| 发明名称 |
SOFTWARE-DEFINED NETWORK THREAT CONTROL |
| 摘要 |
In Software-Defined Network (SDN), a trust controller and trust processor exchange hardware-trust data over an SDN southbound interface to maintain hardware-trust. A flow controller transfers a Flow Description Table (FDT) modification to the data-plane machine over the southbound interface. The flow controller transfers an FDT modification notice to the trust controller which transfers FDT security data over the southbound interface to authorize the FDT change in the SDN data-plane machine. The data-plane machine authorizes the FDT modification based on the FDT security data from the trust controller. The data-plane machine modifies the FDT in response to the successful authorization and processes user data traffic using the modified FDT. The trust controller may also transfer a Threat Description Table (TDT) to the data-plane machine to filter the user traffic for other threats. |
| 申请公布号 |
US2017099284(A1) |
申请公布日期 |
2017.04.06 |
| 申请号 |
US201514872578 |
申请日期 |
2015.10.01 |
| 申请人 |
Sprint Communications Company L.P. |
发明人 |
Balmakhtar Marouane;Rajagopal Arun |
| 分类号 |
H04L29/06;H04L12/24 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of operating a Software-Defined Network (SDN) data communication system to support hardware-trust and process user data traffic, the method comprising:
in an SDN control system, a trust controller transferring hardware-trust data to a trust processor in an SDN data-plane machine over an SDN southbound interface to maintain hardware-trust with the SDN data-plane machine; in the SDN data-plane machine, the trust processor transferring additional hardware-trust data to the trust controller over the SDN southbound interface to maintain the hardware trust with the SDN control system; in the SDN control system, a flow controller transferring a Flow Description Table (FDT) modification to a flow processor in the SDN data-plane machine over the SDN southbound interface and transferring an FDT modification notice to the trust controller; in the SDN control system, the trust controller transferring FDT security data to the trust processor over the SDN southbound interface to authorize an FDT change responsive to the FDT modification notice; the trust processor transferring FDT authorization data to the flow processor responsive to the FDT security data from the trust controller; and in the SDN data-plane machine, the flow processor authorizing the FDT modification based on the FDT authorization data from the trust processor, modifying an FDT based on the FDT modification and in response to the successful FDT authorization, and processing the user data traffic using the modified FDT. |
| 地址 |
Overland Park KS US |
