1. A method comprising:
receiving at an egress network device a packet that includes a security group tag identifying a security group designation classifying the packet, the security group designation corresponding to a group of source nodes, and the security group designation providing a mechanism for associating the group of source nodes to a group of destination nodes that the group of source nodes is destinations and a set of sources authorized to access, wherein the group of source nodes and the group of destination nodes are members of a same private network,
wherein the egress network device is located at a first edge of a cloud of network devices and an ingress network device is located at a second edge of such cloud, and
wherein the security group tag was applied to said packet at the ingress network device;
determining at the egress network device, based at least in part on the security group tag, to forward the packet to a destination device; and
forwarding the packet to the destination device based on the determination to forward such packet based at least in part on the security group tag.
2. The method of claim 1, wherein the packet is forwarded between the ingress and egress network devices without referring to the security group tag.
3. The method of claim 1, wherein at least a portion of said packet has at least one cryptographic technique applied to it to support one or more of data integrity, entity authentication, data origin authentication, or data confidentiality.
4. The method of claim 1, wherein one or more cryptographic techniques are applied to said packet at the ingress network device andor the egress network device.
5. The method of claim 1, wherein at least a portion of said packet has a digital signature scheme applied to it, so as to provide one or more of entity authentication, data origin authentication or non-repudiation.
6. The method of claim 1, wherein the determining whether said packet should be transmitted to the destination device comprises the use of logic, such logic providing rules regarding allowed transmissions of packets.
7. The method of claim 1, wherein packets originating from client devices are classified with a client security group designation, and packets originating from servers are classified with a server security group designation;
wherein it is determined that packets with the client security group designation should not be transmitted to clients; and it is determined that packets with the server security group designation should be transmitted to clients; and
wherein it is determined that packets with the server security group designation should be transmitted to either clients or servers.
8. The method of claim 1, wherein said packet is classified with the security group designation based at least in part on a clearance level andor role assigned to the source of said packet; and
wherein the determining whether said packet should be transmitted to the destination device is based at least in part on logic, such logic allowing only packets with security group designations associated with certain roles andor clearance levels to be transmitted to particular destinations.
9. The method of claim 8, wherein the clearance level andor role assigned to a host in an enterprise network is based at least in part on whether the host is a client or a server, a guest or a regular user, an authenticated or unauthenticated device, andor a secured or unsecured device.
10. An egress network device, the egress network device arranged at a first edge of a cloud of network devices and an ingress network device located at a second edge of such cloud, comprising:
memory,
a plurality of ports, and
a processor, the processor configured to:
receive at the egress network device a packet that includes a security group tag identifying a security group designation classifying the packet, the security group designation corresponding to a group of source nodes, and the security group designation providing a mechanism for associating the group of source nodes to a group of destination nodes that the group of source nodes is destinations and a set of sources authorized to access, wherein the group of source nodes and the group of destination nodes are members of a same private network,
wherein the security group tag was applied to said packet at the ingress network device;
determine at the egress network device, based at least in part on the security group tag, to forward the packet to a destination device; and
forward the packet to the destination device based on the determination to forward such packet based at least in part on the security group tag.
11. The egress network device of claim 10, wherein the packet is forwarded between the ingress and egress network devices without referring to the security group tag.
12. The egress network device of claim 10, wherein at least a portion of said packet has at least one cryptographic technique applied to it to support one or more of data integrity, entity authentication, data origin authentication, or data confidentiality.
13. The egress network device of claim 10, wherein one or more cryptographic techniques are applied to said packet at the ingress network device andor the egress network device.
14. The egress network device of claim 10, wherein at least a portion of said packet has at least one cryptographic technique applied to it, so as to provide one or more of data integrity, entity authentication, data origin authentication, or data confidentiality.
15. The egress network device of claim 10, wherein the processor is further configured such that the determining whether said packet should be transmitted to the destination device comprises the use of logic, such logic providing rules regarding allowed transmissions of packets.
16. The egress network device of claim 10, wherein packets originating from client devices are classified with a client security group designation, and packets originating from servers are classified with a server security group designation;
wherein the processor is further configured such that it is determined that packets with the client security group designation should not be transmitted to clients; and it is determined that packets with the server security group designation should be transmitted to clients; and
wherein the processor is further configured such that it is determined that packets with the server security group designation should be transmitted to either clients or servers.
17. The egress network device of claim 10, wherein said packet is classified with the security group designation based at least in part on a clearance level andor role assigned to the source of said packet; and
wherein the processor is further configured such that determining whether said packet should be transmitted to the destination device is based at least in part on logic, such logic allowing only packets with security group designations associated with certain roles andor clearance levels to be transmitted to particular destinations.
18. The egress network device of claim 17, wherein the clearance level andor role assigned to a host in an enterprise network is based at least in part on whether the host is a client or a server, a guest or a regular user, an authenticated or unauthenticated device, andor a secured or unsecured device.
19. An apparatus comprising:
means for receiving at an egress network device a packet that includes a security group tag identifying a security group designation classifying the packet, the security group designation corresponding to a group of source nodes, and the security group designation providing a mechanism for associating the group of source nodes to a group of destination nodes that the group of source nodes is authorized to access, wherein the group of source nodes and the group of destination nodes are members of a same private network,
wherein the egress network device is located at a first edge of a cloud of network devices and an ingress network device is located at a second edge of such cloud, and
wherein the security group tag was applied to said packet at the ingress network device;
means for determining at the egress network device, based at least in part on the security group tag, to forward the packet to a destination device; and
means for forwarding the packet to the destination device based on the determination to forward such packet based at least in part on the security group tag.
