WO2006057772B1 - Method and system for including network security information in a frame - Google Patents

Method and system for including network security information in a frame

Info

Publication number
WO2006057772B1
WO2006057772B1 PCT/US2005/039373 US2005039373W WO2006057772B1 WO 2006057772 B1 WO2006057772 B1 WO 2006057772B1 US 2005039373 W US2005039373 W US 2005039373W WO 2006057772 B1 WO2006057772 B1 WO 2006057772B1
Authority
WO
WIPO (PCT)
Prior art keywords
frame
header
security information
information
security
Prior art date
Application number
PCT/US2005/039373
Other languages
French (fr)
Other versions
WO2006057772A1 (en
Inventor
Norman W Finn
Michael R Smith
Original Assignee
Cisco Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc filed Critical Cisco Tech Inc
Priority to EP05821149.1A priority Critical patent/EP1825652B1/en
Publication of WO2006057772A1 publication Critical patent/WO2006057772A1/en
Publication of WO2006057772B1 publication Critical patent/WO2006057772B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities

Abstract

A method and apparatus for including network security information in a frame is disclosed. Network security information (330) is included in a secure portion of overhead of a frame (340). The network security information is configured to facilitate network security. A network device (600) configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.

Claims

WHAT IS CLAIMED IS: 1. A method comprising: determining network security information, wherein the network security information provides information for use in the enforcement of network security; and including the network security information in a secure portion of overhead of a frame.
2. The method of claim 1 , wherein the overhead of the frame includes frame security information, wherein the frame security information is configured to facilitate security of the secure portion of the overhead of the frame,
3. The method of claim 2, wherein the frame; security information comprises at least one of: integrity check information; and encryption information.
4. The method of claim 3, wherein the network security information comprises a user group identifier.
5. The method of claim 3 wherein the network security information comprises a security association field, and the security association field is associated with a user group identifier,
6. The method of claim 2, further comprising: including the frame security information in a header of the frame.
7. The method of claim 6, further comprising: including a frame type field in the header of the frame, wherein the frame type field indicates the frame includes the network security information.
S. The method of claim 6, further comprising: including the network security information at an end of the header of the frame.
9. The method of claim 6, further comprising: including the network security information in the header of the frame; and including a header length field in the header of the frame, wherein a value of the header length field indicates a length of the header of the frame.
10. The method of claim 6, wherein the header of the frame is a media access control security (MACSec) header,
11. The method of claim 10, wherein the overhead of the frame comprises a multi-protocol label switching (MPLS) label, and the MPLS label comprises the network security information.
12. The method of claim 10, wherein the overhead of the frame comprises an 802.1q tag, the 802, 1q tag comprises a virtual local area network (VLAN) identifier, and the VLAN identifier comprises the network security information.
13. The method of claim 10, wherein the overhead of the frame comprises a security header, the security header comprises a security label, and the security label comprises the network security information.
14. The method of claim 13, wherein the security header is an 802.10 header.
15. An apparatus comprising: means for determining network security information, wherein the network security information provides information for use in the enforcement of network security; and means for including the network security information in a secure portion of overhead of a frame.
16. The apparatus of claim 15, wherein the overhead of the frame includes frame security information, wherein the frame security information is configured to facilitate security of the secure portion of the overhead of the frame,
17. The apparatus of claim 16, wherein the frame security information comprises at least one of: integrity check information; and encryption information.
I8. The apparatus of claim 17, wherein the network security information comprises a user group identifier.
19. The apparatus of claim 17, wherein the network security information comprises a security association field, and the security association field is associated with a user group identifier.
20. The apparatus of claim 16, further comprising: means for including the frame security information in a header of the frame.
21. The apparatus of claim 20, further comprising: means for including a frame type field in the header of the frame, wherein the frame type field indicates the frame includes the network security information.
22. The apparatus of claim 20, further comprising: means for including the network security informatioii at an end of the header of the frame.
23. The apparatus of claim 20, further comprising: means for including the network securiiy information in the header of the frame; and means for including a header length field in the header of the frame, wherein a value of the header length, field indicates a length of the header of the frame.
24. The apparatus of claim 20, wherein the header of the frame is a media access control security (MACSec) header.
25. The apparatus of claim 24, wherein the overhead of the frame comprises a multi-protocol label switching (MPLS) label, and the MPLS label comprises the network security information.
26. The apparatus of claim 24, wherein the overhead of the frame comprises an 802.1q tag, the 802.1q tag comprises a virtual local area network (VLAN) identifier, and the VLAN identifier comprises the network security information. 27. The apparatus of claim 24, wherein the overhead of the frame comprises a security header, the security header comprises a security label, and the security label comprises the network security information.
28. The apparatus of claim 27, wherein the security header is an 802, 10 header.
