Application-aware policy enforcement

US 20070220588A1
Filed: 03/06/2007
Published: 09/20/2007
Est. Priority Date: 03/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;

in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;

receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;

in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and

if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular network resources or the application parameters for the particular application context.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a method includes receiving a first message from a first manager. The first message includes a first element of a request for policy authorization. The request for policy authorization attempts to reserve particular network resources for a particular application context. The method includes, in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization. The method includes receiving a second message from a second manager subsequent to the first message. The second message includes a second element of the request for policy authorization, and the second element completes the request for policy authorization. The method includes, in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization. The method includes, if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular resources for the particular application context.

147 Citations

View as Search Results

27 Claims

1. A method comprising:
- receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;
  
  in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
  
  receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
  
  in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and
  
  if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular network resources or the application parameters for the particular application context.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein:
    - the first manager is a bearer manager;
      
      the first element of the first message identifies the particular network resources;
      
      the second manager is an application manager; and
      
      the second element of the second message identifies the particular application context.
  - 3. The method of claim 1, wherein:
    - the first manager is an application manager;
      
      the first element of the first message identifies the particular application context;
      
      the second manager is a bearer manager; and
      
      the second element of the second message identifies the particular network resources.
  - 4. The method of claim 1, wherein the particular network resources comprise a quality of service (QoS).
  - 5. The method of claim 1, wherein the particular application context identifies:
    - a particular application; and
      
      network resources for use by the application.
  - 6. The method of claim 5, wherein the particular application context further identifies one or more of:
    - one or more constituent components of the application;
      
      one or more parameters describing each of the constituent components;
      
      or one or more network resources for use by each of the constituent components.
  - 7. The method of claim 1, wherein the rendezvous state comprises a timeout.
  - 8. The method of claim 1, further comprising releasing one or more network resources reserved in response to the first message if the second message fails to arrive during the rendezvous state.
  - 9. The method of claim 1 further comprising, releasing one or more network resources reserved in response to the first message if the policy decision denies the request for policy authorization.
  - 10. The method of claim 1, wherein the policy facet comprises a network facet, an application facet, or both.
  - 11. The method of claim 1, further comprising:
    - during the policy rendezvous state, communicating to the first manager a third message indicating that the policy decision is pending;
      
      in response to the third message, initiating one or more processes at the first manager in preparation for use of the particular resources or the application parameters in the particular application context.
  - 12. The method of claim 1 wherein:
    - the particular network resources comprise a particular quality of service (QoS); and
      
      the particular application context comprises an Internet Protocol (IP) telephone service.
  - 13. The method of claim 1, wherein making the policy decision comprises comparing the particular network resources in the request for policy authorization with network resources authorized for use by a particular application identified by the particular application context.

14. An apparatus comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors operable when executing the instructions to;
  
  receive a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources of application parameters for a particular application context;
  
  in response to the first message, establish a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
  
  receive a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
  
  in response to the second message, make the policy decision based on the first and second elements of the request for policy authorization; and
  
  if the policy decision grants the request for policy authorization, generate a complete policy facet and communicate the complete policy facet to the first manager or the second manager to authorize use of the particular resources or application parameters for the particular application context.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The apparatus of claim 14, wherein:
    - the first manager is a bearer manager;
      
      the first element of the first message identifies the particular network resources;
      
      the second manager is an application manager; and
      
      the second element of the second message identifies the particular application context.
  - 16. The apparatus of claim 14, wherein:
    - the first manager is an application manager;
      
      the first element of the first message identifies the particular application context;
      
      the second manager is a bearer manager; and
      
      the second element of the second message identifies the particular network resources.
  - 17. The apparatus of claim 14, wherein the particular network resources comprise a quality of service (QoS).
  - 18. The apparatus of claim 14, wherein the particular application context identifies:
    - a particular application; and
      
      network resources for use by the application.
  - 19. The apparatus of claim 18, wherein the particular application context further identifies one or more of:
    - one or more constituent components of the application;
      