20. At least one non-transitory computer readable storage medium having computer program instructions stored thereon that are arranged to perform the following operations:
receiving at an egress network device a packet that includes a security group tag identifying a security group designation classifying the packet, the security group designation corresponding to a group of source nodes, and the security group designation providing a mechanism for associating the group of source nodes to a group of destination nodes that the group of source nodes is authorized to access wherein the group of source nodes and the group of destination nodes are members of a same private network,
wherein the egress network device is located at a first edge of a cloud of network devices and an ingress network device is located at a second edge of such cloud, and
wherein the security group tag was applied to said packet at the ingress network device;
determining at the egress network device, based at least in part on the security group tag, to forward the packet to a destination device; and
forwarding the packet to the destination device based on the determination to forward such packet based at least in part on the security group tag.
The claims below are in addition to those above.
All refrences to claim(s) which appear below refer to the numbering after this setence.
1. An adaptive multifilar antenna comprising:
a plurality of spaced filaments,
at least a portion of the filaments being coupled together in a fixed phase relationship to form a group of filaments;
a weighting circuit operable to apply variable phase adjustments to signals passed to andor from the filaments, said weighting circuit being operable to apply a common variable phase adjustment to signals passed to andor from the filaments of the group;
detecting means operable to detect at least one electrical property of the adaptive multifilar antenna with respect to at least one of the frequency, polarization andor direction of propagation of a signal to be received or transmitted by the adaptive multifilar antenna and impedance matching of the antenna; and
control means, responsive to the detecting means, operable to control operation of the weighting circuit to adjust properties of the multifilar antenna to suit better a current signal to be received or transmitted.
2. The antenna according to claim 1, wherein the weighting circuit is operable to apply gain adjustments to signals passed to andor from the filaments and to apply the same gain adjustment to signals passed to andor from the filaments of the group.
3. The antenna according to claim 1, including switch means associated with the filaments for selectively altering the electrical length andor interconnections of the filaments, the signal connections tofrom the filaments being at a first end of each filament; and
the switch means being operable to selectively interconnect pairs of filaments, a second end of those filaments being remote from the first end.
4. The antenna according to claim 1, in which there are 4 or 6 said filaments.
5. The antenna according to claim 1, including switchable filaments having switch means for selectively altering the electrical length andor interconnections of the switchable filaments and
each of the switchable filaments including at least a first filament section and a second filament section; and
the switch means being operable to selectively connect or isolate the first and second filament sections of each switchable filament so as to vary the electrical length of that filament.
6. The antenna according to claim 1, including a matching circuit for matching the characteristic impedance of the antenna to that of a transmitting andor receiving apparatus.
7. The antenna according to claim 6, wherein the control means is operable to control the operation of the matching circuit to adjust the properties of the adaptive multifilar antenna to suit better a current signal to be received or transmitted.
8. The antenna according to claim 6, in which:
the detecting means is operable to detect a signal to noise ratio of a received signal; and
the control means is operable to control the operation of the matching circuit andor the weighting circuit so as to improve the signal to noise ratio of the received signal.
9. The antenna according to claim 6, in which:
the detecting means is operable to detect a signal to (noise plus interference) ratio of a received signal; and
the control means is operable to control the operation of the matching circuit andor the weighting circuit so as to improve the signal to (noise plus interference) ratio of the received signal.
10. The antenna according to claim 6, in which:
the detecting means is operable to detect a signal level of a received signal; and
the control means is operable to control the operation of the matching circuit andor the weighting circuit so as to improve the signal level of the received signal.
11. The antenna according to claim 6, in which:
the detecting means is operable to detect a VSWR for a transmitted signal; and
the control means is operable to control the operation of the matching circuit andor the weighting circuit so as to improve the VSWR for transmission of that signal.
12. The antenna according to claim 1, in which the detecting means comprises:
analogue to digital conversion means for converting respective signals received by the filaments into corresponding digital representations;
a memory for storing the digital representations;
means for combining the digital representations using respective phase relationships and gains; and
means for detecting properties of the antenna by analysis of the combined digital representations.
13. The antenna according to claim 1, in which the detecting means comprises:
means for combining respective signals received by the filaments;
analogue to digital conversion means for converting the combined signals into a corresponding digital representation;
a memory for storing the digital representation; and
means for detecting properties of the antenna by analysis of the combined digital representations.
14. The antenna according to claim 13, wherein the combining means is operable to combine the respective signals having respective gain weighting.
15. The antenna according to claim 1, in which the detecting means operates at least during reception of a reference signal burst by the antenna.
16. The antenna according to claim 1, in which there is an even number of said filaments.
17. The antenna according to claim 1, wherein there are 4 said filaments and including two filament groups each of two diametrically opposed filaments, the filaments in each respective group being coupled together with a relative phase weighting of substantially 180\xb0.
18. The antenna according to claim 1 wherein the filaments in the group of filaments have a diversity correlation of 0.7 or better.
19. The antenna according to claim 1, in which the filaments are helically shaped.
20. The antenna according to claim 1, in which the filaments are at least partially intertwined.
21. The antenna according to claim 1, having a volute of generally elliptical or rectangular axial cross-section.
22. The antenna according to claim 21, wherein the respective outputs of the weighting circuit are combined prior to frequency downconversion.
23. The antenna according to claim 1, wherein the weighting circuit operates at baseband.
24. The antenna according to claim 1, wherein the weighting circuit operates at RF.