Method and apparatus for providing network security using role-based access control
First Claim
Patent Images
1. A method comprising:
- comparing, using a processor of a network device, a user group of a packet with a user group of a destination of said packet, whereinsaid user group of said packet is a source user group,said user group of said destination is a destination user group,said destination user group is identified by a user group identifier,said destination user group is assigned to said destination based on a role of said destination,said user group identifier is configured to be stored in a forwarding information base, said user group identifier being stored in said forwarding information base as a result of being received in a response from another network device, said response being received in response to a request sent to said another network device by said network device, andsaid user group identifier is further configured to be retrieved from said forwarding information base for use in said comparing for securing access to a network by a user based on a user'"'"'s role.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing network security using role-based access control is disclosed. A network device implementing such a method can include, for example, an access control list. Such an access control list includes an access control list entry, which, in turn, includes a user group field. Alternatively, a network device implementing such a method can include, for example, a forwarding table that includes a plurality of forwarding table entries. In such a case, at least one of the forwarding table entries includes a user group field.
78 Citations
30 Claims
-
1. A method comprising:
comparing, using a processor of a network device, a user group of a packet with a user group of a destination of said packet, wherein said user group of said packet is a source user group, said user group of said destination is a destination user group, said destination user group is identified by a user group identifier, said destination user group is assigned to said destination based on a role of said destination, said user group identifier is configured to be stored in a forwarding information base, said user group identifier being stored in said forwarding information base as a result of being received in a response from another network device, said response being received in response to a request sent to said another network device by said network device, and said user group identifier is further configured to be retrieved from said forwarding information base for use in said comparing for securing access to a network by a user based on a user'"'"'s role. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
15. A computer program product embedded in a non-transitory computer readable storage medium having a computer program recorded therein or thereon, when executed by a processor, results in a machine performing the functions for securing access to a network by a user based on a user'"'"'s role, wherein the computer program product comprising:
-
a plurality of instructions, comprising a first set of instructions, executable on a computer system, configured to compare a user group of a packet with a user group of a destination of said packet, wherein said user group of said packet is a source user group, said user group of said destination is a destination user group, said destination user group is identified by a user group identifier, said destination user group is assigned to said destination based on a role of said destination, said user group identifier is configured to be stored in a forwarding information base, said user group identifier being stored in said forwarding information base as a result of being received in a response from another network device, said response being received in response to a request sent to said another network device by said network device, and said user group identifier is further configured to be retrieved from said forwarding information base for use by said first set of instructions for use in said comparing for securing access to a network by a user based on a user'"'"'s role; and a computer readable medium, wherein said instructions are encoded in said computer readable medium. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A network device comprising:
-
a forwarding information base, wherein said forwarding information base is configured to store a user group identifier; means for storing said user group identifier in said forwarding information base, wherein said means for storing is coupled to said forwarding information base, said means for storing is responsive to said user group identifier being received in a response from another network device, and said network device is configured to receive said response in response to a request sent to said another network device by said network device; means for retrieving said user group identifier from said forwarding information base, wherein said means for retrieving is coupled to said forwarding information base; and means for comparing a user group of a packet with a user group of a destination of said packet for securing access to a network by a user based on a user'"'"'s role, wherein said means for comparing is coupled to said means for retrieving, said user group of said packet is a source user group, said user group of said destination is a destination user group, said destination user group is identified by said user group identifier, and said destination user group is assigned to said destination based on a role of said destination. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification