Approaches for applying service policies to encrypted packets
First Claim
Patent Images
1. A method for applying a quality of service to an encrypted packet comprising:
- during initial establishment of a secure control channel, receiving and storing an identifier associated with the quality of service in association with a first Internet Key Exchange (IKE) ID;
examining an encrypted packet;
without decrypting the encrypted packet, mapping a second IKE ID from the packet, using the first IKE ID, to the identifier associated with the quality of service in a profile portion of the encrypted packet;
in response to mapping to the identifier associated with the quality of service, applying the associated quality of service to the encrypted packet.
1 Assignment
0 Petitions
Accused Products
Abstract
Approaches for applying service polices to encrypted packets are disclosed. One approach comprises examining an encrypted packet, determining whether an identifier associated with a service is present in an encrypted packet, and if it is determined that the identifier is present in the encrypted packet, applying the service to the encrypted packet. In an embodiment, the identifier is the Internet Key Exchange (IKE) ID of the encrypted packet.
-
Citations
39 Claims
-
1. A method for applying a quality of service to an encrypted packet comprising:
-
during initial establishment of a secure control channel, receiving and storing an identifier associated with the quality of service in association with a first Internet Key Exchange (IKE) ID; examining an encrypted packet; without decrypting the encrypted packet, mapping a second IKE ID from the packet, using the first IKE ID, to the identifier associated with the quality of service in a profile portion of the encrypted packet; in response to mapping to the identifier associated with the quality of service, applying the associated quality of service to the encrypted packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for applying a quality of service to a packet comprising:
-
during initial establishment of a secure control channel, receiving and storing an identifier associated with the quality of service in association with a first Internet Key Exchange (IKE) ID; encrypting the packet to create an encrypted packet; examining an identifier in a profile portion of the encrypted packet, wherein the identifier is based on a second IKE ID of the encrypted packet; without decrypting the encrypted packet, mapping the second IKE ID from the packet, using the first IKE ID, to the identifier in the encrypted packet associated with a quality of service to be applied to the encrypted packet; and in response to service mapping to the identifier associated with the quality of service, applying the quality of service to the encrypted packet. - View Dependent Claims (11, 12)
-
-
13. A computer-readable volatile or non-volatile storage medium comprising one or more sequences of instructions, which when executed by one or more processors, cause the one or more processors to perform applying a quality of service to an encrypted packet by:
-
during initial establishment of a secure control channel, receiving and storing an identifier associated with the quality of service in association with a first Internet Key Exchange (IKE) ID; examining an encrypted packet; without decrypting the encrypted packet, mapping a second IKE ID from the packet, using the first IKE ID, to the identifier associated with the quality of service in a profile portion of the encrypted packet; in response to mapping to the identifier associated with the quality of service, applying the associated quality of service to the encrypted packet. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. An apparatus for applying a quality of service to an encrypted packet comprising:
-
means for receiving and storing an identifier associated with the quality of service in association with a first Internet Key Exchange (IKE) ID during initial establishment of a secure control channel; means for examining an encrypted packet; means for mapping, without decrypting the encrypted packet, a second IKE ID from the packet, using the first IKE ID, to the identifier associated with the quality of service in a profile portion of the encrypted packet; means, responsive to the mapping means, for applying the quality of service to the encrypted packet. - View Dependent Claims (23, 24, 25, 26, 36, 38)
-
-
27. An apparatus for applying a quality of service to an encrypted packet comprising:
-
one or more processors; memory communicatively coupled to the one or more processors; one or more sequences of instructions in the memory for applying a quality of service to an encrypted packet, which instructions, when executed by the one or more processors, cause the one or more processors to perform the steps of; during initial establishment of a secure control channel, receiving and storing an identifier associated with the quality of service in association with a first Internet Key exchange (IKE) ID; examining an encrypted packet; without decrypting the encrypted packet, mapping a second IKE ID from the packet, using the first IKE ID, to the identifier associated with the quality of service in a profile portion of the encrypted packet; in response to mapping to the identifier associated with the quality of service, applying the quality of service to the encrypted packet. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 37, 39)
-
Specification