What technology area does this patent fall under?

Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Apparatus to automatically establish or modify mutual authentications amongst the components in a software defined networking (SDN) solution

US11265316B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11265316-B2
Application number	US-202016998371-A
Country	US
Kind code	B2
Filing date	Aug 20, 2020
Priority date	Sep 11, 2019
Publication date	Mar 1, 2022
Grant date	Mar 1, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance and providing the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager. Embodiments include adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store and providing, by the network manager, a network manager certificate to the node of the monitoring appliance. Embodiments include adding, by the node of the monitoring appliance, the network manager certificate to a second trust store.

First claim

Opening claim text (preview).

We claim: 1. A method of establishing mutual authentication between components in a network, comprising: receiving, by a virtualization manager, a request to deploy a node of a monitoring appliance, wherein the request comprises a token for accessing a network manager; deploying, by the virtualization manager, the node of the monitoring appliance in response to the request; providing, by the virtualization manager, the token for accessing the network manager to the node of the monitoring appliance; generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance; providing, by the node of the monitoring appliance, the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager; adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store; providing, by the network manager, a network manager certificate to the node of the monitoring appliance; and adding, by the node of the monitoring appliance, the network manager certificate to a second trust store. 2. The method of claim 1 , wherein providing, by the node of the monitoring appliance, the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager comprises providing, by a messaging broker located in the node of the monitoring appliance, the certificate of the node of the monitoring appliance and the token for accessing the network manager to an agent of the monitoring appliance located in the network manager. 3. The method of claim 1 , further comprising: providing, by the network manager, a host certificate of a given host machine to the node of the monitoring appliance; adding, by the node of the monitoring appliance, the host certificate to the second trust store. 4. The method of claim 1 , further comprising: providing, by an additional node of the monitoring appliance, a respective certificate of the additional node of the monitoring appliance to the network manager with the token for accessing the network manager; adding, by the network manager, based on the token for accessing the network manager, the respective certificate of the additional node of the monitoring appliance to the first trust store; providing, by the network manager, the respective certificate of the additional node of the monitoring appliance to the node of the monitoring appliance; and adding, by the node of the monitoring appliance, the respective certificate of the additional node of the monitoring appliance to the second trust store. 5. The method of claim 4 , further comprising: sending, by the network manager, an undeployment request for the node of the monitoring appliance to the virtualization manager; removing, by the virtualization manager, the node of the monitoring appliance from the network; removing, by the network manager, the certificate of the node of the monitoring appliance from the first trust store. 6. The method of claim 5 , further comprising: sending, by the network manager, an identifier of the node of the monitoring appliance to the additional node of the monitoring appliance; and removing, by the additional node of the monitoring appliance, the certificate of the node of the monitoring appliance from a third trust store. 7. The method of claim 1 , further comprising: sending, by the network manager, an updated network manager certificate to the node of the monitoring appliance; adding, by the node of the monitoring appliance, the updated network manager certificate to the second trust store; and sending, by the node of the monitoring appliance, a notification to the network manager that the updated network manager certificate was successfully imported. 8. The method of claim 7 , further comprising: removing, by the network manager, the network manager certificate; providing, by the network manager, an identifier of the network manager certificate to the node of the monitoring appliance; and removing, by the node of the monitoring appliance, the network manager certificate from the second trust store. 9. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors of a computing system, cause the computing system to perform a method of establishing mutual authentication between components in a network, the method comprising: receiving, by a virtualization manager, a request to deploy a node of a monitoring appliance, wherein the request comprises a token for accessing a network manager; deploying, by the virtualization manager, the node of the monitoring appliance in response to the request; providing, by the virtualization manager, the token for accessing the network manager to the node of the monitoring appliance; generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appliance; providing, by the node of the monitoring appliance, the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager; adding, by the network manager, based on the token for accessing the network manager, the certificate of the node of the monitoring appliance to a first trust store; providing, by the network manager, a network manager certificate to the node of the monitoring appliance; and adding, by the node of the monitoring appliance, the network manager certificate to a second trust store. 10. The non-transitory computer readable medium of claim 9 , wherein providing, by the node of the monitoring appliance, the certificate of the node of the monitoring appliance to the network manager with the token for accessing the network manager comprises providing, by a messaging broker located in the node of the monitoring appliance, the certificate of the node of the monitoring appliance and the token for accessing the network manager to an agent of the monitoring appliance located in the network manager. 11. The non-transitory computer readable medium of claim 9 , wherein the method further comprises: providing, by the network manager, a host certificate of a given host machine to the node of the monitoring appliance; adding, by the node of the monitoring appliance, the host certificate to the second trust store. 12. The non-transitory computer readable medium of claim 9 , wherein the method further comprises: providing, by an additional node of the monitoring appliance, a respective certificate of the additional node of the monitoring appliance to the network manager with the token for accessing the network manager; adding, by the network manager, based on the token for accessing the network manager, the respective certificate of the additional node of the monitoring appliance to the first trust store; providing, by the network manager, the respective certificate of the additional node of the monitoring appliance to the node of the monitoring appliance; and adding, by the node of the monitoring appliance, the respective certificate of the additional node of the monitoring appliance to the second trust store. 13. The non-transitory computer readable medium of claim 12 , wherein the method further comprises: sending, by the network manager, an undeployment request for the node of the monitoring appliance to the virtualization manager; removing, by the virtualization manager, the node of the monitoring appliance from the network; removing, by the network manager, the certificate of the node of the monitoring appliance from the first trust store.

Assignees

Vmware Inc

Inventors

Classifications

H04L63/0853
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/0869Primary
for achieving mutual authentication (cryptographic mechanisms or cryptographic arrangements for mutual authentication H04L9/3273) · CPC title
H04L63/1408
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title

Patent family

Related publications grouped by family.

View patent family 74850241

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11265316B2 cover?: The disclosure provides an approach for establishing authentication between components in a network. Embodiments deploying a node of a monitoring appliance in response to a request and providing a token for accessing a network manager to the node of the monitoring appliance. Embodiments include generating, by the node of the monitoring appliance, a certificate of the node of the monitoring appl…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).