James R Kleinsteiber

US Patent:

7036013, Apr 25, 2006

Filed:

Jan 31, 2002

Appl. No.:

10/061976

Inventors:

Vidya Renganarayanan - Santa Clara CA, US
Richard L. Hammons - Hollister CA, US
James Kleinsteiber - San Jose CA, US

Assignee:

Brocade Communications Systems, Inc. - San Jose CA

International Classification:

G06F 9/00

US Classification:

713178, 713150, 713153, 713158

Abstract:

A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fiber Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.

US Patent:

7243367, Jul 10, 2007

Filed:

Jan 31, 2002

Appl. No.:

10/062860

Inventors:

James Kleinsteiber - San Jose CA, US
Richard L. Hammons - Hollister CA, US
Shankar Balasubramanian - Sunnyvale CA, US

Assignee:

Brocade Communications Systems, Inc. - San Jose CA

International Classification:

G06F 7/04
G06F 15/16
H04L 9/00
H04L 12/00

US Classification:

726 3, 726 4, 713169, 718103

Abstract:

A method and system for starting up a network or network device with particular discussion regarding Fibre Channel networks and switches. The method and system relate to powering on or re-starting a plurality of Fibre Channel switching devices, each of those devices having ports. The system generally calls for the selection of a priority threshold that relates to the importance of tasks in fabric formation. Some embodiments of the system exploit a port authentication procedure to separate the execution of tasks higher in priority than the threshold from tasks lower in priority than the threshold.

US Patent:

7873984, Jan 18, 2011

Filed:

Jan 31, 2002

Appl. No.:

10/066251

Inventors:

Richard L. Hammons - Hollister CA, US
James Kleinsteiber - San Jose CA, US
Hung Nguyen - San Jose CA, US
Shankar Balasubramanian - Sunnyvale CA, US
Vidya Renganarayanan - Santa Clara CA, US

Assignee:

Brocade Communications Systems, Inc. - San Jose CA

International Classification:

G06F 17/00

US Classification:

726 1, 726 2, 726 3, 726 6, 709223, 709224, 709225

Abstract:

A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fiber Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

US Patent:

8621567, Dec 31, 2013

Filed:

Aug 5, 2005

Appl. No.:

11/198834

Inventors:

James Kleinsteiber - San Jose CA, US
Richard L. Hammons - Hollister CA, US
Dilip Gunawardena - Redwood Shores CA, US
Hung Nguyen - San Jose CA, US
Shankar Balasubramanian - Sunnyvale CA, US

Assignee:

Brocade Communications Systems, Inc. - San Jose CA

International Classification:

G06F 21/00

US Classification:

726 3

Abstract:

A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions.

US Patent:

20030120915, Jun 26, 2003

Filed:

Jan 31, 2002

Appl. No.:

10/062853

Inventors:

James Kleinsteiber - San Jose CA, US
Richard Hammons - Hollister CA, US
Dilip Gunawardena - Redwood Shores CA, US
Shankar Balasubramanian - Sunnyvale CA, US

Assignee:

Brocade Communications Systems, Inc.

International Classification:

H04L009/00

US Classification:

713/153000

Abstract:

A method and system for authenticating devices in a network with particular discussion regarding Fibre Channel networks and switches. The method and system relate to mutual authentication between two connected ports. Generally, such two ports are connected by a medium dedicated exclusively to those ports. The method and system involve the exchange of authenticating information between the ports including host switch information, various encode or decode information, and secreting technique information such as encryption key information. Varying embodiments allow for full mutual authentication between two ports with a two, three or four phase exchange. Furthermore, by employing the authentication processes multiple times, full switching devices may be mutually authenticated.

US Patent:

20030163692, Aug 28, 2003

Filed:

Jan 31, 2002

Appl. No.:

10/062125

Inventors:

James Kleinsteiber - San Jose CA, US
Richard Hammons - Hollister CA, US
Dilip Gunawardena - Redwood Shores CA, US
Hung Nguyen - San Jose CA, US
Shankar Balasubramanian - Sunnyvale CA, US

Assignee:

Brocade Communications Systems, Inc.

International Classification:

H04L009/00

US Classification:

713/169000

Abstract:

A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions. The push-model secure time distribution departs from the traditional Fibre Channel pull mode time distribution and provides for secure and reliable distributed time so that various security attacks may be defeated.

US Patent:

20050268091, Dec 1, 2005

Filed:

Jun 3, 2005

Appl. No.:

11/144983

Inventors:

Vidya Renganarayanan - Santa Clara CA, US
Richard Hammons - Hollister CA, US
James Kleinsteiber - San Jose CA, US

Assignee:

Brocade Communications Systems - San Jose CA

International Classification:

H04L009/00

US Classification:

713163000

Abstract:

A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fibre Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.

US Patent:

20060059540, Mar 16, 2006

Filed:

Nov 8, 2005

Appl. No.:

11/269365

Inventors:

Richard Hammons - Hollister CA, US
James Kleinsteiber - San Jose CA, US
Hung Nguyen - San Jose CA, US
Shankar Balasubramanian - Sunnyvale CA, US
Vidya Renganarayanan - Santa Clara CA, US

International Classification:

H04L 9/32

US Classification:

726002000

Abstract:

A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.