Approach to visualize current and historical access policy of a group based policy

US 10,187,270 B2
Filed: 01/15/2016
Issued: 01/22/2019
Est. Priority Date: 01/15/2016
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving, by a computing device, a first group based policy having first policy rules and a second group based policy having second policy rules, the first policy rules defining a first range of destination internet protocol addresses, a first range of source internet protocol addresses and a first range of access ports, the second policy rules defining a second range of destination internet protocol addresses, a second range of source internet protocol addresses and a second range of access ports;

based on the first policy rules of the first group based policy, rendering, by the computing device, a first three dimensional representation of the first group based policy;

based on the second policy rules of the second group based policy, rendering, by the computing device, a second three dimensional representation of the second group based policy;

displaying, on the computing device, the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on a graphical interface; and

displaying a conflict between the first policy rules and the second policy rules via an overlap in the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on the graphical interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and non-transitory computer-readable storage media for visualizing current and historical access policy of a group based policy. A first group based policy and a second group based policy are received at a computing device, where each group based policy includes policy rules defining a range of destination internet protocol addresses, a range of source internet protocol addresses and a range of access ports. The computing device renders a three dimensional representation of the first group based policy, based on the policy rules of the first group based policy. The computing device renders a three dimensional representation of the second group based policy, based on the policy rules of the second group based policy. The computing device displays the representations of the first group based policy and second group based policy on a graphical interface.

2 Citations

20 Claims

1. A computer implemented method comprising:
- receiving, by a computing device, a first group based policy having first policy rules and a second group based policy having second policy rules, the first policy rules defining a first range of destination internet protocol addresses, a first range of source internet protocol addresses and a first range of access ports, the second policy rules defining a second range of destination internet protocol addresses, a second range of source internet protocol addresses and a second range of access ports;
  
  based on the first policy rules of the first group based policy, rendering, by the computing device, a first three dimensional representation of the first group based policy;
  
  based on the second policy rules of the second group based policy, rendering, by the computing device, a second three dimensional representation of the second group based policy;
  
  displaying, on the computing device, the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on a graphical interface; and
  
  displaying a conflict between the first policy rules and the second policy rules via an overlap in the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on the graphical interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented method of claim 1, wherein rendering the first three dimensional representation of the first group based policy further comprises:
    - rendering the first range of destination internet protocol addresses of the first group based policy on a first axis of the first three dimensional representation;
      
      rendering the first range of source internet protocol addresses of the first group based policy on a second axis of the first three dimensional representation, the second axis adjoining the first axis; and
      
      rendering the first range of access ports of the first group based policy on a third axis of the first three dimensional representation, the third axis adjoining the first axis and the second axis.
  - 3. The computer implemented method of claim 1, further comprising:
    - receiving flow data describing a destination internet protocol address, a source internet protocol address, and an access port; and
      
      rendering a representation of the flow data on the graphical interface.
  - 4. The computer implemented method of claim 1, wherein the access ports are transmission control protocol ports.
  - 5. The computer implemented method of claim 1, further comprising:
    - receiving a third group based policy, the third group based policy including third policy rules defining a third range of destination internet protocol addresses, a third range of source internet protocol addresses and a third range of access ports;
      
      based on the third policy rules of the third group based policy, rendering a third three dimensional representation of the third group based policy; and
      
      displaying the third three dimensional representation of the third group based policy on the graphical interface, wherein the third three dimensional representation of the third group based policy is visually distinct from first the three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy.
  - 6. The computer implemented method of claim 1, further comprising:
    - in response to a determination that the first group based policy has been deleted, deleting the first three dimensional representation of the first group based policy on the graphical interface.
  - 7. The computer implemented method of claim 1, further comprising:
    - receiving modifications to the first group based policy; and
      
      in response to receiving the modifications to the first group based policy, modifying the first three dimensional representation of the first group based policy on the graphical interface based on the modifications.

8. A non-transitory computer-readable medium containing instructions that, when executed by a computing device, cause the computing device to:
- receive a first group based policy including first policy rules defining a first range of destination internet protocol addresses, a first range of source internet protocol addresses, and first a range of access ports;
  
  receive a second group based policy including second policy rules defining a second range of destination internet protocol addresses, a second range of source internet protocol addresses, and second a range of access ports;
  
  based on the first policy rules of the first group based policy, render a first three dimensional representation of the first group based policy;
  
  based on the second policy rules of the second group based policy, render a second three dimensional representation of the second group based policy;
  
  display the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on a graphical interface; and
  
  display a conflict between the first policy rules and the second policy rules via an overlap in the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on the graphical interface.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, wherein the instructions to render in the first three dimensional representation of the first group based policy further cause the computing device to:
    - render the first range of destination internet protocol addresses of the first group based policy on a first-axis of the first three dimensional representation;
      
