×

System and method for supporting persistent secure management key (M—Key) in a network environment

  • US 9,852,199 B2
  • Filed: 05/10/2013
  • Issued: 12/26/2017
  • Est. Priority Date: 05/10/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for supporting security management by a subnet manager (SM) on a network switch in a network environment, the network switch comprising a switch chip comprising a switch chip memory and a processor coupled with the switch chip memory, the method comprising:

  • setting up a management key (M_Key) on the switch chip memory of the switch chip in the network switch in the network environment;

    operating a local monitoring daemon on the network switch;

    operating a transactional command line interface (CLI) on the network switch;

    persistently storing, via the local monitoring daemon on the network switch, a current M_Key to the switch chip memory of the switch chip as a persistent secret M_Key;

    prior to enabling external connectivity between the network switch and the network environment following the network switch becoming unmanageable by the SM relative to secure communication between the network switch and the network environment, initializing the M_Key set up on the switch chip memory of the switch chip to match that of the persistent secret M_Key persistently stored to the switch chip memory of the switch chip by the local monitoring daemon;

    preventing any external links of the network switch relative to the network environment from becoming operational unless;

    the persistent secret M_Key initialized to the M_Key set up on the switch chip memory of the switch is a recognized M_Key in the network environment, ora refreshed M_Key, selectively received via the CLI operating on the network switch responsive to the persistent secret M_Key initialized to the M_Key set up on the switch chip memory of the switch chip being an unrecognized M-Key in the network environment, is a recognized M_Key in the network environment, orthe refreshed M_Key, selectively received via the CLI operating on the network switch responsive to the persistent secret M_Key initialized to the M_Key set up on the switch chip memory of the switch chip being an unrecognized M-Key in the network environment, is an M_Key recognized by the local SM; and

    authenticating the network switch relative to the network environment by the local SM using;

    the persistent secret M_Key initialized to the M_Key set up on the switch chip memory of the switch chip, orthe refreshed M_Key received via the CLI.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×