Performing security functions on a message payload in a network element
First Claim
1. A method of performing security functions on a message payload in a network element, the method comprising the computer-implemented steps of:
- receiving one or more data packets at a network element; and
performing, at the network element, a particular function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets;
wherein the particular function is one of a set of functions comprising an encryption function, a decryption function, a digest function, an authentication function, an authorization function, and an auditing function.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is disclosed for performing security functions on a message payload in a network element. According to one aspect, a network element receives one or more data packets. The network element performs a security function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets. According to another aspect, a network element receives a first request that is destined for a first application. The network element sends, to a second application that sent the first request, a second request for authentication information. The network element receives the authentication information and determines whether the authentication information is valid. If the authentication information is not valid, then the network element prevents the first request from being sent to the first application.
175 Citations
39 Claims
-
1. A method of performing security functions on a message payload in a network element, the method comprising the computer-implemented steps of:
-
receiving one or more data packets at a network element; and
performing, at the network element, a particular function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets;
wherein the particular function is one of a set of functions comprising an encryption function, a decryption function, a digest function, an authentication function, an authorization function, and an auditing function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method of performing an authentication function in a network element, the method comprising the computer-implemented steps of:
-
receiving, at a network element, a first request that is destined for a first application that is hosted on a device other than the network element;
in response to receiving the first request, sending, to a second application that sent the first request, a second request for authentication information;
receiving the authentication information at the network element;
determining, at the network element, whether the authentication information is valid; and
in response to determining that the authentication information is not valid, preventing the first request from being sent to the first application. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A computer-readable medium carrying one or more sequences of instructions for performing security functions on a message payload in a network element, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
receiving one or more data packets at a network element; and
performing, at the network element, a particular function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets;
wherein the particular function is one of a set of functions comprising an encryption function, a decryption function, a digest function, an authentication function, an authorization function, and an auditing function.
-
-
34. An apparatus for performing security functions on a message payload in a network element, comprising:
-
means for receiving one or more data packets at a network element; and
means for performing, at the network element, a particular function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets;
wherein the particular function is one of a set of functions comprising an encryption function, a decryption function, a digest function, an authentication function, an authorization function, and an auditing function.
-
-
35. An apparatus for performing an authentication function in a network element, comprising:
-
means for receiving, at a network element, a first request that is destined for a first application that is hosted on a device other than the network element;
means for sending, in response to receiving the first request, to a second application that sent the first request, a second request for authentication information;
means for receiving the authentication information at the network element;
means for determining, at the network element, whether the authentication information is valid; and
means for preventing, in response to determining that the authentication information is not valid, the first request from being sent to the first application.
-
-
36. An apparatus for performing security functions on a message payload in a network element, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
receiving one or more data packets at a network element; and
performing, at the network element, a particular function on at least a portion of an application layer message that is contained in one or more payload portions of the one or more data packets;
wherein the particular function is one of a set of functions comprising an encryption function, a decryption function, a digest function, an authentication function, an authorization function, and an auditing function.
-
-
37. An apparatus for performing an authentication function in a network element, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom;
a processor;
one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
receiving, at a network element, a first request that is destined for a first application that is hosted on a device other than the network element;
in response to receiving the first request, sending, to a second application that sent the first request, a second request for authentication information;
receiving the authentication information at the network element;
determining, at the network element, whether the authentication information is valid; and
in response to determining that the authentication information is not valid, preventing the first request from being sent to the first application.
-
-
38. A system comprising:
-
a first application that sends a message;
a first network element that receives the message, encrypts the message to produce an encrypted message, and sends the encrypted message;
a second network element that receives the encrypted message, decrypts the encrypted message to produce a decrypted message, and sends the decrypted message; and
a second application that receives the decrypted message. - View Dependent Claims (39)
-
Specification