29. A computer program product, comprising; a first set of instructions, executable on a computer system, configured to determine network security information, wherein the network security information provides information for use in the enforcement of network security; a second set of instructions, executable on the computer system, configured to include the network security information in a secure portion of overhead of a frame ; and computer readable media, wherein the computer program product is encoded in the computer readable media.
30. The computer program product of claim 29, wherein the overhead of the frame includes frame security information, wherein the frame security information is configmed to facilitate security of the secure portion of the overhead of the frame,
31, The computer program product of claim 30, wherein the frame security information comprises at least one of: integrity check information; and encryption information.
32. The computer program product of claim 31 , wherein the network security information comprises a user group identifier.
33. The computer program product of claim 31, wherein the network security information comprises a security association field, and the security association field is associated with a user group identifier. the security label comprises the network security information.
42. The computer program product of claim 41 , wherein the security header is an 802.10 header.
43. An apparatus comprising: a network device configured to process a frame by virtue of being configured to process frame security information and network security information, wherein the frame comprises: the frame security information, wherein the frame security information provides information for use in securing a portion of overhead of the frame, and the network security information, wherein the network security information is located in the portion of the overhead of the frame and provides information for use in the enforcement of network security.
44. The apparatus of claim 43, wherein the overhead of the frame includes the frame security information, wherein the frame security information is configured to facilitate security of a secure portion of the overhead of the frame.
45. The apparatus of claim 44, wherein the frame security information comprises at least one of: integrity check information; and encryption information.
46. The apparatus of claim 45, wherein the network security information comprises a user group identifier.
47. The apparatus of claim 45, wherein the network security information comprises a security association field, and the security association field is associated with a user group identifier.
48. The apparatus of claim 44, wherein a header of the frame comprises the frame security information. 49, The apparatus of claim 48, wherein the header of the frame comprises a frame type field, and the frame type field indicates the frame includes the network security information.
50. The apparatus of claim 48, wherein an end of the header of the frame comprises the network security information.
51. The apparatus of claim 48, wherein the header of the frame comprises: the network security information, and a header length field in the header of the frame, wherein a value of the header length field indicates a length of the header of the frame.
52. The apparatus of claim 48, wherein the header of the frame is a media access control security (MACSec) header.
53. The apparatus of claim 52, wherein the overhead of the frame comprises a multi-protocol label switching (MPLS) label, and the MPLS label comprises the network security information.
54. The apparatus of claim 52, wherein the overhead of the frame comprises an 802.1 q tag, the 802.1q tag comprises a virtual local area network (VLAN) identifier, and the VLAN identifier comprises the network; securiry information.
55. The apparatus of claim 52, wherein the overhead of the frame comprises an 802.10 header, the 802.10 header comprises a security label, and the security label comprises the network security information.
56. A method comprising: obtaining a user group identifier; and including the user group identifier in overhead of a frame, wherein The user group identifier provides information for use in the enforcement of network security by identifying a security group of a source of the frame. 57. The method of claim 56, wherein the user group identifier is included at an end of a header of the frame.
58. The method of claim 56, wherein the overhead of the frame comprises: a source address, a destination address, and at least one of: integrity check information, and encryption information.
59. The method of claim 58, further comprising: including a frame type field in the overhead of the frame, wherein the frame type field indicates die frame includes the user group identifier.
60. The method of claim 58, further comprising; including the user group identifier in a header of the frame; and including a header length field in the header of the frame, wherein a value of the header length field indicates a length of the header of the frame.
6 L An apparatus comprising: a network device configured to process a frame comprising frame overhead by virtue of being configured to process a source address, a destination address and a user group identifier, wherein the frame overhead comprises: the source address, the destination address, and the user group identifier.
62. The apparatus of claim 51, wherein the frame overhead further comprises a frame header, and the user group identifier is included at an end of the frame header.
63. The apparatus of claim 61, wherein the frame overhead further comprises at least one of: integrity check information, and encryption information.
64. The apparatus of claim 63, wherein the frame overhead further comprises a frame type field, wherein the frame type field indicates the frame includes the user group identifier,
65. The apparatus of claim 61 , further comprising; including the user group identifier in a header of the frame; and including a header length field in the header of the frame, wherein a value of the header length field indicates a length of the header of the frame.
PCT/US2005/039373 2004-11-23 2005-10-31 Method and system for including network security information in a frame WO2006057772A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05821149.1A EP1825652B1 (en) 2004-11-23 2005-10-31 Method and system for including network security information in a frame

