Method and apparatus for a distributed firewall
First Claim
Patent Images
1. A method executed within a processing unit for filtering packets, comprising the steps of:
- receiving a packet that includes an encrypted identifier and an unencrypted remainder of said packet, for verifying identity of a first device that sent said packet;
authenticating said identifier;
determining whether to forward said packet to a second device based on result of said authenticating, and a policy relative to said source device; and
forwarding said packet to said second device in accordance with said determination.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for a implementing a distributed firewall is described. A packet filter processor receives a packet sent from a first device to a second device. The packet filter processor authenticates an identifier for the packet. For example, authentication could be performed using a cryptographically-verifiable identifier. The packet filter processor determines whether to send the packet to the second device, based on the authentication and a set of policy rules. The packet filter processor sends the packet to the second device in accordance with the determination.
90 Citations
23 Claims
-
1. A method executed within a processing unit for filtering packets, comprising the steps of:
-
receiving a packet that includes an encrypted identifier and an unencrypted remainder of said packet, for verifying identity of a first device that sent said packet; authenticating said identifier; determining whether to forward said packet to a second device based on result of said authenticating, and a policy relative to said source device; and forwarding said packet to said second device in accordance with said determination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 22, 23)
-
-
10. A machine-readable memory whose contents cause a computer system to perform packet filtering, by performing the steps of:
-
receiving a packet that includes an encrypted identifier for verifying identity of a first device that sent said packet, while remainder of said packet unencrypted; authenticating said identifier; determining whether to forward said packet to a second device based on result of said authenticating, and a policy relative to said source device; and forwarding said packet to said second device in accordance with said determination. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A packet filter for a distributed firewall, comprising:
-
an input means coupled to said first network for receiving a data packet from a first device, said data packet having an encrypted common host identifier for verifying identity of a first device that sent said packet via a decryption process, while remainder of said packet unencrypted; a first buffer coupled to said input means for storing said received packet; a first memory segment containing a list of common host identifiers and at least one policy rule; a second memory segment for storing a program for decrypting said common host identifier, authenticating said common host identifier, and determining whether to send said packet to a second device based on said list and said policy rule; a processor coupled to said first buffer, said first memory segment and said second memory segment for executing said program; and an output means coupled to said first buffer for forwarding said compared data packet to said second device based on said comparison. - View Dependent Claims (20)
-
Specification