Invalid policy detection

US 20050198326A1
Filed: 02/20/2004
Published: 09/08/2005
Est. Priority Date: 02/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and

including the policy digest in a request by the client to access a resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations are described and claimed herein to detect an invalid policy that may reside in a cache at a client. An expired policy is removed from cache and a current policy is requested. Otherwise the cached policy may be used. The client indicates which policy it is using by generating a policy digest, including, in compressed form, one or more assertions. If the host determines the policy digest is invalid, the host issues an invalid digest fault. If the policy digest is valid, but the assertions included in the policy digest are invalid, the host issues an invalid policy fault. In either case, the client is notified that the cached policy is no longer valid and that a current policy should be requested.

Citations

38 Claims

1. A method comprising:
- generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
  
  including the policy digest in a request by the client to access a resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein generating the policy digest includes generating a hash of the cached policy.
  - 3. The method of claim 1, wherein generating the policy digest includes encoding a bit vector identifying selected assertions from the cached policy.
  - 4. The method of claim 1, wherein generating the policy digest includes reading an assertion from the policy, assigning a bit value to the assertion, and writing the bit value to a bit vector.
  - 5. The method of claim 1, wherein generating the policy digest includes generating a hash of the cached policy if the cached policy is normalized.
  - 6. The method of claim 1, further comprising:
    - incrementing a counter each time the cached policy is used; and
      
      removing the cached policy from a cache at the client when the counter exceeds a limit value.
  - 7. The method of claim 1, further comprising:
    - incrementing a counter for the cached policy when a fault is received at the client in response to using the cached policy; and
      
      removing the cached policy from a cache at the client when the counter exceeds a limit value.
  - 8. The method of claim 1, further comprising logging a diagnostic event when a fault is received at the client to identify a system problem.

9. A method comprising:
- extracting at a host a policy digest identifying a cached policy, the policy digest included in a request to access a resource; and
  
  denying access to the resource if the policy digest identifies an invalid policy.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising issuing a fault for the client if the policy digest identifies an invalid policy.
  - 11. The method of claim 9, further comprising decoding the policy digest.
  - 12. The method of claim 9, further comprising decoding a bit vector of the cached policy.
  - 13. The method of claim 9, further comprising reading an assertion from the policy digest.
  - 14. The method of claim 9, further comprising reading a row hash of the cached policy.

15. A system comprising:
- a policy digest identifying at least one cached policy; and
  
  a messaging module denying access to a resource if the policy digest identifies an invalid policy for the resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the messaging module extracts the policy digest from a message requesting access to the resource.
  - 17. The system of claim 15, wherein the messaging module decodes the policy digest.
  - 18. The system of claim 15, wherein the policy digest is a bit vector of a cached policy.
  - 19. The system of claim 15, wherein the policy digest is a row hash of a normalized policy.
  - 20. The system of claim 15, wherein the policy digest identifies at least one selected assertion.

21. A system comprising:
- a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
  
  a messaging module including the policy digest in a request by the client to access a resource.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The system of claim 21, wherein the messaging module encodes the policy digest.
  - 23. The system of claim 21, wherein the policy digest is a bit vector of a cached policy.
  - 24. The system of claim 21, wherein the policy digest is a row hash of a normalized policy.
  - 25. The system of claim 21, wherein the policy digest identifies at least one assertion selected by the client.

26. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
- generating a policy digest for a cached policy at a client, the policy digest identifying at least one assertion the client is complying with; and
  
  including the policy digest in a request by the client to access a resource.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The computer program product of claim 26 wherein the computer process further comprises generating a hash of the cached policy.
  - 28. The computer program product of claim 26 wherein the computer process further comprises encoding a bit vector of the cached policy.
  - 29. The computer program product of claim 26 wherein the computer process further comprises reading an assertion from the policy, assigning a bit value to the assertion, and writing the bit value to a bit vector.
  - 30. The computer program product of claim 26 wherein the computer process further comprises generating a row hash of the cached policy if the cached policy is normalized.
  - 31. The computer program product of claim 26, wherein the computer process further comprises:
    - incrementing a counter each time the cached policy is used; and
      
      removing the cached policy from a cache at the client when the counter exceeds a limit value.
  - 32. The computer program product of claim 26 wherein the computer process further comprises:
    - incrementing a counter for the cached policy when a fault is received at the client in response to using the cached policy; and
      
      removing the cached policy from a cache at the client when the counter exceeds a limit value.
  - 33. The computer program product of claim 26 wherein the computer process further comprises triggering a diagnostic event when a fault is received at the client.

34. A computer program product encoding a computer program for executing on a computer system a computer process, the computer process comprising:
- extracting at a host a policy digest identifying a cached policy, the policy digest included in a request to access a resource; and
  
  denying access to the resource if the policy digest identifies an invalid policy.
- View Dependent Claims (35, 36, 37, 38)
- - 35. The computer program product of claim 34 wherein the computer process further comprises decoding the policy digest.
  - 36. The computer program product of claim 34 wherein the computer process further comprises decoding a bit vector of the cached policy.
  - 37. The computer program product of claim 34 wherein the computer process further comprises reading an assertion from the policy digest.
  - 38. The computer program product of claim 34 wherein the computer process further comprises reading a row hash of the cached policy if the cached policy is normalized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schlimmer, Jeffrey C., Lovering, Bradford H., Christensen, Erik B., Levin, David, Lee, Alfred IV

Granted Patent

US 7,664,828 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 67/5682 Policies or rules for updat...

Invalid policy detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Invalid policy detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links