Network security using encrypted subfields
First Claim
Patent Images
1. A method comprising:
- receiving from a secure device at a first network device, an encrypted rule encrypted with a key at the secure device;
storing the encrypted rule at the first network device, wherein content of the rule is hidden from the first network device;
receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on the key received at the second network device from the secure device; and
processing the packet, wherein processing comprises using the encrypted rule to inspect the packet and determine if said encrypted subfield in the packet matches said encrypted rule received from the secure device.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes receiving from a secure device, an encrypted rule at a first network device, receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, the subfield encrypted based on a key received at the second network device from the secure device, and determining if the encrypted subfield matches the encrypted rule. An apparatus and logic are also disclosed herein.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving from a secure device at a first network device, an encrypted rule encrypted with a key at the secure device; storing the encrypted rule at the first network device, wherein content of the rule is hidden from the first network device; receiving at the first network device, a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on the key received at the second network device from the secure device; and processing the packet, wherein processing comprises using the encrypted rule to inspect the packet and determine if said encrypted subfield in the packet matches said encrypted rule received from the secure device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a processor for receiving from a secure device, an encrypted rule at a first network device, the rule encrypted with a key at the secure device, storing said encrypted rule, wherein content of the rule is hidden at the apparatus, processing a packet containing at least one encrypted subfield from a second network device, said subfield encrypted based on a key received at the second network device from the secure device, and determining if said encrypted subfield matches said encrypted rule; and memory for storing said encrypted rule. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Logic encoded on one or more non-transitory computer readable media for execution and when executed configured to:
-
store an encrypted rule received from a secure device at a first network device, said encrypted rule encrypted with a key at the secure device; store the encrypted rule at the first network device, wherein content of the rule is hidden from the first network device; inspect a packet received from a second network device and containing at least one encrypted subfield, said subfield encrypted based on a key received at the second network device from the secure device; and process the packet to determine if said encrypted subfield matches said encrypted rule received from the secure device. - View Dependent Claims (20)
-
Specification