      render the first range of source internet protocol addresses of the first group based policy on a second-axis of the first three dimensional representation, the second axis adjoining the first axis; and
      
      render the first range of access ports of the first group based policy on a third-axis of the first three dimensional representation, the third axis adjoining the first axis and the second axis.
  - 10. The non-transitory computer-readable medium of claim 8, wherein the instructions further cause the computing device to:
    - receive flow data describing a destination internet protocol address, a source internet protocol address, and an access port; and
      
      render a representation of the flow data on the graphical interface.
  - 11. The non-transitory computer-readable medium of claim 10, wherein the access ports are user datagram protocol ports.
  - 12. The non-transitory computer-readable medium of claim 8, wherein the instructions further cause the computing device to:
    - receive a third group based policy, the third group based policy including policy rules defining a third range of destination internet protocol addresses, a third range of source internet protocol addresses, and a third range of access ports;
      
      based on the third policy rules of the third group based policy, render a third three dimensional representation of the third group based policy; and
      
      display the third three dimensional representation of the third group based policy on the graphical interface, wherein the third three dimensional representation of the third group based policy is visually distinct from the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy.
  - 13. The non-transitory computer-readable medium of claim 8, wherein the instructions further cause the computing device to:
    - in response to a determination that the first group based policy has been deleted, delete the first three dimensional representation of the first group based policy on the graphical interface.
  - 14. The non-transitory computer-readable medium of claim 8, wherein the instructions further cause the computing device to:
    - receive modifications to the first group based policy; and
      
      in response to receiving the modifications to the first group based policy, modify the first three dimensional representation of the first group based policy on the graphical interface based on the modifications.

15. A computing system comprising:
- one or more computer processors; and
  
  a memory containing instructions that, when executed by the one or more computer processors, cause the computing system to;
  
  receive a first group based policy including first policy rules defining a first range of destination internet protocol addresses, a first range of source internet protocol addresses, and a first range of access ports;
  
  receive a second group based policy including second policy rules defining a second range of destination internet protocol addresses, a second range of source internet protocol addresses, and a second range of access ports;
  
  based on the first policy rules of the first group based policy, render a first three dimensional representation of the first group based policy;
  
  based on the second policy rules of the second group based policy, render a second three dimensional representation of the second group based policy; and
  
  display the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy on a graphical interface.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computing system of claim 15, wherein rendering the first three dimensional representation of the first group based policy further comprises:
    - rendering the first range of destination internet protocol addresses of the first group based policy on a first axis of the first three dimensional representation;
      
      rendering the first range of source internet protocol addresses of the first group based policy on a second axis of the first three dimensional representation, the second axis adjoining the first axis; and
      
      rendering the first range of access ports of the first group based policy on a third axis of the first three dimensional representation, the third axis adjoining the first axis and the second axis.
  - 17. The computing system of claim 15, wherein the instructions further cause the computing system to:
    - receive flow data describing a destination internet protocol address, a source internet protocol address, and an access port; and
      
      render a representation of the flow data on the graphical interface.
  - 18. The computing system of claim 15, wherein the instructions further cause the computing system to:
    - receive a third group based policy, the third group based policy including policy rules defining a range of destination internet protocol addresses, a range of source internet protocol addresses and a range of access ports;
      
      based on the third policy rules of the third group based policy, render a third three dimensional representation of the third group based policy; and
      
      display the third three dimensional representation of the third group based policy on the graphical interface, wherein the third three dimensional representation of the third group based policy is visually distinct from the first three dimensional representation of the first group based policy and the second three dimensional representation of the second group based policy.
  - 19. The computing system of claim 15, wherein the instructions further cause the computing system to:
    - in response to a determination that the first group based policy has been deleted, delete the first three dimensional representation of the first group based policy on the graphical interface.
  - 20. The computing system of claim 15, wherein the instructions further cause computing system to:
    - receive modifications to the first group based policy; and
      
      in response to receiving the modifications to the first group based policy, modify the first three dimensional representation of the first group based policy on the graphical interface based on the modification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Agrawal, Sanjay, Gupta, Ruchir, Ahmed, Syed Basheeruddin, Yang, Yi, Kaushik, Meenakshi
Primary Examiner(s)
Martello, Edward

Application Number

US14/997,342
Publication Number

US 20170206701A1
Time in Patent Office

1,103 Days
Field of Search

None
US Class Current
CPC Class Codes

G06T 11/206   Drawing of charts or graphs

G06T 2200/04   involving 3D image data

G06T 2200/24   involving graphical user in...

H04L 41/065   involving logical or physic...

H04L 41/0893   Assignment of logical group...

H04L 41/22   comprising specially adapte...

H04L 43/045   for graphical visualisation...

Approach to visualize current and historical access policy of a group based policy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

2 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Approach to visualize current and historical access policy of a group based policy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links