公开(公告)号：US08621567B2

公开(公告)日：2013-12-31

申请号：US11198834

申请日：2005-08-05

申请人： James Kleinsteiber ,  Richard L. Hammons ,  Dilip Gunawardena ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

发明人： James Kleinsteiber ,  Richard L. Hammons ,  Dilip Gunawardena ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/104 ,  H04L63/20 ,  H04L2463/102

摘要： A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions. The push-model secure time distribution departs from the traditional Fibre Channel pull mode time distribution and provides for secure and reliable distributed time so that various security attacks may be defeated.

摘要翻译： 一种用于保护网络的方法和设备，专注于光纤通道网络中的应用。 组合独特的安全技术，提供整体网络安全。 将网络中的安全责任分配给一个或多个指定实体。 指定实体在整个网络中部署管理信息，通过修改参与网络的设备的功能和操作许可来增强安全性。 例如，通过网络控制：逻辑管理访问或物理I / O访问可能在每个设备或每个I / O的基础上受到限制; 并且网络中的所有设备和端口仅与其他已批准的设备和端口一起工作。 这些指定实体可以通过利用独特的链路认证系统以及独特的推模型安全分发时间服务来更好地管理网络安全。 链路认证涉及利用随机数的各种推导和其他信息（如散列和加密）的多阶段随机交换。 推模型安全时间分配与传统的光纤通道拉模式时间分布不符，提供了安全可靠的分发时间，从而可能会破坏各种安全攻击。

公开(公告)号：US20060005233A1

公开(公告)日：2006-01-05

申请号：US11198834

申请日：2005-08-05

申请人： James Kleinsteiber ,  Richard Hammons ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

发明人： James Kleinsteiber ,  Richard Hammons ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

IPC分类号： G06F15/16 ,  G06F17/30 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00 ,  G06K9/00 ,  H04L9/32

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/104 ,  H04L63/20 ,  H04L2463/102

摘要： A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions. The push-model secure time distribution departs from the traditional Fibre Channel pull mode time distribution and provides for secure and reliable distributed time so that various security attacks may be defeated.

公开(公告)号：US20080072309A1

公开(公告)日：2008-03-20

申请号：US11860228

申请日：2007-09-24

申请人： JAMES KLEINSTEIBER ,  Richard Hammons ,  Dilip Gunawardena ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

发明人： JAMES KLEINSTEIBER ,  Richard Hammons ,  Dilip Gunawardena ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganararayanan

IPC分类号： G06F15/16 ,  H04L9/00

CPC分类号： H04L63/08 ,  H04L63/0428 ,  H04L63/0823 ,  H04L63/0869 ,  H04L63/104 ,  H04L63/20 ,  H04L2463/102

摘要： A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service. The link authentication involves a multi-phase nonce exchange exploiting various derivations of the nonce and other information such as hashes and encryptions. The push-model secure time distribution departs from the traditional Fibre Channel pull mode time distribution and provides for secure and reliable distributed time so that various security attacks may be defeated.

摘要翻译： 一种用于保护网络的方法和设备，专注于光纤通道网络中的应用。 结合独特的安全技术，提供整体网络安全。 将网络中的安全责任分配给一个或多个指定实体。 指定实体在整个网络中部署管理信息，通过修改参与网络的设备的功能和操作许可来增强安全性。 例如，通过网络控制：逻辑管理访问或物理I / O访问可能在每个设备或每个I / O的基础上受到限制; 并且网络中的所有设备和端口仅与其他已批准的设备和端口一起工作。 这些指定实体可以通过利用独特的链路认证系统以及独特的推模型安全分发时间服务来更好地管理网络安全。 链路认证涉及利用随机数的各种推导和其他信息（如散列和加密）的多阶段随机交换。 推模型安全时间分配与传统的光纤通道拉模式时间分布不符，提供了安全可靠的分发时间，从而可能会破坏各种安全攻击。

公开(公告)号：US20060080727A1

公开(公告)日：2006-04-13

申请号：US11269331

申请日：2005-11-08

申请人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

发明人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

IPC分类号： H04L9/32 ,  G06F15/16 ,  G06F17/30 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00 ,  G06K9/00

CPC分类号： H04L63/0823 ,  H04L63/0428 ,  H04L63/101

摘要： A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

公开(公告)号：US20060059540A1

公开(公告)日：2006-03-16

申请号：US11269365

申请日：2005-11-08

申请人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

发明人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  H04L63/0428 ,  H04L63/101

摘要： A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

公开(公告)号：US20050268091A1

公开(公告)日：2005-12-01

申请号：US11144983

申请日：2005-06-03

申请人： Vidya Renganarayanan ,  Richard Hammons ,  James Kleinsteiber

发明人： Vidya Renganarayanan ,  Richard Hammons ,  James Kleinsteiber

IPC分类号： H04L12/24 ,  H04L29/06 ,  H04L9/00

CPC分类号： H04L41/0893 ,  H04L41/0213 ,  H04L63/20

摘要： A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fibre Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.

