Method and apparatus for distributed intrusion protection system for ultra high bandwidth networks
First Claim
1. A method, comprising:
- examining a data stream on a network, the data stream comprising a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data;
characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, the predetermined combination of the predetermined characteristics being related to the level of sensitivity of the at least one of the portions of data; and
distributing the portions of the data stream into a plurality of different channels based on the characterizing, selection of said channels in which to distribute the portions of the data stream being determined by tags attached to at least one of the portions of data, the tags including at least one or more of the following;
802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for providing security to a network having a data stream with a plurality of portions of data, each having differing levels of sensitivity. The data stream is interrogated to determine the presence of predetermined characteristics associated with at least one of the portions of data within the data stream. At least one of the portions of data is then characterized, based upon the portion of data exhibiting a predetermined combination of characteristics, wherein the predetermined combination of characteristics is related to the sensitivity of the portion of data. The portions of the data stream are then distributed into a plurality of different channels, each of the channels associated with different level of sensitivity.
26 Citations
35 Claims
-
1. A method, comprising:
-
examining a data stream on a network, the data stream comprising a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data; characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, the predetermined combination of the predetermined characteristics being related to the level of sensitivity of the at least one of the portions of data; and distributing the portions of the data stream into a plurality of different channels based on the characterizing, selection of said channels in which to distribute the portions of the data stream being determined by tags attached to at least one of the portions of data, the tags including at least one or more of the following;
802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more computer-readable storage media encoded with digital instructions for providing security to a network, the instructions comprising:
-
instructions for interrogating a data stream on said network, the data stream including a plurality of portions of data, to determine the presence of one or more predetermined characteristics associated with at least one of the portions of data within the data stream; instructions for characterizing at least one of the portions of data based upon the at least one of the portions of data exhibiting a predetermined combination of the predetermined characteristics, and, based on the characterizing, adding, removing, and/or modifying one or more tags on a data package comprising at least one of the portions of the data, the tags including at least one or more of the following;
802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags; andinstructions for distributing the portions of the data stream into a plurality of different channels based on at least one of the tags. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An appliance configured to provide security to a network comprising:
a memory or storage device storing instructions that when executed by the appliance cause the appliance to perform a method, the method comprising; interrogating a data stream on said network to determine the presence of one or more predetermined characteristics associated with one or more portions of data within the data stream, characterizing at least one of the portions of data, based on a predetermined combination of the predetermined characteristics, the predetermined combination being related to the sensitivity of one or more of the portions of data, based on the characterizing, attaching one or more tags to at least one data packages, the tags including at least one or more of the following;
802.1 VLAN, GMPLS, MPLS, light tags, data tags, overall level of trust tags, protocol tags, sensitivity tags, data value tags, or component specific tags, anddistributing the at least one data package into a selected channel of a plurality of different channels, the selected channel defined by the attached tags. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
28. An appliance configured to provide security to a network comprising:
-
a memory or storage device storing instructions that when executed by the appliance cause the appliance to perform a method, the method comprising; interrogating a data stream on said network to determine the presence of one or more predetermined characteristics associated with one or more portions of data within the data stream, characterizing at least one of the portions of data, based on a predetermined combination of the predetermined characteristics, the predetermined combination being related to the sensitivity of one or more of the portions of data, and distributing the portions of the data stream into a plurality of different channels based on the characterizing, wherein said plurality of channels are different wavelengths of light in an optical transmission medium. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
Specification