Session slicing of mirrored packets
US-12184680-B2 · Dec 31, 2024 · US
Adaptation of access rules for a data interchange between a first network and a second network
US2016241597A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016241597-A1 |
| Application number | US-201415024615-A |
| Country | US |
| Kind code | A1 |
| Filing date | Aug 5, 2014 |
| Priority date | Sep 26, 2013 |
| Publication date | Aug 18, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Adapting access rules for a data interchange between a first network and a second network by the second network is provided based on a service-specific integrity information item of the first network, wherein the first network processes data for carrying out a service and the service defines multiple components. A respective integrity status is transmitted for each of the components by each respective component via a communication link within the first network to a management unit of the first network. The service-specific integrity information item is computed based on each respective integrity status by the management unit. The service-specific integrity information item is transmitted by a network access point of the first network to a receiver in the second network for adapting the access rules. Access by the receiver to each respective integrity status is prevented.
First claim
Opening claim text (preview).
1 . A method for adapting access rules for a data interchange between a first network and a second network by the second network based on a service-specific integrity information item of the first network, wherein the first network processes data for carrying out a service and the service defines one or more components, the method comprising: transmitting a respective integrity status of each of the one or more components by each respective component of the one or more components via a communication link within the first network to a management unit (IM) of the first network; computing the service-specific integrity information item based on each respective integrity status by the management unit; and transmitting the service-specific integrity information item by a network access point of the first network to a receiver in the second network for adapting the access rules, wherein access by the receiver to each respective integrity status is prevented. 2 . The method of claim 1 , wherein the service-specific integrity information item provides a service identifier, a domain identifier, an integrity checking code, and/or a time stamp. 3 . The method of claim 1 , wherein the service-specific integrity information item provides a list or a link to a list of the one or more components. 4 . The method of claim 1 , wherein the integrity information item is represented by a value comprising a set of at least two values. 5 . The method of claim 1 , wherein the second network is administrated by a second management unit, wherein the second network is different than the first network. 6 . The method of claim 1 , wherein the number one or more components are computation units comprising at least one processor for carrying out the service within the first network. 7 . The method of claim 1 , wherein a data transmission between the one or more components and a subscriber outside the first network is carried out via a network access point, wherein the network access point limits the data transmission. 8 . The method of claim 1 , wherein the service-specific integrity information item is transmitted as part of an authentication certificate. 9 . The method of claim 1 , wherein the service-specific integrity information item is tied to an authentication certificate via an attribute certificate. 10 . The method of claim 1 , wherein the first network produces an attestation for the service-specific integrity information item based on cryptographic key material. 11 . The method as claimed in claim 10 , wherein the attestation is formed by a cryptographic checksum of the management unit (IM). 12 . The method of claim 10 , wherein the attestation is evaluated by the receiver. 13 . The method of claim 10 , wherein the attestation is produced on the basis of a feature of the second network. 14 . A system for providing a service-specific integrity information item of a first network, wherein the first network can process data for carrying out a service and the service can define one or more components, the system comprising: the one or more components for transmitting a respective integrity status of the one or more components via a communication link in the first network to a management unit (IM) in the first network; the management unit (IM) for computing the service-specific integrity information item on the basis of the respective integrity status(es); a network access point of the first network for providing the service-specific integrity information item for a receiver for adapting an authorization, wherein access by the receiver to the respective integrity status is prevented. 15 . The system of claim 14 , comprising an attestation unit for producing an attestation based on the service-specific integrity information item via cryptographic key material. 16 . The system of claim 14 comprising a certification entity configured to: transmit a respective integrity status for the one or more components by each respective component of the plurality of components via a communication link within the first network to a management unit of the first network; compute the service-specific integrity information item based on each respective integrity status by the management unit; and transmit the service-specific integrity information item by a network access point of the first network to a receiver in the second network for adapting the access rules, wherein access by the receiver to each respective integrity status is prevented. 17 . The method of claim 2 , wherein the service-specific integrity information item provides a list or a link to a list of the plurality of components. 18 . The method of claim 2 , wherein the integrity information item is represented by a value comprising a set of at least two values. 19 . The method of claim 3 , wherein the integrity information item is represented by a value comprising a set of at least two values. 20 . The method of claim 2 , wherein the second network is administrated by a second management unit wherein the second network is different than the first network.
Assignees
Inventors
Classifications
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
for controlling access to devices or network resources · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title
the source of the received data · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016241597A1 cover?
- Adapting access rules for a data interchange between a first network and a second network by the second network is provided based on a service-specific integrity information item of the first network, wherein the first network processes data for carrying out a service and the service defines multiple components. A respective integrity status is transmitted for each of the components by each res…
- Who is the assignee on this patent?
- Siemens Ag
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 18 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).