ACCESS, PRIORITY AND BANDWIDTH MANAGEMENT BASED ON APPLICATION IDENTITY
First Claim
Patent Images
1. A method of controlling packet flow, comprising:
- receiving packets destined for one or more resources, the respective packets each including an inserted application identifier and user identifier identifying a registered application and a user, respectively;
determining, by a packet processor of a security node, the inserted application identifier for each of the respective packets received;
determining, for each of the received packets, whether the user identifier is authorized to use an application and a resource included in a set of security rules based on the inserted application identifier of the received packet; and
if the user is authorized to use the application and the resource, controlling, by the packet processor, the packet flow of each of the received packets sent from the security node by adjusting one or more of a priority of the received packets or a bandwidth to the resource.
9 Assignments
0 Petitions
Accused Products
Abstract
A method or system for managing packet flow is disclosed. The packets each include an inserted application identifier identifying a registered application. The method includes receiving packets destined for one or more resources, determining, by a packet processor, the inserted application identifier for each of the respective packets received and managing the packet flow of each received packet sent from a security node based at least in part on the inserted application identifier of the received packet.
-
Citations
20 Claims
-
1. A method of controlling packet flow, comprising:
-
receiving packets destined for one or more resources, the respective packets each including an inserted application identifier and user identifier identifying a registered application and a user, respectively; determining, by a packet processor of a security node, the inserted application identifier for each of the respective packets received; determining, for each of the received packets, whether the user identifier is authorized to use an application and a resource included in a set of security rules based on the inserted application identifier of the received packet; and if the user is authorized to use the application and the resource, controlling, by the packet processor, the packet flow of each of the received packets sent from the security node by adjusting one or more of a priority of the received packets or a bandwidth to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of inserting an application identifier into respective outgoing packets from a sending node destined for a resource on a network, comprising:
-
storing, in an electronic database of the sending node, information identifying registered applications including associated application identifiers; determining, by a program processor of the sending node, each currently executing process and at least a process identifier corresponding to each currently executing process; matching, using the electronic database of the sending node, the information identifying registered applications with information associated with the process identifiers of each currently executing process to determine a matched application identifier associated with each currently executing process; and inserting, by the program processor of the sending node, the matched application identifier in each packet to authenticate that the registered application corresponding to the matched application identifier is associated with the respective packets. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A security node for managing packet flow between a sending node and one or more resources on a network, comprising:
-
a registration unit for registering applications that are authorized to access the one or more resources on the network; and a packet processor for determining an application identifier and a user identifier inserted in each received packet, for determining, for each received packet, whether the user identifier is authorized to use an application and a resource included in a set of security rules based on the inserted application identifier of the received packet; and
if the user is authorized to use the application and the resource, for controlling the packet flow of each received packet sent from the security node by adjusting one or more of a priority of each received packet or a bandwidth to the resource. - View Dependent Claims (19)
-
-
20. A sending node for managing packet flow to one or more resources on a network, comprising:
-
an electronic database for storing information identifying registered applications including associated application identifiers; a program processor for determining each currently executing process and at least a process identifier corresponding to each currently executing process, the information identifying registered applications being matched with information associated with the process identifiers of each currently executing process to determine a matched application identifier associated with each currently executing process, the program processor inserting the matched application identifier in respective packets to authenticate that the registered application corresponding to the matched application identifier is associated with the respective packets; and a sending unit for sending the respective packets destined for the one or more resources.
-
Specification