IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0208267
(2002-07-29)
|
등록번호 |
US-7287269
(2007-10-23)
|
발명자
/ 주소 |
- Burton,David Alan
- Chen,Chi Hsang
- Hubbard,Deven Muir
- Stewart,Alan Lee
|
출원인 / 주소 |
- International Buiness Machines Corporation
|
대리인 / 주소 |
|
인용정보 |
피인용 횟수 :
6 인용 특허 :
6 |
초록
▼
A system and method for authenticating a host on a network enables the host to update IP configuration and internal configuration of a storage controller connected to the network. The host has an algorithm to decrypt a security key supplied by the storage controller. The host broadcasts a discovery
A system and method for authenticating a host on a network enables the host to update IP configuration and internal configuration of a storage controller connected to the network. The host has an algorithm to decrypt a security key supplied by the storage controller. The host broadcasts a discovery command which includes an IP address of the host and a service requested by the host. The discovery command conforms to a proprietary discovery command protocol. In response to the discovery command, the host receives a response from a storage controller which is able to provide the requested service. The response includes a WWN, IP configuration and a security key of the storage controller, and conforms to the discovery command protocol. Next, the host decrypts the security key received from the storage controller using the decryption algorithm, and sends an updated IP configuration to the storage controller along with the security key for authentication. Next, the host exchanges other keys with the storage controller using IKE and IPSec. Afterwards, the host sends an updated internal configuration to the storage controller.
대표청구항
▼
The invention claimed is: 1. A method for authenticating a host on a network to enable the host to update an Internet protocol (IP) configuration of a storage controller coupled to the network, said host including an algorithm to decrypt a security key supplied by the storage controller, said metho
The invention claimed is: 1. A method for authenticating a host on a network to enable the host to update an Internet protocol (IP) configuration of a storage controller coupled to the network, said host including an algorithm to decrypt a security key supplied by the storage controller, said method comprising the steps of: said host broadcasting a discovery command, said discovery command including an IP address of said host and a service requested by said host, said discovery command conforming to a proprietary discovery command protocol, wherein said discovery command protocol is not publicly known and is configured to authenticate said host to said storage controller; said host receiving and understanding a response from said storage controller, said response conforming to said discovery command protocol, said storage controller able to provide the requested service, the response including a world wide name (WWN), IP configuration, and the security key of said storage controller; said host decrypting said key from the storage controller using said decryption algorithm such that said decryption algorithm is selected from a Triple Data Encryption Standard algorithm and a MARS algorithm and authenticates said host to said storage controller, and wherein the authentication of said host for the purpose of enabling the host to update an IP configuration of a storage controller is based on its broadcast of said discovery command with said discovery command protocol, its understanding of said response with said discovery command protocol and its use of said decryption algorithm; and said host determining if said storage controller's IP configuration is valid, and sending to said storage controller a valid IP configuration, an internal configuration comprising a redundant array of independent disks (RAID) level configuration, and the security key to authenticate said host in response to said storage controller's IP configuration being invalid. 2. A method as set forth in claim 1 wherein said security key is generated by said storage controller dynamically or entered by administrator of said storage controller. 3. A method for authenticating a host on a network to enable the host to update an IP configuration and internal configuration of a storage controller connected to the network, said host including an algorithm to decrypt a security key supplied by the storage controller, said method comprising the following steps in order: (a) said host broadcasting a discovery command, said discovery command including an IP address of said host and a service requested by said host, said discovery command conforming to a discovery command protocol, wherein said discovery command protocol is not publicly known and is configured to authenticate said host to said storage controller; (b) said host receiving and understanding a response from said storage controller, said response conforming to said discovery command protocol, said storage controller able to provide the requested service, the response including a WWN, IP configuration, and a security key of said storage controller; (c) said host decrypting said security key received from the storage controller using said decryption algorithm such that said decryption algorithm is selected from a Triple Data Encryption Standard algorithm and a MARS algorithm and authenticates said host to said storage controller; (d) said host sending an updated IP configuration to said storage controller; (e) said host exchanging other keys with said storage controller using Internet key exchange (IKE) and IP security (IPSec); and (f) said host sending an updated internal configuration comprising a RAID level configuration and the security key to authenticate said host to said storage controller. 4. A method as set forth in claim 3 wherein said host returns said security key to said storage controller before sending said updated IP configuration to said storage controller, said security key returned by said host authenticating said host to said storage controller. 5. A method as set forth in claim 3 wherein said discovery command protocol is proprietary, and the authentication of said host for the purpose of sending the updated IP configuration to said storage controller is also based on its broadcast of said discovery command with said proprietary discovery command protocol, its understanding of said response with said proprietary discovery command protocol and its use of said decryption algorithm. 6. A method as set forth in claim 3 wherein said storage controller did not have a valid IP configuration before step (d). 7. A method for a host to discover storage controllers on a network and update their IP configuration if invalid, said host including a decryption algorithm for a security key, said method comprising the following steps in order: (a) broadcasting a discovery command using a proprietary discovery command protocol, said discovery command including an IP address of said host and one or more services requested by said host, wherein said proprietary discovery command protocol is not publicly known and is configured to authenticate said host to said storage controller; (b) receiving responses from one or more storage controllers that understand said discovery command protocol and can provide the requested service(s), the response including a WWN, IP configuration and a security key of respective storage controller; (c) decrypting said security key received from the storage controller using said decryption algorithm such that said decryption algorithm is selected from a Triple Data Encryption Standard algorithm and a MARS algorithm and authenticates said host to said storage controller; (d) determining if said storage controller's IP configuration is valid; and (e) if said storage controller's IP configuration is invalid, sending to said storage controller a valid IP configuration, an internal configuration comprising a RAID level configuration, and said security key to authenticate said host. 8. A method as set forth in claim 7 wherein said security key is generated by said storage controller dynamically or entered by administrator of said storage controller. 9. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to: broadcast a discovery command using a proprietary discovery command protocol, said discovery command including an IP address of a host and a service requested by said host, wherein said proprietary discovery command protocol is not publicly known and is configured to authenticate said host to said storage controller; receive responses from a storage controller that understands said discovery command protocol and can provide the requested service, the response including a WWN, IP configuration, and security key of respective storage controller; decrypt said security key received from the storage controller using said decryption algorithm such that said decryption algorithm is selected from a Triple Data Encryption Standard algorithm and a MARS algorithm and authenticates said host to said storage controller; determine if said storage controller's IP configuration is valid; and send to said storage controller a valid IP configuration, an internal configuration comprising a RAID level configuration, and said security key to authenticate said valid IP configuration in response to said storage controller's IP configuration being invalid. 10. The computer program product as set forth in claim 9 wherein the requested service is configured as an iSCSI service. 11. The computer program product as set forth in claim 9 wherein the requested service is configured as a FTP service. 12. The computer program product as set forth in claim 9 wherein the requested service is configured as a Telnet service. 13. A system to authenticate a host on a network, the system comprising: said host configured to broadcast a discovery command using a proprietary discovery command protocol over said network, said discovery command including an IP address of said host and a service requested by said host, wherein said proprietary discovery command protocol is not publicly known and is configured to authenticate said host to a storage controller; said storage controller configured to receive and authenticate said discovery command, and in response to authenticating the discover command and being able to provide the requested server, communicate a response to said host, wherein said response conforms to said proprietary discovery command protocol and includes a WWN, IP configuration, and security key; a RAID configured to redundantly store data; said host further configured to decrypt said security key from said storage controller using a decryption algorithm selected from a Triple Data Encryption Standard algorithm and a MARS algorithm, and authenticates said host to said storage controller, determine if said storage controller's IP configuration is valid, and send to said storage controller a valid IP configuration, an internal configuration comprising a RAID level configuration, and said security key to authenticate said host in response to said storage controller's IP configuration being invalid. 14. The system as set forth in claim 13 wherein said host is further configured to exchange other keys with said storage controller using IKE and IPSec. 15. The system as set forth in claim 14 wherein said host employs a Main Mode IKE exchange. 16. The system as set forth in claim 14 wherein said host employs an Aggressive Mode IKE exchange.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.