METHOD FOR CREATING SECURE SUBNETWORKS ON A GENERAL PURPOSE NETWORK
0 Assignments
0 Petitions
Accused Products
Abstract
Techniques used in a network that includes non-trusted devices, in which packets of information communicated across the network include network address information for a source device and a destination device of the packets of information are described herein. According to one embodiment, a process of establishing a more secure subnetwork includes inserting at least one credential into at least one packet of information issued by the source device, the credential assessable by a plurality of devices on the network, enabling transmission of the at least one packet of information from the source device to at least one destination device on the subnetwork, assessing the credential by at least one of the devices, and permitting the source device to communicate with the destination device conditioned upon the results of the assessing step. Other methods and apparatuses are also described.
-
Citations
118 Claims
-
1-99. -99. (canceled)
-
100. In a computer network of a plurality of network devices that is comprised of at least one source device, at least one destination device and at least one intermediate device, in which packets of information are communicable across said network in accordance with an industry standard communication protocol, a method of improving the security of at least a portion of the network, comprising the steps of:
-
receiving a packet of information by a first intermediate device; introducing, modifying or replacing at least one credential in said packet of information, said at least one introduced, modified or replacement credential residing in a header portion of the packet formed in accordance with said industry standard communication protocol and containing information pertaining to said at least one source device that is supplemental to information required by said industry standard communication protocol; enabling assessment of said at least one introduced, modified or replacement credential by a plurality of devices on said network downstream of said intermediate device; and permitting said at least one source device to communicate with said at least one destination device conditioned upon the results of an assessment of said at least one introduced, modified or replacement credential by one or more of said plurality of devices. - View Dependent Claims (101, 102, 103, 104, 105, 106, 107, 108, 116, 117)
-
-
109. An intermediate network device that is capable of improving the security of communication between a plurality of devices on a computer network that comprises a source device, a destination device, and said intermediate network device, comprising:
-
computer memory configured to store instructions for causing said intermediate network device to receive a packet of information over the network in accordance with an industry standard communication protocol that specifies that said packet of information comprise a header portion comprising required information comprising a network address of said source device and said destination device for said packet of information, and optional information supplemental to said required information; computer memory configured to store instructions to enable said intermediate network device to introduce, modify or replace a credential in said header portion of said packet of information, said introduced, modified or replacement credential containing information pertaining to said source device that is supplemental to information required by said industry standard communication protocol and in a form assessable by a plurality of devices downstream of said intermediate device on said network; computer memory configured to store instructions for assessing said introduced, modified or replacement credential in said packet; and computer memory configured to store instructions for performing a security procedure concerning the authentication or authorization of said source device based upon said introduced, modified or replacement credential. - View Dependent Claims (110, 111, 112, 113, 114, 115, 118)
-
Specification