Method and system for including security information with a packet
First Claim
Patent Images
1. A computer-readable method comprising:
- determining, at a first network node, whether a packet is to be sent from a first network to a second network, whereinthe first network node is a perimeter network device of the first network, andthe determining comprisesdetermining whetherthe first network is configured to support a network security technique,the second network is not configured to support the network security technique, andthe packet will be processed by a second network node, wherein
the second network node is configured to support the network security technique;
if the packet is to be sent from the first network to the second network , including network security information with the packet, whereinthe network security information is associated with the network security technique,the network security information is configured to prevent the second network from accessing the network security information, andthe network security information is configured to allow the second network node to access the network security information; and
if the packet is not to be sent from the first network to the second network, performing further processing on the packet.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
79 Citations
56 Claims
-
1. A computer-readable method comprising:
-
determining, at a first network node, whether a packet is to be sent from a first network to a second network, wherein the first network node is a perimeter network device of the first network, and the determining comprises determining whether the first network is configured to support a network security technique, the second network is not configured to support the network security technique, and the packet will be processed by a second network node, wherein
the second network node is configured to support the network security technique;if the packet is to be sent from the first network to the second network , including network security information with the packet, wherein the network security information is associated with the network security technique, the network security information is configured to prevent the second network from accessing the network security information, and the network security information is configured to allow the second network node to access the network security information; and if the packet is not to be sent from the first network to the second network, performing further processing on the packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a processor; hardware configured to determine, at a first network node, whether a packet is to be sent from a first network node to a second network node, wherein the first network node is a perimeter network device of the first network, and the hardware configured to determine is further configured to determine whether the first network is configured to support a network security technique, the second network is not configured to support the network security technique, and the packet will be processed by a second network node, wherein the second network node is configured to support the network security technique; hardware configured to include network security information with the packet, if the packet is to be sent from the first network to the second network, wherein the processor is coupled to control the hardware configured to include, the hardware configured to include is coupled to the hardware configured to determine, the network security information is associated with the network security technique, the network security information is configured to prevent the second network from accessing the network security information, the network security information is configured to allow the second network node to access the network security information; and hardware configured to perform further processing on the packet further, if the packet is not to be sent from the first network to the second network. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer program product comprising:
-
a first set of instructions, executable on a first network device, configured to determine whether a packet is to be sent from a first network to a second network, wherein the first network device is a perimeter network device of the first network, and the first set of instructions is further configured to determine whether the first network is configured to support a network security technique, the second network is not configured to support the network security technique, and the packet will be processed by a second network node, wherein the second network node is configured to support the network security technique; a second set of instructions, executable on the first network device, configured to include network security information with the packet, if the packet is to be sent from the first network to the second network, wherein the network security information is associated with the network security technique, the network security information is configured to prevent the second network from accessing the network security information, and the network security information is configured to allow the second network node to access the network security information; a third set of instructions, executable on the first network device, configured to perform further processing on the packet, if the packet is not to be sent from the first network to the second network; and computer readable media, wherein the computer program product is encoded in the computer readable media. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. An apparatus comprising:
-
a first network device, wherein the first network device is configured to determine whether a packet is to be sent from a first network device to a second network device, wherein the first network device is configured to determine by virtue of being configured to determine whether the first network device is configured to support a network security technique, the second network device is not configured to support the network security technique, and the packet will be processed by a third network device, wherein the third network device is configured to support the network security technique; include network security information in overhead of the packet, if the packet is to be sent from the first network device to the second network device, wherein the network security information is associated with the network security technique, the network security information is configured to prevent the second network device from accessing the network security information, and the network security information is configured to allow the third network device to access the network security information; and perform further processing on the packet, if the packet is not to be sent from the first network device to the second network device. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50)
-
-
51. A method of communicating packets between networks comprising:
-
communicating a packet from a first network to a second network, wherein the first network is capable of processing network security information; determining, at a first network device, whether to include network security information in the packet, wherein the determining is performed by comparing identification information associated with the second network with information in the packet; including the network security information, if the second network is capable of processing the network security information; and preventing the network security information from being included in the packet if the second network is not capable of processing the network security information. - View Dependent Claims (52, 53, 54, 55, 56)
-
Specification