Method and apparatus for providing network security using role-based access control
First Claim
Patent Images
1. A network device comprising:
- an access control list, wherein said access control list comprises an access control list entry, and said access control list entry comprises a user group field.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.
136 Citations
117 Claims
-
1. A network device comprising:
an access control list, wherein said access control list comprises an access control list entry, and said access control list entry comprises a user group field. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A network device comprising:
a forwarding table, wherein said forwarding table comprises a plurality of forwarding table entries, and at least one forwarding table entry of said forwarding table entries comprises a user group field. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A method comprising:
comparing a user group of a packet with a user group of a destination of said packet. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
33. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to compare a user group of a packet with a user group of a destination of said packet; and
computer readable media, wherein said computer program product is encoded in said computer readable media. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. An apparatus comprising:
means for comparing a user group of a packet with a user group of a destination of said packet. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
55. A method comprising:
populating an access control list with a destination user group identifier, wherein said destination user group identifier identifies a destination user group of a destination. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64)
-
65. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to populate an access control list with a destination user group identifier, wherein said destination user group identifier identifies a destination user group of a destination; and
computer readable media, wherein said computer program product is encoded in said computer readable media. - View Dependent Claims (66, 67, 68, 69)
-
-
70. An apparatus comprising:
-
means for populating an access control list with a destination user group identifier, wherein said destination user group identifier identifies a destination user group of a destination. - View Dependent Claims (71, 72, 73, 74)
-
-
75. A method comprising:
populating a forwarding table with a user group identifier. - View Dependent Claims (76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86)
-
87. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to populate a forwarding table with a user group identifier, wherein said user group identifier is a source user group identifier, and so identifies a source user group; and
computer readable media, wherein said computer program product is encoded in said computer readable media. - View Dependent Claims (88, 89, 90, 91, 92)
-
-
93. An apparatus comprising:
means for populating a forwarding table with a user group identifier, wherein said user group identifier is a source user group identifier, and so identifies a source user group. - View Dependent Claims (94, 95, 96, 97, 98)
-
99. A method comprising:
-
indexing a row of a permissions matrix with a first user group; and
indexing a column of said permissions matrix with a second user group. - View Dependent Claims (100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110)
-
-
111. A network comprising:
a first network device, wherein said first network device is configured to generate a packet, and said packet comprises a source user group identifier. - View Dependent Claims (112, 113, 114, 115, 116, 117)
Specification