US 12,244,576 B2
Methods to strengthen cyber-security and privacy in a deterministic internet of things
Ted H. Szymanski, Toronto (CA)
Filed by Ted H. Szymanski, Toronto (CA)
Filed on Sep. 1, 2023, as Appl. No. 18/241,650.
Application 18/241,650 is a continuation of application No. 17/234,627, filed on Apr. 19, 2021, granted, now 11,784,984.
Application 17/234,627 is a continuation of application No. 16/075,402, granted, now 11,019,038, issued on May 25, 2021, previously published as PCT/CA2017/050129, filed on Feb. 3, 2017.
Claims priority of provisional application 62/290,712, filed on Feb. 3, 2016.
Prior Publication US 2024/0244038 A1, Jul. 18, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 9/08 (2006.01); H04L 9/14 (2006.01); H04L 45/64 (2022.01); H04L 47/2483 (2022.01); H04L 47/52 (2022.01); H04L 47/62 (2022.01); H04L 49/00 (2022.01); H04L 49/101 (2022.01); H04L 49/253 (2022.01); H04L 67/12 (2022.01)
CPC H04L 63/0428 (2013.01) [H04L 9/0894 (2013.01); H04L 9/14 (2013.01); H04L 47/2483 (2013.01); H04L 47/528 (2013.01); H04L 47/621 (2013.01); H04L 49/101 (2013.01); H04L 49/254 (2013.01); H04L 49/30 (2013.01); H04L 63/1458 (2013.01); H04L 67/12 (2013.01); H04L 45/64 (2013.01); H04L 49/3027 (2013.01)] 33 Claims
OG exemplary drawing
 
1. A method for a network control-plane to control a plurality of “deterministic packet switches” (D-switches) to deliver “deterministic traffic flows” (D-flows) through a packet-switched network, wherein each D-flow is associated with a deterministic data-rate requirement given a periodic (repeating) scheduling-frame that includes F time-slots for a positive integer F, wherein each one of said plurality of D-switches includes:
N input ports, each including a data receiver for integer N,
M output ports, each including a data transmitter for integer M,
N×M queues, wherein queue (J,K) buffers data that arrives at input port (J) and that departs from output port (K), for integers J and K wherein 1<=J<=N and 1<=K<=M,
a first memory for storing a secret key,
a decryption unit, for decrypting encrypted data,
a second memory for storing a plurality of schedules,
a switch-controller operable to receive encrypted data from said network control-plane performing said method, and to decrypt said data using said decryption unit and said secret key, to yield a decrypted message from said network control-plane,
for one (or more) of said plurality of D-switches, said method comprising:
determining which of said D-flows (if any) will arrive at each one of said N input ports of said D-switch, and which of said D-flows (if any) will depart from each one of said M output ports of said D-switch,
determining a deterministic data-rate requirement for each input port (J), sufficient to satisfy the sum of the deterministic data-rate requirements of those D-flows which arrive at said input port (J),
determining a deterministic data-rate requirement for each queue (J,K), sufficient to satisfy the sum of the deterministic data-rate requirements of those D-flows which arrive at input port (J) and depart from output port (K);
determining a “periodic queue-schedule” (Q-schedule) associated with each queue (J,K), and also associated with input port (J), which identifies the time-slots within said periodic scheduling-frame with reservations to remove data from said queue (J,K) and forward said data to output port (K),
wherein the Q-schedules associated with input port (J) provide said input port (J) with a guaranteed number of reservations to forward data within said periodic scheduling-frame, sufficient to meet its deterministic data-rate requirement,
wherein said Q-schedule associated with queue (J,K) provides said queue (J,K) with a guaranteed number of reservations to forward data within said periodic scheduling-frame, sufficient to meet its deterministic data-rate requirement,
sending encrypted data to said D-switch, with a message instructing said switch-controller of said D-switch to store one (or more) of said Q-schedules in said second memory.