公开(公告)号：IL294779B1

公开(公告)日：2024-12-01

申请号：IL29477922

申请日：2022-07-14

Applicant: IBM ,  MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

Inventor： MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

IPC: H04L67/1097 ,  H04L67/141 ,  H04L67/146 ,  H04L69/28

Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.

公开(公告)号：IL294779B2

公开(公告)日：2025-04-01

申请号：IL29477922

申请日：2022-07-14

Applicant: IBM ,  MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

Inventor： MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

IPC: H04L67/1097 ,  H04L67/141 ,  H04L67/146 ,  H04L69/28

Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.

公开(公告)号：GB2603350B

公开(公告)日：2023-01-11

申请号：GB202204060

申请日：2020-09-02

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  CHRISTOPHER COLONNA ,  MOOHENG ZEE ,  JOHN FLANAGAN

IPC: G06F21/60 ,  G06F21/44

Abstract: A host port is enabled for security. The host port performs Input/Output (I/O) in plaintext on a path between the host port and a storage port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the host port and the storage port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the host port enables encryption of data for I/O on the path.

公开(公告)号：GB2602234A

公开(公告)日：2022-06-22

申请号：GB202204052

申请日：2020-09-02

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  MOOHENG ZEE ,  CHRISTOPHER COLONNA ,  JOHN FLANAGAN

IPC: G06F21/62 ,  G06F21/78

Abstract: A storage port is enabled for security. The storage port performs Input/Output (I/O) in plaintext on a path between the storage port and a host port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the storage port and the host port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the storage port enables encryption of data for I/O on the path.

公开(公告)号：GB2602234B

公开(公告)日：2022-10-12

申请号：GB202204052

申请日：2020-09-02

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  MOOHENG ZEE ,  CHRISTOPHER COLONNA ,  JOHN FLANAGAN

IPC: G06F21/62 ,  G06F21/78

Abstract: A storage port is enabled for security. The storage port performs Input/Output (I/O) in plaintext on a path between the storage port and a host port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the storage port and the host port cannot be completed successfully. Concurrently with performing of I/O in plaintext on the path, the storage port enables encryption of data for I/O on the path.

公开(公告)号：GB2603666A

公开(公告)日：2022-08-10

申请号：GB202204407

申请日：2020-09-08

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  CHRISTOPHER COLONNA ,  MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  MIKEL WILLIAM WELSH ,  JOHN FLANAGAN

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/40 ,  H04W12/041 ,  H04W12/50

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response. The initiator activates the security association to use the key to secure communication between the responder and initiator in response to receiving the authentication done message.

公开(公告)号：IL294779A

公开(公告)日：2022-09-01

申请号：IL29477922

申请日：2022-07-14

Applicant: IBM ,  MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

Inventor： MOOHENG ZEE ,  RICHARD MARK SCZEPCZENSKI ,  JOHN R FLANAGAN ,  CHRISTOPHER J COLONNA

IPC: H04L67/1097 ,  H04L67/141 ,  H04L67/146 ,  H04L69/28

Abstract: Aspects of the invention include channel key loading of a host bus adapter (HBA) based on a secure key exchange (SKE) authentication response by a responder node of a computing environment. A non-limiting example computer-implemented method includes receiving an authentication response message at an initiator channel on an initiator node from a responder channel on a responder node to establish a secure communication, the receiving at a local key manager (LKM) executing on the initiator node. A state check can be performed based on a security association of the initiator node and the responder node. An identifier of a selected encryption algorithm can be extracted from the authentication response message. The initiator channel can request to communicate with the responder channel based at least in part on a successful state check and the selected encryption algorithm.

公开(公告)号：GB2603667A

公开(公告)日：2022-08-10

申请号：GB202204448

申请日：2020-09-08

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  CHRISTOPHER COLONNA ,  MOOHENG ZEE ,  MIKEL WILLIAM WELSH ,  RICHARD MARK SCZEPCZENSKI ,  JOHN FLANAGAN

IPC: H04L9/08

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The responder receives, from the initiator, a security association initialization message to establish a security association with the responder including key material used to generate a key for the security association. The responder receives an authentication message from the initiator to program the responder to establish authentication between the responder and the initiator after establishing the security association. The responder sends an authentication message response to the initiator to establish authentication with the responder in response to the authentication message. The responder sends an authentication done message to the initiator after sending the authentication message response to cause the initiator to activate using the security association and the key to encrypt and decrypt communication between the responder and initiator.

公开(公告)号：GB2603350A

公开(公告)日：2022-08-03

申请号：GB202204060

申请日：2020-09-02

Applicant: IBM

Inventor： ROGER HATHORN ,  PATRICIA DRIEVER ,  CHRISTOPHER COLONNA ,  MOOHENG ZEE ,  JOHN FLANAGAN

IPC: G06F21/60 ,  G06F21/44

Abstract: A host port is enabled for security. The host port performs Input/Output (I/O) in plaintext on a path between the host port and a storage port, in response to determining that an audit mode indicator has been enabled to allow I/O even if authentication or security association negotiation between the host port and the storage port cannot be completed successfully. Concurrently with performing of I/0 in plaintext on the path, the host port enables encryption of data for I/O on the path.