Network architectures or network communication protocols for network security

HELECTRICITY H04Electric communication H04LTRANSMISSION OF DIGITAL INFORMATION

H04L63/00Network architectures or network communication protocols for network security

H04L63/02for separating internal from external traffic H04L63/0209Architectural arrangements H04L63/0218Distributed architectures H04L63/0227Filtering policies H04L63/0236Filtering by address, protocol, port number or service H04L63/0245Filtering by information in the payload H04L63/0254Stateful filtering H04L63/0263Rule management H04L63/0272Virtual private networks H04L63/0281Proxies H04L63/029Firewall traversal H04L63/04for providing a confidential data exchange among entities communicating through data packet networks H04L63/0407wherein the identity of one or more communicating identities is hidden H04L63/0414during transmission, i.e. party's identity is protected against eavesdropping H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties H04L63/0428wherein the data content is protected H04L63/0435wherein the sending and receiving network entities apply symmetric encryption H04L63/0442wherein the sending and receiving network entities apply asymmetric encryption H04L63/045wherein the sending and receiving network entities apply hybrid encryption H04L63/0457wherein the sending and receiving network entities apply dynamic encryption H04L63/0464using hop-by-hop encryption H04L63/0471applying encryption by an intermediary H04L63/0478applying multiple layers of encryption H04L63/0485Networking architectures for enhanced packet encryption processing H04L63/0492by using a location-limited connection H04L63/06for supporting key management in a packet data network H04L63/061for key exchange H04L63/062for key distribution H04L63/064Hierarchical key distribution H04L63/065for group communications H04L63/067using one-time keys H04L63/068using time-dependent keys H04L63/08for supporting authentication of entities communicating through a packet data network H04L63/0807using tickets H04L63/0815providing single-sign-on or federations H04L63/0823using certificates H04L63/083using passwords H04L63/0838using one-time-passwords H04L63/0846using time-dependent-passwords H04L63/0853using an additional device H04L63/0861using biometrical features H04L63/0869for achieving mutual authentication H04L63/0876based on the identity of the terminal or configuration H04L63/0884by delegation of authentication H04L63/0892by using authentication-authorization-accounting [AAA] servers or protocols H04L63/10for controlling access to network resources H04L63/101Access control lists [ACL] H04L63/102Entity profiles H04L63/104Grouping of entities H04L63/105Multiple levels of security H04L63/107wherein the security policies are location-dependent H04L63/108when the policy decisions are valid for a limited amount of time H04L63/12Applying verification of the received information H04L63/123received data contents H04L63/126the source of the received data H04L63/14for detecting or protecting against malicious traffic H04L63/1408by monitoring network traffic H04L63/1416Event detection H04L63/1425Traffic logging H04L63/1433Vulnerability analysis H04L63/1441Countermeasures against malicious traffic H04L63/145the attack involving the propagation of malware through the network H04L63/1458Denial of Service H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses H04L63/1475Passive attacks H04L63/1483service impersonation H04L63/1491using deception as countermeasure H04L63/16Implementing security features at a particular protocol layer H04L63/162at the data link layer H04L63/164at the network layer H04L63/166at the transport layer H04L63/168above the transport layer H04L63/18using different networks or paths for security H04L63/20for managing network security; network security policies in general H04L63/205involving negotiation or determination of the one or more network security mechanisms to be used H04L63/30for supporting lawful interception, monitoring or retaining of communications or communication related information H04L63/302gathering intelligence information for situation awareness or reconnaissance H04L63/304intercepting circuit switched data communications H04L63/306intercepting packet switched data communications H04L63/308retaining data