Communication policy enforcement in a data network
First Claim
1. A system comprising:
- a network device to allow authorized communication between a destination device and a source device, the network device to;
receive a first packet sent from the source device to the destination device;
determine that the first packet does not include authorization information;
provide a message to a policy server that establishes a network policy, the message informing the policy server that authorization information should be included in subsequent packets from the source device to the destination device;
receive, from the policy server, a copy of authorization information associated with the source device;
receive, from the source device, a second packet intended for the destination device;
determine that the second packet includes authorization information;
compare the authorization information included in the second packet with the copy of authorization information received from the policy server; and
forward at least a portion of the second packet to the destination device when the authorization information, included in the second packet, matches the copy of authorization information received from the policy server.
12 Assignments
0 Petitions
Accused Products
Abstract
A device is configured to receive authorization information from a first network device and to receive a request that data units sent to a destination device contain authorization information, where the request is received from a second network device. The device is configured to assemble authorized data units by associating the authorization information with content intended for a destination device, where the content can be exchanged with the destination device during authorized communication. The device is configured to provide at least one of the authorized data units to the second network device so that the second network device can establish the authorized communication between the device and the destination device.
24 Citations
14 Claims
-
1. A system comprising:
a network device to allow authorized communication between a destination device and a source device, the network device to; receive a first packet sent from the source device to the destination device; determine that the first packet does not include authorization information; provide a message to a policy server that establishes a network policy, the message informing the policy server that authorization information should be included in subsequent packets from the source device to the destination device; receive, from the policy server, a copy of authorization information associated with the source device; receive, from the source device, a second packet intended for the destination device; determine that the second packet includes authorization information; compare the authorization information included in the second packet with the copy of authorization information received from the policy server; and forward at least a portion of the second packet to the destination device when the authorization information, included in the second packet, matches the copy of authorization information received from the policy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method, performed by a network device, for establishing authorized communication between a source device and a destination device, the method comprising:
-
receiving a first packet from the source device, the first packet being intended for the destination device; determining that the first packet does not include authorization information; providing, to a policy server, a message in response to determining that the first packet does not include authorization information, the message informing the policy server that authorization information should be included in subsequent communication from the source device; intercepting a second packet from the source device, the second packet being intended for the destination device; determining that the second packet includes authorization information; receiving a copy of authorization information from the policy server; processing the authorization information, in response to determining that the second packet includes authorization information, to determine whether the authorization information, included in the received second packet, matches the received copy of the authorization information; and forwarding the second packet to the destination device when the authorization information included in the received second packet matches the received copy of the authorization information. - View Dependent Claims (11, 12, 13)
-
-
14. A network device, comprising:
-
a processor; and a memory to store one or more instructions which when executed by the processor, cause the processor to; receive a first packet from a source device, the first packet being intended for a destination device; determine that the first packet does not include authorization information; receive a copy of authorization information from a policy server, where the copy of authorization information is used to determine if communication between the source device and the destination device can be authorized; send, to the policy server, a request that subsequent packets from the source device, intended for the destination device, contain authorization information; receive, from the source device, subsequent packets; determine that the subsequent packets include authorization information; compare the authorization information included in the subsequent packets with the received copy of the authorization information; and allow at least a portion of the subsequent packets to reach the destination device when the authorization information, included in the subsequent packets, matches the copy of the authorization information received from the policy server.
-
Specification