Privilege-based access admission table
First Claim
Patent Images
1. A method of processing data packets in a network, the method comprising:
- receiving a data packet at a network interface from a source device requesting access to a resource provided in the network;
extracting from the data packet a source address of the source device and a destination address of a destination device to which the data packet is to be transmitted;
performing a first query in an address database to retrieve a first device category associated with the source address, the first device category being of a plurality of first device categories of devices requesting access to resources in the network;
performing a second query in the address database to retrieve a second device category associated with the destination address, the second device category being of a plurality of second device categories of devices providing the resources in the network;
determining a command to assign the data packet in response to the source address being associated with the first device category and the destination address being associated with the second device category, the command identifying how to process the data packet; and
assigning the command to the data packet.
3 Assignments
0 Petitions
Accused Products
Abstract
Data packets are received at a network interface. A source address and a destination address are extracted from each data packet. Thereafter, a first query is performed in an address database to retrieve access group information associated with the source address. A second query is performed in the address database to retrieve resource group information associated with the destination address. Based upon the access group and the resource group, a command is assigned to the data packet. Optionally, the access group information and resource group information are used in connection with an access matrix to assign the command to the data packet.
22 Citations
32 Claims
-
1. A method of processing data packets in a network, the method comprising:
-
receiving a data packet at a network interface from a source device requesting access to a resource provided in the network; extracting from the data packet a source address of the source device and a destination address of a destination device to which the data packet is to be transmitted; performing a first query in an address database to retrieve a first device category associated with the source address, the first device category being of a plurality of first device categories of devices requesting access to resources in the network; performing a second query in the address database to retrieve a second device category associated with the destination address, the second device category being of a plurality of second device categories of devices providing the resources in the network; determining a command to assign the data packet in response to the source address being associated with the first device category and the destination address being associated with the second device category, the command identifying how to process the data packet; and assigning the command to the data packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 29, 31)
-
-
15. A network device for processing data packet traffic, the network device comprising:
-
a network interface configured to receive a data packet from a source device requesting access to a resource provided in a network; a parsing engine configured to extract from the data packet a source address of the source device and a destination address of a destination device to which the data packet is to be transmitted; an address database; a query engine configured to; retrieve a first device category associated with the source address from the address database, the first device category being of a plurality of first device categories of devices requesting access to resources in the network, and retrieve a second device category associated with the destination address from the address database, the second device category being of a plurality of second device categories of devices providing the resources in the network; and a processing engine configured to; determine a command to assign the data packet in response to the source address being associated with the first device category and the destination address being associated with the second device category, the command identifying how to process the data packet; and assign the command to the data packet. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 30, 32)
-
Specification