Method and apparatus for providing network security using security labeling
First Claim
Patent Images
1. A method comprising:
- comparing first security level information and second security level information, wherein said first security level information is stored in a security label of a packet received at a network node, and said second security level information is stored at said network node; and
indicating processing to be performed on said packet based on said comparing.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for providing network security using security labeling is disclosed. The method includes comparing first security level information and second security level information, and indicating processing to be performed on the packet based on the comparing. The first security level information is stored in a security label of a packet received at a network node, while the second security level information is stored at the network node.
161 Citations
118 Claims
-
1. A method comprising:
-
comparing first security level information and second security level information, wherein said first security level information is stored in a security label of a packet received at a network node, and said second security level information is stored at said network node; and
indicating processing to be performed on said packet based on said comparing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer system comprising:
-
a processor;
computer readable medium coupled to said processor; and
computer code, encoded in said computer readable medium, configured to cause said processor to;
compare first security level information and second security level information, wherein said first security level information is stored in a security label of a packet received at a network node, and said second security level information is stored at said network node; and
indicate processing to be performed on said packet based on said comparing. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
-
-
52. A computer program product comprising:
-
a first set of instructions, executable on a computer system, configured to compare first security level information and second security level information, wherein said first security level information is stored in a security label of a packet received at a network node, and said second security level information is stored at said network node; and
a second set of instructions, executable on said computer system, configured to indicate processing to be performed on said packet based on said comparing; and
computer readable media, wherein said computer program product is encoded in said computer readable media. - View Dependent Claims (53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. An apparatus comprising:
-
means for comparing first security level information and second security level information, wherein said first security level information is stored in a security label of a packet received at a network node, and said second security level information is stored at said network node; and
means for indicating processing to be performed on said packet based on said comparing. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
-
90. A network device comprising:
a network interface, wherein said network interface is configured to receive a packet, and said network device is configured to store first security level information and to process said packet using said first security level information. - View Dependent Claims (91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
-
104. A network device comprising:
an access control list, wherein said access control list comprises an access control list entry, said access control list entry comprises a label information field, and said label information field is configured to store a security label. - View Dependent Claims (105, 106, 107, 108, 109, 110, 111)
-
112. A network device comprising:
a forwarding table, wherein said forwarding table comprises a plurality of forwarding table entries, and at least one forwarding table entry of said forwarding table entries comprises a label range field. - View Dependent Claims (113, 114, 115, 116, 117, 118)
Specification