Network switch with hierarchical security

US 9,590,998 B2
Filed: 07/02/2014
Issued: 03/07/2017
Est. Priority Date: 07/02/2014
Status: Active Grant

First Claim

Patent Images

1. A network circuit switch, comprising:

a plurality of input ports and a plurality of output ports;

a switch fabric coupled to the plurality of input ports and the plurality of output ports; and

a switch controller configured to;

receive and store configuration data including data identifying a plurality of users and data defining which of the plurality of input ports and which of the plurality of output ports each user has authority over;

receive, from a requesting user from the plurality of users, a request to make a requested connection between a select input port from the plurality of input ports and a selected output port from the plurality of output ports,determine, based on the stored configuration data, if the requesting user has authority over both the selected input port and the selected output port, andrefuse to make the requested connection if the requesting user does not have authority over both the selected input port and the selected output port.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network switches and methods are disclosed. A network switch may include multiple input ports and multiple output ports, a switch fabric, and switch controller. The controller may receive and store data identifying a plurality of users and data defining which input ports and which output ports each user has authority over. The controller may receive, from a requesting user from the plurality of users, a request to make a connection between a selected input port and a selected output port. The controller may determine, based on the stored data, if the requesting user has authority over both the selected input port and the selected output port. The controller may refuse to make the requested connection if the requesting user does not have authority over both the selected input port and the selected output port.

36 Citations

16 Claims

1. A network circuit switch, comprising:
- a plurality of input ports and a plurality of output ports;
  
  a switch fabric coupled to the plurality of input ports and the plurality of output ports; and
  
  a switch controller configured to;
  
  receive and store configuration data including data identifying a plurality of users and data defining which of the plurality of input ports and which of the plurality of output ports each user has authority over;
  
  receive, from a requesting user from the plurality of users, a request to make a requested connection between a select input port from the plurality of input ports and a selected output port from the plurality of output ports,determine, based on the stored configuration data, if the requesting user has authority over both the selected input port and the selected output port, andrefuse to make the requested connection if the requesting user does not have authority over both the selected input port and the selected output port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The network circuit switch of claim 1, the switch controller further configured to:
    - cause the requested connection to be made from the selected input port to the selected output port via the switch fabric if the requesting user has authority over both the selected input port and the selected output port.
  - 3. The network circuit switch of claim 1, the switch controller further configured to:
    - determine if the requested connection violates any of one or more rules associated with the selected input port and/or the selected output port,refuse to make the requested connection if one or more rule is violated, andcause the requested connection to be made from the selected input port to the selected output port via the switch fabric if the requesting user has authority over both the selected input port and the selected output port and no rule is violated.
  - 4. The network circuit switch of claim 1, whereineach of the plurality of input ports and each of the plurality of output ports is associated with one or more user from the plurality of users.
  - 5. The network circuit switch of claim 4, wherein the requesting user has authority to make the requested connection if the requesting user is associated with both the selected input port and the selected output port.
  - 6. The network circuit switch of claim 4, whereinthe plurality of users have a hierarchical organization wherein some users supervise other users, andthe requesting user has authority to make the requested connection if, for both the selected input port and the selected output port, the requesting user is either associated with the port or supervises another user that is associated with the port.
  - 7. The network circuit switch of claim 4, whereineach of the plurality of users is assigned to a level from two or more hierarchical security levels, andthe requesting user has authority to make the requested connection if, for both the selected input port and the selected output port, the requesting user is either associated with the port or assigned to a higher security level that another user that is associated with the port.
  - 8. The network circuit switch of claim 4, whereinthe plurality of input ports and the plurality of output ports are organized as two or more ports groups, each port group containing one or more input and/or output port,each of the two or more port groups is associated with one or more user from the plurality of users, andeach of the plurality of input ports and the plurality of output ports is a member of exactly one port group and inherits user associations from the port group of which it is a member.

9. A method for making connections in a network circuit switch having a plurality of input ports and a plurality of output ports, the method comprising:
- receiving and storing configuration data including data identifying a plurality of users and data defining which of the plurality of input ports and which of the plurality of output ports each user has authority over;
  
  receiving, from a requesting user from the plurality of users, a request to make a requested connection between a selected input port from the plurality of input ports and a selected output port from the plurality of output ports;
  
  determining, based on the stored configuration data, if the requesting user has authority over both the selected input port and the selected output port; and
  
  refusing to make the requested connection if the requesting user does not have authority over both the selected input port and the selected output port.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising:
    - causing the requested connection to be made from the selected input port to the selected output port via a switch fabric if the requesting user has authority over both the selected input port and the selected output port.
  - 11. The method of claim 9, further comprising:
    - determining if the requested connection violates any of one or more rules associated with the selected input port and/or the selected output port,refusing to make the requested connection if one or more rule is violated, andcausing the requested connection to be made from the selected input port to the selected output port via a switch fabric if the requesting user has authority over both the selected input port and the selected output port and no rule is violated.
  - 12. The method of claim 9, further comprising:
    - associating each of the plurality of input ports and each of the plurality of output ports with one or more user from the plurality of users.
  - 13. The method of claim 12, whereinthe requesting user has authority to make the requested connection if the requesting user is associated with both the selected input port and the selected output port.
  - 14. The method of claim 12, whereinthe plurality of users have a hierarchical organization wherein some users supervise other users, andthe requesting user has authority to make the requested connection if, for both the selected input port and the selected output port, the requesting user is either associated with the port or supervises another user that is associated with the port.
  - 15. The method of claim 12, whereineach of the plurality of users is assigned to a level from two or more hierarchical security levels, andthe requesting user has authority to make the requested connection if, for both the selected input port and the selected output port, the requesting user is either associated with the port or assigned to a higher security level that another user that is associated with the port.
  - 16. The method of claim 12, whereinthe plurality of input ports and the plurality of output ports are organized as two or more ports groups, each port group containing one or more input and/or output port,each of the two or more port groups is associated with one or more user from the plurality of users, andeach of the plurality of input ports and the plurality of output ports is a member of exactly one port group and inherits user associations from the port group of which it is a member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CALIENT Technologies, Inc.
Original Assignee
CALIENT Technologies, Inc.
Inventors
Miglani, Jitender, Thattai, Vijayan
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US14/322,043
Publication Number

US 20160006741A1
Time in Patent Office

979 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 12/56   Packet switching systems

H04L 49/25   Routing or path finding in ...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Network switch with hierarchical security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Network switch with hierarchical security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links