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/996,101 US7721323B2 (en) 2004-11-23 2004-11-23 Method and system for including network security information in a frame
US10/996,101 2004-11-23

Publications (2)

Publication Number Publication Date
WO2006057772A1 WO2006057772A1 (en) 2006-06-01
WO2006057772B1 true WO2006057772B1 (en) 2006-08-10

Family

ID=35976488

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/039373 WO2006057772A1 (en) 2004-11-23 2005-10-31 Method and system for including network security information in a frame

Country Status (3)

Country Link
US (3) US7721323B2 (en)
EP (1) EP1825652B1 (en)
WO (1) WO2006057772A1 (en)

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7567510B2 (en) * 2003-02-13 2009-07-28 Cisco Technology, Inc. Security groups
US8862866B2 (en) 2003-07-07 2014-10-14 Certicom Corp. Method and apparatus for providing an adaptable security level in an electronic communication
US8245279B2 (en) 2003-08-19 2012-08-14 Certicom Corp. Method and apparatus for synchronizing an adaptable security level in an electronic communication
US7530112B2 (en) 2003-09-10 2009-05-05 Cisco Technology, Inc. Method and apparatus for providing network security using role-based access control
US7836490B2 (en) 2003-10-29 2010-11-16 Cisco Technology, Inc. Method and apparatus for providing network security using security labeling
US7669244B2 (en) 2004-10-21 2010-02-23 Cisco Technology, Inc. Method and system for generating user group permission lists
US7877796B2 (en) 2004-11-16 2011-01-25 Cisco Technology, Inc. Method and apparatus for best effort propagation of security group information
US7721323B2 (en) 2004-11-23 2010-05-18 Cisco Technology, Inc. Method and system for including network security information in a frame
US7886145B2 (en) * 2004-11-23 2011-02-08 Cisco Technology, Inc. Method and system for including security information with a packet
US7827402B2 (en) 2004-12-01 2010-11-02 Cisco Technology, Inc. Method and apparatus for ingress filtering using security group information
KR100675837B1 (en) * 2004-12-13 2007-01-29 한국전자통신연구원 Fast-GCM-AES block encoding apparatus and method
US7620974B2 (en) * 2005-01-12 2009-11-17 Symantec Distributed traffic scanning through data stream security tagging
CA2644015C (en) * 2006-04-13 2016-10-18 Certicom Corp. Method and apparatus for providing an adaptable security level in an electronic communication
US7729276B2 (en) * 2006-11-29 2010-06-01 Broadcom Corporation Method and system for tunneling MACSec packets through non-MACSec nodes
US20080022388A1 (en) * 2006-06-30 2008-01-24 Karanvir Grewal Method and apparatus for multiple inclusion offsets for security protocols
US20080002724A1 (en) * 2006-06-30 2008-01-03 Karanvir Grewal Method and apparatus for multiple generic exclusion offsets for security protocols
US7853691B2 (en) * 2006-11-29 2010-12-14 Broadcom Corporation Method and system for securing a network utilizing IPsec and MACsec protocols
US7886143B2 (en) * 2006-11-30 2011-02-08 Broadcom Corporation Multi-data rate cryptography architecture for network security
US8010801B2 (en) * 2006-11-30 2011-08-30 Broadcom Corporation Multi-data rate security architecture for network security
US8112622B2 (en) * 2006-12-08 2012-02-07 Broadcom Corporation Chaining port scheme for network security
US8356333B2 (en) * 2006-12-12 2013-01-15 Bespoke Innovations Sarl System and method for verifying networked sites
US7840708B2 (en) 2007-08-13 2010-11-23 Cisco Technology, Inc. Method and system for the assignment of security group information using a proxy
US9218469B2 (en) 2008-04-25 2015-12-22 Hewlett Packard Enterprise Development Lp System and method for installing authentication credentials on a network device
US20090271852A1 (en) * 2008-04-25 2009-10-29 Matt Torres System and Method for Distributing Enduring Credentials in an Untrusted Network Environment
US8484705B2 (en) * 2008-04-25 2013-07-09 Hewlett-Packard Development Company, L.P. System and method for installing authentication credentials on a remote network device
US8700891B2 (en) * 2008-05-09 2014-04-15 Broadcom Corporation Preserving security association in MACsec protected network through VLAN mapping
US20100088399A1 (en) * 2008-10-03 2010-04-08 Yoel Gluck Enterprise security setup with prequalified and authenticated peer group enabled for secure DHCP and secure ARP/RARP
US8848904B2 (en) * 2008-10-24 2014-09-30 University Of Maryland, College Park Method and implementation for information exchange using Markov models
US8121993B2 (en) * 2009-10-28 2012-02-21 Oracle America, Inc. Data sharing and recovery within a network of untrusted storage devices using data object fingerprinting
CN102263774B (en) 2010-05-24 2014-04-16 杭州华三通信技术有限公司 Method and device for processing source role information
US20130266018A1 (en) * 2010-12-27 2013-10-10 Yuta Ashida Communication system and communication method
JP5442877B2 (en) * 2010-12-28 2014-03-12 三洋電機株式会社 Terminal device
US9019837B2 (en) * 2013-02-19 2015-04-28 Cisco Technology, Inc. Packet modification to facilitate use of network tags
US9866339B1 (en) * 2013-10-24 2018-01-09 Marvell Israel (M.I.S.L) Ltd. Method and apparatus for securing clock synchronization in a network
US9992202B2 (en) * 2015-02-28 2018-06-05 Aruba Networks, Inc Access control through dynamic grouping
US10516998B2 (en) * 2017-01-19 2019-12-24 Hewlett Packard Enterprise Development Lp Wireless network authentication control
US20210092103A1 (en) * 2018-10-02 2021-03-25 Arista Networks, Inc. In-line encryption of network data
US11689453B2 (en) * 2021-03-29 2023-06-27 Cisco Technology, Inc. Layer 2 virtual private network traffic steering over optical transport networks
CN116600022A (en) * 2023-07-17 2023-08-15 成都数维通信技术有限公司 Construction method of universal industrial control network communication protocol

