Services within reverse proxy servers
US-2016088023-A1 · Mar 24, 2016 · US
Providing policy information on an existing communication channel
US10110496B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10110496-B2 |
| Application number | US-201514674787-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 31, 2015 |
| Priority date | Mar 31, 2015 |
| Publication date | Oct 23, 2018 |
| Grant date | Oct 23, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device may receive or generate a message for routing to a destination on a communication channel. The communication channel may have been established between a source and the destination. The device may perform a first determination of policy information related to at least one of the message, the destination, or the source of the message. The policy information may describe an action for a network device to perform. The device may associate a policy token with the message. The policy token may describe or identify the policy information. The device may provide the message with the associated policy token to the network device on the communication channel to cause the network device to perform a second determination of the policy information based on the policy token, to perform the action described by the policy information, and to provide the message on the communication channel.
First claim
Opening claim text (preview).
What is claimed is: 1. A device, comprising: a memory; and one or more processors to: receive a message for routing to a destination on a communication channel, the device being a first network device, and the communication channel having been established between a source of the message and the destination; determine first policy information related to at least one of the message, the destination, or the source of the message, the first policy information describing a first action for a second network device to perform, and the first policy information being determined based on one or more of: a blacklist that lists one or more of sources or destinations that are to be blocked or banned, a whitelist that lists one or more of sources or destinations that are deemed acceptable, or a graylist the lists one or more of sources or destinations that are subject to a particular rule; associate a first policy token with the message based on the first policy information, the first policy token including information identifying a different device that stores the first policy information for the second network device; and provide the message with the first policy token to the second network device on the communication channel to cause the second network device to request the first policy information from the different device based on the first policy token, second policy information being determined by the second network device after the second network device receives the message with the first policy token, the first policy token being removed by the second network device after the second network device receives the message with the first policy token, a second policy token being associated with the message based on the second policy information, the message being provided with the second policy token by the second network device to a third network device, a second action being performed by the third network device based on the second policy information after the third network device receives the message with the second policy token, and the second action including one of: dropping the message, monitoring the source of the message, quarantining the source of the message, or redirecting traffic to or from the source of the message. 2. The device of claim 1 , where the one or more processors, when receiving the message, are further to: receive first the policy token with the message; and where the one or more processors, when determining the first policy information, are to: determine the first policy information based on the first policy token. 3. The device of claim 1 , where the device is associated with a first network; and where the second network device is associated with a second network, the second network being a network other than the first network. 4. The device of claim 1 , where the one or more processors, when associating the first policy token with the message, are further to: encrypt the first policy token to prevent a malicious party from determining the first policy information; and where the message with the associated first policy token further cause the second network device to decrypt the first policy token. 5. The device of claim 4 , where the encrypting and the decrypting are performed using at least one of: a symmetric-key algorithm, or a public key algorithm. 6. The device of claim 1 , where the one or more processors, when associating the first policy token with the message, are further to: attach the first policy token to the message, or insert the first policy token into a portion of the message. 7. The device of claim 1 , where the first policy token is removed from a header associated with the message. 8. A non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to: receive a message for routing to a destination on a communication channel, the device being a first network device, and the communication channel having been established between a source and the destination; determine first policy information related to the message, the first policy information describing a first action for a second network device to perform, the first policy information being determined based on one or more of: a blacklist that lists one or more of sources or destinations that are to be blocked or banned, a whitelist that lists one or more of sources or destinations that are deemed acceptable, or a graylist the lists one or more of sources or destinations that are subject to a particular rule, and the first policy information describing information related to at least one of the destination or the source; associate, with the message and based on the first policy information, a first policy token that includes information that identifies a different device that stores the first policy information for the second network device; and provide the message and the first policy token to the second network device on the communication channel to permit the second network device to request the first policy information from the different device based on the first policy token, second policy information being determined by the second network device after the second network device receives the message with the first policy token, a second policy token being associated with the message based on the second policy information, the message being provided with the second policy token by the second network device to a third network device, a second action being performed by the third network device based on the second policy information after the third network device receives the message with the second policy token, and the second action including one of: dropping the message, monitoring the source, quarantining the source, or redirecting traffic to or from the source. 9. The non-transitory computer-readable medium of claim 8 , where the device is associated with a first network; and where the second network device is associated with a second network, the second network being a network other than the first network. 10. The non-transitory computer-readable medium of claim 8 , where the one or more instructions, that cause the one or more processors to receive the message, further cause the one or more processors to: receive the first policy token with the message; and where the one or more instructions, that cause the one or more processors to determine the first policy information, further cause the one or more processors to: determine the first policy information based on the first policy token. 11. The non-transitory computer-readable medium of claim 8 , where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: encrypt the first policy token to prevent a malicious party from determining the first policy information; and where the message and the first policy token further cause the second network device to decrypt the first policy token. 12. The non-transitory computer-readable medium of claim 11 , where the encrypting and the decrypting are performed using at least one of: a symmetric-key algorithm, or a public key algorithm. 13. The non-transitory computer-readable medium of claim 8 , where the one or more instructions, that cause the one or more processors to associate the first policy token with the message, further cause the one or more processors to: attach the first policy token to the message, or insert the f
Assignees
Inventors
Classifications
Policy-based network configuration management · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
- H04L47/20Primary
Traffic policing · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
- H04L63/0227Primary
Filtering policies (mail message filtering H04L51/212) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10110496B2 cover?
- A device may receive or generate a message for routing to a destination on a communication channel. The communication channel may have been established between a source and the destination. The device may perform a first determination of policy information related to at least one of the message, the destination, or the source of the message. The policy information may describe an action for a n…
- Who is the assignee on this patent?
- Juniper Networks Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L47/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 23 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).