Methods systems and computer program products for processing complex policy rules based on rule form type

US 6,662,235 B1
Filed: 08/24/2000
Issued: 12/09/2003
Est. Priority Date: 08/24/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:

determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;

receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and

performing the following steps if the complex policy rule is a CNF policy rule;

generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;

comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;

determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;

repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and

determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention include methods, systems and computer program products which provide for a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions. An event is received having an associated value defining a point in a space covered by the individual policy conditions. The following operations are performed if the complex policy rule is a CNF policy rule. A plurality of summary conditions are generated, each of the summary conditions being associated with one of the levels. The associated value of the received event is compared to a selected one of the summary conditions to determine if the selected one of the summary conditions is met. Operations repeat for others of the summary conditions and individual policy conditions until either one of the summary conditions is not met or all individual policy conditions for one of the levels are not met, allowing the policy rule to be skipped, or until at least one of the individual policy conditions for each level is met. DNF policy rule processing is also provided.

140 Citations

49 Claims

1. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:
- determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
  
  performing the following steps if the complex policy rule is a CNF policy rule;
  
  generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
  
  comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
  
  determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
  
  repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
  
  determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises the steps of:
3. The method of claim 1 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises the steps of:
- selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
  
  repeating the step of selecting another one of the summary conditions for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
  
  comparing the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
4. The method of claim 1 further comprising the step of executing the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
5. The method of claim 4 wherein the step of generating a plurality of summary conditions further comprises the step of establishing a lowest starting value of one of the individual conditions associated with a level as a start value of a summary condition for that level and establishing a highest ending value of one of the individual policy conditions associated with that level as an end value of the summary condition for that level.
6. The method of claim 5 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a level if the associated range of one of the individual policy conditions associated with that level is a unitary point of a first value and another of the individual policy conditions associated with that level is a unitary point of a second value different from the first value.
7. The method of claim 6 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a level if the associated range of one of the individual policy conditions associated with that level is all inclusive.
8. The method of claim 4 wherein the step of comparing the associated value of the received event to an associated selected one of the summary conditions is preceded by the step of selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
9. The method of claim 4 further comprising the steps of:
- determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  performing the following steps if the complex policy rule is a DNF policy rule;
  
  generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  repeating the steps of comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  wherein the step of executing the action further comprises the step of executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

10. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, the method comprising the steps of:
- determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  receiving an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
  
  performing the following steps if the complex policy rule is a CNF policy rule;
  
  generating a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
  
  comparing a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
  
  determining that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
  
  repeating the step of comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
  
  determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
  
  executing the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 11. The method of claim 10 wherein at least one of the groups is selected from the group consisting of source device internet protocol (IP) address range, destination device IP address range, inbound interface identifier (ID) range, outbound interface ID range, source device port number range, destination device port number range, protocol ID range, application name and application data classification.
  - 12. The method of claim 10 wherein the step of generating a plurality of summary conditions further comprises the step of establishing a lowest starting value of one of the groups of one of the individual conditions associated with a level as a start value of a summary condition for that group for that level and establishing a highest ending value of the one of the groups of the one of the individual policy conditions associated with that level as an end value of the summary condition for that group for that level.
  - 13. The method of claim 12 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is a unitary point of a first value and another of the individual policy conditions associated with that level for that group is a unitary point of a second value different from the first value.
  - 14. The method of claim 13 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is all inclusive.
  - 15. The method of claim 10 wherein the step of comparing a respective one of the associated values of the received event is preceded by the step of selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
  - 16. The method of claim 10 further comprising the steps of:
17. The method of claim 16 wherein the steps of comparing the associated values of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met and selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the previously selected one of the collapsed conditions is not met further comprise the step of determining that a collapsed condition is not met if any one of the ranges of the collapsed condition is not met.
18. The method of claim 10 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions comprises the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level as one of the summary conditions which is met to determine if any of the individual policy conditions associated with the same level as one of the summary conditions which is met are met.
19. The method of claim 10 wherein the step of repeating the step of comparing for others of the summary conditions and individual policy conditions comprises the steps of:
- selecting another one of the summary conditions associated with the same level as the selected one of the summary conditions and associated with a different group of policy conditions;
  
  comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions to determine if the another one of the summary conditions is met; and
  
  repeating the steps of selecting another one of the summary conditions and comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions until at least one of a summary condition is not met or all of the summary conditions associated with the same level are met.
20. The method of claim 19 wherein the step of repeating the steps of selecting another one of the summary conditions and comparing one of the associated values of the received event associated with the different group to the another one of the summary conditions is followed by the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level to determine if any of the individual policy conditions associated with the same level are met if all of the summary conditions associated with the same level are met.
21. The method of claim 20 wherein the step of comparing the associated values of the received event to ones of the individual policy conditions associated with the same level to determine if any of the individual policy conditions associated with the same level are met if all of the summary conditions associated with the same level are met is followed by the steps of:
- comparing the associated values of the received event to ones of the summary conditions associated with another one of the levels to determine if any of the summary conditions associated with another one of the levels is not met;
  
