Creating and managing a network security tag
First Claim
1. At least one non-transitory computer readable storage medium that includes code for execution for managing network data, and when executed by at least one processor is operable to:
- perform a number of actions on the network data to identify network information about the network data, wherein the network data is to be forwarded to a next network device en route to a destination device after the number of actions are performed;
determine whether the next network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and
responsive to a determination that the next network device is one of the group of network devices;
generate a metadata tag with a number of fields to include data indicating the network information, wherein at least one of the fields is included in the metadata tag based on a type of information used by the next network device;
generate an identifier for the network data;
encrypt the metadata tag using an encryption key and the identifier for the network data;
associate the metadata tag with the network data; and
transmit the network data with the metadata tag to the next network device.
10 Assignments
0 Petitions
Accused Products
Abstract
An apparatus, computer readable medium, and method are provided in one example embodiment and include a network device, an analysis module, and a tag module. The analysis module may be configured to perform a number of actions on the network data to identify network information about the network data. The tag module may be configured to determine whether a destination for the network data is within a set of destinations; and responsive to a determination that the destination for the network data is within the set of destinations: generate a metadata tag based on the network information, associate the metadata tag with the network data, and transmit the network information and the metadata tag.
20 Citations
24 Claims
-
1. At least one non-transitory computer readable storage medium that includes code for execution for managing network data, and when executed by at least one processor is operable to:
-
perform a number of actions on the network data to identify network information about the network data, wherein the network data is to be forwarded to a next network device en route to a destination device after the number of actions are performed; determine whether the next network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and responsive to a determination that the next network device is one of the group of network devices; generate a metadata tag with a number of fields to include data indicating the network information, wherein at least one of the fields is included in the metadata tag based on a type of information used by the next network device; generate an identifier for the network data; encrypt the metadata tag using an encryption key and the identifier for the network data; associate the metadata tag with the network data; and transmit the network data with the metadata tag to the next network device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 22, 23)
-
-
8. An apparatus for managing network data, comprising:
-
a first network device including at least one hardware processor; an analysis module coupled to the first network device, wherein the analysis module, when running on the at least one hardware processor, is to perform a number of actions on the network data to identify network information about the network data, wherein the network data is to be forwarded to a second network device en route to a destination device after the number of actions are performed; and a tag module coupled to the network device and the analysis module, wherein the tag module, when running on the at least one hardware processor, is to determine whether the second network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and
responsive to a determination that the second network device is one of the group of network devices;generate a metadata tag with a number of fields to include data indicating the network information, wherein at least one of the fields is included in the metadata tag based on a type of information used by the next network device; generate an identifier for the network data; encrypt the metadata tag using an encryption key and the identifier for the network data; associate the metadata tag with the network data; and transmit the network data with the metadata tag to the second network device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 24)
-
-
15. A method for managing network data, comprising:
-
receiving the network data at a network device; performing a number of actions on the network data to identify network information about the network data, wherein the network data is to be forwarded to a next network device en route to a destination device after the number of actions are performed; determining whether the next network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and responsive to a determination that the next network device is one of the group of network devices; generating, by a hardware processor of the network device, a metadata tag with a number of fields to include data indicating the network information, wherein at least one of the fields is included in the metadata tag based on a type of information used by the next network device; generating an identifier for the network data; encrypting the metadata tag using an encryption key and the identifier for the network data; associating the metadata tag with the network data; and transmitting the network data with the metadata tag to the next network device. - View Dependent Claims (16, 17, 18)
-
-
19. An apparatus for managing network data, comprising:
-
a memory element comprising instructions; a first network device including at least one hardware processor that, when executing the instructions is to; receive the network data with an initial metadata tag; determine whether the initial metadata tag is encrypted; responsive to a determination that the initial metadata tag is encrypted, decrypt the initial metadata tag to generate a decrypted initial metadata tag; and identify initial network information from the decrypted initial metadata tag; an analysis module coupled to the first network device, wherein the analysis module is configured to perform a number of actions on the network data based, at least in part, on the initial network information to identify other network information, wherein the network data is to be forwarded to a second network device after the number of actions are performed; and a tag module coupled to the first network device and the analysis module, wherein the tag module is configured to;
determine whether the second network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and
responsive to a determination that the second network device is not one of the group of network devices;remove the initial metadata tag; and transmit the network data without the initial metadata tag to the second network device.
-
-
20. At least one non-transitory computer readable storage medium that includes code for execution for managing network data, and when executed by at least one processor is operable to:
-
receive the network data with an initial metadata tag; determine whether the initial metadata tag is encrypted; responsive to a determination that the initial metadata tag is encrypted, decrypt the initial metadata tag to generate a decrypted initial metadata tag; identify initial network information from the decrypted initial metadata tag; perform a number of actions on the network data based, at least in part, on the initial network information to identify other network information, wherein the network data is to be forwarded to a next network device after the number of actions are performed; determine whether the next network device is one of a group of network devices operable to perform at least a number of other actions on the network data; and responsive to a determination that the next network device is not one of the group of network devices; remove the initial metadata tag; and transmit the network data without the initial metadata tag to the next network device. - View Dependent Claims (21)
-
Specification