Policy enforcement using the semantic characterization of traffic

US 7,177,922 B1
Filed: 09/05/2000
Issued: 02/13/2007
Est. Priority Date: 09/05/2000
Status: Expired due to Term

First Claim

Patent Images

1. A computer-implemented method for enforcing policy over a computer network, the method comprising:

selecting a dictionary, the dictionary including a plurality of concepts organized as a directed set, exactly one concept identified as a maximal element, and for each concept in the directed set, at least one chain connecting the maximal element to the concept;

selecting a set of chains to form a basis spanning a topological vector space;

selecting at least one concept in the dictionary;

creating a state vector in the topological vector space for each of the selected concepts, wherein each state vector includes at least one measure of how concretely the concept is represented in each chain in the basis;

assembling into a template a first subset of the state vectors including at least first and second vectors in the topological vector space, the topological vector space including at least one state vector not in the template;

assigning a policy to the computer network;

monitoring a portion of a content stream on the computer network to construct an impact summary, the impact summary including a second subset of the state vectors including at least third and fourth vectors in the topological vector space;

extrapolating how close the entire content stream is to the template using the impact summary and the template; and

enforcing the policy when the impact summary is within a threshold distance of the template.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

As content flows across a computer network, the content stream is monitored and compared with a template. If the content stream comes within a threshold distance of the template, a policy is enforced on the network.

81 Citations

View as Search Results

20 Claims

1. A computer-implemented method for enforcing policy over a computer network, the method comprising:
- selecting a dictionary, the dictionary including a plurality of concepts organized as a directed set, exactly one concept identified as a maximal element, and for each concept in the directed set, at least one chain connecting the maximal element to the concept;
  
  selecting a set of chains to form a basis spanning a topological vector space;
  
  selecting at least one concept in the dictionary;
  
  creating a state vector in the topological vector space for each of the selected concepts, wherein each state vector includes at least one measure of how concretely the concept is represented in each chain in the basis;
  
  assembling into a template a first subset of the state vectors including at least first and second vectors in the topological vector space, the topological vector space including at least one state vector not in the template;
  
  assigning a policy to the computer network;
  
  monitoring a portion of a content stream on the computer network to construct an impact summary, the impact summary including a second subset of the state vectors including at least third and fourth vectors in the topological vector space;
  
  extrapolating how close the entire content stream is to the template using the impact summary and the template; and
  
  enforcing the policy when the impact summary is within a threshold distance of the template.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1, wherein assigning a policy includes assigning a policy to limit bandwidth on the computer network for content in the content stream within the threshold distance of the template.
  - 3. A method according to claim 1, wherein assigning a policy includes assigning a policy to limit access to a document on the computer network within the threshold distance of the template.
  - 4. A method according to claim 1, wherein monitoring a portion of a content stream includes monitoring metadata of the content stream.
  - 5. A method according to claim 1, wherein enforcing the policy includes:
    - measuring a distance between the impact summary and the template; and
      
      enforcing the policy if the distance is less than the threshold distance.
  - 6. A method according to claim 5, wherein measuring a distance includes using a Hausdorff distance function to measure the distance between the impact summary and the template.
  - 7. A method according to claim 1, wherein enforcing the policy includes:
    - measuring a distance between the template including the first and second vectors, and the impact summary including the third and fourth vectors; and
      
      enforcing the policy if the distance is less than the threshold distance.

8. A computer-readable medium containing a program operable on a computer to enforce policy over a computer network, the program comprising:
- selection software to select a dictionary, the dictionary including a plurality of concepts organized as a directed set, exactly one concept identified as a maximal element, and for each concept in the directed set, at least one chain connecting the maximal element to the concept;
  
  selection software to select a set of chains to form a basis spanning a topological vector space;
  
  selection software to select at least one concept in the dictionary;
  
  creation software to create a state vector in the topological vector space for each of the selected concepts, wherein each state vector includes as its components measures of how concretely the concept is represented in each chain in the basis;
  
  definition software to define a template, the template including a first subset of state vectors including at least first and second vectors in the topological vector space, the topological vector space including at least one state vector not in the template;
  
