System, apparatuses, methods, and computer-readable media using identification data in packet communications
First Claim
1. A method comprising:
- including data based on at least one of a user identifier and a source identifier in a header of a packet.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer-readable data storage media for authentication and/or access authorization in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources, authorized user, and/or source information are stored in a database at a network portal along with access policy rules that can be device and/or user dependent. A source node can construct a packet header including a user identifier indicating the user originating the request, and/or a source identifier indicating the hardware from which the request is originated. At least one of these identifiers are included with a synchronization packet for transmission to a destination node. An appliance or firewall in the communications network receives, authenticates, and determines whether resource access is authorized before releasing the packet to its intended destination.
-
Citations
222 Claims
-
1. A method comprising:
including data based on at least one of a user identifier and a source identifier in a header of a packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
21. A method comprising:
-
transforming a user identifier;
appending a first key index to the user identifier; and
including the transformed user identifier and appended first key index in a first field of a header of a packet. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
-
41. A method comprising:
-
generating a packet with a header having a transformed user identifier, a first key index, a transformed session identifier, and a second key index;
creating a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypting the session identifier using the first key identified by the first key index; and
generating a hash based on the session identifier; and
storing at least part of the hash. - View Dependent Claims (42, 43, 44, 45)
-
-
46. A method comprising:
extracting data based on at least one of a user identifier and a source identifier from a header of a packet. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55)
-
56. A method comprising:
-
receiving a packet having a transformed user identifier, first key index, transformed source identifier, and second key index;
extracting a transformed user identifier, first key index, transformed source identifier, and second key index from a packet;
creating a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypting the session identifier using the first key identified by the first key index; and
generating a hash based on the session identifier. - View Dependent Claims (57, 58, 59, 60, 61)
-
-
62. A method comprising:
-
receiving a packet;
extracting a user identifier and source identifier from the packet;
checking authorization policy based on the user identifier and source identifier to determine whether the user and source are authorized to pass to a destination indicated by the packet;
releasing the packet if the checking indicates that the packet is permitted by the policy to pass to its destination; and
dropping the packet if the authorization policy indicates that the packet is not permitted to pass to its destination. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. A system comprising:
-
a first node generating a packet including data based on a user identifier and source identifier;
a second node receiving the packet and determining whether the packet is to be released to its destination based on an authorization policy defined for the user identifier and source identifier of the packet; and
a third node receiving and processing the packet if the second node releases the packet to the third node. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82)
-
-
83. An apparatus comprising:
a node for including data based on at least one of a user identifier and a source identifier in a header of a packet. - View Dependent Claims (84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 120, 121, 122)
-
103. An apparatus comprising:
a node for transforming a user identifier, appending a first key index to the user identifier, and including the transformed user identifier and appended first key index in a first field of a header of a packet. - View Dependent Claims (104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119)
-
123. An apparatus comprising:
a node for generating a packet with a header having a transformed user identifier, a first key index, a transformed session identifier, and a second key index;
creating a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypting the session identifier using the first key identified by the first key index;
generating a hash based on the session identifier; and
storing at least part of the hash.- View Dependent Claims (124, 125, 126, 127)
-
128. An apparatus comprising:
a node for extracting data based on at least one of a user identifier and a source identifier from a header of a packet. - View Dependent Claims (129, 130, 131, 132, 133, 134, 135, 136, 137)
-
138. An apparatus comprising:
a node for receiving a packet having a transformed user identifier, first key index, transformed source identifier, and second key index;
extracting a transformed user identifier, first key index, transformed source identifier, and second key index from a packet;
creating a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypting the session identifier using the first key identified by the first key index; and
generating a hash based on the session identifier.- View Dependent Claims (139, 140, 141, 142, 143)
-
144. An apparatus comprising:
a node for receiving a packet;
extracting a user identifier and source identifier from the packet;
checking authorization policy based on the user identifier and source identifier to determine whether the user and source are authorized to pass to a destination indicated by the packet;
releasing the packet if the checking indicates that the packet is permitted by the policy to pass to its destination; and
dropping the packet if the authorization policy indicates that the packet is not permitted to pass to its destination.- View Dependent Claims (145, 146, 147, 148, 149, 150, 151, 152)
- 153. A computer-readable medium having a computer program executable by a computing device to include data based on at least one of a user identifier and a source identifier in a header of a packet.
-
173. A computer-readable medium having a computer program for transforming a user identifier;
- appending a first key index to the user identifier; and
including the transformed user identifier and appended first key index in a first field of a header of a packet. - View Dependent Claims (174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192)
- appending a first key index to the user identifier; and
-
193. A computer-readable medium having a computer program executable by a computing device to generate a packet with a header having a transformed user identifier, a first key index, a transformed session identifier, and a second key index;
- create a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypt the session identifier using the first key identified by the first key index;
generate a hash based on the session identifier; and
store at least part of the hash. - View Dependent Claims (194, 195, 196, 197)
- create a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
- 198. A computer-readable medium having a computer program for extracting data based on at least one of a user identifier and a source identifier from a packet.
-
208. A computer-readable medium having a computer program executable by a computing device to receive a packet having a transformed user identifier, first key index, transformed source identifier, and second key index;
- extract a transformed user identifier, first key index, transformed source identifier, and second key index from a packet;
create a session identifier based on the transformed user identifier, the first key index, the transformed session identifier, and the second key index;
encrypt the session identifier using the first key identified by the first key index; and
generate a hash based on the session identifier. - View Dependent Claims (209, 210, 211, 212, 213)
- extract a transformed user identifier, first key index, transformed source identifier, and second key index from a packet;
-
214. A computer-readable medium having a computer program executable by a node to receive a packet;
- extract a user identifier and source identifier from the packet;
check authorization policy based on the user identifier and source identifier to determine whether the user and source are authorized to pass to a destination indicated by the packet;
release the packet if the checking indicates that the packet is permitted by the policy to pass to its destination; and
drop the packet if the authorization policy indicates that the packet is not permitted to pass to its destination. - View Dependent Claims (215, 216, 217, 218, 219, 220, 221, 222)
- extract a user identifier and source identifier from the packet;
Specification