System and method for dynamic network policy management
First Claim
1. A method of controlling the usage by an attached function of network services associated with a network system that includes the attached function, one or more other attached functions and one or more network infrastructure devices, the method comprising the steps of:
- a. acquiring information about an attached function seeking access to the network services;
b. associating a level of trust with the information about the attached function;
c. granting to the attached function preliminary entry to the network system based upon the information acquired;
d. determining whether a stored policy history exists for the attached function;
e. if the stored policy history exists for the attached function, establishing in a network entry device or a central switching device of the network infrastructure connected to the attached function one or more static and dynamic policies for the attached function for network services usage based upon the stored policy history;
f. if no stored policy history exists for the attached function, establishing for the attached function one or more static and dynamic policies for network services usage;
g. monitoring the network system for triggers including triggers unrelated to the information acquired about the attached function;
h. modifying in the network entry device or the central switching device one or more static and dynamic policies for the attached function upon the detection of one or more of the monitored triggers wherein the decision whether to modify is made at the network entry device or the central switching device; and
i. saving set and modified policies associated with the attached function as the stored policy history for the attached function,wherein the attached function is connected directly to the network entry device or the central switching device and wherein a portion of the saved set and modified policies are stored on the network entry device or the central switch device to which the attached function is directly connected and a remainder of the saved set and modified policies are stored on another network infrastructure device to which the attached function is not directly connected.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method that provides dynamic network policy management. The system enables a network administrator to regulate usage of network services upon initiation of and throughout network sessions. The system employs a method of identifying selectable characteristics of attached functions to establish static and dynamic policies, which policies may be amended before, during and after any session throughout the network based on the monitored detection of any of a number of specified triggering events or activities. Particular policies associated with a particular identified attached function in prior sessions may be cached or saved and employed in subsequent sessions to provide network usage permissions more rapidly in such subsequent sessions. The cached or saved policy information may also be used to identify network usage, control, and security. The system and method of the present invention provides static and dynamic policy allocation for network usage provisioning.
266 Citations
15 Claims
-
1. A method of controlling the usage by an attached function of network services associated with a network system that includes the attached function, one or more other attached functions and one or more network infrastructure devices, the method comprising the steps of:
-
a. acquiring information about an attached function seeking access to the network services; b. associating a level of trust with the information about the attached function; c. granting to the attached function preliminary entry to the network system based upon the information acquired; d. determining whether a stored policy history exists for the attached function; e. if the stored policy history exists for the attached function, establishing in a network entry device or a central switching device of the network infrastructure connected to the attached function one or more static and dynamic policies for the attached function for network services usage based upon the stored policy history; f. if no stored policy history exists for the attached function, establishing for the attached function one or more static and dynamic policies for network services usage; g. monitoring the network system for triggers including triggers unrelated to the information acquired about the attached function; h. modifying in the network entry device or the central switching device one or more static and dynamic policies for the attached function upon the detection of one or more of the monitored triggers wherein the decision whether to modify is made at the network entry device or the central switching device; and i. saving set and modified policies associated with the attached function as the stored policy history for the attached function, wherein the attached function is connected directly to the network entry device or the central switching device and wherein a portion of the saved set and modified policies are stored on the network entry device or the central switch device to which the attached function is directly connected and a remainder of the saved set and modified policies are stored on another network infrastructure device to which the attached function is not directly connected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of controlling the usage by an attached function of network services associated with a network system that includes the attached function, one or more other attached functions and one or more network infrastructure devices, the method comprising the steps of:
-
a. acquiring information about an attached function seeking access to the network services; b. granting to the attached function preliminary entry to the network system based upon the information acquired; c. establishing in a network entry device or central switching device of the one or more network infrastructure devices connected to the attached function one or more static and dynamic policies for the attached function for network services usage; d. monitoring the network system for triggers including triggers unrelated to the information acquired about the attached function; e. modifying in the network entry device or the central switching device one or more of the static and dynamic policies for the attached function upon the detection of one or more of the monitored triggers, wherein the decision whether to modify is made at the network entry device or the central switching device; f. saving set and modified policies associated with the attached function as a stored policy history for the attached function, wherein the attached function is directly connected to the network entry device or the central switching device and wherein a portion of the saved set and modified policies are stored on the network entry device or the central switching device to which the attached function is directly connected and a remainder of the saved set and modified policies are stored on another network infrastructure device to which the attached function is not directly connected; and g. establishing rules of hierarchy for saved set and modified policies. - View Dependent Claims (13, 14, 15)
-
Specification