Method and apparatus for securing clock synchronization in a network
US-2015117471-A1 · Apr 30, 2015 · US
Providing secure networks
US2016373441A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016373441-A1 |
| Application number | US-201514740454-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 16, 2015 |
| Priority date | Jun 16, 2015 |
| Publication date | Dec 22, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Implementations generally relate to providing secure networks. In some implementations, a method includes determining one or more nodes in a network system with at least one port that is enabled for security enabled services. The method also includes provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key. The method also includes associating each connectivity association with a virtual service network (VSN). The method also includes mutually authenticating nodes on each VSN based on each respective connectivity association key.
First claim
Opening claim text (preview).
What is claimed is: 1 . A computer-implemented method comprising: determining one or more nodes in a network system with at least one port that is enabled for security enabled services; provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key; associating each connectivity association with a virtual service network (VSN); and mutually authenticating nodes on each VSN based on each respective connectivity association key. 2 . The method of claim 1 , wherein the one or more ports are Ethernet ports. 3 . The method of claim 1 , further comprising enabling multiple encryption keys to be derived from the connectivity association key. 4 . The method of claim 1 , further comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV). 5 . The method of claim 1 , further comprising scrambling the connectivity association key. 6 . The method of claim 1 , further comprising advertising media access control security (MACsec) capabilities for the node. 7 . The method of claim 1 , further comprising building VSN trees based on mutual authentication. 8 . A non-transitory computer-readable storage medium carrying program instructions thereon, the instructions when executed by one or more processors cause the one or more processors to perform operations comprising: determining one or more nodes in a network system with at least one port that is enabled for security enabled services; provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key; associating each connectivity association with a virtual service network (VSN); and mutually authenticating nodes on each VSN based on each respective connectivity association key. 9 . The computer-readable storage medium of claim 8 , wherein the one or more ports are Ethernet ports. 10 . The computer-readable storage medium of claim 8 , wherein the instructions further cause the one or more processors to perform operations comprising enabling multiple encryption keys to be derived from the connectivity association key. 11 . The computer-readable storage medium of claim 8 , wherein the instructions further cause the one or more processors to perform operations comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV). 12 . The computer-readable storage medium of claim 8 , wherein the instructions further cause the one or more processors to perform operations comprising scrambling the connectivity association key. 13 . The computer-readable storage medium of claim 8 , wherein the instructions further cause the one or more processors to perform operations comprising advertising media access control security (MACsec) capabilities for the node. 14 . The computer-readable storage medium of claim 8 , wherein the instructions further cause the one or more processors to perform operations comprising building VSN trees based on mutual authentication. 15 . A system comprising: one or more processors; and logic encoded in one or more tangible media for execution by the one or more processors and when executed operable to perform operations comprising: determining one or more nodes in a network system with at least one port that is enabled for security enabled services; provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key; associating each connectivity association with a virtual service network (VSN); and mutually authenticating nodes on each VSN based on each respective connectivity association key. 16 . The system of claim 15 , wherein the one or more ports are Ethernet ports. 17 . The system of claim 15 , wherein the logic when executed is further operable to perform operations comprising enabling multiple encryption keys to be derived from the connectivity association key. 18 . The system of claim 15 , wherein the logic when executed is further operable to perform operations comprising generating an intermediate system to intermediate system (ISIS) type-length-value (TLV). 19 . The system of claim 15 , wherein the logic when executed is further operable to perform operations comprising scrambling the connectivity association key. 20 . The system of claim 15 , wherein the logic when executed is further operable to perform operations comprising advertising media access control security (MACsec) capabilities for the node.
Assignees
Inventors
Classifications
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
- H04L63/0869Primary
for achieving mutual authentication (cryptographic mechanisms or cryptographic arrangements for mutual authentication H04L9/3273) · CPC title
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016373441A1 cover?
- Implementations generally relate to providing secure networks. In some implementations, a method includes determining one or more nodes in a network system with at least one port that is enabled for security enabled services. The method also includes provisioning a connectivity association for each node, wherein each connectivity association is provisioned with a connectivity association key. T…
- Who is the assignee on this patent?
- Avaya Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0869. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Dec 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).