| 摘要 |
Methods including the steps of: upon sending an IP packet, obtaining, by a sender, a sender identity for a sender of the packet; securely tagging, by a sender, the packet with the sender identity, the packet having a plurality of fixed-length fields concatenated into a single fixed-length virtual field shared between a cryptographic hash and an identity index for supporting multiple distinct identities residing on an IP endpoint; determining, by a receiver, the sender identity by extracting it from the packet; checking, by the receiver, the packet to ensure the packet has been appropriately tagged; and enforcing a security policy, by the receiver, according to the sender identity. Preferably, the step of obtaining includes: accessing, by the sender, a server for obtaining the sender identity; and associating, by the server, the sender identity with the endpoint. Most preferably, the associating is performed using a prefix code for encoding the identities.
|