  assignment software to assign a policy to the computer network;
  
  monitoring software to monitor a portion of a content stream on the computer network to construct an impact summary including a second subset of the state vectors including at least third and fourth vectors in the topological vector space;
  
  extrapolation software to extrapolate how close the entire content stream is to the template from the portion of the content stream using the impact summary and the template; and
  
  enforcement software to enforce the policy when the impact summary is within a threshold distance of the template.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A program according to claim 8, wherein the assignment software includes assignment software to assign a policy to limit bandwidth on the computer network for content in the content stream within the threshold distance of the template.
  - 10. A program according to claim 8, wherein the assignment software includes assignment software to assign a policy to limit access to a document on the computer network within the threshold distance of the template.
  - 11. A program according to claim 8, wherein the monitoring software includes monitoring software to monitor metadata of the content stream.
  - 12. A program according to claim 8, wherein the enforcement software includes:
    - measurement software to measure a distance between the impact summary and the template; and
      
      enforcement software to enforce the policy if the distance is less than the threshold distance.
  - 13. A program according to claim 12, wherein the measurement software includes measurement software to use a Hausdorff distance function to measure the distance between the impact summary and the template.
  - 14. A program according to claim 8, wherein the enforcement software includes:
    - measurement software to measure a distance between the template including the first and second vectors, and the impact summary including the third and fourth vectors; and
      
      enforcement software to enforce the policy if the distance is less than the threshold distance.

15. An apparatus for enforcing policy over a computer network, the apparatus comprising:
- a computer;
  
  a directed set stored in the computer including a plurality of concepts, exactly one concept identified as a maximal element, and for each concept in the directed set, at least one chain extending from the maximal element to the concept;
  
  a basis spanning a topological vector space including a subset of the plurality of chains;
  
  for at least one concept in the directed set, a state vector in the topological vector space, wherein each state vector includes at least one measure of how concretely the concept is represented in each chain in the basis;
  
  a template stored in the computer, the template including a first subset of the state vectors including at least first and second vectors in the topological vector space, the topological vector space including at least one state vector not in the template;
  
  a policy associated with the template;
  
  a monitor installed in the computer adapted to monitor a portion of a content stream in the computer network to construct an impact summary, the impact summary including a second subset of the state vectors including third and fourth vectors in the topological vector space;
  
  a means for extrapolating how close the entire content stream is to the template using the impact summary and the template; and
  
  a policy enforcer adapted to enforce the policy when the monitor determines the impact summary to be within a threshold distance of the template.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. An apparatus according to claim 15, wherein the monitor is adapted to monitor metadata about the content stream.
  - 17. An apparatus according to claim 16, wherein the metadata about the portion of the content stream includes a percentage of the network dedicated to the portion of the content stream.
  - 18. An apparatus according to claim 15, wherein:
    - the policy enforcer includes a distance measurer to measure a distance between the impact summary and the template; and
      
      the policy enforcer is adapted to enforce the policy if the distance is less than the threshold distance.
  - 19. An apparatus according to claim 18, wherein the distance measurer includes a Hausdorff distance measurer to use a Hausdorff distance function to measure the distance between the impact summary and the template.
  - 20. An apparatus according to claim 15, wherein:
    - the policy enforcer includes a distance measurer to measure a distance between the template including the first and second vectors, and the impact summary including the third and fourth vectors; and
      
      the policy enforcer is adapted to enforce the policy if the distance is less than the threshold distance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Carter, Stephen R., Jensen, Delos C.
Primary Examiner(s)
Pwu; Jeffrey
Assistant Examiner(s)
Lezak; Arrienne M.

Application Number

US09/654,660
Time in Patent Office

2,352 Days
Field of Search

709201-253, 707 1- 10, 707100-1041, 707200-206, 704 1- 10, 706 45- 61
US Class Current

709/223
CPC Class Codes

H04L 41/022   Multivendor or multi-standa...

H04L 43/022   by sampling

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99935   Query augmenting and refini...

Policy enforcement using the semantic characterization of traffic

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy enforcement using the semantic characterization of traffic

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links