Family Cites Families (89)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4922486A (en) 1988-03-31 1990-05-01 American Telephone And Telegraph Company User to network interface protocol for packet communications networks
US5017917A (en) 1988-12-30 1991-05-21 At&T Bell Laboratories Restriction of communication service accessibility among subscriber communities
US5113442A (en) 1989-03-06 1992-05-12 Lachman Associates, Inc. Method and apparatus for providing access control in a secure operating system
US5204961A (en) 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5251205A (en) 1990-09-04 1993-10-05 Digital Equipment Corporation Multiple protocol routing
DE69427347T2 (en) * 1994-08-15 2001-10-31 Ibm Process and system for improved access control based on the roles in distributed and centralized computer systems
US5615264A (en) * 1995-06-08 1997-03-25 Wave Systems Corp. Encrypted data package record for use in remote transaction metered data system
US5941947A (en) 1995-08-18 1999-08-24 Microsoft Corporation System and method for controlling access to data entities in a computer network
JP3688830B2 (en) 1995-11-30 2005-08-31 株式会社東芝 Packet transfer method and packet processing apparatus
US5787427A (en) 1996-01-03 1998-07-28 International Business Machines Corporation Information handling system, method, and article of manufacture for efficient object security processing by grouping objects sharing common control access policies
US6272538B1 (en) 1996-07-30 2001-08-07 Micron Technology, Inc. Method and system for establishing a security perimeter in computer networks
US6023765A (en) 1996-12-06 2000-02-08 The United States Of America As Represented By The Secretary Of Commerce Implementation of role-based access control in multi-level secure systems
US6292900B1 (en) * 1996-12-18 2001-09-18 Sun Microsystems, Inc. Multilevel security attribute passing methods, apparatuses, and computer program products in a stream
US5845068A (en) 1996-12-18 1998-12-01 Sun Microsystems, Inc. Multilevel security port methods, apparatuses, and computer program products
US6212558B1 (en) 1997-04-25 2001-04-03 Anand K. Antur Method and apparatus for configuring and managing firewalls and security devices
US6088659A (en) 1997-09-11 2000-07-11 Abb Power T&D Company Inc. Automated meter reading system
US5968177A (en) 1997-10-14 1999-10-19 Entrust Technologies Limited Method and apparatus for processing administration of a secured community
US6014666A (en) 1997-10-28 2000-01-11 Microsoft Corporation Declarative and programmatic access control of component-based server applications using roles
US6202066B1 (en) 1997-11-19 2001-03-13 The United States Of America As Represented By The Secretary Of Commerce Implementation of role/group permission association using object access type
US6052456A (en) * 1997-12-23 2000-04-18 Alcatel Usa Sourcing, L.P. Graphical shelf navigator for a telecommunications switch management system
US6233618B1 (en) 1998-03-31 2001-05-15 Content Advisor, Inc. Access control of networked data
US6449643B1 (en) 1998-05-14 2002-09-10 Nortel Networks Limited Access control with just-in-time resource discovery
US6304973B1 (en) 1998-08-06 2001-10-16 Cryptek Secure Communications, Llc Multi-level security network system
US6292798B1 (en) 1998-09-09 2001-09-18 International Business Machines Corporation Method and system for controlling access to data resources and protecting computing system resources from unauthorized access
US6289462B1 (en) 1998-09-28 2001-09-11 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6405259B1 (en) 1998-12-08 2002-06-11 International Business Machines Corporation Data processing system and method for transmission of a network packet specifying a group identifier identifying a selected plurality of clients
US6160651A (en) * 1999-01-25 2000-12-12 Telcordia Technologies, Inc. Optical layer survivability and security system using optical label switching and high-speed optical header reinsertion