  comparing the associated values of the received event to ones of the individual policy conditions associated with the another one of the levels if all of the ones of the summary conditions associated with the another one of the levels is met to determine if any of the ones of the individual policy conditions associated with the another one of the levels are met; and
  
  repeating the steps of comparing the associated values of the received event to ones of the summary conditions associated with another one of the levels and comparing the associated values of the received event to ones of the individual policy conditions associated with the another one of the levels for others of the plurality of levels until at least one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met.
22. The method of claim 21 wherein at least one of the groups is selected from the group consisting of source device internet protocol (IP) address range, destination device IP address range, inbound interface identifier (ID) range, outbound interface ID range, source device port number range, destination device port number range, protocol ID range, application name and application data classification.
23. The method of claim 22 wherein the step of generating a plurality of summary conditions further comprises the step of establishing a lowest starting value of one of the groups of one of the individual conditions associated with a level as a start value of a summary condition for that group for that level and establishing a highest ending value of the one of the groups of the one of the individual policy conditions associated with that level as an end value of the summary condition for that group for that level.
24. The method of claim 23 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is a unitary point of a first value and another of the individual policy conditions associated with that level for that group is a unitary point of a second value different from the first value.
25. The method of claim 24 wherein the step of generating a plurality of summary conditions further comprises the step of generating an all inclusive range as a summary condition for a group for a level if the associated range for that group of one of the individual policy conditions associated with that level is all inclusive.
26. The method of claim 25 further comprising the steps of:
- determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  performing the following steps if the complex policy rule is a DNF policy rule;
  
  generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions;
  
  comparing the associated values of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the previously selected one of the collapsed conditions is not met;
  
  repeating the step of selecting another one of the collapsed conditions and comparing the associated values of the received event to the selected another one of the collapsed conditions until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  wherein the step of executing the action further comprises the step of executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.
27. The method of claim 26 further comprising the step of selecting one of the plurality of collapsed conditions which is most likely to be met as the selected one of the plurality of collapsed conditions.
28. The method of claim 27 wherein the step of generating a plurality of collapsed conditions further comprises the step of establishing an intersection of associated ranges of all individual policy conditions associated with each group of policy conditions included in a particular level to provide one of the plurality of collapsed conditions associated with the particular level.

29. A method for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the method comprising the steps of:
- receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
  
  determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  performing the following steps if the complex policy rule is a DNF policy rule;
  
  generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  repeating the steps of comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

30. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the system comprising:
- means for determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  means for receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
  
  the following means responsive to determining that the complex policy rule is a CNF policy rule;
  
  means for generating a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
  
  means for comparing the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
  
  means for determining that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
  
  means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
  
  means for determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The system of claim 30 wherein the means for controlling the means for comparing further comprises:
32. The system of claim 30 wherein the means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises:
- means for selecting another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
  
  means for controlling the means for selecting another one of the summary conditions to repeat operations for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
  
  means for comparing the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
33. The system of claim 30 further comprising means for executing the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
34. The system of claim 33 further comprising means for selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
35. The system of claim 33 further comprising:
- means for determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  the following means responsive to determining that the complex policy rule is a DNF policy rule;
  
  means for generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  means for comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  means for selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  means for controlling the means for comparing to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  wherein the means for executing the action further comprises means for executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

36. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, the system comprising:
- means for determining if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  means for receiving an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
  
  the following means responsive to determining that the complex policy rule is a CNF policy rule;
  
  means for generating a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
  
  means for comparing a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
  
  means for determining that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
  
  means for controlling the means for comparing to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
  
  means for determining that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
  
  means for executing the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule.
- View Dependent Claims (37, 38)
- - 37. The system of claim 36 further comprising means for selecting one of the summary conditions most likely to not be met as the selected one of the summary conditions.
  - 38. The system of claim 36 further comprising:

39. A system for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, the system comprising:
- means for receiving an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
  
  means for determining if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  the following means responsive to determining that the complex policy rule is a DNF policy rule;
  
  means for generating a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  means for comparing the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  means for selecting another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  means for controlling the means for comparing to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  means for executing the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

40. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, comprising:
- a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
  
  computer-readable program code which determines if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  computer-readable program code which receives an event, the event having an associated value defining a point in a space covered by the individual policy conditions; and
  
  the following computer-readable program code responsive to determining that the complex policy rule is a CNF policy rule;
  
  computer-readable program code which generates a plurality of summary conditions, each of the summary conditions being associated with one of the levels;
  
  computer-readable program code which compares the associated value of the received event to a selected one of the summary conditions to determine if the selected one of the summary conditions is met;
  
  computer-readable program code which determines that the complex policy rule may be skipped if the selected one of the summary conditions is not met;
  
  computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met; and
  
  computer-readable program code which determines that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The computer program product of claim 40 wherein the computer-readable program code which controls the computer-readable program code which compares further comprises:
42. The computer program product of claim 40 wherein the computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met further comprises:
- computer-readable program code which selects another one of the summary conditions associated with another one of the levels and comparing the associated value of the received event to the another one of the summary conditions to determine if the another one of the summary conditions is not met;
  
