LAYER-4 TRANSPARENT SECURE TRANSPORT PROTOCOL FOR END-TO-END APPLICATION PROTECTION
First Claim
1. A method performed by a network element, the method comprising:
- receiving a packet of a network transaction from a client over a first network, the packet destined to a server of a data center having a plurality of servers over a second network, wherein the packet includes a payload encrypted without encrypting information needed for at least layer 2 to layer (layer 2-4) of an OSI (open system interconnection) layers of network processes; and
performing the layer 2-4 process on the packet without having to decrypting the payload to determine whether the packet is eligible to access the destined server over the second network based on the unencrypted layer 2-4 information.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing layer 4 transparent secure transport for end-to-end application protection are described herein. According to one embodiment, a packet of a network transaction is received from a client over a first network, where the packet is destined to a server of a data center having a plurality of servers over a second network. The packet includes a payload encrypted without encrypting information needed for a layer 4 of OSI (open system interconnection) layers of network processes. The layer 4 process is performed on the packet without having to decrypting the payload to determine whether the packet is eligible to access the destined server over the second network based on the unencrypted layer 4 information. Other methods and apparatuses are also described.
121 Citations
20 Claims
-
1. A method performed by a network element, the method comprising:
-
receiving a packet of a network transaction from a client over a first network, the packet destined to a server of a data center having a plurality of servers over a second network, wherein the packet includes a payload encrypted without encrypting information needed for at least layer 2 to layer (layer 2-4) of an OSI (open system interconnection) layers of network processes; and performing the layer 2-4 process on the packet without having to decrypting the payload to determine whether the packet is eligible to access the destined server over the second network based on the unencrypted layer 2-4 information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A machine-readable medium having instructions stored therein, which when executed by a machine, cause the machine to perform a method, the method comprising:
-
receiving a packet of a network transaction from a client over a first network, the packet destined to a server of a data center having a plurality of servers over a second network, wherein the packet includes a payload encrypted without encrypting information needed for at least layer 2 to layer 4 (layer 2-4) of an OSI (open system interconnection) layers of network processes; and performing the layer 2-4 process on the packet without having to decrypting the payload to determine whether the packet is eligible to access the destined server over the second network based on the unencrypted layer 2-4 information. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification