公开(公告)号：US20170208090A1

公开(公告)日：2017-07-20

申请号：US15480059

申请日：2017-04-05

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Arun Rajagopal

IPC: H04L29/06 ,  H04W12/12

CPC classification number: H04L63/0823 ,  G06F21/577 ,  G06F21/604 ,  G06F21/71 ,  H04L9/3234 ,  H04L41/0246 ,  H04L41/0803 ,  H04L41/28 ,  H04L45/38 ,  H04L63/0254 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/166 ,  H04L63/20 ,  H04W12/12

Abstract: A Software-Defined Network (SDN) data-plane machine stores flow data and a hardware-trust key. The SDN data-plane machine receives and processes a hardware-trust challenge based on the hardware-trust key to generate and transfer a hardware-trust response. The SDN data-plane machine receives and routes user data based on the flow data. The SDN data-plane machine receives modification data from an SDN controller. The SDN data-plane machine validates hardware-trust of the SDN controller and modifies the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. The SDN data-plane machine receives and routes additional user data responsive to the modified flow data.

公开(公告)号：US09654465B2

公开(公告)日：2017-05-16

申请号：US14872578

申请日：2015-10-01

Applicant: Sprint Communications Company L.P.

Inventor： Marouane Balmakhtar ,  Arun Rajagopal

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/721 ,  G06F21/60 ,  G06F21/57

CPC classification number: H04L63/0823 ,  G06F21/577 ,  G06F21/604 ,  G06F21/71 ,  H04L9/3234 ,  H04L41/0246 ,  H04L41/0803 ,  H04L41/28 ,  H04L45/38 ,  H04L63/0254 ,  H04L63/0876 ,  H04L63/1441 ,  H04L63/166 ,  H04L63/20 ,  H04W12/12

Abstract: In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats.