METHOD AND APPARATUS FOR POLICY MANAGEMENT IN A NETWORK DEVICE
First Claim
1. A method for managing policies within a network intermediary device, comprising:
- opening, in response to a request from a client to the network intermediary device, a network connection between the client and the network intermediary device so long as said connection is permitted by a policy having rules relating to network connections;
processing a transaction over the network connection according to one or more additional policies;
upon completion of the transaction, determining if the network connection should be closed, and closing or not closing the connection accordingly; and
in the event the connection is not closed, reusing, subject to the additional policies, the connection for further transactions with the client.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for policy management in a network intermediary device. One embodiment of the invention, includes establishing a session between a client and an intermediary device on a network to enable processing of a communication between the client and the intermediary device. Then, the communication is processed by the intermediary device while maintaining a consistent version of policy throughout the communication. Finally, after the communication is complete, the intermediary terminates the communication. The intermediary device may maintain consistent policy by utilizing a policy ticket upon which transactional information is stored and that references the version of policy that was current when the communication first began. The policy ticket may be transported throughout the intermediary device according to a “checkpoint” scheme, and at each checkpoint, evaluating the policy rules, if necessary, to determine appropriate actions to be taken based on current client and network information as applied to the policy rules.
55 Citations
1 Claim
-
1. A method for managing policies within a network intermediary device, comprising:
-
opening, in response to a request from a client to the network intermediary device, a network connection between the client and the network intermediary device so long as said connection is permitted by a policy having rules relating to network connections;
processing a transaction over the network connection according to one or more additional policies;
upon completion of the transaction, determining if the network connection should be closed, and closing or not closing the connection accordingly; and
in the event the connection is not closed, reusing, subject to the additional policies, the connection for further transactions with the client.
-
Specification
-
- Resources
-
Current AssigneeCA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
-
Original AssigneeBlue Coat Systems Incorporated (Gen Digital Inc.)
-
InventorsPorter, Kevin, Maxted, Mark, Zuercher, Chris, Thurston, Matthew, Moen, Doug
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/1
-
CPC Class CodesH04L 63/0227 Filtering policies mail mes...H04L 63/0281 Proxies