US6973057B1 (en) 1999-01-29 2005-12-06 Telefonaktiebolaget L M Ericsson (Publ) Public mobile data communications network
US7881477B2 (en) 1999-02-05 2011-02-01 Avaya Inc. Method for key distribution in a hierarchical multicast traffic security system for an internetwork
US6678827B1 (en) * 1999-05-06 2004-01-13 Watchguard Technologies, Inc. Managing multiple network security devices from a manager device
US6754214B1 (en) * 1999-07-19 2004-06-22 Dunti, Llc Communication network having packetized security codes and a system for detecting security breach locations within the network
US6711172B1 (en) 1999-08-02 2004-03-23 Nortel Networks Corp. Network packet routing
US7072343B1 (en) 1999-09-27 2006-07-04 Cisco Technology, Inc. Methods and apparatus for controlling a data stream using a host agent acting on behalf of a host computer
US7023863B1 (en) * 1999-10-29 2006-04-04 3Com Corporation Apparatus and method for processing encrypted packets in a computer network device
US7000120B1 (en) * 1999-12-23 2006-02-14 Nokia Corporation Scheme for determining transport level information in the presence of IP security encryption
US6985948B2 (en) 2000-03-29 2006-01-10 Fujitsu Limited User's right information and keywords input based search query generating means method and apparatus for searching a file
US20020026592A1 (en) 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
CA2416092C (en) * 2000-07-14 2011-01-04 Irdeto Access B.V. Secure packet-based data broadcasting architecture
JP2002077213A (en) * 2000-09-05 2002-03-15 Hitachi Kokusai Electric Inc System for accessing subscriber's radio
US6823462B1 (en) * 2000-09-07 2004-11-23 International Business Machines Corporation Virtual private network with multiple tunnels associated with one group name
EP1209644A1 (en) 2000-11-23 2002-05-29 Telefonaktiebolaget L M Ericsson (Publ) Traffic management system including a layered management structure
JP4183379B2 (en) * 2000-11-27 2008-11-19 富士通株式会社 Network and edge router
US7032243B2 (en) 2000-12-15 2006-04-18 Hewlett-Packard Development Company, L.P. System and method for a group-based network access control for computer
US7284271B2 (en) 2001-03-14 2007-10-16 Microsoft Corporation Authorizing a requesting entity to operate upon data structures
US7136374B1 (en) 2001-03-19 2006-11-14 Juniper Networks, Inc. Transport networks supporting virtual private networks, and configuring such networks
US7380271B2 (en) 2001-07-12 2008-05-27 International Business Machines Corporation Grouped access control list actions
US7207062B2 (en) 2001-08-16 2007-04-17 Lucent Technologies Inc Method and apparatus for protecting web sites from distributed denial-of-service attacks
US7207061B2 (en) * 2001-08-31 2007-04-17 International Business Machines Corporation State machine for accessing a stealth firewall
JP2003110609A (en) * 2001-09-28 2003-04-11 Fujitsu Ltd Communication apparatus
US8713185B2 (en) 2001-12-07 2014-04-29 Rockstar Bidco, LP Methods of establishing virtual circuits and of providing a virtual private network service through a shared network, and provider edge device for such network
US7591020B2 (en) * 2002-01-18 2009-09-15 Palm, Inc. Location based security modification system and method
US7743415B2 (en) 2002-01-31 2010-06-22 Riverbed Technology, Inc. Denial of service attacks characterization
US7574735B2 (en) * 2002-02-13 2009-08-11 Nokia Corporation Method and network element for providing secure access to a packet data network
US7895643B2 (en) * 2002-03-16 2011-02-22 Trustedflow Systems, Inc. Secure logic interlocking
US7185365B2 (en) * 2002-03-27 2007-02-27 Intel Corporation Security enabled network access control
US20030196108A1 (en) 2002-04-12 2003-10-16 Kung Kenneth C. System and techniques to bind information objects to security labels
US8910241B2 (en) * 2002-04-25 2014-12-09 Citrix Systems, Inc. Computer security system
US7284269B2 (en) 2002-05-29 2007-10-16 Alcatel Canada Inc. High-speed adaptive structure of elementary firewall modules
