Scheme for determining transport level information in the presence of IP security encryption
First Claim
1. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
- prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said node and said another node in the packet switched network to provide value added services relative to the transmission;
performing said encrypting security processing on said payload of said packet; and
transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus which permits access, by intermediate nodes between source and destination nodes, to selected information such as transport level information, normally included in a payload of a packet upon which encrypting security processing has been performed according to an encrypting security protocol. In the present invention, prior to performing encrypting security processing on the packet, according to the security protocol, information related to selected information normally included in a payload of the packet is stored in a field in the header of the packet where the field is not subject to the encrypting security processing. Thereafter, encrypting security processing according to the security protocol is performed on the packet. The packet including the header having stored therein information corresponding to the selected information normally included in the payload and the payload upon which encrypting security processing has been performed is then transmitted on the packet switched network to its destination. Since the information related to the selected information normally included in the payload of the packet is stored in the header of the packet, access to the selected information by the intermediate nodes between source and destination nodes in a packet switched network is possible.
-
Citations
24 Claims
-
1. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
-
prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said node and said another node in the packet switched network to provide value added services relative to the transmission;
performing said encrypting security processing on said payload of said packet; and
transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A packet switched network comprising:
-
a network; and
a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate nodes between said at least one node and said another node in the network to provide value added services relative to the transmission;
wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said at least one node to said another node. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
-
prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
performing said encrypting security processing on said payload of said packet; and
transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
whereinsaid value added services comprise differentiated services.
-
-
20. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
-
prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
performing said encrypting security processing on said payload of said packet; and
transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
whereinsaid value added services comprise management of nodes for metering.
-
-
21. A method of permitting access to selected information normally included in a payload of a packet upon which encrypting security processing has been performed by a node in a packet switched network during transmission of the packet to another node, said method comprising:
-
prior to performing encrypting security processing on a payload of a packet, storing information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said node and said another node in the packet switched network to provide value added services relative to the transmission;
performing said encrypting security processing on said payload of said packet; and
transmitting said packet including said header and said payload upon which encrypting security processing has been performed in the packet switched network, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet by a node in the packet switched network; and
whereinsaid value added services comprise policing of at least one of the nodes.
-
-
22. A packet switched network comprising:
-
a network; and
a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said node to said at least one another node; and
whereinsaid value added services comprise differentiated services.
-
-
23. A packet switched network comprising:
-
a network; and
a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
wherein at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at last one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said node to said at least one another node; and
whereinsaid value added services comprise policing of at least one of the nodes.
-
-
24. A packet switched network comprising:
-
a network; and
a plurality of nodes interconnected to each other by said network to permit communication between said nodes using packets;
wherein the at least one node transmits a packet to another node in a manner to permit access to selected information normally included in a payload of said packet upon which encrypting security processing has been performed during said transmission of said packet from said at least one node to said another node, said selected information including transport level information, said transport level information being useable by at least one intermediate node between said at least one node and said another node in the network to provide value added services relative to the transmission;
wherein the at least one node, prior to performing encrypting security processing on a payload of a packet, stores information corresponding to selected information normally included in a payload of said packet in a field in a header of said packet where said field is not subject to said encrypting security processing, performs said encrypting security processing on said payload of said packet, and transmits said packet including said header and said payload upon which encrypting security processing has been performed, thereby permitting access to said selected information normally included in said payload of said packet via said header of said packet during transmission of said packet from said at least one node to said another node; and
whereinsaid value added services comprise management of at least one node for metering.
-
Specification