What technology area does this patent fall under?

Primary CPC classification H04L9/30. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Dec 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Group Based Encryption in Enterprise Fabric Architectures

US2018367302A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2018367302-A1
Application number	US-201815968189-A
Country	US
Kind code	A1
Filing date	May 1, 2018
Priority date	Jun 19, 2017
Publication date	Dec 20, 2018
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers. The method includes sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key. The method includes receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier. The method further includes generating a shared secret based on the destination public key and the source private key.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method comprising: at a source node of a fabric network, wherein the fabric network is coupled to a plurality of hosts respectively associated with a plurality of group identifiers, generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers; sending, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key; receiving, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier; and generating a shared secret based on the destination public key and the source private key. 2 . The method of claim 1 , further comprising: receiving data from a source host associated with the source group identifier addressed to a destination host associated with the destination group identifier; encrypting the data using the shared secret; and sending the encrypted data to the destination node. 3 . The method of claim 1 , further comprising mapping the source group identifier to a source primary number and mapping the destination group identifier to a destination primary number, wherein the source public key is based on the source private key, the source primary number, and the destination primary number. 4 . The method of claim 3 , wherein the source public key is the destination primary number raised to the power of the source private key, modulo the source primary number. 5 . The method of claim 3 , wherein the shared secret is the destination public key raised to the power of the source private key, modulo the source primary number. 6 . The method of claim 1 , wherein further comprising, prior to generating the source public key, sending a preliminary map-request to a map-system to obtain the destination group identifier. 7 . The method of claim 2 , wherein further comprising sending a map-request to a map-system to obtain an identity of the destination node to which the destination host is coupled. 8 . The method of claim 1 , further comprising: at the source node, generating a second source public key based on a second source private key, a second source group identifier of the plurality of group identifiers, and a second destination group identifier of the plurality of group identifiers, wherein the second source group identifier is different than the source group identifier or the second destination group identifier is different than the destination group identifier: sending, from the source node to the destination node, the second source public key, wherein the second source public key is different than the source public key; receiving, at the source node from the destination node, a second destination public key based on a second destination private key, the second source group identifier, and the second destination group identifier; and generating a second shared secret based on the second destination public key and the second source private key, wherein the second shared secret is different than the shared secret. 9 . The method of claim 1 , further comprising: receiving, at the source node from the destination node, a reverse-path destination public key based on the destination private key, the source group identifier, and the destination group identifier, wherein the reverse-path destination public key is different than the destination public key; sending, from the source node to the destination node, a reverse-path source public key based on the source private key, the source group identifier, and the destination group identifier, wherein the reverse-path source public key is different than the source public key; and generating a reverse-path shared secret based on the reverse-path destination public key and the source private key. 10 . The method of claim 9 , wherein the reverse-path shared secret is determined using the same algorithm or formula as the shared secret, but with the source group identifier and the destination group identifier swapped. 11 . The method of claim 1 , wherein the source group identifier is associated with at least one of a scalable group, a Virtual Local Area Network (VLANs), a Virtual Routing and Forwarding (VRF), a Virtual Network Interfaces (VNI), or a Bridge Domain (BD). 12 . A source node of a fabric network, wherein the fabric network is coupled to a plurality of hosts respectively associated with a plurality of group identifiers, the source node comprising: a processor configured to generate a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers; and a network interface configured to: send, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key; and receive, at the source node from the destination node, a destination public key based on a destination private key, the source group identifier, and the destination group identifier, wherein the processor is further configure to generate a shared secret based on the destination public key and the source private key. 13 . The source node of claim 12 , wherein: the network interface is further configured to receive data from a source host associated with the source group identifier addressed to a destination host associated with the destination group identifier the processor is further configured to encrypt the data using the shared secret; and the network interface is further configured to send the encrypted data to the destination node. 14 . The source node of claim 12 , wherein the processor is further configured to map the source group identifier to a source primary number and map the destination group identifier to a destination primary number, wherein the source public key is based on the source private key, the source primary number, and the destination primary number. 15 . The source node of claim 14 , wherein the source public key is the destination primary number raised to the power of the source private key, modulo the source primary number. 16 . The source node of claim 14 , wherein the shared secret is the destination public key raised to the power of the source private key, modulo the source primary number. 17 . A non-transitory computer-readable medium at a source node of a fabric network, wherein the fabric network is coupled to a plurality of hosts respectively associated with a plurality of group identifiers, wherein the non-transitory computer-readable medium encodes instructions which, when executed by a processor of the source node, cause the source node to: generate a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality of group identifiers: send, from the source node coupled to at least one host associated with the source group identifier to a destination node coupled to at least one host associated with the destination group identifier, the source public key; receive, at the source node from the destination node, a destination public key based on a destination private key, the source grou

Assignees

Cisco Tech Inc

Inventors

Classifications

H04L9/30Primary
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
H04L9/0866Primary
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
H04L9/085
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
H04L9/0841
involving Diffie-Hellman or related key agreement protocols · CPC title

Patent family

Related publications grouped by family.

View patent family 64657664

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2018367302A1 cover?: In accordance with various implementations, a method is performed at a source node of a fabric network coupled to a plurality of hosts respectively associated with a plurality of group identifiers. The method includes generating a source public key based on a source private key, a source group identifier of the plurality of group identifiers, and a destination group identifier of the plurality …
Who is the assignee on this patent?: Cisco Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/30. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Dec 20 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).