Method and system for including security information with a packet
First Claim
Patent Images
1. A method comprising:
- identifying a first set of network devices, whereinthe identifying comprises determining that each network device of the first set of network devices is configured to process network security information,the first set of network devices are network devices at a perimeter of a first network,the first network does not support a network security technique, andthe network security information is associated with the network security technique;
maintaining a list at a first network device, whereinthe list comprises information identifying the first set of network devices; and
communicating the list from the first network device to a second network device, whereinthe second network device is configured to process the network security information associated with the network security technique, andthe second network device is at the perimeter of the first network.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for including security information with a packet is disclosed. A packet is detected as it exits a first network and enters a second network. The first network is configured to support a network security technique, and the second network is not configured to support the network security technique. Network security information associated with the network security technique is included with the packet. A network device is configured to include network security information in overhead of a packet. A method for identifying a first network device in a network is also disclosed. Identification information of the first network is communicated to a second network device.
91 Citations
22 Claims
-
1. A method comprising:
-
identifying a first set of network devices, wherein the identifying comprises determining that each network device of the first set of network devices is configured to process network security information, the first set of network devices are network devices at a perimeter of a first network, the first network does not support a network security technique, and the network security information is associated with the network security technique; maintaining a list at a first network device, wherein the list comprises information identifying the first set of network devices; and communicating the list from the first network device to a second network device, wherein the second network device is configured to process the network security information associated with the network security technique, and the second network device is at the perimeter of the first network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 22)
-
-
9. An apparatus comprising:
a first network device, wherein the first network device comprises a processor, a computer-readable storage medium, coupled to the processor, and a network interface, coupled to the processor, and the first network device is configured to identify a first set of network devices, wherein the first set of network devices is identified by determining that each network device of the first set of network devices is configured to process network security information, the first set of network devices are network devices at a perimeter of a first network, the first network does not support a network security technique, and the network security information is associated with the network security technique, maintain a list in the computer-readable storage medium of the first network device, wherein the list comprises information identifying the first set of network devices, and communicate the list to a second network device via the network interface of the first network device, wherein the second network device is configured to process network security information associated with the network security technique, and the second network device is at the perimeter of the first network. - View Dependent Claims (10, 11, 12, 13, 14)
-
15. A non-transitory computer program product comprising:
-
a first set of instructions, executable by a processor, configured to identify a first set of network devices, wherein the first set of network devices is identified by determining that each network device of the first set of network devices is configured to process network security information, the first set of network devices are network devices at a perimeter of a first network, the first network does not support a network security technique, and the network security information is associated with the network security technique; a second set of instructions, executable by the processor, configured to maintain a list at a first network device, wherein the list comprises information identifying the first set of network devices; a third set of instructions, executable by the processor, configured to communicate the list from the first network device to a second network device, wherein the second network device is configured to process the network security information associated with the network security technique, and the second network device is at the perimeter of the first network; and computer readable media, wherein the non-transitory computer program product is encoded in the computer readable media. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving a packet with network security information, wherein the packet is configured to support a packet security technique, the packet is received by a network device that is configured to support a network security technique, the network security information is associated with the network security technique, the network security information is included in a section of the packet, and the section of the packet is configured to be accessed only by network devices that are configured to support the network security technique; and processing the network security information, wherein the processing comprises processing the packet using role based access control.
-
Specification