×

Method and apparatus for policy management in a network device

  • US 7,447,755 B1
  • Filed: 03/18/2002
  • Issued: 11/04/2008
  • Est. Priority Date: 03/18/2002
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method, comprising:

  • in response to receipt of a request from a client to open a connection between the client and a network device at which the request is received, a transactor of the network device opening a session for the connection and adding one or more transactions to the session, each of said transactions for accumulating information during processing of the connection;

    associating, at the network device, a first policy ticket with the session for the duration of the connection, the first policy ticket including a first version of policy rules relating to processing of network connections that can be referred to throughout the processing of the connection, and, upon encountering a first communication flow checkpoint in processing of the connection, determining, by consulting the first policy ticket, whether the connection should be granted or denied;

    if the connection is denied, then closing the session and the connection;

    otherwise if the connection is granted, then;

    issuing one or more second policy tickets, each associated with a respective one of the transactions, the second policy tickets each containing policy rules applicable to respective ones of the transactions;

    at the network device, responding to the request by evaluating each of the transactions and die respective second policy tickets at one or more communication protocol-defined checkpoints and, following evaluation at each respective checkpoint, the transactor examining and executing actions written onto the respective one of the second policy tickets so that, depending on said actions, each respective transaction is subsequently processed at zero or more further ones of the checkpoints according to respective evaluations of the respective transaction and respective second policy ticket properties, including decisions rendered at previously evaluated ones of the checkpoints, until such time as the respective evaluations determine either that (i) die respective transaction should be denied continuance, and, if so, the transactor issuing a denial response to the client;

    or (ii) the respective transaction processing is complete;

    as each subject transaction finishes its respective processing, determining whether policy rules applicable to the subject transaction have been superseded by more current versions thereof and, if so, replacing the applicable policy rules with the more current versions thereof; and

    closing the connection and the session once all transactions associated with the connection are complete.

View all claims
  • 12 Assignments
Timeline View
Assignment View
    ×
    ×