Methods and systems for controlling traffic on a communication network
First Claim
1. A method for controlling traffic on a communication network, comprising:
- receiving, at a hardware processor in a receiver, a query message for permission to send a data flow to the receiver;
sending, using the hardware processor, a permission message from the receiver;
receiving, at the hardware processor, a signaling message that indicates a volume of data that has been sent to the receiver;
determining, using the hardware processor, that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; and
in response to determining that the at least one data packet is unauthorized, causing the path for sending the data flow to be changed using the hardware processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Mechanisms for controlling traffic on a communication network are described. The mechanisms can be implemented, for example, using signaling messages. For example, a receiver can send a permission message to allow the sender to send a given amount of data along a particular path. As another example, a sender can send a query message indicating a volume of data that has been sent since the sender received a permission message. Upon receiving the query message, a receiver (or another device such as a router, etc.) can detect an attack by comparing the volume of data in the query message with the volume of data that has been received by the receiver. Upon detecting an attack, the receiver can drop unauthorized packets or request the sender to use a security protocol (e.g., IPsec AH) when transmitting data packets and/or change the path of the data flow (e.g., using multi-homing).
-
Citations
30 Claims
-
1. A method for controlling traffic on a communication network, comprising:
-
receiving, at a hardware processor in a receiver, a query message for permission to send a data flow to the receiver; sending, using the hardware processor, a permission message from the receiver; receiving, at the hardware processor, a signaling message that indicates a volume of data that has been sent to the receiver; determining, using the hardware processor, that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; and in response to determining that the at least one data packet is unauthorized, causing the path for sending the data flow to be changed using the hardware processor. - View Dependent Claims (2, 3)
-
-
4. A method for controlling traffic on a communication network, comprising:
-
passing, using a hardware processor, a query message for permission to send a data flow to a receiver; passing, using the hardware processor, a permission message that authorizes the sender to send a given volume of data; receiving, at the hardware processor, a signaling message that indicates a volume of data that has been sent to the receiver; and determining, using the hardware processor, that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message. - View Dependent Claims (5)
-
-
6. A method for controlling traffic on a communication network, comprising:
-
passing, using a hardware processor, a query message for permission to send a data flow to a receiver; passing, using the hardware processor, a signaling message that indicates a volume of data that has been sent to the receiver; determining, using the hardware processor, that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; in response to determining that the at least one data packet is unauthorized, passing, using the hardware processor, a permission message that indicates a security protocol to be used when transmitting packets to the receiver; and determining, using the hardware processor, that a further data packet being sent to the receiver violates the security protocol. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method for controlling traffic on a communication network, comprising:
-
receiving, at a hardware processor in a receiver, a query message for permission to send a data flow to the receiver; receiving, at the hardware processor, a signaling message that indicates a volume of data that has been sent to the receiver; determining, using the hardware processor, that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; in response to determining that the at least one data packet is unauthorized, sending, using the hardware processor, a permission message that indicates a security protocol to be used when transmitting packets to the receiver; and detecting, using the hardware processor, that a further data packet being sent to the receiver violates the security protocol. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system for controlling traffic on a communication network, comprising:
a receiver having a hardware processor that; receives a query message for permission to send a data flow to the receiver; sends a permission message from the receiver; receives a signaling message that indicates a volume of data that has been sent to the receiver; determines that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; and causes the path for sending the data flow to be changed in response to determining that the at least one data packet is unauthorized. - View Dependent Claims (17, 18)
-
19. A system for controlling traffic on a communication network, comprising:
a hardware processor that; passes a query message for permission to send a data flow to a receiver; passes a permission message that authorizes the sender to send a given volume of data; receives a signaling message that indicates a volume of data that has been sent to the receiver; and determines that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message. - View Dependent Claims (20)
-
21. A system for controlling traffic on a communication network, comprising:
a hardware processor that; passes a query message for permission to send a data flow to a receiver; passes a signaling message that indicates a volume of data that has been sent to the receiver; determines that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; in response to determining that the at least one data packet is unauthorized, passes a permission message that indicates a security protocol to be used when transmitting packets to the receiver; and detects that a further data packet being sent to the receiver violates the security protocol. - View Dependent Claims (22, 23, 24, 25)
-
26. A system for controlling traffic on a communication network, comprising:
a receiver having a hardware processor that; receives a query message for permission to send a data flow to the receiver; receives a signaling message that indicates a volume of data that has been sent to the receiver; determines that at least one data packet is unauthorized if a volume of data that has been received by the receiver is greater than the volume of data that has been sent to the receiver as indicated in the signaling message; in response to determining that the at least one data packet is unauthorized, sends a permission message that indicates a security protocol to be used when transmitting packets to the receiver; and detects that a further data packet being sent to the receiver violates the security protocol. - View Dependent Claims (27, 28, 29, 30)
Specification