  computer-readable program code which controls the computer-readable program code which selects another one of the summary conditions to repeat operations for others of the summary conditions until at least one of one of the summary conditions is not met or all of the summary conditions are met; and
  
  computer-readable program code which compares the associated value of the received event to individual policy conditions until at least one of all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each level is met if all of the summary conditions are met.
43. The computer program product of claim 40 further comprising computer-readable program code which executes the action associated with the complex policy rule if at least one individual policy condition at each level is met if the complex policy rule is a CNF policy rule.
44. The computer program product of claim 43 further comprising computer-readable program code which selects one of the summary conditions most likely to not be met as the selected one of the summary conditions.
45. The computer program product of claim 43 further comprising:
- computer-readable program code which determines if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  the following computer-readable program code responsive to determining that the complex policy rule is a DNF policy rule;
  
  computer-readable program code which generates a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  computer-readable program code which compares the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  computer-readable program code which selects another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  computer-readable program code which controls the computer-readable program code which compares to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  wherein the computer-readable program code which executes the action further comprises computer-readable program code which executes the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

46. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions, each of the individual policy conditions including a plurality of groups and being expressed as ranges for each of the groups, comprising:
- a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
  
  computer-readable program code which determines if the complex policy rule is a conjunctive normal form (CNF) policy rule;
  
  computer-readable program code which receives an event, the event having associated values defining a point in a space covered by the plurality of conditions; and
  
  the following computer-readable program code responsive to determining that the complex policy rule is a CNF policy rule;
  
  computer-readable program code which generates a plurality of summary conditions, each of the summary conditions being associated with a respective one of the groups for a respective one of the levels;
  
  computer-readable program code which compares a respective one of the associated values of the received event to an associated selected one of the summary conditions, the selected one of the summary conditions being associated with the same group of policy conditions as the respective one of the associated values of the received event, to determine if the associated one of the summary conditions is met;
  
  computer-readable program code which determines that the complex policy rule may be skipped if the associated one of the summary conditions is not met;
  
  computer-readable program code which controls the computer-readable program code which compares to repeat comparing for others of the summary conditions and individual policy conditions until at least one of one of the summary conditions is not met, all individual policy conditions for one of the levels are not met or at least one of the individual policy conditions for each of the levels is met;
  
  computer-readable program code which determines that the complex policy rule may be skipped if at least one of one of the summary conditions is not met or all individual policy conditions for one of the levels are not met; and
  
  computer-readable program code which executes the action if at least one of the individual policy conditions for each of the levels is met if the complex policy rule is a CNF policy rule.
- View Dependent Claims (47, 48)
- - 47. The computer program product of claim 46 further comprising computer-readable program code which selects one of the summary conditions most likely to not be met as the selected one of the summary conditions.
  - 48. The computer program product of claim 46 further comprising:

49. A computer program product for processing a complex policy rule structured in a plurality of levels wherein the complex policy rule selects an action for execution based on a plurality of individual policy conditions each of the individual policy conditions being expressed as ranges and being associated with one of the levels, comprising:
- a computer-readable storage medium having computer-readable program code embodied in said medium, said computer-readable program code comprising;
  
  computer-readable program code which receives an event, the event having an associated value defining a point in a space covered by the individual policy conditions;
  
  computer-readable program code which determines if the complex policy rule is a disjunctive normal form (DNF) policy rule; and
  
  the following computer-readable program code responsive to determining that the complex policy rule is a DNF policy rule;
  
  computer-readable program code which generates a plurality of collapsed conditions, each of the collapsed conditions being associated with one of the levels and having a range for each group of policy conditions included in the one of the plurality of levels;
  
  computer-readable program code which compares the associated value of the received event to a selected one of the collapsed conditions to determine if the selected one of the collapsed conditions is met;
  
  computer-readable program code which selects another one of the collapsed conditions and comparing the associated value of the received event to the selected another one of the collapsed conditions to determine if the selected another one of the collapsed conditions is met if the selected one of the collapsed conditions is not met;
  
  computer-readable program code which controls the computer-readable program code which compares to repeat comparing until at least one of a collapsed condition is met or all of the collapsed conditions are not met; and
  
  computer-readable program code which executes the action associated with the complex policy rule if one of the collapsed conditions is met if the complex policy rule is a DNF policy rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Nguyen, Loan, Shannon, Diane Iupe, Yang, David Yu Pin, Callis, Gregory M., Franks, Jon Kevin, Huynh, Lap Thiet
Primary Examiner(s)
COURTENAY III, ST JOHN

Application Number

US09/645,147
Time in Patent Office

1,202 Days
Field of Search

709/200-203, 709/223, 709/318
US Class Current

719/318
CPC Class Codes

H04L 41/0681   Configuration of triggering...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/5019   Ensuring fulfilment of SLA

Methods systems and computer program products for processing complex policy rules based on rule form type

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

140 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Methods systems and computer program products for processing complex policy rules based on rule form type

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links