公开(公告)号：US09178828B2

公开(公告)日：2015-11-03

申请号：US13872008

申请日：2013-04-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Dileep K. Devireddy ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Vina Ermagan ,  Fabio R. Maino ,  Victor Manuel Moreno ,  Paul Quinn

IPC: G06F9/455 ,  H04L12/851

CPC classification number: H04L47/2425 ,  G06F9/45533 ,  G06F2009/45562

Abstract: An example method for service insertion in a network environment is provided in one example and includes configuring a service node by tagging one or more interface ports of a virtual switch function to which the service node is connected with one or more policy identifiers. When data traffic associated with a policy identifier is received on a virtual overlay path the virtual switch function may then terminate the virtual overlay path and direct raw data traffic to the interface port of the service node that is tagged to the policy identifier associated with the data traffic.

Abstract translation: 在一个示例中提供了在网络环境中的服务插入的示例方法，并且包括通过标记服务节点与其连接的虚拟交换机功能的一个或多个接口端口与一个或多个策略标识符来配置服务节点。 当在虚拟覆盖路径上接收到与策略标识符相关联的数据流量时，虚拟交换机功能可以终止虚拟覆盖路径，并将原始数据流直接引导到标记为与数据相关联的策略标识符的服务节点的接口端口 交通。

公开(公告)号：US20150101029A1

公开(公告)日：2015-04-09

申请号：US14570902

申请日：2014-12-15

Applicant: Cisco Technology, Inc.

Inventor： Fabio R. Maino ,  Marco Di Benedetto ,  Claudio Desanti

IPC: H04L29/06

CPC classification number: H04L63/123 ,  H04L9/0838 ,  H04L9/3239 ,  H04L63/12

Abstract: Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.

Abstract translation: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中，或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证，机密性，完整性保护和反重放保护等安全服务。

公开(公告)号：US20150029987A1

公开(公告)日：2015-01-29

申请号：US14485050

申请日：2014-09-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Sateesh K. Addepalli ,  Lillian Lei Dai ,  Flavio Bonomi ,  Xiaoqing Zhu ,  Fabio R. Maino ,  Pere Monclus ,  Rong Pan ,  Preethi Natarajan ,  Vina Ermagan ,  Alexander Loukissas

IPC: H04W72/04 ,  H04W12/06 ,  H04W40/20 ,  H04W48/02 ,  H04W48/18 ,  H04W28/02

CPC classification number: H04W4/046 ,  B60R16/023 ,  B60W50/10 ,  G06F3/017 ,  G06F3/167 ,  G06F9/542 ,  G06F21/45 ,  H04L1/008 ,  H04L29/06578 ,  H04L43/0811 ,  H04L43/0858 ,  H04L43/0876 ,  H04L45/12 ,  H04L51/02 ,  H04L61/2592 ,  H04L63/08 ,  H04L63/107 ,  H04L67/12 ,  H04L67/32 ,  H04L69/18 ,  H04Q9/00 ,  H04W4/00 ,  H04W4/10 ,  H04W8/06 ,  H04W8/08 ,  H04W8/26 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W28/0215 ,  H04W28/06 ,  H04W36/0009 ,  H04W36/08 ,  H04W40/02 ,  H04W40/20 ,  H04W48/02 ,  H04W48/06 ,  H04W48/16 ,  H04W48/18 ,  H04W52/12 ,  H04W52/143 ,  H04W52/225 ,  H04W52/241 ,  H04W52/346 ,  H04W72/0406 ,  H04W72/042 ,  H04W72/0493 ,  H04W76/45 ,  H04W80/02 ,  H04W84/005 ,  H04W84/12 ,  H04W92/18 ,  Y02A30/60

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract translation: 在一个实施例中的方法包括拦截车辆网络环境中的源和接收机之间的车载网络环境的车载单元（OBU）中的消息，验证该消息是从源发送的，验证该消息没有被改变 ，评估与源相关联的一组源流控制策略，以及如果源流控制策略集指示不允许该消息，则阻塞该消息。 在具体实施例中，如果分配给源流控制策略集中的源的访问级别与消息上标记的访问级别不匹配，则不允许该消息。 在另外的实施例中，该方法包括评估与接收器相关联的一组接收器流控制策略，以及如果该组接收器流控制策略指示该消息不被允许，则阻塞该消息。

公开(公告)号：US20140321459A1

公开(公告)日：2014-10-30

申请号：US13872008

申请日：2013-04-26

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Surendra M. Kumar ,  Dileep K. Devireddy ,  Nagaraj A. Bagepalli ,  Abhijit Patra ,  Vina Ermagan ,  Fabio R. Maino ,  Victor Manuel Moreno ,  Paul Quinn

IPC: H04L12/851

CPC classification number: H04L47/2425 ,  G06F9/45533 ,  G06F2009/45562

Abstract: An example method for service insertion in a network environment is provided in one example and includes configuring a service node by tagging one or more interface ports of a virtual switch function to which the service node is connected with one or more policy identifiers. When data traffic associated with a policy identifier is received on a virtual overlay path the virtual switch function may then terminate the virtual overlay path and direct raw data traffic to the interface port of the service node that is tagged to the policy identifier associated with the data traffic.

Abstract translation: 在一个示例中提供了在网络环境中的服务插入的示例方法，并且包括通过标记服务节点与其连接的虚拟交换机功能的一个或多个接口端口与一个或多个策略标识符来配置服务节点。 当在虚拟覆盖路径上接收到与策略标识符相关联的数据流量时，虚拟交换机功能可以终止虚拟覆盖路径，并将原始数据流直接引导到标记为与数据相关联的策略标识符的服务节点的接口端口 交通。