Firewall Limiting with Third-Party Traffic Classification

摘要

A PCP-aware firewall or other firewall validating a media session using third-party authorization receives more information than just the results of cryptographic token validation. The intent for each media stream of a media session is received from the Authorization Server. The intent may be used to compare to the received traffic of the media session. If the traffic is different than the intended traffic, then the exception to permit the firewall may be closed.

主权项

1. A method comprising:
requesting, by a firewall server from an authorization server, token validation and intent for a 5-tuple of a media session; receiving, by the firewall server from the authorization server, authorization for the media session and the intent for the 5-tuple for the media session; creating, by the firewall server, a policy for the media session, the policy being a function of the intent; monitoring traffic for the media session through the firewall server for a violation of the policy; and blocking the traffic when there is a mismatch between the traffic and the policy.