What technology area does this patent fall under?

Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Jul 20 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Software-defined network threat control

US2017208090A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2017208090-A1
Application number	US-201715480059-A
Country	US
Kind code	A1
Filing date	Apr 5, 2017
Priority date	Oct 1, 2015
Publication date	Jul 20, 2017
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A Software-Defined Network (SDN) data-plane machine stores flow data and a hardware-trust key. The SDN data-plane machine receives and processes a hardware-trust challenge based on the hardware-trust key to generate and transfer a hardware-trust response. The SDN data-plane machine receives and routes user data based on the flow data. The SDN data-plane machine receives modification data from an SDN controller. The SDN data-plane machine validates hardware-trust of the SDN controller and modifies the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. The SDN data-plane machine receives and routes additional user data responsive to the modified flow data.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method of operating a Software-Defined Network (SDN) data-plane machine that stores flow data and a physically-embedded, read-only, hardware-trust key, the method comprising: a southbound transceiver receiving hardware-trust challenge data transferred by a hardware-trust controller; a data processing system processing the hardware-trust challenge data based on the physically-embedded, read-only, hardware-trust key to generate hardware-trust response data; the southbound transceiver transferring the hardware-trust response data for delivery to the hardware-trust controller; a user data transceiver receiving user data; the data processing system directing the user data transceiver to route the user data based on the flow data; the user data transceiver routing the user data responsive to the direction from the data processing system; the southbound transceiver receiving modification data from an SDN controller; and the data processing system validating hardware-trust of the SDN controller and modifying the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. 2 . The method of claim 1 further comprising: the user data transceiver receiving additional user data; the data processing system directing the user data transceiver to route the additional user data based on the modified flow data; and the user data transceiver routing the additional user data responsive to the direction from the data processing system. 3 . The method of claim 1 wherein: the modification data includes a hardware-trust digital certificate for the SDN controller; and the data processing system validating the hardware-trust of the SDN controller comprises the data processing system validating the hardware-trust digital certificate for the SDN controller. 4 . The method of claim 1 further comprising: the southbound transceiver receiving other modification data from another SDN controller; and the data processing system failing to validate hardware-trust of the other SDN controller and blocking a modification to the flow data based on the other modification data responsive to the hardware-trust failure of the other SDN controller. 5 . The method of claim 4 wherein the data processing system failing to validate the hardware-trust of the other SDN controller comprises the data processing system failing to validate a hardware-trust digital certificate for the other SDN controller included in the other modification data. 6 . The method of claim 1 further comprising: the southbound transceiver receiving other modification data from another SDN controller; the data processing system failing to validate hardware-trust of the other SDN controller and generating hardware-trust failure data for the other SDN controller responsive to the hardware-trust failure of the other SDN controller; and the southbound transceiver transferring the hardware-trust failure data for the other SDN controller for delivery to the hardware-trust controller. 7 . The method of claim 1 further comprising: the southbound transceiver receiving hardware-trust failure data for another SDN data-plane machine transferred by the hardware-trust controller; the user data transceiver receiving additional user data from the other SDN data-plane machine; and the data processing system directing the user data transceiver to isolate the additional user data based on the hardware-trust failure data for another SDN data-plane machine. 8 . The method of claim 1 further comprising: the southbound transceiver receiving hardware-trust failure data for an SDN controller transferred by the hardware-trust controller; the southbound transceiver receiving SDN signaling from the other SDN controller; and the data processing system directing the southbound data transceiver to isolate the SDN signaling based on the hardware-trust failure data for the other SDN controller. 9 . The method of claim 1 wherein the flow data comprises an SDN Flow Description Table (FDT). 10 . The method of claim 1 wherein the user data transceiver receiving the user data comprises the user data transceiver wirelessly receiving the user data. 11 . A Software-Defined Network (SDN) data-plane machine that stores flow data and a physically-embedded, read-only, hardware-trust key, the SDN data-plane machine comprising: a southbound transceiver configured to receive hardware-trust challenge data transferred by a hardware-trust controller; a data processing system configured to process the hardware-trust challenge data based on the physically-embedded, read-only, hardware-trust key to generate hardware-trust response data; the southbound transceiver configured to transfer the hardware-trust response data for delivery to the hardware-trust controller; a user data transceiver configured to receive user data; the data processing system configured to direct the user data transceiver to route the user data based on the flow data; the user data transceiver configured to route the user data responsive to the direction from the data processing system; the southbound transceiver configured to receive modification data from an SDN controller; and the data processing system configured to validate hardware-trust of the SDN controller and to modify the flow data based on the modification data responsive to the hardware-trust validation of the SDN controller. 12 . The SDN data-plane machine of claim 11 further comprising: the user data transceiver configured to receive additional user data; the data processing system configured to direct the user data transceiver to route the additional user data based on the modified flow data; and the user data transceiver configured to route the additional user data responsive to the additional direction from the data processing system. 13 . The SDN data-plane machine of claim 11 wherein: the modification data includes a hardware-trust digital certificate for the SDN controller; and the data processing system is configured to validate the hardware-trust digital certificate for the SDN controller to validate the hardware-trust of the SDN controller. 14 . The SDN data-plane machine of claim 11 further comprising: the southbound transceiver is configured to receive other modification data from another SDN controller; and the data processing system is configured to fail hardware-trust of the other SDN controller and to block a modification to the flow data based on the other modification data responsive to the hardware-trust failure of the other SDN controller. 15 . The SDN data-plane machine of claim 14 wherein the data processing system is configured to fail the hardware-trust of the other SDN controller by failing to validate a hardware-trust digital certificate for the other SDN controller included in the other modification data. 16 . The SDN data-plane machine of claim 11 further comprising: the southbound transceiver is configured to receive other modification data from another SDN controller; the data processing system is configured to fail hardware-trust of the other SDN controller and to generate hardware-trust failure data for the other SDN controller responsive to the hardware-trust failure of the other SDN controller; and the southbound transceiver is configured to transfer the hardware-trust failure data for the other SDN controller for delivery to the hardware-trust controller. 17 . The SDN data-plane machine of claim 11 further comprising: the southbound transceiver is confi

Assignees

Sprint Communications Co Lp

Inventors

Classifications

H04L63/1441Primary
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
H04L63/166
at the transport layer · CPC title
H04L41/0246
Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols · CPC title
H04L9/3234
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
G06F21/604
Tools and structures for managing or administering access control systems · CPC title

Patent family

Related publications grouped by family.

View patent family 57184780

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2017208090A1 cover?: A Software-Defined Network (SDN) data-plane machine stores flow data and a hardware-trust key. The SDN data-plane machine receives and processes a hardware-trust challenge based on the hardware-trust key to generate and transfer a hardware-trust response. The SDN data-plane machine receives and routes user data based on the flow data. The SDN data-plane machine receives modification data from a…
Who is the assignee on this patent?: Sprint Communications Co Lp
What technology area does this patent fall under?: Primary CPC classification H04L63/1441. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Jul 20 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).