Method for managing network filter based policies

US 7,409,707 B2
Filed: 06/06/2003
Issued: 08/05/2008
Est. Priority Date: 06/06/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of adding a new filter defining a portion of a network policy into a set of installed filters in a framework including a set of active filters and a set of disabled filters, the new filter and each filter in the set of installed filters including a set of filter conditions and a priority class comprising:

determining whether at least one installed filter in the set of the installed filters conflicts with the new filter; and

if the at least one installed filter in the set of the installed filters conflicts with the new filter;

identifying whether the priority class of the new filter is lower than the priority class of the at least one installed filter, wherein the priority class is a function of identity of a user or a process responsible for adding the new filter;

if the priority class of the new filter is lower than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of disabled filters; and

if the priority class of the new filter is higher than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of active filters.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are provided for adding, removing, and managing a plurality of network policy filters in a network device. Filters are installed in a framework and designated as active or disabled. Each filter has a priority. When a new filter is to be installed into the framework, it is compared to installed filters to determine if a conflict exists. If no conflict exists, the new filter is added as an active filter. If a conflict exists, a higher priority conflicting filter is added as active and a lower priority filter is added as inactive.

94 Citations

View as Search Results

13 Claims

1. A method of adding a new filter defining a portion of a network policy into a set of installed filters in a framework including a set of active filters and a set of disabled filters, the new filter and each filter in the set of installed filters including a set of filter conditions and a priority class comprising:
- determining whether at least one installed filter in the set of the installed filters conflicts with the new filter; and
  
  if the at least one installed filter in the set of the installed filters conflicts with the new filter;
  
  identifying whether the priority class of the new filter is lower than the priority class of the at least one installed filter, wherein the priority class is a function of identity of a user or a process responsible for adding the new filter;
  
  if the priority class of the new filter is lower than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of disabled filters; and
  
  if the priority class of the new filter is higher than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of active filters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the set of active filters are identified in an active filter list and the set of disabled filters are identified in a disabled filter list.
  - 3. The method of claim 1, further comprising:
    - identifying the at least one installed filter as one of the set of disabled filter list.
  - 4. The method of claim 1, wherein the new filter and each of filters in the set of installed filters include a weight value, further comprising:
    - calculating the weight value of the new filter by applying a scaling factor to each of the filter conditions resulting in a set of scaled filter conditions and including the scaled filter conditions in the weight value.
  - 5. The method of claim 4, whereby the step of determining that the at least one installed filter in the set of the installed filters conflicts with the new filter comprises:
    - retrieving a set of potential at-odds filters from the set of installed filters with a matching set of filter conditions and a set of contradictory actions;
      
      identifying a set of actual at-odds filters based on a comparison of the priority class and the weight value of the potential at-odds filters and the priority class and the weight value of the new filter.
  - 6. The method of claim 5, wherein the priority class of the new filter is higher than the priority class of at least one of the set of actual at-odds filters and the weight of the new filter is lower than the weight of the at least one of the set of actual at odds filters.
  - 7. The method of claim 5, wherein the priority class of the new filter is lower than the priority class of at least one of the set of actual at-odds filters and the weight of the new filter is higher than the weight of the at least one of the set of actual at-odds filters.
  - 8. The method of claim 1, further comprising, if the priority class of the new filter is higher than the priority class of the at least one installed filter, moving the at least one installed filter into the set of disabled filters.

9. A computer storage medium encoded with computer-readable instructions for performing acts of adding a new filter defining a portion of a network policy into a set of installed filters in a framework including an active filter list and a disabled filter list, the new filter and each filter in the set of installed filters including a set of filter conditions and a priority class, the acts comprising:
- determining whether at least one installed filter in the set of the installed filters conflicts with the new filter; and
  
  if the at least one installed filter in the set of the installed filters conflicts with the new filter;
  
  identifying whether the priority class of the new filter is lower than the priority class of the at least one installed filter, wherein the priority class is a function of identity of a user or a process responsible for adding the new filter;
  
  if the priority class of the new filter is lower than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of disabled filters; and
  
  if the priority class of the new filter is higher than the priority class of the at least one installed filter, adding the new filter into the set of installed filters as one of the set of active filters.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computer storage medium of claim 9, wherein the acts further comprise:
    - adding the at least one installed filter to the disabled filter list.
  - 11. The computer storage medium of claim 9, wherein the new filter and each of the filters in the set of installed filters include a weight value, further comprising:
    - calculating the weight value by applying a scaling factor to each of the filter conditions resulting in a set of scaled filter conditions and including the scaled filter conditions in the weight value.
  - 12. The computer storage medium of claim 11, wherein the acts further comprise the step of determining that the at least one installed filter in the set of the installed filters conflicts with the new filter comprises:
    - retrieving a set of potential at-odds filters from the set of installed filters with a matching set of filter conditions and a set of contradictory actions;
      
      identifying a set of actual at-odds filters based on a comparison of the priority class and the weight value of the potential at odds filters and the priority class and the weight value of the new filter.
  - 13. The computer storage medium of claim 9, wherein the acts further comprise, if the priority class of the new filter is higher than the priority class of the at least one installed filter, moving the at least one installed filter into the set of disabled filters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Swander, Brian D., Mayfield, Paul G., Chhabra, Avnish Kumar
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Teslovich; Tamara

Application Number

US10/456,433
Publication Number

US 20040250131A1
Time in Patent Office

1,887 Days
Field of Search

709/221, 709/240, 726 11- 14
US Class Current

726/13
CPC Class Codes

H04L 63/0263 Rule management

Method for managing network filter based policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for managing network filter based policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links