      one or more parameters describing each of the constituent components;
      
      or one or more network resources for use by each of the constituent components.
  - 20. The apparatus of claim 14, wherein the rendezvous state comprises a timeout.
  - 21. The apparatus of claim 14, wherein the processors are further operable when executing the instructions to release one or more network resources reserved in response to the first message if the second message fails to arrive during the rendezvous state.
  - 22. The apparatus of claim 14, wherein the processors are further operable when executing the instructions to release one or more network resources reserved in response to the first message if the policy decision denies the request for policy authorization.
  - 23. The apparatus of claim 14, wherein the policy facet comprises a network facet, an application facet, or both.
  - 24. The apparatus of claim 14, wherein the processors are further operable when executing the instructions to:
    - during the policy rendezvous state, communicate to the first manager a third message indicating that the policy decision is pending;
      
      in response to the third message, initiate one or more processes at the first manager in preparation for use of the particular resources or application parameters in the particular application context.
  - 25. The apparatus of claim 14, wherein:
    - the particular network resources comprise a particular quality of service (QoS); and
      
      the particular application context comprises an Internet Protocol (IP) telephone service.
  - 26. The apparatus of claim 14, wherein making the policy decision comprises comparing the particular network resources in the request for policy authorization with network resources authorized for use by a particular application identified by the particular application context.

27. A system comprising:
- means for receiving a first message from a first manager, the first message comprising a first element of a request for policy authorization, the request for policy authorization attempting to authorize use of particular network resources or application parameters for a particular application context;
  
  means for, in response to the first message, establishing a policy rendezvous state at a policy manager for a policy decision on the request for policy authorization;
  
  means for receiving a second message from a second manager subsequent to the first message, the second message comprising a second element of the request for policy authorization, the second element completing the request for policy authorization;
  
  means for, in response to the second message, making the policy decision based on the first and second elements of the request for policy authorization; and
  
  means for, if the policy decision grants the request for policy authorization, generating a complete policy facet and communicating the complete policy facet to the first manager or the second manager to authorize use of the particular resources or application parameters for the particular application context.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Rosenberg, Jonathan, Andreasen, Flemming, Panda, Biswaranjan

Granted Patent

US 7,966,645 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06Q 20/102   Bill distribution or payments

H04L 12/14   Charging , metering or bill...

H04L 12/1403   Architecture for metering, ...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/5029   Service quality level-based...

H04L 41/5061   characterised by the intera...

H04L 45/50   using label swapping, e.g. ...

H04L 47/10   Flow control; Congestion co...

H04L 47/15   in relation to multipoint t...

H04L 47/70   Admission control; Resource...

H04L 47/724   at intermediate nodes, e.g....

H04L 47/805   QOS or priority aware

H04L 47/824   Applicable to portable or m...

H04L 61/5014   using dynamic host configur...

H04L 63/08   for authentication of entit...

H04L 63/0892   by using authentication-aut...

H04L 63/102   Entity profiles

H04L 63/162   at the data link layer

H04L 65/1016   IP multimedia subsystem [IMS]

H04L 65/1104 : Session initiation protocol...

H04L 67/141 : Setup of application sessio...

H04L 69/14 : Multichannel or multilink p...

H04L 69/24 : Negotiation of communicatio...

H04W 12/06 : Authentication

H04W 12/08 : Access security

H04W 28/18 : Negotiating wireless commun...

H04W 36/0033 : with transfer of context in...

H04W 36/12 : Reselecting a serving backb...

H04W 36/14 : Reselecting a network or an...

H04W 48/14 : using user query or user de...

H04W 60/00 : Affiliation to network, e.g...

H04W 8/04 : Registration at HLR or HSS ...

H04W 8/26 : Network addressing or numbe...

H04W 80/04 : Network layer protocols, e....

H04W 80/10 : adapted for application ses...

H04W 92/02 : Inter-networking arrangements

View All

Application-aware policy enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

147 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Application-aware policy enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links