Expression of packet processing policies using file processing rules

US 20060282878A1
Filed: 06/14/2005
Published: 12/14/2006
Est. Priority Date: 06/14/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a packet processing policy from a server device by a client device using Web-standard access control rules having a first number of possible outcomes;

converting the rules to a packet processing rule format having a second number of possible outcomes to apply the packet processing policy at the client device; and

applying the packet processing rules by the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatuses for distribution of rules using file-level Web-based protocols. The rules are mapped to a packet processing rules having a different outcome schema and applied by a client device.

Citations

30 Claims

1. A method comprising:
- receiving a packet processing policy from a server device by a client device using Web-standard access control rules having a first number of possible outcomes;
  
  converting the rules to a packet processing rule format having a second number of possible outcomes to apply the packet processing policy at the client device; and
  
  applying the packet processing rules by the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the Web-standard access control rules comprise rules defined according to an Extensible Access Control Markup Language (XACML) standard.
  - 3. The method of claim 1 wherein the second number of possible outcomes is greater than the first number of possible outcomes.
  - 4. The method of claim 3 wherein the first number of possible outcomes is two.
  - 5. The method of claim 4 wherein the two possible outcomes correspond to accept and deny.
  - 6. The method of claim 3 wherein the second number of possible outcomes is three.
  - 7. The method of claim 6 wherein the three possible outcomes correspond to accept, allow and deny.
  - 8. The method of claim 1 wherein policies defined by an administrator have a higher priority than policies defined by a client user.

9. An article comprising a computer-readable medium having stored thereon instructions that, when executed, cause one or more processors to:
- receive a packet processing policy from a server device by a client device using Web-standard access control rules having a first number of possible outcomes;
  
  convert the rules to a packet processing rule format having a second number of possible outcomes to apply the packet processing policy at the client device; and
  
  apply the packet processing rules by the client device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The article of claim 9 wherein the Web-standard access control rules comprise rules defined according to an Extensible Access Control Markup Language (XACML) standard.
  - 11. The article of claim 9 wherein the second number of possible outcomes is greater than the first number of possible outcomes.
  - 12. The article of claim 11 wherein the first number of possible outcomes is two.
  - 13. The article of claim 12 wherein the two possible outcomes correspond to accept and deny.
  - 14. The article of claim 11 wherein the second number of possible outcomes is three.
  - 15. The article of claim 14 wherein the three possible outcomes correspond to accept, allow and deny.
  - 16. The article of claim 9 wherein policies defined by an administrator have a higher priority than policies defined by a client user.

17. An apparatus comprising:
- a network interface having a packet processing rules table;
  
  a rules database coupled with the network interface to store a set of rules defined according to a Web-based standard having a first number of potential outcomes;
  
  a mapping agent coupled with the rules database to translate rules from the rules database to set of packet processing rules having a second number of potential outcomes to be stored in the packet processing rules table; and
  
  a firewall agent within the network interface coupled with the packet processing rules table to apply the packet processing rules.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The apparatus of claim 17 wherein the Web-based rules comprise rules defined according to an Extensible Access Control Markup Language (XACML) standard.
  - 19. The apparatus of claim 17 wherein the second number of possible outcomes is greater than the first number of possible outcomes.
  - 20. The apparatus of claim 19 wherein the first number of possible outcomes is two.
  - 21. The apparatus of claim 20 wherein the two possible outcomes correspond to accept and deny.
  - 22. The apparatus of claim 17 wherein the second number of possible outcomes is three.
  - 23. The apparatus of claim 22 wherein the three possible outcomes correspond to accept, allow and deny.

24. A system comprising:
- a network interface having a packet processing rules table;
  
  a network cable connected to the network interface;
  
  a rules database coupled with the network interface to store a set of rules defined according to a Web-based standard having a first number of potential outcomes;
  
  a mapping agent coupled with the rules database to translate rules from the rules database to set of packet processing rules having a second number of potential outcomes to be stored in the packet processing rules table; and
  
  a firewall agent within the network interface coupled with the packet processing rules table to apply the packet processing rules.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The system of claim 24 wherein the Web-based rules comprise rules defined according to an Extensible Access Control Markup Language (XACML) standard.
  - 26. The system of claim 24 wherein the second number of possible outcomes is greater than the first number of possible outcomes.
  - 27. The system of claim 26 wherein the first number of possible outcomes is two.
  - 28. The system of claim 27 wherein the two possible outcomes correspond to accept and deny.
  - 29. The system of claim 24 wherein the second number of possible outcomes is three.
  - 30. The system of claim 29 wherein the three possible outcomes correspond to accept, allow and deny.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Henroid, Andrew D., Stanley, James C.

Application Number

US11/153,753
Publication Number

US 20060282878A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/0227 Filtering policies mail mes...

Expression of packet processing policies using file processing rules

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Expression of packet processing policies using file processing rules

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links