System and method for authenticating identity of discovered component in an infiniband (IB) network

摘要

A system and method can verify trustfulness of a fabric component in an InfiniBand (IB) fabric. A subnet manager that is responsible for authenticating the fabric component using private/public key pairs. The subnet manager can first send a first encrypted message to a fabric component in the IB fabric, wherein the first encrypted message contains a token and is encrypted using a public key associated with the fabric component. Then, the fabric component is allowed to decode the first encrypted message using a private key associated with the fabric component, and to send a second encrypted message back to the subnet manager. Finally, the subnet manager can authenticate the fabric component if the second encrypted message contains correct information.

主权项

1. A method for verifying trustfulness of a fabric component in an InfiniBand (IB) fabric, comprising:
discovering, via a subnet manager executing on one or more microprocessors, a fabric component of a plurality of fabric components on a node in an IB fabric, wherein each of the plurality of fabric components is associated with a public key stored in a central repository connected to the subnet manager; retrieving, based on an identity of the fabric component, a public key associated with the fabric component from the central repository to the subnet manager, wherein the public key is distributed to the central repository when the fabric component is released, installed or deployed, and wherein the identity of the fabric component includes version information for the fabric component; sending a first encrypted message from the subnet manager to the fabric component, wherein the first encrypted message contains a first token and is encrypted using the public key associated with the fabric component, and wherein the fabric component decodes the first encrypted message using a private key associated with the fabric component; receiving from the fabric component to the subnet manager a second encrypted message that contains a second token; decoding the second encrypted message using a private key associated with the subnet manager to retrieve the second token; and authenticating, via the subnet manager, the fabric component if the second token is the same as the first token or is recognized by the subnet manager.