Vidya Renganarayanan - Santa Clara CA, US Richard L. Hammons - Hollister CA, US James Kleinsteiber - San Jose CA, US
Assignee:
Brocade Communications Systems, Inc. - San Jose CA
International Classification:
G06F 9/00
US Classification:
713178, 713150, 713153, 713158
Abstract:
A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fiber Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.
Method And Apparatus For Starting Up A Network Or Fabric
James Kleinsteiber - San Jose CA, US Richard L. Hammons - Hollister CA, US Shankar Balasubramanian - Sunnyvale CA, US
Assignee:
Brocade Communications Systems, Inc. - San Jose CA
International Classification:
G06F 7/04 G06F 15/16 H04L 9/00 H04L 12/00
US Classification:
726 3, 726 4, 713169, 718103
Abstract:
A method and system for starting up a network or network device with particular discussion regarding Fibre Channel networks and switches. The method and system relate to powering on or re-starting a plurality of Fibre Channel switching devices, each of those devices having ports. The system generally calls for the selection of a priority threshold that relates to the importance of tasks in fabric formation. Some embodiments of the system exploit a port authentication procedure to separate the execution of tasks higher in priority than the threshold from tasks lower in priority than the threshold.
Network Security Through Configuration Servers In The Fabric Environment
Richard L. Hammons - Hollister CA, US James Kleinsteiber - San Jose CA, US Hung Nguyen - San Jose CA, US Shankar Balasubramanian - Sunnyvale CA, US Vidya Renganarayanan - Santa Clara CA, US
Assignee:
Brocade Communications Systems, Inc. - San Jose CA
A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fiber Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.
Network Security And Applications To The Fabric Environment
James Kleinsteiber - San Jose CA, US Richard L. Hammons - Hollister CA, US Dilip Gunawardena - Redwood Shores CA, US Hung Nguyen - San Jose CA, US Shankar Balasubramanian - Sunnyvale CA, US
Assignee:
Brocade Communications Systems, Inc. - San Jose CA
International Classification:
G06F 21/00
US Classification:
726 3
Abstract:
A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions.
Node And Port Authentication In A Fibre Channel Network
James Kleinsteiber - San Jose CA, US Richard Hammons - Hollister CA, US Dilip Gunawardena - Redwood Shores CA, US Shankar Balasubramanian - Sunnyvale CA, US
Assignee:
Brocade Communications Systems, Inc.
International Classification:
H04L009/00
US Classification:
713/153000
Abstract:
A method and system for authenticating devices in a network with particular discussion regarding Fibre Channel networks and switches. The method and system relate to mutual authentication between two connected ports. Generally, such two ports are connected by a medium dedicated exclusively to those ports. The method and system involve the exchange of authenticating information between the ports including host switch information, various encode or decode information, and secreting technique information such as encryption key information. Varying embodiments allow for full mutual authentication between two ports with a two, three or four phase exchange. Furthermore, by employing the authentication processes multiple times, full switching devices may be mutually authenticated.
James Kleinsteiber - San Jose CA, US Richard Hammons - Hollister CA, US Dilip Gunawardena - Redwood Shores CA, US Hung Nguyen - San Jose CA, US Shankar Balasubramanian - Sunnyvale CA, US
Assignee:
Brocade Communications Systems, Inc.
International Classification:
H04L009/00
US Classification:
713/169000
Abstract:
A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions. The push-model secure time distribution departs from the traditional Fibre Channel pull mode time distribution and provides for secure and reliable distributed time so that various security attacks may be defeated.
Secure Distributed Time Service In The Fabric Environment
Vidya Renganarayanan - Santa Clara CA, US Richard Hammons - Hollister CA, US James Kleinsteiber - San Jose CA, US
Assignee:
Brocade Communications Systems - San Jose CA
International Classification:
H04L009/00
US Classification:
713163000
Abstract:
A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fibre Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.
Network Security Through Configuration Servers In The Fabric Environment
Richard Hammons - Hollister CA, US James Kleinsteiber - San Jose CA, US Hung Nguyen - San Jose CA, US Shankar Balasubramanian - Sunnyvale CA, US Vidya Renganarayanan - Santa Clara CA, US
International Classification:
H04L 9/32
US Classification:
726002000
Abstract:
A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.