 45/036   Updating the topology betwe...

H04L 45/26   Route discovery packet

H04L 45/38   Flow based routing

H04L 45/586   of virtual routers

H04L 45/64   using an overlay routing layer

H04L 45/66   Layer 2 routing, e.g. in Et...

H04L 45/74   Address processing for routing

H04L 49/70   Virtual switches

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 69/22   Parsing or analysis of headers

Hardware root of trust (HROT) for internet protocol (IP) communications

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Hardware root of trust (HROT) for internet protocol (IP) communications

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others