NETWORK SECURITY USING ENCRYPTED SUBFIELDS

US 20140359277A1
Filed: 06/04/2013
Published: 12/04/2014
Est. Priority Date: 06/04/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving from a secure device, an encrypted rule at a first network device;

receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on a key received at the second network device from the secure device; and

determining if said encrypted subfield matches said encrypted rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein.

21 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving from a secure device, an encrypted rule at a first network device;
  
  receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on a key received at the second network device from the secure device; and
  
  determining if said encrypted subfield matches said encrypted rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the first network device comprises an intrusion protection or detection system.
  - 3. The method of claim 1 wherein the first network device comprises a firewall.
  - 4. The method of claim 1 further comprising forwarding the packet if said encrypted subfield matches said encrypted rule and filtering the packet if said encrypted subfield does not match said encrypted rule.
  - 5. The method of claim 4 wherein forwarding the packet comprises forwarding the packet to a third network device operable to decrypt the packet based on the key received from the secure device, and forward the decrypted packet.
  - 6. The method of claim 4 wherein filtering comprises dropping, marking, redirecting, or modifying the packet.
  - 7. The method of claim 1 wherein determining comprises inspecting the packet and further comprising transmitting inspection results.
  - 8. The method of claim 7 wherein said inspection results are transmitted to a third network device operable to forward an unencrypted packet received from the second network device.
  - 9. The method of claim 1 further comprising receiving an unencrypted packet from the second network device and forwarding the unencrypted packet if said encrypted subfield matches said encrypted rule.

10. An apparatus comprising:
- a processor for receiving from a secure device, an encrypted rule at a first network device, processing a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on a key received at the second network device from the secure device, and determining if said encrypted subfield matches said encrypted rule; and
  
  memory for storing said encrypted rule.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10 wherein the apparatus comprises an intrusion protection or detection system.
  - 12. The apparatus of claim 10 wherein the apparatus comprises a firewall.
  - 13. The apparatus of claim 10 wherein the processor is further operable to forward the packet if said encrypted subfield matches said encrypted rule and filter the packet if said encrypted subfield does not match said encrypted rule.
  - 14. The apparatus of claim 13 wherein the processor is operable to transmit the packet to a third device configured to decrypt the packet based on the key received from the secure device and forward the decrypted packet.
  - 15. The apparatus of claim 10 wherein determining comprises inspecting the packet and wherein the processor is operable to transmit inspection results.
  - 16. The apparatus of claim 15 wherein the processor is operable to transmit said inspection results to a third network device configured to forward an unencrypted packet received from the second network device.
  - 17. The apparatus of claim 10 wherein the processor is further operable to forward an unencrypted packet received from the second network device if said encrypted subfield matches said encrypted rule.
  - 18. The apparatus of claim 10 wherein the apparatus further comprises the second network device.

19. Logic encoded on one or more tangible computer readable media for execution and when executed operable to:
- store an encrypted rule received from a secure device at a first network device;
  
  inspect a packet received from a second network device and containing at least one encrypted subfield, said subfield encrypted based on a key received at the second network device from the secure device; and
  
  determine if said encrypted subfield matches said encrypted rule.
- View Dependent Claims (20)
- - 20. The logic of claim 19 further operable to transmit the packet, if said encrypted subfield matches said encrypted rule, to a third network device configured to decrypt the packet based on the key received from the secure device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
McGrew, David

Granted Patent

US 9,288,186 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/154
CPC Class Codes

H04L 63/0245 Filtering by information in...

NETWORK SECURITY USING ENCRYPTED SUBFIELDS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SECURITY USING ENCRYPTED SUBFIELDS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links