Patent · US Active

Verification of access control list rules provided with a message

US10826815B2 · kind B2 · utility

2Cited by

5References

20Claims

0Family size

Assignee

Barefoot Networks, Inc. · US

Inventors

Changhoon Kim · Palo Alto, US
Jeongkeun Lee · Palo Alto, US
Milad Sharif · Los Altos, US
Robert Soule · Redwood City, US

Key dates

Filing date	Apr 9, 2018
Grant date	Nov 3, 2020
Priority date	—
Expiry date	Apr 9, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L9/0643
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Some embodiments provide a method for a forwarding element (FE) operating in a network of FEs. The method receives a data message with an access control list (ACL) rule and a first digest for the ACL rule appended to the data message. The ACL rule specifies that the packet is allowed to be sent through the network. The method verifies the ACL rule by computing a second digest from the ACL rule using a secret key and comparing the first digest to the second digest. The method determines whether the packet matches the ACL rule by comparing values in headers of the data message to values specified in the ACL rule. The method only forwards the data message if the ACL rule is verified and the packet matches the ACL rule.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.