US 12,149,873 B2
Secure autonomic optical transport networks
Abhinava Sadasivarao, Milpitas, CA (US); Sanjoy Bardhan, Annapolis Junction, MD (US); Sharfuddin Syed, San Jose, CA (US); Biao Lu, Saratoga, CA (US); Loukas Paraschis, Menlo Park, CA (US); and Hao Su, San Jose, CA (US)
Assigned to Infinera Corporation, San Jose, CA (US)
Filed by Infinera Corp., Annapolis Junction, MD (US)
Filed on Dec. 18, 2020, as Appl. No. 17/127,248.
Claims priority of provisional application 62/977,543, filed on Feb. 17, 2020.
Prior Publication US 2021/0258665 A1, Aug. 19, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/00 (2022.01); H04L 9/32 (2006.01); H04Q 11/00 (2006.01)
CPC H04Q 11/0067 (2013.01) [H04L 9/006 (2013.01); H04L 9/3263 (2013.01); H04Q 2011/0088 (2013.01); H04Q 2213/13339 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A method of adding a network element in an optical network, comprising:
connecting a new network element to an optical network having an autonomic domain comprising a proxy network element and a registrar, the new network element, the registrar, and the proxy network element each having an instance of an autonomic control plane and having a secure module, the secure module on the proxy network element storing a first identifier certificate and the secure module on the new network element storing a second identifier certificate;
verifying, with the autonomic control plane on the new network element, the first identifier certificate from a first verification signal from the proxy network element;
verifying, with the autonomic control plane on the proxy network element, the second identifier certificate from a second verification signal from the new network element;
verifying, with the autonomic control plane on the registrar, the second identifier certificate from a third verification signal from the proxy network element;
sending, with the autonomic control plane on the registrar, upon verification of the second identifier certificate, a parameters signal to the proxy network element, the parameters signal containing domain specific parameters;
forwarding, with the autonomic control plane on the proxy network element, the parameters signal to the new network element;
generating, with the autonomic control plane on the new network element, a local certificate derived from the secure module of the new network element and sending a certificate signal to the proxy network element, the certificate signal containing the local certificate;
forwarding, with the autonomic control plane on the proxy network element, the certificate signal to the registrar;
enrolling, with the autonomic control plane on the registrar, the new network element in the autonomic domain; and
signing, with the autonomic control plane on the registrar, the local certificate, and sending a registration signal to the new network element, the registration signal containing the signed local certificate.