NETWORK SERVICE HEADER USED TO RELAY AUTHENTICATED SESSION INFORMATION

US 20170222998A1
Filed: 02/03/2016
Published: 08/03/2017
Est. Priority Date: 02/03/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a packet at a first node, whereinthe packet is received from a first client node;

authenticating the packet, whereinthe authenticating comprises determining whether a session has been established for the first client node;

setting a value in a header of the packet, whereinthe value indicates that the packet is authenticated; and

forwarding the packet to a second node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a system, method, and computer program product are disclosed for authenticating a packet received from a client node, storing the results of the authentication in a cache memory of a service classifier node, and including the results of the authentication in a network service header of a packet before forwarding the packet to downstream service nodes. In one embodiment, the initial authentication is performed in conjunction with an authentication node.

9 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a packet at a first node, whereinthe packet is received from a first client node;
  
  authenticating the packet, whereinthe authenticating comprises determining whether a session has been established for the first client node;
  
  setting a value in a header of the packet, whereinthe value indicates that the packet is authenticated; and
  
  forwarding the packet to a second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - establishing a session related to the first client node, whereinthe session comprises information about the first client node.
  - 3. The method of claim 2, further comprising:
    - storing an indication as an entry in a memory, whereinthe entry indicates that the first client node is authenticated.
  - 4. The method of claim 3, wherein the authenticating comprises:
    - in response to determining that the session has been established for the first client node, authenticating the packet based, at least in part, on the entry in the memory.
  - 5. The method of claim 1, wherein the authenticating comprises:
    - forwarding the packet to an authentication server, andin response to the forwarding, receiving an indication from the authentication server.
  - 6. The method of claim 1, wherein the forwarding comprises:
    - determining a service path associated with the packet, wherein the determining is performed prior to the forwarding.
  - 7. The method of claim 1, whereinthe second node is a service node.

8. A system comprising:
- a first node and a second node, whereinthe first node is configured toreceive a first packet, whereinthe packet is received from a first client node,authenticate the packet, whereinthe authentication of the packet comprises determining whether a session has been established for the first client node,set a value in a header of the packet, whereinthe value indicates that the packet is authenticated, and forward the packet to the second node.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the first node is further configured to:
    - establish a session related to the first client node, whereinthe session comprises information about the first client node.
  - 10. The system of claim 9, wherein the first node is further configured to:
    - store an indication as an entry in a memory, whereinthe entry indicates that the first client node is authenticated.
  - 11. The system of claim 10, wherein the authentication of the packet comprises:
    - in response to determining that the session has been established for the first client node, authenticating the packet based, at least in part, on the entry in the memory.
  - 12. The system of claim 8, wherein the first node is further configured to:
    - forward the packet to an authentication server, andin response to forwarding the packet to the authentication server, receive an indication from the authentication server.
  - 13. The system of claim 8, wherein the forwarding comprises:
    - determining a service path associated with the packet, wherein the determining is performed prior to the forwarding.
  - 14. The system of claim 8, whereinthe second node is a service node.

15. A computer program product comprising:
- a plurality of program instructions, comprisinga first set of instructions, executable on a computer system, configured toreceive a first packet, whereinthe packet is received from a first client node;
  
  a second set of instructions, executable on the computer system, configured toauthenticate the packet, whereinauthentication of the packet comprises determining whether a session has been established for the first client node, andset a value in a header of the packet, whereinthe value indicates that the packet is authenticated;
  
  a third set of instructions, executable on the computer system, configured to forward the packet to a second node; and
  
  a non-transitory computer-readable storage medium, wherein the instructions are encoded in the non-transitory computer-readable storage medium.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the plurality of program instructions further comprise:
    - a fourth set of instructions, executable on the computer system, configured toestablish a session related to the first client node, whereinthe session comprises information about the first client node.
  - 17. The computer program product of claim 16, wherein the plurality of program instructions further comprise:
    - a fifth set of instructions, executable on the computer system, configured tostore an indication as an entry in a memory, whereinthe entry indicates that the first client node is authenticated.
  - 18. The computer program product of claim 17, wherein the second set of instructions are further configured to:
    - in response to determining that the session has been established for the first client node, authenticate the packet based, at least in part, on the entry in the memory.
  - 19. The computer program product of claim 15, wherein the plurality of program instructions further comprise:
    - a sixth set of instructions, executable on the computer system, configured toforward the packet to an authentication server, andin response to forwarding the packet to the authentication server, receive an indication from the authentication server.
  - 20. The computer program product of claim 15, whereinthe second node is a service node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Stites, Steven, Patil, Prashanth

Granted Patent

US 10,237,257 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 69/22   Parsing or analysis of headers

NETWORK SERVICE HEADER USED TO RELAY AUTHENTICATED SESSION INFORMATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

NETWORK SERVICE HEADER USED TO RELAY AUTHENTICATED SESSION INFORMATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links