US7548541B2 (en) * 2002-06-04 2009-06-16 Alcatel-Lucent Usa Inc. Managing VLAN traffic in a multiport network node using customer-specific identifiers
US7415723B2 (en) * 2002-06-11 2008-08-19 Pandya Ashish A Distributed network security system and a hardware processor therefor
US7594262B2 (en) 2002-09-04 2009-09-22 Secure Computing Corporation System and method for secure group communications
KR100933167B1 (en) * 2002-10-02 2009-12-21 삼성전자주식회사 Transmission Method for Authentication and Privacy Guarantee in Tree-structured Networks
US7350077B2 (en) * 2002-11-26 2008-03-25 Cisco Technology, Inc. 802.11 using a compressed reassociation exchange to facilitate fast handoff
US7417950B2 (en) 2003-02-03 2008-08-26 Ciena Corporation Method and apparatus for performing data flow ingress/egress admission control in a provider network
US7567510B2 (en) 2003-02-13 2009-07-28 Cisco Technology, Inc. Security groups
US7434045B1 (en) * 2003-04-21 2008-10-07 Cisco Technology, Inc. Method and apparatus for indexing an inbound security association database
US20040223497A1 (en) * 2003-05-08 2004-11-11 Onvoy Inc. Communications network with converged services
US7397922B2 (en) 2003-06-27 2008-07-08 Microsoft Corporation Group security
US20040268123A1 (en) * 2003-06-27 2004-12-30 Nokia Corporation Security for protocol traversal
EP1665622A2 (en) 2003-08-19 2006-06-07 General Dynamics-Advanced Information Systems, Inc. Trusted interface unit (tiu) and method of making and using the same
US7530112B2 (en) 2003-09-10 2009-05-05 Cisco Technology, Inc. Method and apparatus for providing network security using role-based access control
US7519986B2 (en) * 2003-10-01 2009-04-14 Tara Chand Singhal Method and apparatus for network security using a router based authentication system
US7836490B2 (en) 2003-10-29 2010-11-16 Cisco Technology, Inc. Method and apparatus for providing network security using security labeling
US8146148B2 (en) * 2003-11-19 2012-03-27 Cisco Technology, Inc. Tunneled security groups
US7568098B2 (en) * 2003-12-02 2009-07-28 Microsoft Corporation Systems and methods for enhancing security of communication over a public network
US7624431B2 (en) * 2003-12-04 2009-11-24 Cisco Technology, Inc. 802.1X authentication technique for shared media
US20050177717A1 (en) 2004-02-11 2005-08-11 Grosse Eric H. Method and apparatus for defending against denial on service attacks which employ IP source spoofing
US20050190758A1 (en) 2004-03-01 2005-09-01 Cisco Technology, Inc. Security groups for VLANs
US7882544B2 (en) 2004-07-12 2011-02-01 International Business Machines Corporation Inherited role-based access control system, method and program product
US7660259B1 (en) * 2004-10-20 2010-02-09 Extreme Networks, Inc. Methods and systems for hybrid hardware- and software-base media access control (MAC) address learning
US7669244B2 (en) * 2004-10-21 2010-02-23 Cisco Technology, Inc. Method and system for generating user group permission lists
US7877796B2 (en) 2004-11-16 2011-01-25 Cisco Technology, Inc. Method and apparatus for best effort propagation of security group information
US7886145B2 (en) 2004-11-23 2011-02-08 Cisco Technology, Inc. Method and system for including security information with a packet
US7721323B2 (en) * 2004-11-23 2010-05-18 Cisco Technology, Inc. Method and system for including network security information in a frame
US7827402B2 (en) * 2004-12-01 2010-11-02 Cisco Technology, Inc. Method and apparatus for ingress filtering using security group information
EP1898848B1 (en) 2005-05-18 2010-11-24 GT Urological, LLC Drug elution for implantable incontinence devices
US7437755B2 (en) * 2005-10-26 2008-10-14 Cisco Technology, Inc. Unified network and physical premises access control server
US7506102B2 (en) * 2006-03-28 2009-03-17 Cisco Technology, Inc. Method and apparatus for local access authorization of cached resources
US7840708B2 (en) * 2007-08-13 2010-11-23 Cisco Technology, Inc. Method and system for the assignment of security group information using a proxy

