| 发明名称 | Incoming redirection mechanism on a reverse proxy | ||
| 摘要 | A system is provided for filtering packets. The system includes: a filter for determining, by applying a set of at least one filtering rule, whether a packet is permitted to be routed towards a receiving entity. The system includes a verification element for verifying validity of an authentication token included in a request received by the filtering system and adds, to the set, after receiving an initial request, a so-called top-level filtering rule, permitting the routing, towards the verification element, of at least one packet received via a predetermined communication port of the device, in which the source address is identical to the source address of the initial request, regardless of the source communication port of the subsequent request. A routing element routes a subsequent request including a valid authentication token towards a receiving entity of the subsequent request. | ||
| 申请公布号 | US9491141(B2) | 申请公布日期 | 2016.11.08 |
| 申请号 | US201214008813 | 申请日期 | 2012.03.30 |
| 申请人 | ORANGE | 发明人 | Carbou Romain;Bars Remi |
| 分类号 | H04L29/06;H04L29/08;H04L29/12 | 主分类号 | H04L29/06 |
| 代理机构 | Westman Champlin & Koehler, P.A. | 代理人 | Brush David D.;Westman Champlin & Koehler, P.A. |
| 主权项 | 1. A process for filtering packets implemented by a filtering device comprising a filter configured to determine, by application of a set of at least one filtering rule, if a packet is authorized to be routed to a destination entity, the process comprising: a step of generating an authentication token after receipt, by way of a trusted entity, of an initial request from a source entity, which does not include an authentication token; a step of modifying the initial request by insertion of said authentication token into this initial request to form a modified initial request; a step of forming a response to the initial request, to indicate redirection of the modified initial request so that the modified initial request is re-issued without going through the trusted entity; a step of verification of validity of the authentication token in a second redirected request generated from the modified initial request received by the filtering device, and,when said authentication token is valid: a step of adding to said set a second-level filtering rule, authorizing routing of at least one packet to the destination entity if a source entity for this packet is identical to the source entity for said second request; a step of sending of the second request to said filter. | ||
| 地址 | Paris FR | ||