Policy-based network management system using dynamic policy generation

US 6,578,076 B1
Filed: 10/18/1999
Issued: 06/10/2003
Est. Priority Date: 10/18/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method comprising:

evaluating a condition relating to a network resource;

generating instructions for managing access to the network resource in response to the evaluation; and

transmitting the instructions for installation on a network device providing access to the network resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing a network involves evaluating a condition relating to a network resource. In response to that evaluation, instructions are generated for managing access to the network resource. These instructions are then sent to be installed on a network device that provides access to the network resource.

Citations

48 Claims

1. A computer-implemented method comprising:
- evaluating a condition relating to a network resource;
  
  generating instructions for managing access to the network resource in response to the evaluation; and
  
  transmitting the instructions for installation on a network device providing access to the network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the instructions are generated from a template.
  - 3. The computer-implemented method of claim 2, wherein the instructions are customized using information relating to the evaluated condition.
  - 4. The computer-implemented method of claim 2, wherein the template is selected from a plurality of templates based on information relating to the evaluated condition.
  - 5. The computer-implemented method of claim 1, further comprising removing the instructions from the network device after execution.
  - 6. The computer-implemented method of claim 1, wherein the condition is evaluated periodically.
  - 7. The computer-implemented method of claim 1, wherein the condition is evaluated in response to a predetermined event.
  - 8. The computer-implemented method of claim 7, wherein the predetermined event relates to an attempt to access the network resource.
  - 9. The computer-implemented method of claim 1, further comprising generating instructions for installation on each of a plurality of network devices providing access to the network resource.
  - 10. The computer-implemented method of claim 1, further comprising generating instructions for managing access to a plurality of network resources associated with the evaluated condition.

11. A machine-readable medium having stored thereon a plurality of executable instructions to perform a method comprising:
- evaluating a condition relating to a network resource;
  
  generating a module for managing access to the network resource in response to the evaluation; and
  
  transmitting the module for installation on a network device providing access to the network resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The storage medium of claim 11, wherein the set of instructions further comprises instructions for generating the module from a template.
  - 13. The storage medium of claim 12, wherein the set of instructions further comprises instructions for customizing the module using information relating to the evaluated condition.
  - 14. The storage medium of claim 12, wherein the set of instructions further comprises instructions for selecting the template from a plurality of templates based on information relating to the evaluated condition.
  - 15. The storage medium of claim 11, wherein the set of instructions further comprises instructions for removing the module from the network device after execution.
  - 16. The storage medium of claim 11, wherein the set of instructions further comprises instructions for evaluating the condition periodically.
  - 17. The storage medium of claim 11, wherein the set of instructions further comprises instructions for evaluating the condition in response to a predetermined event.
  - 18. The storage medium of claim 17, wherein the predetermined event relates to an attempt to access the network resource.
  - 19. The storage medium of claim 11, wherein the set of instructions further comprises instructions for generating a plurality of modules and respectively installing them on a plurality of network devices providing access to the network resource.
  - 20. The storage medium of claim 11, wherein the set of instructions further comprises instructions for generating modules for managing access to a plurality of network resources associated with the evaluated condition.

21. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy; and
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy for installation on the policy decision point.
- View Dependent Claims (22, 23, 24)
- - 22. The policy-based network management system of claim 21, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 23. The policy-based network management system of claim 22, wherein the policy server evaluates the predetermined condition periodically.
  - 24. The policy-based network management system of claim 22, wherein the policy server evaluates the predetermined condition upon detection of a network event.

25. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy; and
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point, the established policy comprising a set of instructions installed on the policy decision point.
- View Dependent Claims (26, 27, 28)
- - 26. The policy-based network management system of claim 25, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 27. The policy-based network management system of claim 26, wherein the policy server evaluates the predetermined condition periodically.
  - 28. The policy-based network management system of claim 26, wherein the policy server evaluates the predetermined condition upon detection of a network event.

29. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy; and
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point, the established policy being removed from the policy decision point upon occurrence of a predetermined event.
- View Dependent Claims (30, 31, 32)
- - 30. The policy-based network management system of claim 29, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 31. The policy-based network management system of claim 30, wherein the policy server evaluates the predetermined condition periodically.
  - 32. The policy-based network management system of claim 30, wherein the policy server evaluates the predetermined condition upon detection of a network event.

33. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy;
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point; and
  
  a plurality of policy decision points coupled to the policy server, each of the plurality of policy decision points to authorize access to a different network resource.
- View Dependent Claims (34, 35, 36)
- - 34. The policy-based network management system of claim 33, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 35. The policy-based network management system of claim 34, wherein the policy server evaluates the predetermined condition periodically.
  - 36. The policy-based network management system of claim 34, wherein the policy server evaluates the predetermined condition upon detection of a network event.

37. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy;
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point; and
  
  a plurality of policy enforcement points coupled to the policy decision point, each of the plurality of policy enforcement points to selectively enable access to the network resource.
- View Dependent Claims (38, 39, 40)
- - 38. The policy-based network management system of claim 37, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 39. The policy-based network management system of claim 38, wherein the policy server evaluates the predetermined condition periodically.
  - 40. The policy-based network management system of claim 38, wherein the policy server evaluates the predetermined condition upon detection of a network event.

41. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy; and
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point, and the policy server to maintain a plurality of templates for dynamically establishing a policy concerning access to each of a plurality of network resources.
- View Dependent Claims (42, 43, 44)
- - 42. The policy-based network management system of claim 41, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 43. The policy-based network management system of claim 42, wherein the policy server evaluates the predetermined condition periodically.
  - 44. The policy-based network management system of claim 42, wherein the policy server evaluates the predetermined condition upon detection of a network event.

45. A policy-based network management system comprising:
- a policy enforcement point to selectively enable access to a network resource;
  
  a policy decision point in communication with the policy enforcement point, the policy decision point to authorize access to the network resource through the policy enforcement point in accordance with an established policy;
  
  a policy server in communication with the policy decision point, the policy server to maintain a template for dynamically establishing a policy concerning access to the network resource and communicating the established policy to the policy decision point, and the policy server being in communication with a policy management device, the policy management device to perform at least one of the functions of generating policies, installing policies on the policy server, and removing policies from the policy server.
- View Dependent Claims (46, 47, 48)
- - 46. The policy-based network management system of claim 45, wherein the policy server generates a policy in response to satisfaction of a predetermined condition.
  - 47. The policy-based network management system of claim 46, wherein the policy server evaluates the predetermined condition periodically.
  - 48. The policy-based network management system of claim 46, wherein the policy server evaluates the predetermined condition upon detection of a network event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Putzolu, David Matthew
Primary Examiner(s)
Lim, Krisna

Application Number

US09/419,804
Time in Patent Office

1,331 Days
Field of Search

709/223, 709/224, 709/219, 709/229
US Class Current

709/223
CPC Class Codes

H04L 41/0213   Standardised network manage...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 47/15   in relation to multipoint t...

H04L 47/20   Traffic policing

H04L 47/2425   for supporting services spe...

H04L 47/245   using preemption

H04L 47/70   Admission control; Resource...

H04L 47/724   at intermediate nodes, e.g....

H04L 47/781   Centralised allocation of r...

H04L 47/805   QOS or priority aware

H04L 47/826   Involving periods of time

H04L 47/828   Allocation of resources per...

Policy-based network management system using dynamic policy generation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-based network management system using dynamic policy generation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links