| Methods and apparatus for confidentiality protection for fibre channel common transport -> Monitor Keywords |
|
|
  Methods and apparatus for confidentiality protection for fibre channel common transportUSPTO Application #: 20080095367Title: Methods and apparatus for confidentiality protection for fibre channel common transport Abstract: Methods and apparatus are provided for improving message-based security in a Fibre Channel network. More specifically, the present invention relates to methods and apparatus for providing confidentiality for Fibre Channel control messages encapsulated within Common Transport Information Units. Control messages transported with the Fibre Channel Common Transport protocol, and passed between Fibre Channel network entities, can be encrypted providing confidentiality combined with data origin authentication, integrity and anti-replay protection provided by existing Fibre Channel security mechanisms. (end of abstract) Agent: Beyer Weaver LLP - Oakland, CA, US Inventors: Fabio R. Maino, Claudio DeSanti USPTO Applicaton #: 20080095367 - Class: 380256000 (USPTO) Related Patent Categories: Cryptography, Communication System Using Cryptography, Fiber Optic Network The Patent Description & Claims data below is from USPTO Patent Application 20080095367. Brief Patent Description - Full Patent Description - Patent Application Claims
CROSS-REFERENCE TO RELATED APPLICATION [0001] This application is a Continuation of application Ser. No. 10/805,111, filed Mar. 19, 2004, entitled Methods And Apparatus for Confidentiality Protection for Fibre Channel Common Transport and is related to U.S. patent application Ser. No. 10/034,367, entitled "Methods and Apparatus for Security over Fibre Channel," which is hereby incorporated by reference in its entirety for all purposes. BACKGROUND OF THE INVENTION [0002] 1. Field of the Invention [0003] The present invention relates to Fibre Channel security. More specifically, the present invention relates to methods and apparatus for providing confidentiality for Fibre Channel control messages encapsulated within Common Transport Information Units. [0004] 2. Description of Related Art [0005] Very limited security exists in Fibre Channel networks. One form of security for Fibre Channel networks is physical security. All Fibre Channel network entities, such as switches, disks, tape libraries, disk arrays, and servers can be located in a secure and trusted environment. Access can be limited and strict controls can be maintained over the Fibre Channel fabric. However, it is not always feasible to locate every Fibre Channel network entity in a secured environment. [0006] Some security schemes have focused more on secure links. When a new Fibre Channel network entity is introduced into a Fibre Channel fabric, directly neighboring nodes check the newly introduced entity to determine whether or not the newly introduced node is authorized to connect to the fabric. However, the checks are made only once by some directly neighboring nodes. Other more distant nodes are unable to perform any checking. Furthermore, once the link is established, no further security is provided. The fabric is deemed trusted even though the Fibre Channel fabric is still vulnerable to certain attacks such as spoofing, hijacking, or impersonation. [0007] It is therefore desirable to provide methods and apparatus for improving security in a Fibre Channel network and in particular for improving authentication, confidentiality, message integrity protection, and anti-replay protection in a Fibre Channel fabric with respect to some or all of the limitations noted above. [0008] The Fibre Channel Generic Services 3 ("FC-GS-3") Standard (formerly ANSI NCITS 348-2001) defines CT_Authentication, a security transform for Fibre Channel Common Transport Information Units, that may be used to provide anti-replay and integrity protection to control traffic. However, no provision is currently made to provide confidentiality to control traffic, even though such confidentiality would be highly desirable. Without confidentiality, Common Transport may not be used to transport sensitive data such as passwords or secrets that are a very valuable subset of control information. SUMMARY OF THE INVENTION [0009] Methods and apparatus are provided for improving confidentiality of control traffic in a Fibre Channel network. Messages passed between Fibre Channel network entities can be encrypted using information provided during the authentication sequence. This methods and apparatus can be combined with already existing authentication services for Fibre Channel Common Transport providing a complete set of security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection. [0010] According to various embodiments, a method for processing Common Transport Information Units in a Fibre Channel network having a first network entity and a second network entity is provided. A CT_IU is received at a first network entity from the second network entity in a Fibre Channel network. A security control indicator in the CT_IU from the second network entity is identified. A security association identifier associated with the Common Transport Information Unit and corresponding to an entry in a security database is determined. A portion of the CT_IU is decrypted by using algorithm information contained in the entry in the security database. [0011] In still other embodiments, a method for transmitting encrypted Common Transport Information Unit in a Fibre Channel network having a first network entity and a second network entity is provided. A CT_IU having a source corresponding to the first network entity and a destination corresponding to the second network entity is identified. It is determined if the CT_IU corresponds to the selectors of an entry in a security database. A portion of the CT_IU is encrypted using key and algorithm information associated with the entry in the security database. The Common Transport Information Unit is transmitted to the second network entity. [0012] These and other features and advantages of the present invention will be presented in more detail in the following specification of the invention and the accompanying figures, which illustrate by way of example the principles of the invention. BRIEF DESCRIPTION OF THE DRAWINGS [0013] The invention may best be understood by reference to the following description taken in conjunction with the accompanying drawings, which are illustrative of specific embodiments of the present invention. [0014] FIG. 1 is a diagrammatic representation of a network that can use the techniques of the present invention. [0015] FIG. 2 is a diagrammatic representation of a security database. [0016] FIG. 3 is a diagrammatic representation of a secured Common Transport Information Unit transmitted over Fibre Channel. [0017] FIG. 4 is a process flow diagram showing the generation of a secured Common Transport Information Unit. [0018] FIG. 5 is a process flow diagram showing the receipt and processing of a secured Common Transport Information Unit. [0019] FIG. 6 is a network device that may be configured to implement some aspects of the present invention. [0020] The present invention relates to security in a Fibre Channel fabric. More specifically, the present invention relates to methods and apparatus for providing confidentiality for Fibre Channel control messages encapsulated within Common Transport Information Units. Continue reading... Full patent description for Methods and apparatus for confidentiality protection for fibre channel common transport Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Methods and apparatus for confidentiality protection for fibre channel common transport patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Methods and apparatus for confidentiality protection for fibre channel common transport or other areas of interest. ### Previous Patent Application: Digital video receiver, ecm extract equipment, emm extract equipment, scramble key extract equipment, cci extract equipment, digital video receiving system, ecm extract method, emm extract method, scramble key extract method, cci extract method, digital v Next Patent Application: Symmetric key generation apparatus and symmetric key generation method Industry Class: Cryptography ### FreshPatents.com Support Thank you for viewing the Methods and apparatus for confidentiality protection for fibre channel common transport patent info. IP-related news and info Results in 1.36296 seconds Other interesting Feshpatents.com categories: Tyco , Unilever , Warner-lambert , 3m |
||