Also Published As

Publication number Publication date
EP1825652A1 (en) 2007-08-29
US20150106896A1 (en) 2015-04-16
US20100223657A1 (en) 2010-09-02
WO2006057772A1 (en) 2006-06-01
US9461979B2 (en) 2016-10-04
US7721323B2 (en) 2010-05-18
US8561140B2 (en) 2013-10-15
US20060112431A1 (en) 2006-05-25
EP1825652B1 (en) 2016-07-27

Similar Documents

Publication Publication Date Title
WO2006057772B1 (en) Method and system for including network security information in a frame
SG159534A1 (en) System and method for providing client identifying information to a server
CA2600304A1 (en) Method and apparatus for providing congestion and travel time information to users
CN110113345A (en) A method of the assets based on Internet of Things flow are found automatically
CN107241186A (en) Application signature is generated and distributed
ATE481796T1 (en) METHOD AND DEVICE OF AN ETHERNET FOR RUNNING ATM CELLS
WO2006133218A3 (en) Asp for web analytics including a real-time segmentation workbench
WO2005109197A3 (en) Resource manager for clients in an information distribution system
JP2009500659A5 (en)
WO2003036845A3 (en) System and method for controlling transmission of data packets over an information network
WO2000052896A3 (en) Method and apparatus for managing a network flow in a high performance network interface
WO2008020430A3 (en) Voice over ip forwarding
WO2007044984A3 (en) Identity-based networking
GB0420025D0 (en) System, method and apparatus for use in monitoring or controlling internet access
FR2893165B1 (en) IDENTIFICATION OF RADIOFREQUENCY LABEL
HK1146341A1 (en) Method, apparatus and system for mobility management and efficient information retrieval in a communications network
DE602004021299D1 (en) Device and system for recognizing the user location
DE602007009311D1 (en) METHOD FOR CREATING FRAMES FOR MANAGING AND MAINTAINING ETHERNET / TMPLS HYBRID NETWORKING
CN103023779B (en) A kind of data message processing method and device
DE60235266D1 (en) METHOD AND DEVICE FOR STORING SUBSCRIBER DATA
AU2016601A (en) Method and system for frame and protocol classification
CN102739665B (en) Method for realizing network virtual security domain
CN104574982B (en) A kind of vehicle Reconnaissance system and its methods of investigation
TW200519731A (en) Method, system, and program for constructing a packet
CN107493235A (en) A kind of method and apparatus of fast-forwarding message

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KN KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2005821149

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2005821149

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005821149

Country of ref document: EP