摘要翻译： 讨论安全和分布式的时间服务以用于网络。 特别地，本发明涉及光纤通道网络和使用推模型的时间服务的安全分发。 为了在推模式上分配时间，一个实体对网络中的时间负责。 网络中的其他实体通过衡量自上一次更新以来的经过时间来定期接收时间更新并检查其自身时间的有效性。 通过应用加密技术的独特组合来保护时间服务。

公开(公告)号：US07873984B2

公开(公告)日：2011-01-18

申请号：US10066251

申请日：2002-01-31

申请人： Richard L. Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

发明人： Richard L. Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

IPC分类号： G06F17/00

CPC分类号： H04L63/0823 ,  H04L63/0428 ,  H04L63/101

摘要： A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fiber Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

摘要翻译： 网络配置设备或实体具有在网络中或在许多实施例中在光纤通道结构中的定义的管理和安全功能的控制。 网络配置设备可以控制许多功能。 最重要的是，它可以控制网络配置实体的识别，操作和继承过程。 它还可以控制网络的用户可配置选项，网络中其他实体之间的交互规则，管理对网络的管理级访问的规则，以及管理对网络中各个设备的管理级访问的规则。 此外，网络配置实体可以利用策略集来实现其控制。

公开(公告)号：US07243367B2

公开(公告)日：2007-07-10

申请号：US10062860

申请日：2002-01-31

申请人： James Kleinsteiber ,  Richard L. Hammons ,  Shankar Balasubramanian

发明人： James Kleinsteiber ,  Richard L. Hammons ,  Shankar Balasubramanian

IPC分类号： G06F7/04 ,  G06F15/16 ,  H04L9/00 ,  H04L12/00

CPC分类号： H04L63/0869 ,  H04L49/357

摘要： A method and system for starting up a network or network device with particular discussion regarding Fibre Channel networks and switches. The method and system relate to powering on or re-starting a plurality of Fibre Channel switching devices, each of those devices having ports. The system generally calls for the selection of a priority threshold that relates to the importance of tasks in fabric formation. Some embodiments of the system exploit a port authentication procedure to separate the execution of tasks higher in priority than the threshold from tasks lower in priority than the threshold.

摘要翻译： 一种用于启动网络或网络设备的方法和系统，具体涉及光纤通道网络和交换机。 该方法和系统涉及为多个光纤通道交换设备供电或重新启动，每个设备具有端口。 系统通常要求选择与织物形成中的任务的重要性有关的优先级阈值。 该系统的一些实施例利用端口认证过程，从优先级低于阈值的任务中分离优先级高于阈值的任务的执行。

公开(公告)号：US07036013B2

公开(公告)日：2006-04-25

申请号：US10061976

申请日：2002-01-31

申请人： Vidya Renganarayanan ,  Richard L. Hammons ,  James Kleinsteiber

发明人： Vidya Renganarayanan ,  Richard L. Hammons ,  James Kleinsteiber

IPC分类号： G06F9/00

CPC分类号： H04L41/0893 ,  H04L41/0213 ,  H04L63/20

摘要： A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fiber Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.

摘要翻译： 讨论安全和分布式的时间服务以用于网络。 特别地，本发明涉及光纤通道网络和使用推模型的时间服务的安全分发。 为了在推模式上分配时间，一个实体对网络中的时间负责。 网络中的其他实体通过衡量自上一次更新以来的经过时间来定期接收时间更新并检查其自身时间的有效性。 通过应用加密技术的独特组合来保护时间服务。

公开(公告)号：US20060064743A1

公开(公告)日：2006-03-23

申请号：US11269437

申请日：2005-11-08

申请人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

发明人： Richard Hammons ,  James Kleinsteiber ,  Hung Nguyen ,  Shankar Balasubramanian ,  Vidya Renganarayanan

IPC分类号： H04L9/32 ,  G06F17/30 ,  G06F15/16 ,  G06F7/04 ,  G06F7/58 ,  G06K19/00 ,  G06K9/00

CPC分类号： H04L63/0823 ,  H04L63/0428 ,  H04L63/101

摘要： A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.